1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd September 18, 2023 26.Dt RC.CONF 5 27.Os 28.Sh NAME 29.Nm rc.conf 30.Nd system configuration information 31.Sh DESCRIPTION 32The file 33.Nm 34contains descriptive information about the local host name, configuration 35details for any potential network interfaces and which services should be 36started up at system initial boot time. 37In new installations, the 38.Nm 39file is generally initialized by the system installation utility. 40.Pp 41The purpose of 42.Nm 43is not to run commands or perform system startup actions 44directly. 45Instead, it is included by the 46various generic startup scripts in 47.Pa /etc 48which conditionalize their 49internal actions according to the settings found there. 50.Pp 51The 52.Pa /etc/rc.conf 53file is included from the file 54.Pa /etc/defaults/rc.conf , 55which specifies the default settings for all the available options. 56Options need only be specified in 57.Pa /etc/rc.conf 58when the system administrator wishes to override these defaults. 59The file 60.Pa /etc/defaults/vendor.conf 61allows vendors to override 62.Fx 63defaults. 64The file 65.Pa /etc/rc.conf.local 66is used to override settings in 67.Pa /etc/rc.conf 68for historical reasons. 69.Pp 70The sysrc(8) command provides a scripting interface to modify system 71config files. 72.Pp 73In addition to 74.Pa /etc/rc.conf.local 75you can also place smaller configuration files for each 76.Xr rc 8 77script in the 78.Pa /etc/rc.conf.d 79directory or 80.Ao Ar dir Ac Ns Pa /rc.conf.d 81directories (where 82.Ao Ar dir Ac 83is each entry specified in 84.Va local_startup , 85but with any trailing 86.Pa /rc.d 87stripped), 88which will be included by the 89.Va load_rc_config 90function. 91For jail configurations you could use the file 92.Pa /etc/rc.conf.d/jail 93to store jail-specific configuration options. 94If 95.Va local_startup 96contains 97.Pa /usr/local/etc/rc.d 98and 99.Pa /opt/conf , 100.Pa /usr/local/etc/rc.conf.d/jail 101and 102.Pa /opt/conf/rc.conf.d/jail 103will be loaded. 104If 105.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 106is a directory, 107all of the files in the directory will be loaded. 108Also see the 109.Va rc_conf_files 110variable below. 111.Pp 112Options are set with 113.Dq Ar name Ns Li = Ns Ar value 114assignments that use 115.Xr sh 1 116syntax. 117The following list provides a name and short description for each 118variable that can be set in the 119.Nm 120file: 121.Bl -tag -width indent-two 122.It Va rc_debug 123.Pq Vt bool 124If set to 125.Dq Li YES , 126enable output of debug messages from rc scripts. 127This variable can be helpful in diagnosing mistakes when 128editing or integrating new scripts. 129Beware that this produces copious output to the terminal and 130.Xr syslog 3 . 131.It Va rc_info 132.Pq Vt bool 133If set to 134.Dq Li NO , 135disable informational messages from the rc scripts. 136Informational messages are displayed when 137a condition that is not serious enough to warrant a warning or 138an error occurs. 139.It Va rc_startmsgs 140.Pq Vt bool 141If set to 142.Dq Li YES , 143show 144.Dq Starting foo: 145when faststart is used (e.g., at boot time). 146.It Va early_late_divider 147.Pq Vt str 148The name of the script that should be used as the 149delimiter between the 150.Dq early 151and 152.Dq late 153stages of the boot process. 154The early stage should contain all the services needed to 155get the disks (local or remote) mounted so that the late 156stage can include scripts contained in the directories 157listed in the 158.Va local_startup 159variable (see below). 160Thus, the two likely candidates for this value are 161.Pa mountcritlocal 162for the typical system, and 163.Pa mountcritremote 164if the system needs remote file 165systems mounted to get access to the 166.Va local_startup 167directories; for example when 168.Pa /usr/local 169is NFS mounted. 170For 171.Pa rc.conf 172within a 173.Xr jail 8 174.Pa NETWORKING 175is likely to be an appropriate value. 176Extreme care should be taken when changing this value, 177and before changing it one should ensure that there are 178adequate provisions to recover from a failed boot 179(such as physical contact with the machine, 180or reliable remote console access). 181.It Va always_force_depends 182.Pq Vt bool 183Various 184.Pa rc.d 185scripts use the force_depend function to check whether required 186services are already running, and to start them if necessary. 187By default during boot time this check is bypassed if the 188required service is enabled in 189.Pa /etc/rc.conf[.local] . 190Setting this option will bypass that check at boot time and 191always test whether or not the service is actually running. 192Enabling this option is likely to increase your boot time if 193services are enabled that utilize the force_depend check. 194.It Ao Ar name Ac Ns Va _chroot 195.Pq Vt str 196.Xr chroot 8 197to this directory before running the service. 198.It Ao Ar name Ac Ns Va _cpuset 199.Pq Vt str 200A list of CPUs to run the service on. 201Passed to 202.Xr cpuset 1 203using the 204.Fl l 205flag. 206.It Ao Ar name Ac Ns Va _fib 207.Pq Vt int 208The 209.Xr setfib 1 210value to run the service under. 211.It Ao Ar name Ac Ns Va _group 212.Pq Vt str 213Run the chrooted service under this system group. 214Unlike the 215.Ao Ar name Ac Ns Va _user 216setting, this setting has no effect if the service is not chrooted. 217.It Ao Ar name Ac Ns Va _limits 218.Pq Vt str 219Resource limits to apply to the service using 220.Xr limits 1 . 221By default, resource limits are based on the login class defined in 222.Ao Ar name Ac Ns Va _login_class . 223.It Ao Ar name Ac Ns Va _login_class 224.Pq Vt str 225Login class to be used with 226.Ao Ar name Ac Ns Va _limits . 227Defaults to 228.Dq Li daemon . 229.It Ao Ar name Ac Ns Va _nice 230.Pq Vt int 231The 232.Xr nice 1 233value to run the service under. 234.It Ao Ar name Ac Ns Va _oomprotect 235.Pq Vt str 236Use 237.Xr protect 1 238to prevent the service from being killed when swap space 239is exhausted. 240Use 241.Dq Li YES 242to protect only the service itself, and 243.Dq Li ALL 244to protect the service and all its child processes. 245.Pp 246Please note that rc scripts which redefine 247.Dl ${argument}_cmd 248.Pq see Xr rc.subr 8 249such as PostgreSQL will not inherit the OOM killer protection. 250.Pp 251This variable has no effect on services running within a 252.Xr jail 8 . 253.It Ao Ar name Ac Ns Va _setup 254.Pq Vt str 255Run the specified setup script right before starting the actual service 256command. 257Useful for automatic configuration file generation. 258.It Ao Ar name Ac Ns Va _umask 259.Pq Vt int 260Run the service using this 261.Xr umask 1 262value. 263.It Ao Ar name Ac Ns Va _user 264.Pq Vt str 265Run the service under this user account. 266.It Va apm_enable 267.Pq Vt bool 268If set to 269.Dq Li YES , 270enable support for Automatic Power Management with 271the 272.Xr apm 8 273command. 274.It Va apmd_enable 275.Pq Vt bool 276Run 277.Xr apmd 8 278to handle APM event from userland. 279This also enables support for APM. 280.It Va apmd_flags 281.Pq Vt str 282If 283.Va apmd_enable 284is set to 285.Dq Li YES , 286these are the flags to pass to the 287.Xr apmd 8 288daemon. 289.It Va devd_enable 290.Pq Vt bool 291Run 292.Xr devd 8 293to handle device added, removed or unknown events from the kernel. 294.It Va ddb_enable 295.Pq Vt bool 296Run 297.Xr ddb 8 298to install 299.Xr ddb 4 300scripts at boot time. 301.It Va ddb_config 302.Pq Vt str 303Configuration file for 304.Xr ddb 8 . 305Default 306.Pa /etc/ddb.conf . 307.It Va devmatch_enable 308.Pq Vt bool 309If set to 310.Dq Li NO , 311disable auto-loading of kernel modules with 312.Xr devmatch 8 . 313.It Va devmatch_blocklist 314.Pq Vt str 315A whitespace-separated list of kernel modules to be ignored by 316.Xr devmatch 8 . 317In addition, the 318.Xr kenv 1 319.Va devmatch_blocklist 320is appended to this variable to allow disabling of 321.Xr devmatch 8 322loaded modules from the boot loader. 323.It Va devmatch_blacklist 324.Pq Vt str 325This variable is deprecated. 326Use 327.Va devmatch_blocklist 328instead. 329A whitespace-separated list of kernel modules to be ignored by 330.Xr devmatch 8 . 331.It Va kld_list 332.Pq Vt str 333A whitespace-separated list of kernel modules to load right after 334the local disks are mounted, without any 335.Pa .ko 336extension or path. 337Loading modules at this point in the boot process is 338much faster than doing it via 339.Pa /boot/loader.conf 340for those modules not necessary for mounting local disks. 341.It Va kldxref_enable 342.Pq Vt bool 343Set to 344.Dq Li NO 345by default. 346Set to 347.Dq Li YES 348to automatically rebuild 349.Pa linker.hints 350files with 351.Xr kldxref 8 352at boot time. 353.It Va kldxref_clobber 354.Pq Vt bool 355Set to 356.Dq Li NO 357by default. 358If 359.Va kldxref_enable 360is true, 361setting to 362.Dq Li YES 363will overwrite existing 364.Pa linker.hints 365files at boot time. 366Otherwise, 367only missing 368.Pa linker.hints 369files are generated. 370.It Va kldxref_module_path 371.Pq Vt str 372Empty by default. 373A semi-colon 374.Pq Ql \&; 375delimited list of paths containing 376.Xr kld 4 377modules. 378If empty, 379the contents of the 380.Va kern.module_path 381.Xr sysctl 8 382are used. 383.It Va powerd_enable 384.Pq Vt bool 385If set to 386.Dq Li YES , 387enable the system power control facility with the 388.Xr powerd 8 389daemon. 390.It Va powerd_flags 391.Pq Vt str 392If 393.Va powerd_enable 394is set to 395.Dq Li YES , 396these are the flags to pass to the 397.Xr powerd 8 398daemon. 399.It Va tmpmfs 400Controls the creation of a 401.Pa /tmp 402memory file system. 403Always happens if set to 404.Dq Li YES 405and never happens if set to 406.Dq Li NO . 407If set to anything else, a memory file system is created if 408.Pa /tmp 409is not writable. 410.It Va tmpsize 411Controls the size of a created 412.Pa /tmp 413memory file system. 414.It Va tmpmfs_flags 415Extra options passed to the 416.Xr mdmfs 8 417utility when the memory file system for 418.Pa /tmp 419is created. 420The default is 421.Dq Li "-S" , 422which inhibits the use of softupdates on 423.Pa /tmp 424so that file system space is freed without delay 425after file truncation or deletion. 426See 427.Xr mdmfs 8 428for other options you can use in 429.Va tmpmfs_flags . 430.It Va varmfs 431Controls the creation of a 432.Pa /var 433memory file system. 434Always happens if set to 435.Dq Li YES 436and never happens if set to 437.Dq Li NO . 438If set to anything else, a memory file system is created if 439.Pa /var 440is not writable. 441.It Va varsize 442Controls the size of a created 443.Pa /var 444memory file system. 445.It Va varmfs_flags 446Extra options passed to the 447.Xr mdmfs 8 448utility when the memory file system for 449.Pa /var 450is created. 451The default is 452.Dq Li "-S" , 453which inhibits the use of softupdates on 454.Pa /var 455so that file system space is freed without delay 456after file truncation or deletion. 457See 458.Xr mdmfs 8 459for other options you can use in 460.Va varmfs_flags . 461.It Va populate_var 462Controls the automatic population of the 463.Pa /var 464file system. 465Always happens if set to 466.Dq Li YES 467and never happens if set to 468.Dq Li NO . 469If set to anything else, a memory file system is created if 470.Pa /var 471is not writable. 472Note that this process requires access to certain commands in 473.Pa /usr 474before 475.Pa /usr 476is mounted on normal systems. 477.It Va cleanvar_enable 478.Pq Vt bool 479Clean the 480.Pa /var 481directory. 482.It Va var_run_enable 483.Pq Vt bool 484Set to "YES" to enable saving of the 485.Pa /var/run 486directory structure into an mtree file at shutdown and the reload of the 487.Pa /var/run 488directory structure at boot. 489.It Va var_run_autosave 490.Pq Vt bool 491In some cases it may be undesirable to save 492.Pa /var/run 493at shutdown. 494When set to "NO" 495.Pa /var/run 496is loaded at reboot but not saved at shutdown. 497Typically in this scenario 498.Ql service var_run save 499would be performed to save a copy of the 500.Pa /var/run 501directory structure once, to be reloaded during all subsequent reboots. 502.It Va var_run_mtree 503.Pq Vt str 504Where to save the 505.Pa /var/run 506mtree. 507The default location is 508.Pa /var/db/mtree/BSD.var-run.mtree . 509.It Va local_startup 510.Pq Vt str 511List of directories to search for startup script files. 512.It Va script_name_sep 513.Pq Vt str 514The field separator to use for breaking down the list of startup script files 515into individual filenames. 516The default is a space. 517It is not necessary to change this unless there are startup scripts with names 518containing spaces. 519.It Va hostapd_enable 520.Pq Vt bool 521Set to 522.Dq Li YES 523to start 524.Xr hostapd 8 525at system boot time. 526.It Va hostname 527.Pq Vt str 528The fully qualified domain name (FQDN) of this host on the network. 529This should almost certainly be set to something meaningful, even if 530there is no network connection. 531If 532.Xr dhclient 8 533is used to set the hostname via DHCP, 534this variable should be set to an empty string. 535Within a 536.Xr jail 8 537the hostname is generally already set and this variable may be absent. 538If this value remains unset when the system is done booting 539your console login will display the default hostname of 540.Dq Amnesiac . 541.It Va nisdomainname 542.Pq Vt str 543The NIS domain name of this host, or 544.Dq Li NO 545if NIS is not used. 546.It Va hostid_enable 547.Pq Vt bool 548If set to 549.Dq Li NO , 550disable the generation or saving of the 551.Pa hostid 552and 553.Pa machine-id 554files at system boot and shutdown. 555.It Va hostid_file 556.Pq Vt str 557Path to the 558.Pa hostid 559file, default 560.Pa /etc/hostid . 561.It Va hostid_uuidgen_flags 562.Pq Vt str 563Flags passed to 564.Xr uuidgen 1 565when generating a software host UUID. 566This is used only if the system cannot determine a hardware UUID. 567Set to 568.Dq Li -r 569by default. 570.It Va machine_id_file 571.Pq Vt str 572Path to the 573.Pa machine-id 574file, default 575.Pa /etc/machine-id . 576.It Va dhclient_program 577.Pq Vt str 578Path to the DHCP client program, defaulting to 579.Pa /sbin/dhclient . 580.It Va dhclient_flags 581.Pq Vt str 582Additional flags to pass to the DHCP client program. 583See the 584.Xr dhclient 8 585manpage for a description of the command line options available. 586.It Va dhclient_flags_ Ns Aq Ar iface 587Additional flags to pass to the DHCP client program running on 588.Ar iface 589only. 590When specified, this variable overrides 591.Va dhclient_flags . 592.It Va background_dhclient 593.Pq Vt bool 594Set to 595.Dq Li YES 596to start the DHCP client in background. 597This can cause trouble with applications depending on 598a working network, but it will provide a faster startup 599in many cases. 600.It Va background_dhclient_ Ns Aq Ar iface 601When specified, this variable overrides the 602.Va background_dhclient 603variable for interface 604.Ar iface 605only. 606.It Va synchronous_dhclient 607.Pq Vt bool 608Set to 609.Dq Li YES 610to start 611.Xr dhclient 8 612synchronously at startup. 613This behavior can be overridden on a per-interface basis by replacing 614the 615.Dq Li DHCP 616keyword in the 617.Va ifconfig_ Ns Aq Ar interface 618variable with 619.Dq Li SYNCDHCP 620or 621.Dq Li NOSYNCDHCP . 622.It Va defaultroute_delay 623.Pq Vt int 624When set to a positive value, wait up to this long after configuring 625DHCP interfaces at startup to give the interfaces time to receive a lease. 626.It Va firewall_enable 627.Pq Vt bool 628Set to 629.Dq Li YES 630to load firewall rules at startup. 631If the kernel was not built with 632.Cd "options IPFIREWALL" , 633the 634.Pa ipfw.ko 635kernel module will be loaded. 