1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd October 11, 2024 26.Dt RC.CONF 5 27.Os 28.Sh NAME 29.Nm rc.conf 30.Nd system configuration information 31.Sh DESCRIPTION 32The file 33.Nm 34contains descriptive information about the local host name, configuration 35details for any potential network interfaces and which services should be 36started up at system initial boot time. 37In new installations, the 38.Nm 39file is generally initialized by the system installation utility. 40.Pp 41The purpose of 42.Nm 43is not to run commands or perform system startup actions 44directly. 45Instead, it is included by the 46various generic startup scripts in 47.Pa /etc 48which conditionalize their 49internal actions according to the settings found there. 50.Pp 51The 52.Pa /etc/rc.conf 53file is included from the file 54.Pa /etc/defaults/rc.conf , 55which specifies the default settings for all the available options. 56Options need only be specified in 57.Pa /etc/rc.conf 58when the system administrator wishes to override these defaults. 59The file 60.Pa /etc/defaults/vendor.conf 61allows vendors to override 62.Fx 63defaults. 64The file 65.Pa /etc/rc.conf.local 66is used to override settings in 67.Pa /etc/rc.conf 68for historical reasons. 69.Pp 70The sysrc(8) command provides a scripting interface to modify system 71config files. 72.Pp 73In addition to 74.Pa /etc/rc.conf.local 75you can also place smaller configuration files for each 76.Xr rc 8 77script in the 78.Pa /etc/rc.conf.d 79directory or 80.Ao Ar dir Ac Ns Pa /rc.conf.d 81directories (where 82.Ao Ar dir Ac 83is each entry specified in 84.Va local_startup , 85but with any trailing 86.Pa /rc.d 87stripped), 88which will be included by the 89.Va load_rc_config 90function. 91For jail configurations you could use the file 92.Pa /etc/rc.conf.d/jail 93to store jail-specific configuration options. 94If 95.Va local_startup 96contains 97.Pa /usr/local/etc/rc.d 98and 99.Pa /opt/conf , 100.Pa /usr/local/etc/rc.conf.d/jail 101and 102.Pa /opt/conf/rc.conf.d/jail 103will be loaded. 104If 105.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 106is a directory then all of files in the directory will be loaded. 107See also the 108.Va rc_conf_files 109variable below. 110.Pp 111Options are set with 112.Dq Ar name Ns Li = Ns Ar value 113assignments that use 114.Xr sh 1 115syntax. 116The following list provides a name and short description for each 117variable that can be set in the 118.Nm 119file: 120.Bl -tag -width indent-two 121.It Va rc_debug 122.Pq Vt bool 123If set to 124.Dq Li YES , 125enable output of debug messages from rc scripts. 126This variable can be helpful in diagnosing mistakes when 127editing or integrating new scripts. 128Beware that this produces copious output to the terminal and 129.Xr syslog 3 . 130.It Va rc_info 131.Pq Vt bool 132If set to 133.Dq Li NO , 134disable informational messages from the rc scripts. 135Informational messages are displayed when 136a condition that is not serious enough to warrant a warning or 137an error occurs. 138.It Va rc_startmsgs 139.Pq Vt bool 140If set to 141.Dq Li YES , 142show 143.Dq Starting foo: 144when faststart is used (e.g., at boot time). 145.It Va early_late_divider 146.Pq Vt str 147The name of the script that should be used as the 148delimiter between the 149.Dq early 150and 151.Dq late 152stages of the boot process. 153The early stage should contain all the services needed to 154get the disks (local or remote) mounted so that the late 155stage can include scripts contained in the directories 156listed in the 157.Va local_startup 158variable (see below). 159Thus, the two likely candidates for this value are 160.Pa mountcritlocal 161for the typical system, and 162.Pa mountcritremote 163if the system needs remote file 164systems mounted to get access to the 165.Va local_startup 166directories; for example when 167.Pa /usr/local 168is NFS mounted. 169For 170.Pa rc.conf 171within a 172.Xr jail 8 173.Pa NETWORKING 174is likely to be an appropriate value. 175Extreme care should be taken when changing this value, 176and before changing it one should ensure that there are 177adequate provisions to recover from a failed boot 178(such as physical contact with the machine, 179or reliable remote console access). 180.It Va always_force_depends 181.Pq Vt bool 182Various 183.Pa rc.d 184scripts use the force_depend function to check whether required 185services are already running, and to start them if necessary. 186By default during boot time this check is bypassed if the 187required service is enabled in 188.Pa /etc/rc.conf[.local] . 189Setting this option will bypass that check at boot time and 190always test whether or not the service is actually running. 191Enabling this option is likely to increase your boot time if 192services are enabled that utilize the force_depend check. 193.It Ao Ar name Ac Ns Va _chroot 194.Pq Vt str 195.Xr chroot 8 196to this directory before running the service. 197.It Ao Ar name Ac Ns Va _cpuset 198.Pq Vt str 199A list of CPUs to run the service on. 200Passed to 201.Xr cpuset 1 202using the 203.Fl l 204flag. 205.It Ao Ar name Ac Ns Va _fib 206.Pq Vt int 207The 208.Xr setfib 1 209value to run the service under. 210.It Ao Ar name Ac Ns Va _group 211.Pq Vt str 212Run the chrooted service under this system group. 213Unlike the 214.Ao Ar name Ac Ns Va _user 215setting, this setting has no effect if the service is not chrooted. 216.It Ao Ar name Ac Ns Va _limits 217.Pq Vt str 218Resource limits to apply to the service using 219.Xr limits 1 . 220By default, resource limits are based on the login class defined in 221.Ao Ar name Ac Ns Va _login_class . 222.It Ao Ar name Ac Ns Va _login_class 223.Pq Vt str 224Login class to be used with 225.Ao Ar name Ac Ns Va _limits . 226Defaults to 227.Dq Li daemon . 228.It Ao Ar name Ac Ns Va _nice 229.Pq Vt int 230The 231.Xr nice 1 232value to run the service under. 233.It Ao Ar name Ac Ns Va _oomprotect 234.Pq Vt str 235Use 236.Xr protect 1 237to prevent the service from being killed when swap space 238is exhausted. 239Use 240.Dq Li YES 241to protect only the service itself, and 242.Dq Li ALL 243to protect the service and all its child processes. 244.Pp 245Please note that rc scripts which redefine 246.Dl ${argument}_cmd 247.Pq see Xr rc.subr 8 248such as PostgreSQL will not inherit the OOM killer protection. 249.Pp 250This variable has no effect on services running within a 251.Xr jail 8 . 252.It Ao Ar name Ac Ns Va _setup 253.Pq Vt str 254Run the specified setup script right before starting the actual service 255command. 256Useful for automatic configuration file generation. 257.It Ao Ar name Ac Ns Va _umask 258.Pq Vt int 259Run the service using this 260.Xr umask 1 261value. 262.It Ao Ar name Ac Ns Va _user 263.Pq Vt str 264Run the service under this user account. 265.It Ao Ar name Ac Ns Va _svcj 266.Pq Vt bool 267If set to 268.Dq Li YES , 269auto-jail the service with inherited filesystem and other 270jail properties depending on 271.Ao Ar name Ac Ns Va _svcj_options . 272.It Ao Ar name Ac Ns Va _svcj_options 273.Pq Vt str 274A list of jail properties for the service. 275See 276.Sx SERVICE JAILS 277for a list of valid properties. 278.It Va apm_enable 279.Pq Vt bool 280If set to 281.Dq Li YES , 282enable support for Automatic Power Management with 283the 284.Xr apm 8 285command. 286.It Va apmd_enable 287.Pq Vt bool 288Run 289.Xr apmd 8 290to handle APM event from userland. 291This also enables support for APM. 292.It Va apmd_flags 293.Pq Vt str 294If 295.Va apmd_enable 296is set to 297.Dq Li YES , 298these are the flags to pass to the 299.Xr apmd 8 300daemon. 301.It Va devd_enable 302.Pq Vt bool 303Run 304.Xr devd 8 305to handle device added, removed or unknown events from the kernel. 306.It Va ddb_enable 307.Pq Vt bool 308Run 309.Xr ddb 8 310to install 311.Xr ddb 4 312scripts at boot time. 313.It Va ddb_config 314.Pq Vt str 315Configuration file for 316.Xr ddb 8 . 317Default 318.Pa /etc/ddb.conf . 319.It Va devmatch_enable 320.Pq Vt bool 321If set to 322.Dq Li NO , 323disable auto-loading of kernel modules with 324.Xr devmatch 8 . 325.It Va devmatch_blocklist 326.Pq Vt str 327A whitespace-separated list of kernel modules to be ignored by 328.Xr devmatch 8 . 329In addition, the 330.Xr kenv 1 331.Va devmatch_blocklist 332is appended to this variable to allow disabling of 333.Xr devmatch 8 334loaded modules from the boot loader. 335.It Va devmatch_blacklist 336.Pq Vt str 337This variable is deprecated. 338Use 339.Va devmatch_blocklist 340instead. 341A whitespace-separated list of kernel modules to be ignored by 342.Xr devmatch 8 . 343.It Va kld_list 344.Pq Vt str 345A whitespace-separated list of kernel modules to load right after 346the local disks are mounted, without any 347.Pa .ko 348extension or path. 349.It Va kldxref_enable 350.Pq Vt bool 351Set to 352.Dq Li NO 353by default. 354Set to 355.Dq Li YES 356to automatically rebuild 357.Pa linker.hints 358files with 359.Xr kldxref 8 360at boot time. 361.It Va kldxref_clobber 362.Pq Vt bool 363Set to 364.Dq Li NO 365by default. 366If 367.Va kldxref_enable 368is true, 369setting to 370.Dq Li YES 371will overwrite existing 372.Pa linker.hints 373files at boot time. 374Otherwise, 375only missing 376.Pa linker.hints 377files are generated. 378.It Va kldxref_module_path 379.Pq Vt str 380Empty by default. 381A semi-colon 382.Pq Ql \&; 383delimited list of paths containing 384.Xr kld 4 385modules. 386If empty, 387the contents of the 388.Va kern.module_path 389.Xr sysctl 8 390are used. 391.It Va powerd_enable 392.Pq Vt bool 393If set to 394.Dq Li YES , 395enable the system power control facility with the 396.Xr powerd 8 397daemon. 398.It Va powerd_flags 399.Pq Vt str 400If 401.Va powerd_enable 402is set to 403.Dq Li YES , 404these are the flags to pass to the 405.Xr powerd 8 406daemon. 407.It Va svcj_all_enable 408Enable auto-jailing of all services which are not explicitly 409excluded. 410See 411.Sx SERVICE JAILS 412for more info. 413.It Va tmpmfs 414Controls the creation of a 415.Pa /tmp 416memory file system. 417Always happens if set to 418.Dq Li YES 419and never happens if set to 420.Dq Li NO . 421If set to anything else, a memory file system is created if 422.Pa /tmp 423is not writable. 424.It Va tmpsize 425Controls the size of a created 426.Pa /tmp 427memory file system. 428.It Va tmpmfs_flags 429Extra options passed to the 430.Xr mdmfs 8 431utility when the memory file system for 432.Pa /tmp 433is created. 