1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd December 25, 2013 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66In addition to 67.Pa /etc/rc.conf.local 68you can also place smaller configuration files for each 69.Xr rc 8 70script in the 71.Pa /etc/rc.conf.d 72directory, which will be included by the 73.Va load_rc_config 74function. 75For jail configurations you could use the file 76.Pa /etc/rc.conf.d/jail 77to store jail specific configuration options. 78Also see the 79.Va rc_conf_files 80variable below. 81.Pp 82Options are set with 83.Dq Ar name Ns Li = Ns Ar value 84assignments that use 85.Xr sh 1 86syntax. 87The following list provides a name and short description for each 88variable that can be set in the 89.Nm 90file: 91.Bl -tag -width indent-two 92.It Va rc_debug 93.Pq Vt bool 94If set to 95.Dq Li YES , 96enable output of debug messages from rc scripts. 97This variable can be helpful in diagnosing mistakes when 98editing or integrating new scripts. 99Beware that this produces copious output to the terminal and 100.Xr syslog 3 . 101.It Va rc_info 102.Pq Vt bool 103If set to 104.Dq Li NO , 105disable informational messages from the rc scripts. 106Informational messages are displayed when 107a condition that is not serious enough to warrant a warning or 108an error occurs. 109.It Va rc_startmsgs 110.Pq Vt bool 111If set to 112.Dq Li YES , 113show 114.Dq Starting foo: 115when faststart is used (e.g., at boot time). 116.It Va early_late_divider 117.Pq Vt str 118The name of the script that should be used as the 119delimiter between the 120.Dq early 121and 122.Dq late 123stages of the boot process. 124The early stage should contain all the services needed to 125get the disks (local or remote) mounted so that the late 126stage can include scripts contained in the directories 127listed in the 128.Va local_startup 129variable (see below). 130Thus, the two likely candidates for this value are 131.Pa mountcritlocal 132for the typical system, and 133.Pa mountcritremote 134if the system needs remote file 135systems mounted to get access to the 136.Va local_startup 137directories; for example when 138.Pa /usr/local 139is NFS mounted. 140For 141.Pa rc.conf 142within a 143.Xr jail 8 144.Pa NETWORKING 145is likely to be an appropriate value. 146Extreme care should be taken when changing this value, 147and before changing it one should ensure that there are 148adequate provisions to recover from a failed boot 149(such as physical contact with the machine, 150or reliable remote console access). 151.It Va always_force_depends 152.Pq Vt bool 153Various 154.Pa rc.d 155scripts use the force_depend function to check whether required 156services are already running, and to start them if necessary. 157By default during boot time this check is bypassed if the 158required service is enabled in 159.Pa /etc/rc.conf[.local] . 160Setting this option will bypass that check at boot time and 161always test whether or not the service is actually running. 162Enabling this option is likely to increase your boot time if 163services are enabled that utilize the force_depend check. 164.It Ao Ar name Ac Ns Va _chroot 165.Pq Vt str 166.Xr chroot 167to this directory before running the service. 168.It Ao Ar name Ac Ns Va _user 169.Pq Vt str 170Run the service under this user account. 171.It Ao Ar name Ac Ns Va _group 172.Pq Vt str 173Run the chrooted service under this system group. Unlike the _user 174setting, this setting has no effect if the service is not chrooted. 175.It Ao Ar name Ac Ns Va _fib 176.Pq Vt int 177The 178.Xr setfib 1 179value to run the service under. 180.It Ao Ar name Ac Ns Va _nice 181.Pq Vt int 182The 183.Xr nice 1 184value to run the service under. 185.It Va apm_enable 186.Pq Vt bool 187If set to 188.Dq Li YES , 189enable support for Automatic Power Management with 190the 191.Xr apm 8 192command. 193.It Va apmd_enable 194.Pq Vt bool 195Run 196.Xr apmd 8 197to handle APM event from userland. 198This also enables support for APM. 199.It Va apmd_flags 200.Pq Vt str 201If 202.Va apmd_enable 203is set to 204.Dq Li YES , 205these are the flags to pass to the 206.Xr apmd 8 207daemon. 208.It Va devd_enable 209.Pq Vt bool 210Run 211.Xr devd 8 212to handle device added, removed or unknown events from the kernel. 213.It Va ddb_enable 214.Pq Vt bool 215Run 216.Xr ddb 8 217to install 218.Xr ddb 4 219scripts at boot time. 220.It Va ddb_config 221.Pq Vt str 222Configuration file for 223.Xr ddb 8 . 224Default 225.Pa /etc/ddb.conf . 226.It Va kld_list 227.Pq Vt str 228A list of kernel modules to load right after the local 229disks are mounted. 230Loading modules at this point in the boot process is 231much faster than doing it via 232.Pa /boot/loader.conf 233for those modules not necessary for mounting local disk. 234.It Va kldxref_enable 235.Pq Vt bool 236Set to 237.Dq Li NO 238by default. 239Set to 240.Dq Li YES 241to automatically rebuild 242.Pa linker.hints 243files with 244.Xr kldxref 8 245at boot time. 246.It Va kldxref_clobber 247.Pq Vt bool 248Set to 249.Dq Li NO 250by default. 251If 252.Va kldxref_enable 253is true, 254setting to 255.Dq Li YES 256will overwrite existing 257.Pa linker.hints 258files at boot time. 259Otherwise, 260only missing 261.Pa linker.hints 262files are generated. 263.It Va kldxref_module_path 264.Pq Vt str 265Empty by default. 266A semi-colon 267.Pq Ql \&; 268delimited list of paths containing 269.Xr kld 4 270modules. 271If empty, 272the contents of the 273.Va kern.module_path 274.Xr sysctl 8 275are used. 276.It Va powerd_enable 277.Pq Vt bool 278If set to 279.Dq Li YES , 280enable the system power control facility with the 281.Xr powerd 8 282daemon. 283.It Va powerd_flags 284.Pq Vt str 285If 286.Va powerd_enable 287is set to 288.Dq Li YES , 289these are the flags to pass to the 290.Xr powerd 8 291daemon. 292.It Va tmpmfs 293Controls the creation of a 294.Pa /tmp 295memory file system. 296Always happens if set to 297.Dq Li YES 298and never happens if set to 299.Dq Li NO . 300If set to anything else, a memory file system is created if 301.Pa /tmp 302is not writable. 303.It Va tmpsize 304Controls the size of a created 305.Pa /tmp 306memory file system. 307.It Va tmpmfs_flags 308Extra options passed to the 309.Xr mdmfs 8 310utility when the memory file system for 311.Pa /tmp 312is created. 313The default is 314.Dq Li "-S" , 315which inhibits the use of softupdates on 316.Pa /tmp 317so that file system space is freed without delay 318after file truncation or deletion. 319See 320.Xr mdmfs 8 321for other options you can use in 322.Va tmpmfs_flags . 323.It Va varmfs 324Controls the creation of a 325.Pa /var 326memory file system. 327Always happens if set to 328.Dq Li YES 329and never happens if set to 330.Dq Li NO . 331If set to anything else, a memory file system is created if 332.Pa /var 333is not writable. 334.It Va varsize 335Controls the size of a created 336.Pa /var 337memory file system. 338.It Va varmfs_flags 339Extra options passed to the 340.Xr mdmfs 8 341utility when the memory file system for 342.Pa /var 343is created. 344The default is 345.Dq Li "-S" , 346which inhibits the use of softupdates on 347.Pa /var 348so that file system space is freed without delay 349after file truncation or deletion. 350See 351.Xr mdmfs 8 352for other options you can use in 353.Va varmfs_flags . 354.It Va populate_var 355Controls the automatic population of the 356.Pa /var 357file system. 358Always happens if set to 359.Dq Li YES 360and never happens if set to 361.Dq Li NO . 362If set to anything else, a memory file system is created if 363.Pa /var 364is not writable. 365Note that this process requires access to certain commands in 366.Pa /usr 367before 368.Pa /usr 369is mounted on normal systems. 370.It Va cleanvar_enable 371.Pq Vt bool 372Clean the 373.Pa /var 374directory. 375.It Va local_startup 376.Pq Vt str 377List of directories to search for startup script files. 378.It Va script_name_sep 379.Pq Vt str 380The field separator to use for breaking down the list of startup script files 381into individual filenames. 382The default is a space. 383It is not necessary to change this unless there are startup scripts with names 384containing spaces. 385.It Va hostapd_enable 386.Pq Vt bool 387Set to 388.Dq Li YES 389to start 390.Xr hostapd 8 391at system boot time. 392.It Va hostname 393.Pq Vt str 394The fully qualified domain name (FQDN) of this host on the network. 395This should almost certainly be set to something meaningful, even if 396there is no network connection. 397If 398.Xr dhclient 8 399is used to set the hostname via DHCP, 400this variable should be set to an empty string. 401If this value remains unset when the system is done booting 402your console login will display the default hostname of 403.Dq Amnesiac . 404.It Va nisdomainname 405.Pq Vt str 406The NIS domain name of this host, or 407.Dq Li NO 408if NIS is not used. 409.It Va dhclient_program 410.Pq Vt str 411Path to the DHCP client program 412.Pa ( /sbin/dhclient , 413the 414.Ox 415DHCP client, 416is the default). 417.It Va dhclient_flags 418.Pq Vt str 419Additional flags to pass to the DHCP client program. 420For the 421.Ox 422DHCP client, see the 423.Xr dhclient 8 424manpage for a description of the command line options available. 425.It Va dhclient_flags_ Ns Aq Ar iface 426Additional flags to pass to the DHCP client program running on 427.Ar iface 428only. 429When specified, this variable overrides 430.Va dhclient_flags . 431.It Va background_dhclient 432.Pq Vt bool 433Set to 434.Dq Li YES 435to start the DHCP client in background. 436This can cause trouble with applications depending on 437a working network, but it will provide a faster startup 438in many cases. 439.It Va background_dhclient_ Ns Aq Ar iface 440When specified, this variable overrides the 441.Va background_dhclient 442variable for interface 443.Ar iface 444only. 445.It Va synchronous_dhclient 446.Pq Vt bool 447Set to 448.Dq Li YES 449to start 450.Xr dhclient 8 451synchronously at startup. 452This behavior can be overridden on a per-interface basis by replacing 453the 454.Dq Li DHCP 455keyword in the 456.Va ifconfig_ Ns Aq Ar interface 457variable with 458.Dq Li SYNCDHCP 459or 460.Dq Li NOSYNCDHCP . 461.It Va defaultroute_delay 462.Pq Vt int 463When set to a positive value, wait up to this long after configuring 464DHCP interfaces at startup to give the interfaces time to receive a lease. 465.It Va firewall_enable 466.Pq Vt bool 467Set to 468.Dq Li YES 469to load firewall rules at startup. 470If the kernel was not built with 471.Cd "options IPFIREWALL" , 472the 473.Pa ipfw.ko 474kernel module will be loaded. 475See also 476.Va ipfilter_enable . 477.It Va firewall_script 478.Pq Vt str 479This variable specifies the full path to the firewall script to run. 480The default is 481.Pa /etc/rc.firewall . 482.It Va firewall_type 483.Pq Vt str 484Names the firewall type from the selection in 485.Pa /etc/rc.firewall , 486or the file which contains the local firewall ruleset. 487Valid selections from 488.Pa /etc/rc.firewall 489are: 490.Pp 491.Bl -tag -width ".Li simple" -compact 492.It Li open 493unrestricted IP access 494.It Li closed 495all IP services disabled, except via 496.Dq Li lo0 497.It Li client 498basic protection for a workstation 499.It Li simple 500basic protection for a LAN. 501.El 502.Pp 503If a filename is specified, the full path 504must be given. 505.It Va firewall_quiet 506.Pq Vt bool 507Set to 508.Dq Li YES 509to disable the display of firewall rules on the console during boot. 510.It Va firewall_logging 511.Pq Vt bool 512Set to 513.Dq Li YES 514to enable firewall event logging. 515This is equivalent to the 516.Dv IPFIREWALL_VERBOSE 517kernel option. 518.It Va firewall_logif 519.Pq Vt bool 520Set to 521.Dq Li YES 522to create pseudo interface 523.Li ipfw0 524for logging. 525For more details, see 526.Xr ipfw 8 527manual page. 528.It Va firewall_flags 529.Pq Vt str 530Flags passed to 531.Xr ipfw 8 532if 533.Va firewall_type 534specifies a filename. 535.It Va firewall_coscripts 536.Pq Vt str 537List of executables and/or rc scripts to run after firewall starts/stops. 538Default is empty. 539.\" ----- firewall_nat_enable setting -------------------------------- 540.It Va firewall_nat_enable 541.Pq Vt bool 542The 543.Xr ipfw 8 544equivalent of 545.Va natd_enable . 546Setting this to 547.Dq Li YES 548enables kernel NAT. 549.Va firewall_enable 550must also be set to 551.Dq Li YES . 552.It Va firewall_nat_interface 553.Pq Vt str 554The 555.Xr ipfw 8 556equivalent of 557.Va natd_interface . 558This is the name of the public interface or IP address on which 559kernel NAT should run. 560.It Va firewall_nat_flags 561.Pq Vt str 562Additional configuration parameters for kernel NAT should be placed here. 563.It Va dummynet_enable 564.Pq Vt bool 565Setting this to 566.Dq Li YES 567will automatically load the 568.Xr dummynet 4 569module if 570.Va firewall_enable 571is also set to 572.Dq Li YES . 573.\" ------------------------------------------------------------------- 574.It Va natd_program 575.Pq Vt str 576Path to 577.Xr natd 8 . 578.It Va natd_enable 579.Pq Vt bool 580Set to 581.Dq Li YES 582to enable 583.Xr natd 8 . 584.Va firewall_enable 585must also be set to 586.Dq Li YES , 587and 588.Xr divert 4 589sockets must be enabled in the kernel. 590If the kernel was not built with 591.Cd "options IPDIVERT" , 592the 593.Pa ipdivert.ko 594kernel module will be loaded. 595.It Va natd_interface 596.Pq Vt str 597This is the name of the public interface on which 598.Xr natd 8 599should run. 600The interface may be given as an interface name or as an IP address. 601.It Va natd_flags 602.Pq Vt str 603Additional 604.Xr natd 8 605flags should be placed here. 606The 607.Fl n 608or 609.Fl a 610flag is automatically added with the above 611.Va natd_interface 612as an argument. 613.\" ----- ipfilter_enable setting -------------------------------- 614.It Va ipfilter_enable 615.Pq Vt bool 616Set to 617.Dq Li NO 618by default. 619Setting this to 620.Dq Li YES 621enables 622.Xr ipf 8 623packet filtering. 