1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd November 21, 2021 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _user 196.Pq Vt str 197Run the service under this user account. 198.It Ao Ar name Ac Ns Va _group 199.Pq Vt str 200Run the chrooted service under this system group. 201Unlike the _user 202setting, this setting has no effect if the service is not chrooted. 203.It Ao Ar name Ac Ns Va _fib 204.Pq Vt int 205The 206.Xr setfib 1 207value to run the service under. 208.It Ao Ar name Ac Ns Va _nice 209.Pq Vt int 210The 211.Xr nice 1 212value to run the service under. 213.It Va apm_enable 214.Pq Vt bool 215If set to 216.Dq Li YES , 217enable support for Automatic Power Management with 218the 219.Xr apm 8 220command. 221.It Va apmd_enable 222.Pq Vt bool 223Run 224.Xr apmd 8 225to handle APM event from userland. 226This also enables support for APM. 227.It Va apmd_flags 228.Pq Vt str 229If 230.Va apmd_enable 231is set to 232.Dq Li YES , 233these are the flags to pass to the 234.Xr apmd 8 235daemon. 236.It Va devd_enable 237.Pq Vt bool 238Run 239.Xr devd 8 240to handle device added, removed or unknown events from the kernel. 241.It Va ddb_enable 242.Pq Vt bool 243Run 244.Xr ddb 8 245to install 246.Xr ddb 4 247scripts at boot time. 248.It Va ddb_config 249.Pq Vt str 250Configuration file for 251.Xr ddb 8 . 252Default 253.Pa /etc/ddb.conf . 254.It Va devmatch_enable 255.Pq Vt bool 256If set to 257.Dq Li NO , 258disable auto-loading of kernel modules with 259.Xr devmatch 8 . 260.It Va devmatch_blocklist 261.Pq Vt str 262A whitespace-separated list of kernel modules to be ignored by 263.Xr devmatch 8 . 264In addition, the 265.Xr kenv 1 266.Va devmatch_blocklist 267is appended to this variable to allow disabling of 268.Xr devmatch 8 269loaded modules from the boot loader. 270.It Va devmatch_blacklist 271.Pq Vt str 272This variable is deprecated. 273Use 274.Va devmatch_blocklist 275instead. 276A whitespace-separated list of kernel modules to be ignored by 277.Xr devmatch 8 . 278.It Va kld_list 279.Pq Vt str 280A whitespace-separated list of kernel modules to load right after 281the local disks are mounted, without any 282.Pa .ko 283extension or path. 284Loading modules at this point in the boot process is 285much faster than doing it via 286.Pa /boot/loader.conf 287for those modules not necessary for mounting local disks. 288.It Va kldxref_enable 289.Pq Vt bool 290Set to 291.Dq Li NO 292by default. 293Set to 294.Dq Li YES 295to automatically rebuild 296.Pa linker.hints 297files with 298.Xr kldxref 8 299at boot time. 300.It Va kldxref_clobber 301.Pq Vt bool 302Set to 303.Dq Li NO 304by default. 305If 306.Va kldxref_enable 307is true, 308setting to 309.Dq Li YES 310will overwrite existing 311.Pa linker.hints 312files at boot time. 313Otherwise, 314only missing 315.Pa linker.hints 316files are generated. 317.It Va kldxref_module_path 318.Pq Vt str 319Empty by default. 320A semi-colon 321.Pq Ql \&; 322delimited list of paths containing 323.Xr kld 4 324modules. 325If empty, 326the contents of the 327.Va kern.module_path 328.Xr sysctl 8 329are used. 330.It Va powerd_enable 331.Pq Vt bool 332If set to 333.Dq Li YES , 334enable the system power control facility with the 335.Xr powerd 8 336daemon. 337.It Va powerd_flags 338.Pq Vt str 339If 340.Va powerd_enable 341is set to 342.Dq Li YES , 343these are the flags to pass to the 344.Xr powerd 8 345daemon. 346.It Va tmpmfs 347Controls the creation of a 348.Pa /tmp 349memory file system. 350Always happens if set to 351.Dq Li YES 352and never happens if set to 353.Dq Li NO . 354If set to anything else, a memory file system is created if 355.Pa /tmp 356is not writable. 357.It Va tmpsize 358Controls the size of a created 359.Pa /tmp 360memory file system. 361.It Va tmpmfs_flags 362Extra options passed to the 363.Xr mdmfs 8 364utility when the memory file system for 365.Pa /tmp 366is created. 367The default is 368.Dq Li "-S" , 369which inhibits the use of softupdates on 370.Pa /tmp 371so that file system space is freed without delay 372after file truncation or deletion. 373See 374.Xr mdmfs 8 375for other options you can use in 376.Va tmpmfs_flags . 377.It Va varmfs 378Controls the creation of a 379.Pa /var 380memory file system. 381Always happens if set to 382.Dq Li YES 383and never happens if set to 384.Dq Li NO . 385If set to anything else, a memory file system is created if 386.Pa /var 387is not writable. 388.It Va varsize 389Controls the size of a created 390.Pa /var 391memory file system. 392.It Va varmfs_flags 393Extra options passed to the 394.Xr mdmfs 8 395utility when the memory file system for 396.Pa /var 397is created. 398The default is 399.Dq Li "-S" , 400which inhibits the use of softupdates on 401.Pa /var 402so that file system space is freed without delay 403after file truncation or deletion. 404See 405.Xr mdmfs 8 406for other options you can use in 407.Va varmfs_flags . 408.It Va populate_var 409Controls the automatic population of the 410.Pa /var 411file system. 412Always happens if set to 413.Dq Li YES 414and never happens if set to 415.Dq Li NO . 416If set to anything else, a memory file system is created if 417.Pa /var 418is not writable. 419Note that this process requires access to certain commands in 420.Pa /usr 421before 422.Pa /usr 423is mounted on normal systems. 424.It Va cleanvar_enable 425.Pq Vt bool 426Clean the 427.Pa /var 428directory. 429.It Va local_startup 430.Pq Vt str 431List of directories to search for startup script files. 432.It Va script_name_sep 433.Pq Vt str 434The field separator to use for breaking down the list of startup script files 435into individual filenames. 436The default is a space. 437It is not necessary to change this unless there are startup scripts with names 438containing spaces. 439.It Va hostapd_enable 440.Pq Vt bool 441Set to 442.Dq Li YES 443to start 444.Xr hostapd 8 445at system boot time. 446.It Va hostname 447.Pq Vt str 448The fully qualified domain name (FQDN) of this host on the network. 449This should almost certainly be set to something meaningful, even if 450there is no network connection. 451If 452.Xr dhclient 8 453is used to set the hostname via DHCP, 454this variable should be set to an empty string. 455Within a 456.Xr jail 8 457the hostname is generally already set and this variable may be absent. 458If this value remains unset when the system is done booting 459your console login will display the default hostname of 460.Dq Amnesiac . 461.It Va nisdomainname 462.Pq Vt str 463The NIS domain name of this host, or 464.Dq Li NO 465if NIS is not used. 466.It Va dhclient_program 467.Pq Vt str 468Path to the DHCP client program 469.Pa ( /sbin/dhclient , 470the 471.Ox 472DHCP client, 473is the default). 474.It Va dhclient_flags 475.Pq Vt str 476Additional flags to pass to the DHCP client program. 477For the 478.Ox 479DHCP client, see the 480.Xr dhclient 8 481manpage for a description of the command line options available. 482.It Va dhclient_flags_ Ns Aq Ar iface 483Additional flags to pass to the DHCP client program running on 484.Ar iface 485only. 486When specified, this variable overrides 487.Va dhclient_flags . 488.It Va background_dhclient 489.Pq Vt bool 490Set to 491.Dq Li YES 492to start the DHCP client in background. 493This can cause trouble with applications depending on 494a working network, but it will provide a faster startup 495in many cases. 496.It Va background_dhclient_ Ns Aq Ar iface 497When specified, this variable overrides the 498.Va background_dhclient 499variable for interface 500.Ar iface 501only. 502.It Va synchronous_dhclient 503.Pq Vt bool 504Set to 505.Dq Li YES 506to start 507.Xr dhclient 8 508synchronously at startup. 509This behavior can be overridden on a per-interface basis by replacing 510the 511.Dq Li DHCP 512keyword in the 513.Va ifconfig_ Ns Aq Ar interface 514variable with 515.Dq Li SYNCDHCP 516or 517.Dq Li NOSYNCDHCP . 518.It Va defaultroute_delay 519.Pq Vt int 520When set to a positive value, wait up to this long after configuring 521DHCP interfaces at startup to give the interfaces time to receive a lease. 522.It Va firewall_enable 523.Pq Vt bool 524Set to 525.Dq Li YES 526to load firewall rules at startup. 527If the kernel was not built with 528.Cd "options IPFIREWALL" , 529the 530.Pa ipfw.ko 531kernel module will be loaded. 532See also 533.Va ipfilter_enable . 534.It Va firewall_script 535.Pq Vt str 536This variable specifies the full path to the firewall script to run. 537The default is 538.Pa /etc/rc.firewall . 539.It Va firewall_type 540.Pq Vt str 541Names the firewall type from the selection in 542.Pa /etc/rc.firewall , 543or the file which contains the local firewall ruleset. 544Valid selections from 545.Pa /etc/rc.firewall 546are: 547.Pp 548.Bl -tag -width ".Li workstation" -compact 549.It Li open 550unrestricted IP access 551.It Li closed 552all IP services disabled, except via 553.Dq Li lo0 554.It Li client 555basic protection for a workstation 556.It Li workstation 557basic protection for a workstation using stateful firewalling 558.It Li simple 559basic protection for a LAN. 560.El 561.Pp 562If a filename is specified, the full path 563must be given. 564.Pp 565Most of the predefined rulesets define additional configuration variables. 566These are documented in 567.Pa /etc/rc.firewall . 568.It Va firewall_quiet 569.Pq Vt bool 570Set to 571.Dq Li YES 572to disable the display of firewall rules on the console during boot. 573.It Va firewall_logging 574.Pq Vt bool 575Set to 576.Dq Li YES 577to enable firewall event logging. 578This is equivalent to the 579.Dv IPFIREWALL_VERBOSE 580kernel option. 581.It Va firewall_logif 582.Pq Vt bool 583Set to 584.Dq Li YES 585to create pseudo interface 586.Li ipfw0 587for logging. 588For more details, see 589.Xr ipfw 8 590manual page. 591.It Va firewall_flags 592.Pq Vt str 593Flags passed to 594.Xr ipfw 8 595if 596.Va firewall_type 597specifies a filename. 598.It Va firewall_coscripts 599.Pq Vt str 600List of executables and/or rc scripts to run after firewall starts/stops. 601Default is empty. 602.\" ----- firewall_nat_enable setting -------------------------------- 603.It Va firewall_nat_enable 604.Pq Vt bool 605The 606.Xr ipfw 8 607equivalent of 608.Va natd_enable . 609Setting this to 610.Dq Li YES 611will automatically load the 612.Xr ipfw 8 613NAT kernel module if 614.Va firewall_enable 615is also set to 616.Dq Li YES . 617.It Va firewall_nat_interface 618.Pq Vt str 619The 620.Xr ipfw 8 621equivalent of 622.Va natd_interface . 623This is the name of the public interface or IP address on which 624kernel NAT should run. 625.It Va firewall_nat_flags 626.Pq Vt str 627Additional configuration parameters for kernel NAT should be placed here. 628.It Va firewall_nat64_enable 629.Pq Vt bool 630Setting this to 631.Dq Li YES 632will automatically load the 633.Xr ipfw 8 634NAT64 kernel module if 635.Va firewall_enable 636is also set to 637.Dq Li YES . 638.It Va firewall_nptv6_enable 639.Pq Vt bool 640Setting this to 641.Dq Li YES 642will automatically load the 643.Xr ipfw 8 644NPTv6 kernel module if 645.Va firewall_enable 646is also set to 647.Dq Li YES . 648.It Va firewall_pmod_enable 649.Pq Vt bool 650Setting this to 651.Dq Li YES 652will automatically load the 653.Xr ipfw 8 654pmod kernel module if 655.Va firewall_enable 656is also set to 657.Dq Li YES . 658.It Va dummynet_enable 659.Pq Vt bool 660Setting this to 661.Dq Li YES 662will automatically load the 663.Xr dummynet 4 664module if 665.Va firewall_enable 666is also set to 667.Dq Li YES . 668.\" ------------------------------------------------------------------- 669.It Va ipfw_netflow_enable 670.Pq Vt bool 671Setting this to 672.Dq Li YES 673will enable netflow logging via 674.Xr ng_netflow 4 675.Pp 676By default a ipfw rule is inserted and all packets are duplicated with 677the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 678port using protocol version 5. 679.It Va ipfw_netflow_hook 680.Pq Vt int 681netflow hook name, must be numerical 682(default 683.Pa 9995 ) . 684.It Va ipfw_netflow_rule 685.Pq Vt int 686ipfw rule number 687(default 688.Pa 1000 ) . 689.It Va ipfw_netflow_ip 690.Pq Vt str 691Destination server ip for receiving netflow data 692(default 693.Pa 127.0.0.1 ) . 694.It Va ipfw_netflow_port 695.Pq Vt int 696Destination server port for receiving netflow data 697(default 698.Pa 9995 ) . 699.It Va ipfw_netflow_version 700.Pq Vt int 701Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 702.It Va ipfw_netflow_fib 703.Pq Vt int 704Only match packet in FIB 705.Pa ipfw_netflow_fib 706(default is undefined meaning all FIBs). 707.It Va natd_program 708.Pq Vt str 709Path to 710.Xr natd 8 . 711.It Va natd_enable 712.Pq Vt bool 713Set to 714.Dq Li YES 715to enable 716.Xr natd 8 . 717.Va firewall_enable 718must also be set to 719.Dq Li YES , 720and 721.Xr divert 4 722sockets must be enabled in the kernel. 723If the kernel was not built with 724.Cd "options IPDIVERT" , 725the 726.Pa ipdivert.ko 727kernel module will be loaded. 728.It Va natd_interface 729.Pq Vt str 730This is the name of the public interface on which 731.Xr natd 8 732should run. 733The interface may be given as an interface name or as an IP address. 734.It Va natd_flags 735.Pq Vt str 736Additional 737.Xr natd 8 738flags should be placed here. 739The 740.Fl n 741or 742.Fl a 743flag is automatically added with the above 744.Va natd_interface 745as an argument. 746.\" ----- ipfilter_enable setting -------------------------------- 747.It Va ipfilter_enable 748.Pq Vt bool 749Set to 750.Dq Li NO 751by default. 752Setting this to 753.Dq Li YES 754enables 755.Xr ipf 8 756packet filtering. 757.Pp 758Typical usage will require putting 759.Bd -literal 760ipfilter_enable="YES" 761ipnat_enable="YES" 762ipmon_enable="YES" 763ipfs_enable="YES" 764.Ed 765.Pp 766into 767.Pa /etc/rc.conf 768and editing 769.Pa /etc/ipf.rules 770and 771.Pa /etc/ipnat.rules 772appropriately. 773.Pp 774Note that 775.Va ipfilter_enable 776and 777.Va ipnat_enable 778can be enabled independently. 779.Va ipmon_enable 780and 781.Va ipfs_enable 782both require at least one of 783.Va ipfilter_enable 784and 785.Va ipnat_enable 786to be enabled. 