1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd April 10, 2009 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va ddb_enable 168.Pq Vt bool 169Run 170.Xr ddb 8 171to install 172.Xr ddb 4 173scripts at boot time. 174.It Va ddb_config 175.Pq Vt str 176Configuration file for 177.Xr ddb 8 . 178Default 179.Pa /etc/ddb.conf . 180.It Va kldxref_enable 181.Pq Vt bool 182Set to 183.Dq Li NO 184by default. 185Set to 186.Dq Li YES 187to automatically rebuild 188.Pa linker.hints 189files with 190.Xr kldxref 8 191at boot time. 192.It Va kldxref_clobber 193.Pq Vt bool 194Set to 195.Dq Li NO 196by default. 197If 198.Va kldxref_enable 199is true, 200setting to 201.Dq Li YES 202will overwrite existing 203.Pa linker.hints 204files at boot time. 205Otherwise, 206only missing 207.Pa linker.hints 208files are generated. 209.It Va kldxref_module_path 210.Pq Vt str 211Empty by default. 212A semi-colon 213.Pq Ql \&; 214delimited list of paths containing 215.Xr kld 4 216modules. 217If empty, 218the contents of the 219.Va kern.module_path 220.Xr sysctl 8 221are used. 222.It Va powerd_enable 223.Pq Vt bool 224If set to 225.Dq Li YES , 226enable the system power control facility with the 227.Xr powerd 8 228daemon. 229.It Va powerd_flags 230.Pq Vt str 231If 232.Va powerd_enable 233is set to 234.Dq Li YES , 235these are the flags to pass to the 236.Xr powerd 8 237daemon. 238.It Va tmpmfs 239Controls the creation of a 240.Pa /tmp 241memory file system. 242Always happens if set to 243.Dq Li YES 244and never happens if set to 245.Dq Li NO . 246If set to anything else, a memory file system is created if 247.Pa /tmp 248is not writable. 249.It Va tmpsize 250Controls the size of a created 251.Pa /tmp 252memory file system. 253.It Va tmpmfs_flags 254Extra options passed to the 255.Xr mdmfs 8 256utility when the memory file system for 257.Pa /tmp 258is created. 259The default is 260.Dq Li "-S" , 261which inhibits the use of softupdates on 262.Pa /tmp 263so that file system space is freed without delay 264after file truncation or deletion. 265See 266.Xr mdmfs 8 267for other options you can use in 268.Va tmpmfs_flags . 269.It Va varmfs 270Controls the creation of a 271.Pa /var 272memory file system. 273Always happens if set to 274.Dq Li YES 275and never happens if set to 276.Dq Li NO . 277If set to anything else, a memory file system is created if 278.Pa /var 279is not writable. 280.It Va varsize 281Controls the size of a created 282.Pa /var 283memory file system. 284.It Va varmfs_flags 285Extra options passed to the 286.Xr mdmfs 8 287utility when the memory file system for 288.Pa /var 289is created. 290The default is 291.Dq Li "-S" , 292which inhibits the use of softupdates on 293.Pa /var 294so that file system space is freed without delay 295after file truncation or deletion. 296See 297.Xr mdmfs 8 298for other options you can use in 299.Va varmfs_flags . 300.It Va populate_var 301Controls the automatic population of the 302.Pa /var 303file system. 304Always happens if set to 305.Dq Li YES 306and never happens if set to 307.Dq Li NO . 308If set to anything else, a memory file system is created if 309.Pa /var 310is not writable. 311Note that this process requires access to certain commands in 312.Pa /usr 313before 314.Pa /usr 315is mounted on normal systems. 316.It Va cleanvar_enable 317.Pq Vt bool 318Clean the 319.Pa /var 320directory. 321.It Va local_startup 322.Pq Vt str 323List of directories to search for startup script files. 324.It Va script_name_sep 325.Pq Vt str 326The field separator to use for breaking down the list of startup script files 327into individual filenames. 328The default is a space. 329It is not necessary to change this unless there are startup scripts with names 330containing spaces. 331.It Va hostapd_enable 332.Pq Vt bool 333Set to 334.Dq Li YES 335to start 336.Xr hostapd 8 337at system boot time. 338.It Va hostname 339.Pq Vt str 340The fully qualified domain name (FQDN) of this host on the network. 341This should almost certainly be set to something meaningful, even if 342there is no network connection. 343If 344.Xr dhclient 8 345is used to set the hostname via DHCP, 346this variable should be set to an empty string. 347.It Va ipv6_enable 348.Pq Vt bool 349Enable support for IPv6 networking. 350Note that this requires that the kernel has been compiled with 351.Cd "options INET6" . 352.It Va nisdomainname 353.Pq Vt str 354The NIS domain name of this host, or 355.Dq Li NO 356if NIS is not used. 357.It Va dhclient_program 358.Pq Vt str 359Path to the DHCP client program 360.Pa ( /sbin/dhclient , 361the 362.Ox 363DHCP client, 364is the default). 365.It Va dhclient_flags 366.Pq Vt str 367Additional flags to pass to the DHCP client program. 368For the 369.Ox 370DHCP client, see the 371.Xr dhclient 8 372manpage for a description of the command line options available. 373.It Va dhclient_flags_ Ns Aq Ar iface 374Additional flags to pass to the DHCP client program running on 375.Ar iface 376only. 377When specified, this variable overrides 378.Va dhclient_flags . 379.It Va background_dhclient 380.Pq Vt bool 381Set to 382.Dq Li YES 383to start the DHCP client in background. 384This can cause trouble with applications depending on 385a working network, but it will provide a faster startup 386in many cases. 387.It Va background_dhclient_ Ns Aq Ar iface 388When specified, this variable overrides the 389.Va background_dhclient 390variable for interface 391.Ar iface 392only. 393.It Va synchronous_dhclient 394.Pq Bt bool 395Set to 396.Dq Li YES 397to start 398.Xr dhclient 8 399synchronously at startup. 400This behavior can be overridden on a per-interface basis by replacing 401the 402.Dq Li DHCP 403keyword in the 404.Va ifconfig_ Ns Aq Ar interface 405variable with 406.Dq Li SYNCDHCP 407or 408.Dq Li NOSYNCDHCP . 409.It Va defaultroute_delay 410.Pq Vt int 411When set to a positive value, wait up to this long after configuring 412DHCP interfaces at startup to give the interfaces time to receive a lease. 413.It Va firewall_enable 414.Pq Vt bool 415Set to 416.Dq Li YES 417to load firewall rules at startup. 418If the kernel was not built with 419.Cd "options IPFIREWALL" , 420the 421.Pa ipfw.ko 422kernel module will be loaded. 423See also 424.Va ipfilter_enable . 425.It Va ipv6_firewall_enable 426.Pq Vt bool 427The IPv6 equivalent of 428.Va firewall_enable . 429Set to 430.Dq Li YES 431to load IPv6 firewall rules at startup. 432If the kernel was not built with 433.Cd "options IPV6FIREWALL" , 434the 435.Pa ipfw.ko 436kernel module will be loaded. 437.It Va firewall_script 438.Pq Vt str 439This variable specifies the full path to the firewall script to run. 440The default is 441.Pa /etc/rc.firewall . 442.It Va ipv6_firewall_script 443.Pq Vt str 444The IPv6 equivalent of 445.Va firewall_script . 446.It Va firewall_type 447.Pq Vt str 448Names the firewall type from the selection in 449.Pa /etc/rc.firewall , 450or the file which contains the local firewall ruleset. 451Valid selections from 452.Pa /etc/rc.firewall 453are: 454.Pp 455.Bl -tag -width ".Li simple" -compact 456.It Li open 457unrestricted IP access 458.It Li closed 459all IP services disabled, except via 460.Dq Li lo0 461.It Li client 462basic protection for a workstation 463.It Li simple 464basic protection for a LAN. 465.El 466.Pp 467If a filename is specified, the full path 468must be given. 469.It Va ipv6_firewall_type 470.Pq Vt str 471The IPv6 equivalent of 472.Va firewall_type . 473.It Va firewall_quiet 474.Pq Vt bool 475Set to 476.Dq Li YES 477to disable the display of firewall rules on the console during boot. 478.It Va ipv6_firewall_quiet 479.Pq Vt bool 480The IPv6 equivalent of 481.Va firewall_quiet . 482.It Va firewall_logging 483.Pq Vt bool 484Set to 485.Dq Li YES 486to enable firewall event logging. 487This is equivalent to the 488.Dv IPFIREWALL_VERBOSE 489kernel option. 490.It Va ipv6_firewall_logging 491.Pq Vt bool 492The IPv6 equivalent of 493.Va firewall_logging . 494.It Va firewall_flags 495.Pq Vt str 496Flags passed to 497.Xr ipfw 8 498if 499.Va firewall_type 500specifies a filename. 501.It Va ipv6_firewall_flags 502.Pq Vt str 503The IPv6 equivalent of 504.Va firewall_flags . 505.\" ----- firewall_nat_enable setting -------------------------------- 506.It Va firewall_nat_enable 507.Pq Vt bool 508The 509.Xr ipfw 8 510equivalent of 511.Va natd_enable . 512Setting this to 513.Dq Li YES 514enables kernel NAT. 515.Va firewall_enable 516must also be set to 517.Dq Li YES . 518.It Va firewall_nat_interface 519.Pq Vt str 520The 521.Xr ipfw 8 522equivalent of 523.Va natd_interface . 524This is the name of the public interface or IP address on which 525kernel NAT should run. 526.It Va firewall_nat_flags 527.Pq Vt str 528Additional configuration parameters for kernel NAT should be placed here. 529.It Va dummynet_enable 530.Pq Vt bool 531Setting this to 532.Dq Li YES 533will automatically load the 534.Xr dummynet 4 535module if 536.Va firewall_enable 537is also set to 538.Dq Li YES . 539.\" ------------------------------------------------------------------- 540.It Va natd_program 541.Pq Vt str 542Path to 543.Xr natd 8 . 544.It Va natd_enable 545.Pq Vt bool 546Set to 547.Dq Li YES 548to enable 549.Xr natd 8 . 550.Va firewall_enable 551must also be set to 552.Dq Li YES , 553and 554.Xr divert 4 555sockets must be enabled in the kernel. 556If the kernel was not built with 557.Cd "options IPDIVERT" , 558the 559.Pa ipdivert.ko 560kernel module will be loaded. 561.It Va natd_interface 562.Pq Vt str 563This is the name of the public interface on which 564.Xr natd 8 565should run. 566The interface may be given as an interface name or as an IP address. 567.It Va natd_flags 568.Pq Vt str 569Additional 570.Xr natd 8 571flags should be placed here. 572The 573.Fl n 574or 575.Fl a 576flag is automatically added with the above 577.Va natd_interface 578as an argument. 579.\" ----- ipfilter_enable setting -------------------------------- 580.It Va ipfilter_enable 581.Pq Vt bool 582Set to 583.Dq Li NO 584by default. 585Setting this to 586.Dq Li YES 587enables 588.Xr ipf 8 589packet filtering. 590.Pp 591Typical usage will require putting 592.Bd -literal 593ipfilter_enable="YES" 594ipnat_enable="YES" 595ipmon_enable="YES" 596ipfs_enable="YES" 597.Ed 598.Pp 599into 600.Pa /etc/rc.conf 601and editing 602.Pa /etc/ipf.rules 603and 604.Pa /etc/ipnat.rules 605appropriately. 606.Pp 607Note that 608.Va ipfilter_enable 609and 610.Va ipnat_enable 611can be enabled independently. 612.Va ipmon_enable 613and 614.Va ipfs_enable 615both require at least one of 616.Va ipfilter_enable 617and 618.Va ipnat_enable 619to be enabled. 620.Pp 621Having 622.Bd -literal 623options IPFILTER 624options IPFILTER_LOG 625options IPFILTER_DEFAULT_BLOCK 626.Ed 627.Pp 628in the kernel configuration file is a good idea, too. 629.\" ----- ipfilter_program setting ------------------------------ 630.It Va ipfilter_program 631.Pq Vt str 632Path to 633.Xr ipf 8 634(default 635.Pa /sbin/ipf ) . 636.\" ----- ipfilter_rules setting -------------------------------- 637.It Va ipfilter_rules 638.Pq Vt str 639Set to 640.Pa /etc/ipf.rules 641by default. 642This variable contains the name of the filter rule definition file. 643The file is expected to be readable for the 644.Xr ipf 8 645command to execute. 646.\" ----- ipv6_ipfilter_rules setting --------------------------- 647.It Va ipv6_ipfilter_rules 648.Pq Vt str 649Set to 650.Pa /etc/ipf6.rules 651by default. 652This variable contains the IPv6 filter rule definition file. 653The file is expected to be readable for the 654.Xr ipf 8 655command to execute. 656.\" ----- ipfilter_flags setting -------------------------------- 657.It Va ipfilter_flags 658.Pq Vt str 659Empty by default. 660This variable contains flags passed to the 661.Xr ipf 8 662program. 663.\" ----- ipnat_enable setting ---------------------------------- 664.It Va ipnat_enable 665.Pq Vt bool 666Set to 667.Dq Li NO 668by default. 669Set it to 670.Dq Li YES 671to enable 672.Xr ipnat 8 673network address translation. 674See 675.Va ipfilter_enable 676for a detailed discussion. 677.\" ----- ipnat_program setting --------------------------------- 678.It Va ipnat_program 679.Pq Vt str 680Path to 681.Xr ipnat 8 682(default 683.Pa /sbin/ipnat ) . 684.\" ----- ipnat_rules setting ----------------------------------- 685.It Va ipnat_rules 686.Pq Vt str 687Set to 688.Pa /etc/ipnat.rules 689by default. 