636See also 637.Va ipfilter_enable . 638.It Va firewall_script 639.Pq Vt str 640This variable specifies the full path to the firewall script to run. 641The default is 642.Pa /etc/rc.firewall . 643.It Va firewall_type 644.Pq Vt str 645Names the firewall type from the selection in 646.Pa /etc/rc.firewall , 647or the file which contains the local firewall ruleset. 648Valid selections from 649.Pa /etc/rc.firewall 650are: 651.Pp 652.Bl -tag -width ".Li workstation" -compact 653.It Li open 654unrestricted IP access 655.It Li closed 656all IP services disabled, except via 657.Dq Li lo0 658.It Li client 659basic protection for a workstation 660.It Li workstation 661basic protection for a workstation using stateful firewalling 662.It Li simple 663basic protection for a LAN. 664.El 665.Pp 666If a filename is specified, the full path 667must be given. 668.Pp 669Most of the predefined rulesets define additional configuration variables. 670These are documented in 671.Pa /etc/rc.firewall . 672.It Va firewall_quiet 673.Pq Vt bool 674Set to 675.Dq Li YES 676to disable the display of firewall rules on the console during boot. 677.It Va firewall_logging 678.Pq Vt bool 679Set to 680.Dq Li YES 681to enable firewall event logging. 682This is equivalent to the 683.Dv IPFIREWALL_VERBOSE 684kernel option. 685.It Va firewall_logif 686.Pq Vt bool 687Set to 688.Dq Li YES 689to create pseudo interface 690.Li ipfw0 691for logging. 692For more details, see 693.Xr ipfw 8 694manual page. 695.It Va firewall_flags 696.Pq Vt str 697Flags passed to 698.Xr ipfw 8 699if 700.Va firewall_type 701specifies a filename. 702.It Va firewall_coscripts 703.Pq Vt str 704List of executables and/or rc scripts to run after firewall starts/stops. 705Default is empty. 706.\" ----- firewall_nat_enable setting -------------------------------- 707.It Va firewall_nat_enable 708.Pq Vt bool 709The 710.Xr ipfw 8 711equivalent of 712.Va natd_enable . 713Setting this to 714.Dq Li YES 715will automatically load the 716.Xr ipfw 8 717NAT kernel module if 718.Va firewall_enable 719is also set to 720.Dq Li YES . 721.It Va firewall_nat_interface 722.Pq Vt str 723The 724.Xr ipfw 8 725equivalent of 726.Va natd_interface . 727This is the name of the public interface or IP address on which 728kernel NAT should run. 729.It Va firewall_nat_flags 730.Pq Vt str 731Additional configuration parameters for kernel NAT should be placed here. 732.It Va firewall_nat64_enable 733.Pq Vt bool 734Setting this to 735.Dq Li YES 736will automatically load the 737.Xr ipfw 8 738NAT64 kernel module if 739.Va firewall_enable 740is also set to 741.Dq Li YES . 742.It Va firewall_nptv6_enable 743.Pq Vt bool 744Setting this to 745.Dq Li YES 746will automatically load the 747.Xr ipfw 8 748NPTv6 kernel module if 749.Va firewall_enable 750is also set to 751.Dq Li YES . 752.It Va firewall_pmod_enable 753.Pq Vt bool 754Setting this to 755.Dq Li YES 756will automatically load the 757.Xr ipfw 8 758pmod kernel module if 759.Va firewall_enable 760is also set to 761.Dq Li YES . 762.It Va dummynet_enable 763.Pq Vt bool 764Setting this to 765.Dq Li YES 766will automatically load the 767.Xr dummynet 4 768module if 769.Va firewall_enable 770is also set to 771.Dq Li YES . 772.\" ------------------------------------------------------------------- 773.It Va ipfw_netflow_enable 774.Pq Vt bool 775Setting this to 776.Dq Li YES 777will enable netflow logging via 778.Xr ng_netflow 4 . 779.Pp 780By default a ipfw rule is inserted and all packets are duplicated with 781the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 782port using protocol version 5. 783.It Va ipfw_netflow_hook 784.Pq Vt int 785netflow hook name, must be numerical 786(default 787.Pa 9995 ) . 788.It Va ipfw_netflow_rule 789.Pq Vt int 790ipfw rule number 791(default 792.Pa 1000 ) . 793.It Va ipfw_netflow_ip 794.Pq Vt str 795Destination server ip for receiving netflow data 796(default 797.Pa 127.0.0.1 ) . 798.It Va ipfw_netflow_port 799.Pq Vt int 800Destination server port for receiving netflow data 801(default 802.Pa 9995 ) . 803.It Va ipfw_netflow_version 804.Pq Vt int 805Do not set for using version 5 of the netflow protocol, set it to 9 for using 806version 9. 807.It Va ipfw_netflow_fib 808.Pq Vt int 809Only match packet in FIB 810.Pa ipfw_netflow_fib 811(default is undefined meaning all FIBs). 812.It Va natd_program 813.Pq Vt str 814Path to 815.Xr natd 8 . 816.It Va natd_enable 817.Pq Vt bool 818Set to 819.Dq Li YES 820to enable 821.Xr natd 8 . 822.Va firewall_enable 823must also be set to 824.Dq Li YES , 825and 826.Xr divert 4 827sockets must be enabled in the kernel. 828If the kernel was not built with 829.Cd "options IPDIVERT" , 830the 831.Pa ipdivert.ko 832kernel module will be loaded. 833.It Va natd_interface 834.Pq Vt str 835This is the name of the public interface on which 836.Xr natd 8 837should run. 838The interface may be given as an interface name or as an IP address. 839.It Va natd_flags 840.Pq Vt str 841Additional 842.Xr natd 8 843flags should be placed here. 844The 845.Fl n 846or 847.Fl a 848flag is automatically added with the above 849.Va natd_interface 850as an argument. 851.\" ----- ipfilter_enable setting -------------------------------- 852.It Va ipfilter_enable 853.Pq Vt bool 854Set to 855.Dq Li NO 856by default. 857Setting this to 858.Dq Li YES 859enables 860.Xr ipf 8 861packet filtering. 862.Pp 863Typical usage will require putting 864.Bd -literal 865ipfilter_enable="YES" 866ipnat_enable="YES" 867ipmon_enable="YES" 868ipfs_enable="YES" 869.Ed 870.Pp 871into 872.Pa /etc/rc.conf 873and editing 874.Pa /etc/ipf.rules 875and 876.Pa /etc/ipnat.rules 877appropriately. 878.Pp 879Note that 880.Va ipfilter_enable 881and 882.Va ipnat_enable 883can be enabled independently. 884.Va ipmon_enable 885and 886.Va ipfs_enable 887both require at least one of 888.Va ipfilter_enable 889and 890.Va ipnat_enable 891to be enabled. 892.Pp 893Having 894.Bd -literal 895options IPFILTER 896options IPFILTER_LOG 897options IPFILTER_DEFAULT_BLOCK 898.Ed 899.Pp 900in the kernel configuration file is a good idea, too. 901.\" ----- ipfilter_program setting ------------------------------ 902.It Va ipfilter_program 903.Pq Vt str 904Path to 905.Xr ipf 8 906(default 907.Pa /sbin/ipf ) . 908.\" ----- ipfilter_rules setting -------------------------------- 909.It Va ipfilter_rules 910.Pq Vt str 911Set to 912.Pa /etc/ipf.rules 913by default. 914This variable contains the name of the filter rule definition file. 915The file is expected to be readable for the 916.Xr ipf 8 917command to execute. 918.\" ----- ipfilter_flags setting -------------------------------- 919.It Va ipfilter_flags 920.Pq Vt str 921Empty by default. 922This variable contains flags passed to the 923.Xr ipf 8 924program. 925.\" ----- ipnat_enable setting ---------------------------------- 926.It Va ipnat_enable 927.Pq Vt bool 928Set to 929.Dq Li NO 930by default. 931Set it to 932.Dq Li YES 933to enable 934.Xr ipnat 8 935network address translation. 936See 937.Va ipfilter_enable 938for a detailed discussion. 939.\" ----- ipnat_program setting --------------------------------- 940.It Va ipnat_program 941.Pq Vt str 942Path to 943.Xr ipnat 8 944(default 945.Pa /sbin/ipnat ) . 946.\" ----- ipnat_rules setting ----------------------------------- 947.It Va ipnat_rules 948.Pq Vt str 949Set to 950.Pa /etc/ipnat.rules 951by default. 952This variable contains the name of the file 953holding the network address translation definition. 954This file is expected to be readable for the 955.Xr ipnat 8 956command to execute. 957.\" ----- ipnat_flags setting ----------------------------------- 958.It Va ipnat_flags 959.Pq Vt str 960Empty by default. 961This variable contains flags passed to the 962.Xr ipnat 8 963program. 964.\" ----- ipmon_enable setting ---------------------------------- 965.It Va ipmon_enable 966.Pq Vt bool 967Set to 968.Dq Li NO 969by default. 970Set it to 971.Dq Li YES 972to enable 973.Xr ipmon 8 974monitoring (logging 975.Xr ipf 8 976and 977.Xr ipnat 8 978events). 979Setting this variable needs setting 980.Va ipfilter_enable 981or 982.Va ipnat_enable 983too. 984See 985.Va ipfilter_enable 986for a detailed discussion. 987.\" ----- ipmon_program setting --------------------------------- 988.It Va ipmon_program 989.Pq Vt str 990Path to 991.Xr ipmon 8 992(default 993.Pa /sbin/ipmon ) . 994.\" ----- ipmon_flags setting ----------------------------------- 995.It Va ipmon_flags 996.Pq Vt str 997Set to 998.Dq Li -Ds 999by default. 1000This variable contains flags passed to the 1001.Xr ipmon 8 1002program. 1003Another typical example would be 1004.Dq Fl D Pa /var/log/ipflog 1005to have 1006.Xr ipmon 8 1007log directly to a file bypassing 1008.Xr syslogd 8 . 1009Make sure to adjust 1010.Pa /etc/newsyslog.conf 1011in such case like this: 1012.Bd -literal 1013/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 1014.Ed 1015.\" ----- ipfs_enable setting ----------------------------------- 1016.It Va ipfs_enable 1017.Pq Vt bool 1018Set to 1019.Dq Li NO 1020by default. 1021Set it to 1022.Dq Li YES 1023to enable 1024.Xr ipfs 8 1025saving the filter and NAT state tables during shutdown 1026and reloading them during startup again. 1027Setting this variable needs setting 1028.Va ipfilter_enable 1029or 1030.Va ipnat_enable 1031to 1032.Dq Li YES 1033too. 1034See 1035.Va ipfilter_enable 1036for a detailed discussion. 1037Note that if 1038.Va kern_securelevel 1039is set to 3, 1040.Va ipfs_enable 1041cannot be used 1042because the raised securelevel will prevent 1043.Xr ipfs 8 1044from saving the state tables at shutdown time. 1045.\" ----- ipfs_program setting ---------------------------------- 1046.It Va ipfs_program 1047.Pq Vt str 1048Path to 1049.Xr ipfs 8 1050(default 1051.Pa /sbin/ipfs ) . 1052.\" ----- ipfs_flags setting ------------------------------------ 1053.It Va ipfs_flags 1054.Pq Vt str 1055Empty by default. 1056This variable contains flags passed to the 1057.Xr ipfs 8 1058program. 1059.\" ----- end of added ipf hook --------------------------------- 1060.It Va pf_enable 1061.Pq Vt bool 1062Set to 1063.Dq Li NO 1064by default. 1065Setting this to 1066.Dq Li YES 1067enables 1068.Xr pf 4 1069packet filtering. 1070.Pp 1071Typical usage will require putting 1072.Pp 1073.Dl pf_enable="YES" 1074.Pp 1075into 1076.Pa /etc/rc.conf 1077and editing 1078.Pa /etc/pf.conf 1079appropriately. 1080Adding 1081.Pp 1082.Dl "device pf" 1083.Pp 1084builds support for 1085.Xr pf 4 1086into the kernel, otherwise the 1087kernel module will be loaded. 1088.It Va pf_rules 1089.Pq Vt str 1090Path to 1091.Xr pf 4 1092ruleset configuration file 1093(default 1094.Pa /etc/pf.conf ) . 1095.It Va pf_program 1096.Pq Vt str 1097Path to 1098.Xr pfctl 8 1099(default 1100.Pa /sbin/pfctl ) . 1101.It Va pf_flags 1102.Pq Vt str 1103If 1104.Va pf_enable 1105is set to 1106.Dq Li YES , 1107these flags are passed to the 1108.Xr pfctl 8 1109program when loading the ruleset. 1110.It Va pf_fallback_rules_enable 1111.Pq Vt bool 1112Set to 1113.Dq Li NO 1114by default. 1115Setting this to 1116.Dq Li YES 1117enables loading 1118.Va pf_fallback_rules_file 1119or 1120.Va pf_fallback_rules 1121in case of a problem when loading the ruleset in 1122.Va pf_rules . 1123.It Va pf_fallback_rules_file 1124.Pq Vt str 1125Path to a pf ruleset to load in case of failure when loading the 1126ruleset in 1127.Va pf_rules 1128(default 1129.Pa /etc/pf-fallback.conf ) . 1130.It Va pf_fallback_rules 1131.Pq Vt str 1132A pf ruleset to load in case of failure when loading the ruleset in 1133.Va pf_rules 1134and 1135.Va pf_fallback_rules_file 1136is not found. 1137Multiple rules can be set as follows: 1138.Bd -literal 1139pf_fallback_rules="\\ 1140 block drop log all\\ 1141 pass in quick on em0" 1142.Pp 1143.Ed 1144The default fallback rule is 1145.Dq block drop log all 1146.It Va pflog_enable 1147.Pq Vt bool 1148Set to 1149.Dq Li NO 1150by default. 1151Setting this to 1152.Dq Li YES 1153enables 1154.Xr pflogd 8 1155which logs packets from the 1156.Xr pf 4 1157packet filter. 1158.It Va pflog_logfile 1159.Pq Vt str 1160If 1161.Va pflog_enable 1162is set to 1163.Dq Li YES 1164this controls where 1165.Xr pflogd 8 1166stores the logfile 1167(default 1168.Pa /var/log/pflog ) . 1169Check 1170.Pa /etc/newsyslog.conf 1171to adjust logfile rotation for this. 1172.It Va pflog_program 1173.Pq Vt str 1174Path to 1175.Xr pflogd 8 1176(default 1177.Pa /sbin/pflogd ) . 1178.It Va pflog_flags 1179.Pq Vt str 1180Empty by default. 1181This variable contains additional flags passed to the 1182.Xr pflogd 8 1183program. 1184.It Va pflog_instances 1185.Pq Vt str 1186If logging to more than one 1187.Xr pflog 4 1188interface is desired, 1189.Va pflog_instances 1190is set to the list of 1191.Xr pflogd 8 1192instances that should be started at system boot time. 1193If 1194.Va pflog_instances 1195is set, for each whitespace-separated 1196.Ar element 1197in the list, 1198.Ao Ar element Ac Ns Va _dev 1199and 1200.Ao Ar element Ac Ns Va _logfile 1201elements are assumed to exist. 1202.Ao Ar element Ac Ns Va _dev 1203must contain the 1204.Xr pflog 4 1205interface to be watched by the named 1206.Xr pflogd 8 1207instance. 1208.Ao Ar element Ac Ns Va _logfile 1209must contain the name of the logfile that will be used by the 1210.Xr pflogd 8 1211instance. 1212.It Va ftpproxy_enable 1213.Pq Vt bool 1214Set to 1215.Dq Li NO 1216by default. 1217Setting this to 1218.Dq Li YES 1219enables 1220.Xr ftp-proxy 8 1221which supports the 1222.Xr pf 4 1223packet filter in translating ftp connections. 1224.It Va ftpproxy_flags 1225.Pq Vt str 1226Empty by default. 1227This variable contains additional flags passed to the 1228.Xr ftp-proxy 8 1229program. 1230.It Va ftpproxy_instances 1231.Pq Vt str 1232Empty by default. 1233If multiple instances of 1234.Xr ftp-proxy 8 1235are desired at boot time, 1236.Va ftpproxy_instances 1237should contain a whitespace-separated list of instance names. 1238For each 1239.Ar element 1240in the list, a variable named 1241.Ao Ar element Ac Ns Va _flags 1242should be defined, containing the command-line flags to be passed to the 1243.Xr ftp-proxy 8 1244instance. 1245.It Va pfsync_enable 1246.Pq Vt bool 1247Set to 1248.Dq Li NO 1249by default. 1250Setting this to 1251.Dq Li YES 1252enables exposing 1253.Xr pf 4 1254state changes to other hosts over the network by means of 1255.Xr pfsync 4 . 1256The 1257.Va pfsync_syncdev 1258variable 1259must also be set then. 1260.It Va pfsync_syncdev 1261.Pq Vt str 1262Empty by default. 1263This variable specifies the name of the network interface 1264.Xr pfsync 4 1265should operate through. 1266It must be set accordingly if 1267.Va pfsync_enable 1268is set to 1269.Dq Li YES . 1270.It Va pfsync_syncpeer 1271.Pq Vt str 1272Empty by default. 1273This variable is optional. 1274By default, state change messages are sent out on the synchronisation 1275interface using IP multicast packets. 1276The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1277224.0.0.240. 1278When a peer address is specified using the 1279.Va pfsync_syncpeer 1280option, the peer address is used as a destination for the pfsync 1281traffic, and the traffic can then be protected using 1282.Xr ipsec 4 . 1283See the 1284.Xr pfsync 4 1285manpage for more details about using 1286.Xr ipsec 4 1287with 1288.Xr pfsync 4 1289interfaces. 1290.It Va pfsync_ifconfig 1291.Pq Vt str 1292Empty by default. 1293This variable can contain additional options to be passed to the 1294.Xr ifconfig 8 1295command used to set up 1296.Xr pfsync 4 . 1297.It Va tcp_extensions 1298.Pq Vt bool 1299Set to 1300.Dq Li YES 1301by default. 1302Setting this to 1303.Dq Li NO 1304disables certain TCP options as described by 1305.Rs 1306.%T "RFC 1323" 1307.Re 1308Setting this to 1309.Dq Li NO 1310might help remedy such problems with connections as randomly hanging 1311or other weird behavior. 