624.Pp 625Typical usage will require putting 626.Bd -literal 627ipfilter_enable="YES" 628ipnat_enable="YES" 629ipmon_enable="YES" 630ipfs_enable="YES" 631.Ed 632.Pp 633into 634.Pa /etc/rc.conf 635and editing 636.Pa /etc/ipf.rules 637and 638.Pa /etc/ipnat.rules 639appropriately. 640.Pp 641Note that 642.Va ipfilter_enable 643and 644.Va ipnat_enable 645can be enabled independently. 646.Va ipmon_enable 647and 648.Va ipfs_enable 649both require at least one of 650.Va ipfilter_enable 651and 652.Va ipnat_enable 653to be enabled. 654.Pp 655Having 656.Bd -literal 657options IPFILTER 658options IPFILTER_LOG 659options IPFILTER_DEFAULT_BLOCK 660.Ed 661.Pp 662in the kernel configuration file is a good idea, too. 663.\" ----- ipfilter_program setting ------------------------------ 664.It Va ipfilter_program 665.Pq Vt str 666Path to 667.Xr ipf 8 668(default 669.Pa /sbin/ipf ) . 670.\" ----- ipfilter_rules setting -------------------------------- 671.It Va ipfilter_rules 672.Pq Vt str 673Set to 674.Pa /etc/ipf.rules 675by default. 676This variable contains the name of the filter rule definition file. 677The file is expected to be readable for the 678.Xr ipf 8 679command to execute. 680.\" ----- ipv6_ipfilter_rules setting --------------------------- 681.It Va ipv6_ipfilter_rules 682.Pq Vt str 683Set to 684.Pa /etc/ipf6.rules 685by default. 686This variable contains the IPv6 filter rule definition file. 687The file is expected to be readable for the 688.Xr ipf 8 689command to execute. 690.\" ----- ipfilter_flags setting -------------------------------- 691.It Va ipfilter_flags 692.Pq Vt str 693Empty by default. 694This variable contains flags passed to the 695.Xr ipf 8 696program. 697.\" ----- ipnat_enable setting ---------------------------------- 698.It Va ipnat_enable 699.Pq Vt bool 700Set to 701.Dq Li NO 702by default. 703Set it to 704.Dq Li YES 705to enable 706.Xr ipnat 8 707network address translation. 708See 709.Va ipfilter_enable 710for a detailed discussion. 711.\" ----- ipnat_program setting --------------------------------- 712.It Va ipnat_program 713.Pq Vt str 714Path to 715.Xr ipnat 8 716(default 717.Pa /sbin/ipnat ) . 718.\" ----- ipnat_rules setting ----------------------------------- 719.It Va ipnat_rules 720.Pq Vt str 721Set to 722.Pa /etc/ipnat.rules 723by default. 724This variable contains the name of the file 725holding the network address translation definition. 726This file is expected to be readable for the 727.Xr ipnat 8 728command to execute. 729.\" ----- ipnat_flags setting ----------------------------------- 730.It Va ipnat_flags 731.Pq Vt str 732Empty by default. 733This variable contains flags passed to the 734.Xr ipnat 8 735program. 736.\" ----- ipmon_enable setting ---------------------------------- 737.It Va ipmon_enable 738.Pq Vt bool 739Set to 740.Dq Li NO 741by default. 742Set it to 743.Dq Li YES 744to enable 745.Xr ipmon 8 746monitoring (logging 747.Xr ipf 8 748and 749.Xr ipnat 8 750events). 751Setting this variable needs setting 752.Va ipfilter_enable 753or 754.Va ipnat_enable 755too. 756See 757.Va ipfilter_enable 758for a detailed discussion. 759.\" ----- ipmon_program setting --------------------------------- 760.It Va ipmon_program 761.Pq Vt str 762Path to 763.Xr ipmon 8 764(default 765.Pa /sbin/ipmon ) . 766.\" ----- ipmon_flags setting ----------------------------------- 767.It Va ipmon_flags 768.Pq Vt str 769Set to 770.Dq Li -Ds 771by default. 772This variable contains flags passed to the 773.Xr ipmon 8 774program. 775Another typical example would be 776.Dq Fl D Pa /var/log/ipflog 777to have 778.Xr ipmon 8 779log directly to a file bypassing 780.Xr syslogd 8 . 781Make sure to adjust 782.Pa /etc/newsyslog.conf 783in such case like this: 784.Bd -literal 785/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 786.Ed 787.\" ----- ipfs_enable setting ----------------------------------- 788.It Va ipfs_enable 789.Pq Vt bool 790Set to 791.Dq Li NO 792by default. 793Set it to 794.Dq Li YES 795to enable 796.Xr ipfs 8 797saving the filter and NAT state tables during shutdown 798and reloading them during startup again. 799Setting this variable needs setting 800.Va ipfilter_enable 801or 802.Va ipnat_enable 803to 804.Dq Li YES 805too. 806See 807.Va ipfilter_enable 808for a detailed discussion. 809Note that if 810.Va kern_securelevel 811is set to 3, 812.Va ipfs_enable 813cannot be used 814because the raised securelevel will prevent 815.Xr ipfs 8 816from saving the state tables at shutdown time. 817.\" ----- ipfs_program setting ---------------------------------- 818.It Va ipfs_program 819.Pq Vt str 820Path to 821.Xr ipfs 8 822(default 823.Pa /sbin/ipfs ) . 824.\" ----- ipfs_flags setting ------------------------------------ 825.It Va ipfs_flags 826.Pq Vt str 827Empty by default. 828This variable contains flags passed to the 829.Xr ipfs 8 830program. 831.\" ----- end of added ipf hook --------------------------------- 832.It Va pf_enable 833.Pq Vt bool 834Set to 835.Dq Li NO 836by default. 837Setting this to 838.Dq Li YES 839enables 840.Xr pf 4 841packet filtering. 842.Pp 843Typical usage will require putting 844.Pp 845.Dl pf_enable="YES" 846.Pp 847into 848.Pa /etc/rc.conf 849and editing 850.Pa /etc/pf.conf 851appropriately. 852Adding 853.Pp 854.Dl "device pf" 855.Pp 856builds support for 857.Xr pf 4 858into the kernel, otherwise the 859kernel module will be loaded. 860.It Va pf_rules 861.Pq Vt str 862Path to 863.Xr pf 4 864ruleset configuration file 865(default 866.Pa /etc/pf.conf ) . 867.It Va pf_program 868.Pq Vt str 869Path to 870.Xr pfctl 8 871(default 872.Pa /sbin/pfctl ) . 873.It Va pf_flags 874.Pq Vt str 875If 876.Va pf_enable 877is set to 878.Dq Li YES , 879these flags are passed to the 880.Xr pfctl 8 881program when loading the ruleset. 882.It Va pflog_enable 883.Pq Vt bool 884Set to 885.Dq Li NO 886by default. 887Setting this to 888.Dq Li YES 889enables 890.Xr pflogd 8 891which logs packets from the 892.Xr pf 4 893packet filter. 894.It Va pflog_logfile 895.Pq Vt str 896If 897.Va pflog_enable 898is set to 899.Dq Li YES 900this controls where 901.Xr pflogd 8 902stores the logfile 903(default 904.Pa /var/log/pflog ) . 905Check 906.Pa /etc/newsyslog.conf 907to adjust logfile rotation for this. 908.It Va pflog_program 909.Pq Vt str 910Path to 911.Xr pflogd 8 912(default 913.Pa /sbin/pflogd ) . 914.It Va pflog_flags 915.Pq Vt str 916Empty by default. 917This variable contains additional flags passed to the 918.Xr pflogd 8 919program. 920.It Va pflog_instances 921.Pq Vt str 922If logging to more than one 923.Xr pflog 4 924interface is desired, 925.Va pflog_instances 926is set to the list of 927.Xr pflogd 8 928instances that should be started at system boot time. If 929.Va pflog_instances 930is set, for each whitespace-seperated 931.Ar element 932in the list, 933.Ao Ar element Ac Ns Va _dev 934and 935.Ao Ar element Ac Ns Va _logfile 936elements are assumed to exist. 937.Ao Ar element Ac Ns Va _dev 938must contain the 939.Xr pflog 4 940interface to be watched by the named 941.Xr pflogd 8 942instance. 943.Ao Ar element Ac Ns Va _logfile 944must contain the name of the logfile that will be used by the 945.Xr pflogd 8 946instance. 947.It Va ftpproxy_enable 948.Pq Vt bool 949Set to 950.Dq Li NO 951by default. 952Setting this to 953.Dq Li YES 954enables 955.Xr ftp-proxy 8 956which supports the 957.Xr pf 4 958packet filter in translating ftp connections. 959.It Va ftpproxy_flags 960.Pq Vt str 961Empty by default. 962This variable contains additional flags passed to the 963.Xr ftp-proxy 8 964program. 965.It Va ftpproxy_instances 966.Pq Vt str 967Empty by default. If multiple instances of 968.Xr ftp-proxy 8 969are desired at boot time, 970.Va ftpproxy_instances 971should contain a whitespace-seperated list of instance names. For each 972.Ar element 973in the list, a variable named 974.Ao Ar element Ac Ns Va _flags 975should be defined, containing the command-line flags to be passed to the 976.Xr ftp-proxy 8 977instance. 978.It Va pfsync_enable 979.Pq Vt bool 980Set to 981.Dq Li NO 982by default. 983Setting this to 984.Dq Li YES 985enables exposing 986.Xr pf 4 987state changes to other hosts over the network by means of 988.Xr pfsync 4 . 989The 990.Va pfsync_syncdev 991variable 992must also be set then. 993.It Va pfsync_syncdev 994.Pq Vt str 995Empty by default. 996This variable specifies the name of the network interface 997.Xr pfsync 4 998should operate through. 999It must be set accordingly if 1000.Va pfsync_enable 1001is set to 1002.Dq Li YES . 1003.It Va pfsync_syncpeer 1004.Pq Vt str 1005Empty by default. 1006This variable is optional. 1007By default, state change messages are sent out on the synchronisation 1008interface using IP multicast packets. 1009The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1010224.0.0.240. 1011When a peer address is specified using the 1012.Va pfsync_syncpeer 1013option, the peer address is used as a destination for the pfsync 1014traffic, and the traffic can then be protected using 1015.Xr ipsec 4 . 1016See the 1017.Xr pfsync 4 1018manpage for more details about using 1019.Xr ipsec 4 1020with 1021.Xr pfsync 4 1022interfaces. 1023.It Va pfsync_ifconfig 1024.Pq Vt str 1025Empty by default. 1026This variable can contain additional options to be passed to the 1027.Xr ifconfig 8 1028command used to set up 1029.Xr pfsync 4 . 1030.It Va tcp_extensions 1031.Pq Vt bool 1032Set to 1033.Dq Li YES 1034by default. 1035Setting this to 1036.Dq Li NO 1037disables certain TCP options as described by 1038.Rs 1039.%T "RFC 1323" 1040.Re 1041Setting this to 1042.Dq Li NO 1043might help remedy such problems with connections as randomly hanging 1044or other weird behavior. 1045Some network devices are known 1046to be broken with respect to these options. 1047.It Va log_in_vain 1048.Pq Vt int 1049Set to 0 by default. 1050The 1051.Xr sysctl 8 1052variables, 1053.Va net.inet.tcp.log_in_vain 1054and 1055.Va net.inet.udp.log_in_vain , 1056as described in 1057.Xr tcp 4 1058and 1059.Xr udp 4 , 1060are set to the given value. 1061.It Va tcp_keepalive 1062.Pq Vt bool 1063Set to 1064.Dq Li YES 1065by default. 1066Setting to 1067.Dq Li NO 1068will disable probing idle TCP connections to verify that the 1069peer is still up and reachable. 1070.It Va tcp_drop_synfin 1071.Pq Vt bool 1072Set to 1073.Dq Li NO 1074by default. 1075Setting to 1076.Dq Li YES 1077will cause the kernel to ignore TCP frames that have both 1078the SYN and FIN flags set. 1079This prevents OS fingerprinting, but may 1080break some legitimate applications. 1081.It Va icmp_drop_redirect 1082.Pq Vt bool 1083Set to 1084.Dq Li NO 1085by default. 1086Setting to 1087.Dq Li YES 1088will cause the kernel to ignore ICMP REDIRECT packets. 1089Refer to 1090.Xr icmp 4 1091for more information. 1092.It Va icmp_log_redirect 1093.Pq Vt bool 1094Set to 1095.Dq Li NO 1096by default. 1097Setting to 1098.Dq Li YES 1099will cause the kernel to log ICMP REDIRECT packets. 1100Note that 1101the log messages are not rate-limited, so this option should only be used 1102for troubleshooting networks. 1103Refer to 1104.Xr icmp 4 1105for more information. 1106.It Va icmp_bmcastecho 1107.Pq Vt bool 1108Set to 1109.Dq Li YES 1110to respond to broadcast or multicast ICMP ping packets. 1111Refer to 1112.Xr icmp 4 1113for more information. 1114.It Va ip_portrange_first 1115.Pq Vt int 1116If not set to 1117.Dq Li NO , 1118this is the first port in the default portrange. 1119Refer to 1120.Xr ip 4 1121for more information. 1122.It Va ip_portrange_last 1123.Pq Vt int 1124If not set to 1125.Dq Li NO , 1126this is the last port in the default portrange. 1127Refer to 1128.Xr ip 4 1129for more information. 1130.It Va network_interfaces 1131.Pq Vt str 1132Set to the list of network interfaces to configure on this host or 1133.Dq Li AUTO 1134(the default) for all current interfaces. 1135Setting the 1136.Va network_interfaces 1137variable to anything other than the default is deprecated. 1138Interfaces that the administrator wishes to store configuration for, 1139but not start at boot should be configured with the 1140.Dq Li NOAUTO 1141keyword in their 1142.Va ifconfig_ Ns Aq Ar interface 1143variables as described below. 1144.Pp 1145An 1146.Va ifconfig_ Ns Aq Ar interface 1147variable is also assumed to exist for each value of 1148.Ar interface . 1149When an interface name contains any of the characters 1150.Dq Li .-/+ 1151they are translated to 1152.Dq Li _ 1153before lookup. 1154The variable can contain arguments to 1155.Xr ifconfig 8 , 1156as well as special case-insensitive keywords described below. 1157Such keywords are removed before passing the value to 1158.Xr ifconfig 8 1159while the order of the other arguments is preserved. 1160.Pp 1161It is possible to add IP alias entries using 1162.Xr ifconfig 8 1163syntax with the address family keyword such as 1164.Li inet . 1165Assuming that the interface in question was 1166.Li ed0 , 1167it might look something like this: 1168.Bd -literal 1169ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1170ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1171.Ed 1172.Pp 1173It also possible to configure multiple IP addresses in Classless 1174Inter-Domain Routing 1175.Pq CIDR 1176address notation, 1177whose each address component can be a range like 1178.Li inet 192.0.2.5-23/24 1179or 1180.Li inet6 2001:db8:1-f::1/64 . 1181This notation allows address and prefix length part only, 1182not the other address modifiers. 1183.Pp 1184In the case of 1185.Li 192.0.2.5-23/24 , 1186the address 192.0.2.5 will be configured with the 1187netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1188the non-conflicting netmask /32 as explained in the 1189.Xr ifconfig 8 1190alias section. 1191Note that this special netmask handling is only for 1192.Li inet , 1193not for the other address families such as 1194.Li inet6 . 1195.Pp 1196With the interface in question being 1197.Li ed0 , 1198an example could look like: 1199.Bd -literal 1200ifconfig_ed0_alias2="inet 192.0.2.129/27" 1201ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1202.Ed 1203.Pp 1204and so on. 1205.Pp 1206Note that 1207.Va ipv4_addrs_ Ns Aq Ar interface 1208variable was supported for IPv4 CIDR address notation. 