787.Pp 788Having 789.Bd -literal 790options IPFILTER 791options IPFILTER_LOG 792options IPFILTER_DEFAULT_BLOCK 793.Ed 794.Pp 795in the kernel configuration file is a good idea, too. 796.\" ----- ipfilter_program setting ------------------------------ 797.It Va ipfilter_program 798.Pq Vt str 799Path to 800.Xr ipf 8 801(default 802.Pa /sbin/ipf ) . 803.\" ----- ipfilter_rules setting -------------------------------- 804.It Va ipfilter_rules 805.Pq Vt str 806Set to 807.Pa /etc/ipf.rules 808by default. 809This variable contains the name of the filter rule definition file. 810The file is expected to be readable for the 811.Xr ipf 8 812command to execute. 813.\" ----- ipfilter_flags setting -------------------------------- 814.It Va ipfilter_flags 815.Pq Vt str 816Empty by default. 817This variable contains flags passed to the 818.Xr ipf 8 819program. 820.\" ----- ipnat_enable setting ---------------------------------- 821.It Va ipnat_enable 822.Pq Vt bool 823Set to 824.Dq Li NO 825by default. 826Set it to 827.Dq Li YES 828to enable 829.Xr ipnat 8 830network address translation. 831See 832.Va ipfilter_enable 833for a detailed discussion. 834.\" ----- ipnat_program setting --------------------------------- 835.It Va ipnat_program 836.Pq Vt str 837Path to 838.Xr ipnat 8 839(default 840.Pa /sbin/ipnat ) . 841.\" ----- ipnat_rules setting ----------------------------------- 842.It Va ipnat_rules 843.Pq Vt str 844Set to 845.Pa /etc/ipnat.rules 846by default. 847This variable contains the name of the file 848holding the network address translation definition. 849This file is expected to be readable for the 850.Xr ipnat 8 851command to execute. 852.\" ----- ipnat_flags setting ----------------------------------- 853.It Va ipnat_flags 854.Pq Vt str 855Empty by default. 856This variable contains flags passed to the 857.Xr ipnat 8 858program. 859.\" ----- ipmon_enable setting ---------------------------------- 860.It Va ipmon_enable 861.Pq Vt bool 862Set to 863.Dq Li NO 864by default. 865Set it to 866.Dq Li YES 867to enable 868.Xr ipmon 8 869monitoring (logging 870.Xr ipf 8 871and 872.Xr ipnat 8 873events). 874Setting this variable needs setting 875.Va ipfilter_enable 876or 877.Va ipnat_enable 878too. 879See 880.Va ipfilter_enable 881for a detailed discussion. 882.\" ----- ipmon_program setting --------------------------------- 883.It Va ipmon_program 884.Pq Vt str 885Path to 886.Xr ipmon 8 887(default 888.Pa /sbin/ipmon ) . 889.\" ----- ipmon_flags setting ----------------------------------- 890.It Va ipmon_flags 891.Pq Vt str 892Set to 893.Dq Li -Ds 894by default. 895This variable contains flags passed to the 896.Xr ipmon 8 897program. 898Another typical example would be 899.Dq Fl D Pa /var/log/ipflog 900to have 901.Xr ipmon 8 902log directly to a file bypassing 903.Xr syslogd 8 . 904Make sure to adjust 905.Pa /etc/newsyslog.conf 906in such case like this: 907.Bd -literal 908/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 909.Ed 910.\" ----- ipfs_enable setting ----------------------------------- 911.It Va ipfs_enable 912.Pq Vt bool 913Set to 914.Dq Li NO 915by default. 916Set it to 917.Dq Li YES 918to enable 919.Xr ipfs 8 920saving the filter and NAT state tables during shutdown 921and reloading them during startup again. 922Setting this variable needs setting 923.Va ipfilter_enable 924or 925.Va ipnat_enable 926to 927.Dq Li YES 928too. 929See 930.Va ipfilter_enable 931for a detailed discussion. 932Note that if 933.Va kern_securelevel 934is set to 3, 935.Va ipfs_enable 936cannot be used 937because the raised securelevel will prevent 938.Xr ipfs 8 939from saving the state tables at shutdown time. 940.\" ----- ipfs_program setting ---------------------------------- 941.It Va ipfs_program 942.Pq Vt str 943Path to 944.Xr ipfs 8 945(default 946.Pa /sbin/ipfs ) . 947.\" ----- ipfs_flags setting ------------------------------------ 948.It Va ipfs_flags 949.Pq Vt str 950Empty by default. 951This variable contains flags passed to the 952.Xr ipfs 8 953program. 954.\" ----- end of added ipf hook --------------------------------- 955.It Va pf_enable 956.Pq Vt bool 957Set to 958.Dq Li NO 959by default. 960Setting this to 961.Dq Li YES 962enables 963.Xr pf 4 964packet filtering. 965.Pp 966Typical usage will require putting 967.Pp 968.Dl pf_enable="YES" 969.Pp 970into 971.Pa /etc/rc.conf 972and editing 973.Pa /etc/pf.conf 974appropriately. 975Adding 976.Pp 977.Dl "device pf" 978.Pp 979builds support for 980.Xr pf 4 981into the kernel, otherwise the 982kernel module will be loaded. 983.It Va pf_rules 984.Pq Vt str 985Path to 986.Xr pf 4 987ruleset configuration file 988(default 989.Pa /etc/pf.conf ) . 990.It Va pf_program 991.Pq Vt str 992Path to 993.Xr pfctl 8 994(default 995.Pa /sbin/pfctl ) . 996.It Va pf_flags 997.Pq Vt str 998If 999.Va pf_enable 1000is set to 1001.Dq Li YES , 1002these flags are passed to the 1003.Xr pfctl 8 1004program when loading the ruleset. 1005.It Va pf_fallback_rules_enable 1006.Pq Vt bool 1007Set to 1008.Dq Li NO 1009by default. 1010Setting this to 1011.Dq Li YES 1012enables loading 1013.Va pf_fallback_rules_file 1014or 1015.Va pf_fallback_rules 1016in case of a problem when loading the ruleset in 1017.Va pf_rules . 1018.It Va pf_fallback_rules_file 1019.Pq Vt str 1020Path to a pf ruleset to load in case of failure when loading the 1021ruleset in 1022.Va pf_rules 1023(default 1024.Pa /etc/pf-fallback.conf ) . 1025.It Va pf_fallback_rules 1026.Pq Vt str 1027A pf ruleset to load in case of failure when loading the ruleset in 1028.Va pf_rules 1029and 1030.Va pf_fallback_rules_file 1031is not found. 1032Multiple rules can be set as follows: 1033.Bd -literal 1034pf_fallback_rules="\\ 1035 block drop log all\\ 1036 pass in quick on em0" 1037.Pp 1038.Ed 1039The default fallback rule is 1040.Dq block drop log all 1041.It Va pflog_enable 1042.Pq Vt bool 1043Set to 1044.Dq Li NO 1045by default. 1046Setting this to 1047.Dq Li YES 1048enables 1049.Xr pflogd 8 1050which logs packets from the 1051.Xr pf 4 1052packet filter. 1053.It Va pflog_logfile 1054.Pq Vt str 1055If 1056.Va pflog_enable 1057is set to 1058.Dq Li YES 1059this controls where 1060.Xr pflogd 8 1061stores the logfile 1062(default 1063.Pa /var/log/pflog ) . 1064Check 1065.Pa /etc/newsyslog.conf 1066to adjust logfile rotation for this. 1067.It Va pflog_program 1068.Pq Vt str 1069Path to 1070.Xr pflogd 8 1071(default 1072.Pa /sbin/pflogd ) . 1073.It Va pflog_flags 1074.Pq Vt str 1075Empty by default. 1076This variable contains additional flags passed to the 1077.Xr pflogd 8 1078program. 1079.It Va pflog_instances 1080.Pq Vt str 1081If logging to more than one 1082.Xr pflog 4 1083interface is desired, 1084.Va pflog_instances 1085is set to the list of 1086.Xr pflogd 8 1087instances that should be started at system boot time. 1088If 1089.Va pflog_instances 1090is set, for each whitespace-separated 1091.Ar element 1092in the list, 1093.Ao Ar element Ac Ns Va _dev 1094and 1095.Ao Ar element Ac Ns Va _logfile 1096elements are assumed to exist. 1097.Ao Ar element Ac Ns Va _dev 1098must contain the 1099.Xr pflog 4 1100interface to be watched by the named 1101.Xr pflogd 8 1102instance. 1103.Ao Ar element Ac Ns Va _logfile 1104must contain the name of the logfile that will be used by the 1105.Xr pflogd 8 1106instance. 1107.It Va ftpproxy_enable 1108.Pq Vt bool 1109Set to 1110.Dq Li NO 1111by default. 1112Setting this to 1113.Dq Li YES 1114enables 1115.Xr ftp-proxy 8 1116which supports the 1117.Xr pf 4 1118packet filter in translating ftp connections. 1119.It Va ftpproxy_flags 1120.Pq Vt str 1121Empty by default. 1122This variable contains additional flags passed to the 1123.Xr ftp-proxy 8 1124program. 1125.It Va ftpproxy_instances 1126.Pq Vt str 1127Empty by default. 1128If multiple instances of 1129.Xr ftp-proxy 8 1130are desired at boot time, 1131.Va ftpproxy_instances 1132should contain a whitespace-separated list of instance names. 1133For each 1134.Ar element 1135in the list, a variable named 1136.Ao Ar element Ac Ns Va _flags 1137should be defined, containing the command-line flags to be passed to the 1138.Xr ftp-proxy 8 1139instance. 1140.It Va pfsync_enable 1141.Pq Vt bool 1142Set to 1143.Dq Li NO 1144by default. 1145Setting this to 1146.Dq Li YES 1147enables exposing 1148.Xr pf 4 1149state changes to other hosts over the network by means of 1150.Xr pfsync 4 . 1151The 1152.Va pfsync_syncdev 1153variable 1154must also be set then. 1155.It Va pfsync_syncdev 1156.Pq Vt str 1157Empty by default. 1158This variable specifies the name of the network interface 1159.Xr pfsync 4 1160should operate through. 1161It must be set accordingly if 1162.Va pfsync_enable 1163is set to 1164.Dq Li YES . 1165.It Va pfsync_syncpeer 1166.Pq Vt str 1167Empty by default. 1168This variable is optional. 1169By default, state change messages are sent out on the synchronisation 1170interface using IP multicast packets. 1171The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1172224.0.0.240. 1173When a peer address is specified using the 1174.Va pfsync_syncpeer 1175option, the peer address is used as a destination for the pfsync 1176traffic, and the traffic can then be protected using 1177.Xr ipsec 4 . 1178See the 1179.Xr pfsync 4 1180manpage for more details about using 1181.Xr ipsec 4 1182with 1183.Xr pfsync 4 1184interfaces. 1185.It Va pfsync_ifconfig 1186.Pq Vt str 1187Empty by default. 1188This variable can contain additional options to be passed to the 1189.Xr ifconfig 8 1190command used to set up 1191.Xr pfsync 4 . 1192.It Va tcp_extensions 1193.Pq Vt bool 1194Set to 1195.Dq Li YES 1196by default. 1197Setting this to 1198.Dq Li NO 1199disables certain TCP options as described by 1200.Rs 1201.%T "RFC 1323" 1202.Re 1203Setting this to 1204.Dq Li NO 1205might help remedy such problems with connections as randomly hanging 1206or other weird behavior. 1207Some network devices are known 1208to be broken with respect to these options. 1209.It Va log_in_vain 1210.Pq Vt int 1211Set to 0 by default. 1212The 1213.Xr sysctl 8 1214variables, 1215.Va net.inet.tcp.log_in_vain 1216and 1217.Va net.inet.udp.log_in_vain , 1218as described in 1219.Xr tcp 4 1220and 1221.Xr udp 4 , 1222are set to the given value. 1223.It Va tcp_keepalive 1224.Pq Vt bool 1225Set to 1226.Dq Li YES 1227by default. 1228Setting to 1229.Dq Li NO 1230will disable probing idle TCP connections to verify that the 1231peer is still up and reachable. 1232.It Va tcp_drop_synfin 1233.Pq Vt bool 1234Set to 1235.Dq Li NO 1236by default. 1237Setting to 1238.Dq Li YES 1239will cause the kernel to ignore TCP frames that have both 1240the SYN and FIN flags set. 1241This prevents OS fingerprinting, but may 1242break some legitimate applications. 1243.It Va icmp_drop_redirect 1244.Pq Vt bool 1245Set to 1246.Dq Li AUTO 1247by default. 1248This setting will be identical to 1249.Dq Li YES , 1250if a dynamicrouting daemon is enabled, because redirect processing may 1251cause performance issues for large routing tables. 1252If no such service is enabled, this setting behaves like a 1253.Dq Li NO . 1254Setting to 1255.Dq Li YES 1256will cause the kernel to ignore ICMP REDIRECT packets. 1257Setting to 1258.Dq Li NO 1259will cause the kernel to process ICMP REDIRECT packets. 1260Refer to 1261.Xr icmp 4 1262for more information. 1263.It Va icmp_log_redirect 1264.Pq Vt bool 1265Set to 1266.Dq Li NO 1267by default. 1268Setting to 1269.Dq Li YES 1270will cause the kernel to log ICMP REDIRECT packets. 1271Note that 1272the log messages are not rate-limited, so this option should only be used 1273for troubleshooting networks. 1274Refer to 1275.Xr icmp 4 1276for more information. 1277.It Va icmp_bmcastecho 1278.Pq Vt bool 1279Set to 1280.Dq Li YES 1281to respond to broadcast or multicast ICMP ping packets. 1282Refer to 1283.Xr icmp 4 1284for more information. 1285.It Va ip_portrange_first 1286.Pq Vt int 1287If not set to 1288.Dq Li NO , 1289this is the first port in the default portrange. 1290Refer to 1291.Xr ip 4 1292for more information. 1293.It Va ip_portrange_last 1294.Pq Vt int 1295If not set to 1296.Dq Li NO , 1297this is the last port in the default portrange. 1298Refer to 1299.Xr ip 4 1300for more information. 1301.It Va network_interfaces 1302.Pq Vt str 1303Set to the list of network interfaces to configure on this host or 1304.Dq Li AUTO 1305(the default) for all current interfaces. 1306Setting the 1307.Va network_interfaces 1308variable to anything other than the default is deprecated. 1309Interfaces that the administrator wishes to store configuration for, 1310but not start at boot should be configured with the 1311.Dq Li NOAUTO 1312keyword in their 1313.Va ifconfig_ Ns Aq Ar interface 1314variables as described below. 1315.Pp 1316An 1317.Va ifconfig_ Ns Aq Ar interface 1318variable is also assumed to exist for each value of 1319.Ar interface . 1320When an interface name contains any of the characters 1321.Dq Li .-/+ 1322they are translated to 1323.Dq Li _ 1324before lookup. 1325The variable can contain arguments to 1326.Xr ifconfig 8 , 1327as well as special case-insensitive keywords described below. 1328Such keywords are removed before passing the value to 1329.Xr ifconfig 8 1330while the order of the other arguments is preserved. 1331.Pp 1332It is possible to add IP alias entries using 1333.Xr ifconfig 8 1334syntax with the address family keyword such as 1335.Li inet . 1336Assuming that the interface in question was 1337.Li em0 , 1338it might look something like this: 1339.Bd -literal 1340ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1341ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1342.Ed 1343.Pp 1344It also possible to configure multiple IP addresses in Classless 1345Inter-Domain Routing 1346.Pq CIDR 1347address notation, 1348whose each address component can be a range like 1349.Li inet 192.0.2.5-23/24 1350or 1351.Li inet6 2001:db8:1-f::1/64 . 1352This notation allows address and prefix length part only, 1353not the other address modifiers. 1354Note that the maximum number of the generated addresses from a range 1355specification is limited to an integer value specified in 1356.Va netif_ipexpand_max 1357in 1358.Nm 1359because a small typo can unexpectedly generate a large number of addresses. 