434The default is 435.Dq Li "-S" , 436which inhibits the use of softupdates on 437.Pa /tmp 438so that file system space is freed without delay 439after file truncation or deletion. 440See 441.Xr mdmfs 8 442for other options you can use in 443.Va tmpmfs_flags . 444.It Va varmfs 445Controls the creation of a 446.Pa /var 447memory file system. 448Always happens if set to 449.Dq Li YES 450and never happens if set to 451.Dq Li NO . 452If set to anything else, a memory file system is created if 453.Pa /var 454is not writable. 455.It Va varsize 456Controls the size of a created 457.Pa /var 458memory file system. 459.It Va varmfs_flags 460Extra options passed to the 461.Xr mdmfs 8 462utility when the memory file system for 463.Pa /var 464is created. 465The default is 466.Dq Li "-S" , 467which inhibits the use of softupdates on 468.Pa /var 469so that file system space is freed without delay 470after file truncation or deletion. 471See 472.Xr mdmfs 8 473for other options you can use in 474.Va varmfs_flags . 475.It Va populate_var 476Controls the automatic population of the 477.Pa /var 478file system. 479Always happens if set to 480.Dq Li YES 481and never happens if set to 482.Dq Li NO . 483If set to anything else, a memory file system is created if 484.Pa /var 485is not writable. 486Note that this process requires access to certain commands in 487.Pa /usr 488before 489.Pa /usr 490is mounted on normal systems. 491.It Va cleanvar_enable 492.Pq Vt bool 493Clean the 494.Pa /var 495directory. 496.It Va var_run_enable 497.Pq Vt bool 498Set to "YES" to enable saving of the 499.Pa /var/run 500directory structure into an mtree file at shutdown and the reload of the 501.Pa /var/run 502directory structure at boot. 503.It Va var_run_autosave 504.Pq Vt bool 505In some cases it may be undesirable to save 506.Pa /var/run 507at shutdown. 508When set to "NO" 509.Pa /var/run 510is loaded at reboot but not saved at shutdown. 511Typically in this scenario 512.Ql service var_run save 513would be performed to save a copy of the 514.Pa /var/run 515directory structure once, to be reloaded during all subsequent reboots. 516.It Va var_run_mtree 517.Pq Vt str 518Where to save the 519.Pa /var/run 520mtree. 521The default location is 522.Pa /var/db/mtree/BSD.var-run.mtree . 523.It Va local_startup 524.Pq Vt str 525List of directories to search for startup script files. 526.It Va script_name_sep 527.Pq Vt str 528The field separator to use for breaking down the list of startup script files 529into individual filenames. 530The default is a space. 531It is not necessary to change this unless there are startup scripts with names 532containing spaces. 533.It Va hostapd_enable 534.Pq Vt bool 535Set to 536.Dq Li YES 537to start 538.Xr hostapd 8 539at system boot time. 540.It Va hostname 541.Pq Vt str 542The fully qualified domain name (FQDN) of this host on the network. 543This should almost certainly be set to something meaningful, even if 544there is no network connection. 545If 546.Xr dhclient 8 547is used to set the hostname via DHCP, 548this variable should be set to an empty string. 549Within a 550.Xr jail 8 551the hostname is generally already set and this variable may be absent. 552If this value remains unset when the system is done booting 553your console login will display the default hostname of 554.Dq Amnesiac . 555.It Va nisdomainname 556.Pq Vt str 557The NIS domain name of this host, or 558.Dq Li NO 559if NIS is not used. 560.It Va hostid_enable 561.Pq Vt bool 562If set to 563.Dq Li NO , 564disable the generation or saving of the 565.Pa hostid 566and 567.Pa machine-id 568files at system boot and shutdown. 569.It Va hostid_file 570.Pq Vt str 571Path to the 572.Pa hostid 573file, default 574.Pa /etc/hostid . 575.It Va hostid_uuidgen_flags 576.Pq Vt str 577Flags passed to 578.Xr uuidgen 1 579when generating a software host UUID. 580This is used only if the system cannot determine a hardware UUID. 581Set to 582.Dq Li -r 583by default. 584.It Va machine_id_file 585.Pq Vt str 586Path to the 587.Pa machine-id 588file, default 589.Pa /etc/machine-id . 590.It Va dhclient_program 591.Pq Vt str 592Path to the DHCP client program, defaulting to 593.Pa /sbin/dhclient . 594.It Va dhclient_flags 595.Pq Vt str 596Additional flags to pass to the DHCP client program. 597See the 598.Xr dhclient 8 599manpage for a description of the command line options available. 600.It Va dhclient_flags_ Ns Aq Ar iface 601Additional flags to pass to the DHCP client program running on 602.Ar iface 603only. 604When specified, this variable overrides 605.Va dhclient_flags . 606.It Va background_dhclient 607.Pq Vt bool 608Set to 609.Dq Li YES 610to start the DHCP client in background. 611This can cause trouble with applications depending on 612a working network, but it will provide a faster startup 613in many cases. 614.It Va background_dhclient_ Ns Aq Ar iface 615When specified, this variable overrides the 616.Va background_dhclient 617variable for interface 618.Ar iface 619only. 620.It Va dhclient_arpwait 621.Pq Vt bool 622Set to 623.Dq Li NO 624to stop 625.Xr dhclient 8 626from waiting for ARP resolution, to make the system boot faster. 627This may be done on networks where the DHCP server is certain to 628know whether an address is available. 629.It Va synchronous_dhclient 630.Pq Vt bool 631Set to 632.Dq Li YES 633to start 634.Xr dhclient 8 635synchronously at startup. 636This behavior can be overridden on a per-interface basis by replacing 637the 638.Dq Li DHCP 639keyword in the 640.Va ifconfig_ Ns Aq Ar interface 641variable with 642.Dq Li SYNCDHCP 643or 644.Dq Li NOSYNCDHCP . 645.It Va defaultroute_delay 646.Pq Vt int 647When set to a positive value, wait up to this long after configuring 648DHCP interfaces at startup to give the interfaces time to receive a lease. 649.It Va firewall_enable 650.Pq Vt bool 651Set to 652.Dq Li YES 653to load firewall rules at startup. 654If the kernel was not built with 655.Cd "options IPFIREWALL" , 656the 657.Pa ipfw.ko 658kernel module will be loaded. 659See also 660.Va ipfilter_enable . 661.It Va firewall_script 662.Pq Vt str 663This variable specifies the full path to the firewall script to run. 664The default is 665.Pa /etc/rc.firewall . 666.It Va firewall_type 667.Pq Vt str 668Names the firewall type from the selection in 669.Pa /etc/rc.firewall , 670or the file which contains the local firewall ruleset. 671Valid selections from 672.Pa /etc/rc.firewall 673are: 674.Pp 675.Bl -tag -width ".Li workstation" -compact 676.It Li open 677unrestricted IP access 678.It Li closed 679all IP services disabled, except via 680.Dq Li lo0 681.It Li client 682basic protection for a workstation 683.It Li workstation 684basic protection for a workstation using stateful firewalling 685.It Li simple 686basic protection for a LAN. 687.El 688.Pp 689If a filename is specified, the full path 690must be given. 691.Pp 692Most of the predefined rulesets define additional configuration variables. 693These are documented in 694.Pa /etc/rc.firewall . 695.It Va firewall_quiet 696.Pq Vt bool 697Set to 698.Dq Li YES 699to disable the display of firewall rules on the console during boot. 700.It Va firewall_logging 701.Pq Vt bool 702Set to 703.Dq Li YES 704to enable firewall event logging. 705This is equivalent to the 706.Dv IPFIREWALL_VERBOSE 707kernel option. 708.It Va firewall_logif 709.Pq Vt bool 710Set to 711.Dq Li YES 712to create pseudo interface 713.Li ipfw0 714for logging. 715For more details, see 716.Xr ipfw 8 717manual page. 718.It Va firewall_flags 719.Pq Vt str 720Flags passed to 721.Xr ipfw 8 722if 723.Va firewall_type 724specifies a filename. 725.It Va firewall_coscripts 726.Pq Vt str 727List of executables and/or rc scripts to run after firewall starts/stops. 728Default is empty. 729.\" ----- firewall_nat_enable setting -------------------------------- 730.It Va firewall_nat_enable 731.Pq Vt bool 732The 733.Xr ipfw 8 734equivalent of 735.Va natd_enable . 736Setting this to 737.Dq Li YES 738will automatically load the 739.Xr ipfw 8 740NAT kernel module if 741.Va firewall_enable 742is also set to 743.Dq Li YES . 744.It Va firewall_nat_interface 745.Pq Vt str 746The 747.Xr ipfw 8 748equivalent of 749.Va natd_interface . 750This is the name of the public interface or IP address on which 751kernel NAT should run. 752.It Va firewall_nat_flags 753.Pq Vt str 754Additional configuration parameters for kernel NAT should be placed here. 755.It Va firewall_nat64_enable 756.Pq Vt bool 757Setting this to 758.Dq Li YES 759will automatically load the 760.Xr ipfw 8 761NAT64 kernel module if 762.Va firewall_enable 763is also set to 764.Dq Li YES . 765.It Va firewall_nptv6_enable 766.Pq Vt bool 767Setting this to 768.Dq Li YES 769will automatically load the 770.Xr ipfw 8 771NPTv6 kernel module if 772.Va firewall_enable 773is also set to 774.Dq Li YES . 775.It Va firewall_pmod_enable 776.Pq Vt bool 777Setting this to 778.Dq Li YES 779will automatically load the 780.Xr ipfw 8 781pmod kernel module if 782.Va firewall_enable 783is also set to 784.Dq Li YES . 785.It Va dummynet_enable 786.Pq Vt bool 787Setting this to 788.Dq Li YES 789will automatically load the 790.Xr dummynet 4 791module if 792.Va firewall_enable 793is also set to 794.Dq Li YES . 795.\" ------------------------------------------------------------------- 796.It Va ipfw_netflow_enable 797.Pq Vt bool 798Setting this to 799.Dq Li YES 800will enable netflow logging via 801.Xr ng_netflow 4 . 802.Pp 803By default a ipfw rule is inserted and all packets are duplicated with 804the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 805port using protocol version 5. 806.It Va ipfw_netflow_hook 807.Pq Vt int 808netflow hook name, must be numerical 809(default 810.Pa 9995 ) . 811.It Va ipfw_netflow_rule 812.Pq Vt int 813ipfw rule number 814(default 815.Pa 1000 ) . 816.It Va ipfw_netflow_ip 817.Pq Vt str 818Destination server ip for receiving netflow data 819(default 820.Pa 127.0.0.1 ) . 821.It Va ipfw_netflow_port 822.Pq Vt int 823Destination server port for receiving netflow data 824(default 825.Pa 9995 ) . 826.It Va ipfw_netflow_version 827.Pq Vt int 828Do not set for using version 5 of the netflow protocol, set it to 9 for using 829version 9. 830.It Va ipfw_netflow_fib 831.Pq Vt int 832Only match packet in FIB 833.Pa ipfw_netflow_fib 834(default is undefined meaning all FIBs). 835.It Va natd_program 836.Pq Vt str 837Path to 838.Xr natd 8 . 839.It Va natd_enable 840.Pq Vt bool 841Set to 842.Dq Li YES 843to enable 844.Xr natd 8 . 845.Va firewall_enable 846must also be set to 847.Dq Li YES , 848and 849.Xr divert 4 850sockets must be enabled in the kernel. 