1209It is now deprecated because the functionality was integrated into 1210.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1211though 1212.Va ipv4_addrs_ Ns Aq Ar interface 1213is still supported for backward compatibility. 1214.Pp 1215For each 1216.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1217entry with an address family keyword, 1218its contents are passed to 1219.Xr ifconfig 8 . 1220Execution stops at the first unsuccessful access, so if 1221something like this is present: 1222.Bd -literal 1223ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1224ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1225ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1226ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1227.Ed 1228.Pp 1229Then note that alias4 would 1230.Em not 1231be added since the search would 1232stop with the missing 1233.Dq Li alias3 1234entry. 1235Because of this difficult to manage behavior, 1236there is 1237.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1238variable, which has the same functionality as 1239.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1240and can have all of entries in a variable like the following: 1241.Bd -literal 1242ifconfig_ed0_aliases="\\ 1243 inet 127.0.0.251 netmask 0xffffffff \\ 1244 inet 127.0.0.252 netmask 0xffffffff \\ 1245 inet 127.0.0.253 netmask 0xffffffff \\ 1246 inet 127.0.0.254 netmask 0xffffffff" 1247.Ed 1248.Pp 1249It also supports CIDR notation. 1250.Pp 1251If the 1252.Pa /etc/start_if. Ns Aq Ar interface 1253file is present, it is read and executed by the 1254.Xr sh 1 1255interpreter 1256before configuring the interface as specified in the 1257.Va ifconfig_ Ns Aq Ar interface 1258and 1259.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1260variables. 1261.Pp 1262If a 1263.Va vlans_ Ns Aq Ar interface 1264variable is set, 1265a 1266.Xr vlan 4 1267interface will be created for each item in the list with the 1268.Ar vlandev 1269argument set to 1270.Ar interface . 1271If a vlan interface's name is a number, 1272then that number is used as the vlan tag and the new vlan interface is 1273named 1274.Ar interface . Ns Ar tag . 1275Otherwise, 1276the vlan tag must be specified via a 1277.Va vlan 1278parameter in the 1279.Va create_args_ Ns Aq Ar interface 1280variable. 1281.Pp 1282To create a vlan device named 1283.Li em0.101 1284on 1285.Li em0 1286with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1287.Bd -literal 1288vlans_em0="101" 1289ifconfig_em0_101="inet 192.0.2.1/24" 1290.Ed 1291.Pp 1292To create a vlan device named 1293.Li myvlan 1294on 1295.Li em0 1296with the vlan tag 102: 1297.Bd -literal 1298vlans_em0="myvlan" 1299create_args_myvlan="vlan 102" 1300.Ed 1301.Pp 1302If a 1303.Va wlans_ Ns Aq Ar interface 1304variable is set, 1305an 1306.Xr wlan 4 1307interface will be created for each item in the list with the 1308.Ar wlandev 1309argument set to 1310.Ar interface . 1311Further wlan cloning arguments may be passed to the 1312.Xr ifconfig 8 1313.Cm create 1314command by setting the 1315.Va create_args_ Ns Aq Ar interface 1316variable. 1317One or more 1318.Xr wlan 4 1319devices must be created for each wireless devices as of 1320.Fx 8.0 . 1321Debugging flags for 1322.Xr wlan 4 1323devices as set by 1324.Xr wlandebug 8 1325may be specified with an 1326.Va wlandebug_ Ns Aq Ar interface 1327variable. 1328The contents of this variable will be passed directly to 1329.Xr wlandebug 8 . 1330.Pp 1331If the 1332.Va ifconfig_ Ns Aq Ar interface 1333contains the keyword 1334.Dq Li NOAUTO 1335then the interface will not be configured 1336at boot or by 1337.Pa /etc/pccard_ether 1338when 1339.Va network_interfaces 1340is set to 1341.Dq Li AUTO . 1342.Pp 1343It is possible to bring up an interface with DHCP by adding 1344.Dq Li DHCP 1345to the 1346.Va ifconfig_ Ns Aq Ar interface 1347variable. 1348For instance, to initialize the 1349.Li ed0 1350device via DHCP, 1351it is possible to use something like: 1352.Bd -literal 1353ifconfig_ed0="DHCP" 1354.Ed 1355.Pp 1356If you want to configure your wireless interface with 1357.Xr wpa_supplicant 8 1358for use with WPA, EAP/LEAP or WEP, you need to add 1359.Dq Li WPA 1360to the 1361.Va ifconfig_ Ns Aq Ar interface 1362variable. 1363.Pp 1364On the other hand, if you want to configure your wireless interface with 1365.Xr hostapd 8 , 1366you need to add 1367.Dq Li HOSTAP 1368to the 1369.Va ifconfig_ Ns Aq Ar interface 1370variable. 1371.Xr hostapd 8 1372will use the settings from 1373.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1374.Pp 1375Finally, you can add 1376.Xr ifconfig 8 1377options in this variable, in addition to the 1378.Pa /etc/start_if. Ns Aq Ar interface 1379file. 1380For instance, to configure an 1381.Xr ath 4 1382wireless device in station mode with an address obtained 1383via DHCP, using WPA authentication and 802.11b mode, it is 1384possible to use something like: 1385.Bd -literal 1386wlans_ath0="wlan0" 1387ifconfig_wlan0="DHCP WPA mode 11b" 1388.Ed 1389.Pp 1390In addition to the 1391.Va ifconfig_ Ns Aq Ar interface 1392form, a fallback variable 1393.Va ifconfig_DEFAULT 1394may be configured. 1395It will be used for all interfaces with no 1396.Va ifconfig_ Ns Aq Ar interface 1397variable. 1398This is intended to replace the no longer supported 1399.Va pccard_ifconfig 1400variable. 1401.Pp 1402It is also possible to rename an interface by doing: 1403.Bd -literal 1404ifconfig_ed0_name="net0" 1405ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1406.Ed 1407.It Va ipv6_enable 1408.Pq Vt bool 1409This variable is deprecated. 1410Use 1411.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1412and 1413.Va ipv6_activate_all_interfaces 1414if necessary. 1415.Pp 1416If the variable is 1417.Dq Li YES , 1418.Dq Li inet6 accept_rtadv 1419is added to all of 1420.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1421and the 1422.Va ipv6_activate_all_interfaces 1423is defined as 1424.Dq Li YES . 1425.It Va ipv6_prefer 1426.Pq Vt bool 1427This variable is deprecated. 1428Use 1429.Va ip6addrctl_policy 1430instead. 1431.Pp 1432If the variable is 1433.Dq Li YES , 1434the default address selection policy table set by 1435.Xr ip6addrctl 8 1436will be IPv6-preferred. 1437.Pp 1438If the variable is 1439.Dq Li NO , 1440the default address selection policy table set by 1441.Xr ip6addrctl 8 1442will be IPv4-preferred. 1443.It Va ipv6_activate_all_interfaces 1444.Pq Vt bool 1445This controls initial configuration on IPv6-capable 1446interfaces with no corresponding 1447.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1448variable. 1449Note that it is not always necessary to set this variable to 1450.Dq YES 1451to use IPv6 functionality on 1452.Fx . 1453In most cases, just configuring 1454.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1455variables works. 1456.Pp 1457If the variable is 1458.Dq Li NO , 1459all interfaces which do not have a corresponding 1460.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1461variable will be marked as 1462.Dq Li IFDISABLED 1463at creation. 1464This means that all of IPv6 functionality on that interface 1465is completely disabled to enforce a security policy. 1466If the variable is set to 1467.Dq YES , 1468the flag will be cleared on all of the interfaces. 1469.Pp 1470In most cases, just defining an 1471.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1472for an IPv6-capable interface should be sufficient. 1473However, if an interface is added dynamically 1474.Pq by some tunneling protocols such as PPP, for example , 1475it is often difficult to define the variable in advance. 1476In such a case, configuring the 1477.Dq Li IFDISABLED 1478flag can be disabled by setting this variable to 1479.Dq YES . 1480.Pp 1481For more details of the 1482.Dq Li IFDISABLED 1483flag and keywords 1484.Dq Li inet6 ifdisabled , 1485see 1486.Xr ifconfig 8 . 1487.Pp 1488Default is 1489.Dq Li NO . 1490.It Va ipv6_privacy 1491.Pq Vt bool 1492If the variable is 1493.Dq Li YES 1494privacy addresses will be generated for each IPv6 1495interface as described in RFC 4941. 1496.It Va ipv6_network_interfaces 1497.Pq Vt str 1498This is the IPv6 equivalent of 1499.Va network_interfaces . 1500Normally manual configuration of this variable is not needed. 1501.Pp 1502.It Va ipv6_cpe_wanif 1503.Pq Vt str 1504If the variable is set to an interface name, 1505the 1506.Xr ifconfig 8 1507options 1508.Dq inet6 -no_radr accept_rtadv 1509will be added to the specified interface automatically before evaluating 1510.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1511and two 1512.Xr sysctl 8 1513variables 1514.Va net.inet6.ip6.rfc6204w3 1515and 1516.Va net.inet6.ip6.no_radr 1517will be set to 1. 1518.Pp 1519This means the specified interface will accept ICMPv6 Router 1520Advertisement messages on that link and add the discovered 1521routers into the Default Router List. 1522While the other interfaces can still accept RA messages if the 1523.Dq inet6 accept_rtadv 1524option is specified, adding 1525routes into the Default Router List will be disabled by 1526.Dq inet6 no_radr 1527option by default. 1528See 1529.Xr ifconfig 8 1530for more details. 1531.Pp 1532Note that ICMPv6 Router Advertisement messages will be 1533accepted even when 1534.Va net.inet6.ip6.forwarding 1535is 1 1536.Pq packet forwarding is enabled 1537when 1538.Va net.inet6.ip6.rfc6204w3 1539is set to 1. 1540.Pp 1541Default is 1542.Dq Li NO . 1543.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1544.Pq Vt str 1545IPv6 functionality on an interface should be configured by 1546.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1547instead of setting ifconfig parameters in 1548.Va ifconfig_ Ns Aq Ar interface . 1549If this variable is empty, all of IPv6 configurations on the 1550specified interface by other variables such as 1551.Va ipv6_prefix_ Ns Ao Ar interface Ac 1552will be ignored. 1553.Pp 1554Aliases should be set by 1555.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1556with 1557.Dq Li inet6 1558keyword. 1559For example: 1560.Bd -literal 1561ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1562ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1563.Ed 1564.Pp 1565Interfaces that have an 1566.Dq Li inet6 accept_rtadv 1567keyword in 1568.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1569setting will be automatically configured by SLAAC 1570.Pq StateLess Address AutoConfiguration 1571described in 1572.Rs 1573.%T "RFC 4862" 1574.Re 1575.Pp 1576Note that a link-local address will be automatically configured in 1577addition to the configured global-scope addresses because the IPv6 1578specifications require it on each link. 1579The address is calculated from the MAC address by using an algorithm 1580defined in 1581.Rs 1582.%T "RFC 4862" 1583.%O "Section 5.3" 1584.Re 1585.Pp 1586If only a link-local address is needed on the interface, 1587the following configuration can be used: 1588.Bd -literal 1589ifconfig_ed0_ipv6="inet6 auto_linklocal" 1590.Ed 1591.Pp 1592A link-local address can also be configured manually. 1593This is useful for the default router address of an IPv6 router 1594so that it does not change when the network interface 1595card is replaced. 1596For example: 1597.Bd -literal 1598ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1599.Ed 1600.It Va ipv6_prefix_ Ns Aq Ar interface 1601.Pq Vt str 1602If one or more prefixes are defined in 1603.Va ipv6_prefix_ Ns Aq Ar interface 1604addresses based on each prefix and the EUI-64 interface index will be 1605configured on that interface. 1606Note that this variable will be ignored when 1607.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1608is empty. 1609.Pp 1610For example, the following configuration 1611.Bd -literal 1612ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1613.Ed 1614.Pp 1615is equivalent to the following: 1616.Bd -literal 1617ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1618ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1619ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1620ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1621.Ed 1622.Pp 1623These Subnet-Router anycast addresses will be added only when 1624.Va ipv6_gateway_enable 1625is YES. 1626.It Va ipv6_default_interface 1627.Pq Vt str 1628If not set to 1629.Dq Li NO , 1630this is the default output interface for scoped addresses. 1631This works only with ipv6_gateway_enable="NO". 1632.It Va ip6addrctl_enable 1633.Pq Vt bool 1634This variable is to enable configuring default address selection policy table 1635.Pq RFC 3484 . 1636The table can be specified in another variable 1637.Va ip6addrctl_policy . 1638For 1639.Va ip6addrctl_policy 1640the following keywords can be specified: 1641.Dq Li ipv4_prefer , 1642.Dq Li ipv6_prefer , 1643or 1644.Dq Li AUTO . 1645.Pp 1646If 1647.Dq Li ipv4_prefer 1648or 1649.Dq Li ipv6_prefer 1650is specified, 1651.Xr ip6addrctl 8 1652installs a pre-defined policy table described in Section 2.1 1653.Pq IPv6-preferred 1654or 10.3 1655.Pq IPv4-preferred 1656of RFC 3484. 1657.Pp 1658If 1659.Dq Li AUTO 1660is specified, it attempts to read a file 1661.Pa /etc/ip6addrctl.conf 1662first. 1663If this file is found, 1664.Xr ip6addrctl 8 1665reads and installs it. 1666If not found, a policy is automatically set 1667according to 1668.Va ipv6_activate_all_interfaces 1669variable; if the variable is set to 1670.Dq Li YES 1671the IPv6-preferred one is used. 1672Otherwise IPv4-preferred. 1673.Pp 1674The default value of 1675.Va ip6addrctl_enable 1676and 1677.Va ip6addrctl_policy 1678are 1679.Dq Li YES 1680and 1681.Dq Li AUTO , 1682respectively. 1683.It Va cloned_interfaces 1684.Pq Vt str 1685Set to the list of clonable network interfaces to create on this host. 1686Further cloning arguments may be passed to the 1687.Xr ifconfig 8 1688.Cm create 1689command for each interface by setting the 1690.Va create_args_ Ns Aq Ar interface 1691variable. 1692If an interface name is specified with 1693.Dq :sticky 1694keyword, 1695the interface will not be destroyed even when 1696.Pa rc.d/netif 1697script is invoked with 1698.Dq stop 1699argument. 