1312Some network devices are known 1313to be broken with respect to these options. 1314.It Va log_in_vain 1315.Pq Vt int 1316Set to 0 by default. 1317The 1318.Xr sysctl 8 1319variables, 1320.Va net.inet.tcp.log_in_vain 1321and 1322.Va net.inet.udp.log_in_vain , 1323as described in 1324.Xr tcp 4 1325and 1326.Xr udp 4 , 1327are set to the given value. 1328.It Va tcp_keepalive 1329.Pq Vt bool 1330Set to 1331.Dq Li YES 1332by default. 1333Setting to 1334.Dq Li NO 1335will disable probing idle TCP connections to verify that the 1336peer is still up and reachable. 1337.It Va tcp_drop_synfin 1338.Pq Vt bool 1339Set to 1340.Dq Li NO 1341by default. 1342Setting to 1343.Dq Li YES 1344will cause the kernel to ignore TCP frames that have both 1345the SYN and FIN flags set. 1346This prevents OS fingerprinting, but may 1347break some legitimate applications. 1348.It Va icmp_drop_redirect 1349.Pq Vt bool 1350Set to 1351.Dq Li AUTO 1352by default. 1353This setting will be identical to 1354.Dq Li YES , 1355if a dynamic routing daemon is enabled, because redirect processing may 1356cause performance issues for large routing tables. 1357If no such service is enabled, this setting behaves like a 1358.Dq Li NO . 1359Setting to 1360.Dq Li YES 1361will cause the kernel to ignore ICMP REDIRECT packets. 1362Setting to 1363.Dq Li NO 1364will cause the kernel to process ICMP REDIRECT packets. 1365Refer to 1366.Xr icmp 4 1367for more information. 1368.It Va icmp_log_redirect 1369.Pq Vt bool 1370Set to 1371.Dq Li NO 1372by default. 1373Setting to 1374.Dq Li YES 1375will cause the kernel to log ICMP REDIRECT packets. 1376Note that 1377the log messages are not rate-limited, so this option should only be used 1378for troubleshooting networks. 1379Refer to 1380.Xr icmp 4 1381for more information. 1382.It Va icmp_bmcastecho 1383.Pq Vt bool 1384Set to 1385.Dq Li YES 1386to respond to broadcast or multicast ICMP ping packets. 1387Refer to 1388.Xr icmp 4 1389for more information. 1390.It Va ip_portrange_first 1391.Pq Vt int 1392If not set to 1393.Dq Li NO , 1394this is the first port in the default portrange. 1395Refer to 1396.Xr ip 4 1397for more information. 1398.It Va ip_portrange_last 1399.Pq Vt int 1400If not set to 1401.Dq Li NO , 1402this is the last port in the default portrange. 1403Refer to 1404.Xr ip 4 1405for more information. 1406.It Va network_interfaces 1407.Pq Vt str 1408Set to the list of network interfaces to configure on this host or 1409.Dq Li AUTO 1410(the default) for all current interfaces. 1411Setting the 1412.Va network_interfaces 1413variable to anything other than the default is deprecated. 1414Interfaces that the administrator wishes to store configuration for, 1415but not start at boot should be configured with the 1416.Dq Li NOAUTO 1417keyword in their 1418.Va ifconfig_ Ns Aq Ar interface 1419variables as described below. 1420.Pp 1421An 1422.Va ifconfig_ Ns Aq Ar interface 1423variable is also assumed to exist for each value of 1424.Ar interface . 1425When an interface name contains any of the characters 1426.Dq Li .-/+ 1427they are translated to 1428.Dq Li _ 1429before lookup. 1430The variable can contain arguments to 1431.Xr ifconfig 8 , 1432as well as special case-insensitive keywords described below. 1433Such keywords are removed before passing the value to 1434.Xr ifconfig 8 1435while the order of the other arguments is preserved. 1436.Pp 1437It is possible to add IP alias entries using 1438.Xr ifconfig 8 1439syntax with the address family keyword such as 1440.Li inet . 1441Assuming that the interface in question was 1442.Li em0 , 1443it might look something like this: 1444.Bd -literal 1445ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1446ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1447.Ed 1448.Pp 1449It also possible to configure multiple IP addresses in Classless 1450Inter-Domain Routing 1451.Pq CIDR 1452address notation, 1453whose each address component can be a range like 1454.Li inet 192.0.2.5-23/24 1455or 1456.Li inet6 2001:db8:1-f::1/64 . 1457This notation allows address and prefix length part only, 1458not the other address modifiers. 1459Note that the maximum number of the generated addresses from a range 1460specification is limited to an integer value specified in 1461.Va netif_ipexpand_max 1462in 1463.Nm 1464because a small typo can unexpectedly generate a large number of addresses. 1465The default value is 1466.Li 2048 . 1467It can be increased by adding the following line into 1468.Nm : 1469.Bd -literal 1470netif_ipexpand_max="4096" 1471.Ed 1472.Pp 1473In the case of 1474.Li 192.0.2.5-23/24 , 1475the address 192.0.2.5 will be configured with the 1476netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1477the non-conflicting netmask /32 as explained in the 1478.Xr ifconfig 8 1479alias section. 1480Note that this special netmask handling is only for 1481.Li inet , 1482not for the other address families such as 1483.Li inet6 . 1484.Pp 1485With the interface in question being 1486.Li em0 , 1487an example could look like: 1488.Bd -literal 1489ifconfig_em0_alias2="inet 192.0.2.129/27" 1490ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1491.Ed 1492.Pp 1493and so on. 1494.Pp 1495Note that deprecated 1496.Va ipv4_addrs_ Ns Aq Ar interface 1497variable was supported for IPv4 CIDR address notation. 1498The 1499.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1500variable replaces it, though 1501.Va ipv4_addrs_ Ns Aq Ar interface 1502is still supported for backward compatibility. 1503.Pp 1504For each 1505.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1506entry with an address family keyword, 1507its contents are passed to 1508.Xr ifconfig 8 . 1509Execution stops at the first unsuccessful access, so if 1510something like this is present: 1511.Bd -literal 1512ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1513ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1514ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1515ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1516.Ed 1517.Pp 1518Then note that alias4 would 1519.Em not 1520be added since the search would 1521stop with the missing 1522.Dq Li alias3 1523entry. 1524Because of this difficult to manage behavior, 1525there is 1526.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1527variable, which has the same functionality as 1528.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1529and can have all of the entries in a variable like the following: 1530.Bd -literal 1531ifconfig_em0_aliases="\\ 1532 inet 127.0.0.251 netmask 0xffffffff \\ 1533 inet 127.0.0.252 netmask 0xffffffff \\ 1534 inet 127.0.0.253 netmask 0xffffffff \\ 1535 inet 127.0.0.254 netmask 0xffffffff" 1536.Ed 1537.Pp 1538It also supports CIDR notation. 1539.Pp 1540If the 1541.Pa /etc/start_if . Ns Aq Ar interface 1542file is present, it is read and executed by the 1543.Xr sh 1 1544interpreter 1545before configuring the interface as specified in the 1546.Va ifconfig_ Ns Aq Ar interface 1547and 1548.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1549variables. 1550.Pp 1551If a 1552.Va vlans_ Ns Aq Ar interface 1553variable is set, 1554a 1555.Xr vlan 4 1556interface will be created for each item in the list with the 1557.Ar vlandev 1558argument set to 1559.Ar interface . 1560If a vlan interface's name is a number, 1561then that number is used as the vlan tag and the new vlan interface is 1562named 1563.Ar interface . Ns Ar tag . 1564Otherwise, 1565the vlan tag must be specified via a 1566.Va vlan 1567parameter in the 1568.Va create_args_ Ns Aq Ar interface 1569variable. 1570.Pp 1571To create a vlan device named 1572.Li em0.101 1573on 1574.Li em0 1575with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24: 1576.Bd -literal 1577vlans_em0="101" 1578ifconfig_em0_101="inet 192.0.2.1/24" 1579.Ed 1580.Pp 1581To create a vlan device named 1582.Li myvlan 1583on 1584.Li em0 1585with the vlan tag 102: 1586.Bd -literal 1587vlans_em0="myvlan" 1588create_args_myvlan="vlan 102" 1589.Ed 1590.Pp 1591If a 1592.Va wlans_ Ns Aq Ar interface 1593variable is set, 1594an 1595.Xr wlan 4 1596interface will be created for each item in the list with the 1597.Ar wlandev 1598argument set to 1599.Ar interface . 1600Further wlan cloning arguments may be passed to the 1601.Xr ifconfig 8 1602.Cm create 1603command by setting the 1604.Va create_args_ Ns Aq Ar interface 1605variable. 1606One or more 1607.Xr wlan 4 1608devices must be created for each wireless device as of 1609.Fx 8.0 . 1610Debugging flags for 1611.Xr wlan 4 1612devices as set by 1613.Xr wlandebug 8 1614may be specified with an 1615.Va wlandebug_ Ns Aq Ar interface 1616variable. 1617The contents of this variable will be passed directly to 1618.Xr wlandebug 8 . 1619.Pp 1620If the 1621.Va ifconfig_ Ns Aq Ar interface 1622contains the keyword 1623.Dq Li NOAUTO 1624then the interface will not be configured 1625at boot or by 1626.Pa /etc/pccard_ether 1627when 1628.Va network_interfaces 1629is set to 1630.Dq Li AUTO . 1631.Pp 1632It is possible to bring up an interface with DHCP by adding 1633.Dq Li DHCP 1634to the 1635.Va ifconfig_ Ns Aq Ar interface 1636variable. 1637For instance, to initialize the 1638.Li em0 1639device via DHCP, 1640it is possible to use something like: 1641.Bd -literal 1642ifconfig_em0="DHCP" 1643.Ed 1644.Pp 1645If you want to configure your wireless interface with 1646.Xr wpa_supplicant 8 1647for use with WPA, EAP/LEAP or WEP, you need to add 1648.Dq Li WPA 1649to the 1650.Va ifconfig_ Ns Aq Ar interface 1651variable. 1652.Pp 1653On the other hand, if you want to configure your wireless interface with 1654.Xr hostapd 8 , 1655you need to add 1656.Dq Li HOSTAP 1657to the 1658.Va ifconfig_ Ns Aq Ar interface 1659variable. 1660.Xr hostapd 8 1661will use the settings from 1662.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1663.Pp 1664Finally, you can add 1665.Xr ifconfig 8 1666options in this variable, in addition to the 1667.Pa /etc/start_if . Ns Aq Ar interface 1668file. 1669For instance, to configure an 1670.Xr ath 4 1671wireless device in station mode with an address obtained 1672via DHCP, using WPA authentication and 802.11b mode, it is 1673possible to use something like: 1674.Bd -literal 1675wlans_ath0="wlan0" 1676ifconfig_wlan0="DHCP WPA mode 11b" 1677.Ed 1678.Pp 1679In addition to the 1680.Va ifconfig_ Ns Aq Ar interface 1681form, a fallback variable 1682.Va ifconfig_DEFAULT 1683may be configured. 1684It will be used for all interfaces with no 1685.Va ifconfig_ Ns Aq Ar interface 1686variable. 1687.Pp 1688It is also possible to rename an interface by doing: 1689.Bd -literal 1690ifconfig_em0_name="net0" 1691ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1692.Ed 1693.It Va ipv6_enable 1694.Pq Vt bool 1695This variable is deprecated. 1696Use 1697.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1698and 1699.Va ipv6_activate_all_interfaces 1700if necessary. 1701.Pp 1702If the variable is 1703.Dq Li YES , 1704.Dq Li inet6 accept_rtadv 1705is added to all of 1706.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1707and the 1708.Va ipv6_activate_all_interfaces 1709is defined as 1710.Dq Li YES . 1711.It Va ipv6_prefer 1712.Pq Vt bool 1713This variable is deprecated. 1714Use 1715.Va ip6addrctl_policy 1716instead. 1717.Pp 1718If the variable is 1719.Dq Li YES , 1720the default address selection policy table set by 1721.Xr ip6addrctl 8 1722will be IPv6-preferred. 1723.Pp 1724If the variable is 1725.Dq Li NO , 1726the default address selection policy table set by 1727.Xr ip6addrctl 8 1728will be IPv4-preferred. 1729.It Va ipv6_activate_all_interfaces 1730.Pq Vt bool 1731This controls initial configuration on IPv6-capable 1732interfaces with no corresponding 1733.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1734variable. 1735Note that it is not always necessary to set this variable to 1736.Dq YES 1737to use IPv6 functionality on 1738.Fx . 1739In most cases, just configuring 1740.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1741variables works. 1742.Pp 1743If the variable is 1744.Dq Li NO , 1745all interfaces which do not have a corresponding 1746.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1747variable will be marked as 1748.Dq Li IFDISABLED 1749at creation. 1750This means that all IPv6 functionality on that interface 1751is completely disabled to enforce a security policy. 1752If the variable is set to 1753.Dq YES , 1754the flag will be cleared on all of the interfaces. 1755.Pp 1756In most cases, just defining an 1757.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1758for an IPv6-capable interface should be sufficient. 1759However, if an interface is added dynamically 1760.Pq by some tunneling protocols such as PPP, for example , 1761it is often difficult to define the variable in advance. 1762In such a case, configuring the 1763.Dq Li IFDISABLED 1764flag can be disabled by setting this variable to 1765.Dq YES . 1766.Pp 1767For more details of the 1768.Dq Li IFDISABLED 1769flag and keywords 1770.Dq Li inet6 ifdisabled , 1771see 1772.Xr ifconfig 8 . 1773.Pp 1774Default is 1775.Dq Li NO . 1776.It Va ipv6_privacy 1777.Pq Vt bool 1778If the variable is 1779.Dq Li YES 1780privacy addresses will be generated for each IPv6 1781interface as described in RFC 4941. 1782.It Va ipv6_network_interfaces 1783.Pq Vt str 1784This is the IPv6 equivalent of 1785.Va network_interfaces . 1786Normally manual configuration of this variable is not needed. 1787.It Va ipv6_cpe_wanif 1788.Pq Vt str 1789If the variable is set to an interface name, 1790the 1791.Xr ifconfig 8 1792options 1793.Dq inet6 -no_radr accept_rtadv 1794will be added to the specified interface automatically before evaluating 1795.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1796and two 1797.Xr sysctl 8 1798variables 1799.Va net.inet6.ip6.rfc6204w3 1800and 1801.Va net.inet6.ip6.no_radr 1802will be set to 1. 1803.Pp 1804This means the specified interface will accept ICMPv6 Router 1805Advertisement messages on that link and add the discovered 1806routers into the Default Router List. 1807While the other interfaces can still accept RA messages if the 1808.Dq inet6 accept_rtadv 1809option is specified, adding 1810routes into the Default Router List will be disabled by 1811.Dq inet6 no_radr 1812option by default. 1813See 1814.Xr ifconfig 8 1815for more details. 1816.Pp 1817Note that ICMPv6 Router Advertisement messages will be 1818accepted even when 1819.Va net.inet6.ip6.forwarding 1820is 1 1821.Pq packet forwarding is enabled 1822when 1823.Va net.inet6.ip6.rfc6204w3 1824is set to 1. 1825.Pp 1826Default is 1827.Dq Li NO . 1828.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1829.Pq Vt str 1830This assigns arbitrary description to an interface. 1831The 1832.Xr sysctl 8 1833variable 1834.Va net.ifdescr_maxlen 1835limits its length. 1836This static setting may be overridden by commands 1837started with dynamic interface configuration utilities 1838like 1839.Xr dhclient 8 1840hooks. 1841The description can be seen with 1842.Xr ifconfig 8 1843command and it may be exported with 1844.Xr bsnmpd 1 1845daemon using its MIB-2 module. 1846.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1847.Pq Vt str 1848IPv6 functionality on an interface should be configured by 1849.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1850instead of setting ifconfig parameters in 1851.Va ifconfig_ Ns Aq Ar interface . 1852If this variable is empty, all IPv6 configurations on the 1853specified interface by other variables such as 1854.Va ipv6_prefix_ Ns Ao Ar interface Ac 1855will be ignored. 1856.Pp 1857Aliases should be set by 1858.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1859with 1860.Dq Li inet6 1861keyword. 