851If the kernel was not built with 852.Cd "options IPDIVERT" , 853the 854.Pa ipdivert.ko 855kernel module will be loaded. 856.It Va natd_interface 857.Pq Vt str 858This is the name of the public interface on which 859.Xr natd 8 860should run. 861The interface may be given as an interface name or as an IP address. 862.It Va natd_flags 863.Pq Vt str 864Additional 865.Xr natd 8 866flags should be placed here. 867The 868.Fl n 869or 870.Fl a 871flag is automatically added with the above 872.Va natd_interface 873as an argument. 874.\" ----- ipfilter_enable setting -------------------------------- 875.It Va ipfilter_enable 876.Pq Vt bool 877Set to 878.Dq Li NO 879by default. 880Setting this to 881.Dq Li YES 882enables 883.Xr ipf 8 884packet filtering. 885.Pp 886Typical usage will require putting 887.Bd -literal 888ipfilter_enable="YES" 889ipnat_enable="YES" 890ipmon_enable="YES" 891ipfs_enable="YES" 892.Ed 893.Pp 894into 895.Pa /etc/rc.conf 896and editing 897.Pa /etc/ipf.rules 898and 899.Pa /etc/ipnat.rules 900appropriately. 901.Pp 902Note that 903.Va ipfilter_enable 904and 905.Va ipnat_enable 906can be enabled independently. 907.Va ipmon_enable 908and 909.Va ipfs_enable 910both require at least one of 911.Va ipfilter_enable 912and 913.Va ipnat_enable 914to be enabled. 915.Pp 916Having 917.Bd -literal 918options IPFILTER 919options IPFILTER_LOG 920options IPFILTER_DEFAULT_BLOCK 921.Ed 922.Pp 923in the kernel configuration file is a good idea, too. 924.\" ----- ipfilter_program setting ------------------------------ 925.It Va ipfilter_program 926.Pq Vt str 927Path to 928.Xr ipf 8 929(default 930.Pa /sbin/ipf ) . 931.\" ----- ipfilter_rules setting -------------------------------- 932.It Va ipfilter_rules 933.Pq Vt str 934Set to 935.Pa /etc/ipf.rules 936by default. 937This variable contains the name of the filter rule definition file. 938The file is expected to be readable for the 939.Xr ipf 8 940command to execute. 941.\" ----- ipfilter_flags setting -------------------------------- 942.It Va ipfilter_flags 943.Pq Vt str 944Empty by default. 945This variable contains flags passed to the 946.Xr ipf 8 947program. 948.\" ----- ipnat_enable setting ---------------------------------- 949.It Va ipnat_enable 950.Pq Vt bool 951Set to 952.Dq Li NO 953by default. 954Set it to 955.Dq Li YES 956to enable 957.Xr ipnat 8 958network address translation. 959See 960.Va ipfilter_enable 961for a detailed discussion. 962.\" ----- ipnat_program setting --------------------------------- 963.It Va ipnat_program 964.Pq Vt str 965Path to 966.Xr ipnat 8 967(default 968.Pa /sbin/ipnat ) . 969.\" ----- ipnat_rules setting ----------------------------------- 970.It Va ipnat_rules 971.Pq Vt str 972Set to 973.Pa /etc/ipnat.rules 974by default. 975This variable contains the name of the file 976holding the network address translation definition. 977This file is expected to be readable for the 978.Xr ipnat 8 979command to execute. 980.\" ----- ipnat_flags setting ----------------------------------- 981.It Va ipnat_flags 982.Pq Vt str 983Empty by default. 984This variable contains flags passed to the 985.Xr ipnat 8 986program. 987.\" ----- ipmon_enable setting ---------------------------------- 988.It Va ipmon_enable 989.Pq Vt bool 990Set to 991.Dq Li NO 992by default. 993Set it to 994.Dq Li YES 995to enable 996.Xr ipmon 8 997monitoring (logging 998.Xr ipf 8 999and 1000.Xr ipnat 8 1001events). 1002Setting this variable needs setting 1003.Va ipfilter_enable 1004or 1005.Va ipnat_enable 1006too. 1007See 1008.Va ipfilter_enable 1009for a detailed discussion. 1010.\" ----- ipmon_program setting --------------------------------- 1011.It Va ipmon_program 1012.Pq Vt str 1013Path to 1014.Xr ipmon 8 1015(default 1016.Pa /sbin/ipmon ) . 1017.\" ----- ipmon_flags setting ----------------------------------- 1018.It Va ipmon_flags 1019.Pq Vt str 1020Set to 1021.Dq Li -Ds 1022by default. 1023This variable contains flags passed to the 1024.Xr ipmon 8 1025program. 1026Another typical example would be 1027.Dq Fl D Pa /var/log/ipflog 1028to have 1029.Xr ipmon 8 1030log directly to a file bypassing 1031.Xr syslogd 8 . 1032Make sure to adjust 1033.Pa /etc/newsyslog.conf 1034in such case like this: 1035.Bd -literal 1036/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 1037.Ed 1038.\" ----- ipfs_enable setting ----------------------------------- 1039.It Va ipfs_enable 1040.Pq Vt bool 1041Set to 1042.Dq Li NO 1043by default. 1044Set it to 1045.Dq Li YES 1046to enable 1047.Xr ipfs 8 1048saving the filter and NAT state tables during shutdown 1049and reloading them during startup again. 1050Setting this variable needs setting 1051.Va ipfilter_enable 1052or 1053.Va ipnat_enable 1054to 1055.Dq Li YES 1056too. 1057See 1058.Va ipfilter_enable 1059for a detailed discussion. 1060Note that if 1061.Va kern_securelevel 1062is set to 3, 1063.Va ipfs_enable 1064cannot be used 1065because the raised securelevel will prevent 1066.Xr ipfs 8 1067from saving the state tables at shutdown time. 1068.\" ----- ipfs_program setting ---------------------------------- 1069.It Va ipfs_program 1070.Pq Vt str 1071Path to 1072.Xr ipfs 8 1073(default 1074.Pa /sbin/ipfs ) . 1075.\" ----- ipfs_flags setting ------------------------------------ 1076.It Va ipfs_flags 1077.Pq Vt str 1078Empty by default. 1079This variable contains flags passed to the 1080.Xr ipfs 8 1081program. 1082.\" ----- end of added ipf hook --------------------------------- 1083.It Va pf_enable 1084.Pq Vt bool 1085Set to 1086.Dq Li NO 1087by default. 1088Setting this to 1089.Dq Li YES 1090enables 1091.Xr pf 4 1092packet filtering. 1093.Pp 1094Typical usage will require putting 1095.Pp 1096.Dl pf_enable="YES" 1097.Pp 1098into 1099.Pa /etc/rc.conf 1100and editing 1101.Pa /etc/pf.conf 1102appropriately. 1103Adding 1104.Pp 1105.Dl "device pf" 1106.Pp 1107builds support for 1108.Xr pf 4 1109into the kernel, otherwise the 1110kernel module will be loaded. 1111.It Va pf_rules 1112.Pq Vt str 1113Path to 1114.Xr pf 4 1115ruleset configuration file 1116(default 1117.Pa /etc/pf.conf ) . 1118.It Va pf_program 1119.Pq Vt str 1120Path to 1121.Xr pfctl 8 1122(default 1123.Pa /sbin/pfctl ) . 1124.It Va pf_flags 1125.Pq Vt str 1126If 1127.Va pf_enable 1128is set to 1129.Dq Li YES , 1130these flags are passed to the 1131.Xr pfctl 8 1132program when loading the ruleset. 1133.It Va pf_fallback_rules_enable 1134.Pq Vt bool 1135Set to 1136.Dq Li NO 1137by default. 1138Setting this to 1139.Dq Li YES 1140enables loading 1141.Va pf_fallback_rules_file 1142or 1143.Va pf_fallback_rules 1144in case of a problem when loading the ruleset in 1145.Va pf_rules . 1146.It Va pf_fallback_rules_file 1147.Pq Vt str 1148Path to a pf ruleset to load in case of failure when loading the 1149ruleset in 1150.Va pf_rules 1151(default 1152.Pa /etc/pf-fallback.conf ) . 1153.It Va pf_fallback_rules 1154.Pq Vt str 1155A pf ruleset to load in case of failure when loading the ruleset in 1156.Va pf_rules 1157and 1158.Va pf_fallback_rules_file 1159is not found. 1160Multiple rules can be set as follows: 1161.Bd -literal 1162pf_fallback_rules="\\ 1163 block drop log all\\ 1164 pass in quick on em0" 1165.Pp 1166.Ed 1167The default fallback rule is 1168.Dq block drop log all 1169.It Va pflog_enable 1170.Pq Vt bool 1171Set to 1172.Dq Li NO 1173by default. 1174Setting this to 1175.Dq Li YES 1176enables 1177.Xr pflogd 8 1178which logs packets from the 1179.Xr pf 4 1180packet filter. 1181.It Va pflog_logfile 1182.Pq Vt str 1183If 1184.Va pflog_enable 1185is set to 1186.Dq Li YES 1187this controls where 1188.Xr pflogd 8 1189stores the logfile 1190(default 1191.Pa /var/log/pflog ) . 1192Check 1193.Pa /etc/newsyslog.conf 1194to adjust logfile rotation for this. 1195.It Va pflog_program 1196.Pq Vt str 1197Path to 1198.Xr pflogd 8 1199(default 1200.Pa /sbin/pflogd ) . 1201.It Va pflog_flags 1202.Pq Vt str 1203Empty by default. 1204This variable contains additional flags passed to the 1205.Xr pflogd 8 1206program. 1207.It Va pflog_instances 1208.Pq Vt str 1209If logging to more than one 1210.Xr pflog 4 1211interface is desired, 1212.Va pflog_instances 1213is set to the list of 1214.Xr pflogd 8 1215instances that should be started at system boot time. 1216If 1217.Va pflog_instances 1218is set, for each whitespace-separated 1219.Ar element 1220in the list, 1221.Ao Ar element Ac Ns Va _dev 1222and 1223.Ao Ar element Ac Ns Va _logfile 1224elements are assumed to exist. 1225.Ao Ar element Ac Ns Va _dev 1226must contain the 1227.Xr pflog 4 1228interface to be watched by the named 1229.Xr pflogd 8 1230instance. 1231.Ao Ar element Ac Ns Va _logfile 1232must contain the name of the logfile that will be used by the 1233.Xr pflogd 8 1234instance. 1235.It Va ftpproxy_enable 1236.Pq Vt bool 1237Set to 1238.Dq Li NO 1239by default. 1240Setting this to 1241.Dq Li YES 1242enables 1243.Xr ftp-proxy 8 1244which supports the 1245.Xr pf 4 1246packet filter in translating ftp connections. 1247.It Va ftpproxy_flags 1248.Pq Vt str 1249Empty by default. 1250This variable contains additional flags passed to the 1251.Xr ftp-proxy 8 1252program. 1253.It Va ftpproxy_instances 1254.Pq Vt str 1255Empty by default. 1256If multiple instances of 1257.Xr ftp-proxy 8 1258are desired at boot time, 1259.Va ftpproxy_instances 1260should contain a whitespace-separated list of instance names. 1261For each 1262.Ar element 1263in the list, a variable named 1264.Ao Ar element Ac Ns Va _flags 1265should be defined, containing the command-line flags to be passed to the 1266.Xr ftp-proxy 8 1267instance. 1268.It Va pfsync_enable 1269.Pq Vt bool 1270Set to 1271.Dq Li NO 1272by default. 1273Setting this to 1274.Dq Li YES 1275enables exposing 1276.Xr pf 4 1277state changes to other hosts over the network by means of 1278.Xr pfsync 4 . 1279The 1280.Va pfsync_syncdev 1281variable 1282must also be set then. 1283.It Va pfsync_syncdev 1284.Pq Vt str 1285Empty by default. 1286This variable specifies the name of the network interface 1287.Xr pfsync 4 1288should operate through. 1289It must be set accordingly if 1290.Va pfsync_enable 1291is set to 1292.Dq Li YES . 1293.It Va pfsync_syncpeer 1294.Pq Vt str 1295Empty by default. 1296This variable is optional. 1297By default, state change messages are sent out on the synchronisation 1298interface using IP multicast packets. 1299The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1300224.0.0.240. 1301When a peer address is specified using the 1302.Va pfsync_syncpeer 1303option, the peer address is used as a destination for the pfsync 1304traffic, and the traffic can then be protected using 1305.Xr ipsec 4 . 