1360The default value is 1361.Li 2048 . 1362It can be increased by adding the following line into 1363.Nm : 1364.Bd -literal 1365netif_ipexpand_max="4096" 1366.Ed 1367.Pp 1368In the case of 1369.Li 192.0.2.5-23/24 , 1370the address 192.0.2.5 will be configured with the 1371netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1372the non-conflicting netmask /32 as explained in the 1373.Xr ifconfig 8 1374alias section. 1375Note that this special netmask handling is only for 1376.Li inet , 1377not for the other address families such as 1378.Li inet6 . 1379.Pp 1380With the interface in question being 1381.Li em0 , 1382an example could look like: 1383.Bd -literal 1384ifconfig_em0_alias2="inet 192.0.2.129/27" 1385ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1386.Ed 1387.Pp 1388and so on. 1389.Pp 1390Note that deprecated 1391.Va ipv4_addrs_ Ns Aq Ar interface 1392variable was supported for IPv4 CIDR address notation. 1393The 1394.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1395variable replaces it, though 1396.Va ipv4_addrs_ Ns Aq Ar interface 1397is still supported for backward compatibility. 1398.Pp 1399For each 1400.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1401entry with an address family keyword, 1402its contents are passed to 1403.Xr ifconfig 8 . 1404Execution stops at the first unsuccessful access, so if 1405something like this is present: 1406.Bd -literal 1407ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1408ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1409ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1410ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1411.Ed 1412.Pp 1413Then note that alias4 would 1414.Em not 1415be added since the search would 1416stop with the missing 1417.Dq Li alias3 1418entry. 1419Because of this difficult to manage behavior, 1420there is 1421.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1422variable, which has the same functionality as 1423.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1424and can have all of entries in a variable like the following: 1425.Bd -literal 1426ifconfig_em0_aliases="\\ 1427 inet 127.0.0.251 netmask 0xffffffff \\ 1428 inet 127.0.0.252 netmask 0xffffffff \\ 1429 inet 127.0.0.253 netmask 0xffffffff \\ 1430 inet 127.0.0.254 netmask 0xffffffff" 1431.Ed 1432.Pp 1433It also supports CIDR notation. 1434.Pp 1435If the 1436.Pa /etc/start_if . Ns Aq Ar interface 1437file is present, it is read and executed by the 1438.Xr sh 1 1439interpreter 1440before configuring the interface as specified in the 1441.Va ifconfig_ Ns Aq Ar interface 1442and 1443.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1444variables. 1445.Pp 1446If a 1447.Va vlans_ Ns Aq Ar interface 1448variable is set, 1449a 1450.Xr vlan 4 1451interface will be created for each item in the list with the 1452.Ar vlandev 1453argument set to 1454.Ar interface . 1455If a vlan interface's name is a number, 1456then that number is used as the vlan tag and the new vlan interface is 1457named 1458.Ar interface . Ns Ar tag . 1459Otherwise, 1460the vlan tag must be specified via a 1461.Va vlan 1462parameter in the 1463.Va create_args_ Ns Aq Ar interface 1464variable. 1465.Pp 1466To create a vlan device named 1467.Li em0.101 1468on 1469.Li em0 1470with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1471.Bd -literal 1472vlans_em0="101" 1473ifconfig_em0_101="inet 192.0.2.1/24" 1474.Ed 1475.Pp 1476To create a vlan device named 1477.Li myvlan 1478on 1479.Li em0 1480with the vlan tag 102: 1481.Bd -literal 1482vlans_em0="myvlan" 1483create_args_myvlan="vlan 102" 1484.Ed 1485.Pp 1486If a 1487.Va wlans_ Ns Aq Ar interface 1488variable is set, 1489an 1490.Xr wlan 4 1491interface will be created for each item in the list with the 1492.Ar wlandev 1493argument set to 1494.Ar interface . 1495Further wlan cloning arguments may be passed to the 1496.Xr ifconfig 8 1497.Cm create 1498command by setting the 1499.Va create_args_ Ns Aq Ar interface 1500variable. 1501One or more 1502.Xr wlan 4 1503devices must be created for each wireless devices as of 1504.Fx 8.0 . 1505Debugging flags for 1506.Xr wlan 4 1507devices as set by 1508.Xr wlandebug 8 1509may be specified with an 1510.Va wlandebug_ Ns Aq Ar interface 1511variable. 1512The contents of this variable will be passed directly to 1513.Xr wlandebug 8 . 1514.Pp 1515If the 1516.Va ifconfig_ Ns Aq Ar interface 1517contains the keyword 1518.Dq Li NOAUTO 1519then the interface will not be configured 1520at boot or by 1521.Pa /etc/pccard_ether 1522when 1523.Va network_interfaces 1524is set to 1525.Dq Li AUTO . 1526.Pp 1527It is possible to bring up an interface with DHCP by adding 1528.Dq Li DHCP 1529to the 1530.Va ifconfig_ Ns Aq Ar interface 1531variable. 1532For instance, to initialize the 1533.Li em0 1534device via DHCP, 1535it is possible to use something like: 1536.Bd -literal 1537ifconfig_em0="DHCP" 1538.Ed 1539.Pp 1540If you want to configure your wireless interface with 1541.Xr wpa_supplicant 8 1542for use with WPA, EAP/LEAP or WEP, you need to add 1543.Dq Li WPA 1544to the 1545.Va ifconfig_ Ns Aq Ar interface 1546variable. 1547.Pp 1548On the other hand, if you want to configure your wireless interface with 1549.Xr hostapd 8 , 1550you need to add 1551.Dq Li HOSTAP 1552to the 1553.Va ifconfig_ Ns Aq Ar interface 1554variable. 1555.Xr hostapd 8 1556will use the settings from 1557.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1558.Pp 1559Finally, you can add 1560.Xr ifconfig 8 1561options in this variable, in addition to the 1562.Pa /etc/start_if . Ns Aq Ar interface 1563file. 1564For instance, to configure an 1565.Xr ath 4 1566wireless device in station mode with an address obtained 1567via DHCP, using WPA authentication and 802.11b mode, it is 1568possible to use something like: 1569.Bd -literal 1570wlans_ath0="wlan0" 1571ifconfig_wlan0="DHCP WPA mode 11b" 1572.Ed 1573.Pp 1574In addition to the 1575.Va ifconfig_ Ns Aq Ar interface 1576form, a fallback variable 1577.Va ifconfig_DEFAULT 1578may be configured. 1579It will be used for all interfaces with no 1580.Va ifconfig_ Ns Aq Ar interface 1581variable. 1582This is intended to replace the no longer supported 1583.Va pccard_ifconfig 1584variable. 1585.Pp 1586It is also possible to rename an interface by doing: 1587.Bd -literal 1588ifconfig_em0_name="net0" 1589ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1590.Ed 1591.It Va ipv6_enable 1592.Pq Vt bool 1593This variable is deprecated. 1594Use 1595.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1596and 1597.Va ipv6_activate_all_interfaces 1598if necessary. 1599.Pp 1600If the variable is 1601.Dq Li YES , 1602.Dq Li inet6 accept_rtadv 1603is added to all of 1604.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1605and the 1606.Va ipv6_activate_all_interfaces 1607is defined as 1608.Dq Li YES . 1609.It Va ipv6_prefer 1610.Pq Vt bool 1611This variable is deprecated. 1612Use 1613.Va ip6addrctl_policy 1614instead. 1615.Pp 1616If the variable is 1617.Dq Li YES , 1618the default address selection policy table set by 1619.Xr ip6addrctl 8 1620will be IPv6-preferred. 1621.Pp 1622If the variable is 1623.Dq Li NO , 1624the default address selection policy table set by 1625.Xr ip6addrctl 8 1626will be IPv4-preferred. 1627.It Va ipv6_activate_all_interfaces 1628.Pq Vt bool 1629This controls initial configuration on IPv6-capable 1630interfaces with no corresponding 1631.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1632variable. 1633Note that it is not always necessary to set this variable to 1634.Dq YES 1635to use IPv6 functionality on 1636.Fx . 1637In most cases, just configuring 1638.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1639variables works. 1640.Pp 1641If the variable is 1642.Dq Li NO , 1643all interfaces which do not have a corresponding 1644.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1645variable will be marked as 1646.Dq Li IFDISABLED 1647at creation. 1648This means that all of IPv6 functionality on that interface 1649is completely disabled to enforce a security policy. 1650If the variable is set to 1651.Dq YES , 1652the flag will be cleared on all of the interfaces. 1653.Pp 1654In most cases, just defining an 1655.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1656for an IPv6-capable interface should be sufficient. 1657However, if an interface is added dynamically 1658.Pq by some tunneling protocols such as PPP, for example , 1659it is often difficult to define the variable in advance. 1660In such a case, configuring the 1661.Dq Li IFDISABLED 1662flag can be disabled by setting this variable to 1663.Dq YES . 1664.Pp 1665For more details of the 1666.Dq Li IFDISABLED 1667flag and keywords 1668.Dq Li inet6 ifdisabled , 1669see 1670.Xr ifconfig 8 . 1671.Pp 1672Default is 1673.Dq Li NO . 1674.It Va ipv6_privacy 1675.Pq Vt bool 1676If the variable is 1677.Dq Li YES 1678privacy addresses will be generated for each IPv6 1679interface as described in RFC 4941. 1680.It Va ipv6_network_interfaces 1681.Pq Vt str 1682This is the IPv6 equivalent of 1683.Va network_interfaces . 1684Normally manual configuration of this variable is not needed. 1685.It Va ipv6_cpe_wanif 1686.Pq Vt str 1687If the variable is set to an interface name, 1688the 1689.Xr ifconfig 8 1690options 1691.Dq inet6 -no_radr accept_rtadv 1692will be added to the specified interface automatically before evaluating 1693.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1694and two 1695.Xr sysctl 8 1696variables 1697.Va net.inet6.ip6.rfc6204w3 1698and 1699.Va net.inet6.ip6.no_radr 1700will be set to 1. 1701.Pp 1702This means the specified interface will accept ICMPv6 Router 1703Advertisement messages on that link and add the discovered 1704routers into the Default Router List. 1705While the other interfaces can still accept RA messages if the 1706.Dq inet6 accept_rtadv 1707option is specified, adding 1708routes into the Default Router List will be disabled by 1709.Dq inet6 no_radr 1710option by default. 1711See 1712.Xr ifconfig 8 1713for more details. 1714.Pp 1715Note that ICMPv6 Router Advertisement messages will be 1716accepted even when 1717.Va net.inet6.ip6.forwarding 1718is 1 1719.Pq packet forwarding is enabled 1720when 1721.Va net.inet6.ip6.rfc6204w3 1722is set to 1. 1723.Pp 1724Default is 1725.Dq Li NO . 1726.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1727.Pq Vt str 1728This assigns arbitrary description to an interface. 1729The 1730.Xr sysctl 8 1731variable 1732.Va net.ifdescr_maxlen 1733limits its length. 1734This static setting may be overridden by commands 1735started with dynamic interface configuration utilities 1736like 1737.Xr dhclient 8 1738hooks. 1739The description can be seen with 1740.Xr ifconfig 8 1741command and it may be exported with 1742.Xr bsnmpd 1 1743daemon using its MIB-2 module. 1744.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1745.Pq Vt str 1746IPv6 functionality on an interface should be configured by 1747.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1748instead of setting ifconfig parameters in 1749.Va ifconfig_ Ns Aq Ar interface . 1750If this variable is empty, all of IPv6 configurations on the 1751specified interface by other variables such as 1752.Va ipv6_prefix_ Ns Ao Ar interface Ac 1753will be ignored. 1754.Pp 1755Aliases should be set by 1756.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1757with 1758.Dq Li inet6 1759keyword. 1760For example: 1761.Bd -literal 1762ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1763ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1764.Ed 1765.Pp 1766Interfaces that have an 1767.Dq Li inet6 accept_rtadv 1768keyword in 1769.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1770setting will be automatically configured by SLAAC 1771.Pq StateLess Address AutoConfiguration 1772described in 1773.Rs 1774.%T "RFC 4862" 1775.Re 1776.Pp 1777Note that a link-local address will be automatically configured in 1778addition to the configured global-scope addresses because the IPv6 1779specifications require it on each link. 1780The address is calculated from the MAC address by using an algorithm 1781defined in 1782.Rs 1783.%T "RFC 4862" 1784.%O "Section 5.3" 1785.Re 1786.Pp 1787If only a link-local address is needed on the interface, 1788the following configuration can be used: 1789.Bd -literal 1790ifconfig_em0_ipv6="inet6 auto_linklocal" 1791.Ed 1792.Pp 1793A link-local address can also be configured manually. 1794This is useful for the default router address of an IPv6 router 1795so that it does not change when the network interface 1796card is replaced. 1797For example: 1798.Bd -literal 1799ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1800.Ed 1801.It Va ipv6_prefix_ Ns Aq Ar interface 1802.Pq Vt str 1803If one or more prefixes are defined in 1804.Va ipv6_prefix_ Ns Aq Ar interface 1805addresses based on each prefix and the EUI-64 interface index will be 1806configured on that interface. 1807Note that this variable will be ignored when 1808.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1809is empty. 1810.Pp 1811For example, the following configuration 1812.Bd -literal 1813ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1814.Ed 1815.Pp 1816is equivalent to the following: 1817.Bd -literal 1818ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1819ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1820ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1821ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1822.Ed 1823.Pp 1824These Subnet-Router anycast addresses will be added only when 1825.Va ipv6_gateway_enable 1826is YES. 1827.It Va ipv6_default_interface 1828.Pq Vt str 1829If not set to 1830.Dq Li NO , 1831this is the default output interface for scoped addresses. 1832This works only with ipv6_gateway_enable="NO". 1833.It Va ip6addrctl_enable 1834.Pq Vt bool 1835This variable is to enable configuring default address selection policy table 1836.Pq RFC 3484 . 1837The table can be specified in another variable 1838.Va ip6addrctl_policy . 1839For 1840.Va ip6addrctl_policy 1841the following keywords can be specified: 1842.Dq Li ipv4_prefer , 1843.Dq Li ipv6_prefer , 1844or 1845.Dq Li AUTO . 