1862For example: 1863.Bd -literal 1864ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1865ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1866.Ed 1867.Pp 1868Interfaces that have an 1869.Dq Li inet6 accept_rtadv 1870keyword in 1871.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1872setting will be automatically configured by SLAAC 1873.Pq StateLess Address AutoConfiguration 1874described in 1875.Rs 1876.%T "RFC 4862" 1877.Re 1878.Pp 1879Note that a link-local address will be automatically configured in 1880addition to the configured global-scope addresses because the IPv6 1881specifications require it on each link. 1882The address is calculated from the MAC address by using an algorithm 1883defined in 1884.Rs 1885.%T "RFC 4862" 1886.%O "Section 5.3" 1887.Re 1888.Pp 1889If only a link-local address is needed on the interface, 1890the following configuration can be used: 1891.Bd -literal 1892ifconfig_em0_ipv6="inet6 auto_linklocal" 1893.Ed 1894.Pp 1895A link-local address can also be configured manually. 1896This is useful for the default router address of an IPv6 router 1897so that it does not change when the network interface 1898card is replaced. 1899For example: 1900.Bd -literal 1901ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1902.Ed 1903.It Va ipv6_prefix_ Ns Aq Ar interface 1904.Pq Vt str 1905If one or more prefixes are defined in 1906.Va ipv6_prefix_ Ns Aq Ar interface 1907addresses based on each prefix and the EUI-64 interface index will be 1908configured on that interface. 1909Note that this variable will be ignored when 1910.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1911is empty. 1912.Pp 1913For example, the following configuration 1914.Bd -literal 1915ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1916.Ed 1917.Pp 1918is equivalent to the following: 1919.Bd -literal 1920ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1921ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1922ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1923ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1924.Ed 1925.Pp 1926These Subnet-Router anycast addresses will be added only when 1927.Va ipv6_gateway_enable 1928is YES. 1929.It Va ipv6_default_interface 1930.Pq Vt str 1931If not set to 1932.Dq Li NO , 1933this is the default output interface for scoped addresses. 1934This works only with ipv6_gateway_enable="NO". 1935.It Va ip6addrctl_enable 1936.Pq Vt bool 1937This variable is to enable configuring default address selection policy table 1938.Pq RFC 3484 . 1939The table can be specified in another variable 1940.Va ip6addrctl_policy . 1941For 1942.Va ip6addrctl_policy 1943the following keywords can be specified: 1944.Dq Li ipv4_prefer , 1945.Dq Li ipv6_prefer , 1946or 1947.Dq Li AUTO . 1948.Pp 1949If 1950.Dq Li ipv4_prefer 1951or 1952.Dq Li ipv6_prefer 1953is specified, 1954.Xr ip6addrctl 8 1955installs a pre-defined policy table described in Section 10.3 1956.Pq IPv4-preferred 1957or 2.1 1958.Pq IPv6-preferred 1959of RFC 3484. 1960.Pp 1961If 1962.Dq Li AUTO 1963is specified, it attempts to read a file 1964.Pa /etc/ip6addrctl.conf 1965first. 1966If this file is found, 1967.Xr ip6addrctl 8 1968reads and installs it. 1969If not found, a policy is automatically set 1970according to 1971.Va ipv6_activate_all_interfaces 1972variable; if the variable is set to 1973.Dq Li YES 1974the IPv6-preferred one is used. 1975Otherwise IPv4-preferred. 1976.Pp 1977The default value of 1978.Va ip6addrctl_enable 1979and 1980.Va ip6addrctl_policy 1981are 1982.Dq Li YES 1983and 1984.Dq Li AUTO , 1985respectively. 1986.It Va cloned_interfaces 1987.Pq Vt str 1988Set to the list of clonable network interfaces to create on this host. 1989Further cloning arguments may be passed to the 1990.Xr ifconfig 8 1991.Cm create 1992command for each interface by setting the 1993.Va create_args_ Ns Aq Ar interface 1994variable. 1995If an interface name is specified with 1996.Dq :sticky 1997keyword, 1998the interface will not be destroyed even when 1999.Pa rc.d/netif 2000script is invoked with 2001.Dq stop 2002argument. 2003This is useful when reconfiguring the interface without destroying it. 2004Entries in 2005.Va cloned_interfaces 2006are automatically appended to 2007.Va network_interfaces 2008for configuration. 2009.It Va cloned_interfaces_sticky 2010.Pq Vt bool 2011This variable is to globally enable functionality of 2012.Dq :sticky 2013keyword in 2014.Va cloned_interfaces 2015for all interfaces. 2016The default value is 2017.Dq NO . 2018Even if this variable is specified to 2019.Dq YES , 2020.Dq :nosticky 2021keyword can be used to override it on per interface basis. 2022.It Va gif_interfaces 2023Set to the list of 2024.Xr gif 4 2025tunnel interfaces to configure on this host. 2026A 2027.Va gifconfig_ Ns Aq Ar interface 2028variable is assumed to exist for each value of 2029.Ar interface . 2030The value of this variable is used to configure the link layer of the 2031tunnel using the 2032.Cm tunnel 2033option to 2034.Xr ifconfig 8 . 2035Additionally, this option ensures that each listed interface is created 2036via the 2037.Cm create 2038option to 2039.Xr ifconfig 8 2040before attempting to configure it. 2041.Pp 2042For example, configure two 2043.Xr gif 4 2044interfaces with: 2045.Bd -literal 2046gif_interfaces="gif0 gif1" 2047gifconfig_gif0="100.64.0.1 100.64.0.2" 2048ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 2049gifconfig_gif1="inet6 2a00::1 2a01::1" 2050ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 2051.Ed 2052.It Va ppp_enable 2053.Pq Vt bool 2054If set to 2055.Dq Li YES , 2056run the 2057.Xr ppp 8 2058daemon. 2059.It Va ppp_profile 2060.Pq Vt str 2061The name of the profile to use from 2062.Pa /etc/ppp/ppp.conf . 2063Also used for per-profile overrides of 2064.Va ppp_mode 2065and 2066.Va ppp_nat , 2067and 2068.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2069When the profile name contains any of the characters 2070.Dq Li .-/+ 2071they are translated to 2072.Dq Li _ 2073for the proposes of the override variable names. 2074.It Va ppp_mode 2075.Pq Vt str 2076Mode in which to run the 2077.Xr ppp 8 2078daemon. 2079.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2080.Pq Vt str 2081Overrides the global 2082.Va ppp_mode 2083for 2084.Ar profile . 2085Accepted modes are 2086.Dq Li auto , 2087.Dq Li ddial , 2088.Dq Li direct 2089and 2090.Dq Li dedicated . 2091See the manual for a full description. 2092.It Va ppp_nat 2093.Pq Vt bool 2094If set to 2095.Dq Li YES , 2096enables network address translation. 2097Used in conjunction with 2098.Va gateway_enable 2099allows hosts on private network addresses access to the Internet using 2100this host as a network address translating router. 2101Default is 2102.Dq Li YES . 2103.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2104.Pq Vt str 2105Overrides the global 2106.Va ppp_nat 2107for 2108.Ar profile . 2109.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2110.Pq Vt int 2111Set the unit number to be used for this profile. 2112See the manual description of 2113.Fl unit Ns Ar N 2114for details. 2115.It Va ppp_user 2116.Pq Vt str 2117The name of the user under which 2118.Xr ppp 8 2119should be started. 2120By 2121default, 2122.Xr ppp 8 2123is started as 2124.Dq Li root . 2125.It Va rc_conf_files 2126.Pq Vt str 2127This option is used to specify a list of files that will override 2128the settings in 2129.Pa /etc/defaults/rc.conf . 2130The files will be read in the order in which they are specified and should 2131include the full path to the file. 2132By default, the files specified are 2133.Pa /etc/rc.conf 2134and 2135.Pa /etc/rc.conf.local . 2136.It Va zfs_enable 2137.Pq Vt bool 2138If set to 2139.Dq Li YES , 2140.Pa /etc/rc.d/zfs 2141will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2142(ZVOLs). 2143.It Va zpool_reguid 2144.Pq Vt str 2145A space-separated list of ZFS pool names for which new pool GUIDs should be 2146assigned upon first boot. 2147This is useful when using a ZFS pool copied from a template, such as a virtual 2148machine image. 2149.It Va zpool_upgrade 2150.Pq Vt str 2151A space-separated list of ZFS pool names for which the version should be 2152upgraded upon first boot. 2153This is useful when using a ZFS pool generated by the 2154.Xr makefs 8 2155utility. 2156.It Va gptboot_enable 2157.Pq Vt bool 2158If set to 2159.Dq Li YES , 2160.Pa /etc/rc.d/gptboot 2161will log if the system successfully (or not) booted from a GPT partition, 2162which had the 2163.Ar bootonce 2164attribute set using 2165.Xr gpart 8 2166utility. 2167.It Va gbde_autoattach_all 2168.Pq Vt bool 2169If set to 2170.Dq Li YES , 2171.Pa /etc/rc.d/gbde 2172will attempt to automatically initialize the .bde devices specified in 2173.Pa /etc/fstab . 2174.It Va gbde_devices 2175.Pq Vt str 2176List the devices that the script should try to attach, 2177or 2178.Dq Li AUTO . 2179.It Va gbde_lockdir 2180.Pq Vt str 2181The directory where the 2182.Xr gbde 4 2183lockfiles are located. 2184The default lockfile directory is 2185.Pa /etc . 2186.Pp 2187The lockfile for each individual 2188.Xr gbde 4 2189device can be overridden by setting the variable 2190.Va gbde_lock_ Ns Aq Ar device , 2191where 2192.Ar device 2193is the encrypted device without the 2194.Dq Pa /dev/ 2195and 2196.Dq Pa .bde 2197parts. 2198.It Va gbde_attach_attempts 2199.Pq Vt int 2200Number of times to attempt attaching to a 2201.Xr gbde 4 2202device, i.e., how many times the user is asked for the pass-phrase. 2203Default is 3. 2204.It Va geli_devices 2205.Pq Vt str 2206List of devices to automatically attach on boot. 2207Note that .eli devices from 2208.Pa /etc/fstab 2209are automatically appended to this list. 2210.It Va geli_groups 2211.Pq Vt str 2212List of groups containing devices to automatically attach on boot with the same 2213keyfiles and passphrase. 2214This must be accompanied with a corresponding 2215.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2216variable. 2217.It Va geli_tries 2218.Pq Vt int 2219Number of times user is asked for the pass-phrase. 2220If empty, it will be taken from 2221.Va kern.geom.eli.tries 2222sysctl variable. 2223.It Va geli_default_flags 2224.Pq Vt str 2225Default flags to use by 2226.Xr geli 8 2227when configuring disk encryption. 2228Flags can be configured for every device separately by defining the 2229.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2230variable, and for every group separately by defining the 2231.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2232variable. 2233.It Va geli_autodetach 2234.Pq Vt str 2235Specifies if GELI devices should be marked for detach on last close after 2236file systems are mounted. 2237Default is 2238.Dq Li YES . 2239This can be changed for every device separately by defining the 2240.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2241variable. 2242.It Va root_rw_mount 2243.Pq Vt bool 2244Set to 2245.Dq Li YES 2246by default. 2247After the file systems are checked at boot time, the root file system 2248is remounted as read-write if this is set to 2249.Dq Li YES . 2250Diskless systems that mount their root file system from a read-only remote 2251NFS share should set this to 2252.Dq Li NO 2253in their 2254.Pa rc.conf . 2255.It Va fsck_y_enable 2256.Pq Vt bool 2257If set to 2258.Dq Li YES , 2259.Xr fsck 8 2260will be run with the 2261.Fl y 2262flag if the initial preen 2263of the file systems fails. 2264.It Va background_fsck 2265.Pq Vt bool 2266If set to 2267.Dq Li NO , 2268the system will not attempt to run 2269.Xr fsck 8 2270in the background where possible. 2271.It Va background_fsck_delay 2272.Pq Vt int 2273The amount of time in seconds to sleep before starting a background 2274.Xr fsck 8 . 2275It defaults to sixty seconds to allow large applications such as 2276the X server to start before disk I/O bandwidth is monopolized by 2277.Xr fsck 8 . 2278If set to a negative number, the background file system check will be 2279delayed indefinitely to allow the administrator to run it at a more 2280convenient time. 2281For example it may be run from 2282.Xr cron 8 2283by adding a line like 2284.Pp 2285.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2286.Pp 2287to 2288.Pa /etc/crontab . 2289.It Va netfs_types 2290.Pq Vt str 2291List of file system types that are network-based. 2292This list should generally not be modified by end users. 2293Use 2294.Va extra_netfs_types 2295instead. 2296.It Va extra_netfs_types 2297.Pq Vt str 2298If set to something other than 2299.Dq Li NO 2300(the default), 2301this variable extends the list of file system types 2302for which automatic mounting at startup by 2303.Xr rc 8 2304should be delayed until the network is initialized. 2305It should contain 2306a whitespace-separated list of network file system descriptor pairs, 2307each consisting of a file system type as passed to 2308.Xr mount 8 2309and a human-readable, one-word description, 2310joined with a colon 2311.Pq Ql \&: . 2312Extending the default list in this way is only necessary 2313when third party file system types are used. 2314.It Va syslogd_enable 2315.Pq Vt bool 2316If set to 2317.Dq Li YES , 2318run the 2319.Xr syslogd 8 2320daemon. 2321.It Va syslogd_program 2322.Pq Vt str 2323Path to 2324.Xr syslogd 8 2325(default 2326.Pa /usr/sbin/syslogd ) . 2327.It Va syslogd_flags 2328.Pq Vt str 2329If 2330.Va syslogd_enable 2331is set to 2332.Dq Li YES , 2333these are the flags to pass to 2334.Xr syslogd 8 . 2335.It Va inetd_enable 2336.Pq Vt bool 2337If set to 2338.Dq Li YES , 2339run the 2340.Xr inetd 8 2341daemon. 2342.It Va inetd_program 2343.Pq Vt str 2344Path to 2345.Xr inetd 8 2346(default 2347.Pa /usr/sbin/inetd ) . 2348.It Va inetd_flags 2349.Pq Vt str 2350If 2351.Va inetd_enable 2352is set to 2353.Dq Li YES , 2354these are the flags to pass to 2355.Xr inetd 8 . 2356.It Va hastd_enable 2357.Pq Vt bool 2358If set to 2359.Dq Li YES , 2360run the 2361.Xr hastd 8 2362daemon. 2363.It Va hastd_program 2364.Pq Vt str 2365Path to 2366.Xr hastd 8 2367(default 2368.Pa /sbin/hastd ) . 2369.It Va hastd_flags 2370.Pq Vt str 2371If 2372.Va hastd_enable 2373is set to 2374.Dq Li YES , 2375these are the flags to pass to 2376.Xr hastd 8 . 2377.It Va local_unbound_enable 2378.Pq Vt bool 2379If set to 2380.Dq Li YES , 2381run the 2382.Xr unbound 8 2383daemon as a local caching DNS resolver. 2384.It Va nscd_enable 2385.Pq Vt bool 2386Set to 2387.Dq Li YES 2388to start the 2389.Xr nscd 8 2390caching daemon for the 2391.Nm nsswitch 2392subsystem. 2393.It Va nscd_flags 2394.Pq Vt str 2395If 2396.Va nscd_enable 2397is set to 2398.Dq Li YES , 2399these flags are passed to 2400.Xr nscd 8 . 2401.It Va kdc_enable 2402.Pq Vt bool 2403Set to 2404.Dq Li YES 2405to start a Kerberos 5 authentication server 2406at boot time. 2407.It Va kdc_program 2408.Pq Vt str 2409If 2410.Va kdc_enable 2411is set to 2412.Dq Li YES 2413this is the path to Kerberos 5 Authentication Server. 2414.It Va kdc_flags 2415.Pq Vt str 2416Empty by default. 2417This variable contains additional flags to be passed to the Kerberos 5 2418authentication server. 2419.It Va kadmind_enable 2420.Pq Vt bool 2421Set to 2422.Dq Li YES 2423to start 2424.Xr kadmind 8 , 2425the Kerberos 5 Administration Daemon; set to 2426.Dq Li NO 2427on a slave server. 2428.It Va kadmind_program 2429.Pq Vt str 2430If 2431.Va kadmind_enable 2432is set to 2433.Dq Li YES 2434this is the path to Kerberos 5 Administration Daemon. 2435.It Va kpasswdd_enable 2436.Pq Vt bool 2437Set to 2438.Dq Li YES 2439to start 2440.Xr kpasswdd 8 , 2441the Kerberos 5 Password-Changing Daemon; set to 2442.Dq Li NO 2443on a slave server. 2444.It Va kpasswdd_program 2445.Pq Vt str 2446If 2447.Va kpasswdd_enable 2448is set to 2449.Dq Li YES 2450this is the path to Kerberos 5 Password-Changing Daemon. 2451.It Va kfd_enable 2452.Pq Vt bool 2453Set to 2454.Dq Li YES 2455to start 2456.Xr kfd 8 , 2457the Kerberos 5 ticket forwarding daemon, at the boot time. 2458.It Va kfd_program 2459.Pq Vt str 2460Path to 2461.Xr kfd 8 2462(default 2463.Pa /usr/libexec/kfd ) . 