690This variable contains the name of the file 691holding the network address translation definition. 692This file is expected to be readable for the 693.Xr ipnat 8 694command to execute. 695.\" ----- ipnat_flags setting ----------------------------------- 696.It Va ipnat_flags 697.Pq Vt str 698Empty by default. 699This variable contains flags passed to the 700.Xr ipnat 8 701program. 702.\" ----- ipmon_enable setting ---------------------------------- 703.It Va ipmon_enable 704.Pq Vt bool 705Set to 706.Dq Li NO 707by default. 708Set it to 709.Dq Li YES 710to enable 711.Xr ipmon 8 712monitoring (logging 713.Xr ipf 8 714and 715.Xr ipnat 8 716events). 717Setting this variable needs setting 718.Va ipfilter_enable 719or 720.Va ipnat_enable 721too. 722See 723.Va ipfilter_enable 724for a detailed discussion. 725.\" ----- ipmon_program setting --------------------------------- 726.It Va ipmon_program 727.Pq Vt str 728Path to 729.Xr ipmon 8 730(default 731.Pa /sbin/ipmon ) . 732.\" ----- ipmon_flags setting ----------------------------------- 733.It Va ipmon_flags 734.Pq Vt str 735Set to 736.Dq Li -Ds 737by default. 738This variable contains flags passed to the 739.Xr ipmon 8 740program. 741Another typical example would be 742.Dq Fl D Pa /var/log/ipflog 743to have 744.Xr ipmon 8 745log directly to a file bypassing 746.Xr syslogd 8 . 747Make sure to adjust 748.Pa /etc/newsyslog.conf 749in such case like this: 750.Bd -literal 751/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 752.Ed 753.\" ----- ipfs_enable setting ----------------------------------- 754.It Va ipfs_enable 755.Pq Vt bool 756Set to 757.Dq Li NO 758by default. 759Set it to 760.Dq Li YES 761to enable 762.Xr ipfs 8 763saving the filter and NAT state tables during shutdown 764and reloading them during startup again. 765Setting this variable needs setting 766.Va ipfilter_enable 767or 768.Va ipnat_enable 769to 770.Dq Li YES 771too. 772See 773.Va ipfilter_enable 774for a detailed discussion. 775Note that if 776.Va kern_securelevel 777is set to 3, 778.Va ipfs_enable 779cannot be used 780because the raised securelevel will prevent 781.Xr ipfs 8 782from saving the state tables at shutdown time. 783.\" ----- ipfs_program setting ---------------------------------- 784.It Va ipfs_program 785.Pq Vt str 786Path to 787.Xr ipfs 8 788(default 789.Pa /sbin/ipfs ) . 790.\" ----- ipfs_flags setting ------------------------------------ 791.It Va ipfs_flags 792.Pq Vt str 793Empty by default. 794This variable contains flags passed to the 795.Xr ipfs 8 796program. 797.\" ----- end of added ipf hook --------------------------------- 798.It Va pf_enable 799.Pq Vt bool 800Set to 801.Dq Li NO 802by default. 803Setting this to 804.Dq Li YES 805enables 806.Xr pf 4 807packet filtering. 808.Pp 809Typical usage will require putting 810.Pp 811.Dl pf_enable="YES" 812.Pp 813into 814.Pa /etc/rc.conf 815and editing 816.Pa /etc/pf.conf 817appropriately. 818Adding 819.Pp 820.Dl "device pf" 821.Pp 822builds support for 823.Xr pf 4 824into the kernel, otherwise the 825kernel module will be loaded. 826.It Va pf_rules 827.Pq Vt str 828Path to 829.Xr pf 4 830ruleset configuration file 831(default 832.Pa /etc/pf.conf ) . 833.It Va pf_program 834.Pq Vt str 835Path to 836.Xr pfctl 8 837(default 838.Pa /sbin/pfctl ) . 839.It Va pf_flags 840.Pq Vt str 841If 842.Va pf_enable 843is set to 844.Dq Li YES , 845these flags are passed to the 846.Xr pfctl 8 847program when loading the ruleset. 848.It Va pflog_enable 849.Pq Vt bool 850Set to 851.Dq Li NO 852by default. 853Setting this to 854.Dq Li YES 855enables 856.Xr pflogd 8 857which logs packets from the 858.Xr pf 4 859packet filter. 860.It Va pflog_logfile 861.Pq Vt str 862If 863.Va pflog_enable 864is set to 865.Dq Li YES 866this controls where 867.Xr pflogd 8 868stores the logfile 869(default 870.Pa /var/log/pflog ) . 871Check 872.Pa /etc/newsyslog.conf 873to adjust logfile rotation for this. 874.It Va pflog_program 875.Pq Vt str 876Path to 877.Xr pflogd 8 878(default 879.Pa /sbin/pflogd ) . 880.It Va pflog_flags 881.Pq Vt str 882Empty by default. 883This variable contains additional flags passed to the 884.Xr pflogd 8 885program. 886.It Va ftpproxy_enable 887.Pq Vt bool 888Set to 889.Dq Li NO 890by default. 891Setting this to 892.Dq Li YES 893enables 894.Xr ftp-proxy 8 895which supports the 896.Xr pf 4 897packet filter in translating ftp connections. 898.It Va ftpproxy_flags 899.Pq Vt str 900Empty by default. 901This variable contains additional flags passed to the 902.Xr ftp-proxy 8 903program. 904.It Va pfsync_enable 905.Pq Vt bool 906Set to 907.Dq Li NO 908by default. 909Setting this to 910.Dq Li YES 911enables exposing 912.Xr pf 4 913state changes to other hosts over the network by means of 914.Xr pfsync 4 . 915The 916.Va pfsync_syncdev 917variable 918must also be set then. 919.It Va pfsync_syncdev 920.Pq Vt str 921Empty by default. 922This variable specifies the name of the network interface 923.Xr pfsync 4 924should operate through. 925It must be set accordingly if 926.Va pfsync_enable 927is set to 928.Dq Li YES . 929.It Va pfsync_syncpeer 930.Pq Vt str 931Empty by default. 932This variable is optional. 933By default, state change messages are sent out on the synchronisation 934interface using IP multicast packets. 935The protocol is IP protocol 240, PFSYNC, and the multicast group used is 936224.0.0.240. 937When a peer address is specified using the 938.Va pfsync_syncpeer 939option, the peer address is used as a destination for the pfsync 940traffic, and the traffic can then be protected using 941.Xr ipsec 4 . 942See the 943.Xr pfsync 4 944manpage for more details about using 945.Xr ipsec 4 946with 947.Xr pfsync 4 948interfaces. 949.It Va pfsync_ifconfig 950.Pq Vt str 951Empty by default. 952This variable can contain additional options to be passed to the 953.Xr ifconfig 8 954command used to set up 955.Xr pfsync 4 . 956.It Va tcp_extensions 957.Pq Vt bool 958Set to 959.Dq Li YES 960by default. 961Setting this to 962.Dq Li NO 963disables certain TCP options as described by 964.Rs 965.%T "RFC 1323" 966.Re 967Setting this to 968.Dq Li NO 969might help remedy such problems with connections as randomly hanging 970or other weird behavior. 971Some network devices are known 972to be broken with respect to these options. 973.It Va log_in_vain 974.Pq Vt int 975Set to 0 by default. 976The 977.Xr sysctl 8 978variables, 979.Va net.inet.tcp.log_in_vain 980and 981.Va net.inet.udp.log_in_vain , 982as described in 983.Xr tcp 4 984and 985.Xr udp 4 , 986are set to the given value. 987.It Va tcp_keepalive 988.Pq Vt bool 989Set to 990.Dq Li YES 991by default. 992Setting to 993.Dq Li NO 994will disable probing idle TCP connections to verify that the 995peer is still up and reachable. 996.It Va tcp_drop_synfin 997.Pq Vt bool 998Set to 999.Dq Li NO 1000by default. 1001Setting to 1002.Dq Li YES 1003will cause the kernel to ignore TCP frames that have both 1004the SYN and FIN flags set. 1005This prevents OS fingerprinting, but may 1006break some legitimate applications. 1007.It Va icmp_drop_redirect 1008.Pq Vt bool 1009Set to 1010.Dq Li NO 1011by default. 1012Setting to 1013.Dq Li YES 1014will cause the kernel to ignore ICMP REDIRECT packets. 1015Refer to 1016.Xr icmp 4 1017for more information. 1018.It Va icmp_log_redirect 1019.Pq Vt bool 1020Set to 1021.Dq Li NO 1022by default. 1023Setting to 1024.Dq Li YES 1025will cause the kernel to log ICMP REDIRECT packets. 1026Note that 1027the log messages are not rate-limited, so this option should only be used 1028for troubleshooting networks. 1029Refer to 1030.Xr icmp 4 1031for more information. 1032.It Va icmp_bmcastecho 1033.Pq Vt bool 1034Set to 1035.Dq Li YES 1036to respond to broadcast or multicast ICMP ping packets. 1037Refer to 1038.Xr icmp 4 1039for more information. 1040.It Va ip_portrange_first 1041.Pq Vt int 1042If not set to 1043.Dq Li NO , 1044this is the first port in the default portrange. 1045Refer to 1046.Xr ip 4 1047for more information. 1048.It Va ip_portrange_last 1049.Pq Vt int 1050If not set to 1051.Dq Li NO , 1052this is the last port in the default portrange. 1053Refer to 1054.Xr ip 4 1055for more information. 1056.It Va network_interfaces 1057.Pq Vt str 1058Set to the list of network interfaces to configure on this host or 1059.Dq Li AUTO 1060(the default) for all current interfaces. 1061Setting the 1062.Va network_interfaces 1063variable to anything other than the default is deprecated. 1064Interfaces that the administrator wishes to store configuration for, 1065but not start at boot should be configured with the 1066.Dq Li NOAUTO 1067keyword in their 1068.Va ifconfig_ Ns Aq Ar interface 1069variables as described below. 1070.Pp 1071An 1072.Va ifconfig_ Ns Aq Ar interface 1073variable is also assumed to exist for each value of 1074.Ar interface . 1075When an interface name contains any of the characters 1076.Dq Li .-/+ 1077they are translated to 1078.Dq Li _ 1079before lookup. 1080The variable can contain arguments to 1081.Xr ifconfig 8 , 1082as well as special case-insensitive keywords described below. 1083Such keywords are removed before passing the value to 1084.Xr ifconfig 8 1085while the order of the other arguments is preserved. 1086.Pp 1087One can configure more than one IPv4 address with the 1088.Va ipv4_addrs_ Ns Aq Ar interface 1089variable. 1090One or more IP addresses must be provided in Classless Inter-Domain 1091Routing (CIDR) address notation, whose last byte can be a range like 1092192.0.2.5-23/24. 1093In this case the address 192.0.2.5 will be configured with the 1094netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1095the non-conflicting netmask /32 as explained in the 1096.Xr ifconfig 8 1097alias section. 1098With the interface in question being 1099.Li ed0 , 1100an example could look like: 1101.Bd -literal 1102ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28" 1103.Ed 1104.Pp 1105It is also possible to add IP alias entries using 1106.Xr ifconfig 8 1107syntax. 1108Assuming that the interface in question was 1109.Li ed0 , 1110it might look 1111something like this: 1112.Bd -literal 1113ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1114ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1115.Ed 1116.Pp 1117And so on. 1118For each 1119.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1120entry that is found, 1121its contents are passed to 1122.Xr ifconfig 8 . 1123Execution stops at the first unsuccessful access, so if 1124something like this is present: 1125.Bd -literal 1126ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1127ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1128ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1129ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1130.Ed 1131.Pp 1132Then note that alias4 would 1133.Em not 1134be added since the search would 1135stop with the missing 1136.Dq Li alias3 1137entry. 1138Due to this difficult to manage behavior, the 1139.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1140form is deprecated. 1141.Pp 1142If the 1143.Pa /etc/start_if. Ns Aq Ar interface 1144file is present, it is read and executed by the 1145.Xr sh 1 1146interpreter 1147before configuring the interface as specified in the 1148.Va ifconfig_ Ns Aq Ar interface 1149and 1150.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1151variables. 1152.Pp 1153If a 1154.Va wlans_ Ns Aq Ar interface 1155variable is set, 1156an 1157.Xr wlan 4 1158interface will be created for each item in the list with the 1159.Ar wlandev 1160argument set to 1161.Ar interface . 1162Further wlan cloning arguments may be passed to the 1163.Xr ifconfig 8 1164.Cm create 1165command by setting the 1166.Va create_args_ Ns Aq Ar interface 1167variable. 1168One or more 1169.Xr wlan 4 1170devices must be created for each wireless devices as of 1171.Fx 8.0 . 1172Debugging flags for 1173.Xr wlan 4 1174devices as set by 1175.Xr wlandebug 8 1176may be specified with an 1177.Va wlandebug_ Ns Aq Ar interface 1178variable. 1179The contents of this variable will be passed directly to 1180.Xr wlandebug 8 . 1181.Pp 1182If the 1183.Va ifconfig_ Ns Aq Ar interface 1184contains the keyword 1185.Dq Li NOAUTO 1186then the interface will not be configured 1187at boot or by 1188.Pa /etc/pccard_ether 1189when 1190.Va network_interfaces 1191is set to 1192.Dq Li AUTO . 1193.Pp 1194It is possible to bring up an interface with DHCP by adding 1195.Dq Li DHCP 1196to the 1197.Va ifconfig_ Ns Aq Ar interface 1198variable. 