1846.Pp 1847If 1848.Dq Li ipv4_prefer 1849or 1850.Dq Li ipv6_prefer 1851is specified, 1852.Xr ip6addrctl 8 1853installs a pre-defined policy table described in Section 10.3 1854.Pq IPv4-preferred 1855or 2.1 1856.Pq IPv6-preferred 1857of RFC 3484. 1858.Pp 1859If 1860.Dq Li AUTO 1861is specified, it attempts to read a file 1862.Pa /etc/ip6addrctl.conf 1863first. 1864If this file is found, 1865.Xr ip6addrctl 8 1866reads and installs it. 1867If not found, a policy is automatically set 1868according to 1869.Va ipv6_activate_all_interfaces 1870variable; if the variable is set to 1871.Dq Li YES 1872the IPv6-preferred one is used. 1873Otherwise IPv4-preferred. 1874.Pp 1875The default value of 1876.Va ip6addrctl_enable 1877and 1878.Va ip6addrctl_policy 1879are 1880.Dq Li YES 1881and 1882.Dq Li AUTO , 1883respectively. 1884.It Va cloned_interfaces 1885.Pq Vt str 1886Set to the list of clonable network interfaces to create on this host. 1887Further cloning arguments may be passed to the 1888.Xr ifconfig 8 1889.Cm create 1890command for each interface by setting the 1891.Va create_args_ Ns Aq Ar interface 1892variable. 1893If an interface name is specified with 1894.Dq :sticky 1895keyword, 1896the interface will not be destroyed even when 1897.Pa rc.d/netif 1898script is invoked with 1899.Dq stop 1900argument. 1901This is useful when reconfiguring the interface without destroying it. 1902Entries in 1903.Va cloned_interfaces 1904are automatically appended to 1905.Va network_interfaces 1906for configuration. 1907.It Va cloned_interfaces_sticky 1908.Pq Vt bool 1909This variable is to globally enable functionality of 1910.Dq :sticky 1911keyword in 1912.Va cloned_interfaces 1913for all interfaces. 1914The default value is 1915.Dq NO . 1916Even if this variable is specified to 1917.Dq YES , 1918.Dq :nosticky 1919keyword can be used to override it on per interface basis. 1920.It Va gif_interfaces 1921Set to the list of 1922.Xr gif 4 1923tunnel interfaces to configure on this host. 1924A 1925.Va gifconfig_ Ns Aq Ar interface 1926variable is assumed to exist for each value of 1927.Ar interface . 1928The value of this variable is used to configure the link layer of the 1929tunnel using the 1930.Cm tunnel 1931option to 1932.Xr ifconfig 8 . 1933Additionally, this option ensures that each listed interface is created 1934via the 1935.Cm create 1936option to 1937.Xr ifconfig 8 1938before attempting to configure it. 1939.Pp 1940For example, configure two 1941.Xr gif 4 1942interfaces with: 1943.Bd -literal 1944gif_interfaces="gif0 gif1" 1945gifconfig_gif0="100.64.0.1 100.64.0.2" 1946ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1947gifconfig_gif1="inet6 2a00::1 2a01::1" 1948ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1949.Ed 1950.It Va ppp_enable 1951.Pq Vt bool 1952If set to 1953.Dq Li YES , 1954run the 1955.Xr ppp 8 1956daemon. 1957.It Va ppp_profile 1958.Pq Vt str 1959The name of the profile to use from 1960.Pa /etc/ppp/ppp.conf . 1961Also used for per-profile overrides of 1962.Va ppp_mode 1963and 1964.Va ppp_nat , 1965and 1966.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1967When the profile name contains any of the characters 1968.Dq Li .-/+ 1969they are translated to 1970.Dq Li _ 1971for the proposes of the override variable names. 1972.It Va ppp_mode 1973.Pq Vt str 1974Mode in which to run the 1975.Xr ppp 8 1976daemon. 1977.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1978.Pq Vt str 1979Overrides the global 1980.Va ppp_mode 1981for 1982.Ar profile . 1983Accepted modes are 1984.Dq Li auto , 1985.Dq Li ddial , 1986.Dq Li direct 1987and 1988.Dq Li dedicated . 1989See the manual for a full description. 1990.It Va ppp_nat 1991.Pq Vt bool 1992If set to 1993.Dq Li YES , 1994enables network address translation. 1995Used in conjunction with 1996.Va gateway_enable 1997allows hosts on private network addresses access to the Internet using 1998this host as a network address translating router. 1999Default is 2000.Dq Li YES . 2001.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2002.Pq Vt str 2003Overrides the global 2004.Va ppp_nat 2005for 2006.Ar profile . 2007.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2008.Pq Vt int 2009Set the unit number to be used for this profile. 2010See the manual description of 2011.Fl unit Ns Ar N 2012for details. 2013.It Va ppp_user 2014.Pq Vt str 2015The name of the user under which 2016.Xr ppp 8 2017should be started. 2018By 2019default, 2020.Xr ppp 8 2021is started as 2022.Dq Li root . 2023.It Va rc_conf_files 2024.Pq Vt str 2025This option is used to specify a list of files that will override 2026the settings in 2027.Pa /etc/defaults/rc.conf . 2028The files will be read in the order in which they are specified and should 2029include the full path to the file. 2030By default, the files specified are 2031.Pa /etc/rc.conf 2032and 2033.Pa /etc/rc.conf.local 2034.It Va zfs_enable 2035.Pq Vt bool 2036If set to 2037.Dq Li YES , 2038.Pa /etc/rc.d/zfs 2039will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2040(ZVOLs). 2041.It Va gptboot_enable 2042.Pq Vt bool 2043If set to 2044.Dq Li YES , 2045.Pa /etc/rc.d/gptboot 2046will log if the system successfully (or not) booted from a GPT partition, 2047which had the 2048.Ar bootonce 2049attribute set using 2050.Xr gpart 8 2051utility. 2052.It Va gbde_autoattach_all 2053.Pq Vt bool 2054If set to 2055.Dq Li YES , 2056.Pa /etc/rc.d/gbde 2057will attempt to automatically initialize your .bde devices in 2058.Pa /etc/fstab . 2059.It Va gbde_devices 2060.Pq Vt str 2061List the devices that the script should try to attach, 2062or 2063.Dq Li AUTO . 2064.It Va gbde_lockdir 2065.Pq Vt str 2066The directory where the 2067.Xr gbde 4 2068lockfiles are located. 2069The default lockfile directory is 2070.Pa /etc . 2071.Pp 2072The lockfile for each individual 2073.Xr gbde 4 2074device can be overridden by setting the variable 2075.Va gbde_lock_ Ns Aq Ar device , 2076where 2077.Ar device 2078is the encrypted device without the 2079.Dq Pa /dev/ 2080and 2081.Dq Pa .bde 2082parts. 2083.It Va gbde_attach_attempts 2084.Pq Vt int 2085Number of times to attempt attaching to a 2086.Xr gbde 4 2087device, i.e., how many times the user is asked for the pass-phrase. 2088Default is 3. 2089.It Va geli_devices 2090.Pq Vt str 2091List of devices to automatically attach on boot. 2092Note that .eli devices from 2093.Pa /etc/fstab 2094are automatically appended to this list. 2095.It Va geli_groups 2096.Pq Vt str 2097List of groups containing devices to automatically attach on boot with the same 2098keyfiles and passphrase. 2099This must be accompanied with a corresponding 2100.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2101variable. 2102.It Va geli_tries 2103.Pq Vt int 2104Number of times user is asked for the pass-phrase. 2105If empty, it will be taken from 2106.Va kern.geom.eli.tries 2107sysctl variable. 2108.It Va geli_default_flags 2109.Pq Vt str 2110Default flags to use by 2111.Xr geli 8 2112when configuring disk encryption. 2113Flags can be configured for every device separately by defining the 2114.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2115variable, and for every group separately by defining the 2116.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2117variable. 2118.It Va geli_autodetach 2119.Pq Vt str 2120Specifies if GELI devices should be marked for detach on last close after 2121file systems are mounted. 2122Default is 2123.Dq Li YES . 2124This can be changed for every device separately by defining the 2125.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2126variable. 2127.It Va root_rw_mount 2128.Pq Vt bool 2129Set to 2130.Dq Li YES 2131by default. 2132After the file systems are checked at boot time, the root file system 2133is remounted as read-write if this is set to 2134.Dq Li YES . 2135Diskless systems that mount their root file system from a read-only remote 2136NFS share should set this to 2137.Dq Li NO 2138in their 2139.Pa rc.conf . 2140.It Va fsck_y_enable 2141.Pq Vt bool 2142If set to 2143.Dq Li YES , 2144.Xr fsck 8 2145will be run with the 2146.Fl y 2147flag if the initial preen 2148of the file systems fails. 2149.It Va background_fsck 2150.Pq Vt bool 2151If set to 2152.Dq Li NO , 2153the system will not attempt to run 2154.Xr fsck 8 2155in the background where possible. 2156.It Va background_fsck_delay 2157.Pq Vt int 2158The amount of time in seconds to sleep before starting a background 2159.Xr fsck 8 . 2160It defaults to sixty seconds to allow large applications such as 2161the X server to start before disk I/O bandwidth is monopolized by 2162.Xr fsck 8 . 2163If set to a negative number, the background file system check will be 2164delayed indefinitely to allow the administrator to run it at a more 2165convenient time. 2166For example it may be run from 2167.Xr cron 8 2168by adding a line like 2169.Pp 2170.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2171.Pp 2172to 2173.Pa /etc/crontab . 2174.It Va netfs_types 2175.Pq Vt str 2176List of file system types that are network-based. 2177This list should generally not be modified by end users. 2178Use 2179.Va extra_netfs_types 2180instead. 2181.It Va extra_netfs_types 2182.Pq Vt str 2183If set to something other than 2184.Dq Li NO 2185(the default), 2186this variable extends the list of file system types 2187for which automatic mounting at startup by 2188.Xr rc 8 2189should be delayed until the network is initialized. 2190It should contain 2191a whitespace-separated list of network file system descriptor pairs, 2192each consisting of a file system type as passed to 2193.Xr mount 8 2194and a human-readable, one-word description, 2195joined with a colon 2196.Pq Ql \&: . 2197Extending the default list in this way is only necessary 2198when third party file system types are used. 2199.It Va syslogd_enable 2200.Pq Vt bool 2201If set to 2202.Dq Li YES , 2203run the 2204.Xr syslogd 8 2205daemon. 2206.It Va syslogd_program 2207.Pq Vt str 2208Path to 2209.Xr syslogd 8 2210(default 2211.Pa /usr/sbin/syslogd ) . 2212.It Va syslogd_flags 2213.Pq Vt str 2214If 2215.Va syslogd_enable 2216is set to 2217.Dq Li YES , 2218these are the flags to pass to 2219.Xr syslogd 8 . 2220.It Va inetd_enable 2221.Pq Vt bool 2222If set to 2223.Dq Li YES , 2224run the 2225.Xr inetd 8 2226daemon. 2227.It Va inetd_program 2228.Pq Vt str 2229Path to 2230.Xr inetd 8 2231(default 2232.Pa /usr/sbin/inetd ) . 2233.It Va inetd_flags 2234.Pq Vt str 2235If 2236.Va inetd_enable 2237is set to 2238.Dq Li YES , 2239these are the flags to pass to 2240.Xr inetd 8 . 2241.It Va hastd_enable 2242.Pq Vt bool 2243If set to 2244.Dq Li YES , 2245run the 2246.Xr hastd 8 2247daemon. 2248.It Va hastd_program 2249.Pq Vt str 2250Path to 2251.Xr hastd 8 2252(default 2253.Pa /sbin/hastd ) . 2254.It Va hastd_flags 2255.Pq Vt str 2256If 2257.Va hastd_enable 2258is set to 2259.Dq Li YES , 2260these are the flags to pass to 2261.Xr hastd 8 . 2262.It Va local_unbound_enable 2263.Pq Vt bool 2264If set to 2265.Dq Li YES , 2266run the 2267.Xr unbound 8 2268daemon as a local caching resolver. 2269.It Va kdc_enable 2270.Pq Vt bool 2271Set to 2272.Dq Li YES 2273to start a Kerberos 5 authentication server 2274at boot time. 2275.It Va kdc_program 2276.Pq Vt str 2277If 2278.Va kdc_enable 2279is set to 2280.Dq Li YES 2281this is the path to Kerberos 5 Authentication Server. 2282.It Va kdc_flags 2283.Pq Vt str 2284Empty by default. 2285This variable contains additional flags to be passed to the Kerberos 5 2286authentication server. 2287.It Va kadmind_enable 2288.Pq Vt bool 2289Set to 2290.Dq Li YES 2291to start 2292.Xr kadmind 8 , 2293the Kerberos 5 Administration Daemon; set to 2294.Dq Li NO 2295on a slave server. 2296.It Va kadmind_program 2297.Pq Vt str 2298If 2299.Va kadmind_enable 2300is set to 2301.Dq Li YES 2302this is the path to Kerberos 5 Administration Daemon. 2303.It Va kpasswdd_enable 2304.Pq Vt bool 2305Set to 2306.Dq Li YES 2307to start 2308.Xr kpasswdd 8 , 2309the Kerberos 5 Password-Changing Daemon; set to 2310.Dq Li NO 2311on a slave server. 2312.It Va kpasswdd_program 2313.Pq Vt str 2314If 2315.Va kpasswdd_enable 2316is set to 2317.Dq Li YES 2318this is the path to Kerberos 5 Password-Changing Daemon. 2319.It Va kfd_enable 2320.Pq Vt bool 2321Set to 2322.Dq Li YES 2323to start 2324.Xr kfd 8 , 2325the Kerberos 5 ticket forwarding daemon, at the boot time. 2326.It Va kfd_program 2327.Pq Vt str 2328Path to 2329.Xr kfd 8 2330(default 2331.Pa /usr/libexec/kfd ) . 2332.It Va rwhod_enable 2333.Pq Vt bool 2334If set to 2335.Dq Li YES , 2336run the 2337.Xr rwhod 8 2338daemon at boot time. 2339.It Va rwhod_flags 2340.Pq Vt str 2341If 2342.Va rwhod_enable 2343is set to 2344.Dq Li YES , 2345these are the flags to pass to it. 2346.It Va update_motd 2347.Pq Vt bool 2348If set to 2349.Dq Li YES , 2350.Pa /etc/motd 2351will be updated at boot time to reflect the kernel release 2352being run. 2353If set to 2354.Dq Li NO , 2355.Pa /etc/motd 2356will not be updated. 2357.It Va nfs_client_enable 2358.Pq Vt bool 2359If set to 2360.Dq Li YES , 2361run the NFS client daemons at boot time. 2362.It Va nfs_access_cache 2363.Pq Vt int 2364If 2365.Va nfs_client_enable 2366is set to 2367.Dq Li YES , 2368this can be set to 2369.Dq Li 0 2370to disable NFS ACCESS RPC caching, or to the number of seconds for which 2371NFS ACCESS 2372results should be cached. 2373A value of 2-10 seconds will substantially reduce network 2374traffic for many NFS operations. 2375.It Va nfs_server_enable 2376.Pq Vt bool 2377If set to 2378.Dq Li YES , 2379run the NFS server daemons at boot time. 2380.It Va nfs_server_flags 2381.Pq Vt str 2382If 2383.Va nfs_server_enable 2384is set to 2385.Dq Li YES , 2386these are the flags to pass to the 2387.Xr nfsd 8 2388daemon. 2389.It Va nfsv4_server_enable 2390.Pq Vt bool 2391If 2392.Va nfs_server_enable 2393is set to 2394.Dq Li YES 2395and 2396.Va nfsv4_server_enable 2397is set to 2398.Dq Li YES , 2399enable the server for NFSv4 as well as NFSv2 and NFSv3. 2400.It Va nfsv4_server_only 2401.Pq Vt bool 2402If 2403.Va nfs_server_enable 2404is set to 2405.Dq Li YES 2406and 2407.Va nfsv4_server_only 2408is set to 2409.Dq Li YES , 2410enable the NFS server for NFSv4 only. 2411.It Va nfs_server_maxio 2412.Pq Vt int 2413value to set vfs.nfsd.srvmaxio to, which is the 2414maximum I/O size for the NFS server. 