2464.It Va rwhod_enable 2465.Pq Vt bool 2466If set to 2467.Dq Li YES , 2468run the 2469.Xr rwhod 8 2470daemon at boot time. 2471.It Va rwhod_flags 2472.Pq Vt str 2473If 2474.Va rwhod_enable 2475is set to 2476.Dq Li YES , 2477these are the flags to pass to it. 2478.It Va update_motd 2479.Pq Vt bool 2480If set to 2481.Dq Li YES , 2482.Pa /var/run/motd 2483will be updated at boot time to reflect the kernel release 2484being run. 2485If set to 2486.Dq Li NO , 2487.Pa /var/run/motd 2488will not be updated. 2489.It Va nfs_client_enable 2490.Pq Vt bool 2491If set to 2492.Dq Li YES , 2493run the NFS client daemons at boot time. 2494.It Va nfs_access_cache 2495.Pq Vt int 2496If 2497.Va nfs_client_enable 2498is set to 2499.Dq Li YES , 2500this can be set to 2501.Dq Li 0 2502to disable NFS ACCESS RPC caching, or to the number of seconds for which 2503NFS ACCESS 2504results should be cached. 2505A value of 2-10 seconds will substantially reduce network 2506traffic for many NFS operations. 2507.It Va nfs_server_enable 2508.Pq Vt bool 2509If set to 2510.Dq Li YES , 2511run the NFS server daemons at boot time. 2512.It Va nfs_server_flags 2513.Pq Vt str 2514If 2515.Va nfs_server_enable 2516is set to 2517.Dq Li YES , 2518these are the flags to pass to the 2519.Xr nfsd 8 2520daemon. 2521.It Va nfsv4_server_enable 2522.Pq Vt bool 2523If 2524.Va nfs_server_enable 2525is set to 2526.Dq Li YES 2527and 2528.Va nfsv4_server_enable 2529is set to 2530.Dq Li YES , 2531enable the server for NFSv4 as well as NFSv2 and NFSv3. 2532.It Va nfsv4_server_only 2533.Pq Vt bool 2534If 2535.Va nfs_server_enable 2536is set to 2537.Dq Li YES 2538and 2539.Va nfsv4_server_only 2540is set to 2541.Dq Li YES , 2542enable the NFS server for NFSv4 only. 2543.It Va nfs_server_maxio 2544.Pq Vt int 2545value to set vfs.nfsd.srvmaxio to, which is the 2546maximum I/O size for the NFS server. 2547.It Va tlsclntd_enable 2548.Pq Vt bool 2549If set to 2550.Dq Li YES , 2551run the 2552.Xr rpc.tlsclntd 8 2553daemon, which is needed for NFS-over-TLS NFS mounts. 2554.It Va tlsservd_enable 2555.Pq Vt bool 2556If set to 2557.Dq Li YES , 2558run the 2559.Xr rpc.tlsservd 8 2560daemon, which is needed for the 2561.Xr nfsd 8 2562to support NFS-over-TLS NFS mounts. 2563.It Va nfsuserd_enable 2564.Pq Vt bool 2565If 2566.Va nfsuserd_enable 2567is set to 2568.Dq Li YES , 2569run the nfsuserd daemon, which is needed for NFSv4 in order 2570to map between user/group names vs uid/gid numbers. 2571If 2572.Va nfsv4_server_enable 2573is set to 2574.Dq Li YES , 2575this will be forced enabled. 2576.It Va nfsuserd_flags 2577.Pq Vt str 2578If 2579.Va nfsuserd_enable 2580is set to 2581.Dq Li YES , 2582these are the flags to pass to the 2583.Xr nfsuserd 8 2584daemon. 2585.It Va nfscbd_enable 2586.Pq Vt bool 2587If 2588.Va nfscbd_enable 2589is set to 2590.Dq Li YES , 2591run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2592.It Va nfscbd_flags 2593.Pq Vt str 2594If 2595.Va nfscbd_enable 2596is set to 2597.Dq Li YES , 2598these are the flags to pass to the 2599.Xr nfscbd 8 2600daemon. 2601.It Va mountd_enable 2602.Pq Vt bool 2603If set to 2604.Dq Li YES , 2605and no 2606.Va nfs_server_enable 2607is set, start 2608.Xr mountd 8 , 2609but not 2610.Xr nfsd 8 2611daemon. 2612It is commonly needed to run CFS without real NFS used. 2613.It Va mountd_flags 2614.Pq Vt str 2615If 2616.Va mountd_enable 2617is set to 2618.Dq Li YES , 2619these are the flags to pass to the 2620.Xr mountd 8 2621daemon. 2622.It Va weak_mountd_authentication 2623.Pq Vt bool 2624If set to 2625.Dq Li YES , 2626allow services like PCNFSD to make non-privileged mount 2627requests. 2628.It Va nfs_reserved_port_only 2629.Pq Vt bool 2630If set to 2631.Dq Li YES , 2632provide NFS services only on a secure port. 2633.It Va nfs_bufpackets 2634.Pq Vt int 2635If set to a number, indicates the number of packets worth of 2636socket buffer space to reserve on an NFS client. 2637The kernel default is typically 4. 2638Using a higher number may be 2639useful on gigabit networks to improve performance. 2640The minimum value is 26412 and the maximum is 64. 2642.It Va rpc_lockd_enable 2643.Pq Vt bool 2644If set to 2645.Dq Li YES 2646and also an NFS server or client, run 2647.Xr rpc.lockd 8 2648at boot time. 2649.It Va rpc_lockd_flags 2650.Pq Vt str 2651If 2652.Va rpc_lockd_enable 2653is set to 2654.Dq Li YES , 2655these are the flags to pass to the 2656.Xr rpc.lockd 8 2657daemon. 2658.It Va rpc_statd_enable 2659.Pq Vt bool 2660If set to 2661.Dq Li YES 2662and also an NFS server or client, run 2663.Xr rpc.statd 8 2664at boot time. 2665.It Va rpc_statd_flags 2666.Pq Vt str 2667If 2668.Va rpc_statd_enable 2669is set to 2670.Dq Li YES , 2671these are the flags to pass to the 2672.Xr rpc.statd 8 2673daemon. 2674.It Va rpcbind_program 2675.Pq Vt str 2676Path to 2677.Xr rpcbind 8 2678(default 2679.Pa /usr/sbin/rpcbind ) . 2680.It Va rpcbind_enable 2681.Pq Vt bool 2682If set to 2683.Dq Li YES , 2684run the 2685.Xr rpcbind 8 2686service at boot time. 2687.It Va rpcbind_flags 2688.Pq Vt str 2689If 2690.Va rpcbind_enable 2691is set to 2692.Dq Li YES , 2693these are the flags to pass to the 2694.Xr rpcbind 8 2695daemon. 2696.It Va keyserv_enable 2697.Pq Vt bool 2698If set to 2699.Dq Li YES , 2700run the 2701.Xr keyserv 8 2702daemon on boot for running Secure RPC. 2703.It Va keyserv_flags 2704.Pq Vt str 2705If 2706.Va keyserv_enable 2707is set to 2708.Dq Li YES , 2709these are the flags to pass to 2710.Xr keyserv 8 2711daemon. 2712.It Va pppoed_enable 2713.Pq Vt bool 2714If set to 2715.Dq Li YES , 2716run the 2717.Xr pppoed 8 2718daemon at boot time to provide PPP over Ethernet services. 2719.It Va pppoed_ Ns Aq Ar provider 2720.Pq Vt str 2721.Xr pppoed 8 2722listens to requests to this 2723.Ar provider 2724and ultimately runs 2725.Xr ppp 8 2726with a 2727.Ar system 2728argument of the same name. 2729.It Va pppoed_flags 2730.Pq Vt str 2731Additional flags to pass to 2732.Xr pppoed 8 . 2733.It Va pppoed_interface 2734.Pq Vt str 2735The network interface to run 2736.Xr pppoed 8 2737on. 2738This is mandatory when 2739.Va pppoed_enable 2740is set to 2741.Dq Li YES . 2742.It Va ntpdate_enable 2743.Pq Vt bool 2744If set to 2745.Dq Li YES , 2746run 2747.Xr ntpdate 8 2748at system startup. 2749This command is intended to 2750synchronize the system clock only 2751.Em once 2752from some standard reference. 2753.Pp 2754Note that the use of the 2755.Va ntpd_sync_on_start 2756variable is a preferred alternative to the 2757.Xr ntpdate 8 2758utility as 2759.Xr ntpdate 8 2760is to be retired from the NTP distribution. 2761.It Va ntpdate_config 2762.Pq Vt str 2763Configuration file for 2764.Xr ntpdate 8 . 2765Default 2766.Pa /etc/ntp.conf . 2767.It Va ntpdate_hosts 2768.Pq Vt str 2769A whitespace-separated list of NTP servers to synchronize with at startup. 2770The default is to use the servers listed in 2771.Va ntpdate_config , 2772if that file exists. 2773.It Va ntpdate_program 2774.Pq Vt str 2775Path to 2776.Xr ntpdate 8 2777(default 2778.Pa /usr/sbin/ntpdate ) . 2779.It Va ntpdate_flags 2780.Pq Vt str 2781If 2782.Va ntpdate_enable 2783is set to 2784.Dq Li YES , 2785these are the flags to pass to the 2786.Xr ntpdate 8 2787command (typically a hostname). 2788.It Va ntpd_enable 2789.Pq Vt bool 2790If set to 2791.Dq Li YES , 2792run the 2793.Xr ntpd 8 2794command at boot time. 2795.It Va ntpd_program 2796.Pq Vt str 2797Path to 2798.Xr ntpd 8 2799(default 2800.Pa /usr/sbin/ntpd ) . 2801.It Va ntpd_config 2802.Pq Vt str 2803Path to 2804.Xr ntpd 8 2805configuration file. 2806Default 2807.Pa /etc/ntp.conf . 2808.It Va ntpd_flags 2809.Pq Vt str 2810If 2811.Va ntpd_enable 2812is set to 2813.Dq Li YES , 2814these are the flags to pass to the 2815.Xr ntpd 8 2816daemon. 2817.It Va ntpd_sync_on_start 2818.Pq Vt bool 2819If set to 2820.Dq Li YES , 2821.Xr ntpd 8 2822is run with the 2823.Fl g 2824flag, which syncs the system's clock on startup. 2825See 2826.Xr ntpd 8 2827for more information regarding the 2828.Fl g 2829option. 2830This is a preferred alternative to using 2831.Xr ntpdate 8 2832or specifying the 2833.Va ntpdate_enable 2834variable. 2835.It Va nis_client_enable 2836.Pq Vt bool 2837If set to 2838.Dq Li YES , 2839run the 2840.Xr ypbind 8 2841service at system boot time. 2842.It Va nis_client_flags 2843.Pq Vt str 2844If 2845.Va nis_client_enable 2846is set to 2847.Dq Li YES , 2848these are the flags to pass to the 2849.Xr ypbind 8 2850service. 2851.It Va nis_ypldap_enable 2852.Pq Vt bool 2853If set to 2854.Dq Li YES , 2855run the 2856.Xr ypldap 8 2857daemon at system boot time. 2858.It Va nis_ypldap_flags 2859.Pq Vt str 2860If 2861.Va nis.ypldap_enable 2862is set to 2863.Dq Li YES , 2864these are the flags to pass to the 2865.Xr ypldap 8 2866daemon. 2867.It Va nis_ypset_enable 2868.Pq Vt bool 2869If set to 2870.Dq Li YES , 2871run the 2872.Xr ypset 8 2873daemon at system boot time. 2874.It Va nis_ypset_flags 2875.Pq Vt str 2876If 2877.Va nis_ypset_enable 2878is set to 2879.Dq Li YES , 2880these are the flags to pass to the 2881.Xr ypset 8 2882daemon. 2883.It Va nis_server_enable 2884.Pq Vt bool 2885If set to 2886.Dq Li YES , 2887run the 2888.Xr ypserv 8 2889daemon at system boot time. 2890.It Va nis_server_flags 2891.Pq Vt str 2892If 2893.Va nis_server_enable 2894is set to 2895.Dq Li YES , 2896these are the flags to pass to the 2897.Xr ypserv 8 2898daemon. 2899.It Va nis_ypxfrd_enable 2900.Pq Vt bool 2901If set to 2902.Dq Li YES , 2903run the 2904.Xr rpc.ypxfrd 8 2905daemon at system boot time. 2906.It Va nis_ypxfrd_flags 2907.Pq Vt str 2908If 2909.Va nis_ypxfrd_enable 2910is set to 2911.Dq Li YES , 2912these are the flags to pass to the 2913.Xr rpc.ypxfrd 8 2914daemon. 2915.It Va nis_yppasswdd_enable 2916.Pq Vt bool 2917If set to 2918.Dq Li YES , 2919run the 2920.Xr rpc.yppasswdd 8 2921daemon at system boot time. 2922.It Va nis_yppasswdd_flags 2923.Pq Vt str 2924If 2925.Va nis_yppasswdd_enable 2926is set to 2927.Dq Li YES , 2928these are the flags to pass to the 2929.Xr rpc.yppasswdd 8 2930daemon. 2931.It Va rpc_ypupdated_enable 2932.Pq Vt bool 2933If set to 2934.Dq Li YES , 2935run the 2936.Nm rpc.ypupdated 2937daemon at system boot time. 2938.It Va bsnmpd_enable 2939.Pq Vt bool 2940If set to 2941.Dq Li YES , 2942run the 2943.Xr bsnmpd 1 2944daemon at system boot time. 2945Be sure to understand the security implications of running an SNMP daemon 2946on your host. 2947.It Va bsnmpd_flags 2948.Pq Vt str 2949If 2950.Va bsnmpd_enable 2951is set to 2952.Dq Li YES , 2953these are the flags to pass to the 2954.Xr bsnmpd 1 2955daemon. 2956.It Va defaultrouter 2957.Pq Vt str 2958If not set to 2959.Dq Li NO , 2960create a default route to this host name or IP address 2961(use an IP address if this router is also required to get to the 2962name server!). 2963.It Va defaultrouter_fibN 2964.Pq Vt str 2965If not set to 2966.Dq Li NO , 2967create a default route in FIB N to this host name or IP address. 2968.It Va ipv6_defaultrouter 2969.Pq Vt str 2970The IPv6 equivalent of 2971.Va defaultrouter . 2972.It Va ipv6_defaultrouter_fibN 2973.Pq Vt str 2974The IPv6 equivalent of 2975.Va defaultrouter_fibN . 2976.It Va static_arp_pairs 2977.Pq Vt str 2978Set to the list of static ARP pairs that are to be added at system 2979boot time. 2980For each whitespace separated 2981.Ar element 2982in the value, a 2983.Va static_arp_ Ns Aq Ar element 2984variable is assumed to exist whose contents will later be passed to a 2985.Dq Nm arp Cm -S 2986operation. 2987For example 2988.Bd -literal 2989static_arp_pairs="gw" 2990static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2991.Ed 2992.It Va static_ndp_pairs 2993.Pq Vt str 2994Set to the list of static NDP pairs that are to be added at system 2995boot time. 2996For each whitespace separated 2997.Ar element 2998in the value, a 2999.Va static_ndp_ Ns Aq Ar element 3000variable is assumed to exist whose contents will later be passed to a 3001.Dq Nm ndp Cm -s 3002operation. 3003For example 3004.Bd -literal 3005static_ndp_pairs="gw" 3006static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 3007.Ed 3008.It Va static_routes 3009.Pq Vt str 3010Set to the list of static routes that are to be added at system 3011boot time. 3012If not set to 3013.Dq Li NO 3014then for each whitespace separated 3015.Ar element 3016in the value, a 3017.Va route_ Ns Aq Ar element 3018variable is assumed to exist 3019whose contents will later be passed to a 3020.Dq Nm route Cm add 3021operation. 3022For example: 3023.Bd -literal 3024static_routes="ext mcast:gif0 gif0local:gif0" 3025route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 3026route_mcast="-net 224.0.0.0/4 -iface gif0" 3027route_gif0local="-host 169.254.1.1 -iface lo0" 3028.Ed 3029.Pp 3030When an 3031.Ar element 3032is in the form of 3033.Li name:ifname , 3034the route is specific to the interface 3035.Li ifname . 3036.It Va ipv6_static_routes 3037.Pq Vt str 3038The IPv6 equivalent of 3039.Va static_routes . 3040If not set to 3041.Dq Li NO 3042then for each whitespace separated 3043.Ar element 3044in the value, a 3045.Va ipv6_route_ Ns Aq Ar element 3046variable is assumed to exist 3047whose contents will later be passed to a 3048.Dq Nm route Cm add Fl inet6 3049operation. 3050.It Va gateway_enable 3051.Pq Vt bool 3052If set to 3053.Dq Li YES , 3054configure host to act as an IP router, e.g.\& to forward packets 3055between interfaces. 3056.It Va ipv6_gateway_enable 3057.Pq Vt bool 3058The IPv6 equivalent of 3059.Va gateway_enable . 3060.It Va routed_enable 3061.Pq Vt bool 3062If set to 3063.Dq Li YES , 3064run a routing daemon of some sort, based on the 3065settings of 3066.Va routed_program 3067and 3068.Va routed_flags . 3069.It Va route6d_enable 3070.Pq Vt bool 3071The IPv6 equivalent of 3072.Va routed_enable . 3073If set to 3074.Dq Li YES , 3075run a routing daemon of some sort, based on the 3076settings of 3077.Va route6d_program 3078and 3079.Va route6d_flags . 3080.It Va routed_program 3081.Pq Vt str 3082If 3083.Va routed_enable 3084is set to 3085.Dq Li YES , 3086this is the name of the routing daemon to use. 3087The default is 3088.Xr routed 8 . 3089.It Va route6d_program 3090.Pq Vt str 3091The IPv6 equivalent of 3092.Va routed_program . 3093The default is 3094.Xr route6d 8 . 3095.It Va routed_flags 3096.Pq Vt str 3097If 3098.Va routed_enable 3099is set to 3100.Dq Li YES , 3101these are the flags to pass to the routing daemon. 3102.It Va route6d_flags 3103.Pq Vt str 3104The IPv6 equivalent of 3105.Va routed_flags . 3106.It Va rtadvd_enable 3107.Pq Vt bool 3108If set to 3109.Dq Li YES , 3110run the 3111.Xr rtadvd 8 3112daemon at boot time. 3113The 3114.Xr rtadvd 8 3115utility sends ICMPv6 Router Advertisement messages to 3116the interfaces specified in 3117.Va rtadvd_interfaces . 3118This should only be enabled with great care. 3119You may want to fine-tune 3120.Xr rtadvd.conf 5 . 3121.It Va rtadvd_interfaces 3122.Pq Vt str 3123If 3124.Va rtadvd_enable 3125is set to 3126.Dq Li YES 3127this is the list of interfaces to use. 3128.It Va arpproxy_all 3129.Pq Vt bool 3130If set to 3131.Dq Li YES , 3132enable global proxy ARP. 3133.It Va forward_sourceroute 3134.Pq Vt bool 3135If set to 3136.Dq Li YES 3137and 3138.Va gateway_enable 3139is also set to 3140.Dq Li YES , 3141source-routed packets are forwarded. 3142.It Va accept_sourceroute 3143.Pq Vt bool 3144If set to 3145.Dq Li YES , 3146the system will accept source-routed packets directed at it. 3147.It Va rarpd_enable 3148.Pq Vt bool 3149If set to 3150.Dq Li YES , 3151run the 3152.Xr rarpd 8 3153daemon at system boot time. 3154.It Va rarpd_flags 3155.Pq Vt str 3156If 3157.Va rarpd_enable 3158is set to 3159.Dq Li YES , 3160these are the flags to pass to the 3161.Xr rarpd 8 3162daemon. 