1700This is useful when reconfiguring the interface without destroying it. 1701Entries in 1702.Va cloned_interfaces 1703are automatically appended to 1704.Va network_interfaces 1705for configuration. 1706.It Va cloned_interfaces_sticky 1707.Pq Vt bool 1708This variable is to globally enable functionality of 1709.Dq :sticky 1710keyword in 1711.Va cloned_interfaces 1712for all interfaces. 1713The default value is 1714.Dq NO . 1715Even if this variable is specified to 1716.Dq YES , 1717.Dq :nosticky 1718keyword can be used to override it on per interface basis. 1719.It Va gif_interfaces 1720.Pq Vt str 1721This variable is deprecated in favor of 1722.Va cloned_interfaces . 1723Set to the list of 1724.Xr gif 4 1725tunnel interfaces to configure on this host. 1726A 1727.Va gifconfig_ Ns Aq Ar interface 1728variable is assumed to exist for each value of 1729.Ar interface . 1730The value of this variable is used to configure the link layer of the 1731tunnel according to the syntax of the 1732.Cm tunnel 1733option to 1734.Xr ifconfig 8 . 1735Additionally, this option ensures that each listed interface is created 1736via the 1737.Cm create 1738option to 1739.Xr ifconfig 8 1740before attempting to configure it. 1741.It Va sppp_interfaces 1742.Pq Vt str 1743Set to the list of 1744.Xr sppp 4 1745interfaces to configure on this host. 1746A 1747.Va spppconfig_ Ns Aq Ar interface 1748variable is assumed to exist for each value of 1749.Ar interface . 1750Each interface should also be configured by a general 1751.Va ifconfig_ Ns Aq Ar interface 1752setting. 1753Refer to 1754.Xr spppcontrol 8 1755for more information about available options. 1756.It Va ppp_enable 1757.Pq Vt bool 1758If set to 1759.Dq Li YES , 1760run the 1761.Xr ppp 8 1762daemon. 1763.It Va ppp_profile 1764.Pq Vt str 1765The name of the profile to use from 1766.Pa /etc/ppp/ppp.conf . 1767Also used for per-profile overrides of 1768.Va ppp_mode 1769and 1770.Va ppp_nat , 1771and 1772.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1773When the profile name contains any of the characters 1774.Dq Li .-/+ 1775they are translated to 1776.Dq Li _ 1777for the proposes of the override variable names. 1778.It Va ppp_mode 1779.Pq Vt str 1780Mode in which to run the 1781.Xr ppp 8 1782daemon. 1783.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1784.Pq Vt str 1785Overrides the global 1786.Va ppp_mode 1787for 1788.Ar profile . 1789Accepted modes are 1790.Dq Li auto , 1791.Dq Li ddial , 1792.Dq Li direct 1793and 1794.Dq Li dedicated . 1795See the manual for a full description. 1796.It Va ppp_nat 1797.Pq Vt bool 1798If set to 1799.Dq Li YES , 1800enables network address translation. 1801Used in conjunction with 1802.Va gateway_enable 1803allows hosts on private network addresses access to the Internet using 1804this host as a network address translating router. 1805.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1806.Pq Vt str 1807Overrides the global 1808.Va ppp_nat 1809for 1810.Ar profile . 1811.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1812.Pq Vt int 1813Set the unit number to be used for this profile. 1814See the manual description of 1815.Fl unit Ns Ar N 1816for details. 1817.It Va ppp_user 1818.Pq Vt str 1819The name of the user under which 1820.Xr ppp 8 1821should be started. 1822By 1823default, 1824.Xr ppp 8 1825is started as 1826.Dq Li root . 1827.It Va rc_conf_files 1828.Pq Vt str 1829This option is used to specify a list of files that will override 1830the settings in 1831.Pa /etc/defaults/rc.conf . 1832The files will be read in the order in which they are specified and should 1833include the full path to the file. 1834By default, the files specified are 1835.Pa /etc/rc.conf 1836and 1837.Pa /etc/rc.conf.local 1838.It Va zfs_enable 1839.Pq Vt bool 1840If set to 1841.Dq Li YES , 1842.Pa /etc/rc.d/zfs 1843will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1844(ZVOLs). 1845.It Va gptboot_enable 1846.Pq Vt bool 1847If set to 1848.Dq Li YES , 1849.Pa /etc/rc.d/gptboot 1850will log if the system successfully (or not) booted from a GPT partition, 1851which had the 1852.Ar bootonce 1853attribute set using 1854.Xr gpart 8 1855utility. 1856.It Va gbde_autoattach_all 1857.Pq Vt bool 1858If set to 1859.Dq Li YES , 1860.Pa /etc/rc.d/gbde 1861will attempt to automatically initialize your .bde devices in 1862.Pa /etc/fstab . 1863.It Va gbde_devices 1864.Pq Vt str 1865List the devices that the script should try to attach, 1866or 1867.Dq Li AUTO . 1868.It Va gbde_lockdir 1869.Pq Vt str 1870The directory where the 1871.Xr gbde 4 1872lockfiles are located. 1873The default lockfile directory is 1874.Pa /etc . 1875.Pp 1876The lockfile for each individual 1877.Xr gbde 4 1878device can be overridden by setting the variable 1879.Va gbde_lock_ Ns Aq Ar device , 1880where 1881.Ar device 1882is the encrypted device without the 1883.Dq Pa /dev/ 1884and 1885.Dq Pa .bde 1886parts. 1887.It Va gbde_attach_attempts 1888.Pq Vt int 1889Number of times to attempt attaching to a 1890.Xr gbde 4 1891device, i.e., how many times the user is asked for the pass-phrase. 1892Default is 3. 1893.It Va geli_devices 1894.Pq Vt str 1895List of devices to automatically attach on boot. 1896Note that .eli devices from 1897.Pa /etc/fstab 1898are automatically appended to this list. 1899.It Va geli_tries 1900.Pq Vt int 1901Number of times user is asked for the pass-phrase. 1902If empty, it will be taken from 1903.Va kern.geom.eli.tries 1904sysctl variable. 1905.It Va geli_default_flags 1906.Pq Vt str 1907Default flags to use by 1908.Xr geli 8 1909when configuring disk encryption. 1910Flags can be configured for every device separately by defining 1911.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1912variable. 1913.It Va geli_autodetach 1914.Pq Vt str 1915Specifies if GELI devices should be marked for detach on last close after 1916file systems are mounted. 1917Default is 1918.Dq Li YES . 1919This can be changed for every device separately by defining 1920.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1921variable. 1922.It Va root_rw_mount 1923.Pq Vt bool 1924Set to 1925.Dq Li YES 1926by default. 1927After the file systems are checked at boot time, the root file system 1928is remounted as read-write if this is set to 1929.Dq Li YES . 1930Diskless systems that mount their root file system from a read-only remote 1931NFS share should set this to 1932.Dq Li NO 1933in their 1934.Pa rc.conf . 1935.It Va fsck_y_enable 1936.Pq Vt bool 1937If set to 1938.Dq Li YES , 1939.Xr fsck 8 1940will be run with the 1941.Fl y 1942flag if the initial preen 1943of the file systems fails. 1944.It Va background_fsck 1945.Pq Vt bool 1946If set to 1947.Dq Li YES , 1948the system will attempt to run 1949.Xr fsck 8 1950in the background where possible. 1951.It Va background_fsck_delay 1952.Pq Vt int 1953The amount of time in seconds to sleep before starting a background 1954.Xr fsck 8 . 1955It defaults to sixty seconds to allow large applications such as 1956the X server to start before disk I/O bandwidth is monopolized by 1957.Xr fsck 8 . 1958If set to a negative number, the background file system check will be 1959delayed indefinitely to allow the administrator to run it at a more 1960convenient time. 1961For example it may be run from 1962.Xr cron 8 1963by adding a line like 1964.Pp 1965.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1966.Pp 1967to 1968.Pa /etc/crontab . 1969.It Va netfs_types 1970.Pq Vt str 1971List of file system types that are network-based. 1972This list should generally not be modified by end users. 1973Use 1974.Va extra_netfs_types 1975instead. 1976.It Va extra_netfs_types 1977.Pq Vt str 1978If set to something other than 1979.Dq Li NO 1980(the default), 1981this variable extends the list of file system types 1982for which automatic mounting at startup by 1983.Xr rc 8 1984should be delayed until the network is initialized. 1985It should contain 1986a whitespace-separated list of network file system descriptor pairs, 1987each consisting of a file system type as passed to 1988.Xr mount 8 1989and a human-readable, one-word description, 1990joined with a colon 1991.Pq Ql \&: . 1992Extending the default list in this way is only necessary 1993when third party file system types are used. 1994.It Va syslogd_enable 1995.Pq Vt bool 1996If set to 1997.Dq Li YES , 1998run the 1999.Xr syslogd 8 2000daemon. 2001.It Va syslogd_program 2002.Pq Vt str 2003Path to 2004.Xr syslogd 8 2005(default 2006.Pa /usr/sbin/syslogd ) . 2007.It Va syslogd_flags 2008.Pq Vt str 2009If 2010.Va syslogd_enable 2011is set to 2012.Dq Li YES , 2013these are the flags to pass to 2014.Xr syslogd 8 . 2015.It Va inetd_enable 2016.Pq Vt bool 2017If set to 2018.Dq Li YES , 2019run the 2020.Xr inetd 8 2021daemon. 2022.It Va inetd_program 2023.Pq Vt str 2024Path to 2025.Xr inetd 8 2026(default 2027.Pa /usr/sbin/inetd ) . 2028.It Va inetd_flags 2029.Pq Vt str 2030If 2031.Va inetd_enable 2032is set to 2033.Dq Li YES , 2034these are the flags to pass to 2035.Xr inetd 8 . 2036.It Va hastd_enable 2037.Pq Vt bool 2038If set to 2039.Dq Li YES , 2040run the 2041.Xr hastd 8 2042daemon. 2043.It Va hastd_program 2044.Pq Vt str 2045Path to 2046.Xr hastd 8 2047(default 2048.Pa /sbin/hastd ) . 2049.It Va hastd_flags 2050.Pq Vt str 2051If 2052.Va hastd_enable 2053is set to 2054.Dq Li YES , 2055these are the flags to pass to 2056.Xr hastd 8 . 2057.It Va local_unbound_enable 2058.Pq Vt bool 2059If set to 2060.Dq Li YES , 2061run the 2062.Xr unbound 8 2063daemon as a local caching resolver. 2064.It Va kerberos5_server_enable 2065.Pq Vt bool 2066Set to 2067.Dq Li YES 2068to start a Kerberos 5 authentication server 2069at boot time. 2070.It Va kerberos5_server 2071.Pq Vt str 2072If 2073.Va kerberos5_server_enable 2074is set to 2075.Dq Li YES 2076this is the path to Kerberos 5 Authentication Server. 2077.It Va kerberos5_server_flags 2078.Pq Vt str 2079Empty by default. 2080This variable contains additional flags to be passed to the Kerberos 5 2081authentication server. 2082.It Va kadmind5_server_enable 2083.Pq Vt bool 2084Set to 2085.Dq Li YES 2086to start 2087.Xr kadmind 8 , 2088the Kerberos 5 Administration Daemon; set to 2089.Dq Li NO 2090on a slave server. 2091.It Va kadmind5_server 2092.Pq Vt str 2093If 2094.Va kadmind5_server_enable 2095is set to 2096.Dq Li YES 2097this is the path to Kerberos 5 Administration Daemon. 2098.It Va kpasswdd_server_enable 2099.Pq Vt bool 2100Set to 2101.Dq Li YES 2102to start 2103.Xr kpasswdd 8 , 2104the Kerberos 5 Password-Changing Daemon; set to 2105.Dq Li NO 2106on a slave server. 2107.It Va kpasswdd_server 2108.Pq Vt str 2109If 2110.Va kpasswdd_server_enable 2111is set to 2112.Dq Li YES 2113this is the path to Kerberos 5 Password-Changing Daemon. 2114.It Va kfd_enable 2115.Pq Vt bool 2116Set to 2117.Dq Li YES 2118to start 2119.Xr kfd 8 , 2120the Kerberos 5 ticket forwarding daemon, at the boot time. 2121.It Va kfd_program 2122.Pq Vt str 2123Path to 2124.Xr kfd 8 2125(default 2126.Pa /usr/libexec/kfd ) . 2127.It Va rwhod_enable 2128.Pq Vt bool 2129If set to 2130.Dq Li YES , 2131run the 2132.Xr rwhod 8 2133daemon at boot time. 2134.It Va rwhod_flags 2135.Pq Vt str 2136If 2137.Va rwhod_enable 2138is set to 2139.Dq Li YES , 2140these are the flags to pass to it. 2141.It Va amd_enable 2142.Pq Vt bool 2143If set to 2144.Dq Li YES , 2145run the 2146.Xr amd 8 2147daemon at boot time. 2148.It Va amd_flags 2149.Pq Vt str 2150If 2151.Va amd_enable 2152is set to 2153.Dq Li YES , 2154these are the flags to pass to it. 2155See the 2156.Xr amd 8 2157manpage for more information. 2158.It Va amd_map_program 2159.Pq Vt str 2160If set, 2161the specified program is run to get the list of 2162.Xr amd 8 2163maps. 2164For example, if the 2165.Xr amd 8 2166maps are stored in NIS, one can set this to 2167run 2168.Xr ypcat 1 2169to get a list of 2170.Xr amd 8 2171maps from the 2172.Pa amd.master 2173NIS map. 2174.It Va update_motd 2175.Pq Vt bool 2176If set to 2177.Dq Li YES , 2178.Pa /etc/motd 2179will be updated at boot time to reflect the kernel release 2180being run. 2181If set to 2182.Dq Li NO , 2183.Pa /etc/motd 2184will not be updated. 2185.It Va nfs_client_enable 2186.Pq Vt bool 2187If set to 2188.Dq Li YES , 2189run the NFS client daemons at boot time. 2190.It Va nfs_access_cache 2191.Pq Vt int 2192If 2193.Va nfs_client_enable 2194is set to 2195.Dq Li YES , 2196this can be set to 2197.Dq Li 0 2198to disable NFS ACCESS RPC caching, or to the number of seconds for which 2199NFS ACCESS 2200results should be cached. 2201A value of 2-10 seconds will substantially reduce network 2202traffic for many NFS operations. 2203.It Va nfs_server_enable 2204.Pq Vt bool 2205If set to 2206.Dq Li YES , 2207run the NFS server daemons at boot time. 2208.It Va nfs_server_flags 2209.Pq Vt str 2210If 2211.Va nfs_server_enable 2212is set to 2213.Dq Li YES , 2214these are the flags to pass to the 2215.Xr nfsd 8 2216daemon. 2217.It Va nfsv4_server_enable 2218.Pq Vt bool 2219If 2220.Va nfs_server_enable 2221is set to 2222.Dq Li YES 2223and 2224.Va nfsv4_server_enable 2225are set to 2226.Dq Li YES , 2227enable the server for NFSv4 as well as NFSv2 and NFSv3. 2228.It Va nfsuserd_enable 2229.Pq Vt bool 2230If 2231.Va nfsuserd_enable 2232is set to 2233.Dq Li YES , 2234run the nfsuserd daemon, which is needed for NFSv4 in order 2235to map between user/group names vs uid/gid numbers. 2236If 2237.Va nfsv4_server_enable 2238is set to 2239.Dq Li YES , 2240this will be forced enabled. 2241.It Va nfsuserd_flags 2242.Pq Vt str 2243If 2244.Va nfsuserd_enable 2245is set to 2246.Dq Li YES , 2247these are the flags to pass to the 2248.Xr nfsuserd 8 2249daemon. 2250.It Va nfscbd_enable 2251.Pq Vt bool 2252If 2253.Va nfscbd_enable 2254is set to 2255.Dq Li YES , 2256run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2257.It Va nfscbd_flags 2258.Pq Vt str 2259If 2260.Va nfscbd_enable 2261is set to 2262.Dq Li YES , 2263these are the flags to pass to the 2264.Xr nfscbd 8 2265daemon. 2266.It Va oldnfs_server_enable 2267.Pq Vt bool 2268If 2269.Va oldnfs_server_enable 2270is set to 2271.Dq Li YES , 2272force the NFS server daemons to run the old NFS server code 2273that does not support NFSv4. 