1306See the 1307.Xr pfsync 4 1308manpage for more details about using 1309.Xr ipsec 4 1310with 1311.Xr pfsync 4 1312interfaces. 1313.It Va pfsync_ifconfig 1314.Pq Vt str 1315Empty by default. 1316This variable can contain additional options to be passed to the 1317.Xr ifconfig 8 1318command used to set up 1319.Xr pfsync 4 . 1320.It Va tcp_extensions 1321.Pq Vt bool 1322Set to 1323.Dq Li YES 1324by default. 1325Setting this to 1326.Dq Li NO 1327disables certain TCP options as described by 1328.Rs 1329.%T "RFC 1323" 1330.Re 1331Setting this to 1332.Dq Li NO 1333might help remedy such problems with connections as randomly hanging 1334or other weird behavior. 1335Some network devices are known 1336to be broken with respect to these options. 1337.It Va log_in_vain 1338.Pq Vt int 1339Set to 0 by default. 1340The 1341.Xr sysctl 8 1342variables, 1343.Va net.inet.tcp.log_in_vain 1344and 1345.Va net.inet.udp.log_in_vain , 1346as described in 1347.Xr tcp 4 1348and 1349.Xr udp 4 , 1350are set to the given value. 1351.It Va tcp_keepalive 1352.Pq Vt bool 1353Set to 1354.Dq Li YES 1355by default. 1356Setting to 1357.Dq Li NO 1358will disable probing idle TCP connections to verify that the 1359peer is still up and reachable. 1360.It Va tcp_drop_synfin 1361.Pq Vt bool 1362Set to 1363.Dq Li NO 1364by default. 1365Setting to 1366.Dq Li YES 1367will cause the kernel to ignore TCP frames that have both 1368the SYN and FIN flags set. 1369This prevents OS fingerprinting, but may 1370break some legitimate applications. 1371.It Va icmp_drop_redirect 1372.Pq Vt bool 1373Set to 1374.Dq Li AUTO 1375by default. 1376This setting will be identical to 1377.Dq Li YES , 1378if a dynamic routing daemon is enabled, because redirect processing may 1379cause performance issues for large routing tables. 1380If no such service is enabled, this setting behaves like a 1381.Dq Li NO . 1382Setting to 1383.Dq Li YES 1384will cause the kernel to ignore ICMP REDIRECT packets. 1385Setting to 1386.Dq Li NO 1387will cause the kernel to process ICMP REDIRECT packets. 1388Refer to 1389.Xr icmp 4 1390for more information. 1391.It Va icmp_log_redirect 1392.Pq Vt bool 1393Set to 1394.Dq Li NO 1395by default. 1396Setting to 1397.Dq Li YES 1398will cause the kernel to log ICMP REDIRECT packets. 1399Note that 1400the log messages are not rate-limited, so this option should only be used 1401for troubleshooting networks. 1402Refer to 1403.Xr icmp 4 1404for more information. 1405.It Va icmp_bmcastecho 1406.Pq Vt bool 1407Set to 1408.Dq Li YES 1409to respond to broadcast or multicast ICMP ping packets. 1410Refer to 1411.Xr icmp 4 1412for more information. 1413.It Va ip_portrange_first 1414.Pq Vt int 1415If not set to 1416.Dq Li NO , 1417this is the first port in the default portrange. 1418Refer to 1419.Xr ip 4 1420for more information. 1421.It Va ip_portrange_last 1422.Pq Vt int 1423If not set to 1424.Dq Li NO , 1425this is the last port in the default portrange. 1426Refer to 1427.Xr ip 4 1428for more information. 1429.It Va network_interfaces 1430.Pq Vt str 1431Set to the list of network interfaces to configure on this host or 1432.Dq Li AUTO 1433(the default) for all current interfaces. 1434Setting the 1435.Va network_interfaces 1436variable to anything other than the default is deprecated. 1437Interfaces that the administrator wishes to store configuration for, 1438but not start at boot should be configured with the 1439.Dq Li NOAUTO 1440keyword in their 1441.Va ifconfig_ Ns Aq Ar interface 1442variables as described below. 1443.Pp 1444An 1445.Va ifconfig_ Ns Aq Ar interface 1446variable is assumed to exist for each value of 1447.Ar interface . 1448When an interface name contains any of the characters 1449.Dq Li .-/+ 1450they are translated to 1451.Dq Li _ 1452before lookup. 1453For example, the interface 1454.Va em0.102 1455would be configured using the variable 1456.Va ifconfig_em0_102 . 1457.Pp 1458The variable can contain arguments to 1459.Xr ifconfig 8 , 1460as well as special case-insensitive keywords described below. 1461Such keywords are removed before passing the value to 1462.Xr ifconfig 8 1463while the order of the other arguments is preserved. 1464.Pp 1465For example, to assign the IPv4 address 192.0.2.1/24 to the interface em0: 1466.Bd -literal 1467ifconfig_em0="inet 192.0.2.1/24 up" 1468.Ed 1469.Pp 1470If the variable 1471.Va ifconfig_ Ns Ao Ar interface Ac Ns Pa _ipv6 1472is set, then 1473.Va ifconfig_ Ns Aq Ar interface 1474does not need to be set unless an IPv4 address should also be assigned to 1475the interface. 1476.Pp 1477It is possible to add IP alias entries using 1478.Xr ifconfig 8 1479syntax with the address family keyword such as 1480.Li inet . 1481Assuming that the interface in question was 1482.Li em0 , 1483it might look something like this: 1484.Bd -literal 1485ifconfig_em0_alias0="inet 127.0.0.253/32" 1486ifconfig_em0_alias1="inet 127.0.0.254/32" 1487.Ed 1488.Pp 1489It also possible to configure multiple IP addresses in Classless 1490Inter-Domain Routing 1491.Pq CIDR 1492address notation, 1493whose each address component can be a range like 1494.Li inet 192.0.2.5-23/24 1495or 1496.Li inet6 2001:db8:1-f::1/64 . 1497This notation allows address and prefix length part only, 1498not the other address modifiers. 1499Note that the maximum number of the generated addresses from a range 1500specification is limited to an integer value specified in 1501.Va netif_ipexpand_max 1502in 1503.Nm 1504because a small typo can unexpectedly generate a large number of addresses. 1505The default value is 1506.Li 2048 . 1507It can be increased by adding the following line into 1508.Nm : 1509.Bd -literal 1510netif_ipexpand_max="4096" 1511.Ed 1512.Pp 1513In the case of 1514.Li 192.0.2.5-23/24 , 1515the address 192.0.2.5 will be configured with the prefix length /24 and the 1516addresses 192.0.2.6 to 192.0.2.23 with the non-conflicting prefix length /32 as 1517explained in the 1518.Xr ifconfig 8 1519alias section. 1520Note that this special CIDR handling is only for 1521.Li inet , 1522not for the other address families such as 1523.Li inet6 . 1524.Pp 1525With the interface in question being 1526.Li em0 , 1527an example could look like: 1528.Bd -literal 1529ifconfig_em0_alias2="inet 192.0.2.129/27" 1530ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1531.Ed 1532.Pp 1533and so on. 1534.Pp 1535Note that deprecated 1536.Va ipv4_addrs_ Ns Aq Ar interface 1537variable was supported for IPv4 CIDR address notation. 1538The 1539.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1540variable replaces it, though 1541.Va ipv4_addrs_ Ns Aq Ar interface 1542is still supported for backward compatibility. 1543.Pp 1544For each 1545.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1546entry with an address family keyword, 1547its contents are passed to 1548.Xr ifconfig 8 . 1549Execution stops at the first unsuccessful access, so if 1550something like this is present: 1551.Bd -literal 1552ifconfig_em0_alias0="inet 127.0.0.251/32" 1553ifconfig_em0_alias1="inet 127.0.0.252/32" 1554ifconfig_em0_alias2="inet 127.0.0.253/32" 1555ifconfig_em0_alias4="inet 127.0.0.254/32" 1556.Ed 1557.Pp 1558Then note that alias4 would 1559.Em not 1560be added since the search would 1561stop with the missing 1562.Dq Li alias3 1563entry. 1564Because of this difficult to manage behavior, 1565there is 1566.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1567variable, which has the same functionality as 1568.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1569and can have all of the entries in a variable like the following: 1570.Bd -literal 1571ifconfig_em0_aliases="\\ 1572 inet 127.0.0.251/32 \\ 1573 inet 127.0.0.252/32 \\ 1574 inet 127.0.0.253/32 \\ 1575 inet 127.0.0.254/32" 1576.Ed 1577.Pp 1578It also supports netmask notation for backward compatibility. 1579.Pp 1580If the 1581.Pa /etc/start_if . Ns Aq Ar interface 1582file is present, it is read and executed by the 1583.Xr sh 1 1584interpreter 1585before configuring the interface as specified in the 1586.Va ifconfig_ Ns Aq Ar interface 1587and 1588.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1589variables. 1590.Pp 1591If a 1592.Va vlans_ Ns Aq Ar interface 1593variable is set, 1594a 1595.Xr vlan 4 1596interface will be created for each item in the list with the 1597.Ar vlandev 1598argument set to 1599.Ar interface . 1600If a vlan interface's name is a number, 1601then that number is used as the vlan tag and the new vlan interface is 1602named 1603.Ar interface . Ns Ar tag . 1604Otherwise, 1605the vlan tag must be specified via a 1606.Va vlan 1607parameter in the 1608.Va create_args_ Ns Aq Ar interface 1609variable. 1610.Pp 1611To create a vlan device named 1612.Li em0.101 1613on 1614.Li em0 1615with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24: 1616.Bd -literal 1617vlans_em0="101" 1618ifconfig_em0_101="inet 192.0.2.1/24" 1619.Ed 1620.Pp 1621To create a vlan device named 1622.Li myvlan 1623on 1624.Li em0 1625with the vlan tag 102: 1626.Bd -literal 1627vlans_em0="myvlan" 1628create_args_myvlan="vlan 102" 1629.Ed 1630.Pp 1631If a 1632.Va wlans_ Ns Aq Ar interface 1633variable is set, 1634an 1635.Xr wlan 4 1636interface will be created for each item in the list with the 1637.Ar wlandev 1638argument set to 1639.Ar interface . 1640Further wlan cloning arguments may be passed to the 1641.Xr ifconfig 8 1642.Cm create 1643command by setting the 1644.Va create_args_ Ns Aq Ar interface 1645variable. 1646One or more 1647.Xr wlan 4 1648devices must be created for each wireless device as of 1649.Fx 8.0 . 1650Debugging flags for 1651.Xr wlan 4 1652devices as set by 1653.Xr wlandebug 8 1654may be specified with an 1655.Va wlandebug_ Ns Aq Ar interface 1656variable. 1657The contents of this variable will be passed directly to 1658.Xr wlandebug 8 . 1659.Pp 1660If the 1661.Va ifconfig_ Ns Aq Ar interface 1662contains the keyword 1663.Dq Li NOAUTO 1664then the interface will not be configured 1665at boot or by 1666.Pa /etc/pccard_ether 1667when 1668.Va network_interfaces 1669is set to 1670.Dq Li AUTO . 1671.Pp 1672It is possible to bring up an interface with DHCP by adding 1673.Dq Li DHCP 1674to the 1675.Va ifconfig_ Ns Aq Ar interface 1676variable. 1677For instance, to initialize the 1678.Li em0 1679device via DHCP, 1680it is possible to use something like: 1681.Bd -literal 1682ifconfig_em0="DHCP" 1683.Ed 1684.Pp 1685If you want to configure your wireless interface with 1686.Xr wpa_supplicant 8 1687for use with WPA, EAP/LEAP or WEP, you need to add 1688.Dq Li WPA 1689to the 1690.Va ifconfig_ Ns Aq Ar interface 1691variable. 