1199For instance, to initialize the 1200.Li ed0 1201device via DHCP, 1202it is possible to use something like: 1203.Bd -literal 1204ifconfig_ed0="DHCP" 1205.Ed 1206.Pp 1207Also, if you want to configure your wireless interface with 1208.Xr wpa_supplicant 8 1209for use with WPA, EAP/LEAP or WEP, you need to add 1210.Dq Li WPA 1211to the 1212.Va ifconfig_ Ns Aq Ar interface 1213variable. 1214.Pp 1215Finally, you can add 1216.Xr ifconfig 8 1217options in this variable, in addition to the 1218.Pa /etc/start_if. Ns Aq Ar interface 1219file. 1220For instance, configure an 1221.Xr ath 4 1222wireless device in station mode with an address obtained 1223via DHCP, using WPA authentication and 802.11b mode, it is 1224possible to use something like: 1225.Bd -literal 1226wlans_ath0="wlan0" 1227ifconfig_wlan0="DHCP WPA mode 11b" 1228.Ed 1229.Pp 1230In addition to the 1231.Va ifconfig_ Ns Aq Ar interface 1232form, a fallback variable 1233.Va ifconfig_DEFAULT 1234may be configured. 1235It will be used for all interfaces with no 1236.Va ifconfig_ Ns Aq Ar interface 1237variable. 1238This is intended to replace the no longer supported 1239.Va pccard_ifconfig 1240variable. 1241.Pp 1242It is also possible to rename interface by doing: 1243.Bd -literal 1244ifconfig_ed0_name="net0" 1245ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1246.Ed 1247.It Va ipv6_network_interfaces 1248.Pq Vt str 1249This is the IPv6 equivalent of 1250.Va network_interfaces . 1251Instead of setting the ifconfig variables as 1252.Va ifconfig_ Ns Aq Ar interface 1253they should be set as 1254.Va ipv6_ifconfig_ Ns Aq Ar interface . 1255Aliases should be set as 1256.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1257.Va ipv6_prefix_ Ns Aq Ar interface 1258does something. 1259Interfaces that do not have a 1260.Va ipv6_ifconfig_ Ns Aq Ar interface 1261setting will be auto configured by 1262.Xr rtsol 8 1263if the 1264.Va ipv6_gateway_enable 1265is set to 1266.Dq Li NO . 1267Note that the IPv6 networking code does not support the 1268.Pa /etc/start_if. Ns Aq Ar interface 1269files. 1270.It Va ipv6_default_interface 1271.Pq Vt str 1272If not set to 1273.Dq Li NO , 1274this is the default output interface for scoped addresses. 1275Now this works only for IPv6 link local multicast addresses. 1276.It Va cloned_interfaces 1277.Pq Vt str 1278Set to the list of clonable network interfaces to create on this host. 1279Entries in 1280.Va cloned_interfaces 1281are automatically appended to 1282.Va network_interfaces 1283for configuration. 1284.It Va fec_interfaces 1285.Pq Vt str 1286Set to the list of 1287.Xr ng_fec 4 1288Fast EtherChannel interfaces to configure on this host. 1289A 1290.Va fecconfig_ Ns Aq Ar interface 1291variable is assumed to exist for each value of 1292.Ar interface . 1293The value of this variable is used to configure link aggregated interfaces 1294according to the syntax of the 1295.Cm NGM_FEC_ADD_IFACE 1296to 1297.Xr ngctl 8 1298msg. 1299Additionally, this option ensures that each listed interface is created 1300via the 1301.Cm mkpeer 1302command to 1303.Xr ngctl 8 1304before attempting to configure it. 1305For example: 1306.Bd -literal 1307fec_interfaces="fec0" 1308fecconfig_fec0="em0 em1" 1309ifconfig_fec0="DHCP" 1310.Ed 1311.It Va gif_interfaces 1312.Pq Vt str 1313Set to the list of 1314.Xr gif 4 1315tunnel interfaces to configure on this host. 1316A 1317.Va gifconfig_ Ns Aq Ar interface 1318variable is assumed to exist for each value of 1319.Ar interface . 1320The value of this variable is used to configure the link layer of the 1321tunnel according to the syntax of the 1322.Cm tunnel 1323option to 1324.Xr ifconfig 8 . 1325Additionally, this option ensures that each listed interface is created 1326via the 1327.Cm create 1328option to 1329.Xr ifconfig 8 1330before attempting to configure it. 1331.It Va sppp_interfaces 1332.Pq Vt str 1333Set to the list of 1334.Xr sppp 4 1335interfaces to configure on this host. 1336A 1337.Va spppconfig_ Ns Aq Ar interface 1338variable is assumed to exist for each value of 1339.Ar interface . 1340Each interface should also be configured by a general 1341.Va ifconfig_ Ns Aq Ar interface 1342setting. 1343Refer to 1344.Xr spppcontrol 8 1345for more information about available options. 1346.It Va ppp_enable 1347.Pq Vt bool 1348If set to 1349.Dq Li YES , 1350run the 1351.Xr ppp 8 1352daemon. 1353.It Va ppp_profile 1354.Pq Vt str 1355The name of the profile to use from 1356.Pa /etc/ppp/ppp.conf . 1357Also used for per-profile overrides of 1358.Va ppp_mode 1359and 1360.Va ppp_nat , 1361and 1362.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1363When the profile name contains any of the characters 1364.Dq Li .-/+ 1365they are translated to 1366.Dq Li _ 1367for the proposes of the override variable names. 1368.It Va ppp_mode 1369.Pq Vt str 1370Mode in which to run the 1371.Xr ppp 8 1372daemon. 1373.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1374.Pq Vt str 1375Overrides the global 1376.Va ppp_mode 1377for 1378.Ar profile . 1379Accepted modes are 1380.Dq Li auto , 1381.Dq Li ddial , 1382.Dq Li direct 1383and 1384.Dq Li dedicated . 1385See the manual for a full description. 1386.It Va ppp_nat 1387.Pq Vt bool 1388If set to 1389.Dq Li YES , 1390enables network address translation. 1391Used in conjunction with 1392.Va gateway_enable 1393allows hosts on private network addresses access to the Internet using 1394this host as a network address translating router. 1395.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1396.Pq Vt str 1397Overrides the global 1398.Va ppp_nat 1399for 1400.Ar profile . 1401.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1402.Pq Vt int 1403Set the unit number to be used for this profile. 1404See the manual description of 1405.Fl unit Ns Ar N 1406for details. 1407.It Va ppp_user 1408.Pq Vt str 1409The name of the user under which 1410.Xr ppp 8 1411should be started. 1412By 1413default, 1414.Xr ppp 8 1415is started as 1416.Dq Li root . 1417.It Va rc_conf_files 1418.Pq Vt str 1419This option is used to specify a list of files that will override 1420the settings in 1421.Pa /etc/defaults/rc.conf . 1422The files will be read in the order in which they are specified and should 1423include the full path to the file. 1424By default, the files specified are 1425.Pa /etc/rc.conf 1426and 1427.Pa /etc/rc.conf.local 1428.It Va zfs_enable 1429.Pq Vt bool 1430If set to 1431.Dq Li YES , 1432.Pa /etc/rc.d/zfs 1433will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1434(ZVOLs). 1435.It Va gbde_autoattach_all 1436.Pq Vt bool 1437If set to 1438.Dq Li YES , 1439.Pa /etc/rc.d/gbde 1440will attempt to automatically initialize your .bde devices in 1441.Pa /etc/fstab . 1442.It Va gbde_devices 1443.Pq Vt str 1444List the devices that the script should try to attach, 1445or 1446.Dq Li AUTO . 1447.It Va gbde_lockdir 1448.Pq Vt str 1449The directory where the 1450.Xr gbde 4 1451lockfiles are located. 1452The default lockfile directory is 1453.Pa /etc . 1454.Pp 1455The lockfile for each individual 1456.Xr gbde 4 1457device can be overridden by setting the variable 1458.Va gbde_lock_ Ns Aq Ar device , 1459where 1460.Ar device 1461is the encrypted device without the 1462.Dq Pa /dev/ 1463and 1464.Dq Pa .bde 1465parts. 1466.It Va gbde_attach_attempts 1467.Pq Vt int 1468Number of times to attempt attaching to a 1469.Xr gbde 4 1470device, i.e., how many times the user is asked for the pass-phrase. 1471Default is 3. 1472.It Va geli_devices 1473.Pq Vt str 1474List of devices to automatically attach on boot. 1475Note that .eli devices from 1476.Pa /etc/fstab 1477are automatically appended to this list. 1478.It Va geli_tries 1479.Pq Vt int 1480Number of times user is asked for the pass-phrase. 1481If empty, it will be taken from 1482.Va kern.geom.eli.tries 1483sysctl variable. 1484.It Va geli_default_flags 1485.Pq Vt str 1486Default flags to use by 1487.Xr geli 8 1488when configuring disk encryption. 1489Flags can be configured for every device separately by defining 1490.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1491variable. 1492.It Va geli_autodetach 1493.Pq Vt str 1494Specifies if GELI devices should be marked for detach on last close after 1495file systems are mounted. 1496Default is 1497.Dq Li YES . 1498This can be changed for every device separately by defining 1499.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1500variable. 1501.It Va geli_swap_flags 1502Options passed to the 1503.Xr geli 8 1504utility when encrypted GEOM providers for swap partitions are created. 1505The default is 1506.Dq Li "-e aes -l 256 -s 4096 -d" . 1507.It Va root_rw_mount 1508.Pq Vt bool 1509Set to 1510.Dq Li YES 1511by default. 1512After the file systems are checked at boot time, the root file system 1513is remounted as read-write if this is set to 1514.Dq Li YES . 1515Diskless systems that mount their root file system from a read-only remote 1516NFS share should set this to 1517.Dq Li NO 1518in their 1519.Pa rc.conf . 1520.It Va fsck_y_enable 1521.Pq Vt bool 1522If set to 1523.Dq Li YES , 1524.Xr fsck 8 1525will be run with the 1526.Fl y 1527flag if the initial preen 1528of the file systems fails. 1529.It Va background_fsck 1530.Pq Vt bool 1531If set to 1532.Dq Li YES , 1533the system will attempt to run 1534.Xr fsck 8 1535in the background where possible. 1536.It Va background_fsck_delay 1537.Pq Vt int 1538The amount of time in seconds to sleep before starting a background 1539.Xr fsck 8 . 1540It defaults to sixty seconds to allow large applications such as 1541the X server to start before disk I/O bandwidth is monopolized by 1542.Xr fsck 8 . 1543If set to a negative number, the background file system check will be 1544delayed indefinitely to allow the administrator to run it at a more 1545convenient time. 1546For example it may be run from 1547.Xr cron 8 1548by adding a line like 1549.Pp 1550.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1551.Pp 1552to 1553.Pa /etc/crontab . 1554.It Va netfs_types 1555.Pq Vt str 1556List of file system types that are network-based. 1557This list should generally not be modified by end users. 1558Use 1559.Va extra_netfs_types 1560instead. 1561.It Va extra_netfs_types 1562.Pq Vt str 1563If set to something other than 1564.Dq Li NO 1565(the default), 1566this variable extends the list of file system types 1567for which automatic mounting at startup by 1568.Xr rc 8 1569should be delayed until the network is initialized. 1570It should contain 1571a whitespace-separated list of network file system descriptor pairs, 1572each consisting of a file system type as passed to 1573.Xr mount 8 1574and a human-readable, one-word description, 1575joined with a colon 1576.Pq Ql \&: . 1577Extending the default list in this way is only necessary 1578when third party file system types are used. 1579.It Va syslogd_enable 1580.Pq Vt bool 1581If set to 1582.Dq Li YES , 1583run the 1584.Xr syslogd 8 1585daemon. 1586.It Va syslogd_program 1587.Pq Vt str 1588Path to 1589.Xr syslogd 8 1590(default 1591.Pa /usr/sbin/syslogd ) . 1592.It Va syslogd_flags 1593.Pq Vt str 1594If 1595.Va syslogd_enable 1596is set to 1597.Dq Li YES , 1598these are the flags to pass to 1599.Xr syslogd 8 . 1600.It Va inetd_enable 1601.Pq Vt bool 1602If set to 1603.Dq Li YES , 1604run the 1605.Xr inetd 8 1606daemon. 1607.It Va inetd_program 1608.Pq Vt str 1609Path to 1610.Xr inetd 8 1611(default 1612.Pa /usr/sbin/inetd ) . 1613.It Va inetd_flags 1614.Pq Vt str 1615If 1616.Va inetd_enable 1617is set to 1618.Dq Li YES , 1619these are the flags to pass to 1620.Xr inetd 8 . 1621.It Va named_enable 1622.Pq Vt bool 1623If set to 1624.Dq Li YES , 1625run the 1626.Xr named 8 1627daemon. 1628.It Va named_program 1629.Pq Vt str 1630Path to 1631.Xr named 8 1632(default 1633.Pa /usr/sbin/named ) . 1634.It Va named_conf 1635.Pq Vt str 1636Path to 1637.Xr named 8 1638configuration file, (default 1639.Pa /etc/namedb/named.conf ) . 1640.It Va named_flags 1641.Pq Vt str 1642If 1643.Va named_enable 1644is set to 1645.Dq Li YES , 1646these are the flags to pass to 1647.Xr named 8 . 1648.It Va named_pidfile 1649.Pq Vt str 1650This is the default path to the 1651.Xr named 8 1652daemon's PID file. 1653This must match the location in 1654.Xr named.conf 5 . 1655.It Va named_uid 1656.Pq Vt str 1657The user that the 1658.Xr named 8 1659process should be run as. 1660.It Va named_chrootdir 1661.Pq Vt str 1662The root directory for a name server run in a 1663.Xr chroot 8 1664environment (default 1665.Pa /var/named ) . 