2274.It Va mountd_enable 2275.Pq Vt bool 2276If set to 2277.Dq Li YES , 2278and no 2279.Va nfs_server_enable 2280is set, start 2281.Xr mountd 8 , 2282but not 2283.Xr nfsd 8 2284daemon. 2285It is commonly needed to run CFS without real NFS used. 2286.It Va mountd_flags 2287.Pq Vt str 2288If 2289.Va mountd_enable 2290is set to 2291.Dq Li YES , 2292these are the flags to pass to the 2293.Xr mountd 8 2294daemon. 2295.It Va weak_mountd_authentication 2296.Pq Vt bool 2297If set to 2298.Dq Li YES , 2299allow services like PCNFSD to make non-privileged mount 2300requests. 2301.It Va nfs_reserved_port_only 2302.Pq Vt bool 2303If set to 2304.Dq Li YES , 2305provide NFS services only on a secure port. 2306.It Va nfs_bufpackets 2307.Pq Vt int 2308If set to a number, indicates the number of packets worth of 2309socket buffer space to reserve on an NFS client. 2310The kernel default is typically 4. 2311Using a higher number may be 2312useful on gigabit networks to improve performance. 2313The minimum value is 23142 and the maximum is 64. 2315.It Va rpc_lockd_enable 2316.Pq Vt bool 2317If set to 2318.Dq Li YES 2319and also an NFS server or client, run 2320.Xr rpc.lockd 8 2321at boot time. 2322.It Va rpc_lockd_flags 2323.Pq Vt str 2324If 2325.Va rpc_lockd_enable 2326is set to 2327.Dq Li YES , 2328these are the flags to pass to the 2329.Xr rpc.lockd 8 2330daemon. 2331.It Va rpc_statd_enable 2332.Pq Vt bool 2333If set to 2334.Dq Li YES 2335and also an NFS server or client, run 2336.Xr rpc.statd 8 2337at boot time. 2338.It Va rpc_statd_flags 2339.Pq Vt str 2340If 2341.Va rpc_statd_enable 2342is set to 2343.Dq Li YES , 2344these are the flags to pass to the 2345.Xr rpc.statd 8 2346daemon. 2347.It Va rpcbind_program 2348.Pq Vt str 2349Path to 2350.Xr rpcbind 8 2351(default 2352.Pa /usr/sbin/rpcbind ) . 2353.It Va rpcbind_enable 2354.Pq Vt bool 2355If set to 2356.Dq Li YES , 2357run the 2358.Xr rpcbind 8 2359service at boot time. 2360.It Va rpcbind_flags 2361.Pq Vt str 2362If 2363.Va rpcbind_enable 2364is set to 2365.Dq Li YES , 2366these are the flags to pass to the 2367.Xr rpcbind 8 2368daemon. 2369.It Va keyserv_enable 2370.Pq Vt bool 2371If set to 2372.Dq Li YES , 2373run the 2374.Xr keyserv 8 2375daemon on boot for running Secure RPC. 2376.It Va keyserv_flags 2377.Pq Vt str 2378If 2379.Va keyserv_enable 2380is set to 2381.Dq Li YES , 2382these are the flags to pass to 2383.Xr keyserv 8 2384daemon. 2385.It Va pppoed_enable 2386.Pq Vt bool 2387If set to 2388.Dq Li YES , 2389run the 2390.Xr pppoed 8 2391daemon at boot time to provide PPP over Ethernet services. 2392.It Va pppoed_ Ns Aq Ar provider 2393.Pq Vt str 2394.Xr pppoed 8 2395listens to requests to this 2396.Ar provider 2397and ultimately runs 2398.Xr ppp 8 2399with a 2400.Ar system 2401argument of the same name. 2402.It Va pppoed_flags 2403.Pq Vt str 2404Additional flags to pass to 2405.Xr pppoed 8 . 2406.It Va pppoed_interface 2407.Pq Vt str 2408The network interface to run 2409.Xr pppoed 8 2410on. 2411This is mandatory when 2412.Va pppoed_enable 2413is set to 2414.Dq Li YES . 2415.It Va timed_enable 2416.Pq Vt bool 2417If set to 2418.Dq Li YES , 2419run the 2420.Xr timed 8 2421service at boot time. 2422This command is intended for networks of 2423machines where a consistent 2424.Dq "network time" 2425for all hosts must be established. 2426This is often useful in large NFS 2427environments where time stamps on files are expected to be consistent 2428network-wide. 2429.It Va timed_flags 2430.Pq Vt str 2431If 2432.Va timed_enable 2433is set to 2434.Dq Li YES , 2435these are the flags to pass to the 2436.Xr timed 8 2437service. 2438.It Va ntpdate_enable 2439.Pq Vt bool 2440If set to 2441.Dq Li YES , 2442run 2443.Xr ntpdate 8 2444at system startup. 2445This command is intended to 2446synchronize the system clock only 2447.Em once 2448from some standard reference. 2449.It Va ntpdate_config 2450.Pq Vt str 2451Configuration file for 2452.Xr ntpdate 8 . 2453Default 2454.Pa /etc/ntp.conf . 2455.It Va ntpdate_hosts 2456.Pq Vt str 2457A whitespace-separated list of NTP servers to synchronize with at startup. 2458The default is to use the servers listed in 2459.Va ntpdate_config , 2460if that file exists. 2461.It Va ntpdate_program 2462.Pq Vt str 2463Path to 2464.Xr ntpdate 8 2465(default 2466.Pa /usr/sbin/ntpdate ) . 2467.It Va ntpdate_flags 2468.Pq Vt str 2469If 2470.Va ntpdate_enable 2471is set to 2472.Dq Li YES , 2473these are the flags to pass to the 2474.Xr ntpdate 8 2475command (typically a hostname). 2476.It Va ntpd_enable 2477.Pq Vt bool 2478If set to 2479.Dq Li YES , 2480run the 2481.Xr ntpd 8 2482command at boot time. 2483.It Va ntpd_program 2484.Pq Vt str 2485Path to 2486.Xr ntpd 8 2487(default 2488.Pa /usr/sbin/ntpd ) . 2489.It Va ntpd_config 2490.Pq Vt str 2491Path to 2492.Xr ntpd 8 2493configuration file. 2494Default 2495.Pa /etc/ntp.conf . 2496.It Va ntpd_flags 2497.Pq Vt str 2498If 2499.Va ntpd_enable 2500is set to 2501.Dq Li YES , 2502these are the flags to pass to the 2503.Xr ntpd 8 2504daemon. 2505.It Va ntpd_sync_on_start 2506.Pq Vt bool 2507If set to 2508.Dq Li YES , 2509.Xr ntpd 8 2510is run with the 2511.Fl g 2512flag, which syncs the system's clock on startup. 2513See 2514.Xr ntpd 8 2515for more information regarding the 2516.Fl g 2517option. 2518This is a preferred alternative to using 2519.Xr ntpdate 8 2520or specifying the 2521.Va ntpdate_enable 2522variable. 2523.It Va nis_client_enable 2524.Pq Vt bool 2525If set to 2526.Dq Li YES , 2527run the 2528.Xr ypbind 8 2529service at system boot time. 2530.It Va nis_client_flags 2531.Pq Vt str 2532If 2533.Va nis_client_enable 2534is set to 2535.Dq Li YES , 2536these are the flags to pass to the 2537.Xr ypbind 8 2538service. 2539.It Va nis_ypset_enable 2540.Pq Vt bool 2541If set to 2542.Dq Li YES , 2543run the 2544.Xr ypset 8 2545daemon at system boot time. 2546.It Va nis_ypset_flags 2547.Pq Vt str 2548If 2549.Va nis_ypset_enable 2550is set to 2551.Dq Li YES , 2552these are the flags to pass to the 2553.Xr ypset 8 2554daemon. 2555.It Va nis_server_enable 2556.Pq Vt bool 2557If set to 2558.Dq Li YES , 2559run the 2560.Xr ypserv 8 2561daemon at system boot time. 2562.It Va nis_server_flags 2563.Pq Vt str 2564If 2565.Va nis_server_enable 2566is set to 2567.Dq Li YES , 2568these are the flags to pass to the 2569.Xr ypserv 8 2570daemon. 2571.It Va nis_ypxfrd_enable 2572.Pq Vt bool 2573If set to 2574.Dq Li YES , 2575run the 2576.Xr rpc.ypxfrd 8 2577daemon at system boot time. 2578.It Va nis_ypxfrd_flags 2579.Pq Vt str 2580If 2581.Va nis_ypxfrd_enable 2582is set to 2583.Dq Li YES , 2584these are the flags to pass to the 2585.Xr rpc.ypxfrd 8 2586daemon. 2587.It Va nis_yppasswdd_enable 2588.Pq Vt bool 2589If set to 2590.Dq Li YES , 2591run the 2592.Xr rpc.yppasswdd 8 2593daemon at system boot time. 2594.It Va nis_yppasswdd_flags 2595.Pq Vt str 2596If 2597.Va nis_yppasswdd_enable 2598is set to 2599.Dq Li YES , 2600these are the flags to pass to the 2601.Xr rpc.yppasswdd 8 2602daemon. 2603.It Va rpc_ypupdated_enable 2604.Pq Vt bool 2605If set to 2606.Dq Li YES , 2607run the 2608.Nm rpc.ypupdated 2609daemon at system boot time. 2610.It Va bsnmpd_enable 2611.Pq Vt bool 2612If set to 2613.Dq Li YES , 2614run the 2615.Xr bsnmpd 1 2616daemon at system boot time. 2617Be sure to understand the security implications of running SNMP daemon 2618on your host. 2619.It Va bsnmpd_flags 2620.Pq Vt str 2621If 2622.Va bsnmpd_enable 2623is set to 2624.Dq Li YES , 2625these are the flags to pass to the 2626.Xr bsnmpd 1 2627daemon. 2628.It Va defaultrouter 2629.Pq Vt str 2630If not set to 2631.Dq Li NO , 2632create a default route to this host name or IP address 2633(use an IP address if this router is also required to get to the 2634name server!). 2635.It Va ipv6_defaultrouter 2636.Pq Vt str 2637The IPv6 equivalent of 2638.Va defaultrouter . 2639.It Va static_arp_pairs 2640.Pq Vt str 2641Set to the list of static ARP pairs that are to be added at system 2642boot time. 2643For each whitespace separated 2644.Ar element 2645in the value, a 2646.Va static_arp_ Ns Aq Ar element 2647variable is assumed to exist whose contents will later be passed to a 2648.Dq Nm arp Cm -S 2649operation. 2650For example 2651.Bd -literal 2652static_arp_pairs="gw" 2653static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2654.Ed 2655.It Va static_ndp_pairs 2656.Pq Vt str 2657Set to the list of static NDP pairs that are to be added at system 2658boot time. 2659For each whitespace separated 2660.Ar element 2661in the value, a 2662.Va static_ndp_ Ns Aq Ar element 2663variable is assumed to exist whose contents will later be passed to a 2664.Dq Nm ndp Cm -s 2665operation. 2666For example 2667.Bd -literal 2668static_ndp_pairs="gw" 2669static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2670.Ed 2671.It Va static_routes 2672.Pq Vt str 2673Set to the list of static routes that are to be added at system 2674boot time. 2675If not set to 2676.Dq Li NO 2677then for each whitespace separated 2678.Ar element 2679in the value, a 2680.Va route_ Ns Aq Ar element 2681variable is assumed to exist 2682whose contents will later be passed to a 2683.Dq Nm route Cm add 2684operation. 2685For example: 2686.Bd -literal 2687static_routes="ext mcast:gif0 gif0local:gif0" 2688route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2689route_mcast="-net 224.0.0.0/4 -iface gif0" 2690route_gif0local="-host 169.254.1.1 -iface lo0" 2691.Ed 2692.Pp 2693When an 2694.Ar element 2695is in the form of 2696.Li name:ifname , 2697the route is specific to the interface 2698.Li ifname . 2699.It Va ipv6_static_routes 2700.Pq Vt str 2701The IPv6 equivalent of 2702.Va static_routes . 2703If not set to 2704.Dq Li NO 2705then for each whitespace separated 2706.Ar element 2707in the value, a 2708.Va ipv6_route_ Ns Aq Ar element 2709variable is assumed to exist 2710whose contents will later be passed to a 2711.Dq Nm route Cm add Fl inet6 2712operation. 2713.It Va natm_static_routes 2714.Pq Vt str 2715The 2716.Xr natmip 4 2717equivalent of 2718.Va static_routes . 2719If not empty then for each whitespace separated 2720.Ar element 2721in the value, a 2722.Va route_ Ns Aq Ar element 2723variable is assumed to exist whose contents will later be passed to a 2724.Dq Nm atmconfig Cm natm Cm add 2725operation. 2726.It Va gateway_enable 2727.Pq Vt bool 2728If set to 2729.Dq Li YES , 2730configure host to act as an IP router, e.g.\& to forward packets 2731between interfaces. 2732.It Va ipv6_gateway_enable 2733.Pq Vt bool 2734The IPv6 equivalent of 2735.Va gateway_enable . 2736.It Va routed_enable 2737.Pq Vt bool 2738If set to 2739.Dq Li YES , 2740run a routing daemon of some sort, based on the 2741settings of 2742.Va routed_program 2743and 2744.Va routed_flags . 2745.It Va route6d_enable 2746.Pq Vt bool 2747The IPv6 equivalent of 2748.Va routed_enable . 2749If set to 2750.Dq Li YES , 2751run a routing daemon of some sort, based on the 2752settings of 2753.Va route6d_program 2754and 2755.Va route6d_flags . 2756.It Va routed_program 2757.Pq Vt str 2758If 2759.Va routed_enable 2760is set to 2761.Dq Li YES , 2762this is the name of the routing daemon to use. 2763.It Va route6d_program 2764.Pq Vt str 2765The IPv6 equivalent of 2766.Va routed_program . 2767.It Va routed_flags 2768.Pq Vt str 2769If 2770.Va routed_enable 2771is set to 2772.Dq Li YES , 2773these are the flags to pass to the routing daemon. 2774.It Va route6d_flags 2775.Pq Vt str 2776The IPv6 equivalent of 2777.Va routed_flags . 2778.It Va mrouted_enable 2779.Pq Vt bool 2780If set to 2781.Dq Li YES , 2782run the multicast routing daemon, 2783.Xr mrouted 8 . 2784.It Va mroute6d_enable 2785.Pq Vt bool 2786The IPv6 equivalent of 2787.Va mrouted_enable . 2788If set to 2789.Dq Li YES , 2790run the IPv6 multicast routing daemon. 2791.Pp 2792Note that multicast routing daemons are no longer included in the 2793.Fx 2794base system, however, both 2795.Xr mrouted 8 2796and 2797.Xr pim6dd 8 2798may be installed from the 2799.Fx 2800Ports Collection. 2801.It Va mrouted_flags 2802.Pq Vt str 2803If 2804.Va mrouted_enable 2805is set to 2806.Dq Li YES , 2807these are the flags to pass to the 2808.Xr mrouted 8 2809daemon. 2810.It Va mroute6d_flags 2811.Pq Vt str 2812The IPv6 equivalent of 2813.Va mrouted_flags . 2814If 2815.Va mroute6d_enable 2816is set to 2817.Dq Li YES , 2818these are the flags passed to the IPv6 multicast routing daemon. 2819.It Va mroute6d_program 2820.Pq Vt str 2821If 2822.Va mroute6d_enable 2823is set to 2824.Dq Li YES , 2825this is the path to the IPv6 multicast routing daemon. 2826.It Va rtadvd_enable 2827.Pq Vt bool 2828If set to 2829.Dq Li YES , 2830run the 2831.Xr rtadvd 8 2832daemon at boot time. 2833The 2834.Xr rtadvd 8 2835utility sends ICMPv6 Router Advertisement messages to 2836the interfaces specified in 2837.Va rtadvd_interfaces . 2838This should only be enabled with great care. 2839You may want to fine-tune 2840.Xr rtadvd.conf 5 . 2841.It Va rtadvd_interfaces 2842.Pq Vt str 2843If 2844.Va rtadvd_enable 2845is set to 2846.Dq Li YES 2847this is the list of interfaces to use. 2848.It Va ipxgateway_enable 2849.Pq Vt bool 2850If set to 2851.Dq Li YES , 2852enable the routing of IPX traffic. 2853.It Va ipxrouted_enable 2854.Pq Vt bool 2855If set to 2856.Dq Li YES , 2857run the 2858.Xr IPXrouted 8 2859daemon at system boot time. 2860.It Va ipxrouted_flags 2861.Pq Vt str 2862If 2863.Va ipxrouted_enable 2864is set to 2865.Dq Li YES , 2866these are the flags to pass to the 2867.Xr IPXrouted 8 2868daemon. 2869.It Va arpproxy_all 2870.Pq Vt bool 2871If set to 2872.Dq Li YES , 2873enable global proxy ARP. 2874.It Va forward_sourceroute 2875.Pq Vt bool 2876If set to 2877.Dq Li YES 2878and 2879.Va gateway_enable 2880is also set to 2881.Dq Li YES , 2882source-routed packets are forwarded. 2883.It Va accept_sourceroute 2884.Pq Vt bool 2885If set to 2886.Dq Li YES , 2887the system will accept source-routed packets directed at it. 2888.It Va rarpd_enable 2889.Pq Vt bool 2890If set to 2891.Dq Li YES , 2892run the 2893.Xr rarpd 8 2894daemon at system boot time. 2895.It Va rarpd_flags 2896.Pq Vt str 2897If 2898.Va rarpd_enable 2899is set to 2900.Dq Li YES , 2901these are the flags to pass to the 2902.Xr rarpd 8 2903daemon. 