2415.It Va tlsclntd_enable 2416.Pq Vt bool 2417If set to 2418.Dq Li YES , 2419run the 2420.Xr rpc.tlsclntd 8 2421daemon, which is needed for NFS-over-TLS NFS mounts. 2422.It Va tlsservd_enable 2423.Pq Vt bool 2424If set to 2425.Dq Li YES , 2426run the 2427.Xr rpc.tlsservd 8 2428daemon, which is needed for the 2429.Xr nfsd 8 2430to support NFS-over-TLS NFS mounts. 2431.It Va nfsuserd_enable 2432.Pq Vt bool 2433If 2434.Va nfsuserd_enable 2435is set to 2436.Dq Li YES , 2437run the nfsuserd daemon, which is needed for NFSv4 in order 2438to map between user/group names vs uid/gid numbers. 2439If 2440.Va nfsv4_server_enable 2441is set to 2442.Dq Li YES , 2443this will be forced enabled. 2444.It Va nfsuserd_flags 2445.Pq Vt str 2446If 2447.Va nfsuserd_enable 2448is set to 2449.Dq Li YES , 2450these are the flags to pass to the 2451.Xr nfsuserd 8 2452daemon. 2453.It Va nfscbd_enable 2454.Pq Vt bool 2455If 2456.Va nfscbd_enable 2457is set to 2458.Dq Li YES , 2459run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2460.It Va nfscbd_flags 2461.Pq Vt str 2462If 2463.Va nfscbd_enable 2464is set to 2465.Dq Li YES , 2466these are the flags to pass to the 2467.Xr nfscbd 8 2468daemon. 2469.It Va mountd_enable 2470.Pq Vt bool 2471If set to 2472.Dq Li YES , 2473and no 2474.Va nfs_server_enable 2475is set, start 2476.Xr mountd 8 , 2477but not 2478.Xr nfsd 8 2479daemon. 2480It is commonly needed to run CFS without real NFS used. 2481.It Va mountd_flags 2482.Pq Vt str 2483If 2484.Va mountd_enable 2485is set to 2486.Dq Li YES , 2487these are the flags to pass to the 2488.Xr mountd 8 2489daemon. 2490.It Va weak_mountd_authentication 2491.Pq Vt bool 2492If set to 2493.Dq Li YES , 2494allow services like PCNFSD to make non-privileged mount 2495requests. 2496.It Va nfs_reserved_port_only 2497.Pq Vt bool 2498If set to 2499.Dq Li YES , 2500provide NFS services only on a secure port. 2501.It Va nfs_bufpackets 2502.Pq Vt int 2503If set to a number, indicates the number of packets worth of 2504socket buffer space to reserve on an NFS client. 2505The kernel default is typically 4. 2506Using a higher number may be 2507useful on gigabit networks to improve performance. 2508The minimum value is 25092 and the maximum is 64. 2510.It Va rpc_lockd_enable 2511.Pq Vt bool 2512If set to 2513.Dq Li YES 2514and also an NFS server or client, run 2515.Xr rpc.lockd 8 2516at boot time. 2517.It Va rpc_lockd_flags 2518.Pq Vt str 2519If 2520.Va rpc_lockd_enable 2521is set to 2522.Dq Li YES , 2523these are the flags to pass to the 2524.Xr rpc.lockd 8 2525daemon. 2526.It Va rpc_statd_enable 2527.Pq Vt bool 2528If set to 2529.Dq Li YES 2530and also an NFS server or client, run 2531.Xr rpc.statd 8 2532at boot time. 2533.It Va rpc_statd_flags 2534.Pq Vt str 2535If 2536.Va rpc_statd_enable 2537is set to 2538.Dq Li YES , 2539these are the flags to pass to the 2540.Xr rpc.statd 8 2541daemon. 2542.It Va rpcbind_program 2543.Pq Vt str 2544Path to 2545.Xr rpcbind 8 2546(default 2547.Pa /usr/sbin/rpcbind ) . 2548.It Va rpcbind_enable 2549.Pq Vt bool 2550If set to 2551.Dq Li YES , 2552run the 2553.Xr rpcbind 8 2554service at boot time. 2555.It Va rpcbind_flags 2556.Pq Vt str 2557If 2558.Va rpcbind_enable 2559is set to 2560.Dq Li YES , 2561these are the flags to pass to the 2562.Xr rpcbind 8 2563daemon. 2564.It Va keyserv_enable 2565.Pq Vt bool 2566If set to 2567.Dq Li YES , 2568run the 2569.Xr keyserv 8 2570daemon on boot for running Secure RPC. 2571.It Va keyserv_flags 2572.Pq Vt str 2573If 2574.Va keyserv_enable 2575is set to 2576.Dq Li YES , 2577these are the flags to pass to 2578.Xr keyserv 8 2579daemon. 2580.It Va pppoed_enable 2581.Pq Vt bool 2582If set to 2583.Dq Li YES , 2584run the 2585.Xr pppoed 8 2586daemon at boot time to provide PPP over Ethernet services. 2587.It Va pppoed_ Ns Aq Ar provider 2588.Pq Vt str 2589.Xr pppoed 8 2590listens to requests to this 2591.Ar provider 2592and ultimately runs 2593.Xr ppp 8 2594with a 2595.Ar system 2596argument of the same name. 2597.It Va pppoed_flags 2598.Pq Vt str 2599Additional flags to pass to 2600.Xr pppoed 8 . 2601.It Va pppoed_interface 2602.Pq Vt str 2603The network interface to run 2604.Xr pppoed 8 2605on. 2606This is mandatory when 2607.Va pppoed_enable 2608is set to 2609.Dq Li YES . 2610.It Va ntpdate_enable 2611.Pq Vt bool 2612If set to 2613.Dq Li YES , 2614run 2615.Xr ntpdate 8 2616at system startup. 2617This command is intended to 2618synchronize the system clock only 2619.Em once 2620from some standard reference. 2621.Pp 2622Note that the use of the 2623.Va ntpd_sync_on_start 2624variable is a preferred alternative to the 2625.Xr ntpdate 8 2626utility as 2627.Xr ntpdate 8 2628is to be retired from the NTP distribution. 2629.It Va ntpdate_config 2630.Pq Vt str 2631Configuration file for 2632.Xr ntpdate 8 . 2633Default 2634.Pa /etc/ntp.conf . 2635.It Va ntpdate_hosts 2636.Pq Vt str 2637A whitespace-separated list of NTP servers to synchronize with at startup. 2638The default is to use the servers listed in 2639.Va ntpdate_config , 2640if that file exists. 2641.It Va ntpdate_program 2642.Pq Vt str 2643Path to 2644.Xr ntpdate 8 2645(default 2646.Pa /usr/sbin/ntpdate ) . 2647.It Va ntpdate_flags 2648.Pq Vt str 2649If 2650.Va ntpdate_enable 2651is set to 2652.Dq Li YES , 2653these are the flags to pass to the 2654.Xr ntpdate 8 2655command (typically a hostname). 2656.It Va ntpd_enable 2657.Pq Vt bool 2658If set to 2659.Dq Li YES , 2660run the 2661.Xr ntpd 8 2662command at boot time. 2663.It Va ntpd_program 2664.Pq Vt str 2665Path to 2666.Xr ntpd 8 2667(default 2668.Pa /usr/sbin/ntpd ) . 2669.It Va ntpd_config 2670.Pq Vt str 2671Path to 2672.Xr ntpd 8 2673configuration file. 2674Default 2675.Pa /etc/ntp.conf . 2676.It Va ntpd_flags 2677.Pq Vt str 2678If 2679.Va ntpd_enable 2680is set to 2681.Dq Li YES , 2682these are the flags to pass to the 2683.Xr ntpd 8 2684daemon. 2685.It Va ntpd_sync_on_start 2686.Pq Vt bool 2687If set to 2688.Dq Li YES , 2689.Xr ntpd 8 2690is run with the 2691.Fl g 2692flag, which syncs the system's clock on startup. 2693See 2694.Xr ntpd 8 2695for more information regarding the 2696.Fl g 2697option. 2698This is a preferred alternative to using 2699.Xr ntpdate 8 2700or specifying the 2701.Va ntpdate_enable 2702variable. 2703.It Va nis_client_enable 2704.Pq Vt bool 2705If set to 2706.Dq Li YES , 2707run the 2708.Xr ypbind 8 2709service at system boot time. 2710.It Va nis_client_flags 2711.Pq Vt str 2712If 2713.Va nis_client_enable 2714is set to 2715.Dq Li YES , 2716these are the flags to pass to the 2717.Xr ypbind 8 2718service. 2719.It Va nis_ypldap_enable 2720.Pq Vt bool 2721If set to 2722.Dq Li YES , 2723run the 2724.Xr ypldap 8 2725daemon at system boot time. 2726.It Va nis_ypldap_flags 2727.Pq Vt str 2728If 2729.Va nis.ypldap_enable 2730is set to 2731.Dq Li YES , 2732these are the flags to pass to the 2733.Xr ypldap 8 2734daemon. 2735.It Va nis_ypset_enable 2736.Pq Vt bool 2737If set to 2738.Dq Li YES , 2739run the 2740.Xr ypset 8 2741daemon at system boot time. 2742.It Va nis_ypset_flags 2743.Pq Vt str 2744If 2745.Va nis_ypset_enable 2746is set to 2747.Dq Li YES , 2748these are the flags to pass to the 2749.Xr ypset 8 2750daemon. 2751.It Va nis_server_enable 2752.Pq Vt bool 2753If set to 2754.Dq Li YES , 2755run the 2756.Xr ypserv 8 2757daemon at system boot time. 2758.It Va nis_server_flags 2759.Pq Vt str 2760If 2761.Va nis_server_enable 2762is set to 2763.Dq Li YES , 2764these are the flags to pass to the 2765.Xr ypserv 8 2766daemon. 2767.It Va nis_ypxfrd_enable 2768.Pq Vt bool 2769If set to 2770.Dq Li YES , 2771run the 2772.Xr rpc.ypxfrd 8 2773daemon at system boot time. 2774.It Va nis_ypxfrd_flags 2775.Pq Vt str 2776If 2777.Va nis_ypxfrd_enable 2778is set to 2779.Dq Li YES , 2780these are the flags to pass to the 2781.Xr rpc.ypxfrd 8 2782daemon. 2783.It Va nis_yppasswdd_enable 2784.Pq Vt bool 2785If set to 2786.Dq Li YES , 2787run the 2788.Xr rpc.yppasswdd 8 2789daemon at system boot time. 2790.It Va nis_yppasswdd_flags 2791.Pq Vt str 2792If 2793.Va nis_yppasswdd_enable 2794is set to 2795.Dq Li YES , 2796these are the flags to pass to the 2797.Xr rpc.yppasswdd 8 2798daemon. 2799.It Va rpc_ypupdated_enable 2800.Pq Vt bool 2801If set to 2802.Dq Li YES , 2803run the 2804.Nm rpc.ypupdated 2805daemon at system boot time. 2806.It Va bsnmpd_enable 2807.Pq Vt bool 2808If set to 2809.Dq Li YES , 2810run the 2811.Xr bsnmpd 1 2812daemon at system boot time. 2813Be sure to understand the security implications of running SNMP daemon 2814on your host. 2815.It Va bsnmpd_flags 2816.Pq Vt str 2817If 2818.Va bsnmpd_enable 2819is set to 2820.Dq Li YES , 2821these are the flags to pass to the 2822.Xr bsnmpd 1 2823daemon. 2824.It Va defaultrouter 2825.Pq Vt str 2826If not set to 2827.Dq Li NO , 2828create a default route to this host name or IP address 2829(use an IP address if this router is also required to get to the 2830name server!). 2831.It Va defaultrouter_fibN 2832.Pq Vt str 2833If not set to 2834.Dq Li NO , 2835create a default route in FIB N to this host name or IP address. 2836.It Va ipv6_defaultrouter 2837.Pq Vt str 2838The IPv6 equivalent of 2839.Va defaultrouter . 2840.It Va ipv6_defaultrouter_fibN 2841.Pq Vt str 2842The IPv6 equivalent of 2843.Va defaultrouter_fibN . 2844.It Va static_arp_pairs 2845.Pq Vt str 2846Set to the list of static ARP pairs that are to be added at system 2847boot time. 2848For each whitespace separated 2849.Ar element 2850in the value, a 2851.Va static_arp_ Ns Aq Ar element 2852variable is assumed to exist whose contents will later be passed to a 2853.Dq Nm arp Cm -S 2854operation. 2855For example 2856.Bd -literal 2857static_arp_pairs="gw" 2858static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2859.Ed 2860.It Va static_ndp_pairs 2861.Pq Vt str 2862Set to the list of static NDP pairs that are to be added at system 2863boot time. 2864For each whitespace separated 2865.Ar element 2866in the value, a 2867.Va static_ndp_ Ns Aq Ar element 2868variable is assumed to exist whose contents will later be passed to a 2869.Dq Nm ndp Cm -s 2870operation. 2871For example 2872.Bd -literal 2873static_ndp_pairs="gw" 2874static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2875.Ed 2876.It Va static_routes 2877.Pq Vt str 2878Set to the list of static routes that are to be added at system 2879boot time. 2880If not set to 2881.Dq Li NO 2882then for each whitespace separated 2883.Ar element 2884in the value, a 2885.Va route_ Ns Aq Ar element 2886variable is assumed to exist 2887whose contents will later be passed to a 2888.Dq Nm route Cm add 2889operation. 2890For example: 2891.Bd -literal 2892static_routes="ext mcast:gif0 gif0local:gif0" 2893route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2894route_mcast="-net 224.0.0.0/4 -iface gif0" 2895route_gif0local="-host 169.254.1.1 -iface lo0" 2896.Ed 2897.Pp 2898When an 2899.Ar element 2900is in the form of 2901.Li name:ifname , 2902the route is specific to the interface 2903.Li ifname . 2904.It Va ipv6_static_routes 2905.Pq Vt str 2906The IPv6 equivalent of 2907.Va static_routes . 2908If not set to 2909.Dq Li NO 2910then for each whitespace separated 2911.Ar element 2912in the value, a 2913.Va ipv6_route_ Ns Aq Ar element 2914variable is assumed to exist 2915whose contents will later be passed to a 2916.Dq Nm route Cm add Fl inet6 2917operation. 2918.It Va gateway_enable 2919.Pq Vt bool 2920If set to 2921.Dq Li YES , 2922configure host to act as an IP router, e.g.\& to forward packets 2923between interfaces. 2924.It Va ipv6_gateway_enable 2925.Pq Vt bool 2926The IPv6 equivalent of 2927.Va gateway_enable . 2928.It Va routed_enable 2929.Pq Vt bool 2930If set to 2931.Dq Li YES , 2932run a routing daemon of some sort, based on the 2933settings of 2934.Va routed_program 2935and 2936.Va routed_flags . 2937.It Va route6d_enable 2938.Pq Vt bool 2939The IPv6 equivalent of 2940.Va routed_enable . 2941If set to 2942.Dq Li YES , 2943run a routing daemon of some sort, based on the 2944settings of 2945.Va route6d_program 2946and 2947.Va route6d_flags . 2948.It Va routed_program 2949.Pq Vt str 2950If 2951.Va routed_enable 2952is set to 2953.Dq Li YES , 2954this is the name of the routing daemon to use. 2955.It Va route6d_program 2956.Pq Vt str 2957The IPv6 equivalent of 2958.Va routed_program . 2959.It Va routed_flags 2960.Pq Vt str 2961If 2962.Va routed_enable 2963is set to 2964.Dq Li YES , 2965these are the flags to pass to the routing daemon. 2966.It Va route6d_flags 2967.Pq Vt str 2968The IPv6 equivalent of 2969.Va routed_flags . 2970.It Va rtadvd_enable 2971.Pq Vt bool 2972If set to 2973.Dq Li YES , 2974run the 2975.Xr rtadvd 8 2976daemon at boot time. 2977The 2978.Xr rtadvd 8 2979utility sends ICMPv6 Router Advertisement messages to 2980the interfaces specified in 2981.Va rtadvd_interfaces . 2982This should only be enabled with great care. 2983You may want to fine-tune 2984.Xr rtadvd.conf 5 . 2985.It Va rtadvd_interfaces 2986.Pq Vt str 2987If 2988.Va rtadvd_enable 2989is set to 2990.Dq Li YES 2991this is the list of interfaces to use. 2992.It Va arpproxy_all 2993.Pq Vt bool 2994If set to 2995.Dq Li YES , 2996enable global proxy ARP. 2997.It Va forward_sourceroute 2998.Pq Vt bool 2999If set to 3000.Dq Li YES 3001and 3002.Va gateway_enable 3003is also set to 3004.Dq Li YES , 3005source-routed packets are forwarded. 3006.It Va accept_sourceroute 3007.Pq Vt bool 3008If set to 3009.Dq Li YES , 3010the system will accept source-routed packets directed at it. 3011.It Va rarpd_enable 3012.Pq Vt bool 3013If set to 3014.Dq Li YES , 3015run the 3016.Xr rarpd 8 3017daemon at system boot time. 3018.It Va rarpd_flags 3019.Pq Vt str 3020If 3021.Va rarpd_enable 3022is set to 3023.Dq Li YES , 3024these are the flags to pass to the 3025.Xr rarpd 8 3026daemon. 3027.It Va bootparamd_enable 3028.Pq Vt bool 3029If set to 3030.Dq Li YES , 3031run the 3032.Xr bootparamd 8 3033daemon at system boot time. 3034.It Va bootparamd_flags 3035.Pq Vt str 3036If 3037.Va bootparamd_enable 3038is set to 3039.Dq Li YES , 3040these are the flags to pass to the 3041.Xr bootparamd 8 3042daemon. 