3163.It Va bootparamd_enable 3164.Pq Vt bool 3165If set to 3166.Dq Li YES , 3167run the 3168.Xr bootparamd 8 3169daemon at system boot time. 3170.It Va bootparamd_flags 3171.Pq Vt str 3172If 3173.Va bootparamd_enable 3174is set to 3175.Dq Li YES , 3176these are the flags to pass to the 3177.Xr bootparamd 8 3178daemon. 3179.It Va stf_interface_ipv4addr 3180.Pq Vt str 3181If not set to 3182.Dq Li NO , 3183this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3184interface). 3185Specify this entry to enable the 6to4 interface. 3186.It Va stf_interface_ipv4plen 3187.Pq Vt int 3188Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3189An effective value is 0-31. 3190.It Va stf_interface_ipv6_ifid 3191.Pq Vt str 3192IPv6 interface ID for 3193.Xr stf 4 . 3194This can be set to 3195.Dq Li AUTO . 3196.It Va stf_interface_ipv6_slaid 3197.Pq Vt str 3198IPv6 Site Level Aggregator for 3199.Xr stf 4 . 3200.It Va ipv6_ipv4mapping 3201.Pq Vt bool 3202If set to 3203.Dq Li YES 3204this enables IPv4 mapped IPv6 address communication (like 3205.Li ::ffff:a.b.c.d ) . 3206.It Va rtsold_enable 3207.Pq Vt bool 3208Set to 3209.Dq Li YES 3210to enable the 3211.Xr rtsold 8 3212daemon to send ICMPv6 Router Solicitation messages. 3213.It Va rtsold_flags 3214.Pq Vt str 3215If 3216.Va rtsold_enable 3217is set to 3218.Dq Li YES , 3219these are the flags to pass to 3220.Xr rtsold 8 . 3221.It Va rtsol_flags 3222.Pq Vt str 3223For interfaces configured with the 3224.Dq Li inet6 accept_rtadv 3225keyword, these are the flags to pass to 3226.Xr rtsol 8 . 3227.Pp 3228Note that 3229.Va rtsold_enable 3230is mutually exclusive to 3231.Va rtsol_flags ; 3232.Va rtsold_enable 3233takes precedence. 3234.It Va keybell 3235.Pq Vt str 3236The keyboard bell sound. 3237Set to 3238.Dq Li normal , 3239.Dq Li visual , 3240.Dq Li off , 3241or 3242.Dq Li NO 3243if the default behavior is desired. 3244For details, refer to the 3245.Xr kbdcontrol 1 3246manpage. 3247.It Va keyboard 3248.Pq Vt str 3249If set to a non-null string, the virtual console's keyboard input is 3250set to this device. 3251.It Va keymap 3252.Pq Vt str 3253If set to 3254.Dq Li NO , 3255no keymap is installed, otherwise the value is used to install 3256the keymap file found in 3257.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3258(if using 3259.Xr syscons 4 ) or 3260.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3261(if using 3262.Xr vt 4 ) . 3263.It Va keyrate 3264.Pq Vt str 3265The keyboard repeat speed. 3266Set to 3267.Dq Li slow , 3268.Dq Li normal , 3269.Dq Li fast , 3270or 3271.Dq Li NO 3272if the default behavior is desired. 3273.It Va keychange 3274.Pq Vt str 3275If not set to 3276.Dq Li NO , 3277attempt to program the function keys with the value. 3278The value should 3279be a single string of the form: 3280.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3281.It Va cursor 3282.Pq Vt str 3283Can be set to the value of 3284.Dq Li normal , 3285.Dq Li blink , 3286.Dq Li destructive , 3287or 3288.Dq Li NO 3289to set the cursor behavior explicitly or choose the default behavior. 3290.It Va scrnmap 3291.Pq Vt str 3292If set to 3293.Dq Li NO , 3294no screen map is installed, otherwise the value is used to install 3295the screen map file in 3296.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3297This parameter is ignored when using 3298.Xr vt 4 3299as the console driver. 3300.It Va font8x16 3301.Pq Vt str 3302If set to 3303.Dq Li NO , 3304the default 8x16 font value is used for screen size requests, otherwise 3305the value in 3306.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3307or 3308.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3309is used (depending on the console driver being used). 3310.It Va font8x14 3311.Pq Vt str 3312If set to 3313.Dq Li NO , 3314the default 8x14 font value is used for screen size requests, otherwise 3315the value in 3316.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3317or 3318.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3319is used (depending on the console driver being used). 3320.It Va font8x8 3321.Pq Vt str 3322If set to 3323.Dq Li NO , 3324the default 8x8 font value is used for screen size requests, otherwise 3325the value in 3326.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3327or 3328.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3329is used (depending on the console driver being used). 3330.It Va blanktime 3331.Pq Vt int 3332If set to 3333.Dq Li NO , 3334the default screen blanking interval is used, otherwise it is set 3335to 3336.Ar value 3337seconds. 3338.It Va saver 3339.Pq Vt str 3340If not set to 3341.Dq Li NO , 3342this is the actual screen saver to use 3343.Li ( blank , snake , daemon , 3344etc). 3345.It Va moused_nondefault_enable 3346.Pq Vt str 3347If set to 3348.Dq Li NO , 3349the mouse device specified on 3350the command line is not automatically treated as enabled by the 3351.Pa /etc/rc.d/moused 3352script. 3353Having this variable set to 3354.Dq Li YES 3355allows a 3356.Xr usb 4 3357mouse, 3358for example, 3359to be enabled as soon as it is plugged in. 3360.It Va moused_enable 3361.Pq Vt str 3362If set to 3363.Dq Li YES , 3364the 3365.Xr moused 8 3366daemon is started for doing cut/paste selection on the console. 3367.It Va moused_type 3368.Pq Vt str 3369This is the protocol type of the mouse connected to this host. 3370This variable must be set if 3371.Va moused_enable 3372is set to 3373.Dq Li YES , 3374but defaults to 3375.Dq Li auto 3376as the 3377.Xr moused 8 3378daemon 3379is able to detect the appropriate mouse type automatically in many cases. 3380Set this variable to 3381one from the following list if the automatic detection fails. 3382.Pp 3383If the mouse is attached to the PS/2 mouse port, choose 3384.Dq Li auto 3385or 3386.Dq Li ps/2 , 3387regardless of the brand and model of the mouse. 3388Likewise, if the 3389mouse is attached to the bus mouse port, choose 3390.Dq Li auto 3391or 3392.Dq Li busmouse . 3393All other protocols are for serial mice and will not work with 3394the PS/2 and bus mice. 3395If this is a USB mouse, 3396.Dq Li auto 3397is the only protocol type which will work. 3398.Pp 3399.Bl -tag -width ".Li x10mouseremote" -compact 3400.It Li microsoft 3401Microsoft mouse (serial) 3402.It Li intellimouse 3403Microsoft IntelliMouse (serial) 3404.It Li mousesystems 3405Mouse systems Corp.\& mouse (serial) 3406.It Li mmseries 3407MM Series mouse (serial) 3408.It Li logitech 3409Logitech mouse (serial) 3410.It Li busmouse 3411A bus mouse 3412.It Li mouseman 3413Logitech MouseMan and TrackMan (serial) 3414.It Li glidepoint 3415ALPS GlidePoint (serial) 3416.It Li thinkingmouse 3417Kensington ThinkingMouse (serial) 3418.It Li ps/2 3419PS/2 mouse 3420.It Li mmhittab 3421MM HitTablet (serial) 3422.It Li x10mouseremote 3423X10 MouseRemote (serial) 3424.It Li versapad 3425Interlink VersaPad (serial) 3426.El 3427.Pp 3428Even if the mouse is not in the above list, it may be compatible 3429with one in the list. 3430Refer to the manual page for 3431.Xr moused 8 3432for compatibility information. 3433.Pp 3434It should also be noted that while this is enabled, any 3435other client of the mouse (such as an X server) should access 3436the mouse through the virtual mouse device, 3437.Pa /dev/sysmouse , 3438and configure it as a 3439.Dq Li sysmouse 3440type mouse, since all 3441mouse data is converted to this single canonical format when 3442using 3443.Xr moused 8 . 3444If the client program does not support the 3445.Dq Li sysmouse 3446type, 3447specify the 3448.Dq Li mousesystems 3449type. 3450It is the second preferred type. 3451.It Va moused_port 3452.Pq Vt str 3453If 3454.Va moused_enable 3455is set to 3456.Dq Li YES , 3457this is the actual port the mouse is on. 3458It might be 3459.Pa /dev/cuau0 3460for a COM1 serial mouse, or 3461.Pa /dev/psm0 3462for a PS/2 mouse, for example. 3463.It Va moused_flags 3464.Pq Vt str 3465If 3466.Va moused_flags 3467is set, its value is used as an additional set of flags to pass to the 3468.Xr moused 8 3469daemon. 3470.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3471When 3472.Va moused_nondefault_enable 3473is enabled, and a 3474.Xr moused 8 3475daemon is started for a non-default port, the 3476.Va "moused_" Ns Ar XXX Ns Va "_flags" 3477set of options has precedence over and replaces the default 3478.Va moused_flags 3479(where 3480.Ar XXX 3481is the name of the non-default port, i.e.,\& 3482.Ar ums0 ) . 3483By setting 3484.Va "moused_" Ns Ar XXX Ns Va "_flags" 3485it is possible to set up a different set of default flags for each 3486.Xr moused 8 3487instance. 3488For example, you can use 3489.Dq Li "-3" 3490for the default 3491.Va moused_flags 3492to make your laptop's touchpad more comfortable to use, 3493but an empty set of options for 3494.Va moused_ums0_flags 3495when your 3496.Xr usb 4 3497mouse has three or more buttons. 3498.It Va mousechar_start 3499.Pq Vt int 3500If set to 3501.Dq Li NO , 3502the default mouse cursor character range 3503.Li 0xd0 Ns - Ns Li 0xd3 3504is used, 3505otherwise the range start is set 3506to 3507.Ar value 3508character, see 3509.Xr vidcontrol 1 . 3510Use if the default range is occupied in the language code table. 3511.It Va allscreens_flags 3512.Pq Vt str 3513If set, 3514.Xr vidcontrol 1 3515is run with these options for each of the virtual terminals 3516.Pq Pa /dev/ttyv* . 3517For example, 3518.Dq Fl m Cm on 3519will enable the mouse pointer on all virtual terminals 3520if 3521.Va moused_enable 3522is set to 3523.Dq Li YES . 3524.It Va allscreens_kbdflags 3525.Pq Vt str 3526If set, 3527.Xr kbdcontrol 1 3528is run with these options for each of the virtual terminals 3529.Pq Pa /dev/ttyv* . 3530For example, 3531.Dq Fl h Li 200 3532will set the 3533.Xr syscons 4 3534or 3535.Xr vt 4 3536scrollback (history) buffer to 200 lines. 3537.It Va cron_enable 3538.Pq Vt bool 3539If set to 3540.Dq Li YES , 3541run the 3542.Xr cron 8 3543daemon at system boot time. 3544.It Va cron_program 3545.Pq Vt str 3546Path to 3547.Xr cron 8 3548(default 3549.Pa /usr/sbin/cron ) . 3550.It Va cron_flags 3551.Pq Vt str 3552If 3553.Va cron_enable 3554is set to 3555.Dq Li YES , 3556these are the flags to pass to 3557.Xr cron 8 . 3558.It Va cron_dst 3559.Pq Vt bool 3560If set to 3561.Dq Li YES , 3562enable the special handling of transitions to and from the 3563Daylight Saving Time in 3564.Xr cron 8 3565(equivalent to using the flag 3566.Fl s ) . 3567.It Va lpd_program 3568.Pq Vt str 3569Path to 3570.Xr lpd 8 3571(default 3572.Pa /usr/sbin/lpd ) . 3573.It Va lpd_enable 3574.Pq Vt bool 3575If set to 3576.Dq Li YES , 3577run the 3578.Xr lpd 8 3579daemon at system boot time. 3580.It Va lpd_flags 3581.Pq Vt str 3582If 3583.Va lpd_enable 3584is set to 3585.Dq Li YES , 3586these are the flags to pass to the 3587.Xr lpd 8 3588daemon. 3589.It Va chkprintcap_enable 3590.Pq Vt bool 3591If set to 3592.Dq Li YES , 3593run the 3594.Xr chkprintcap 8 3595command before starting the 3596.Xr lpd 8 3597daemon. 3598.It Va chkprintcap_flags 3599.Pq Vt str 3600If 3601.Va lpd_enable 3602and 3603.Va chkprintcap_enable 3604are set to 3605.Dq Li YES , 3606these are the flags to pass to the 3607.Xr chkprintcap 8 3608program. 3609The default is 3610.Dq Li -d , 3611which causes missing directories to be created. 3612.It Va dumpdev 3613.Pq Vt str 3614Indicates the device (usually a swap partition) to which a crash dump 3615should be written in the event of a system crash. 3616If the value of this variable is 3617.Dq Li AUTO , 3618the first suitable swap device listed in 3619.Pa /etc/fstab 3620will be used as dump device. 3621Otherwise, the value of this variable is passed as the argument to 3622.Xr dumpon 8 3623and 3624.Xr savecore 8 . 3625To disable crash dumps, set this variable to 3626.Dq Li NO . 3627.It Va dumpon_flags 3628.Pq Vt str 3629Flags to pass to 3630.Xr dumpon 8 3631when configuring 3632.Va dumpdev 3633as the system dump device. 3634.It Va dumpdir 3635.Pq Vt str 3636When the system reboots after a crash and a crash dump is found on the 3637device specified by the 3638.Va dumpdev 3639variable, 3640.Xr savecore 8 3641will save that crash dump and a copy of the kernel to the directory 3642specified by the 3643.Va dumpdir 3644variable. 3645The default value is 3646.Pa /var/crash . 3647Set to 3648.Dq Li NO 3649to not run 3650.Xr savecore 8 3651at boot time when 3652.Va dumpdir 3653is set. 3654.It Va savecore_enable 3655.Pq Vt bool 3656If set to 3657.Dq Li NO , 3658disable automatic extraction of the crash dump from the 3659.Va dumpdev . 3660.It Va savecore_flags 3661.Pq Vt str 3662If crash dumps are enabled, these are the flags to pass to the 3663.Xr savecore 8 3664utility. 3665.It Va quota_enable 3666.Pq Vt bool 3667Set to 3668.Dq Li YES 3669to turn on user and group disk quotas on system startup via the 3670.Xr quotaon 8 3671command for all file systems marked as having quotas enabled in 3672.Pa /etc/fstab . 3673The kernel must be built with 3674.Cd "options QUOTA" 3675for disk quotas to function. 3676.It Va check_quotas 3677.Pq Vt bool 3678Set to 3679.Dq Li YES 3680to enable user and group disk quota checking via the 3681.Xr quotacheck 8 3682command. 3683.It Va quotacheck_flags 3684.Pq Vt str 3685If 3686.Va quota_enable 3687is set to 3688.Dq Li YES , 3689and 3690.Va check_quotas 3691is set to 3692.Dq Li YES , 3693these are the flags to pass to the 3694.Xr quotacheck 8 3695utility. 3696The default is 3697.Dq Li "-a" , 3698which checks quotas for all file systems with quotas enabled in 3699.Pa /etc/fstab . 3700.It Va quotaon_flags 3701.Pq Vt str 3702If 3703.Va quota_enable 3704is set to 3705.Dq Li YES , 3706these are the flags to pass to the 3707.Xr quotaon 8 3708utility. 3709The default is 3710.Dq Li "-a" , 3711which enables quotas for all file systems with quotas enabled in 3712.Pa /etc/fstab . 3713.It Va quotaoff_flags 3714.Pq Vt str 3715If 3716.Va quota_enable 3717is set to 3718.Dq Li YES , 3719these are the flags to pass to the 3720.Xr quotaoff 8 3721utility when shutting down the quota system. 3722The default is 3723.Dq Li "-a" , 3724which disables quotas for all file systems with quotas enabled in 3725.Pa /etc/fstab . 3726.It Va accounting_enable 3727.Pq Vt bool 3728Set to 3729.Dq Li YES 3730to enable system accounting through the 3731.Xr accton 8 3732facility. 3733.It Va firstboot_sentinel 3734.Pq Vt str 3735This variable specifies the full path to a 3736.Dq first boot 3737sentinel file. 3738If a file exists with this path, 3739.Pa rc.d 3740scripts with the 3741.Dq firstboot 3742keyword will be run on startup and the sentinel file will be deleted 3743after the boot process completes. 3744The sentinel file must be located on a writable file system which is 3745mounted no later than 3746.Va early_late_divider 3747to function properly. 3748The default is 3749.Pa /firstboot . 3750.It Va linux_enable 3751.Pq Vt bool 3752Set to 3753.Dq Li YES 3754to enable Linux/ELF binary emulation at system initial 3755boot time. 3756.It Va sysvipc_enable 3757.Pq Vt bool 3758If set to 3759.Dq Li YES , 3760load System V IPC primitives at boot time. 3761.It Va clear_tmp_enable 3762.Pq Vt bool 3763Set to 3764.Dq Li YES 3765to have 3766.Pa /tmp 3767cleaned at startup. 3768.It Va clear_tmp_X 3769.Pq Vt bool 3770Set to 3771.Dq Li NO 3772to disable removing of X11 lock files, 3773and the removal and (secure) recreation 3774of the various socket directories for X11 3775related programs. 3776.It Va ldconfig_paths 3777.Pq Vt str 3778Set to the list of shared library paths to use with 3779.Xr ldconfig 8 . 3780NOTE: 3781.Pa /lib 3782and 3783.Pa /usr/lib 3784will always be added first, so they need not appear in this list. 3785.It Va ldconfig32_paths 3786.Pq Vt str 3787Set to the list of 32-bit compatibility shared library paths to 3788use with 3789.Xr ldconfig 8 . 