2904.It Va bootparamd_enable 2905.Pq Vt bool 2906If set to 2907.Dq Li YES , 2908run the 2909.Xr bootparamd 8 2910daemon at system boot time. 2911.It Va bootparamd_flags 2912.Pq Vt str 2913If 2914.Va bootparamd_enable 2915is set to 2916.Dq Li YES , 2917these are the flags to pass to the 2918.Xr bootparamd 8 2919daemon. 2920.It Va stf_interface_ipv4addr 2921.Pq Vt str 2922If not set to 2923.Dq Li NO , 2924this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2925interface). 2926Specify this entry to enable the 6to4 interface. 2927.It Va stf_interface_ipv4plen 2928.Pq Vt int 2929Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2930An effective value is 0-31. 2931.It Va stf_interface_ipv6_ifid 2932.Pq Vt str 2933IPv6 interface ID for 2934.Xr stf 4 . 2935This can be set to 2936.Dq Li AUTO . 2937.It Va stf_interface_ipv6_slaid 2938.Pq Vt str 2939IPv6 Site Level Aggregator for 2940.Xr stf 4 . 2941.It Va ipv6_faith_prefix 2942.Pq Vt str 2943If not set to 2944.Dq Li NO , 2945this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2946translator. 2947You also need 2948.Xr faithd 8 2949setup. 2950.It Va ipv6_ipv4mapping 2951.Pq Vt bool 2952If set to 2953.Dq Li YES 2954this enables IPv4 mapped IPv6 address communication (like 2955.Li ::ffff:a.b.c.d ) . 2956.It Va rtsold_enable 2957.Pq Vt bool 2958Set to 2959.Dq Li YES 2960to enable the 2961.Xr rtsold 8 2962daemon to send ICMPv6 Router Solicitation messages. 2963.It Va rtsold_flags 2964.Pq Vt str 2965If 2966.Va rtsold_enable 2967is set to 2968.Dq Li YES , 2969these are the flags to pass to 2970.Xr rtsold 8 . 2971.It Va rtsol_flags 2972.Pq Vt str 2973For interfaces configured with the 2974.Dq Li inet6 accept_rtadv 2975keyword, these are the flags to pass to 2976.Xr rtsol 8 . 2977.Pp 2978Note that 2979.Va rtsold_enable 2980is mutually exclusive to 2981.Va rtsol_flags ; 2982.Va rtsold_enable 2983takes precedence. 2984.It Va atm_enable 2985.Pq Vt bool 2986Set to 2987.Dq Li YES 2988to enable the configuration of ATM interfaces at system boot time. 2989For all of the ATM variables described below, please refer to the 2990.Xr atm 8 2991manual page for further details on the available command parameters. 2992Also refer to the files in 2993.Pa /usr/share/examples/atm 2994for more detailed configuration information. 2995.It Va atm_load 2996.Pq Vt str 2997This is a list of physical ATM interface drivers to load. 2998Typical values are 2999.Dq Li hfa_pci 3000and/or 3001.Dq Li hea_pci . 3002.It Va atm_netif_ Ns Aq Ar intf 3003.Pq Vt str 3004For the ATM physical interface 3005.Ar intf , 3006this variable defines the name prefix and count for the ATM network 3007interfaces to be created. 3008The value will be passed as the parameters of an 3009.Dq Nm atm Cm "set netif" Ar intf 3010command. 3011.It Va atm_sigmgr_ Ns Aq Ar intf 3012.Pq Vt str 3013For the ATM physical interface 3014.Ar intf , 3015this variable defines the ATM signalling manager to be used. 3016The value will be passed as the parameters of an 3017.Dq Nm atm Cm attach Ar intf 3018command. 3019.It Va atm_prefix_ Ns Aq Ar intf 3020.Pq Vt str 3021For the ATM physical interface 3022.Ar intf , 3023this variable defines the NSAP prefix for interfaces using a UNI signalling 3024manager. 3025If set to 3026.Dq Li ILMI , 3027the prefix will automatically be set via the 3028.Xr ilmid 8 3029daemon. 3030Otherwise, the value will be passed as the parameters of an 3031.Dq Nm atm Cm "set prefix" Ar intf 3032command. 3033.It Va atm_macaddr_ Ns Aq Ar intf 3034.Pq Vt str 3035For the ATM physical interface 3036.Ar intf , 3037this variable defines the MAC address for interfaces using a UNI signalling 3038manager. 3039If set to 3040.Dq Li NO , 3041the hardware MAC address contained in the ATM interface card will be used. 3042Otherwise, the value will be passed as the parameters of an 3043.Dq Nm atm Cm "set mac" Ar intf 3044command. 3045.It Va atm_arpserver_ Ns Aq Ar netif 3046.Pq Vt str 3047For the ATM network interface 3048.Ar netif , 3049this variable defines the ATM address for a host which is to provide ATMARP 3050service. 3051This variable is only applicable to interfaces using a UNI signalling 3052manager. 3053If set to 3054.Dq Li local , 3055this host will become an ATMARP server. 3056The value will be passed as the parameters of an 3057.Dq Nm atm Cm "set arpserver" Ar netif 3058command. 3059.It Va atm_scsparp_ Ns Aq Ar netif 3060.Pq Vt bool 3061If set to 3062.Dq Li YES , 3063SCSP/ATMARP service for the network interface 3064.Ar netif 3065will be initiated using the 3066.Xr scspd 8 3067and 3068.Xr atmarpd 8 3069daemons. 3070This variable is only applicable if 3071.Va atm_arpserver_ Ns Aq Ar netif 3072is set to 3073.Dq Li local . 3074.It Va atm_pvcs 3075.Pq Vt str 3076Set to the list of ATM PVCs to be added at system 3077boot time. 3078For each whitespace separated 3079.Ar element 3080in the value, an 3081.Va atm_pvc_ Ns Aq Ar element 3082variable is assumed to exist. 3083The value of each of these variables 3084will be passed as the parameters of an 3085.Dq Nm atm Cm "add pvc" 3086command. 3087.It Va atm_arps 3088.Pq Vt str 3089Set to the list of permanent ATM ARP entries to be added 3090at system boot time. 3091For each whitespace separated 3092.Ar element 3093in the value, an 3094.Va atm_arp_ Ns Aq Ar element 3095variable is assumed to exist. 3096The value of each of these variables 3097will be passed as the parameters of an 3098.Dq Nm atm Cm "add arp" 3099command. 3100.It Va natm_interfaces 3101.Pq Vt str 3102Set to the list of 3103.Xr natm 4 3104interfaces that will also be used for HARP through 3105.Xr harp 4 . 3106If this list is not empty all interfaces in the list will be brought up 3107with 3108.Xr ifconfig 8 3109and 3110.Xr harp 4 3111will be loaded. 3112For this to work the interface drivers must be either compiled into the 3113kernel or must reside on the root partition. 3114.It Va keybell 3115.Pq Vt str 3116The keyboard bell sound. 3117Set to 3118.Dq Li normal , 3119.Dq Li visual , 3120.Dq Li off , 3121or 3122.Dq Li NO 3123if the default behavior is desired. 3124For details, refer to the 3125.Xr kbdcontrol 1 3126manpage. 3127.It Va keyboard 3128.Pq Vt str 3129If set to a non-null string, the virtual console's keyboard input is 3130set to this device. 3131.It Va keymap 3132.Pq Vt str 3133If set to 3134.Dq Li NO , 3135no keymap is installed, otherwise the value is used to install 3136the keymap file in 3137.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3138.It Va keyrate 3139.Pq Vt str 3140The keyboard repeat speed. 3141Set to 3142.Dq Li slow , 3143.Dq Li normal , 3144.Dq Li fast , 3145or 3146.Dq Li NO 3147if the default behavior is desired. 3148.It Va keychange 3149.Pq Vt str 3150If not set to 3151.Dq Li NO , 3152attempt to program the function keys with the value. 3153The value should 3154be a single string of the form: 3155.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3156.It Va cursor 3157.Pq Vt str 3158Can be set to the value of 3159.Dq Li normal , 3160.Dq Li blink , 3161.Dq Li destructive , 3162or 3163.Dq Li NO 3164to set the cursor behavior explicitly or choose the default behavior. 3165.It Va scrnmap 3166.Pq Vt str 3167If set to 3168.Dq Li NO , 3169no screen map is installed, otherwise the value is used to install 3170the screen map file in 3171.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3172.It Va font8x16 3173.Pq Vt str 3174If set to 3175.Dq Li NO , 3176the default 8x16 font value is used for screen size requests, otherwise 3177the value in 3178.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3179is used. 3180.It Va font8x14 3181.Pq Vt str 3182If set to 3183.Dq Li NO , 3184the default 8x14 font value is used for screen size requests, otherwise 3185the value in 3186.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3187is used. 3188.It Va font8x8 3189.Pq Vt str 3190If set to 3191.Dq Li NO , 3192the default 8x8 font value is used for screen size requests, otherwise 3193the value in 3194.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3195is used. 3196.It Va blanktime 3197.Pq Vt int 3198If set to 3199.Dq Li NO , 3200the default screen blanking interval is used, otherwise it is set 3201to 3202.Ar value 3203seconds. 3204.It Va saver 3205.Pq Vt str 3206If not set to 3207.Dq Li NO , 3208this is the actual screen saver to use 3209.Li ( blank , snake , daemon , 3210etc). 3211.It Va moused_nondefault_enable 3212.Pq Vt str 3213If set to 3214.Dq Li NO , 3215the mouse device specified on 3216the command line is not automatically treated as enabled by the 3217.Pa /etc/rc.d/moused 3218script. 3219Having this variable set to 3220.Dq Li YES 3221allows a 3222.Xr usb 4 3223mouse, 3224for example, 3225to be enabled as soon as it is plugged in. 3226.It Va moused_enable 3227.Pq Vt str 3228If set to 3229.Dq Li YES , 3230the 3231.Xr moused 8 3232daemon is started for doing cut/paste selection on the console. 3233.It Va moused_type 3234.Pq Vt str 3235This is the protocol type of the mouse connected to this host. 3236This variable must be set if 3237.Va moused_enable 3238is set to 3239.Dq Li YES . 3240The 3241.Xr moused 8 3242daemon 3243is able to detect the appropriate mouse type automatically in many cases. 3244Set this variable to 3245.Dq Li auto 3246to let the daemon detect it, or 3247select one from the following list if the automatic detection fails. 3248.Pp 3249If the mouse is attached to the PS/2 mouse port, choose 3250.Dq Li auto 3251or 3252.Dq Li ps/2 , 3253regardless of the brand and model of the mouse. 3254Likewise, if the 3255mouse is attached to the bus mouse port, choose 3256.Dq Li auto 3257or 3258.Dq Li busmouse . 3259All other protocols are for serial mice and will not work with 3260the PS/2 and bus mice. 3261If this is a USB mouse, 3262.Dq Li auto 3263is the only protocol type which will work. 3264.Pp 3265.Bl -tag -width ".Li x10mouseremote" -compact 3266.It Li microsoft 3267Microsoft mouse (serial) 3268.It Li intellimouse 3269Microsoft IntelliMouse (serial) 3270.It Li mousesystems 3271Mouse systems Corp.\& mouse (serial) 3272.It Li mmseries 3273MM Series mouse (serial) 3274.It Li logitech 3275Logitech mouse (serial) 3276.It Li busmouse 3277A bus mouse 3278.It Li mouseman 3279Logitech MouseMan and TrackMan (serial) 3280.It Li glidepoint 3281ALPS GlidePoint (serial) 3282.It Li thinkingmouse 3283Kensington ThinkingMouse (serial) 3284.It Li ps/2 3285PS/2 mouse 3286.It Li mmhittab 3287MM HitTablet (serial) 3288.It Li x10mouseremote 3289X10 MouseRemote (serial) 3290.It Li versapad 3291Interlink VersaPad (serial) 3292.El 3293.Pp 3294Even if the mouse is not in the above list, it may be compatible 3295with one in the list. 3296Refer to the manual page for 3297.Xr moused 8 3298for compatibility information. 3299.Pp 3300It should also be noted that while this is enabled, any 3301other client of the mouse (such as an X server) should access 3302the mouse through the virtual mouse device, 3303.Pa /dev/sysmouse , 3304and configure it as a 3305.Dq Li sysmouse 3306type mouse, since all 3307mouse data is converted to this single canonical format when 3308using 3309.Xr moused 8 . 3310If the client program does not support the 3311.Dq Li sysmouse 3312type, 3313specify the 3314.Dq Li mousesystems 3315type. 3316It is the second preferred type. 3317.It Va moused_port 3318.Pq Vt str 3319If 3320.Va moused_enable 3321is set to 3322.Dq Li YES , 3323this is the actual port the mouse is on. 3324It might be 3325.Pa /dev/cuau0 3326for a COM1 serial mouse, 3327.Pa /dev/psm0 3328for a PS/2 mouse or 3329.Pa /dev/mse0 3330for a bus mouse, for example. 3331.It Va moused_flags 3332.Pq Vt str 3333If 3334.Va moused_flags 3335is set, its value is used as an additional set of flags to pass to the 3336.Xr moused 8 3337daemon. 3338.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3339When 3340.Va moused_nondefault_enable 3341is enabled, and a 3342.Xr moused 8 3343daemon is started for a non-default port, the 3344.Va "moused_" Ns Ar XXX Ns Va "_flags" 3345set of options has precedence over and replaces the default 3346.Va moused_flags 3347(where 3348.Ar XXX 3349is the name of the non-default port, i.e.,\& 3350.Ar ums0 ) . 3351By setting 3352.Va "moused_" Ns Ar XXX Ns Va "_flags" 3353it is possible to set up a different set of default flags for each 3354.Xr moused 8 3355instance. 3356For example, you can use 3357.Dq Li "-3" 3358for the default 3359.Va moused_flags 3360to make your laptop's touchpad more comfortable to use, 3361but an empty set of options for 3362.Va moused_ums0_flags 3363when your 3364.Xr usb 4 3365mouse has three or more buttons. 3366.It Va mousechar_start 3367.Pq Vt int 3368If set to 3369.Dq Li NO , 3370the default mouse cursor character range 3371.Li 0xd0 Ns - Ns Li 0xd3 3372is used, 3373otherwise the range start is set 3374to 3375.Ar value 3376character, see 3377.Xr vidcontrol 1 . 3378Use if the default range is occupied in the language code table. 3379.It Va allscreens_flags 3380.Pq Vt str 3381If set, 3382.Xr vidcontrol 1 3383is run with these options for each of the virtual terminals 3384.Pq Pa /dev/ttyv* . 3385For example, 3386.Dq Fl m Cm on 3387will enable the mouse pointer on all virtual terminals 3388if 3389.Va moused_enable 3390is set to 3391.Dq Li YES . 3392.It Va allscreens_kbdflags 3393.Pq Vt str 3394If set, 3395.Xr kbdcontrol 1 3396is run with these options for each of the virtual terminals 3397.Pq Pa /dev/ttyv* . 3398For example, 3399.Dq Fl h Li 200 3400will set the 3401.Xr syscons 4 3402scrollback (history) buffer to 200 lines. 3403.It Va cron_enable 3404.Pq Vt bool 3405If set to 3406.Dq Li YES , 3407run the 3408.Xr cron 8 3409daemon at system boot time. 3410.It Va cron_program 3411.Pq Vt str 3412Path to 3413.Xr cron 8 3414(default 3415.Pa /usr/sbin/cron ) . 3416.It Va cron_flags 3417.Pq Vt str 3418If 3419.Va cron_enable 3420is set to 3421.Dq Li YES , 3422these are the flags to pass to 3423.Xr cron 8 . 3424.It Va cron_dst 3425.Pq Vt bool 3426If set to 3427.Dq Li YES , 3428enable the special handling of transitions to and from the 3429Daylight Saving Time in 3430.Xr cron 8 3431(equivalent to using the flag 3432.Fl s ) . 