1666If left empty 1667.Xr named 8 1668will not be run in a 1669.Xr chroot 8 1670environment. 1671.It Va named_chroot_autoupdate 1672.Pq Vt bool 1673Set to 1674.Dq Li NO 1675to disable automatic update of the 1676.Xr chroot 8 1677environment. 1678.It Va named_symlink_enable 1679.Pq Vt bool 1680Set to 1681.Dq Li NO 1682to disable symlinking of 1683daemon's PID file 1684into the 1685.Xr chroot 8 1686environment. 1687.It Va named_wait 1688.Pq Vt bool 1689Set to have 1690.Pa /etc/rc.d/named 1691loop until working name service is established. 1692.It Va named_wait_host 1693.Pq Vt str 1694Name of host to lookup for the named_wait option. 1695(Default localhost) 1696.It Va named_auto_forward 1697.Pq Vt bool 1698Set to enable automatic creation of a forwarder 1699configuration file derived from 1700.Pa /etc/resolv.conf . 1701.It Va named_auto_forward_only 1702.Pq Vt bool 1703Set to change the default forwarder configuration from 1704.Dq forward first 1705to 1706.Dq forward only . 1707.It Va kerberos5_server_enable 1708.Pq Vt bool 1709Set to 1710.Dq Li YES 1711to start a Kerberos 5 authentication server 1712at boot time. 1713.It Va kerberos5_server 1714.Pq Vt str 1715If 1716.Va kerberos5_server_enable 1717is set to 1718.Dq Li YES 1719this is the path to Kerberos 5 Authentication Server. 1720.It Va kerberos5_server_flags 1721.Pq Vt str 1722Empty by default. 1723This variable contains additional flags to be passed to the Kerberos 5 1724authentication server. 1725.It Va kadmind5_server_enable 1726.Pq Vt bool 1727Set to 1728.Dq Li YES 1729to start 1730.Xr kadmind 8 , 1731the Kerberos 5 Administration Daemon; set to 1732.Dq Li NO 1733on a slave server. 1734.It Va kadmind5_server 1735.Pq Vt str 1736If 1737.Va kadmind5_server_enable 1738is set to 1739.Dq Li YES 1740this is the path to Kerberos 5 Administration Daemon. 1741.It Va kpasswdd_server_enable 1742.Pq Vt bool 1743Set to 1744.Dq Li YES 1745to start 1746.Xr kpasswdd 8 , 1747the Kerberos 5 Password-Changing Daemon; set to 1748.Dq Li NO 1749on a slave server. 1750.It Va kpasswdd_server 1751.Pq Vt str 1752If 1753.Va kpasswdd_server_enable 1754is set to 1755.Dq Li YES 1756this is the path to Kerberos 5 Password-Changing Daemon. 1757.It Va rwhod_enable 1758.Pq Vt bool 1759If set to 1760.Dq Li YES , 1761run the 1762.Xr rwhod 8 1763daemon at boot time. 1764.It Va rwhod_flags 1765.Pq Vt str 1766If 1767.Va rwhod_enable 1768is set to 1769.Dq Li YES , 1770these are the flags to pass to it. 1771.It Va amd_enable 1772.Pq Vt bool 1773If set to 1774.Dq Li YES , 1775run the 1776.Xr amd 8 1777daemon at boot time. 1778.It Va amd_flags 1779.Pq Vt str 1780If 1781.Va amd_enable 1782is set to 1783.Dq Li YES , 1784these are the flags to pass to it. 1785See the 1786.Xr amd 8 1787manpage for more information. 1788.It Va amd_map_program 1789.Pq Vt str 1790If set, 1791the specified program is run to get the list of 1792.Xr amd 8 1793maps. 1794For example, if the 1795.Xr amd 8 1796maps are stored in NIS, one can set this to 1797run 1798.Xr ypcat 1 1799to get a list of 1800.Xr amd 8 1801maps from the 1802.Pa amd.master 1803NIS map. 1804.It Va update_motd 1805.Pq Vt bool 1806If set to 1807.Dq Li YES , 1808.Pa /etc/motd 1809will be updated at boot time to reflect the kernel release 1810being run. 1811If set to 1812.Dq Li NO , 1813.Pa /etc/motd 1814will not be updated. 1815.It Va nfs_client_enable 1816.Pq Vt bool 1817If set to 1818.Dq Li YES , 1819run the NFS client daemons at boot time. 1820.It Va nfs_access_cache 1821.Pq Vt int 1822If 1823.Va nfs_client_enable 1824is set to 1825.Dq Li YES , 1826this can be set to 1827.Dq Li 0 1828to disable NFS ACCESS RPC caching, or to the number of seconds for which 1829NFS ACCESS 1830results should be cached. 1831A value of 2-10 seconds will substantially reduce network 1832traffic for many NFS operations. 1833.It Va nfs_server_enable 1834.Pq Vt bool 1835If set to 1836.Dq Li YES , 1837run the NFS server daemons at boot time. 1838.It Va nfs_server_flags 1839.Pq Vt str 1840If 1841.Va nfs_server_enable 1842is set to 1843.Dq Li YES , 1844these are the flags to pass to the 1845.Xr nfsd 8 1846daemon. 1847.It Va idmapd_enable 1848.Pq Vt bool 1849If set to 1850.Dq Li YES , 1851run the ID mapping daemon for NFS version 4. 1852.It Va idmapd_flags 1853.Pq Vt str 1854If 1855.Va idmapd_enable 1856is set to 1857.Dq Li YES , 1858these are the flags to pass to the 1859.Xr idmapd 8 1860daemon. 1861.It Va mountd_enable 1862.Pq Vt bool 1863If set to 1864.Dq Li YES , 1865and no 1866.Va nfs_server_enable 1867is set, start 1868.Xr mountd 8 , 1869but not 1870.Xr nfsd 8 1871daemon. 1872It is commonly needed to run CFS without real NFS used. 1873.It Va mountd_flags 1874.Pq Vt str 1875If 1876.Va mountd_enable 1877is set to 1878.Dq Li YES , 1879these are the flags to pass to the 1880.Xr mountd 8 1881daemon. 1882.It Va weak_mountd_authentication 1883.Pq Vt bool 1884If set to 1885.Dq Li YES , 1886allow services like PCNFSD to make non-privileged mount 1887requests. 1888.It Va nfs_reserved_port_only 1889.Pq Vt bool 1890If set to 1891.Dq Li YES , 1892provide NFS services only on a secure port. 1893.It Va nfs_bufpackets 1894.Pq Vt int 1895If set to a number, indicates the number of packets worth of 1896socket buffer space to reserve on an NFS client. 1897The kernel default is typically 4. 1898Using a higher number may be 1899useful on gigabit networks to improve performance. 1900The minimum value is 19012 and the maximum is 64. 1902.It Va rpc_lockd_enable 1903.Pq Vt bool 1904If set to 1905.Dq Li YES 1906and also an NFS server or client, run 1907.Xr rpc.lockd 8 1908at boot time. 1909.It Va rpc_lockd_flags 1910.Pq Vt str 1911If 1912.Va rpc_lockd_enable 1913is set to 1914.Dq Li YES , 1915these are the flags to pass to the 1916.Xr rpc.lockd 8 1917daemon. 1918.It Va rpc_statd_enable 1919.Pq Vt bool 1920If set to 1921.Dq Li YES 1922and also an NFS server or client, run 1923.Xr rpc.statd 8 1924at boot time. 1925.It Va rpc_statd_flags 1926.Pq Vt str 1927If 1928.Va rpc_statd_enable 1929is set to 1930.Dq Li YES , 1931these are the flags to pass to the 1932.Xr rpc.statd 8 1933daemon. 1934.It Va rpcbind_program 1935.Pq Vt str 1936Path to 1937.Xr rpcbind 8 1938(default 1939.Pa /usr/sbin/rpcbind ) . 1940.It Va rpcbind_enable 1941.Pq Vt bool 1942If set to 1943.Dq Li YES , 1944run the 1945.Xr rpcbind 8 1946service at boot time. 1947.It Va rpcbind_flags 1948.Pq Vt str 1949If 1950.Va rpcbind_enable 1951is set to 1952.Dq Li YES , 1953these are the flags to pass to the 1954.Xr rpcbind 8 1955daemon. 1956.It Va keyserv_enable 1957.Pq Vt bool 1958If set to 1959.Dq Li YES , 1960run the 1961.Xr keyserv 8 1962daemon on boot for running Secure RPC. 1963.It Va keyserv_flags 1964.Pq Vt str 1965If 1966.Va keyserv_enable 1967is set to 1968.Dq Li YES , 1969these are the flags to pass to 1970.Xr keyserv 8 1971daemon. 1972.It Va pppoed_enable 1973.Pq Vt bool 1974If set to 1975.Dq Li YES , 1976run the 1977.Xr pppoed 8 1978daemon at boot time to provide PPP over Ethernet services. 1979.It Va pppoed_ Ns Aq Ar provider 1980.Pq Vt str 1981.Xr pppoed 8 1982listens to requests to this 1983.Ar provider 1984and ultimately runs 1985.Xr ppp 8 1986with a 1987.Ar system 1988argument of the same name. 1989.It Va pppoed_flags 1990.Pq Vt str 1991Additional flags to pass to 1992.Xr pppoed 8 . 1993.It Va pppoed_interface 1994.Pq Vt str 1995The network interface to run 1996.Xr pppoed 8 1997on. 1998This is mandatory when 1999.Va pppoed_enable 2000is set to 2001.Dq Li YES . 2002.It Va timed_enable 2003.Pq Vt bool 2004If set to 2005.Dq Li YES , 2006run the 2007.Xr timed 8 2008service at boot time. 2009This command is intended for networks of 2010machines where a consistent 2011.Dq "network time" 2012for all hosts must be established. 2013This is often useful in large NFS 2014environments where time stamps on files are expected to be consistent 2015network-wide. 2016.It Va timed_flags 2017.Pq Vt str 2018If 2019.Va timed_enable 2020is set to 2021.Dq Li YES , 2022these are the flags to pass to the 2023.Xr timed 8 2024service. 2025.It Va ntpdate_enable 2026.Pq Vt bool 2027If set to 2028.Dq Li YES , 2029run 2030.Xr ntpdate 8 2031at system startup. 2032This command is intended to 2033synchronize the system clock only 2034.Em once 2035from some standard reference. 2036An option to set this up initially 2037(from a list of known servers) is also provided by the 2038.Xr sysinstall 8 2039program when the system is first installed. 2040.It Va ntpdate_config 2041.Pq Vt str 2042Configuration file for 2043.Xr ntpdate 8 . 2044Default 2045.Pa /etc/ntp.conf . 2046.It Va ntpdate_hosts 2047.Pq Vt str 2048A whitespace-separated list of NTP servers to synchronize with at startup. 2049The default is to use the servers listed in 2050.Va ntpdate_config , 2051if that file exists. 2052.It Va ntpdate_program 2053.Pq Vt str 2054Path to 2055.Xr ntpdate 8 2056(default 2057.Pa /usr/sbin/ntpdate ) . 2058.It Va ntpdate_flags 2059.Pq Vt str 2060If 2061.Va ntpdate_enable 2062is set to 2063.Dq Li YES , 2064these are the flags to pass to the 2065.Xr ntpdate 8 2066command (typically a hostname). 2067.It Va ntpd_enable 2068.Pq Vt bool 2069If set to 2070.Dq Li YES , 2071run the 2072.Xr ntpd 8 2073command at boot time. 2074.It Va ntpd_program 2075.Pq Vt str 2076Path to 2077.Xr ntpd 8 2078(default 2079.Pa /usr/sbin/ntpd ) . 2080.It Va ntpd_config 2081.Pq Vt str 2082Path to 2083.Xr ntpd 8 2084configuration file. 2085Default 2086.Pa /etc/ntp.conf . 2087.It Va ntpd_flags 2088.Pq Vt str 2089If 2090.Va ntpd_enable 2091is set to 2092.Dq Li YES , 2093these are the flags to pass to the 2094.Xr ntpd 8 2095daemon. 2096.It Va ntpd_sync_on_start 2097.Pq Vt bool 2098If set to 2099.Dq Li YES , 2100.Xr ntpd 8 2101is run with the 2102.Fl g 2103flag, which syncs the system's clock on startup. 2104See 2105.Xr ntpd 8 2106for more information regarding the 2107.Fl g 2108option. 2109This is a preferred alternative to using 2110.Xr ntpdate 8 2111or specifying the 2112.Va ntpdate_enable 2113variable. 2114.It Va nis_client_enable 2115.Pq Vt bool 2116If set to 2117.Dq Li YES , 2118run the 2119.Xr ypbind 8 2120service at system boot time. 2121.It Va nis_client_flags 2122.Pq Vt str 2123If 2124.Va nis_client_enable 2125is set to 2126.Dq Li YES , 2127these are the flags to pass to the 2128.Xr ypbind 8 2129service. 2130.It Va nis_ypset_enable 2131.Pq Vt bool 2132If set to 2133.Dq Li YES , 2134run the 2135.Xr ypset 8 2136daemon at system boot time. 2137.It Va nis_ypset_flags 2138.Pq Vt str 2139If 2140.Va nis_ypset_enable 2141is set to 2142.Dq Li YES , 2143these are the flags to pass to the 2144.Xr ypset 8 2145daemon. 2146.It Va nis_server_enable 2147.Pq Vt bool 2148If set to 2149.Dq Li YES , 2150run the 2151.Xr ypserv 8 2152daemon at system boot time. 2153.It Va nis_server_flags 2154.Pq Vt str 2155If 2156.Va nis_server_enable 2157is set to 2158.Dq Li YES , 2159these are the flags to pass to the 2160.Xr ypserv 8 2161daemon. 2162.It Va nis_ypxfrd_enable 2163.Pq Vt bool 2164If set to 2165.Dq Li YES , 2166run the 2167.Xr rpc.ypxfrd 8 2168daemon at system boot time. 2169.It Va nis_ypxfrd_flags 2170.Pq Vt str 2171If 2172.Va nis_ypxfrd_enable 2173is set to 2174.Dq Li YES , 2175these are the flags to pass to the 2176.Xr rpc.ypxfrd 8 2177daemon. 2178.It Va nis_yppasswdd_enable 2179.Pq Vt bool 2180If set to 2181.Dq Li YES , 2182run the 2183.Xr rpc.yppasswdd 8 2184daemon at system boot time. 2185.It Va nis_yppasswdd_flags 2186.Pq Vt str 2187If 2188.Va nis_yppasswdd_enable 2189is set to 2190.Dq Li YES , 2191these are the flags to pass to the 2192.Xr rpc.yppasswdd 8 2193daemon. 2194.It Va rpc_ypupdated_enable 2195.Pq Vt bool 2196If set to 2197.Dq Li YES , 2198run the 2199.Nm rpc.ypupdated 2200daemon at system boot time. 2201.It Va bsnmpd_enable 2202.Pq Vt bool 2203If set to 2204.Dq Li YES , 2205run the 2206.Xr bsnmpd 1 2207daemon at system boot time. 2208Be sure to understand the security implications of running SNMP daemon 2209on your host. 2210.It Va bsnmpd_flags 2211.Pq Vt str 2212If 2213.Va bsnmpd_enable 2214is set to 2215.Dq Li YES , 2216these are the flags to pass to the 2217.Xr bsnmpd 1 2218daemon. 2219.It Va defaultrouter 2220.Pq Vt str 2221If not set to 2222.Dq Li NO , 2223create a default route to this host name or IP address 2224(use an IP address if this router is also required to get to the 2225name server!). 