1692.Pp 1693On the other hand, if you want to configure your wireless interface with 1694.Xr hostapd 8 , 1695you need to add 1696.Dq Li HOSTAP 1697to the 1698.Va ifconfig_ Ns Aq Ar interface 1699variable. 1700.Xr hostapd 8 1701will use the settings from 1702.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1703.Pp 1704Finally, you can add 1705.Xr ifconfig 8 1706options in this variable, in addition to the 1707.Pa /etc/start_if . Ns Aq Ar interface 1708file. 1709For instance, to configure an 1710.Xr ath 4 1711wireless device in station mode with an address obtained 1712via DHCP, using WPA authentication and 802.11b mode, it is 1713possible to use something like: 1714.Bd -literal 1715wlans_ath0="wlan0" 1716ifconfig_wlan0="DHCP WPA mode 11b" 1717.Ed 1718.Pp 1719In addition to the 1720.Va ifconfig_ Ns Aq Ar interface 1721form, a fallback variable 1722.Va ifconfig_DEFAULT 1723may be configured. 1724It will be used for all interfaces with no 1725.Va ifconfig_ Ns Aq Ar interface 1726variable. 1727.Pp 1728It is also possible to rename an interface by doing: 1729.Bd -literal 1730ifconfig_em0_name="net0" 1731ifconfig_net0="inet 192.0.2.1/24" 1732.Ed 1733.It Va ipv6_enable 1734.Pq Vt bool 1735This variable is deprecated. 1736Use 1737.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1738and 1739.Va ipv6_activate_all_interfaces 1740if necessary. 1741.Pp 1742If the variable is 1743.Dq Li YES , 1744.Dq Li inet6 accept_rtadv 1745is added to all of 1746.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1747and the 1748.Va ipv6_activate_all_interfaces 1749is defined as 1750.Dq Li YES . 1751.It Va ipv6_prefer 1752.Pq Vt bool 1753This variable is deprecated. 1754Use 1755.Va ip6addrctl_policy 1756instead. 1757.Pp 1758If the variable is 1759.Dq Li YES , 1760the default address selection policy table set by 1761.Xr ip6addrctl 8 1762will be IPv6-preferred. 1763.Pp 1764If the variable is 1765.Dq Li NO , 1766the default address selection policy table set by 1767.Xr ip6addrctl 8 1768will be IPv4-preferred. 1769.It Va ipv6_activate_all_interfaces 1770.Pq Vt bool 1771This controls initial configuration on IPv6-capable 1772interfaces with no corresponding 1773.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1774variable. 1775Note that it is not always necessary to set this variable to 1776.Dq YES 1777to use IPv6 functionality on 1778.Fx . 1779In most cases, just configuring 1780.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1781variables works. 1782.Pp 1783If the variable is 1784.Dq Li NO , 1785all interfaces which do not have a corresponding 1786.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1787variable will be marked as 1788.Dq Li IFDISABLED 1789at creation. 1790This means that all IPv6 functionality on that interface 1791is completely disabled to enforce a security policy. 1792If the variable is set to 1793.Dq YES , 1794the flag will be cleared on all of the interfaces. 1795.Pp 1796In most cases, just defining an 1797.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1798for an IPv6-capable interface should be sufficient. 1799However, if an interface is added dynamically 1800.Pq by some tunneling protocols such as PPP, for example , 1801it is often difficult to define the variable in advance. 1802In such a case, configuring the 1803.Dq Li IFDISABLED 1804flag can be disabled by setting this variable to 1805.Dq YES . 1806.Pp 1807For more details of the 1808.Dq Li IFDISABLED 1809flag and keywords 1810.Dq Li inet6 ifdisabled , 1811see 1812.Xr ifconfig 8 . 1813.Pp 1814Default is 1815.Dq Li NO . 1816.It Va ipv6_privacy 1817.Pq Vt bool 1818If the variable is 1819.Dq Li YES 1820privacy addresses will be generated for each IPv6 1821interface as described in RFC 4941. 1822.It Va ipv6_network_interfaces 1823.Pq Vt str 1824This is the IPv6 equivalent of 1825.Va network_interfaces . 1826Normally manual configuration of this variable is not needed. 1827.It Va ipv6_cpe_wanif 1828.Pq Vt str 1829If the variable is set to an interface name, 1830the 1831.Xr ifconfig 8 1832options 1833.Dq inet6 -no_radr accept_rtadv 1834will be added to the specified interface automatically before evaluating 1835.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1836and two 1837.Xr sysctl 8 1838variables 1839.Va net.inet6.ip6.rfc6204w3 1840and 1841.Va net.inet6.ip6.no_radr 1842will be set to 1. 1843.Pp 1844This means the specified interface will accept ICMPv6 Router 1845Advertisement messages on that link and add the discovered 1846routers into the Default Router List. 1847While the other interfaces can still accept RA messages if the 1848.Dq inet6 accept_rtadv 1849option is specified, adding 1850routes into the Default Router List will be disabled by 1851.Dq inet6 no_radr 1852option by default. 1853See 1854.Xr ifconfig 8 1855for more details. 1856.Pp 1857Note that ICMPv6 Router Advertisement messages will be 1858accepted even when 1859.Va net.inet6.ip6.forwarding 1860is 1 1861.Pq packet forwarding is enabled 1862when 1863.Va net.inet6.ip6.rfc6204w3 1864is set to 1. 1865.Pp 1866Default is 1867.Dq Li NO . 1868.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1869.Pq Vt str 1870This assigns arbitrary description to an interface. 1871The 1872.Xr sysctl 8 1873variable 1874.Va net.ifdescr_maxlen 1875limits its length. 1876This static setting may be overridden by commands 1877started with dynamic interface configuration utilities 1878like 1879.Xr dhclient 8 1880hooks. 1881The description can be seen with 1882.Xr ifconfig 8 1883command and it may be exported with 1884.Xr bsnmpd 1 1885daemon using its MIB-2 module. 1886.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1887.Pq Vt str 1888IPv6 functionality on an interface should be configured by 1889.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1890instead of setting ifconfig parameters in 1891.Va ifconfig_ Ns Aq Ar interface . 1892If this variable is empty, all IPv6 configurations on the 1893specified interface by other variables such as 1894.Va ipv6_prefix_ Ns Ao Ar interface Ac 1895will be ignored. 1896.Pp 1897Aliases should be set by 1898.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1899with 1900.Dq Li inet6 1901keyword. 1902For example: 1903.Bd -literal 1904ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1905ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1906.Ed 1907.Pp 1908Interfaces that have an 1909.Dq Li inet6 accept_rtadv 1910keyword in 1911.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1912setting will be automatically configured by SLAAC 1913.Pq StateLess Address AutoConfiguration 1914described in 1915.Rs 1916.%T "RFC 4862" 1917.Re 1918.Pp 1919Note that a link-local address will be automatically configured in 1920addition to the configured global-scope addresses because the IPv6 1921specifications require it on each link. 1922The address is calculated from the MAC address by using an algorithm 1923defined in 1924.Rs 1925.%T "RFC 4862" 1926.%O "Section 5.3" 1927.Re 1928.Pp 1929If only a link-local address is needed on the interface, 1930the following configuration can be used: 1931.Bd -literal 1932ifconfig_em0_ipv6="inet6 auto_linklocal" 1933.Ed 1934.Pp 1935A link-local address can also be configured manually. 1936This is useful for the default router address of an IPv6 router 1937so that it does not change when the network interface 1938card is replaced. 1939For example: 1940.Bd -literal 1941ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1942.Ed 1943.It Va ipv6_prefix_ Ns Aq Ar interface 1944.Pq Vt str 1945If one or more prefixes are defined in 1946.Va ipv6_prefix_ Ns Aq Ar interface 1947addresses based on each prefix and the EUI-64 interface index will be 1948configured on that interface. 1949Note that this variable will be ignored when 1950.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1951is empty. 1952.Pp 1953For example, the following configuration 1954.Bd -literal 1955ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1956.Ed 1957.Pp 1958is equivalent to the following: 1959.Bd -literal 1960ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1961ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1962ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1963ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1964.Ed 1965.Pp 1966These Subnet-Router anycast addresses will be added only when 1967.Va ipv6_gateway_enable 1968is YES. 1969.It Va ipv6_default_interface 1970.Pq Vt str 1971If not set to 1972.Dq Li NO , 1973this is the default output interface for scoped addresses. 1974This works only with ipv6_gateway_enable="NO". 1975.It Va ip6addrctl_enable 1976.Pq Vt bool 1977This variable is to enable configuring default address selection policy table 1978.Pq RFC 3484 . 1979The table can be specified in another variable 1980.Va ip6addrctl_policy . 1981For 1982.Va ip6addrctl_policy 1983the following keywords can be specified: 1984.Dq Li ipv4_prefer , 1985.Dq Li ipv6_prefer , 1986or 1987.Dq Li AUTO . 1988.Pp 1989If 1990.Dq Li ipv4_prefer 1991or 1992.Dq Li ipv6_prefer 1993is specified, 1994.Xr ip6addrctl 8 1995installs a pre-defined policy table described in Section 10.3 1996.Pq IPv4-preferred 1997or 2.1 1998.Pq IPv6-preferred 1999of RFC 3484. 2000.Pp 2001If 2002.Dq Li AUTO 2003is specified, it attempts to read a file 2004.Pa /etc/ip6addrctl.conf 2005first. 2006If this file is found, 2007.Xr ip6addrctl 8 2008reads and installs it. 2009If not found, a policy is automatically set 2010according to 2011.Va ipv6_activate_all_interfaces 2012variable; if the variable is set to 2013.Dq Li YES 2014the IPv6-preferred one is used. 2015Otherwise IPv4-preferred. 2016.Pp 2017The default value of 2018.Va ip6addrctl_enable 2019and 2020.Va ip6addrctl_policy 2021are 2022.Dq Li YES 2023and 2024.Dq Li AUTO , 2025respectively. 2026.It Va cloned_interfaces 2027.Pq Vt str 2028Set to the list of clonable network interfaces to create on this host. 2029Further cloning arguments may be passed to the 2030.Xr ifconfig 8 2031.Cm create 2032command for each interface by setting the 2033.Va create_args_ Ns Aq Ar interface 2034variable. 2035If an interface name is specified with 2036.Dq :sticky 2037keyword, 2038the interface will not be destroyed even when 2039.Pa rc.d/netif 2040script is invoked with 2041.Dq stop 2042argument. 2043This is useful when reconfiguring the interface without destroying it. 2044Entries in 2045.Va cloned_interfaces 2046are automatically appended to 2047.Va network_interfaces 2048for configuration. 