3790.It Va ldconfig_insecure 3791.Pq Vt bool 3792The 3793.Xr ldconfig 8 3794utility normally refuses to use directories 3795which are writable by anyone except root. 3796Set this variable to 3797.Dq Li YES 3798to disable that security check during system startup. 3799.It Va ldconfig_local_dirs 3800.Pq Vt str 3801Set to the list of local 3802.Xr ldconfig 8 3803directories. 3804The names of all files in the directories listed will be 3805passed as arguments to 3806.Xr ldconfig 8 . 3807.It Va ldconfig_local32_dirs 3808.Pq Vt str 3809Set to the list of local 32-bit compatibility 3810.Xr ldconfig 8 3811directories. 3812The names of all files in the directories listed will be 3813passed as arguments to 3814.Dq Nm ldconfig Fl 32 . 3815.It Va kern_securelevel_enable 3816.Pq Vt bool 3817Set to 3818.Dq Li YES 3819to set the kernel security level at system startup. 3820.It Va kern_securelevel 3821.Pq Vt int 3822The kernel security level to set at startup. 3823The allowed range of 3824.Ar value 3825ranges from \-1 (the compile time default) to 3 (the 3826most secure). 3827See 3828.Xr security 7 3829for the list of possible security levels and their effect 3830on system operation. 3831.It Va sshd_program 3832.Pq Vt str 3833Path to the SSH server program 3834.Pa ( /usr/sbin/sshd 3835is the default). 3836.It Va sshd_enable 3837.Pq Vt bool 3838Set to 3839.Dq Li YES 3840to start 3841.Xr sshd 8 3842at system boot time. 3843.It Va sshd_flags 3844.Pq Vt str 3845If 3846.Va sshd_enable 3847is set to 3848.Dq Li YES , 3849these are the flags to pass to the 3850.Xr sshd 8 3851daemon. 3852.It Va ftpd_program 3853.Pq Vt str 3854Path to the FTP server program 3855.Pa ( /usr/libexec/ftpd 3856is the default). 3857.It Va ftpd_enable 3858.Pq Vt bool 3859Set to 3860.Dq Li YES 3861to start 3862.Xr ftpd 8 3863as a stand-alone daemon at system boot time. 3864.It Va ftpd_flags 3865.Pq Vt str 3866If 3867.Va ftpd_enable 3868is set to 3869.Dq Li YES , 3870these are the additional flags to pass to the 3871.Xr ftpd 8 3872daemon. 3873.It Va watchdogd_enable 3874.Pq Vt bool 3875If set to 3876.Dq Li YES , 3877start the 3878.Xr watchdogd 8 3879daemon at boot time. 3880This requires that the kernel have been compiled with a 3881.Xr watchdog 4 3882compatible device. 3883.It Va watchdogd_flags 3884.Pq Vt str 3885If 3886.Va watchdogd_enable 3887is set to 3888.Dq Li YES , 3889these are the flags passed to the 3890.Xr watchdogd 8 3891daemon. 3892.It Va watchdogd_timeout 3893.Pq Vt int 3894If 3895.Va watchdogd_enable 3896is set to 3897.Dq Li YES , 3898this is a timeout that will be used by the 3899.Xr watchdogd 8 3900daemon. 3901If this option is set, it overrides 3902.Fl t 3903in 3904.Va watchdogd_flags . 3905.It Va watchdogd_shutdown_timeout 3906.Pq Vt int 3907If 3908.Va watchdogd_enable 3909is set to 3910.Dq Li YES , 3911this is a timeout that will be set by the 3912.Xr watchdogd 8 3913daemon when it exits during the system shutdown. 3914This timeout will not be set when returning to the single-user mode 3915or when the watchdogd service is stopped individually using the 3916.Xr service 8 3917command or the rc.d script. 3918Note that the timeout will be applied if 3919.Xr watchdogd 8 3920is stopped outside of 3921.Xr rc 8 3922framework. 3923If this option is set, it overrides 3924.Fl x 3925in 3926.Va watchdogd_flags . 3927.It Va devfs_rulesets 3928.Pq Vt str 3929List of files containing sets of rules for 3930.Xr devfs 8 . 3931.It Va devfs_system_ruleset 3932.Pq Vt str 3933Rule name(s) to apply to the system 3934.Pa /dev 3935itself. 3936.It Va devfs_set_rulesets 3937.Pq Vt str 3938Pairs of already-mounted 3939.Pa dev 3940directories and rulesets that should be applied to them. 3941For example: /mount/dev=ruleset_name 3942.It Va devfs_load_rulesets 3943.Pq Vt bool 3944If set, always load the default rulesets listed in 3945.Va devfs_rulesets . 3946.It Va performance_cx_lowest 3947.Pq Vt str 3948CPU idle state to use while on AC power. 3949The string 3950.Dq Li LOW 3951indicates that 3952.Xr acpi 4 3953should use the lowest power state available while 3954.Dq Li HIGH 3955indicates that the lowest latency state (less power savings) should be used. 3956.It Va performance_cpu_freq 3957.Pq Vt str 3958CPU clock frequency to use while on AC power. 3959The string 3960.Dq Li LOW 3961indicates that 3962.Xr cpufreq 4 3963should use the lowest frequency available while 3964.Dq Li HIGH 3965indicates that the highest frequency (less power savings) should be used. 3966.It Va economy_cx_lowest 3967.Pq Vt str 3968CPU idle state to use when off AC power. 3969The string 3970.Dq Li LOW 3971indicates that 3972.Xr acpi 4 3973should use the lowest power state available while 3974.Dq Li HIGH 3975indicates that the lowest latency state (less power savings) should be used. 3976.It Va economy_cpu_freq 3977.Pq Vt str 3978CPU clock frequency to use when off AC power. 3979The string 3980.Dq Li LOW 3981indicates that 3982.Xr cpufreq 4 3983should use the lowest frequency available while 3984.Dq Li HIGH 3985indicates that the highest frequency (less power savings) should be used. 3986.It Va jail_enable 3987.Pq Vt bool 3988If set to 3989.Dq Li NO , 3990any configured jails will not be started. 3991.It Va jail_conf 3992.Pq Vt str 3993The configuration filename used by 3994.Xr jail 8 3995utility. 3996The default value is 3997.Pa /etc/jail.conf . 3998.Pa /etc/jail\&. Ns Ao Va jname Ac Ns Pa .conf 3999and 4000.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf 4001will also be used if 4002.Ao Va jname Ac 4003is set in 4004.Va jail_list . 4005.It Va jail_parallel_start 4006.Pq Vt bool 4007If set to 4008.Dq Li YES , 4009all configured jails will be started in the background (in parallel). 4010.It Va jail_flags 4011.Pq Vt str 4012Unset by default. 4013When set, use as default value for 4014.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4015for every jail in 4016.Va jail_list . 4017.It Va jail_list 4018.Pq Vt str 4019A space-delimited list of jail names. 4020When left empty, all of the 4021.Xr jail 8 4022instances defined in the configuration file are started. 4023The names specified in this list control the jail startup order. 4024.Xr jail 8 4025instances missing from 4026.Va jail_list 4027must be started manually. 4028Note that a jail's 4029.Va depend 4030parameter in the configuration file may override this list. 4031.It Va jail_reverse_stop 4032.Pq Vt bool 4033When set to 4034.Dq Li YES , 4035all configured jails in 4036.Va jail_list 4037are stopped in reverse order. 4038.It Va jail_ Ns * variables 4039Note that older releases supported per-jail configuration via 4040.Nm 4041variables. 4042For example, 4043hostname of a jail named 4044.Li vjail 4045was able to be set by 4046.Li jail_vjail_hostname . 4047These per-jail configuration variables are now obsolete in favor of 4048.Xr jail 8 4049configuration file. 4050For backward compatibility, 4051when per-jail configuration variables are defined, 4052.Xr jail 8 4053configuration files are created as 4054.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4055and used. 4056.Pp 4057The following per-jail parameters are handled by 4058.Pa rc.d/jail 4059script out of their corresponding 4060.Nm 4061variables. 4062In addition to them, parameters in 4063.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4064will be added to the configuration file. 4065They must be a semi-colon 4066.Pq Ql \&; 4067delimited list of 4068.Dq key=value . 4069For more details, 4070see 4071.Xr jail 8 4072manual page. 4073.Bl -tag -width "host.hostname" -offset indent 4074.It Li path 4075set from 4076.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4077.It Li host.hostname 4078set from 4079.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4080.It Li exec.consolelog 4081set from 4082.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4083The default value is 4084.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4085.It Li interface 4086set from 4087.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4088.It Li vnet.interface 4089set from 4090.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4091This implies 4092.Li vnet 4093parameter will be enabled and cannot be specified with 4094.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4095.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4096and/or 4097.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4098at the same time. 4099.It Li fstab 4100set from 4101.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4102.It Li mount 4103set from 4104.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4105.It Li exec.fib 4106set from 4107.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4108.It Li exec.start 4109set from 4110.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4111The parameter name was 4112.Li command 4113in some older releases. 4114.It Li exec.prestart 4115set from 4116.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4117.It Li exec.poststart 4118set from 4119.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4120.It Li exec.stop 4121set from 4122.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4123.It Li exec.prestop 4124set from 4125.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4126.It Li exec.poststop 4127set from 4128.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4129.It Li ip4.addr 4130set if 4131.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4132or 4133.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4134contain IPv4 addresses 4135.It Li ip6.addr 4136set if 4137.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4138or 4139.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4140contain IPv6 addresses 4141.It Li allow.mount 4142set from 4143.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4144.It Li mount.devfs 4145set from 4146.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4147.It Li devfs_ruleset 4148set from 4149.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4150This must be an integer, 4151not a string. 4152.It Li mount.fdescfs 4153set from 4154.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4155.It Li allow.set_hostname 4156set from 4157.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4158.It Li allow.rawsocket 4159set from 4160.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4161.It Li allow.sysvipc 4162set from 4163.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4164.El 4165.\" ----------------------------------------------------- 4166.It Va harvest_mask 4167.Pq Vt int 4168Set to a bit-mask 4169representing the entropy sources 4170you wish to harvest. 4171Refer to 4172.Xr random 4 4173for more information. 4174.It Va entropy_dir 4175.Pq Vt str 4176Set to 4177.Dq Li NO 4178to disable caching entropy via 4179.Xr cron 8 . 4180Otherwise set to the directory 4181in which the entropy files are stored. 4182To be useful, 4183there must be 4184a system cron job 4185that regularly writes and rotates 4186files here. 4187All files found 4188will be used at boot time. 4189The default is 4190.Pa /var/db/entropy . 4191.It Va entropy_file 4192.Pq Vt str 4193Set to 4194.Dq Li NO 4195to disable caching entropy through reboots. 4196Otherwise set to the name 4197of a file used to store cached entropy. 4198This file should be located 4199on a file system that is readable 4200before all the volumes specified in 4201.Xr fstab 5 4202are mounted. 4203By default, 4204.Pa /entropy 4205is used, 4206but if 4207.Pa /var/db/entropy-file 4208is found it will also be used. 4209This will be of some use to 4210.Xr bsdinstall 8 . 4211.It Va entropy_boot_file 4212.Pq Vt str 4213Set to 4214.Dq Li NO 4215to disable 4216very early caching entropy 4217through reboots. 4218Otherwise set to the filename 4219used to read 4220very early reboot cached entropy. 4221This file should be located where 4222.Xr loader 8 4223can read it. 4224See also 4225.Xr loader.conf 5 . 4226The default location is 4227.Pa /boot/entropy . 4228.It Va entropy_save_sz 4229.Pq Vt int 4230Size of the entropy cache files saved by 4231.Nm save-entropy 4232periodically. 4233.It Va entropy_save_num 4234.Pq Vt int 4235Number of entropy cache files to save by 4236.Nm save-entropy 4237periodically. 4238.It Va ipsec_enable 4239.Pq Vt bool 4240Set to 4241.Dq Li YES 4242to run 4243.Xr setkey 8 4244on 4245.Va ipsec_file 4246at boot time. 4247.It Va ipsec_file 4248.Pq Vt str 4249Configuration file for 4250.Xr setkey 8 . 4251.It Va dmesg_enable 4252.Pq Vt bool 4253Set to 4254.Dq Li YES 4255to save 4256.Xr dmesg 8 4257to 4258.Pa /var/run/dmesg.boot 4259on boot. 4260.It Va rcshutdown_timeout 4261.Pq Vt int 4262If set, start a watchdog timer in the background which will terminate 4263.Pa rc.shutdown 4264if 4265.Xr shutdown 8 4266has not completed within the specified time (in seconds). 4267Notice that in addition to this soft timeout, 4268.Xr init 8 4269also applies a hard timeout for the execution of 4270.Pa rc.shutdown . 4271This is configured via 4272.Xr sysctl 8 4273variable 4274.Va kern.init_shutdown_timeout 4275and defaults to 120 seconds. 4276Setting the value of 4277.Va rcshutdown_timeout 4278to more than 120 seconds will have no effect until the 4279.Xr sysctl 8 4280variable 4281.Va kern.init_shutdown_timeout 4282is also increased. 4283.It Va virecover_enable 4284.Pq Vt bool 4285Set to 4286.Dq Li NO 4287to prevent the system from trying to 4288recover prematurely terminated 4289.Xr vi 1 4290sessions. 4291.It Va ugidfw_enable 4292.Pq Vt bool 4293Set to 4294.Dq Li YES 4295to load the 4296.Xr mac_bsdextended 4 4297module upon system initialization and load a default 4298ruleset file. 4299.It Va bsdextended_script 4300.Pq Vt str 4301The default 4302.Xr mac_bsdextended 4 4303ruleset file to load. 4304The default value of this variable is 4305.Pa /etc/rc.bsdextended . 4306.It Va newsyslog_enable 4307.Pq Vt bool 4308If set to 4309.Dq Li YES , 4310run 4311.Xr newsyslog 8 4312command at startup. 4313.It Va newsyslog_flags 4314.Pq Vt str 4315If 4316.Va newsyslog_enable 4317is set to 4318.Dq Li YES , 4319these are the flags to pass to the 4320.Xr newsyslog 8 4321program. 4322The default is 4323.Dq Li -CN , 4324which causes log files flagged with a 4325.Cm C 4326to be created. 4327.It Va mdconfig_md Ns Aq Ar X 4328.Pq Vt str 4329Arguments to 4330.Xr mdconfig 8 4331for 4332.Xr md 4 4333device 4334.Ar X . 4335At minimum a 4336.Fl t Ar type 4337must be specified and either a 4338.Fl s Ar size 4339for malloc or swap backed 4340.Xr md 4 4341devices or a 4342.Fl f Ar file 4343for vnode backed 4344.Xr md 4 4345devices. 4346Note that 4347.Va mdconfig_md Ns Aq Ar X 4348variables are evaluated until one variable is unset or null. 4349.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4350.Pq Vt str 4351Optional arguments passed to 4352.Xr newfs 8 4353to initialize 4354.Xr md 4 4355device 4356.Ar X . 4357.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4358.Pq Vt str 4359An ownership specification passed to 4360.Xr chown 8 4361after the specified 4362.Xr md 4 4363device 4364.Ar X 4365has been mounted. 4366Both the 4367.Xr md 4 4368device and the mount point will be changed. 4369.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4370.Pq Vt str 4371A mode string passed to 4372.Xr chmod 1 4373after the specified 4374.Xr md 4 4375device 4376.Ar X 4377has been mounted. 4378Both the 4379.Xr md 4 4380device and the mount point will be changed. 4381.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4382.Pq Vt str 4383Files to be copied to the mount point of the 4384.Xr md 4 4385device 4386.Ar X 4387after it has been mounted. 4388.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4389.Pq Vt str 4390Command to execute after the specified 4391.Xr md 4 4392device 4393.Ar X 4394has been mounted. 4395Note that the command is passed to 4396.Ic eval 4397and that both 4398.Va _dev 4399and 4400.Va _mp 4401variables can be used to reference respectively the 4402.Xr md 4 4403device and the mount point. 