2226.It Va ipv6_defaultrouter 2227.Pq Vt str 2228The IPv6 equivalent of 2229.Va defaultrouter . 2230.It Va static_routes 2231.Pq Vt str 2232Set to the list of static routes that are to be added at system 2233boot time. 2234If not set to 2235.Dq Li NO 2236then for each whitespace separated 2237.Ar element 2238in the value, a 2239.Va route_ Ns Aq Ar element 2240variable is assumed to exist 2241whose contents will later be passed to a 2242.Dq Nm route Cm add 2243operation. 2244For example: 2245.Bd -literal 2246static_routes="mcast gif0local" 2247route_mcast="-net 224.0.0.0/4 -iface gif0" 2248route_gif0local="-host 169.254.1.1 -iface lo0" 2249.Ed 2250.It Va ipv6_static_routes 2251.Pq Vt str 2252The IPv6 equivalent of 2253.Va static_routes . 2254If not set to 2255.Dq Li NO 2256then for each whitespace separated 2257.Ar element 2258in the value, a 2259.Va ipv6_route_ Ns Aq Ar element 2260variable is assumed to exist 2261whose contents will later be passed to a 2262.Dq Nm route Cm add Fl inet6 2263operation. 2264.It Va natm_static_routes 2265.Pq Vt str 2266The 2267.Xr natmip 4 2268equivalent of 2269.Va static_routes . 2270If not empty then for each whitespace separated 2271.Ar element 2272in the value, a 2273.Va route_ Ns Aq Ar element 2274variable is assumed to exist whose contents will later be passed to a 2275.Dq Nm atmconfig Cm natm Cm add 2276operation. 2277.It Va gateway_enable 2278.Pq Vt bool 2279If set to 2280.Dq Li YES , 2281configure host to act as an IP router, e.g.\& to forward packets 2282between interfaces. 2283.It Va ipv6_gateway_enable 2284.Pq Vt bool 2285The IPv6 equivalent of 2286.Va gateway_enable . 2287.It Va router_enable 2288.Pq Vt bool 2289If set to 2290.Dq Li YES , 2291run a routing daemon of some sort, based on the 2292settings of 2293.Va router 2294and 2295.Va router_flags . 2296.It Va ipv6_router_enable 2297.Pq Vt bool 2298The IPv6 equivalent of 2299.Va router_enable . 2300If set to 2301.Dq Li YES , 2302run a routing daemon of some sort, based on the 2303settings of 2304.Va ipv6_router 2305and 2306.Va ipv6_router_flags . 2307.It Va router 2308.Pq Vt str 2309If 2310.Va router_enable 2311is set to 2312.Dq Li YES , 2313this is the name of the routing daemon to use. 2314.It Va ipv6_router 2315.Pq Vt str 2316The IPv6 equivalent of 2317.Va router . 2318.It Va router_flags 2319.Pq Vt str 2320If 2321.Va router_enable 2322is set to 2323.Dq Li YES , 2324these are the flags to pass to the routing daemon. 2325.It Va ipv6_router_flags 2326.Pq Vt str 2327The IPv6 equivalent of 2328.Va router_flags . 2329.It Va mrouted_enable 2330.Pq Vt bool 2331If set to 2332.Dq Li YES , 2333run the multicast routing daemon, 2334.Xr mrouted 8 . 2335.It Va mroute6d_enable 2336.Pq Vt bool 2337The IPv6 equivalent of 2338.Va mrouted_enable . 2339If set to 2340.Dq Li YES , 2341run the IPv6 multicast routing daemon. 2342.Pp 2343Note that multicast routing daemons are no longer included in the 2344.Fx 2345base system, however, both 2346.Xr mrouted 8 2347and 2348.Xr pim6dd 8 2349may be installed from the 2350.Fx 2351Ports Collection. 2352.It Va mrouted_flags 2353.Pq Vt str 2354If 2355.Va mrouted_enable 2356is set to 2357.Dq Li YES , 2358these are the flags to pass to the 2359.Xr mrouted 8 2360daemon. 2361.It Va mroute6d_flags 2362.Pq Vt str 2363The IPv6 equivalent of 2364.Va mrouted_flags . 2365If 2366.Va mroute6d_enable 2367is set to 2368.Dq Li YES , 2369these are the flags passed to the IPv6 multicast routing daemon. 2370.It Va mroute6d_program 2371.Pq Vt str 2372If 2373.Va mroute6d_enable 2374is set to 2375.Dq Li YES , 2376this is the path to the IPv6 multicast routing daemon. 2377.It Va rtadvd_enable 2378.Pq Vt bool 2379If set to 2380.Dq Li YES , 2381run the 2382.Xr rtadvd 8 2383daemon at boot time. 2384.Xr rtadvd 8 2385will only run if 2386.Va ipv6_gateway_enable 2387is also set to 2388.Dq Li YES . 2389The 2390.Xr rtadvd 8 2391utility sends router advertisement packets to the interfaces specified in 2392.Va rtadvd_interfaces 2393and should only be enabled with great care. 2394You may want to fine-tune 2395.Xr rtadvd.conf 5 . 2396.It Va rtadvd_interfaces 2397.Pq Vt str 2398If 2399.Va rtadvd_enable 2400is set to 2401.Dq Li YES 2402this is the list of interfaces to use. 2403.It Va ipxgateway_enable 2404.Pq Vt bool 2405If set to 2406.Dq Li YES , 2407enable the routing of IPX traffic. 2408.It Va ipxrouted_enable 2409.Pq Vt bool 2410If set to 2411.Dq Li YES , 2412run the 2413.Xr IPXrouted 8 2414daemon at system boot time. 2415.It Va ipxrouted_flags 2416.Pq Vt str 2417If 2418.Va ipxrouted_enable 2419is set to 2420.Dq Li YES , 2421these are the flags to pass to the 2422.Xr IPXrouted 8 2423daemon. 2424.It Va arpproxy_all 2425.Pq Vt bool 2426If set to 2427.Dq Li YES , 2428enable global proxy ARP. 2429.It Va forward_sourceroute 2430.Pq Vt bool 2431If set to 2432.Dq Li YES 2433and 2434.Va gateway_enable 2435is also set to 2436.Dq Li YES , 2437source-routed packets are forwarded. 2438.It Va accept_sourceroute 2439.Pq Vt bool 2440If set to 2441.Dq Li YES , 2442the system will accept source-routed packets directed at it. 2443.It Va rarpd_enable 2444.Pq Vt bool 2445If set to 2446.Dq Li YES , 2447run the 2448.Xr rarpd 8 2449daemon at system boot time. 2450.It Va rarpd_flags 2451.Pq Vt str 2452If 2453.Va rarpd_enable 2454is set to 2455.Dq Li YES , 2456these are the flags to pass to the 2457.Xr rarpd 8 2458daemon. 2459.It Va bootparamd_enable 2460.Pq Vt bool 2461If set to 2462.Dq Li YES , 2463run the 2464.Xr bootparamd 8 2465daemon at system boot time. 2466.It Va bootparamd_flags 2467.Pq Vt str 2468If 2469.Va bootparamd_enable 2470is set to 2471.Dq Li YES , 2472these are the flags to pass to the 2473.Xr bootparamd 8 2474daemon. 2475.It Va stf_interface_ipv4addr 2476.Pq Vt str 2477If not set to 2478.Dq Li NO , 2479this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2480interface). 2481Specify this entry to enable the 6to4 interface. 2482.It Va stf_interface_ipv4plen 2483.Pq Vt int 2484Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2485An effective value is 0-31. 2486.It Va stf_interface_ipv6_ifid 2487.Pq Vt str 2488IPv6 interface ID for 2489.Xr stf 4 . 2490This can be set to 2491.Dq Li AUTO . 2492.It Va stf_interface_ipv6_slaid 2493.Pq Vt str 2494IPv6 Site Level Aggregator for 2495.Xr stf 4 . 2496.It Va ipv6_faith_prefix 2497.Pq Vt str 2498If not set to 2499.Dq Li NO , 2500this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2501translator. 2502You also need 2503.Xr faithd 8 2504setup. 2505.It Va ipv6_ipv4mapping 2506.Pq Vt bool 2507If set to 2508.Dq Li YES 2509this enables IPv4 mapped IPv6 address communication (like 2510.Li ::ffff:a.b.c.d ) . 2511.It Va atm_enable 2512.Pq Vt bool 2513Set to 2514.Dq Li YES 2515to enable the configuration of ATM interfaces at system boot time. 2516For all of the ATM variables described below, please refer to the 2517.Xr atm 8 2518manual page for further details on the available command parameters. 2519Also refer to the files in 2520.Pa /usr/share/examples/atm 2521for more detailed configuration information. 2522.It Va atm_load 2523.Pq Vt str 2524This is a list of physical ATM interface drivers to load. 2525Typical values are 2526.Dq Li hfa_pci 2527and/or 2528.Dq Li hea_pci . 2529.It Va atm_netif_ Ns Aq Ar intf 2530.Pq Vt str 2531For the ATM physical interface 2532.Ar intf , 2533this variable defines the name prefix and count for the ATM network 2534interfaces to be created. 2535The value will be passed as the parameters of an 2536.Dq Nm atm Cm "set netif" Ar intf 2537command. 2538.It Va atm_sigmgr_ Ns Aq Ar intf 2539.Pq Vt str 2540For the ATM physical interface 2541.Ar intf , 2542this variable defines the ATM signalling manager to be used. 2543The value will be passed as the parameters of an 2544.Dq Nm atm Cm attach Ar intf 2545command. 2546.It Va atm_prefix_ Ns Aq Ar intf 2547.Pq Vt str 2548For the ATM physical interface 2549.Ar intf , 2550this variable defines the NSAP prefix for interfaces using a UNI signalling 2551manager. 2552If set to 2553.Dq Li ILMI , 2554the prefix will automatically be set via the 2555.Xr ilmid 8 2556daemon. 2557Otherwise, the value will be passed as the parameters of an 2558.Dq Nm atm Cm "set prefix" Ar intf 2559command. 2560.It Va atm_macaddr_ Ns Aq Ar intf 2561.Pq Vt str 2562For the ATM physical interface 2563.Ar intf , 2564this variable defines the MAC address for interfaces using a UNI signalling 2565manager. 2566If set to 2567.Dq Li NO , 2568the hardware MAC address contained in the ATM interface card will be used. 2569Otherwise, the value will be passed as the parameters of an 2570.Dq Nm atm Cm "set mac" Ar intf 2571command. 2572.It Va atm_arpserver_ Ns Aq Ar netif 2573.Pq Vt str 2574For the ATM network interface 2575.Ar netif , 2576this variable defines the ATM address for a host which is to provide ATMARP 2577service. 2578This variable is only applicable to interfaces using a UNI signalling 2579manager. 2580If set to 2581.Dq Li local , 2582this host will become an ATMARP server. 2583The value will be passed as the parameters of an 2584.Dq Nm atm Cm "set arpserver" Ar netif 2585command. 2586.It Va atm_scsparp_ Ns Aq Ar netif 2587.Pq Vt bool 2588If set to 2589.Dq Li YES , 2590SCSP/ATMARP service for the network interface 2591.Ar netif 2592will be initiated using the 2593.Xr scspd 8 2594and 2595.Xr atmarpd 8 2596daemons. 2597This variable is only applicable if 2598.Va atm_arpserver_ Ns Aq Ar netif 2599is set to 2600.Dq Li local . 2601.It Va atm_pvcs 2602.Pq Vt str 2603Set to the list of ATM PVCs to be added at system 2604boot time. 2605For each whitespace separated 2606.Ar element 2607in the value, an 2608.Va atm_pvc_ Ns Aq Ar element 2609variable is assumed to exist. 2610The value of each of these variables 2611will be passed as the parameters of an 2612.Dq Nm atm Cm "add pvc" 2613command. 2614.It Va atm_arps 2615.Pq Vt str 2616Set to the list of permanent ATM ARP entries to be added 2617at system boot time. 2618For each whitespace separated 2619.Ar element 2620in the value, an 2621.Va atm_arp_ Ns Aq Ar element 2622variable is assumed to exist. 2623The value of each of these variables 2624will be passed as the parameters of an 2625.Dq Nm atm Cm "add arp" 2626command. 2627.It Va natm_interfaces 2628.Pq Vt str 2629Set to the list of 2630.Xr natm 4 2631interfaces that will also be used for HARP through 2632.Xr harp 4 . 2633If this list is not empty all interfaces in the list will be brought up 2634with 2635.Xr ifconfig 8 2636and 2637.Xr harp 4 2638will be loaded. 2639For this to work the interface drivers must be either compiled into the 2640kernel or must reside on the root partition. 2641.It Va keybell 2642.Pq Vt str 2643The keyboard bell sound. 2644Set to 2645.Dq Li normal , 2646.Dq Li visual , 2647.Dq Li off , 2648or 2649.Dq Li NO 2650if the default behavior is desired. 2651For details, refer to the 2652.Xr kbdcontrol 1 2653manpage. 2654.It Va keyboard 2655.Pq Vt str 2656If set to a non-null string, the virtual console's keyboard input is 2657set to this device. 2658.It Va keymap 2659.Pq Vt str 2660If set to 2661.Dq Li NO , 2662no keymap is installed, otherwise the value is used to install 2663the keymap file in 2664.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2665.It Va keyrate 2666.Pq Vt str 2667The keyboard repeat speed. 2668Set to 2669.Dq Li slow , 2670.Dq Li normal , 2671.Dq Li fast , 2672or 2673.Dq Li NO 2674if the default behavior is desired. 2675.It Va keychange 2676.Pq Vt str 2677If not set to 2678.Dq Li NO , 2679attempt to program the function keys with the value. 2680The value should 2681be a single string of the form: 2682.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2683.It Va cursor 2684.Pq Vt str 2685Can be set to the value of 2686.Dq Li normal , 2687.Dq Li blink , 2688.Dq Li destructive , 2689or 2690.Dq Li NO 2691to set the cursor behavior explicitly or choose the default behavior. 2692.It Va scrnmap 2693.Pq Vt str 2694If set to 2695.Dq Li NO , 2696no screen map is installed, otherwise the value is used to install 2697the screen map file in 2698.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2699.It Va font8x16 2700.Pq Vt str 2701If set to 2702.Dq Li NO , 2703the default 8x16 font value is used for screen size requests, otherwise 2704the value in 2705.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2706is used. 2707.It Va font8x14 2708.Pq Vt str 2709If set to 2710.Dq Li NO , 2711the default 8x14 font value is used for screen size requests, otherwise 2712the value in 2713.