3433.It Va lpd_program 3434.Pq Vt str 3435Path to 3436.Xr lpd 8 3437(default 3438.Pa /usr/sbin/lpd ) . 3439.It Va lpd_enable 3440.Pq Vt bool 3441If set to 3442.Dq Li YES , 3443run the 3444.Xr lpd 8 3445daemon at system boot time. 3446.It Va lpd_flags 3447.Pq Vt str 3448If 3449.Va lpd_enable 3450is set to 3451.Dq Li YES , 3452these are the flags to pass to the 3453.Xr lpd 8 3454daemon. 3455.It Va chkprintcap_enable 3456.Pq Vt bool 3457If set to 3458.Dq Li YES , 3459run the 3460.Xr chkprintcap 8 3461command before starting the 3462.Xr lpd 8 3463daemon. 3464.It Va chkprintcap_flags 3465.Pq Vt str 3466If 3467.Va lpd_enable 3468and 3469.Va chkprintcap_enable 3470are set to 3471.Dq Li YES , 3472these are the flags to pass to the 3473.Xr chkprintcap 8 3474program. 3475The default is 3476.Dq Li -d , 3477which causes missing directories to be created. 3478.It Va mta_start_script 3479.Pq Vt str 3480This variable specifies the full path to the script to run to start 3481a mail transfer agent. 3482The default is 3483.Pa /etc/rc.sendmail . 3484The 3485.Va sendmail_* 3486variables which 3487.Pa /etc/rc.sendmail 3488uses are documented in the 3489.Xr rc.sendmail 8 3490manual page. 3491.It Va dumpdev 3492.Pq Vt str 3493Indicates the device (usually a swap partition) to which a crash dump 3494should be written in the event of a system crash. 3495If the value of this variable is 3496.Dq Li AUTO , 3497the first suitable swap device listed in 3498.Pa /etc/fstab 3499will be used as dump device. 3500Otherwise, the value of this variable is passed as the argument to 3501.Xr dumpon 8 . 3502To disable crash dumps, set this variable to 3503.Dq Li NO . 3504.It Va dumpdir 3505.Pq Vt str 3506When the system reboots after a crash and a crash dump is found on the 3507device specified by the 3508.Va dumpdev 3509variable, 3510.Xr savecore 8 3511will save that crash dump and a copy of the kernel to the directory 3512specified by the 3513.Va dumpdir 3514variable. 3515The default value is 3516.Pa /var/crash . 3517Set to 3518.Dq Li NO 3519to not run 3520.Xr savecore 8 3521at boot time when 3522.Va dumpdir 3523is set. 3524.It Va savecore_flags 3525.Pq Vt str 3526If crash dumps are enabled, these are the flags to pass to the 3527.Xr savecore 8 3528utility. 3529.It Va quota_enable 3530.Pq Vt bool 3531Set to 3532.Dq Li YES 3533to turn on user and group disk quotas on system startup via the 3534.Xr quotaon 8 3535command for all file systems marked as having quotas enabled in 3536.Pa /etc/fstab . 3537The kernel must be built with 3538.Cd "options QUOTA" 3539for disk quotas to function. 3540.It Va check_quotas 3541.Pq Vt bool 3542Set to 3543.Dq Li YES 3544to enable user and group disk quota checking via the 3545.Xr quotacheck 8 3546command. 3547.It Va quotacheck_flags 3548.Pq Vt str 3549If 3550.Va quota_enable 3551is set to 3552.Dq Li YES , 3553and 3554.Va check_quotas 3555is set to 3556.Dq Li YES , 3557these are the flags to pass to the 3558.Xr quotacheck 8 3559utility. 3560The default is 3561.Dq Li "-a" , 3562which checks quotas for all file systems with quotas enabled in 3563.Pa /etc/fstab . 3564.It Va quotaon_flags 3565.Pq Vt str 3566If 3567.Va quota_enable 3568is set to 3569.Dq Li YES , 3570these are the flags to pass to the 3571.Xr quotaon 8 3572utility. 3573The default is 3574.Dq Li "-a" , 3575which enables quotas for all file systems with quotas enabled in 3576.Pa /etc/fstab . 3577.It Va quotaoff_flags 3578.Pq Vt str 3579If 3580.Va quota_enable 3581is set to 3582.Dq Li YES , 3583these are the flags to pass to the 3584.Xr quotaoff 8 3585utility when shutting down the quota system. 3586The default is 3587.Dq Li "-a" , 3588which disables quotas for all file systems with quotas enabled in 3589.Pa /etc/fstab . 3590.It Va accounting_enable 3591.Pq Vt bool 3592Set to 3593.Dq Li YES 3594to enable system accounting through the 3595.Xr accton 8 3596facility. 3597.It Va ibcs2_enable 3598.Pq Vt bool 3599Set to 3600.Dq Li YES 3601to enable iBCS2 (SCO) binary emulation at system initial boot 3602time. 3603.It Va ibcs2_loaders 3604.Pq Vt str 3605If not set to 3606.Dq Li NO 3607and if 3608.Va ibcs2_enable 3609is set to 3610.Dq Li YES , 3611this specifies a list of additional iBCS2 loaders to enable. 3612.It Va firstboot_sentinel 3613.Pq Vt str 3614This variable specifies the full path to a 3615.Dq first boot 3616sentinel file. 3617If a file exists with this path, 3618.Pa rc.d 3619scripts with the 3620.Dq firstboot 3621keyword will be run on startup and the sentinel file will be deleted 3622after the boot process completes. 3623The sentinel file must be located on a writable file system which is 3624mounted no later than 3625.Va early_late_divider 3626to function properly. 3627The default is 3628.Pa /firstboot . 3629.It Va linux_enable 3630.Pq Vt bool 3631Set to 3632.Dq Li YES 3633to enable Linux/ELF binary emulation at system initial 3634boot time. 3635.It Va svr4_enable 3636.Pq Vt bool 3637If set to 3638.Dq Li YES , 3639enable SysVR4 emulation at boot time. 3640.It Va sysvipc_enable 3641.Pq Vt bool 3642If set to 3643.Dq Li YES , 3644load System V IPC primitives at boot time. 3645.It Va clear_tmp_enable 3646.Pq Vt bool 3647Set to 3648.Dq Li YES 3649to have 3650.Pa /tmp 3651cleaned at startup. 3652.It Va clear_tmp_X 3653.Pq Vt bool 3654Set to 3655.Dq Li NO 3656to disable removing of X11 lock files, 3657and the removal and (secure) recreation 3658of the various socket directories for X11 3659related programs. 3660.It Va ldconfig_paths 3661.Pq Vt str 3662Set to the list of shared library paths to use with 3663.Xr ldconfig 8 . 3664NOTE: 3665.Pa /usr/lib 3666will always be added first, so it need not appear in this list. 3667.It Va ldconfig32_paths 3668.Pq Vt str 3669Set to the list of 32-bit compatibility shared library paths to 3670use with 3671.Xr ldconfig 8 . 3672.It Va ldconfig_paths_aout 3673.Pq Vt str 3674Set to the list of shared library paths to use with 3675.Xr ldconfig 8 3676legacy 3677.Xr a.out 5 3678support. 3679.It Va ldconfig_insecure 3680.Pq Vt bool 3681The 3682.Xr ldconfig 8 3683utility normally refuses to use directories 3684which are writable by anyone except root. 3685Set this variable to 3686.Dq Li YES 3687to disable that security check during system startup. 3688.It Va ldconfig_local_dirs 3689.Pq Vt str 3690Set to the list of local 3691.Xr ldconfig 8 3692directories. 3693The names of all files in the directories listed will be 3694passed as arguments to 3695.Xr ldconfig 8 . 3696.It Va ldconfig_local32_dirs 3697.Pq Vt str 3698Set to the list of local 32-bit compatibility 3699.Xr ldconfig 8 3700directories. 3701The names of all files in the directories listed will be 3702passed as arguments to 3703.Dq Nm ldconfig Fl 32 . 3704.It Va kern_securelevel_enable 3705.Pq Vt bool 3706Set to 3707.Dq Li YES 3708to set the kernel security level at system startup. 3709.It Va kern_securelevel 3710.Pq Vt int 3711The kernel security level to set at startup. 3712The allowed range of 3713.Ar value 3714ranges from \-1 (the compile time default) to 3 (the 3715most secure). 3716See 3717.Xr security 7 3718for the list of possible security levels and their effect 3719on system operation. 3720.It Va sshd_program 3721.Pq Vt str 3722Path to the SSH server program 3723.Pa ( /usr/sbin/sshd 3724is the default). 3725.It Va sshd_enable 3726.Pq Vt bool 3727Set to 3728.Dq Li YES 3729to start 3730.Xr sshd 8 3731at system boot time. 3732.It Va sshd_flags 3733.Pq Vt str 3734If 3735.Va sshd_enable 3736is set to 3737.Dq Li YES , 3738these are the flags to pass to the 3739.Xr sshd 8 3740daemon. 3741.It Va ftpd_program 3742.Pq Vt str 3743Path to the FTP server program 3744.Pa ( /usr/libexec/ftpd 3745is the default). 3746.It Va ftpd_enable 3747.Pq Vt bool 3748Set to 3749.Dq Li YES 3750to start 3751.Xr ftpd 8 3752as a stand-alone daemon at system boot time. 3753.It Va ftpd_flags 3754.Pq Vt str 3755If 3756.Va ftpd_enable 3757is set to 3758.Dq Li YES , 3759these are the additional flags to pass to the 3760.Xr ftpd 8 3761daemon. 3762.It Va watchdogd_enable 3763.Pq Vt bool 3764If set to 3765.Dq Li YES , 3766start the 3767.Xr watchdogd 8 3768daemon at boot time. 3769This requires that the kernel have been compiled with a 3770.Xr watchdog 4 3771compatible device. 3772.It Va watchdogd_flags 3773.Pq Vt str 3774If 3775.Va watchdogd_enable 3776is set to 3777.Dq Li YES , 3778these are the flags passed to the 3779.Xr watchdogd 8 3780daemon. 3781.It Va devfs_rulesets 3782.Pq Vt str 3783List of files containing sets of rules for 3784.Xr devfs 8 . 3785.It Va devfs_system_ruleset 3786.Pq Vt str 3787Rule name(s) to apply to the system 3788.Pa /dev 3789itself. 3790.It Va devfs_set_rulesets 3791.Pq Vt str 3792Pairs of already-mounted 3793.Pa dev 3794directories and rulesets that should be applied to them. 3795For example: /mount/dev=ruleset_name 3796.It Va devfs_load_rulesets 3797.Pq Vt bool 3798If set, always load the default rulesets listed in 3799.Va devfs_rulesets . 3800.It Va performance_cx_lowest 3801.Pq Vt str 3802CPU idle state to use while on AC power. 3803The string 3804.Dq Li LOW 3805indicates that 3806.Xr acpi 4 3807should use the lowest power state available while 3808.Dq Li HIGH 3809indicates that the lowest latency state (less power savings) should be used. 3810.It Va performance_cpu_freq 3811.Pq Vt str 3812CPU clock frequency to use while on AC power. 3813The string 3814.Dq Li LOW 3815indicates that 3816.Xr cpufreq 4 3817should use the lowest frequency available while 3818.Dq Li HIGH 3819indicates that the highest frequency (less power savings) should be used. 3820.It Va economy_cx_lowest 3821.Pq Vt str 3822CPU idle state to use when off AC power. 3823The string 3824.Dq Li LOW 3825indicates that 3826.Xr acpi 4 3827should use the lowest power state available while 3828.Dq Li HIGH 3829indicates that the lowest latency state (less power savings) should be used. 3830.It Va economy_cpu_freq 3831.Pq Vt str 3832CPU clock frequency to use when off AC power. 3833The string 3834.Dq Li LOW 3835indicates that 3836.Xr cpufreq 4 3837should use the lowest frequency available while 3838.Dq Li HIGH 3839indicates that the highest frequency (less power savings) should be used. 3840.It Va jail_enable 3841.Pq Vt bool 3842If set to 3843.Dq Li NO , 3844any configured jails will not be started. 3845.It Va jail_conf 3846.Pq Vt str 3847The configuration filename used by 3848.Xr jail 8 3849utility. 3850The default value is 3851.Pa /etc/jail.conf . 3852.It Va jail_parallel_start 3853.Pq Vt bool 3854If set to 3855.Dq Li YES , 3856all configured jails will be started in the background (in parallel). 3857.It Va jail_flags 3858.Pq Vt str 3859Unset by default. 3860When set, use as default value for 3861.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3862for every jail in 3863.Va jail_list . 3864.It Va jail_list 3865.Pq Vt str 3866A space separated list of names for jails. 3867If this variable is empty, 3868all of 3869.Xr jail 8 3870instances in the configuration file will be configured. 3871This is purely a configuration aid to help identify and 3872configure multiple jails. 3873The names specified in this list will be used to 3874identify settings common to an instance of a jail, 3875and should contain alphanumeric characters only. 3876The literal jail name of 3877.Dq Li 0 3878.Pq zero 3879is not allowed. 3880.It Va jail_* variables 3881Note that older releases supported per-jail configuration via 3882.Xr rc.conf 5 3883variables. 3884For example, 3885hostname of a jail named 3886.Li vjail 3887was able to be set by 3888.Li jail_vjail_hostname . 3889These per-jail configuration variables are now obsolete in favor of 3890.Xr jail 8 3891configuration file. 3892For backward compatibility, 3893when per-jail configuration variables are defined, 3894.Xr jail 8 3895configuration files are created as 3896.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3897and used. 3898.Pp 3899The following per-jail parameters are handled by 3900.Pa rc.d/jail 3901script out of their corresponding 3902.Nm 3903variables. 3904In addition to them, parameters in 3905.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3906will be added to the configuration file. 3907They must be a semi-colon 3908.Pq Ql \&; 3909delimited list of 3910.Dq key=value . 3911For more details, 3912see 3913.Xr jail 8 3914manual page. 3915.Bl -tag -width "host.hostname" -offset indent 3916.It Li path 3917set from 3918.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3919.It Li host.hostname 3920set from 3921.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3922.It Li exec.consolelog 3923set from 3924.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3925The default value is 3926.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3927.It Li interface 3928set from 3929.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3930.It Li vnet.interface 3931set from 3932.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3933This implies 3934.Li vnet 3935parameter will be enabled and cannot be specified with 3936.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3937.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3938and/or 3939.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3940at the same time. 3941.It Li fstab 3942set from 3943.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3944.It Li mount 3945set from 3946.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3947.It Li exec.fib 3948set from 3949.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3950.It Li exec.start 3951set from 3952.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3953The parameter name was 3954.Li command 3955in some older releases. 3956.It Li exec.prestart 3957set from 3958.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3959.It Li exec.poststart 3960set from 3961.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3962.It Li exec.stop 3963set from 3964.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3965.It Li exec.prestop 3966set from 3967.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3968.It Li exec.poststop 3969set from 3970.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3971.It Li ip4.addr 3972set if 3973.