3043.It Va stf_interface_ipv4addr 3044.Pq Vt str 3045If not set to 3046.Dq Li NO , 3047this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3048interface). 3049Specify this entry to enable the 6to4 interface. 3050.It Va stf_interface_ipv4plen 3051.Pq Vt int 3052Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3053An effective value is 0-31. 3054.It Va stf_interface_ipv6_ifid 3055.Pq Vt str 3056IPv6 interface ID for 3057.Xr stf 4 . 3058This can be set to 3059.Dq Li AUTO . 3060.It Va stf_interface_ipv6_slaid 3061.Pq Vt str 3062IPv6 Site Level Aggregator for 3063.Xr stf 4 . 3064.It Va ipv6_ipv4mapping 3065.Pq Vt bool 3066If set to 3067.Dq Li YES 3068this enables IPv4 mapped IPv6 address communication (like 3069.Li ::ffff:a.b.c.d ) . 3070.It Va rtsold_enable 3071.Pq Vt bool 3072Set to 3073.Dq Li YES 3074to enable the 3075.Xr rtsold 8 3076daemon to send ICMPv6 Router Solicitation messages. 3077.It Va rtsold_flags 3078.Pq Vt str 3079If 3080.Va rtsold_enable 3081is set to 3082.Dq Li YES , 3083these are the flags to pass to 3084.Xr rtsold 8 . 3085.It Va rtsol_flags 3086.Pq Vt str 3087For interfaces configured with the 3088.Dq Li inet6 accept_rtadv 3089keyword, these are the flags to pass to 3090.Xr rtsol 8 . 3091.Pp 3092Note that 3093.Va rtsold_enable 3094is mutually exclusive to 3095.Va rtsol_flags ; 3096.Va rtsold_enable 3097takes precedence. 3098.It Va keybell 3099.Pq Vt str 3100The keyboard bell sound. 3101Set to 3102.Dq Li normal , 3103.Dq Li visual , 3104.Dq Li off , 3105or 3106.Dq Li NO 3107if the default behavior is desired. 3108For details, refer to the 3109.Xr kbdcontrol 1 3110manpage. 3111.It Va keyboard 3112.Pq Vt str 3113If set to a non-null string, the virtual console's keyboard input is 3114set to this device. 3115.It Va keymap 3116.Pq Vt str 3117If set to 3118.Dq Li NO , 3119no keymap is installed, otherwise the value is used to install 3120the keymap file found in 3121.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3122(if using 3123.Xr syscons 4 ) or 3124.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3125(if using 3126.Xr vt 4 ) . 3127.It Va keyrate 3128.Pq Vt str 3129The keyboard repeat speed. 3130Set to 3131.Dq Li slow , 3132.Dq Li normal , 3133.Dq Li fast , 3134or 3135.Dq Li NO 3136if the default behavior is desired. 3137.It Va keychange 3138.Pq Vt str 3139If not set to 3140.Dq Li NO , 3141attempt to program the function keys with the value. 3142The value should 3143be a single string of the form: 3144.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3145.It Va cursor 3146.Pq Vt str 3147Can be set to the value of 3148.Dq Li normal , 3149.Dq Li blink , 3150.Dq Li destructive , 3151or 3152.Dq Li NO 3153to set the cursor behavior explicitly or choose the default behavior. 3154.It Va scrnmap 3155.Pq Vt str 3156If set to 3157.Dq Li NO , 3158no screen map is installed, otherwise the value is used to install 3159the screen map file in 3160.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3161This parameter is ignored when using 3162.Xr vt 4 3163as the console driver. 3164.It Va font8x16 3165.Pq Vt str 3166If set to 3167.Dq Li NO , 3168the default 8x16 font value is used for screen size requests, otherwise 3169the value in 3170.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3171or 3172.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3173is used (depending on the console driver being used). 3174.It Va font8x14 3175.Pq Vt str 3176If set to 3177.Dq Li NO , 3178the default 8x14 font value is used for screen size requests, otherwise 3179the value in 3180.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3181or 3182.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3183is used (depending on the console driver being used). 3184.It Va font8x8 3185.Pq Vt str 3186If set to 3187.Dq Li NO , 3188the default 8x8 font value is used for screen size requests, otherwise 3189the value in 3190.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3191or 3192.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3193is used (depending on the console driver being used). 3194.It Va blanktime 3195.Pq Vt int 3196If set to 3197.Dq Li NO , 3198the default screen blanking interval is used, otherwise it is set 3199to 3200.Ar value 3201seconds. 3202.It Va saver 3203.Pq Vt str 3204If not set to 3205.Dq Li NO , 3206this is the actual screen saver to use 3207.Li ( blank , snake , daemon , 3208etc). 3209.It Va moused_nondefault_enable 3210.Pq Vt str 3211If set to 3212.Dq Li NO , 3213the mouse device specified on 3214the command line is not automatically treated as enabled by the 3215.Pa /etc/rc.d/moused 3216script. 3217Having this variable set to 3218.Dq Li YES 3219allows a 3220.Xr usb 4 3221mouse, 3222for example, 3223to be enabled as soon as it is plugged in. 3224.It Va moused_enable 3225.Pq Vt str 3226If set to 3227.Dq Li YES , 3228the 3229.Xr moused 8 3230daemon is started for doing cut/paste selection on the console. 3231.It Va moused_type 3232.Pq Vt str 3233This is the protocol type of the mouse connected to this host. 3234This variable must be set if 3235.Va moused_enable 3236is set to 3237.Dq Li YES . 3238The 3239.Xr moused 8 3240daemon 3241is able to detect the appropriate mouse type automatically in many cases. 3242Set this variable to 3243.Dq Li auto 3244to let the daemon detect it, or 3245select one from the following list if the automatic detection fails. 3246.Pp 3247If the mouse is attached to the PS/2 mouse port, choose 3248.Dq Li auto 3249or 3250.Dq Li ps/2 , 3251regardless of the brand and model of the mouse. 3252Likewise, if the 3253mouse is attached to the bus mouse port, choose 3254.Dq Li auto 3255or 3256.Dq Li busmouse . 3257All other protocols are for serial mice and will not work with 3258the PS/2 and bus mice. 3259If this is a USB mouse, 3260.Dq Li auto 3261is the only protocol type which will work. 3262.Pp 3263.Bl -tag -width ".Li x10mouseremote" -compact 3264.It Li microsoft 3265Microsoft mouse (serial) 3266.It Li intellimouse 3267Microsoft IntelliMouse (serial) 3268.It Li mousesystems 3269Mouse systems Corp.\& mouse (serial) 3270.It Li mmseries 3271MM Series mouse (serial) 3272.It Li logitech 3273Logitech mouse (serial) 3274.It Li busmouse 3275A bus mouse 3276.It Li mouseman 3277Logitech MouseMan and TrackMan (serial) 3278.It Li glidepoint 3279ALPS GlidePoint (serial) 3280.It Li thinkingmouse 3281Kensington ThinkingMouse (serial) 3282.It Li ps/2 3283PS/2 mouse 3284.It Li mmhittab 3285MM HitTablet (serial) 3286.It Li x10mouseremote 3287X10 MouseRemote (serial) 3288.It Li versapad 3289Interlink VersaPad (serial) 3290.El 3291.Pp 3292Even if the mouse is not in the above list, it may be compatible 3293with one in the list. 3294Refer to the manual page for 3295.Xr moused 8 3296for compatibility information. 3297.Pp 3298It should also be noted that while this is enabled, any 3299other client of the mouse (such as an X server) should access 3300the mouse through the virtual mouse device, 3301.Pa /dev/sysmouse , 3302and configure it as a 3303.Dq Li sysmouse 3304type mouse, since all 3305mouse data is converted to this single canonical format when 3306using 3307.Xr moused 8 . 3308If the client program does not support the 3309.Dq Li sysmouse 3310type, 3311specify the 3312.Dq Li mousesystems 3313type. 3314It is the second preferred type. 3315.It Va moused_port 3316.Pq Vt str 3317If 3318.Va moused_enable 3319is set to 3320.Dq Li YES , 3321this is the actual port the mouse is on. 3322It might be 3323.Pa /dev/cuau0 3324for a COM1 serial mouse, or 3325.Pa /dev/psm0 3326for a PS/2 mouse, for example. 3327.It Va moused_flags 3328.Pq Vt str 3329If 3330.Va moused_flags 3331is set, its value is used as an additional set of flags to pass to the 3332.Xr moused 8 3333daemon. 3334.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3335When 3336.Va moused_nondefault_enable 3337is enabled, and a 3338.Xr moused 8 3339daemon is started for a non-default port, the 3340.Va "moused_" Ns Ar XXX Ns Va "_flags" 3341set of options has precedence over and replaces the default 3342.Va moused_flags 3343(where 3344.Ar XXX 3345is the name of the non-default port, i.e.,\& 3346.Ar ums0 ) . 3347By setting 3348.Va "moused_" Ns Ar XXX Ns Va "_flags" 3349it is possible to set up a different set of default flags for each 3350.Xr moused 8 3351instance. 3352For example, you can use 3353.Dq Li "-3" 3354for the default 3355.Va moused_flags 3356to make your laptop's touchpad more comfortable to use, 3357but an empty set of options for 3358.Va moused_ums0_flags 3359when your 3360.Xr usb 4 3361mouse has three or more buttons. 3362.It Va mousechar_start 3363.Pq Vt int 3364If set to 3365.Dq Li NO , 3366the default mouse cursor character range 3367.Li 0xd0 Ns - Ns Li 0xd3 3368is used, 3369otherwise the range start is set 3370to 3371.Ar value 3372character, see 3373.Xr vidcontrol 1 . 3374Use if the default range is occupied in the language code table. 3375.It Va allscreens_flags 3376.Pq Vt str 3377If set, 3378.Xr vidcontrol 1 3379is run with these options for each of the virtual terminals 3380.Pq Pa /dev/ttyv* . 3381For example, 3382.Dq Fl m Cm on 3383will enable the mouse pointer on all virtual terminals 3384if 3385.Va moused_enable 3386is set to 3387.Dq Li YES . 3388.It Va allscreens_kbdflags 3389.Pq Vt str 3390If set, 3391.Xr kbdcontrol 1 3392is run with these options for each of the virtual terminals 3393.Pq Pa /dev/ttyv* . 3394For example, 3395.Dq Fl h Li 200 3396will set the 3397.Xr syscons 4 3398or 3399.Xr vt 4 3400scrollback (history) buffer to 200 lines. 3401.It Va cron_enable 3402.Pq Vt bool 3403If set to 3404.Dq Li YES , 3405run the 3406.Xr cron 8 3407daemon at system boot time. 3408.It Va cron_program 3409.Pq Vt str 3410Path to 3411.Xr cron 8 3412(default 3413.Pa /usr/sbin/cron ) . 3414.It Va cron_flags 3415.Pq Vt str 3416If 3417.Va cron_enable 3418is set to 3419.Dq Li YES , 3420these are the flags to pass to 3421.Xr cron 8 . 3422.It Va cron_dst 3423.Pq Vt bool 3424If set to 3425.Dq Li YES , 3426enable the special handling of transitions to and from the 3427Daylight Saving Time in 3428.Xr cron 8 3429(equivalent to using the flag 3430.Fl s ) . 3431.It Va lpd_program 3432.Pq Vt str 3433Path to 3434.Xr lpd 8 3435(default 3436.Pa /usr/sbin/lpd ) . 3437.It Va lpd_enable 3438.Pq Vt bool 3439If set to 3440.Dq Li YES , 3441run the 3442.Xr lpd 8 3443daemon at system boot time. 3444.It Va lpd_flags 3445.Pq Vt str 3446If 3447.Va lpd_enable 3448is set to 3449.Dq Li YES , 3450these are the flags to pass to the 3451.Xr lpd 8 3452daemon. 3453.It Va chkprintcap_enable 3454.Pq Vt bool 3455If set to 3456.Dq Li YES , 3457run the 3458.Xr chkprintcap 8 3459command before starting the 3460.Xr lpd 8 3461daemon. 3462.It Va chkprintcap_flags 3463.Pq Vt str 3464If 3465.Va lpd_enable 3466and 3467.Va chkprintcap_enable 3468are set to 3469.Dq Li YES , 3470these are the flags to pass to the 3471.Xr chkprintcap 8 3472program. 3473The default is 3474.Dq Li -d , 3475which causes missing directories to be created. 3476.It Va mta_start_script 3477.Pq Vt str 3478This variable specifies the full path to the script to run to start 3479a mail transfer agent. 3480The default is 3481.Pa /etc/rc.sendmail . 3482The 3483.Va sendmail_* 3484variables which 3485.Pa /etc/rc.sendmail 3486uses are documented in the 3487.Xr rc.sendmail 8 3488manual page. 3489.It Va dumpdev 3490.Pq Vt str 3491Indicates the device (usually a swap partition) to which a crash dump 3492should be written in the event of a system crash. 3493If the value of this variable is 3494.Dq Li AUTO , 3495the first suitable swap device listed in 3496.Pa /etc/fstab 3497will be used as dump device. 3498Otherwise, the value of this variable is passed as the argument to 3499.Xr dumpon 8 3500and 3501.Xr savecore 8 . 3502To disable crash dumps, set this variable to 3503.Dq Li NO . 3504.It Va dumpon_flags 3505.Pq Vt str 3506Flags to pass to 3507.Xr dumpon 8 3508when configuring 3509.Va dumpdev 3510as the system dump device. 3511.It Va dumpdir 3512.Pq Vt str 3513When the system reboots after a crash and a crash dump is found on the 3514device specified by the 3515.Va dumpdev 3516variable, 3517.Xr savecore 8 3518will save that crash dump and a copy of the kernel to the directory 3519specified by the 3520.Va dumpdir 3521variable. 3522The default value is 3523.Pa /var/crash . 3524Set to 3525.Dq Li NO 3526to not run 3527.Xr savecore 8 3528at boot time when 3529.Va dumpdir 3530is set. 3531.It Va savecore_enable 3532.Pq Vt bool 3533If set to 3534.Dq Li NO , 3535disable automatic extraction of the crash dump from the 3536.Va dumpdev . 3537.It Va savecore_flags 3538.Pq Vt str 3539If crash dumps are enabled, these are the flags to pass to the 3540.Xr savecore 8 3541utility. 3542.It Va quota_enable 3543.Pq Vt bool 3544Set to 3545.Dq Li YES 3546to turn on user and group disk quotas on system startup via the 3547.Xr quotaon 8 3548command for all file systems marked as having quotas enabled in 3549.Pa /etc/fstab . 3550The kernel must be built with 3551.Cd "options QUOTA" 3552for disk quotas to function. 3553.It Va check_quotas 3554.Pq Vt bool 3555Set to 3556.Dq Li YES 3557to enable user and group disk quota checking via the 3558.Xr quotacheck 8 3559command. 3560.It Va quotacheck_flags 3561.Pq Vt str 3562If 3563.Va quota_enable 3564is set to 3565.Dq Li YES , 3566and 3567.Va check_quotas 3568is set to 3569.Dq Li YES , 3570these are the flags to pass to the 3571.Xr quotacheck 8 3572utility. 3573The default is 3574.Dq Li "-a" , 3575which checks quotas for all file systems with quotas enabled in 3576.Pa /etc/fstab . 3577.It Va quotaon_flags 3578.Pq Vt str 3579If 3580.Va quota_enable 3581is set to 3582.Dq Li YES , 3583these are the flags to pass to the 3584.Xr quotaon 8 3585utility. 3586The default is 3587.Dq Li "-a" , 3588which enables quotas for all file systems with quotas enabled in 3589.Pa /etc/fstab . 3590.It Va quotaoff_flags 3591.Pq Vt str 3592If 3593.Va quota_enable 3594is set to 3595.Dq Li YES , 3596these are the flags to pass to the 3597.Xr quotaoff 8 3598utility when shutting down the quota system. 3599The default is 3600.Dq Li "-a" , 3601which disables quotas for all file systems with quotas enabled in 3602.Pa /etc/fstab . 