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2714is used. 2715.It Va font8x8 2716.Pq Vt str 2717If set to 2718.Dq Li NO , 2719the default 8x8 font value is used for screen size requests, otherwise 2720the value in 2721.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2722is used. 2723.It Va blanktime 2724.Pq Vt int 2725If set to 2726.Dq Li NO , 2727the default screen blanking interval is used, otherwise it is set 2728to 2729.Ar value 2730seconds. 2731.It Va saver 2732.Pq Vt str 2733If not set to 2734.Dq Li NO , 2735this is the actual screen saver to use 2736.Li ( blank , snake , daemon , 2737etc). 2738.It Va moused_nondefault_enable 2739.Pq Vt str 2740If set to 2741.Dq Li NO , 2742the mouse device specified on 2743the command line is not automatically treated as enabled by the 2744.Pa /etc/rc.d/moused 2745script. 2746Having this variable set to 2747.Dq Li YES 2748allows a 2749.Xr usb 4 2750mouse, 2751for example, 2752to be enabled as soon as it is plugged in. 2753.It Va moused_enable 2754.Pq Vt str 2755If set to 2756.Dq Li YES , 2757the 2758.Xr moused 8 2759daemon is started for doing cut/paste selection on the console. 2760.It Va moused_type 2761.Pq Vt str 2762This is the protocol type of the mouse connected to this host. 2763This variable must be set if 2764.Va moused_enable 2765is set to 2766.Dq Li YES . 2767The 2768.Xr moused 8 2769daemon 2770is able to detect the appropriate mouse type automatically in many cases. 2771Set this variable to 2772.Dq Li auto 2773to let the daemon detect it, or 2774select one from the following list if the automatic detection fails. 2775.Pp 2776If the mouse is attached to the PS/2 mouse port, choose 2777.Dq Li auto 2778or 2779.Dq Li ps/2 , 2780regardless of the brand and model of the mouse. 2781Likewise, if the 2782mouse is attached to the bus mouse port, choose 2783.Dq Li auto 2784or 2785.Dq Li busmouse . 2786All other protocols are for serial mice and will not work with 2787the PS/2 and bus mice. 2788If this is a USB mouse, 2789.Dq Li auto 2790is the only protocol type which will work. 2791.Pp 2792.Bl -tag -width ".Li x10mouseremote" -compact 2793.It Li microsoft 2794Microsoft mouse (serial) 2795.It Li intellimouse 2796Microsoft IntelliMouse (serial) 2797.It Li mousesystems 2798Mouse systems Corp.\& mouse (serial) 2799.It Li mmseries 2800MM Series mouse (serial) 2801.It Li logitech 2802Logitech mouse (serial) 2803.It Li busmouse 2804A bus mouse 2805.It Li mouseman 2806Logitech MouseMan and TrackMan (serial) 2807.It Li glidepoint 2808ALPS GlidePoint (serial) 2809.It Li thinkingmouse 2810Kensington ThinkingMouse (serial) 2811.It Li ps/2 2812PS/2 mouse 2813.It Li mmhittab 2814MM HitTablet (serial) 2815.It Li x10mouseremote 2816X10 MouseRemote (serial) 2817.It Li versapad 2818Interlink VersaPad (serial) 2819.El 2820.Pp 2821Even if the mouse is not in the above list, it may be compatible 2822with one in the list. 2823Refer to the manual page for 2824.Xr moused 8 2825for compatibility information. 2826.Pp 2827It should also be noted that while this is enabled, any 2828other client of the mouse (such as an X server) should access 2829the mouse through the virtual mouse device, 2830.Pa /dev/sysmouse , 2831and configure it as a 2832.Dq Li sysmouse 2833type mouse, since all 2834mouse data is converted to this single canonical format when 2835using 2836.Xr moused 8 . 2837If the client program does not support the 2838.Dq Li sysmouse 2839type, 2840specify the 2841.Dq Li mousesystems 2842type. 2843It is the second preferred type. 2844.It Va moused_port 2845.Pq Vt str 2846If 2847.Va moused_enable 2848is set to 2849.Dq Li YES , 2850this is the actual port the mouse is on. 2851It might be 2852.Pa /dev/cuad0 2853for a COM1 serial mouse, 2854.Pa /dev/psm0 2855for a PS/2 mouse or 2856.Pa /dev/mse0 2857for a bus mouse, for example. 2858.It Va moused_flags 2859.Pq Vt str 2860If 2861.Va moused_flags 2862is set, its value is used as an additional set of flags to pass to the 2863.Xr moused 8 2864daemon. 2865.It Va "moused_" Ns Ar XXX Ns Va "_flags" 2866When 2867.Va moused_nondefault_enable 2868is enabled, and a 2869.Xr moused 8 2870daemon is started for a non-default port, the 2871.Va "moused_" Ns Ar XXX Ns Va "_flags" 2872set of options has precedence over and replaces the default 2873.Va moused_flags (where 2874.Ar XXX 2875is the name of the non-default port, i.e.\& 2876.Ar ums0 ) . 2877By setting 2878.Va "moused_" Ns Ar XXX Ns Va "_flags" 2879it is possible to set up a different set of default flags for each 2880.Xr moused 8 2881instance. 2882For example, you can use 2883.Dq Li "-3" 2884for the default 2885.Va moused_flags 2886to make your laptop's touchpad more comfortable to use, 2887but an empty set of options for 2888.Va moused_ums0_flags 2889when your 2890.Xr usb 4 2891mouse has three or more buttons. 2892.It Va mousechar_start 2893.Pq Vt int 2894If set to 2895.Dq Li NO , 2896the default mouse cursor character range 2897.Li 0xd0 Ns - Ns Li 0xd3 2898is used, 2899otherwise the range start is set 2900to 2901.Ar value 2902character, see 2903.Xr vidcontrol 1 . 2904Use if the default range is occupied in the language code table. 2905.It Va allscreens_flags 2906.Pq Vt str 2907If set, 2908.Xr vidcontrol 1 2909is run with these options for each of the virtual terminals 2910.Pq Pa /dev/ttyv* . 2911For example, 2912.Dq Fl m Cm on 2913will enable the mouse pointer on all virtual terminals 2914if 2915.Va moused_enable 2916is set to 2917.Dq Li YES . 2918.It Va allscreens_kbdflags 2919.Pq Vt str 2920If set, 2921.Xr kbdcontrol 1 2922is run with these options for each of the virtual terminals 2923.Pq Pa /dev/ttyv* . 2924For example, 2925.Dq Fl h Li 200 2926will set the 2927.Xr syscons 4 2928scrollback (history) buffer to 200 lines. 2929.It Va cron_enable 2930.Pq Vt bool 2931If set to 2932.Dq Li YES , 2933run the 2934.Xr cron 8 2935daemon at system boot time. 2936.It Va cron_program 2937.Pq Vt str 2938Path to 2939.Xr cron 8 2940(default 2941.Pa /usr/sbin/cron ) . 2942.It Va cron_flags 2943.Pq Vt str 2944If 2945.Va cron_enable 2946is set to 2947.Dq Li YES , 2948these are the flags to pass to 2949.Xr cron 8 . 2950.It Va cron_dst 2951.Pq Vt bool 2952If set to 2953.Dq Li YES , 2954enable the special handling of transitions to and from the 2955Daylight Saving Time in 2956.Xr cron 8 2957(equivalent to using the flag 2958.Fl s ) . 2959.It Va lpd_program 2960.Pq Vt str 2961Path to 2962.Xr lpd 8 2963(default 2964.Pa /usr/sbin/lpd ) . 2965.It Va lpd_enable 2966.Pq Vt bool 2967If set to 2968.Dq Li YES , 2969run the 2970.Xr lpd 8 2971daemon at system boot time. 2972.It Va lpd_flags 2973.Pq Vt str 2974If 2975.Va lpd_enable 2976is set to 2977.Dq Li YES , 2978these are the flags to pass to the 2979.Xr lpd 8 2980daemon. 2981.It Va chkprintcap_enable 2982.Pq Vt bool 2983If set to 2984.Dq Li YES , 2985run the 2986.Xr chkprintcap 8 2987command before starting the 2988.Xr lpd 8 2989daemon. 2990.It Va chkprintcap_flags 2991.Pq Vt str 2992If 2993.Va lpd_enable 2994and 2995.Va chkprintcap_enable 2996are set to 2997.Dq Li YES , 2998these are the flags to pass to the 2999.Xr chkprintcap 8 3000program. 3001The default is 3002.Dq Li -d , 3003which causes missing directories to be created. 3004.It Va mta_start_script 3005.Pq Vt str 3006This variable specifies the full path to the script to run to start 3007a mail transfer agent. 3008The default is 3009.Pa /etc/rc.sendmail . 3010The 3011.Va sendmail_* 3012variables which 3013.Pa /etc/rc.sendmail 3014uses are documented in the 3015.Xr rc.sendmail 8 3016manual page. 3017.It Va dumpdev 3018.Pq Vt str 3019Indicates the device (usually a swap partition) to which a crash dump 3020should be written in the event of a system crash. 3021If the value of this variable is 3022.Dq Li AUTO , 3023the first suitable swap device listed in 3024.Pa /etc/fstab 3025will be used as dump device. 3026Otherwise, the value of this variable is passed as the argument to 3027.Xr dumpon 8 . 3028To disable crash dumps, set this variable to 3029.Dq Li NO . 3030.It Va dumpdir 3031.Pq Vt str 3032When the system reboots after a crash and a crash dump is found on the 3033device specified by the 3034.Va dumpdev 3035variable, 3036.Xr savecore 8 3037will save that crash dump and a copy of the kernel to the directory 3038specified by the 3039.Va dumpdir 3040variable. 3041The default value is 3042.Pa /var/crash . 3043Set to 3044.Dq Li NO 3045to not run 3046.Xr savecore 8 3047at boot time when 3048.Va dumpdir 3049is set. 3050.It Va savecore_flags 3051.Pq Vt str 3052If crash dumps are enabled, these are the flags to pass to the 3053.Xr savecore 8 3054utility. 3055.It Va quota_enable 3056.Pq Vt bool 3057Set to 3058.Dq Li YES 3059to turn on user and group disk quotas on system startup via the 3060.Xr quotaon 8 3061command for all file systems marked as having quotas enabled in 3062.Pa /etc/fstab . 3063The kernel must be built with 3064.Cd "options QUOTA" 3065for disk quotas to function. 3066.It Va check_quotas 3067.Pq Vt bool 3068Set to 3069.Dq Li YES 3070to enable user and group disk quota checking via the 3071.Xr quotacheck 8 3072command. 3073.It Va quotacheck_flags 3074.Pq Vt str 3075If 3076.Va quota_enable 3077is set to 3078.Dq Li YES , 3079and 3080.Va check_quotas 3081is set to 3082.Dq Li YES , 3083these are the flags to pass to the 3084.Xr quotacheck 8 3085utility. 3086The default is 3087.Dq Li "-a" , 3088which checks quotas for all file systems with quotas enabled in 3089.Pa /etc/fstab . 3090.It Va quotaon_flags 3091.Pq Vt str 3092If 3093.Va quota_enable 3094is set to 3095.Dq Li YES , 3096these are the flags to pass to the 3097.Xr quotaon 8 3098utility. 3099The default is 3100.Dq Li "-a" , 3101which enables quotas for all file systems with quotas enabled in 3102.Pa /etc/fstab . 3103.It Va quotaoff_flags 3104.Pq Vt str 3105If 3106.Va quota_enable 3107is set to 3108.Dq Li YES , 3109these are the flags to pass to the 3110.Xr quotaoff 8 3111utility when shutting down the quota system. 3112The default is 3113.Dq Li "-a" , 3114which disables quotas for all file systems with quotas enabled in 3115.Pa /etc/fstab . 3116.It Va accounting_enable 3117.Pq Vt bool 3118Set to 3119.Dq Li YES 3120to enable system accounting through the 3121.Xr accton 8 3122facility. 3123.It Va ibcs2_enable 3124.Pq Vt bool 3125Set to 3126.Dq Li YES 3127to enable iBCS2 (SCO) binary emulation at system initial boot 3128time. 3129.It Va ibcs2_loaders 3130.Pq Vt str 3131If not set to 3132.Dq Li NO 3133and if 3134.Va ibcs2_enable 3135is set to 3136.Dq Li YES , 3137this specifies a list of additional iBCS2 loaders to enable. 3138.It Va linux_enable 3139.Pq Vt bool 3140Set to 3141.Dq Li YES 3142to enable Linux/ELF binary emulation at system initial 3143boot time. 3144.It Va svr4_enable 3145.Pq Vt bool 3146If set to 3147.Dq Li YES , 3148enable SysVR4 emulation at boot time. 3149.It Va sysvipc_enable 3150.Pq Vt bool 3151If set to 3152.Dq Li YES , 3153load System V IPC primitives at boot time. 3154.It Va clear_tmp_enable 3155.Pq Vt bool 3156Set to 3157.Dq Li YES 3158to have 3159.Pa /tmp 3160cleaned at startup. 3161.It Va clear_tmp_X 3162.Pq Vt bool 3163Set to 3164.Dq Li NO 3165to disable removing of X11 lock files, 3166and the removal and (secure) recreation 3167of the various socket directories for X11 3168related programs. 3169.It Va ldconfig_paths 3170.Pq Vt str 3171Set to the list of shared library paths to use with 3172.Xr ldconfig 8 . 3173NOTE: 3174.Pa /usr/lib 3175will always be added first, so it need not appear in this list. 3176.It Va ldconfig32_paths 3177.Pq Vt str 3178Set to the list of 32-bit compatibility shared library paths to 3179use with 3180.Xr ldconfig 8 . 3181.It Va ldconfig_paths_aout 3182.Pq Vt str 3183Set to the list of shared library paths to use with 3184.Xr ldconfig 8 3185legacy 3186.Xr a.out 5 3187support. 3188.It Va ldconfig_insecure 3189.Pq Vt bool 3190The 3191.Xr ldconfig 8 3192utility normally refuses to use directories 3193which are writable by anyone except root. 3194Set this variable to 3195.Dq Li YES 3196to disable that security check during system startup. 3197.It Va ldconfig_local_dirs 3198.Pq Vt str 3199Set to the list of local 3200.Xr ldconfig 8 3201directories. 3202The names of all files in the directories listed will be 3203passed as arguments to 3204.Xr ldconfig 8 . 