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3974or 3975.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3976contain IPv4 addresses 3977.It Li ip6.addr 3978set if 3979.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3980or 3981.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3982contain IPv6 addresses 3983.It Li allow.mount 3984set from 3985.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3986.It Li mount.devfs 3987set from 3988.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3989.It Li devfs_ruleset 3990set from 3991.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3992This must be an integer, 3993not a string. 3994.It Li mount.fdescfs 3995set from 3996.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3997.It Li allow.set_hostname 3998set from 3999.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4000.It Li allow.rawsocket 4001set from 4002.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4003.It Li allow.sysvipc 4004set from 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4006.El 4007.\" ----------------------------------------------------- 4008.It Va harvest_interrupt 4009.Pq Vt bool 4010Set to 4011.Dq Li YES 4012to use hardware interrupts as an entropy source. 4013Refer to 4014.Xr random 4 4015for more information. 4016.It Va harvest_ethernet 4017.Pq Vt bool 4018Set to 4019.Dq Li YES 4020to use LAN traffic as an entropy source. 4021Refer to 4022.Xr random 4 4023for more information. 4024.It Va harvest_p_to_p 4025.Pq Vt bool 4026Set to 4027.Dq Li YES 4028to use serial line traffic as an entropy source. 4029Refer to 4030.Xr random 4 4031for more information. 4032.It Va entropy_dir 4033.Pq Vt str 4034Set to 4035.Dq Li NO 4036to disable caching entropy via 4037.Xr cron 8 . 4038Otherwise set to the directory used to store entropy files in. 4039.It Va entropy_file 4040.Pq Vt str 4041Set to 4042.Dq Li NO 4043to disable caching entropy through reboots. 4044Otherwise set to the filename used to store cached entropy through 4045reboots. 4046This file should be located on the root file system to seed the 4047.Xr random 4 4048device as early as possible in the boot process. 4049.It Va entropy_save_sz 4050.Pq Vt int 4051Size of the entropy cache files saved by 4052.Nm save-entropy 4053periodically. 4054.It Va entropy_save_num 4055.Pq Vt int 4056Number of entropy cache files to save by 4057.Nm save-entropy 4058periodically. 4059.It Va ipsec_enable 4060.Pq Vt bool 4061Set to 4062.Dq Li YES 4063to run 4064.Xr setkey 8 4065on 4066.Va ipsec_file 4067at boot time. 4068.It Va ipsec_file 4069.Pq Vt str 4070Configuration file for 4071.Xr setkey 8 . 4072.It Va dmesg_enable 4073.Pq Vt bool 4074Set to 4075.Dq Li YES 4076to save 4077.Xr dmesg 8 4078to 4079.Pa /var/run/dmesg.boot 4080on boot. 4081.It Va rcshutdown_timeout 4082.Pq Vt int 4083If set, start a watchdog timer in the background which will terminate 4084.Pa rc.shutdown 4085if 4086.Xr shutdown 8 4087has not completed within the specified time (in seconds). 4088Notice that in addition to this soft timeout, 4089.Xr init 8 4090also applies a hard timeout for the execution of 4091.Pa rc.shutdown . 4092This is configured via 4093.Xr sysctl 8 4094variable 4095.Va kern.init_shutdown_timeout 4096and defaults to 120 seconds. 4097Setting the value of 4098.Va rcshutdown_timeout 4099to more than 120 seconds will have no effect until the 4100.Xr sysctl 8 4101variable 4102.Va kern.init_shutdown_timeout 4103is also increased. 4104.It Va virecover_enable 4105.Pq Vt bool 4106Set to 4107.Dq Li NO 4108to prevent the system from trying to 4109recover pre-maturely terminated 4110.Xr vi 1 4111sessions. 4112.It Va ugidfw_enable 4113.Pq Vt bool 4114Set to 4115.Dq Li YES 4116to load the 4117.Xr mac_bsdextended 4 4118module upon system initialization and load a default 4119ruleset file. 4120.It Va bsdextended_script 4121.Pq Vt str 4122The default 4123.Xr mac_bsdextended 4 4124ruleset file to load. 4125The default value of this variable is 4126.Pa /etc/rc.bsdextended . 4127.It Va newsyslog_enable 4128.Pq Vt bool 4129If set to 4130.Dq Li YES , 4131run 4132.Xr newsyslog 8 4133command at startup. 4134.It Va newsyslog_flags 4135.Pq Vt str 4136If 4137.Va newsyslog_enable 4138is set to 4139.Dq Li YES , 4140these are the flags to pass to the 4141.Xr newsyslog 8 4142program. 4143The default is 4144.Dq Li -CN , 4145which causes log files flagged with a 4146.Cm C 4147to be created. 4148.It Va mdconfig_md Ns Aq Ar X 4149.Pq Vt str 4150Arguments to 4151.Xr mdconfig 8 4152for 4153.Xr md 4 4154device 4155.Ar X . 4156At minimum a 4157.Fl t Ar type 4158must be specified and either a 4159.Fl s Ar size 4160for malloc or swap backed 4161.Xr md 4 4162devices or a 4163.Fl f Ar file 4164for vnode backed 4165.Xr md 4 4166devices. 4167Note that 4168.Va mdconfig_md Ns Aq Ar X 4169variables are evaluated until one variable is unset or null. 4170.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4171.Pq Vt str 4172Optional arguments passed to 4173.Xr newfs 8 4174to initialize 4175.Xr md 4 4176device 4177.Ar X . 4178.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4179.Pq Vt str 4180An ownership specification passed to 4181.Xr chown 8 4182after the specified 4183.Xr md 4 4184device 4185.Ar X 4186has been mounted. 4187Both the 4188.Xr md 4 4189device and the mount point will be changed. 4190.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4191.Pq Vt str 4192A mode string passed to 4193.Xr chmod 1 4194after the specified 4195.Xr md 4 4196device 4197.Ar X 4198has been mounted. 4199Both the 4200.Xr md 4 4201device and the mount point will be changed. 4202.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4203.Pq Vt str 4204Files to be copied to the mount point of the 4205.Xr md 4 4206device 4207.Ar X 4208after it has been mounted. 4209.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4210.Pq Vt str 4211Command to execute after the specified 4212.Xr md 4 4213device 4214.Ar X 4215has been mounted. 4216Note that the command is passed to 4217.Ic eval 4218and that both 4219.Va _dev 4220and 4221.Va _mp 4222variables can be used to reference respectively the 4223.Xr md 4 4224device and the mount point. 4225Assuming that the 4226.Xr md 4 4227device is 4228.Li md0 , 4229one could set the following: 4230.Bd -literal 4231mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4232.Ed 4233.It Va autobridge_interfaces 4234.Pq Vt str 4235Set to the list of bridge interfaces that will have newly arriving interfaces 4236checked against to be automatically added. 4237If not set to 4238.Dq Li NO 4239then for each whitespace separated 4240.Ar element 4241in the value, a 4242.Va autobridge_ Ns Aq Ar element 4243variable is assumed to exist which has a whitespace separated list of interface 4244names to match, these names can use wildcards. 4245For example: 4246.Bd -literal 4247autobridge_interfaces="bridge0" 4248autobridge_bridge0="tap* dc0 vlan[345]" 4249.Ed 4250.It Va mixer_enable 4251.Pq Vt bool 4252If set to 4253.Dq Li YES , 4254enable support for sound mixer. 4255.It Va hcsecd_enable 4256.Pq Vt bool 4257If set to 4258.Dq Li YES , 4259enable Bluetooth security daemon. 4260.It Va hcsecd_config 4261.Pq Vt str 4262Configuration file for 4263.Xr hcsecd 8 . 4264Default 4265.Pa /etc/bluetooth/hcsecd.conf . 4266.It Va sdpd_enable 4267.Pq Vt bool 4268If set to 4269.Dq Li YES , 4270enable Bluetooth Service Discovery Protocol daemon. 4271.It Va sdpd_control 4272.Pq Vt str 4273Path to 4274.Xr sdpd 8 4275control socket. 4276Default 4277.Pa /var/run/sdp . 4278.It Va sdpd_groupname 4279.Pq Vt str 4280Sets 4281.Xr sdpd 8 4282group to run as after it initializes. 4283Default 4284.Dq Li nobody . 4285.It Va sdpd_username 4286.Pq Vt str 4287Sets 4288.Xr sdpd 8 4289user to run as after it initializes. 4290Default 4291.Dq Li nobody . 4292.It Va bthidd_enable 4293.Pq Vt bool 4294If set to 4295.Dq Li YES , 4296enable Bluetooth Human Interface Device daemon. 4297.It Va bthidd_config 4298.Pq Vt str 4299Configuration file for 4300.Xr bthidd 8 . 4301Default 4302.Pa /etc/bluetooth/bthidd.conf . 4303.It Va bthidd_hids 4304.Pq Vt str 4305Path to a file, where 4306.Xr bthidd 8 4307will store information about known HID devices. 4308Default 4309.Pa /var/db/bthidd.hids . 4310.It Va rfcomm_pppd_server_enable 4311.Pq Vt bool 4312If set to 4313.Dq Li YES , 4314enable Bluetooth RFCOMM PPP wrapper daemon. 4315.It Va rfcomm_pppd_server_profile 4316.Pq Vt str 4317The name of the profile to use from 4318.Pa /etc/ppp/ppp.conf . 4319Multiple profiles can be specified here. 4320Also used to specify per-profile overrides. 4321When the profile name contains any of the characters 4322.Dq Li .-/+ 4323they are translated to 4324.Dq Li _ 4325for the proposes of the override variable names. 4326.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4327.Pq Vt str 4328Overrides local address to listen on. 4329By default 4330.Xr rfcomm_pppd 8 4331will listen on 4332.Dq Li ANY 4333address. 4334The address can be specified as BD_ADDR or name. 4335.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4336.Pq Vt str 4337Overrides local RFCOMM channel to listen on. 4338By default 4339.Xr rfcomm_pppd 8 4340will listen on RFCOMM channel 1. 4341Must set properly if multiple profiles used in the same time. 4342.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4343.Pq Vt bool 4344Tells 4345.Xr rfcomm_pppd 8 4346if it should register Serial Port service on the specified RFCOMM channel. 4347Default 4348.Dq Li NO . 4349.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4350.Pq Vt bool 4351Tells 4352.Xr rfcomm_pppd 8 4353if it should register Dial-Up Networking service on the specified 4354RFCOMM channel. 4355Default 4356.Dq Li NO . 4357.It Va ubthidhci_enable 4358.Pq Vt bool 4359If set to 4360.Dq Li YES , 4361change the USB Bluetooth controller from HID mode to HCI mode. 4362You also need to specify the location of USB Bluetooth controller with the 4363.Va ubthidhci_busnum 4364and 4365.Va ubthidhci_addr 4366variables. 4367.It Va ubthidhci_busnum 4368Bus number where the USB Bluetooth controller is located. 4369Check the output of 4370.Xr usbconfig 8 4371on your system to find this information. 4372.It Va ubthidhci_addr 4373Bus address of the USB Bluetooth controller. 4374Check the output of 4375.Xr usbconfig 8 4376on your system to find this information. 4377.It Va netwait_enable 4378.Pq Vt bool 4379If set to 4380.Dq Li YES , 4381delays the start of network-reliant services until 4382.Va netwait_if 4383is up and ICMP packets to a destination defined in 4384.Va netwait_ip 4385are flowing. 4386Link state is examined first, followed by 4387.Dq Li pinging 4388an IP address to verify network usability. 4389If no destination can be reached or timeouts are exceeded, 4390network services are started anyway with no guarantee that 4391the network is usable. 4392Use of this variable requires both 4393.Va netwait_ip 4394and 4395.Va netwait_if 4396to be set. 4397.It Va netwait_ip 4398.Pq Vt str 4399Empty by default. 4400This variable contains a space-delimited list of IP addresses to 4401.Xr ping 8 . 4402DNS hostnames should not be used as resolution is not guaranteed 4403to be functional at this point. 4404If multiple IP addresses are specified, 4405each will be tried until one is successful or the list is exhausted. 4406.It Va netwait_timeout 4407.Pq Vt int 4408Indicates the total number of seconds to perform a 4409.Dq Li ping 4410against each IP address in 4411.Va netwait_ip , 4412at a rate of one ping per second. 4413If any of the pings are successful, 4414full network connectivity is considered reliable. 4415The default is 60. 4416.It Va netwait_if 4417.Pq Vt str 4418Empty by default. 4419Defines the name of the network interface on which watch for link. 4420.Xr ifconfig 8 4421is used to monitor the interface, looking for 4422.Dq Li status: no carrier . 4423Once gone, the link is considered up. 4424This can be a 4425.Xr vlan 4 4426interface if desired. 4427.It Va netwait_if_timeout 4428.Pq Vt int 4429Defines the total number of seconds to wait for link to become usable, 4430polled at a 1-second interval. 4431The default is 30. 4432.El 4433.Sh FILES 4434.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4435.It Pa /etc/defaults/rc.conf 4436.It Pa /etc/rc.conf 4437.It Pa /etc/rc.conf.local 4438.El 4439.Sh SEE ALSO 4440.Xr catman 1 , 4441.Xr chmod 1 , 4442.Xr gdb 1 , 4443.Xr info 1 , 4444.Xr kbdcontrol 1 , 4445.Xr makewhatis 1 , 4446.Xr sh 1 , 4447.Xr vi 1 , 4448.Xr vidcontrol 1 , 4449.Xr bridge 4 , 4450.Xr dummynet 4 , 4451.Xr ip 4 , 4452.Xr ipf 4 , 4453.Xr ipfw 4 , 4454.Xr ipnat 4 , 4455.Xr kld 4 , 4456.Xr pf 4 , 4457.Xr pflog 4 , 4458.Xr pfsync 4 , 4459.Xr tcp 4 , 4460.Xr udp 4 , 4461.Xr exports 5 , 4462.Xr fstab 5 , 4463.Xr ipf 5 , 4464.Xr ipnat 5 , 4465.Xr motd 5 , 4466.Xr newsyslog.conf 5 , 4467.Xr pf.conf 5 , 4468.Xr security 7 , 4469.Xr accton 8 , 4470.Xr amd 8 , 4471.Xr apm 8 , 4472.Xr atm 8 , 4473.Xr bthidd 8 , 4474.Xr chkprintcap 8 , 4475.Xr chown 8 , 4476.Xr cron 8 , 4477.Xr devfs 8 , 4478.Xr dhclient 8 , 4479.Xr ftpd 8 , 4480.Xr geli 8 , 4481.Xr hcsecd 8 , 4482.Xr ifconfig 8 , 4483.Xr inetd 8 , 4484.Xr ipf 8 , 4485.Xr ipfw 8 , 4486.Xr ipnat 8 , 4487.Xr jail 8 , 4488.Xr kldxref 8 , 4489.Xr lpd 8 , 4490.Xr mdconfig 8 , 4491.Xr mdmfs 8 , 4492.Xr mixer 8 , 4493.Xr mountd 8 , 4494.Xr moused 8 , 4495.Xr mrouted 8 , 4496.Xr newfs 8 , 4497.Xr newsyslog 8 , 4498.Xr nfsd 8 , 4499.Xr ntpd 8 , 4500.Xr ntpdate 8 , 4501.Xr pfctl 8 , 4502.Xr pflogd 8 , 4503.Xr ping 8 , 4504.Xr powerd 8 , 4505.Xr quotacheck 8 , 4506.Xr quotaon 8 , 4507.Xr rc 8 , 4508.Xr rc.sendmail 8 , 4509.Xr rfcomm_pppd 8 , 4510.Xr route 8 , 4511.Xr routed 8 , 4512.Xr rpcbind 8 , 4513.Xr rpc.lockd 8 , 4514.Xr rpc.statd 8 , 4515.Xr rwhod 8 , 4516.Xr savecore 8 , 4517.Xr sdpd 8 , 4518.Xr sshd 8 , 4519.Xr swapon 8 , 4520.Xr sysctl 8 , 4521.Xr syslogd 8 , 4522.Xr timed 8 , 4523.Xr unbound 8 , 4524.Xr usbconfig 8 , 4525.Xr wlandebug 8 , 4526.Xr yp 8 , 4527.Xr ypbind 8 , 4528.Xr ypserv 8 , 4529.Xr ypset 8 4530.Sh HISTORY 4531The 4532.Nm 4533file appeared in 4534.Fx 2.2.2 . 4535.Sh AUTHORS 4536.An Jordan K. Hubbard . 4537