3603.It Va accounting_enable 3604.Pq Vt bool 3605Set to 3606.Dq Li YES 3607to enable system accounting through the 3608.Xr accton 8 3609facility. 3610.It Va firstboot_sentinel 3611.Pq Vt str 3612This variable specifies the full path to a 3613.Dq first boot 3614sentinel file. 3615If a file exists with this path, 3616.Pa rc.d 3617scripts with the 3618.Dq firstboot 3619keyword will be run on startup and the sentinel file will be deleted 3620after the boot process completes. 3621The sentinel file must be located on a writable file system which is 3622mounted no later than 3623.Va early_late_divider 3624to function properly. 3625The default is 3626.Pa /firstboot . 3627.It Va linux_enable 3628.Pq Vt bool 3629Set to 3630.Dq Li YES 3631to enable Linux/ELF binary emulation at system initial 3632boot time. 3633.It Va sysvipc_enable 3634.Pq Vt bool 3635If set to 3636.Dq Li YES , 3637load System V IPC primitives at boot time. 3638.It Va clear_tmp_enable 3639.Pq Vt bool 3640Set to 3641.Dq Li YES 3642to have 3643.Pa /tmp 3644cleaned at startup. 3645.It Va clear_tmp_X 3646.Pq Vt bool 3647Set to 3648.Dq Li NO 3649to disable removing of X11 lock files, 3650and the removal and (secure) recreation 3651of the various socket directories for X11 3652related programs. 3653.It Va ldconfig_paths 3654.Pq Vt str 3655Set to the list of shared library paths to use with 3656.Xr ldconfig 8 . 3657NOTE: 3658.Pa /lib 3659and 3660.Pa /usr/lib 3661will always be added first, so they need not appear in this list. 3662.It Va ldconfig32_paths 3663.Pq Vt str 3664Set to the list of 32-bit compatibility shared library paths to 3665use with 3666.Xr ldconfig 8 . 3667.It Va ldconfig_insecure 3668.Pq Vt bool 3669The 3670.Xr ldconfig 8 3671utility normally refuses to use directories 3672which are writable by anyone except root. 3673Set this variable to 3674.Dq Li YES 3675to disable that security check during system startup. 3676.It Va ldconfig_local_dirs 3677.Pq Vt str 3678Set to the list of local 3679.Xr ldconfig 8 3680directories. 3681The names of all files in the directories listed will be 3682passed as arguments to 3683.Xr ldconfig 8 . 3684.It Va ldconfig_local32_dirs 3685.Pq Vt str 3686Set to the list of local 32-bit compatibility 3687.Xr ldconfig 8 3688directories. 3689The names of all files in the directories listed will be 3690passed as arguments to 3691.Dq Nm ldconfig Fl 32 . 3692.It Va kern_securelevel_enable 3693.Pq Vt bool 3694Set to 3695.Dq Li YES 3696to set the kernel security level at system startup. 3697.It Va kern_securelevel 3698.Pq Vt int 3699The kernel security level to set at startup. 3700The allowed range of 3701.Ar value 3702ranges from \-1 (the compile time default) to 3 (the 3703most secure). 3704See 3705.Xr security 7 3706for the list of possible security levels and their effect 3707on system operation. 3708.It Va sshd_program 3709.Pq Vt str 3710Path to the SSH server program 3711.Pa ( /usr/sbin/sshd 3712is the default). 3713.It Va sshd_enable 3714.Pq Vt bool 3715Set to 3716.Dq Li YES 3717to start 3718.Xr sshd 8 3719at system boot time. 3720.It Va sshd_flags 3721.Pq Vt str 3722If 3723.Va sshd_enable 3724is set to 3725.Dq Li YES , 3726these are the flags to pass to the 3727.Xr sshd 8 3728daemon. 3729.It Va ftpd_program 3730.Pq Vt str 3731Path to the FTP server program 3732.Pa ( /usr/libexec/ftpd 3733is the default). 3734.It Va ftpd_enable 3735.Pq Vt bool 3736Set to 3737.Dq Li YES 3738to start 3739.Xr ftpd 8 3740as a stand-alone daemon at system boot time. 3741.It Va ftpd_flags 3742.Pq Vt str 3743If 3744.Va ftpd_enable 3745is set to 3746.Dq Li YES , 3747these are the additional flags to pass to the 3748.Xr ftpd 8 3749daemon. 3750.It Va watchdogd_enable 3751.Pq Vt bool 3752If set to 3753.Dq Li YES , 3754start the 3755.Xr watchdogd 8 3756daemon at boot time. 3757This requires that the kernel have been compiled with a 3758.Xr watchdog 4 3759compatible device. 3760.It Va watchdogd_flags 3761.Pq Vt str 3762If 3763.Va watchdogd_enable 3764is set to 3765.Dq Li YES , 3766these are the flags passed to the 3767.Xr watchdogd 8 3768daemon. 3769.It Va watchdogd_timeout 3770.Pq Vt int 3771If 3772.Va watchdogd_enable 3773is set to 3774.Dq Li YES , 3775this is a timeout that will be used by the 3776.Xr watchdogd 8 3777daemon. 3778If this option is set, it overrides 3779.Fl t 3780in 3781.Va watchdogd_flags . 3782.It Va watchdogd_shutdown_timeout 3783.Pq Vt int 3784If 3785.Va watchdogd_enable 3786is set to 3787.Dq Li YES , 3788this is a timeout that will be set by the 3789.Xr watchdogd 8 3790daemon when it exits during the system shutdown. 3791This timeout will not be set when returning to the single-user mode 3792or when the watchdogd service is stopped individually using the 3793.Xr service 8 3794command or the rc.d script. 3795Note that the timeout will be applied if 3796.Xr watchdogd 8 3797is stopped outside of 3798.Xr rc 8 3799framework. 3800If this option is set, it overrides 3801.Fl x 3802in 3803.Va watchdogd_flags . 3804.It Va devfs_rulesets 3805.Pq Vt str 3806List of files containing sets of rules for 3807.Xr devfs 8 . 3808.It Va devfs_system_ruleset 3809.Pq Vt str 3810Rule name(s) to apply to the system 3811.Pa /dev 3812itself. 3813.It Va devfs_set_rulesets 3814.Pq Vt str 3815Pairs of already-mounted 3816.Pa dev 3817directories and rulesets that should be applied to them. 3818For example: /mount/dev=ruleset_name 3819.It Va devfs_load_rulesets 3820.Pq Vt bool 3821If set, always load the default rulesets listed in 3822.Va devfs_rulesets . 3823.It Va performance_cx_lowest 3824.Pq Vt str 3825CPU idle state to use while on AC power. 3826The string 3827.Dq Li LOW 3828indicates that 3829.Xr acpi 4 3830should use the lowest power state available while 3831.Dq Li HIGH 3832indicates that the lowest latency state (less power savings) should be used. 3833.It Va performance_cpu_freq 3834.Pq Vt str 3835CPU clock frequency to use while on AC power. 3836The string 3837.Dq Li LOW 3838indicates that 3839.Xr cpufreq 4 3840should use the lowest frequency available while 3841.Dq Li HIGH 3842indicates that the highest frequency (less power savings) should be used. 3843.It Va economy_cx_lowest 3844.Pq Vt str 3845CPU idle state to use when off AC power. 3846The string 3847.Dq Li LOW 3848indicates that 3849.Xr acpi 4 3850should use the lowest power state available while 3851.Dq Li HIGH 3852indicates that the lowest latency state (less power savings) should be used. 3853.It Va economy_cpu_freq 3854.Pq Vt str 3855CPU clock frequency to use when off AC power. 3856The string 3857.Dq Li LOW 3858indicates that 3859.Xr cpufreq 4 3860should use the lowest frequency available while 3861.Dq Li HIGH 3862indicates that the highest frequency (less power savings) should be used. 3863.It Va jail_enable 3864.Pq Vt bool 3865If set to 3866.Dq Li NO , 3867any configured jails will not be started. 3868.It Va jail_conf 3869.Pq Vt str 3870The configuration filename used by 3871.Xr jail 8 3872utility. 3873The default value is 3874.Pa /etc/jail.conf . 3875.Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf 3876and 3877.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf 3878will also be used if 3879.Va Ao Ar jname Ac Va 3880is set in 3881.Va jail_list . 3882.It Va jail_parallel_start 3883.Pq Vt bool 3884If set to 3885.Dq Li YES , 3886all configured jails will be started in the background (in parallel). 3887.It Va jail_flags 3888.Pq Vt str 3889Unset by default. 3890When set, use as default value for 3891.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3892for every jail in 3893.Va jail_list . 3894.It Va jail_list 3895.Pq Vt str 3896A space-delimited list of jail names. 3897When left empty, all of the 3898.Xr jail 8 3899instances defined in the configuration file are started. 3900The names specified in this list control the jail startup order. 3901.Xr jail 8 3902instances missing from 3903.Va jail_list 3904must be started manually. 3905Note that a jail's 3906.Va depend 3907parameter in the configuration file may override this list. 3908.It Va jail_reverse_stop 3909.Pq Vt bool 3910When set to 3911.Dq Li YES , 3912all configured jails in 3913.Va jail_list 3914are stopped in reverse order. 3915.It Va jail_ Ns * variables 3916Note that older releases supported per-jail configuration via 3917.Nm 3918variables. 3919For example, 3920hostname of a jail named 3921.Li vjail 3922was able to be set by 3923.Li jail_vjail_hostname . 3924These per-jail configuration variables are now obsolete in favor of 3925.Xr jail 8 3926configuration file. 3927For backward compatibility, 3928when per-jail configuration variables are defined, 3929.Xr jail 8 3930configuration files are created as 3931.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 3932and used. 3933.Pp 3934The following per-jail parameters are handled by 3935.Pa rc.d/jail 3936script out of their corresponding 3937.Nm 3938variables. 3939In addition to them, parameters in 3940.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3941will be added to the configuration file. 3942They must be a semi-colon 3943.Pq Ql \&; 3944delimited list of 3945.Dq key=value . 3946For more details, 3947see 3948.Xr jail 8 3949manual page. 3950.Bl -tag -width "host.hostname" -offset indent 3951.It Li path 3952set from 3953.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3954.It Li host.hostname 3955set from 3956.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3957.It Li exec.consolelog 3958set from 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3960The default value is 3961.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3962.It Li interface 3963set from 3964.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3965.It Li vnet.interface 3966set from 3967.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3968This implies 3969.Li vnet 3970parameter will be enabled and cannot be specified with 3971.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3972.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3973and/or 3974.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3975at the same time. 3976.It Li fstab 3977set from 3978.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3979.It Li mount 3980set from 3981.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3982.It Li exec.fib 3983set from 3984.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3985.It Li exec.start 3986set from 3987.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3988The parameter name was 3989.Li command 3990in some older releases. 3991.It Li exec.prestart 3992set from 3993.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3994.It Li exec.poststart 3995set from 3996.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3997.It Li exec.stop 3998set from 3999.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4000.It Li exec.prestop 4001set from 4002.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4003.It Li exec.poststop 4004set from 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4006.It Li ip4.addr 4007set if 4008.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4009or 4010.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4011contain IPv4 addresses 4012.It Li ip6.addr 4013set if 4014.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4015or 4016.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4017contain IPv6 addresses 4018.It Li allow.mount 4019set from 4020.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4021.It Li mount.devfs 4022set from 4023.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4024.It Li devfs_ruleset 4025set from 4026.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4027This must be an integer, 4028not a string. 4029.It Li mount.fdescfs 4030set from 4031.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4032.It Li allow.set_hostname 4033set from 4034.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4035.It Li allow.rawsocket 4036set from 4037.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4038.It Li allow.sysvipc 4039set from 4040.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4041.El 4042.\" ----------------------------------------------------- 4043.It Va harvest_mask 4044.Pq Vt int 4045Set to a bit-mask 4046representing the entropy sources 4047you wish to harvest. 4048Refer to 4049.Xr random 4 4050for more information. 4051.It Va entropy_dir 4052.Pq Vt str 4053Set to 4054.Dq Li NO 4055to disable caching entropy via 4056.Xr cron 8 . 4057Otherwise set to the directory 4058in which the entropy files are stored. 4059To be useful, 4060there must be 4061a system cron job 4062that regularly writes and rotates 4063files here. 4064All files found 4065will be used at boot time. 4066The default is 4067.Pa /var/db/entropy . 4068.It Va entropy_file 4069.Pq Vt str 4070Set to 4071.Dq Li NO 4072to disable caching entropy through reboots. 4073Otherwise set to the name 4074of a file used to store cached entropy. 4075This file should be located 4076on a file system that is readable 4077before all the volumes specified in 4078.Xr fstab 5 4079are mounted. 4080By default, 4081.Pa /entropy 4082is used, 4083but if 4084.Pa /var/db/entropy-file 4085is found it will also be used. 4086This will be of some use to 4087.Xr bsdinstall 8 . 4088.It Va entropy_boot_file 4089.Pq Vt str 4090Set to 4091.Dq Li NO 4092to disable 4093very early caching entropy 4094through reboots. 4095Otherwise set to the filename 4096used to read 4097very early reboot cached entropy. 4098This file should be located where 4099.Xr loader 8 4100can read it. 4101See also 4102.Xr loader.conf 5 . 4103The default location is 4104.Pa /boot/entropy . 4105.It Va entropy_save_sz 4106.Pq Vt int 4107Size of the entropy cache files saved by 4108.Nm save-entropy 4109periodically. 4110.It Va entropy_save_num 4111.Pq Vt int 4112Number of entropy cache files to save by 4113.Nm save-entropy 4114periodically. 4115.It Va ipsec_enable 4116.Pq Vt bool 4117Set to 4118.Dq Li YES 4119to run 4120.Xr setkey 8 4121on 4122.Va ipsec_file 4123at boot time. 4124.It Va ipsec_file 4125.Pq Vt str 4126Configuration file for 4127.Xr setkey 8 . 4128.It Va dmesg_enable 4129.Pq Vt bool 4130Set to 4131.Dq Li YES 4132to save 4133.Xr dmesg 8 4134to 4135.Pa /var/run/dmesg.boot 4136on boot. 4137.It Va rcshutdown_timeout 4138.Pq Vt int 4139If set, start a watchdog timer in the background which will terminate 4140.Pa rc.shutdown 4141if 4142.Xr shutdown 8 4143has not completed within the specified time (in seconds). 