3205.It Va ldconfig_local32_dirs 3206.Pq Vt str 3207Set to the list of local 32-bit compatibility 3208.Xr ldconfig 8 3209directories. 3210The names of all files in the directories listed will be 3211passed as arguments to 3212.Dq Nm ldconfig Fl 32 . 3213.It Va kern_securelevel_enable 3214.Pq Vt bool 3215Set to 3216.Dq Li YES 3217to set the kernel security level at system startup. 3218.It Va kern_securelevel 3219.Pq Vt int 3220The kernel security level to set at startup. 3221The allowed range of 3222.Ar value 3223ranges from \-1 (the compile time default) to 3 (the 3224most secure). 3225See 3226.Xr security 7 3227for the list of possible security levels and their effect 3228on system operation. 3229.It Va sshd_program 3230.Pq Vt str 3231Path to the SSH server program 3232.Pa ( /usr/sbin/sshd 3233is the default). 3234.It Va sshd_enable 3235.Pq Vt bool 3236Set to 3237.Dq Li YES 3238to start 3239.Xr sshd 8 3240at system boot time. 3241.It Va sshd_flags 3242.Pq Vt str 3243If 3244.Va sshd_enable 3245is set to 3246.Dq Li YES , 3247these are the flags to pass to the 3248.Xr sshd 8 3249daemon. 3250.It Va ftpd_program 3251.Pq Vt str 3252Path to the FTP server program 3253.Pa ( /usr/libexec/ftpd 3254is the default). 3255.It Va ftpd_enable 3256.Pq Vt bool 3257Set to 3258.Dq Li YES 3259to start 3260.Xr ftpd 8 3261as a stand-alone daemon at system boot time. 3262.It Va ftpd_flags 3263.Pq Vt str 3264If 3265.Va ftpd_enable 3266is set to 3267.Dq Li YES , 3268these are the additional flags to pass to the 3269.Xr ftpd 8 3270daemon. 3271.It Va watchdogd_enable 3272.Pq Vt bool 3273If set to 3274.Dq Li YES , 3275start the 3276.Xr watchdogd 8 3277daemon at boot time. 3278This requires that the kernel have been compiled with a 3279.Xr watchdog 4 3280compatible device. 3281.It Va watchdogd_flags 3282.Pq Vt str 3283If 3284.Va watchdogd_enable 3285is set to 3286.Dq Li YES , 3287these are the flags passed to the 3288.Xr watchdogd 8 3289daemon. 3290.It Va performance_cx_lowest 3291.Pq Vt str 3292CPU idle state to use while on AC power. 3293The string 3294.Dq Li LOW 3295indicates that 3296.Xr acpi 4 3297should use the lowest power state available while 3298.Dq Li HIGH 3299indicates that the lowest latency state (less power savings) should be used. 3300.It Va performance_cpu_freq 3301.Pq Vt str 3302CPU clock frequency to use while on AC power. 3303The string 3304.Dq Li LOW 3305indicates that 3306.Xr cpufreq 4 3307should use the lowest frequency available while 3308.Dq Li HIGH 3309indicates that the highest frequency (less power savings) should be used. 3310.It Va economy_cx_lowest 3311.Pq Vt str 3312CPU idle state to use when off AC power. 3313The string 3314.Dq Li LOW 3315indicates that 3316.Xr acpi 4 3317should use the lowest power state available while 3318.Dq Li HIGH 3319indicates that the lowest latency state (less power savings) should be used. 3320.It Va economy_cpu_freq 3321.Pq Vt str 3322CPU clock frequency to use when off AC power. 3323The string 3324.Dq Li LOW 3325indicates that 3326.Xr cpufreq 4 3327should use the lowest frequency available while 3328.Dq Li HIGH 3329indicates that the highest frequency (less power savings) should be used. 3330.It Va jail_enable 3331.Pq Vt bool 3332If set to 3333.Dq Li NO , 3334any configured jails will not be started. 3335.It Va jail_list 3336.Pq Vt str 3337A space separated list of names for jails. 3338This is purely a configuration aid to help identify and 3339configure multiple jails. 3340The names specified in this list will be used to 3341identify settings common to an instance of a jail. 3342Assuming that the jail in question was named 3343.Li vjail , 3344you would have the following dependent variables: 3345.Bd -literal 3346jail_vjail_hostname="jail.example.com" 3347jail_vjail_ip="192.0.2.100" 3348jail_vjail_rootdir="/var/jails/vjail/root" 3349.Ed 3350.Pp 3351.It Va jail_flags 3352.Pq Vt str 3353Unset by default. 3354When set, use as default value for 3355.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3356for every jail in 3357.Va jail_list . 3358.It Va jail_interface 3359.Pq Vt str 3360Unset by default. 3361When set, use as default value for 3362.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3363for every jail in 3364.Va jail_list . 3365.It Va jail_fstab 3366.Pq Vt str 3367Unset by default. 3368When set, use as default value for 3369.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3370for every jail in 3371.Va jail_list . 3372.It Va jail_mount_enable 3373.Pq Vt bool 3374Set to 3375.Dq Li NO 3376by default. 3377When set to 3378.Dq Li YES , 3379sets 3380.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3381to 3382.Dq Li YES 3383by default for every jail in 3384.Va jail_list . 3385.It Va jail_devfs_ruleset 3386.Pq Vt str 3387Unset by default. 3388When set, sets 3389.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3390to given value for every jail in 3391.Va jail_list . 3392.It Va jail_devfs_enable 3393.Pq Vt bool 3394Set to 3395.Dq Li NO 3396by default. 3397When set to 3398.Dq Li YES , 3399sets 3400.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3401to 3402.Dq Li YES 3403by default for every jail in 3404.Va jail_list . 3405.It Va jail_fdescfs_enable 3406.Pq Vt bool 3407Set to 3408.Dq Li NO 3409by default. 3410When set to 3411.Dq Li YES , 3412sets 3413.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3414to 3415.Dq Li YES 3416by default for every jail in 3417.Va jail_list . 3418.It Va jail_procfs_enable 3419.Pq Vt bool 3420Set to 3421.Dq Li NO 3422by default. 3423When set to 3424.Dq Li YES , 3425sets 3426.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3427to 3428.Dq Li YES 3429by default for every jail in 3430.Va jail_list . 3431.It Va jail_exec_prestart Ns Aq Ar N 3432.Pq Vt str 3433Unset by default. 3434When set, use as default value for 3435.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3436for every jail in 3437.Va jail_list . 3438.It Va jail_exec_start 3439.Pq Vt str 3440Unset by default. 3441When set, use as default value for 3442.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3443for every jail in 3444.Va jail_list . 3445.It Va jail_exec_afterstart Ns Aq Ar N 3446.Pq Vt str 3447Unset by default. 3448When set, use as default value for 3449.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3450for every jail in 3451.Va jail_list . 3452.It Va jail_exec_poststart Ns Aq Ar N 3453.Pq Vt str 3454Unset by default. 3455When set, use as default value for 3456.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 3457for every jail in 3458.Va jail_list . 3459.It Va jail_exec_prestop Ns Aq Ar N 3460.Pq Vt str 3461Unset by default. 3462When set, use as default value for 3463.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 3464for every jail in 3465.Va jail_list . 3466.It Va jail_exec_stop 3467Unset by default. 3468When set, use as default value for 3469.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3470for every jail in 3471.Va jail_list . 3472.It Va jail_exec_poststop Ns Aq Ar N 3473.Pq Vt str 3474Unset by default. 3475When set, use as default value for 3476.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 3477for every jail in 3478.Va jail_list . 3479.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3480.Pq Vt str 3481Unset by default. 3482Set to the root directory used by jail 3483.Va jname . 3484.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3485.Pq Vt str 3486Unset by default. 3487Set to the fully qualified domain name (FQDN) assigned to jail 3488.Va jname . 3489.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3490.Pq Vt str 3491Unset by default. 3492Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 3493The argument can be a sole address or a comma separated list of addresses. 3494Additionally each address can be prefixed by the name of an interface 3495followed by a pipe to overwrite 3496.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3497or 3498.Va jail_interface 3499and/or suffixed by a netmask, prefixlen or prefix. 3500In case no netmask, prefixlen or prefix is given, 3501.Sq /32 3502will be used for IPv4 and 3503.Sq /128 3504will be used for an IPv6 address. 3505If no address is given for the jail then the jail will be started with 3506no networking support. 3507.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3508.Pq Vt str 3509Unset by default. 3510Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 3511The sequence starts with 3512.Dq Li _multi0 3513and the numbers have to be strictly ascending. 3514These entries follow the same syntax as their primary 3515.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3516entry. 3517The order of the entries can be important as the first address for 3518each address family found will be the primary address of the jail. 3519See 3520.Va ip-addresses 3521option in 3522.Xr jail 8 3523for more details. 3524.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3525.Pq Vt str 3526Set to 3527.Dq Li -l -U root 3528by default. 3529These are flags to pass to 3530.Xr jail . 3531.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3532.Pq Vt str 3533Unset by default. 3534When set, sets the interface to use when setting IP address alias. 3535Note that the alias is created at jail startup and removed at jail shutdown. 3536.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3537.Pq Vt str 3538Unset by default. 3539When set, the jail is started with the specified forwarding table (sometimes 3540referred to as a routing table) via 3541.Xr setfib 1 . 3542.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3543.Pq Vt str 3544Set to 3545.Pa /etc/fstab. Ns Aq Ar jname 3546by default. 3547This is the file system information file to use for jail 3548.Va jname . 3549.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3550.Pq Vt bool 3551Set to 3552.Dq Li NO 3553by default. 3554When set to 3555.Dq Li YES , 3556mount all file systems from 3557.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3558at jail startup. 3559.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3560.Pq Vt str 3561Unset by default. 3562When set, defines the device file system ruleset file to use for jail 3563.Va jname . 3564.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3565.Pq Vt bool 3566Set to 3567.Dq Li NO 3568by default. 3569When set to 3570.Dq Li YES , 3571mount the device file system inside jail 3572.Ar jname 3573at jail startup. 3574.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3575.Pq Vt bool 3576Set to 3577.Dq Li NO 3578by default. 3579When set to 3580.Dq Li YES , 3581mount the file-descriptor file system inside jail 3582.Ar jname 3583at jail startup. 3584.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3585.Pq Vt bool 3586Set to 3587.Dq Li NO 3588by default. 3589When set to 3590.Dq Li YES , 3591mount the process file system inside jail 3592.Ar jname 3593at jail startup. 3594.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3595.Pq Vt str 3596Unset by default. 3597This is the command run as 3598.Ar N Ns 3599th command 3600before jail startup, where 3601.Ar N 3602is 0, 1, and so on. 3603It is run outside the jail. 3604.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3605.Pq Vt str 3606Set to 3607.Dq Li /bin/sh /etc/rc 3608by default. 3609This is the command executed in a jail at jail startup. 3610.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3611.Pq Vt str 3612Unset by default. 3613This is the command run as 3614.Ar N Ns 3615th command 3616in a jail 3617after jail startup, where 3618.Ar N 3619is 1, 2, and so on. 3620.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 3621.Pq Vt str 3622Unset by default. 3623This is the command run as 3624.Ar N Ns 3625th command 3626after jail startup, where 3627.Ar N 3628is 0, 1, and so on. 3629It is run outside the jail. 3630.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 3631.Pq Vt str 3632Unset by default. 3633This is the command run as 3634.Ar N Ns 3635th command 3636before jail shutdown, where 3637.Ar N 3638is 0, 1, and so on. 3639It is run outside the jail. 3640.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3641.Pq Vt str 3642Set to 3643.Dq Li /bin/sh /etc/rc.shutdown 3644by default. 3645This is the command executed in a jail at jail shutdown. 3646.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 3647.Pq Vt str 3648Unset by default. 3649This is the command run as 3650.Ar N Ns 3651th command 3652after jail shutdown, where 3653.Ar N 3654is 0, 1, and so on. 3655It is run outside the jail. 3656.It Va jail_set_hostname_allow 3657.Pq Vt bool 3658If set to 3659.Dq Li NO , 3660do not allow the root user in a jail to set its hostname. 