2049.It Va cloned_interfaces_sticky 2050.Pq Vt bool 2051This variable is to globally enable functionality of 2052.Dq :sticky 2053keyword in 2054.Va cloned_interfaces 2055for all interfaces. 2056The default value is 2057.Dq NO . 2058Even if this variable is specified to 2059.Dq YES , 2060.Dq :nosticky 2061keyword can be used to override it on per interface basis. 2062.It Va gif_interfaces 2063Set to the list of 2064.Xr gif 4 2065tunnel interfaces to configure on this host. 2066A 2067.Va gifconfig_ Ns Aq Ar interface 2068variable is assumed to exist for each value of 2069.Ar interface . 2070The value of this variable is used to configure the link layer of the 2071tunnel using the 2072.Cm tunnel 2073option to 2074.Xr ifconfig 8 . 2075Additionally, this option ensures that each listed interface is created 2076via the 2077.Cm create 2078option to 2079.Xr ifconfig 8 2080before attempting to configure it. 2081.Pp 2082For example, configure two 2083.Xr gif 4 2084interfaces with: 2085.Bd -literal 2086gif_interfaces="gif0 gif1" 2087gifconfig_gif0="100.64.0.1 100.64.0.2" 2088ifconfig_gif0="inet 10.0.0.1/30 10.0.0.2" 2089gifconfig_gif1="inet6 2a00::1 2a01::1" 2090ifconfig_gif1="inet 10.1.0.1/30 10.1.0.2" 2091.Ed 2092.It Va ppp_enable 2093.Pq Vt bool 2094If set to 2095.Dq Li YES , 2096run the 2097.Xr ppp 8 2098daemon. 2099.It Va ppp_profile 2100.Pq Vt str 2101The name of the profile to use from 2102.Pa /etc/ppp/ppp.conf . 2103Also used for per-profile overrides of 2104.Va ppp_mode 2105and 2106.Va ppp_nat , 2107and 2108.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2109When the profile name contains any of the characters 2110.Dq Li .-/+ 2111they are translated to 2112.Dq Li _ 2113for the proposes of the override variable names. 2114.It Va ppp_mode 2115.Pq Vt str 2116Mode in which to run the 2117.Xr ppp 8 2118daemon. 2119.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2120.Pq Vt str 2121Overrides the global 2122.Va ppp_mode 2123for 2124.Ar profile . 2125Accepted modes are 2126.Dq Li auto , 2127.Dq Li ddial , 2128.Dq Li direct 2129and 2130.Dq Li dedicated . 2131See the manual for a full description. 2132.It Va ppp_nat 2133.Pq Vt bool 2134If set to 2135.Dq Li YES , 2136enables network address translation. 2137Used in conjunction with 2138.Va gateway_enable 2139allows hosts on private network addresses access to the Internet using 2140this host as a network address translating router. 2141Default is 2142.Dq Li YES . 2143.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2144.Pq Vt str 2145Overrides the global 2146.Va ppp_nat 2147for 2148.Ar profile . 2149.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2150.Pq Vt int 2151Set the unit number to be used for this profile. 2152See the manual description of 2153.Fl unit Ns Ar N 2154for details. 2155.It Va ppp_user 2156.Pq Vt str 2157The name of the user under which 2158.Xr ppp 8 2159should be started. 2160By 2161default, 2162.Xr ppp 8 2163is started as 2164.Dq Li root . 2165.It Va rc_conf_files 2166.Pq Vt str 2167This option is used to specify a list of files that will override 2168the settings in 2169.Pa /etc/defaults/rc.conf . 2170The files will be read in the order in which they are specified and should 2171include the full path to the file. 2172By default, the files specified are 2173.Pa /etc/rc.conf 2174and 2175.Pa /etc/rc.conf.local . 2176.It Va zfs_enable 2177.Pq Vt bool 2178If set to 2179.Dq Li YES , 2180.Pa /etc/rc.d/zfs 2181will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2182(ZVOLs). 2183.It Va zpool_reguid 2184.Pq Vt str 2185A space-separated list of ZFS pool names for which new pool GUIDs should be 2186assigned upon first boot. 2187This is useful when using a ZFS pool copied from a template, such as a virtual 2188machine image. 2189.It Va zpool_upgrade 2190.Pq Vt str 2191A space-separated list of ZFS pool names for which the version should be 2192upgraded upon first boot. 2193This is useful when using a ZFS pool generated by the 2194.Xr makefs 8 2195utility. 2196.It Va gptboot_enable 2197.Pq Vt bool 2198If set to 2199.Dq Li YES , 2200.Pa /etc/rc.d/gptboot 2201will log if the system successfully (or not) booted from a GPT partition, 2202which had the 2203.Ar bootonce 2204attribute set using 2205.Xr gpart 8 2206utility. 2207.It Va geli_devices 2208.Pq Vt str 2209List of devices to automatically attach on boot. 2210Note that .eli devices from 2211.Pa /etc/fstab 2212are automatically appended to this list. 2213.It Va geli_groups 2214.Pq Vt str 2215List of groups containing devices to automatically attach on boot with the same 2216keyfiles and passphrase. 2217This must be accompanied with a corresponding 2218.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2219variable. 2220.It Va geli_tries 2221.Pq Vt int 2222Number of times user is asked for the pass-phrase. 2223If empty, it will be taken from 2224.Va kern.geom.eli.tries 2225sysctl variable. 2226.It Va geli_default_flags 2227.Pq Vt str 2228Default flags to use by 2229.Xr geli 8 2230when configuring disk encryption. 2231Flags can be configured for every device separately by defining the 2232.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2233variable, and for every group separately by defining the 2234.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2235variable. 2236.It Va geli_autodetach 2237.Pq Vt str 2238Specifies if GELI devices should be marked for detach on last close after 2239file systems are mounted. 2240Default is 2241.Dq Li YES . 2242This can be changed for every device separately by defining the 2243.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2244variable. 2245.It Va root_rw_mount 2246.Pq Vt bool 2247Set to 2248.Dq Li YES 2249by default. 2250After the file systems are checked at boot time, the root file system 2251is remounted as read-write if this is set to 2252.Dq Li YES . 2253Diskless systems that mount their root file system from a read-only remote 2254NFS share should set this to 2255.Dq Li NO 2256in their 2257.Pa rc.conf . 2258.It Va fsck_y_enable 2259.Pq Vt bool 2260If set to 2261.Dq Li YES , 2262.Xr fsck 8 2263will be run with the 2264.Fl y 2265flag if the initial preen 2266of the file systems fails. 2267.It Va background_fsck 2268.Pq Vt bool 2269If set to 2270.Dq Li NO , 2271the system will not attempt to run 2272.Xr fsck 8 2273in the background where possible. 2274.It Va background_fsck_delay 2275.Pq Vt int 2276The amount of time in seconds to sleep before starting a background 2277.Xr fsck 8 . 2278It defaults to sixty seconds to allow large applications such as 2279the X server to start before disk I/O bandwidth is monopolized by 2280.Xr fsck 8 . 2281If set to a negative number, the background file system check will be 2282delayed indefinitely to allow the administrator to run it at a more 2283convenient time. 2284For example it may be run from 2285.Xr cron 8 2286by adding a line like 2287.Pp 2288.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2289.Pp 2290to 2291.Pa /etc/crontab . 2292.It Va netfs_types 2293.Pq Vt str 2294List of file system types that are network-based. 2295This list should generally not be modified by end users. 2296Use 2297.Va extra_netfs_types 2298instead. 2299.It Va extra_netfs_types 2300.Pq Vt str 2301If set to something other than 2302.Dq Li NO 2303(the default), 2304this variable extends the list of file system types 2305for which automatic mounting at startup by 2306.Xr rc 8 2307should be delayed until the network is initialized. 2308It should contain 2309a whitespace-separated list of network file system descriptor pairs, 2310each consisting of a file system type as passed to 2311.Xr mount 8 2312and a human-readable, one-word description, 2313joined with a colon 2314.Pq Ql \&: . 2315Extending the default list in this way is only necessary 2316when third party file system types are used. 2317.It Va syslogd_enable 2318.Pq Vt bool 2319If set to 2320.Dq Li YES , 2321run the 2322.Xr syslogd 8 2323daemon. 2324Note, the 2325.Va syslogd_oomprotect 2326variable is set to 2327.Dq Li YES 2328by default in 2329.Pa /etc/defaults/rc.conf . 2330.It Va syslogd_program 2331.Pq Vt str 2332Path to 2333.Xr syslogd 8 2334(default 2335.Pa /usr/sbin/syslogd ) . 2336.It Va syslogd_flags 2337.Pq Vt str 2338If 2339.Va syslogd_enable 2340is set to 2341.Dq Li YES , 2342these are the flags to pass to 2343.Xr syslogd 8 . 2344.It Va inetd_enable 2345.Pq Vt bool 2346If set to 2347.Dq Li YES , 2348run the 2349.Xr inetd 8 2350daemon. 2351.It Va inetd_program 2352.Pq Vt str 2353Path to 2354.Xr inetd 8 2355(default 2356.Pa /usr/sbin/inetd ) . 2357.It Va inetd_flags 2358.Pq Vt str 2359If 2360.Va inetd_enable 2361is set to 2362.Dq Li YES , 2363these are the flags to pass to 2364.Xr inetd 8 . 2365.It Va hastd_enable 2366.Pq Vt bool 2367If set to 2368.Dq Li YES , 2369run the 2370.Xr hastd 8 2371daemon. 2372.It Va hastd_program 2373.Pq Vt str 2374Path to 2375.Xr hastd 8 2376(default 2377.Pa /sbin/hastd ) . 2378.It Va hastd_flags 2379.Pq Vt str 2380If 2381.Va hastd_enable 2382is set to 2383.Dq Li YES , 2384these are the flags to pass to 2385.Xr hastd 8 . 2386.It Va local_unbound_enable 2387.Pq Vt bool 2388If set to 2389.Dq Li YES , 2390run the 2391.Xr unbound 8 2392daemon as a local caching DNS resolver. 2393Note, the 2394.Va local_unbound_oomprotect 2395variable is set to 2396.Dq Li YES 2397by default in 2398.Pa /etc/defaults/rc.conf . 2399.It Va nscd_enable 2400.Pq Vt bool 2401Set to 2402.Dq Li YES 2403to start the 2404.Xr nscd 8 2405caching daemon for the 2406.Nm nsswitch 2407subsystem. 2408.It Va nscd_flags 2409.Pq Vt str 2410If 2411.Va nscd_enable 2412is set to 2413.Dq Li YES , 2414these flags are passed to 2415.Xr nscd 8 . 2416.It Va kdc_enable 2417.Pq Vt bool 2418Set to 2419.Dq Li YES 2420to start a Kerberos 5 authentication server 2421at boot time. 2422.It Va kdc_program 2423.Pq Vt str 2424If 2425.Va kdc_enable 2426is set to 2427.Dq Li YES 2428this is the path to Kerberos 5 Authentication Server. 2429.It Va kdc_flags 2430.Pq Vt str 2431Empty by default. 2432This variable contains additional flags to be passed to the Kerberos 5 2433authentication server. 2434.It Va kadmind_enable 2435.Pq Vt bool 2436Set to 2437.Dq Li YES 2438to start 2439.Xr kadmind 8 , 2440the Kerberos 5 Administration Daemon; set to 2441.Dq Li NO 2442on a slave server. 2443.It Va kadmind_program 2444.Pq Vt str 2445If 2446.Va kadmind_enable 2447is set to 2448.Dq Li YES 2449this is the path to Kerberos 5 Administration Daemon. 2450.It Va kpasswdd_enable 2451.Pq Vt bool 2452Set to 2453.Dq Li YES 2454to start 2455.Xr kpasswdd 8 , 2456the Kerberos 5 Password-Changing Daemon; set to 2457.Dq Li NO 2458on a slave server. 