4404Assuming that the 4405.Xr md 4 4406device is 4407.Li md0 , 4408one could set the following: 4409.Bd -literal 4410mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4411.Ed 4412.It Va autobridge_interfaces 4413.Pq Vt str 4414Set to the list of bridge interfaces that will have newly arriving interfaces 4415checked against to be automatically added. 4416If not set to 4417.Dq Li NO 4418then for each whitespace separated 4419.Ar element 4420in the value, a 4421.Va autobridge_ Ns Aq Ar element 4422variable is assumed to exist which has a whitespace separated list of interface 4423names to match, these names can use wildcards. 4424For example: 4425.Bd -literal 4426autobridge_interfaces="bridge0" 4427autobridge_bridge0="tap* dc0 vlan[345]" 4428.Ed 4429.It Va mixer_enable 4430.Pq Vt bool 4431If set to 4432.Dq Li YES , 4433enable support for sound mixer. 4434.It Va hcsecd_enable 4435.Pq Vt bool 4436If set to 4437.Dq Li YES , 4438enable Bluetooth security daemon. 4439.It Va hcsecd_config 4440.Pq Vt str 4441Configuration file for 4442.Xr hcsecd 8 . 4443Default 4444.Pa /etc/bluetooth/hcsecd.conf . 4445.It Va sdpd_enable 4446.Pq Vt bool 4447If set to 4448.Dq Li YES , 4449enable Bluetooth Service Discovery Protocol daemon. 4450.It Va sdpd_control 4451.Pq Vt str 4452Path to 4453.Xr sdpd 8 4454control socket. 4455Default 4456.Pa /var/run/sdp . 4457.It Va sdpd_groupname 4458.Pq Vt str 4459Sets 4460.Xr sdpd 8 4461group to run as after it initializes. 4462Default 4463.Dq Li nobody . 4464.It Va sdpd_username 4465.Pq Vt str 4466Sets 4467.Xr sdpd 8 4468user to run as after it initializes. 4469Default 4470.Dq Li nobody . 4471.It Va bthidd_enable 4472.Pq Vt bool 4473If set to 4474.Dq Li YES , 4475enable Bluetooth Human Interface Device daemon. 4476.It Va bthidd_config 4477.Pq Vt str 4478Configuration file for 4479.Xr bthidd 8 . 4480Default 4481.Pa /etc/bluetooth/bthidd.conf . 4482.It Va bthidd_hids 4483.Pq Vt str 4484Path to a file, where 4485.Xr bthidd 8 4486will store information about known HID devices. 4487Default 4488.Pa /var/db/bthidd.hids . 4489.It Va rfcomm_pppd_server_enable 4490.Pq Vt bool 4491If set to 4492.Dq Li YES , 4493enable Bluetooth RFCOMM PPP wrapper daemon. 4494.It Va rfcomm_pppd_server_profile 4495.Pq Vt str 4496The name of the profile to use from 4497.Pa /etc/ppp/ppp.conf . 4498Multiple profiles can be specified here. 4499Also used to specify per-profile overrides. 4500When the profile name contains any of the characters 4501.Dq Li .-/+ 4502they are translated to 4503.Dq Li _ 4504for the proposes of the override variable names. 4505.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4506.Pq Vt str 4507Overrides local address to listen on. 4508By default 4509.Xr rfcomm_pppd 8 4510will listen on 4511.Dq Li ANY 4512address. 4513The address can be specified as BD_ADDR or name. 4514.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4515.Pq Vt str 4516Overrides local RFCOMM channel to listen on. 4517By default 4518.Xr rfcomm_pppd 8 4519will listen on RFCOMM channel 1. 4520Must set properly if multiple profiles used in the same time. 4521.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4522.Pq Vt bool 4523Tells 4524.Xr rfcomm_pppd 8 4525if it should register Serial Port service on the specified RFCOMM channel. 4526Default 4527.Dq Li NO . 4528.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4529.Pq Vt bool 4530Tells 4531.Xr rfcomm_pppd 8 4532if it should register Dial-Up Networking service on the specified 4533RFCOMM channel. 4534Default 4535.Dq Li NO . 4536.It Va ubthidhci_enable 4537.Pq Vt bool 4538If set to 4539.Dq Li YES , 4540change the USB Bluetooth controller from HID mode to HCI mode. 4541You also need to specify the location of USB Bluetooth controller with the 4542.Va ubthidhci_busnum 4543and 4544.Va ubthidhci_addr 4545variables. 4546.It Va ubthidhci_busnum 4547Bus number where the USB Bluetooth controller is located. 4548Check the output of 4549.Xr usbconfig 8 4550on your system to find this information. 4551.It Va ubthidhci_addr 4552Bus address of the USB Bluetooth controller. 4553Check the output of 4554.Xr usbconfig 8 4555on your system to find this information. 4556.It Va utx_enable 4557.Pq Vt bool 4558Set to 4559.Dq Li YES 4560to enable user accounting through the 4561.Xr utx 8 4562facility. 4563.It Va netwait_enable 4564.Pq Vt bool 4565If set to 4566.Dq Li YES , 4567delays the start of network-reliant services until 4568.Va netwait_if 4569is up and ICMP packets to a destination defined in 4570.Va netwait_ip 4571are flowing. 4572Link state is examined first, followed by 4573.Dq Li pinging 4574an IP address to verify network usability. 4575If no destination can be reached or timeouts are exceeded, 4576network services are started anyway with no guarantee that 4577the network is usable. 4578Use of this variable requires both 4579.Va netwait_ip 4580and 4581.Va netwait_if 4582to be set. 4583.It Va netwait_ip 4584.Pq Vt str 4585Empty by default. 4586This variable contains a space-delimited list of IP addresses to 4587.Xr ping 8 . 4588DNS hostnames should not be used as resolution is not guaranteed 4589to be functional at this point. 4590If multiple IP addresses are specified, 4591each will be tried until one is successful or the list is exhausted. 4592.It Va netwait_timeout 4593.Pq Vt int 4594Indicates the total number of seconds to perform a 4595.Dq Li ping 4596against each IP address in 4597.Va netwait_ip , 4598at a rate of one ping per second. 4599If any of the pings are successful, 4600full network connectivity is considered reliable. 4601The default is 60. 4602.It Va netwait_if 4603.Pq Vt str 4604Empty by default. 4605Defines the name of the network interface on which watch for link. 4606.Xr ifconfig 8 4607is used to monitor the interface, looking for 4608.Dq Li status: no carrier . 4609Once gone, the link is considered up. 4610This can be a 4611.Xr vlan 4 4612interface if desired. 4613.It Va netwait_if_timeout 4614.Pq Vt int 4615Defines the total number of seconds to wait for link to become usable, 4616polled at a 1-second interval. 4617The default is 30. 4618.It Va rctl_enable 4619.Pq Vt bool 4620If set to 4621.Dq Li YES , 4622load 4623.Xr rctl 8 4624rules from the defined ruleset. 4625The kernel must be built with 4626.Cd "options RACCT" 4627and 4628.Cd "options RCTL" . 4629.It Va rctl_rules 4630.Pq Vt str 4631Set to 4632.Pa /etc/rctl.conf 4633by default. 4634This variables contains the 4635.Xr rctl.conf 5 4636ruleset to load for 4637.Xr rctl 8 . 4638.It Va iovctl_files 4639.Pq Vt str 4640A space-separated list of configuration files used by 4641.Xr iovctl 8 . 4642The default value is an empty string. 4643.It Va autofs_enable 4644.Pq Vt bool 4645If set to 4646.Dq Li YES , 4647start the 4648.Xr automount 8 4649utility and the 4650.Xr automountd 8 4651and 4652.Xr autounmountd 8 4653daemons at boot time. 4654.It Va automount_flags 4655.Pq Vt str 4656If 4657.Va autofs_enable 4658is set to 4659.Dq Li YES , 4660these are the flags to pass to the 4661.Xr automount 8 4662program. 4663By default no flags are passed. 4664.It Va automountd_flags 4665.Pq Vt str 4666If 4667.Va autofs_enable 4668is set to 4669.Dq Li YES , 4670these are the flags to pass to the 4671.Xr automountd 8 4672daemon. 4673By default no flags are passed. 4674.It Va autounmountd_flags 4675.Pq Vt str 4676If 4677.Va autofs_enable 4678is set to 4679.Dq Li YES , 4680these are the flags to pass to the 4681.Xr autounmountd 8 4682daemon. 4683By default no flags are passed. 4684.It Va ctld_enable 4685.Pq Vt bool 4686If set to 4687.Dq Li YES , 4688start the 4689.Xr ctld 8 4690daemon at boot time. 4691.It Va iscsid_enable 4692.Pq Vt bool 4693If set to 4694.Dq Li YES , 4695start the 4696.Xr iscsid 8 4697daemon at boot time. 4698.It Va iscsictl_enable 4699.Pq Vt bool 4700If set to 4701.Dq Li YES , 4702start the 4703.Xr iscsictl 8 4704utility at boot time. 4705.It Va iscsictl_flags 4706.Pq Vt str 4707If 4708.Va iscsictl_enable 4709is set to 4710.Dq Li YES , 4711these are the flags to pass to the 4712.Xr iscsictl 8 4713program. 4714The default is 4715.Dq Li -Aa , 4716which configures sessions based on the 4717.Pa /etc/iscsi.conf 4718configuration file. 4719.It Va cfumass_enable 4720.Pq Vt bool 4721If set to 4722.Dq Li YES , 4723create and export an USB LUN using 4724.Xr cfumass 4 4725at boot time. 4726.It Va cfumass_dir 4727.Pq Vt str 4728The directory where the files exported by USB LUN are located. 4729The default directory is 4730.Pa /var/cfumass . 4731.It Va service_delete_empty 4732.Pq Vt bool 4733If set to 4734.Dq Li YES , 4735.Ql Li service delete 4736removes empty 4737.Dq Li rc.conf.d 4738files. 4739.It Va zfs_bootonce_activate 4740.Pq Vt bool 4741If set to 4742.Dq Li YES , 4743and a boot environment marked bootonce is successfully booted, 4744it will be made permanently active. 4745.It Va zfskeys_enable 4746.Pq Vt bool 4747If set to 4748.Dq Li YES , 4749enable auto-loading of encryption keys for encrypted ZFS datasets. 4750For every dataset the script will first load the appropriate encryption key 4751and then attempt to unlock the dataset. 4752.Pp 4753The script operates only on datasets which are encrypted with 4754ZFS native encryption 4755and have a ZFS 4756.Dq Li keylocation 4757dataset property beginning with 4758.Dq Li file:// . 4759.It Va zfskeys_datasets 4760.Pq Vt str 4761A whitespace-separated list of ZFS datasets to unlock. 4762The list is empty by default, 4763which means that the script will attempt to unlock all datasets. 4764.It Va zfskeys_timeout 4765.Pq Vt int 4766Define the total number of seconds to wait for the zfskeys script 4767to unlock an encrypted dataset. 4768The default is 10. 4769.It Va sendmail_enable 4770.Pq Vt str 4771If set to 4772.Dq Li YES , 4773run the 4774.Xr sendmail 8 4775daemon at system boot time. 4776If set to 4777.Dq Li NO , 4778do not run a 4779.Xr sendmail 8 4780daemon to listen for incoming network mail. 4781This does not preclude a 4782.Xr sendmail 8 4783daemon listening on the SMTP port of the loopback interface. 4784The 4785.Dq Li NONE 4786option sets each 4787.Va sendmail_enable , 4788.Va sendmail_submit_enable , 4789.Va sendmail_outbound_enable , 4790.Va sendmail_msp_queue_enable 4791to 4792.Dq Li NO . 4793.It Va sendmail_cert_create 4794.Pq Vt str 4795If 4796.Va sendmail_enable 4797is set to 4798.Dq Li YES , 4799create a signed certificate 4800.Pa /etc/mail/certs/host.cert 4801representing 4802.Pa /etc/mail/certs/host.key 4803by the CA certificate in 4804.Pa /etc/mail/certs/cacert.pem . 4805This will enable connecting hosts to negotiate STARTTLS allowing incoming 4806email to be encrypted in transit. 4807.Xr sendmail 8 4808needs to be configured to use these generated files. 4809The default configuration in 4810.Pa /etc/mail/freebsd.mc 4811has the required options in it. 4812.It Va sendmail_cert_cn 4813.Pq Vt str 4814If 4815.Va sendmail_enable 4816is set to 4817.Dq Li YES 4818and 4819.Va sendmail_cert_create 4820is set to 4821.Dq Li YES , 4822this is the Common Name (CN) of the certificate that will be created. 4823If 4824.Va sendmail_cert_cn 4825is not set, the system's hostname will be used. 4826If there is no hostname set, 4827.Dq Li amnesiac 4828will be used. 4829.It Va sendmail_flags 4830.Pq Vt str 4831If 4832.Va sendmail_enable 4833is set to 4834.Dq Li YES , 4835these are the flags to pass to the 4836.Xr sendmail 8 4837daemon. 4838.It Va sendmail_submit_enable 4839.Pq Vt bool 4840If set to 4841.Dq Li YES 4842and 4843.Va sendmail_enable 4844is set to 4845.Dq Li NO , 4846run 4847.Xr sendmail 8 4848using 4849.Va sendmail_submit_flags 4850instead of 4851.Va sendmail_flags . 4852This is intended to allow local mail submission via 4853a localhost-only listening SMTP service required for running 4854.Xr sendmail 8 4855as a non-set-user-ID binary. 4856Note that this does not work inside 4857.Xr jail 2 4858systems, as jails do not allow binding to just the localhost interface. 4859.It Va sendmail_submit_flags 4860.Pq Vt str 4861If 4862.Va sendmail_enable 4863is set to 4864.Dq Li NO 4865and 4866.Va sendmail_submit_enable 4867is set to 4868.Dq Li YES , 4869these are the flags to pass to the 4870.Xr sendmail 8 4871daemon. 4872.It Va sendmail_outbound_enable 4873.Pq Vt bool 4874If set to 4875.Dq Li YES 4876and both 4877.Va sendmail_enable 4878and 4879.Va sendmail_submit_enable 4880are set to 4881.Dq Li NO , 4882run 4883.Xr sendmail 8 4884using 4885.Va sendmail_outbound_flags 4886instead of 4887.Va sendmail_flags . 4888This is intended to allow local mail queue management 4889for systems that do not offer a listening SMTP service. 4890.It Va sendmail_outbound_flags 4891.Pq Vt str 4892If both 4893.Va sendmail_enable 4894and 4895.Va sendmail_submit_enable 4896are set to 4897.Dq Li NO 4898and 4899.Va sendmail_outbound_enable 4900is set to 4901.Dq Li YES , 4902these are the flags to pass to the 4903.Xr sendmail 8 4904daemon. 4905.It Va sendmail_msp_queue_enable 4906.Pq Vt bool 4907If set to 4908.Dq Li YES , 4909start a client (MSP) queue runner 4910.Xr sendmail 8 4911daemon at system boot time. 4912As of sendmail 8.12, a separate queue is used for command line 4913submissions. 4914The client queue runner ensures that nothing is 4915left behind in the submission queue. 4916.It Va sendmail_msp_queue_flags 4917.Pq Vt str 4918If 4919.Va sendmail_msp_queue_enable 4920is set to 4921daemon. 4922.Dq Li YES , 4923these are the flags to pass to the 4924.Xr sendmail 8 4925.El 4926.Sh FILES 4927.Bl -tag -width "/etc/defaults/rc.conf" -compact 4928.It Pa /etc/defaults/rc.conf 4929.It Pa /etc/defaults/vendor.conf 4930.It Pa /etc/rc.conf 4931.It Pa /etc/rc.conf.local 4932.It Pa /etc/rc.conf.d/ 4933.El 4934.Sh SEE ALSO 4935.Xr chmod 1 , 4936.Xr cpuset 1 , 4937.Xr gdb 1 Pq Pa ports/devel/gdb , 4938.Xr kbdcontrol 1 , 4939.Xr limits 1 , 4940.Xr protect 1 , 4941.Xr sh 1 , 4942.Xr umask 1 , 4943.Xr uuidgen 1 , 4944.Xr vi 1 , 4945.Xr vidcontrol 1 , 4946.Xr bridge 4 , 4947.Xr dummynet 4 , 4948.Xr ip 4 , 4949.Xr ipf 4 , 4950.Xr ipfw 4 , 4951.Xr ipnat 4 , 4952.Xr kld 4 , 4953.Xr pf 4 , 4954.Xr pflog 4 , 4955.Xr pfsync 4 , 4956.Xr tcp 4 , 4957.Xr udp 4 , 4958.Xr exports 5 , 4959.Xr fstab 5 , 4960.Xr ipf 5 , 4961.Xr ipnat 5 , 4962.Xr jail.conf 5 , 4963.Xr loader.conf 5 , 4964.Xr login.conf 5 , 4965.Xr motd 5 , 4966.Xr newsyslog.conf 5 , 4967.Xr pf.conf 5 , 4968.Xr firewall 7 , 4969.Xr growfs 7 , 4970.Xr security 7 , 4971.Xr tuning 7 , 4972.Xr accton 8 , 4973.Xr apm 8 , 4974.Xr bsdinstall 8 , 4975.Xr bthidd 8 , 4976.Xr chkprintcap 8 , 4977.Xr chown 8 , 4978.Xr cron 8 , 4979.Xr devfs 8 , 4980.Xr dhclient 8 , 4981.Xr ftpd 8 , 4982.Xr geli 8 , 4983.Xr hcsecd 8 , 4984.Xr ifconfig 8 , 4985.Xr inetd 8 , 4986.Xr iovctl 8 , 4987.Xr ipf 8 , 4988.Xr ipfw 8 , 4989.Xr ipnat 8 , 4990.Xr jail 8 , 4991.Xr kldxref 8 , 4992.Xr loader 8 , 4993.Xr lpd 8 , 4994.Xr makewhatis 8 , 4995.Xr mdconfig 8 , 4996.Xr mdmfs 8 , 4997.Xr mixer 8 , 4998.Xr mountd 8 , 4999.Xr moused 8 , 5000.Xr newfs 8 , 5001.Xr newsyslog 8 , 5002.Xr nfsd 8 , 5003.Xr ntpd 8 , 5004.Xr ntpdate 8 , 5005.Xr pfctl 8 , 5006.Xr pflogd 8 , 5007.Xr ping 8 , 5008.Xr powerd 8 , 5009.Xr quotacheck 8 , 5010.Xr quotaon 8 , 5011.Xr rc 8 , 5012.Xr rc.subr 8 , 5013.Xr rcorder 8 , 5014.Xr rfcomm_pppd 8 , 5015.Xr route 8 , 5016.Xr route6d 8 , 5017.Xr routed 8 , 5018.Xr rpc.lockd 8 , 5019.Xr rpc.statd 8 , 5020.Xr rpc.tlsclntd 8 , 5021.Xr rpc.tlsservd 8 , 5022.Xr rpcbind 8 , 5023.Xr rwhod 8 , 5024.Xr savecore 8 , 5025.Xr sdpd 8 , 5026.Xr sendmail 8 , 5027.Xr service 8 , 5028.Xr sshd 8 , 5029.Xr swapon 8 , 5030.Xr sysctl 8 , 5031.Xr syslogd 8 , 5032.Xr sysrc 8 , 5033.Xr unbound 8 , 5034.Xr usbconfig 8 , 5035.Xr utx 8 , 5036.Xr wlandebug 8 , 5037.Xr yp 8 , 5038.Xr ypbind 8 , 5039.Xr ypserv 8 , 5040.Xr ypset 8 5041.Sh HISTORY 5042The 5043.Nm 5044file appeared in 5045.Fx 2.2.2 . 5046.Sh AUTHORS 5047.An Jordan K. Hubbard . 5048