3661.It Va jail_socket_unixiproute_only 3662.Pq Vt bool 3663If set to 3664.Dq Li YES , 3665do not allow any sockets, 3666besides UNIX/IP/route sockets, 3667to be used within a jail. 3668.It Va jail_sysvipc_allow 3669.Pq Vt bool 3670If set to 3671.Dq Li YES , 3672allow applications within a jail to use System V IPC. 3673.\" ----------------------------------------------------- 3674.It Va harvest_interrupt 3675.Pq Vt bool 3676Set to 3677.Dq Li YES 3678to use hardware interrupts as an entropy source. 3679Refer to 3680.Xr random 4 3681for more information. 3682.It Va harvest_ethernet 3683.Pq Vt bool 3684Set to 3685.Dq Li YES 3686to use LAN traffic as an entropy source. 3687Refer to 3688.Xr random 4 3689for more information. 3690.It Va harvest_p_to_p 3691.Pq Vt bool 3692Set to 3693.Dq Li YES 3694to use serial line traffic as an entropy source. 3695Refer to 3696.Xr random 4 3697for more information. 3698.It Va entropy_dir 3699.Pq Vt str 3700Set to 3701.Dq Li NO 3702to disable caching entropy via 3703.Xr cron 8 . 3704Otherwise set to the directory used to store entropy files in. 3705.It Va entropy_file 3706.Pq Vt str 3707Set to 3708.Dq Li NO 3709to disable caching entropy through reboots. 3710Otherwise set to the filename used to store cached entropy through 3711reboots. 3712This file should be located on the root file system to seed the 3713.Xr random 4 3714device as early as possible in the boot process. 3715.It Va entropy_save_sz 3716.Pq Vt int 3717Size of the entropy cache files saved by 3718.Nm save-entropy 3719periodically. 3720.It Va entropy_save_num 3721.Pq Vt int 3722Number of entropy cache files to save by 3723.Nm save-entropy 3724periodically. 3725.It Va ipsec_enable 3726.Pq Vt bool 3727Set to 3728.Dq Li YES 3729to run 3730.Xr setkey 8 3731on 3732.Va ipsec_file 3733at boot time. 3734.It Va ipsec_file 3735.Pq Vt str 3736Configuration file for 3737.Xr setkey 8 . 3738.It Va dmesg_enable 3739.Pq Vt bool 3740Set to 3741.Dq Li YES 3742to save 3743.Xr dmesg 8 3744to 3745.Pa /var/run/dmesg.boot 3746on boot. 3747.It Va rcshutdown_timeout 3748.Pq Vt int 3749If set, start a watchdog timer in the background which will terminate 3750.Pa rc.shutdown 3751if 3752.Xr shutdown 8 3753has not completed within the specified time (in seconds). 3754Notice that in addition to this soft timeout, 3755.Xr init 8 3756also applies a hard timeout for the execution of 3757.Pa rc.shutdown . 3758This is configured via 3759.Xr sysctl 8 3760variable 3761.Va kern.init_shutdown_timeout 3762and defaults to 120 seconds. 3763Setting the value of 3764.Va rcshutdown_timeout 3765to more than 120 seconds will have no effect until the 3766.Xr sysctl 8 3767variable 3768.Va kern.init_shutdown_timeout 3769is also increased. 3770.It Va virecover_enable 3771.Pq Vt bool 3772Set to 3773.Dq Li NO 3774to prevent the system from trying to 3775recover pre-maturely terminated 3776.Xr vi 1 3777sessions. 3778.It Va ugidfw_enable 3779.Pq Vt bool 3780Set to 3781.Dq Li YES 3782to load the 3783.Xr mac_bsdextended 4 3784module upon system initialization and load a default 3785ruleset file. 3786.It Va bsdextended_script 3787.Pq Vt str 3788The default 3789.Xr mac_bsdextended 4 3790ruleset file to load. 3791The default value of this variable is 3792.Pa /etc/rc.bsdextended . 3793.It Va newsyslog_enable 3794.Pq Vt bool 3795If set to 3796.Dq Li YES , 3797run 3798.Xr newsyslog 8 3799command at startup. 3800.It Va newsyslog_flags 3801.Pq Vt str 3802If 3803.Va newsyslog_enable 3804is set to 3805.Dq Li YES , 3806these are the flags to pass to the 3807.Xr newsyslog 8 3808program. 3809The default is 3810.Dq Li -CN , 3811which causes log files flagged with a 3812.Cm C 3813to be created. 3814.It Va mdconfig_md Ns Aq Ar X 3815.Pq Vt str 3816Arguments to 3817.Xr mdconfig 8 3818for 3819.Xr md 4 3820device 3821.Ar X . 3822At minimum a 3823.Fl t Ar type 3824must be specified and either a 3825.Fl s Ar size 3826for malloc or swap backed 3827.Xr md 4 3828devices or a 3829.Fl f Ar file 3830for vnode backed 3831.Xr md 4 3832devices. 3833Note that 3834.Va mdconfig_md Ns Aq Ar X 3835variables are evaluated until one variable is unset or null. 3836.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3837.Pq Vt str 3838Optional arguments passed to 3839.Xr newfs 8 3840to initialize 3841.Xr md 4 3842device 3843.Ar X . 3844.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3845.Pq Vt str 3846An ownership specification passed to 3847.Xr chown 8 3848after the specified 3849.Xr md 4 3850device 3851.Ar X 3852has been mounted. 3853Both the 3854.Xr md 4 3855device and the mount point will be changed. 3856.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3857.Pq Vt str 3858A mode string passed to 3859.Xr chmod 1 3860after the specified 3861.Xr md 4 3862device 3863.Ar X 3864has been mounted. 3865Both the 3866.Xr md 4 3867device and the mount point will be changed. 3868.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3869.Pq Vt str 3870Files to be copied to the mount point of the 3871.Xr md 4 3872device 3873.Ar X 3874after it has been mounted. 3875.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3876.Pq Vt str 3877Command to execute after the specified 3878.Xr md 4 3879device 3880.Ar X 3881has been mounted. 3882Note that the command is passed to 3883.Ic eval 3884and that both 3885.Va _dev 3886and 3887.Va _mp 3888variables can be used to reference respectively the 3889.Xr md 4 3890device and the mount point. 3891Assuming that the 3892.Xr md 4 3893device is 3894.Li md0 , 3895one could set the following: 3896.Bd -literal 3897mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3898.Ed 3899.It Va ramdisk_units 3900.Pq Vt str 3901A list of one or more ramdisk units to configure with 3902.Xr mdconfig 8 3903and 3904.Xr newfs 8 3905in time to be mounted from 3906.Xr fstab 5 . 3907Each listed unit 3908.Ar X 3909must specify at least a 3910.Ar type 3911in a 3912.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3913variable. 3914Note that this way to configure ramdisks has been deprecated 3915in favor of new 3916.Va mdconfig_md* 3917variables (see above). 3918.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3919.Pq Vt str 3920Arguments to 3921.Xr mdconfig 8 3922for ramdisk 3923.Ar X . 3924At minimum a 3925.Fl t Ar type 3926must be specified, where 3927.Ar type 3928must be one of 3929.Cm malloc 3930or 3931.Cm swap . 3932.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3933.Pq Vt str 3934Optional arguments passed to 3935.Xr newfs 8 3936to initialize ramdisk 3937.Ar X . 3938.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3939.Pq Vt str 3940An ownership specification passed to 3941.Xr chown 8 3942after the specified ramdisk unit 3943.Ar X 3944has been mounted. 3945Both the 3946.Xr md 4 3947device and the mount point will be changed. 3948.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3949.Pq Vt str 3950A mode string passed to 3951.Xr chmod 1 3952after the specified ramdisk unit 3953.Ar X 3954has been mounted. 3955Both the 3956.Xr md 4 3957device and the mount point will be changed. 3958.It Va autobridge_interfaces 3959.Pq Vt str 3960Set to the list of bridge interfaces that will have newly arriving interfaces 3961checked against to be automatically added. 3962If not set to 3963.Dq Li NO 3964then for each whitespace separated 3965.Ar element 3966in the value, a 3967.Va autobridge_ Ns Aq Ar element 3968variable is assumed to exist which has a whitespace separated list of interface 3969names to match, these names can use wildcards. 3970For example: 3971.Bd -literal 3972autobridge_interfaces="bridge0" 3973autobridge_bridge0="tap* dc0 vlan[345]" 3974.Ed 3975.It Va mixer_enable 3976.Pq Vt bool 3977If set to 3978.Dq Li YES , 3979enable support for sound mixer. 3980.It Va hcsecd_enable 3981.Pq Vt bool 3982If set to 3983.Dq Li YES , 3984enable Bluetooth security daemon. 3985.It Va hcsecd_config 3986.Pq Vt str 3987Configuration file for 3988.Xr hcsecd 8 . 3989Default 3990.Pa /etc/bluetooth/hcsecd.conf . 3991.It Va sdpd_enable 3992.Pq Vt bool 3993If set to 3994.Dq Li YES , 3995enable Bluetooth Service Discovery Protocol daemon. 3996.It Va sdpd_control 3997.Pq Vt str 3998Path to 3999.Xr sdpd 8 4000control socket. 4001Default 4002.Pa /var/run/sdp . 4003.It Va sdpd_groupname 4004.Pq Vt str 4005Sets 4006.Xr sdpd 8 4007group to run as after it initializes. 4008Default 4009.Dq Li nobody . 4010.It Va sdpd_username 4011.Pq Vt str 4012Sets 4013.Xr sdpd 8 4014user to run as after it initializes. 4015Default 4016.Dq Li nobody . 4017.It Va bthidd_enable 4018.Pq Vt bool 4019If set to 4020.Dq Li YES , 4021enable Bluetooth Human Interface Device daemon. 4022.It Va bthidd_config 4023.Pq Vt str 4024Configuration file for 4025.Xr bthidd 8 . 4026Default 4027.Pa /etc/bluetooth/bthidd.conf . 4028.It Va bthidd_hids 4029.Pq Vt str 4030Path to a file, where 4031.Xr bthidd 8 4032will store information about known HID devices. 4033Default 4034.Pa /var/db/bthidd.hids . 4035.It Va rfcomm_pppd_server_enable 4036.Pq Vt bool 4037If set to 4038.Dq Li YES , 4039enable Bluetooth RFCOMM PPP wrapper daemon. 4040.It Va rfcomm_pppd_server_profile 4041.Pq Vt str 4042The name of the profile to use from 4043.Pa /etc/ppp/ppp.conf . 4044Multiple profiles can be specified here. 4045Also used to specify per-profile overrides. 4046When the profile name contains any of the characters 4047.Dq Li .-/+ 4048they are translated to 4049.Dq Li _ 4050for the proposes of the override variable names. 4051.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4052.Pq Vt str 4053Overrides local address to listen on. 4054By default 4055.Xr rfcomm_pppd 8 4056will listen on 4057.Dq Li ANY 4058address. 4059The address can be specified as BD_ADDR or name. 4060.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4061.Pq Vt str 4062Overrides local RFCOMM channel to listen on. 4063By default 4064.Xr rfcomm_pppd 8 4065will listen on RFCOMM channel 1. 4066Must set properly if multiple profiles used in the same time. 4067.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4068.Pq Vt bool 4069Tells 4070.Xr rfcomm_pppd 8 4071if it should register Serial Port service on the speficied RFCOMM channel. 4072Default 4073.Dq Li NO . 4074.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4075.Pq Vt bool 4076Tells 4077.Xr rfcomm_pppd 8 4078if it should register Dial-Up Networking service on the speficied 4079RFCOMM channel. 4080Default 4081.Dq Li NO . 4082.El 4083.Sh FILES 4084.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4085.It Pa /etc/defaults/rc.conf 4086.It Pa /etc/rc.conf 4087.It Pa /etc/rc.conf.local 4088.El 4089.Sh SEE ALSO 4090.Xr catman 1 , 4091.Xr chmod 1 , 4092.Xr gdb 1 , 4093.Xr info 1 , 4094.Xr kbdcontrol 1 , 4095.Xr makewhatis 1 , 4096.Xr sh 1 , 4097.Xr vi 1 , 4098.Xr vidcontrol 1 , 4099.Xr bridge 4 , 4100.Xr dummynet 4 , 4101.Xr ip 4 , 4102.Xr ipf 4 , 4103.Xr ipfw 4 , 4104.Xr ipnat 4 , 4105.Xr kld 4 , 4106.Xr pf 4 , 4107.Xr pflog 4 , 4108.Xr pfsync 4 , 4109.Xr tcp 4 , 4110.Xr udp 4 , 4111.Xr exports 5 , 4112.Xr fstab 5 , 4113.Xr ipf 5 , 4114.Xr ipnat 5 , 4115.Xr motd 5 , 4116.Xr newsyslog.conf 5 , 4117.Xr pf.conf 5 , 4118.Xr security 7 , 4119.Xr accton 8 , 4120.Xr amd 8 , 4121.Xr apm 8 , 4122.Xr atm 8 , 4123.Xr bthidd 8 , 4124.Xr chkprintcap 8 , 4125.Xr chown 8 , 4126.Xr cron 8 , 4127.Xr dhclient 8 , 4128.Xr ftpd 8 , 4129.Xr geli 8 , 4130.Xr hcsecd 8 , 4131.Xr ifconfig 8 , 4132.Xr inetd 8 , 4133.Xr ipf 8 , 4134.Xr ipfw 8 , 4135.Xr ipnat 8 , 4136.Xr jail 8 , 4137.Xr kldxref 8 , 4138.Xr lpd 8 , 4139.Xr mdconfig 8 , 4140.Xr mdmfs 8 , 4141.Xr mixer 8 , 4142.Xr mountd 8 , 4143.Xr moused 8 , 4144.Xr mrouted 8 , 4145.Xr named 8 , 4146.Xr newfs 8 , 4147.Xr newsyslog 8 , 4148.Xr nfsd 8 , 4149.Xr ntpd 8 , 4150.Xr ntpdate 8 , 4151.Xr pfctl 8 , 4152.Xr pflogd 8 , 4153.Xr powerd 8 , 4154.Xr quotacheck 8 , 4155.Xr quotaon 8 , 4156.Xr rc 8 , 4157.Xr rc.sendmail 8 , 4158.Xr rfcomm_pppd 8 , 4159.Xr route 8 , 4160.Xr routed 8 , 4161.Xr rpcbind 8 , 4162.Xr rpc.lockd 8 , 4163.Xr rpc.statd 8 , 4164.Xr rwhod 8 , 4165.Xr savecore 8 , 4166.Xr sdpd 8 , 4167.Xr sshd 8 , 4168.Xr swapon 8 , 4169.Xr sysctl 8 , 4170.Xr syslogd 8 , 4171.Xr timed 8 , 4172.Xr wlandebug 8 , 4173.Xr yp 8 , 4174.Xr ypbind 8 , 4175.Xr ypserv 8 , 4176.Xr ypset 8 4177.Sh HISTORY 4178The 4179.Nm 4180file appeared in 4181.Fx 2.2.2 . 4182.Sh AUTHORS 4183.An Jordan K. Hubbard . 4184