2459.It Va kpasswdd_program 2460.Pq Vt str 2461If 2462.Va kpasswdd_enable 2463is set to 2464.Dq Li YES 2465this is the path to Kerberos 5 Password-Changing Daemon. 2466.It Va kfd_enable 2467.Pq Vt bool 2468Set to 2469.Dq Li YES 2470to start 2471.Xr kfd 8 , 2472the Kerberos 5 ticket forwarding daemon, at the boot time. 2473.It Va kfd_program 2474.Pq Vt str 2475Path to 2476.Xr kfd 8 2477(default 2478.Pa /usr/libexec/kfd ) . 2479.It Va rwhod_enable 2480.Pq Vt bool 2481If set to 2482.Dq Li YES , 2483run the 2484.Xr rwhod 8 2485daemon at boot time. 2486.It Va rwhod_flags 2487.Pq Vt str 2488If 2489.Va rwhod_enable 2490is set to 2491.Dq Li YES , 2492these are the flags to pass to it. 2493.It Va update_motd 2494.Pq Vt bool 2495If set to 2496.Dq Li YES , 2497.Pa /var/run/motd 2498will be updated at boot time to reflect the kernel release 2499being run. 2500If set to 2501.Dq Li NO , 2502.Pa /var/run/motd 2503will not be updated. 2504.It Va nfs_client_enable 2505.Pq Vt bool 2506If set to 2507.Dq Li YES , 2508run the NFS client daemons at boot time. 2509.It Va nfs_access_cache 2510.Pq Vt int 2511If 2512.Va nfs_client_enable 2513is set to 2514.Dq Li YES , 2515this can be set to 2516.Dq Li 0 2517to disable NFS ACCESS RPC caching, or to the number of seconds for which 2518NFS ACCESS 2519results should be cached. 2520A value of 2-10 seconds will substantially reduce network 2521traffic for many NFS operations. 2522.It Va nfs_server_enable 2523.Pq Vt bool 2524If set to 2525.Dq Li YES , 2526run the NFS server daemons at boot time. 2527.It Va nfs_server_flags 2528.Pq Vt str 2529If 2530.Va nfs_server_enable 2531is set to 2532.Dq Li YES , 2533these are the flags to pass to the 2534.Xr nfsd 8 2535daemon. 2536.It Va nfsv4_server_enable 2537.Pq Vt bool 2538If 2539.Va nfs_server_enable 2540is set to 2541.Dq Li YES 2542and 2543.Va nfsv4_server_enable 2544is set to 2545.Dq Li YES , 2546enable the server for NFSv4 as well as NFSv2 and NFSv3. 2547.It Va nfsv4_server_only 2548.Pq Vt bool 2549If 2550.Va nfs_server_enable 2551is set to 2552.Dq Li YES 2553and 2554.Va nfsv4_server_only 2555is set to 2556.Dq Li YES , 2557enable the NFS server for NFSv4 only. 2558.It Va nfs_server_maxio 2559.Pq Vt int 2560value to set vfs.nfsd.srvmaxio to, which is the 2561maximum I/O size for the NFS server. 2562.It Va tlsclntd_enable 2563.Pq Vt bool 2564If set to 2565.Dq Li YES , 2566run the 2567.Xr rpc.tlsclntd 8 2568daemon, which is needed for NFS-over-TLS NFS mounts. 2569.It Va tlsservd_enable 2570.Pq Vt bool 2571If set to 2572.Dq Li YES , 2573run the 2574.Xr rpc.tlsservd 8 2575daemon, which is needed for the 2576.Xr nfsd 8 2577to support NFS-over-TLS NFS mounts. 2578.It Va nfsuserd_enable 2579.Pq Vt bool 2580If 2581.Va nfsuserd_enable 2582is set to 2583.Dq Li YES , 2584run the nfsuserd daemon, which is needed for NFSv4 in order 2585to map between user/group names vs uid/gid numbers. 2586If 2587.Va nfsv4_server_enable 2588is set to 2589.Dq Li YES , 2590this will be forced enabled. 2591.It Va nfsuserd_flags 2592.Pq Vt str 2593If 2594.Va nfsuserd_enable 2595is set to 2596.Dq Li YES , 2597these are the flags to pass to the 2598.Xr nfsuserd 8 2599daemon. 2600.It Va nfscbd_enable 2601.Pq Vt bool 2602If 2603.Va nfscbd_enable 2604is set to 2605.Dq Li YES , 2606run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2607.It Va nfscbd_flags 2608.Pq Vt str 2609If 2610.Va nfscbd_enable 2611is set to 2612.Dq Li YES , 2613these are the flags to pass to the 2614.Xr nfscbd 8 2615daemon. 2616.It Va mountd_enable 2617.Pq Vt bool 2618If set to 2619.Dq Li YES , 2620and no 2621.Va nfs_server_enable 2622is set, start 2623.Xr mountd 8 , 2624but not 2625.Xr nfsd 8 2626daemon. 2627It is commonly needed to run CFS without real NFS used. 2628.It Va mountd_flags 2629.Pq Vt str 2630If 2631.Va mountd_enable 2632is set to 2633.Dq Li YES , 2634these are the flags to pass to the 2635.Xr mountd 8 2636daemon. 2637.It Va weak_mountd_authentication 2638.Pq Vt bool 2639If set to 2640.Dq Li YES , 2641allow services like PCNFSD to make non-privileged mount 2642requests. 2643.It Va nfs_reserved_port_only 2644.Pq Vt bool 2645If set to 2646.Dq Li YES , 2647provide NFS services only on a secure port. 2648.It Va nfs_bufpackets 2649.Pq Vt int 2650If set to a number, indicates the number of packets worth of 2651socket buffer space to reserve on an NFS client. 2652The kernel default is typically 4. 2653Using a higher number may be 2654useful on gigabit networks to improve performance. 2655The minimum value is 26562 and the maximum is 64. 2657.It Va rpc_lockd_enable 2658.Pq Vt bool 2659If set to 2660.Dq Li YES 2661and also an NFS server or client, run 2662.Xr rpc.lockd 8 2663at boot time. 2664.It Va rpc_lockd_flags 2665.Pq Vt str 2666If 2667.Va rpc_lockd_enable 2668is set to 2669.Dq Li YES , 2670these are the flags to pass to the 2671.Xr rpc.lockd 8 2672daemon. 2673.It Va rpc_statd_enable 2674.Pq Vt bool 2675If set to 2676.Dq Li YES 2677and also an NFS server or client, run 2678.Xr rpc.statd 8 2679at boot time. 2680.It Va rpc_statd_flags 2681.Pq Vt str 2682If 2683.Va rpc_statd_enable 2684is set to 2685.Dq Li YES , 2686these are the flags to pass to the 2687.Xr rpc.statd 8 2688daemon. 2689.It Va rpcbind_program 2690.Pq Vt str 2691Path to 2692.Xr rpcbind 8 2693(default 2694.Pa /usr/sbin/rpcbind ) . 2695.It Va rpcbind_enable 2696.Pq Vt bool 2697If set to 2698.Dq Li YES , 2699run the 2700.Xr rpcbind 8 2701service at boot time. 2702.It Va rpcbind_flags 2703.Pq Vt str 2704If 2705.Va rpcbind_enable 2706is set to 2707.Dq Li YES , 2708these are the flags to pass to the 2709.Xr rpcbind 8 2710daemon. 2711.It Va keyserv_enable 2712.Pq Vt bool 2713If set to 2714.Dq Li YES , 2715run the 2716.Xr keyserv 8 2717daemon on boot for running Secure RPC. 2718.It Va keyserv_flags 2719.Pq Vt str 2720If 2721.Va keyserv_enable 2722is set to 2723.Dq Li YES , 2724these are the flags to pass to 2725.Xr keyserv 8 2726daemon. 2727.It Va pppoed_enable 2728.Pq Vt bool 2729If set to 2730.Dq Li YES , 2731run the 2732.Xr pppoed 8 2733daemon at boot time to provide PPP over Ethernet services. 2734.It Va pppoed_ Ns Aq Ar provider 2735.Pq Vt str 2736.Xr pppoed 8 2737listens to requests to this 2738.Ar provider 2739and ultimately runs 2740.Xr ppp 8 2741with a 2742.Ar system 2743argument of the same name. 2744.It Va pppoed_flags 2745.Pq Vt str 2746Additional flags to pass to 2747.Xr pppoed 8 . 2748.It Va pppoed_interface 2749.Pq Vt str 2750The network interface to run 2751.Xr pppoed 8 2752on. 2753This is mandatory when 2754.Va pppoed_enable 2755is set to 2756.Dq Li YES . 2757.It Va ntpdate_enable 2758.Pq Vt bool 2759If set to 2760.Dq Li YES , 2761run 2762.Xr ntpdate 8 2763at system startup. 2764This command is intended to 2765synchronize the system clock only 2766.Em once 2767from some standard reference. 2768.Pp 2769Note that the use of the 2770.Va ntpd_sync_on_start 2771variable is a preferred alternative to the 2772.Xr ntpdate 8 2773utility as 2774.Xr ntpdate 8 2775is to be retired from the NTP distribution. 2776.It Va ntpdate_config 2777.Pq Vt str 2778Configuration file for 2779.Xr ntpdate 8 . 2780Default 2781.Pa /etc/ntp.conf . 2782.It Va ntpdate_hosts 2783.Pq Vt str 2784A whitespace-separated list of NTP servers to synchronize with at startup. 2785The default is to use the servers listed in 2786.Va ntpdate_config , 2787if that file exists. 2788.It Va ntpdate_program 2789.Pq Vt str 2790Path to 2791.Xr ntpdate 8 2792(default 2793.Pa /usr/sbin/ntpdate ) . 2794.It Va ntpdate_flags 2795.Pq Vt str 2796If 2797.Va ntpdate_enable 2798is set to 2799.Dq Li YES , 2800these are the flags to pass to the 2801.Xr ntpdate 8 2802command (typically a hostname). 2803.It Va ntpd_enable 2804.Pq Vt bool 2805If set to 2806.Dq Li YES , 2807run the 2808.Xr ntpd 8 2809command at boot time. 2810.It Va ntpd_program 2811.Pq Vt str 2812Path to 2813.Xr ntpd 8 2814(default 2815.Pa /usr/sbin/ntpd ) . 2816.It Va ntpd_config 2817.Pq Vt str 2818Path to 2819.Xr ntpd 8 2820configuration file. 2821Default 2822.Pa /etc/ntp.conf . 2823.It Va ntpd_flags 2824.Pq Vt str 2825If 2826.Va ntpd_enable 2827is set to 2828.Dq Li YES , 2829these are the flags to pass to the 2830.Xr ntpd 8 2831daemon. 2832.It Va ntpd_sync_on_start 2833.Pq Vt bool 2834If set to 2835.Dq Li YES , 2836.Xr ntpd 8 2837is run with the 2838.Fl g 2839flag, which syncs the system's clock on startup. 2840See 2841.Xr ntpd 8 2842for more information regarding the 2843.Fl g 2844option. 2845This is a preferred alternative to using 2846.Xr ntpdate 8 2847or specifying the 2848.Va ntpdate_enable 2849variable. 2850.It Va nis_client_enable 2851.Pq Vt bool 2852If set to 2853.Dq Li YES , 2854run the 2855.Xr ypbind 8 2856service at system boot time. 2857.It Va nis_client_flags 2858.Pq Vt str 2859If 2860.Va nis_client_enable 2861is set to 2862.Dq Li YES , 2863these are the flags to pass to the 2864.Xr ypbind 8 2865service. 2866.It Va nis_ypldap_enable 2867.Pq Vt bool 2868If set to 2869.Dq Li YES , 2870run the 2871.Xr ypldap 8 2872daemon at system boot time. 2873.It Va nis_ypldap_flags 2874.Pq Vt str 2875If 2876.Va nis.ypldap_enable 2877is set to 2878.Dq Li YES , 2879these are the flags to pass to the 2880.Xr ypldap 8 2881daemon. 2882.It Va nis_ypset_enable 2883.Pq Vt bool 2884If set to 2885.Dq Li YES , 2886run the 2887.Xr ypset 8 2888daemon at system boot time. 2889.It Va nis_ypset_flags 2890.Pq Vt str 2891If 2892.Va nis_ypset_enable 2893is set to 2894.Dq Li YES , 2895these are the flags to pass to the 2896.Xr ypset 8 2897daemon. 2898.It Va nis_server_enable 2899.Pq Vt bool 2900If set to 2901.Dq Li YES , 2902run the 2903.Xr ypserv 8 2904daemon at system boot time. 2905.It Va nis_server_flags 2906.Pq Vt str 2907If 2908.Va nis_server_enable 2909is set to 2910.Dq Li YES , 2911these are the flags to pass to the 2912.Xr ypserv 8 2913daemon. 2914.It Va nis_ypxfrd_enable 2915.Pq Vt bool 2916If set to 2917.Dq Li YES , 2918run the 2919.Xr rpc.ypxfrd 8 2920daemon at system boot time. 2921.It Va nis_ypxfrd_flags 2922.Pq Vt str 2923If 2924.Va nis_ypxfrd_enable 2925is set to 2926.Dq Li YES , 2927these are the flags to pass to the 2928.Xr rpc.ypxfrd 8 2929daemon. 2930.It Va nis_yppasswdd_enable 2931.Pq Vt bool 2932If set to 2933.Dq Li YES , 2934run the 2935.Xr rpc.yppasswdd 8 2936daemon at system boot time. 2937.It Va nis_yppasswdd_flags 2938.Pq Vt str 2939If 2940.Va nis_yppasswdd_enable 2941is set to 2942.Dq Li YES , 2943these are the flags to pass to the 2944.Xr rpc.yppasswdd 8 2945daemon. 