4144Notice that in addition to this soft timeout, 4145.Xr init 8 4146also applies a hard timeout for the execution of 4147.Pa rc.shutdown . 4148This is configured via 4149.Xr sysctl 8 4150variable 4151.Va kern.init_shutdown_timeout 4152and defaults to 120 seconds. 4153Setting the value of 4154.Va rcshutdown_timeout 4155to more than 120 seconds will have no effect until the 4156.Xr sysctl 8 4157variable 4158.Va kern.init_shutdown_timeout 4159is also increased. 4160.It Va virecover_enable 4161.Pq Vt bool 4162Set to 4163.Dq Li NO 4164to prevent the system from trying to 4165recover pre-maturely terminated 4166.Xr vi 1 4167sessions. 4168.It Va ugidfw_enable 4169.Pq Vt bool 4170Set to 4171.Dq Li YES 4172to load the 4173.Xr mac_bsdextended 4 4174module upon system initialization and load a default 4175ruleset file. 4176.It Va bsdextended_script 4177.Pq Vt str 4178The default 4179.Xr mac_bsdextended 4 4180ruleset file to load. 4181The default value of this variable is 4182.Pa /etc/rc.bsdextended . 4183.It Va newsyslog_enable 4184.Pq Vt bool 4185If set to 4186.Dq Li YES , 4187run 4188.Xr newsyslog 8 4189command at startup. 4190.It Va newsyslog_flags 4191.Pq Vt str 4192If 4193.Va newsyslog_enable 4194is set to 4195.Dq Li YES , 4196these are the flags to pass to the 4197.Xr newsyslog 8 4198program. 4199The default is 4200.Dq Li -CN , 4201which causes log files flagged with a 4202.Cm C 4203to be created. 4204.It Va mdconfig_md Ns Aq Ar X 4205.Pq Vt str 4206Arguments to 4207.Xr mdconfig 8 4208for 4209.Xr md 4 4210device 4211.Ar X . 4212At minimum a 4213.Fl t Ar type 4214must be specified and either a 4215.Fl s Ar size 4216for malloc or swap backed 4217.Xr md 4 4218devices or a 4219.Fl f Ar file 4220for vnode backed 4221.Xr md 4 4222devices. 4223Note that 4224.Va mdconfig_md Ns Aq Ar X 4225variables are evaluated until one variable is unset or null. 4226.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4227.Pq Vt str 4228Optional arguments passed to 4229.Xr newfs 8 4230to initialize 4231.Xr md 4 4232device 4233.Ar X . 4234.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4235.Pq Vt str 4236An ownership specification passed to 4237.Xr chown 8 4238after the specified 4239.Xr md 4 4240device 4241.Ar X 4242has been mounted. 4243Both the 4244.Xr md 4 4245device and the mount point will be changed. 4246.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4247.Pq Vt str 4248A mode string passed to 4249.Xr chmod 1 4250after the specified 4251.Xr md 4 4252device 4253.Ar X 4254has been mounted. 4255Both the 4256.Xr md 4 4257device and the mount point will be changed. 4258.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4259.Pq Vt str 4260Files to be copied to the mount point of the 4261.Xr md 4 4262device 4263.Ar X 4264after it has been mounted. 4265.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4266.Pq Vt str 4267Command to execute after the specified 4268.Xr md 4 4269device 4270.Ar X 4271has been mounted. 4272Note that the command is passed to 4273.Ic eval 4274and that both 4275.Va _dev 4276and 4277.Va _mp 4278variables can be used to reference respectively the 4279.Xr md 4 4280device and the mount point. 4281Assuming that the 4282.Xr md 4 4283device is 4284.Li md0 , 4285one could set the following: 4286.Bd -literal 4287mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4288.Ed 4289.It Va autobridge_interfaces 4290.Pq Vt str 4291Set to the list of bridge interfaces that will have newly arriving interfaces 4292checked against to be automatically added. 4293If not set to 4294.Dq Li NO 4295then for each whitespace separated 4296.Ar element 4297in the value, a 4298.Va autobridge_ Ns Aq Ar element 4299variable is assumed to exist which has a whitespace separated list of interface 4300names to match, these names can use wildcards. 4301For example: 4302.Bd -literal 4303autobridge_interfaces="bridge0" 4304autobridge_bridge0="tap* dc0 vlan[345]" 4305.Ed 4306.It Va mixer_enable 4307.Pq Vt bool 4308If set to 4309.Dq Li YES , 4310enable support for sound mixer. 4311.It Va hcsecd_enable 4312.Pq Vt bool 4313If set to 4314.Dq Li YES , 4315enable Bluetooth security daemon. 4316.It Va hcsecd_config 4317.Pq Vt str 4318Configuration file for 4319.Xr hcsecd 8 . 4320Default 4321.Pa /etc/bluetooth/hcsecd.conf . 4322.It Va sdpd_enable 4323.Pq Vt bool 4324If set to 4325.Dq Li YES , 4326enable Bluetooth Service Discovery Protocol daemon. 4327.It Va sdpd_control 4328.Pq Vt str 4329Path to 4330.Xr sdpd 8 4331control socket. 4332Default 4333.Pa /var/run/sdp . 4334.It Va sdpd_groupname 4335.Pq Vt str 4336Sets 4337.Xr sdpd 8 4338group to run as after it initializes. 4339Default 4340.Dq Li nobody . 4341.It Va sdpd_username 4342.Pq Vt str 4343Sets 4344.Xr sdpd 8 4345user to run as after it initializes. 4346Default 4347.Dq Li nobody . 4348.It Va bthidd_enable 4349.Pq Vt bool 4350If set to 4351.Dq Li YES , 4352enable Bluetooth Human Interface Device daemon. 4353.It Va bthidd_config 4354.Pq Vt str 4355Configuration file for 4356.Xr bthidd 8 . 4357Default 4358.Pa /etc/bluetooth/bthidd.conf . 4359.It Va bthidd_hids 4360.Pq Vt str 4361Path to a file, where 4362.Xr bthidd 8 4363will store information about known HID devices. 4364Default 4365.Pa /var/db/bthidd.hids . 4366.It Va rfcomm_pppd_server_enable 4367.Pq Vt bool 4368If set to 4369.Dq Li YES , 4370enable Bluetooth RFCOMM PPP wrapper daemon. 4371.It Va rfcomm_pppd_server_profile 4372.Pq Vt str 4373The name of the profile to use from 4374.Pa /etc/ppp/ppp.conf . 4375Multiple profiles can be specified here. 4376Also used to specify per-profile overrides. 4377When the profile name contains any of the characters 4378.Dq Li .-/+ 4379they are translated to 4380.Dq Li _ 4381for the proposes of the override variable names. 4382.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4383.Pq Vt str 4384Overrides local address to listen on. 4385By default 4386.Xr rfcomm_pppd 8 4387will listen on 4388.Dq Li ANY 4389address. 4390The address can be specified as BD_ADDR or name. 4391.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4392.Pq Vt str 4393Overrides local RFCOMM channel to listen on. 4394By default 4395.Xr rfcomm_pppd 8 4396will listen on RFCOMM channel 1. 4397Must set properly if multiple profiles used in the same time. 4398.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4399.Pq Vt bool 4400Tells 4401.Xr rfcomm_pppd 8 4402if it should register Serial Port service on the specified RFCOMM channel. 4403Default 4404.Dq Li NO . 4405.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4406.Pq Vt bool 4407Tells 4408.Xr rfcomm_pppd 8 4409if it should register Dial-Up Networking service on the specified 4410RFCOMM channel. 4411Default 4412.Dq Li NO . 4413.It Va ubthidhci_enable 4414.Pq Vt bool 4415If set to 4416.Dq Li YES , 4417change the USB Bluetooth controller from HID mode to HCI mode. 4418You also need to specify the location of USB Bluetooth controller with the 4419.Va ubthidhci_busnum 4420and 4421.Va ubthidhci_addr 4422variables. 4423.It Va ubthidhci_busnum 4424Bus number where the USB Bluetooth controller is located. 4425Check the output of 4426.Xr usbconfig 8 4427on your system to find this information. 4428.It Va ubthidhci_addr 4429Bus address of the USB Bluetooth controller. 4430Check the output of 4431.Xr usbconfig 8 4432on your system to find this information. 4433.It Va netwait_enable 4434.Pq Vt bool 4435If set to 4436.Dq Li YES , 4437delays the start of network-reliant services until 4438.Va netwait_if 4439is up and ICMP packets to a destination defined in 4440.Va netwait_ip 4441are flowing. 4442Link state is examined first, followed by 4443.Dq Li pinging 4444an IP address to verify network usability. 4445If no destination can be reached or timeouts are exceeded, 4446network services are started anyway with no guarantee that 4447the network is usable. 4448Use of this variable requires both 4449.Va netwait_ip 4450and 4451.Va netwait_if 4452to be set. 4453.It Va netwait_ip 4454.Pq Vt str 4455Empty by default. 4456This variable contains a space-delimited list of IP addresses to 4457.Xr ping 8 . 4458DNS hostnames should not be used as resolution is not guaranteed 4459to be functional at this point. 4460If multiple IP addresses are specified, 4461each will be tried until one is successful or the list is exhausted. 4462.It Va netwait_timeout 4463.Pq Vt int 4464Indicates the total number of seconds to perform a 4465.Dq Li ping 4466against each IP address in 4467.Va netwait_ip , 4468at a rate of one ping per second. 4469If any of the pings are successful, 4470full network connectivity is considered reliable. 4471The default is 60. 4472.It Va netwait_if 4473.Pq Vt str 4474Empty by default. 4475Defines the name of the network interface on which watch for link. 4476.Xr ifconfig 8 4477is used to monitor the interface, looking for 4478.Dq Li status: no carrier . 4479Once gone, the link is considered up. 4480This can be a 4481.Xr vlan 4 4482interface if desired. 4483.It Va netwait_if_timeout 4484.Pq Vt int 4485Defines the total number of seconds to wait for link to become usable, 4486polled at a 1-second interval. 4487The default is 30. 4488.It Va rctl_enable 4489.Pq Vt bool 4490If set to 4491.Dq Li YES , 4492load 4493.Xr rctl 8 4494rules from the defined ruleset. 4495The kernel must be built with 4496.Cd "options RACCT" 4497and 4498.Cd "options RCTL" . 4499.It Va rctl_rules 4500.Pq Vt str 4501Set to 4502.Pa /etc/rctl.conf 4503by default. 4504This variables contains the 4505.Xr rctl.conf 5 4506ruleset to load for 4507.Xr rctl 8 . 4508.It Va iovctl_files 4509.Pq Vt str 4510A space-separated list of configuration files used by 4511.Xr iovctl 8 . 4512The default value is an empty string. 4513.It Va autofs_enable 4514.Pq Vt bool 4515If set to 4516.Dq Li YES , 4517start the 4518.Xr automount 8 4519utility and the 4520.Xr automountd 8 4521and 4522.Xr autounmountd 8 4523daemons at boot time. 4524.It Va automount_flags 4525.Pq Vt str 4526If 4527.Va autofs_enable 4528is set to 4529.Dq Li YES , 4530these are the flags to pass to the 4531.Xr automount 8 4532program. 4533By default no flags are passed. 4534.It Va automountd_flags 4535.Pq Vt str 4536If 4537.Va autofs_enable 4538is set to 4539.Dq Li YES , 4540these are the flags to pass to the 4541.Xr automountd 8 4542daemon. 4543By default no flags are passed. 4544.It Va autounmountd_flags 4545.Pq Vt str 4546If 4547.Va autofs_enable 4548is set to 4549.Dq Li YES , 4550these are the flags to pass to the 4551.Xr autounmountd 8 4552daemon. 4553By default no flags are passed. 4554.It Va ctld_enable 4555.Pq Vt bool 4556If set to 4557.Dq Li YES , 4558start the 4559.Xr ctld 8 4560daemon at boot time. 4561.It Va iscsid_enable 4562.Pq Vt bool 4563If set to 4564.Dq Li YES , 4565start the 4566.Xr iscsid 8 4567daemon at boot time. 4568.It Va iscsictl_enable 4569.Pq Vt bool 4570If set to 4571.Dq Li YES , 4572start the 4573.Xr iscsictl 8 4574utility at boot time. 4575.It Va iscsictl_flags 4576.Pq Vt str 4577If 4578.Va iscsictl_enable 4579is set to 4580.Dq Li YES , 4581these are the flags to pass to the 4582.Xr iscsictl 8 4583program. 4584The default is 4585.Dq Li -Aa , 4586which configures sessions based on the 4587.Pa /etc/iscsi.conf 4588configuration file. 4589.It Va cfumass_enable 4590.Pq Vt bool 4591If set to 4592.Dq Li YES , 4593create and export an USB LUN using 4594.Xr cfumass 4 4595at boot time. 4596.It Va cfumass_dir 4597.Pq Vt str 4598The directory where the files exported by USB LUN are located. 4599The default directory is 4600.Pa /var/cfumass . 4601.It Va service_delete_empty 4602.Pq Vt bool 4603If set to 4604.Dq Li YES , 4605.Ql Li service delete 4606removes empty 4607.Dq Li rc.conf.d 4608files. 4609.It Va zfs_bootonce_activate 4610.Pq Vt bool 4611If set to 4612.Dq Li YES , 4613and a boot environment marked bootonce is successfully booted, 4614it will be made permanently active. 4615.El 4616.Sh FILES 4617.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4618.It Pa /etc/defaults/rc.conf 4619.It Pa /etc/defaults/vendor.conf 4620.It Pa /etc/rc.conf 4621.It Pa /etc/rc.conf.local 4622.El 4623.Sh SEE ALSO 4624.Xr chmod 1 , 4625.Xr gdb 1 , 4626.Xr info 1 , 4627.Xr kbdcontrol 1 , 4628.Xr sh 1 , 4629.Xr vi 1 , 4630.Xr vidcontrol 1 , 4631.Xr bridge 4 , 4632.Xr dummynet 4 , 4633.Xr ip 4 , 4634.Xr ipf 4 , 4635.Xr ipfw 4 , 4636.Xr ipnat 4 , 4637.Xr kld 4 , 4638.Xr pf 4 , 4639.Xr pflog 4 , 4640.Xr pfsync 4 , 4641.Xr tcp 4 , 4642.Xr udp 4 , 4643.Xr exports 5 , 4644.Xr fstab 5 , 4645.Xr ipf 5 , 4646.Xr ipnat 5 , 4647.Xr jail.conf 5 , 4648.Xr loader.conf 5 , 4649.Xr motd 5 , 4650.Xr newsyslog.conf 5 , 4651.Xr pf.conf 5 , 4652.Xr firewall 7 , 4653.Xr growfs 7 , 4654.Xr security 7 , 4655.Xr tuning 7 , 4656.Xr accton 8 , 4657.Xr apm 8 , 4658.Xr bsdinstall 8 , 4659.Xr bthidd 8 , 4660.Xr chkprintcap 8 , 4661.Xr chown 8 , 4662.Xr cron 8 , 4663.Xr devfs 8 , 4664.Xr dhclient 8 , 4665.Xr ftpd 8 , 4666.Xr geli 8 , 4667.Xr hcsecd 8 , 4668.Xr ifconfig 8 , 4669.Xr inetd 8 , 4670.Xr iovctl 8 , 4671.Xr ipf 8 , 4672.Xr ipfw 8 , 4673.Xr ipnat 8 , 4674.Xr jail 8 , 4675.Xr kldxref 8 , 4676.Xr loader 8 , 4677.Xr lpd 8 , 4678.Xr makewhatis 8 , 4679.Xr mdconfig 8 , 4680.Xr mdmfs 8 , 4681.Xr mixer 8 , 4682.Xr mountd 8 , 4683.Xr moused 8 , 4684.Xr newfs 8 , 4685.Xr newsyslog 8 , 4686.Xr nfsd 8 , 4687.Xr ntpd 8 , 4688.Xr ntpdate 8 , 4689.Xr pfctl 8 , 4690.Xr pflogd 8 , 4691.Xr ping 8 , 4692.Xr powerd 8 , 4693.Xr quotacheck 8 , 4694.Xr quotaon 8 , 4695.Xr rc 8 , 4696.Xr rc.sendmail 8 , 4697.Xr rcorder 8 , 4698.Xr rfcomm_pppd 8 , 4699.Xr route 8 , 4700.Xr routed 8 , 4701.Xr rpc.lockd 8 , 4702.Xr rpc.statd 8 , 4703.Xr rpc.tlsclntd 8 , 4704.Xr rpc.tlsservd 8 , 4705.Xr rpcbind 8 , 4706.Xr rwhod 8 , 4707.Xr savecore 8 , 4708.Xr sdpd 8 , 4709.Xr service 8 , 4710.Xr sshd 8 , 4711.Xr swapon 8 , 4712.Xr sysctl 8 , 4713.Xr syslogd 8 , 4714.Xr sysrc 8 , 4715.Xr unbound 8 , 4716.Xr usbconfig 8 , 4717.Xr wlandebug 8 , 4718.Xr yp 8 , 4719.Xr ypbind 8 , 4720.Xr ypserv 8 , 4721.Xr ypset 8 4722.Sh HISTORY 4723The 4724.Nm 4725file appeared in 4726.Fx 2.2.2 . 4727.Sh AUTHORS 4728.An Jordan K. Hubbard . 4729