2946.It Va rpc_ypupdated_enable 2947.Pq Vt bool 2948If set to 2949.Dq Li YES , 2950run the 2951.Nm rpc.ypupdated 2952daemon at system boot time. 2953.It Va bsnmpd_enable 2954.Pq Vt bool 2955If set to 2956.Dq Li YES , 2957run the 2958.Xr bsnmpd 1 2959daemon at system boot time. 2960Be sure to understand the security implications of running an SNMP daemon 2961on your host. 2962.It Va bsnmpd_flags 2963.Pq Vt str 2964If 2965.Va bsnmpd_enable 2966is set to 2967.Dq Li YES , 2968these are the flags to pass to the 2969.Xr bsnmpd 1 2970daemon. 2971.It Va defaultrouter 2972.Pq Vt str 2973If not set to 2974.Dq Li NO , 2975create a default route to this host name or IP address 2976(use an IP address if this router is also required to get to the 2977name server!). 2978.It Va defaultrouter_fibN 2979.Pq Vt str 2980If not set to 2981.Dq Li NO , 2982create a default route in FIB N to this host name or IP address. 2983.It Va ipv6_defaultrouter 2984.Pq Vt str 2985The IPv6 equivalent of 2986.Va defaultrouter . 2987.It Va ipv6_defaultrouter_fibN 2988.Pq Vt str 2989The IPv6 equivalent of 2990.Va defaultrouter_fibN . 2991.It Va static_arp_pairs 2992.Pq Vt str 2993Set to the list of static ARP pairs that are to be added at system 2994boot time. 2995For each whitespace separated 2996.Ar element 2997in the value, a 2998.Va static_arp_ Ns Aq Ar element 2999variable is assumed to exist whose contents will later be passed to a 3000.Dq Nm arp Cm -S 3001operation. 3002For example 3003.Bd -literal 3004static_arp_pairs="gw" 3005static_arp_gw="192.168.1.1 00:01:02:03:04:05" 3006.Ed 3007.It Va static_ndp_pairs 3008.Pq Vt str 3009Set to the list of static NDP pairs that are to be added at system 3010boot time. 3011For each whitespace separated 3012.Ar element 3013in the value, a 3014.Va static_ndp_ Ns Aq Ar element 3015variable is assumed to exist whose contents will later be passed to a 3016.Dq Nm ndp Cm -s 3017operation. 3018For example 3019.Bd -literal 3020static_ndp_pairs="gw" 3021static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 3022.Ed 3023.It Va static_routes 3024.Pq Vt str 3025Set to the list of static routes that are to be added at system 3026boot time. 3027If not set to 3028.Dq Li NO 3029then for each whitespace separated 3030.Ar element 3031in the value, a 3032.Va route_ Ns Aq Ar element 3033variable is assumed to exist 3034whose contents will later be passed to a 3035.Dq Nm route Cm add 3036operation. 3037For example: 3038.Bd -literal 3039static_routes="ext mcast:gif0 gif0local:gif0" 3040route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 3041route_mcast="-net 224.0.0.0/4 -iface gif0" 3042route_gif0local="-host 169.254.1.1 -iface lo0" 3043.Ed 3044.Pp 3045When an 3046.Ar element 3047is in the form of 3048.Li name:ifname , 3049the route is specific to the interface 3050.Li ifname . 3051.It Va ipv6_static_routes 3052.Pq Vt str 3053The IPv6 equivalent of 3054.Va static_routes . 3055If not set to 3056.Dq Li NO 3057then for each whitespace separated 3058.Ar element 3059in the value, a 3060.Va ipv6_route_ Ns Aq Ar element 3061variable is assumed to exist 3062whose contents will later be passed to a 3063.Dq Nm route Cm add Fl inet6 3064operation. 3065.It Va gateway_enable 3066.Pq Vt bool 3067If set to 3068.Dq Li YES , 3069configure host to act as an IP router, e.g.\& to forward packets 3070between interfaces. 3071.It Va ipv6_gateway_enable 3072.Pq Vt bool 3073The IPv6 equivalent of 3074.Va gateway_enable . 3075.It Va routed_enable 3076.Pq Vt bool 3077If set to 3078.Dq Li YES , 3079run a routing daemon of some sort, based on the 3080settings of 3081.Va routed_program 3082and 3083.Va routed_flags . 3084.It Va route6d_enable 3085.Pq Vt bool 3086The IPv6 equivalent of 3087.Va routed_enable . 3088If set to 3089.Dq Li YES , 3090run a routing daemon of some sort, based on the 3091settings of 3092.Va route6d_program 3093and 3094.Va route6d_flags . 3095.It Va routed_program 3096.Pq Vt str 3097If 3098.Va routed_enable 3099is set to 3100.Dq Li YES , 3101this is the name of the routing daemon to use. 3102The default is 3103.Xr routed 8 . 3104.It Va route6d_program 3105.Pq Vt str 3106The IPv6 equivalent of 3107.Va routed_program . 3108The default is 3109.Xr route6d 8 . 3110.It Va routed_flags 3111.Pq Vt str 3112If 3113.Va routed_enable 3114is set to 3115.Dq Li YES , 3116these are the flags to pass to the routing daemon. 3117.It Va route6d_flags 3118.Pq Vt str 3119The IPv6 equivalent of 3120.Va routed_flags . 3121.It Va rtadvd_enable 3122.Pq Vt bool 3123If set to 3124.Dq Li YES , 3125run the 3126.Xr rtadvd 8 3127daemon at boot time. 3128The 3129.Xr rtadvd 8 3130utility sends ICMPv6 Router Advertisement messages to 3131the interfaces specified in 3132.Va rtadvd_interfaces . 3133This should only be enabled with great care. 3134You may want to fine-tune 3135.Xr rtadvd.conf 5 . 3136.It Va rtadvd_interfaces 3137.Pq Vt str 3138If 3139.Va rtadvd_enable 3140is set to 3141.Dq Li YES 3142this is the list of interfaces to use. 3143.It Va arpproxy_all 3144.Pq Vt bool 3145If set to 3146.Dq Li YES , 3147enable global proxy ARP. 3148.It Va forward_sourceroute 3149.Pq Vt bool 3150If set to 3151.Dq Li YES 3152and 3153.Va gateway_enable 3154is also set to 3155.Dq Li YES , 3156source-routed packets are forwarded. 3157.It Va accept_sourceroute 3158.Pq Vt bool 3159If set to 3160.Dq Li YES , 3161the system will accept source-routed packets directed at it. 3162.It Va rarpd_enable 3163.Pq Vt bool 3164If set to 3165.Dq Li YES , 3166run the 3167.Xr rarpd 8 3168daemon at system boot time. 3169.It Va rarpd_flags 3170.Pq Vt str 3171If 3172.Va rarpd_enable 3173is set to 3174.Dq Li YES , 3175these are the flags to pass to the 3176.Xr rarpd 8 3177daemon. 3178.It Va bootparamd_enable 3179.Pq Vt bool 3180If set to 3181.Dq Li YES , 3182run the 3183.Xr bootparamd 8 3184daemon at system boot time. 3185.It Va bootparamd_flags 3186.Pq Vt str 3187If 3188.Va bootparamd_enable 3189is set to 3190.Dq Li YES , 3191these are the flags to pass to the 3192.Xr bootparamd 8 3193daemon. 3194.It Va stf_interface_ipv4addr 3195.Pq Vt str 3196If not set to 3197.Dq Li NO , 3198this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3199interface). 3200Specify this entry to enable the 6to4 interface. 3201.It Va stf_interface_ipv4plen 3202.Pq Vt int 3203Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3204An effective value is 0-31. 3205.It Va stf_interface_ipv6_ifid 3206.Pq Vt str 3207IPv6 interface ID for 3208.Xr stf 4 . 3209This can be set to 3210.Dq Li AUTO . 3211.It Va stf_interface_ipv6_slaid 3212.Pq Vt str 3213IPv6 Site Level Aggregator for 3214.Xr stf 4 . 3215.It Va ipv6_ipv4mapping 3216.Pq Vt bool 3217If set to 3218.Dq Li YES 3219this enables IPv4 mapped IPv6 address communication (like 3220.Li ::ffff:a.b.c.d ) . 3221.It Va rtsold_enable 3222.Pq Vt bool 3223Set to 3224.Dq Li YES 3225to enable the 3226.Xr rtsold 8 3227daemon to send ICMPv6 Router Solicitation messages. 3228.It Va rtsold_flags 3229.Pq Vt str 3230If 3231.Va rtsold_enable 3232is set to 3233.Dq Li YES , 3234these are the flags to pass to 3235.Xr rtsold 8 . 3236.It Va rtsol_flags 3237.Pq Vt str 3238For interfaces configured with the 3239.Dq Li inet6 accept_rtadv 3240keyword, these are the flags to pass to 3241.Xr rtsol 8 . 3242.Pp 3243Note that 3244.Va rtsold_enable 3245is mutually exclusive to 3246.Va rtsol_flags ; 3247.Va rtsold_enable 3248takes precedence. 3249.It Va keybell 3250.Pq Vt str 3251The keyboard bell sound. 3252Set to 3253.Dq Li normal , 3254.Dq Li visual , 3255.Dq Li off , 3256or 3257.Dq Li NO 3258if the default behavior is desired. 3259For details, refer to the 3260.Xr kbdcontrol 1 3261manpage. 3262.It Va keyboard 3263.Pq Vt str 3264If set to a non-null string, the virtual console's keyboard input is 3265set to this device. 3266.It Va keymap 3267.Pq Vt str 3268If set to 3269.Dq Li NO , 3270no keymap is installed, otherwise the value is used to install 3271the keymap file found in 3272.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3273(if using 3274.Xr syscons 4 ) or 3275.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3276(if using 3277.Xr vt 4 ) . 3278.It Va keyrate 3279.Pq Vt str 3280The keyboard repeat speed. 3281Set to 3282.Dq Li slow , 3283.Dq Li normal , 3284.Dq Li fast , 3285or 3286.Dq Li NO 3287if the default behavior is desired. 3288.It Va keychange 3289.Pq Vt str 3290If not set to 3291.Dq Li NO , 3292attempt to program the function keys with the value. 3293The value should 3294be a single string of the form: 3295.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3296.It Va cursor 3297.Pq Vt str 3298Can be set to the value of 3299.Dq Li normal , 3300.Dq Li blink , 3301.Dq Li destructive , 3302or 3303.Dq Li NO 3304to set the cursor behavior explicitly or choose the default behavior. 3305.It Va scrnmap 3306.Pq Vt str 3307If set to 3308.Dq Li NO , 3309no screen map is installed, otherwise the value is used to install 3310the screen map file in 3311.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3312This parameter is ignored when using 3313.Xr vt 4 3314as the console driver. 3315.It Va font8x16 3316.Pq Vt str 3317If set to 3318.Dq Li NO , 3319the default 8x16 font value is used for screen size requests, otherwise 3320the value in 3321.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3322or 3323.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3324is used (depending on the console driver being used). 3325.It Va font8x14 3326.Pq Vt str 3327If set to 3328.Dq Li NO , 3329the default 8x14 font value is used for screen size requests, otherwise 3330the value in 3331.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3332or 3333.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3334is used (depending on the console driver being used). 3335.It Va font8x8 3336.Pq Vt str 3337If set to 3338.Dq Li NO , 3339the default 8x8 font value is used for screen size requests, otherwise 3340the value in 3341.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3342or 3343.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3344is used (depending on the console driver being used). 3345.It Va blanktime 3346.Pq Vt int 3347If set to 3348.Dq Li NO , 3349the default screen blanking interval is used, otherwise it is set 3350to 3351.Ar value 3352seconds. 3353.It Va saver 3354.Pq Vt str 3355If not set to 3356.Dq Li NO , 3357this is the actual screen saver to use 3358.Li ( blank , snake , daemon , 3359etc). 3360.It Va moused_nondefault_enable 3361.Pq Vt str 3362If set to 3363.Dq Li NO , 3364the mouse device specified on 3365the command line is not automatically treated as enabled by the 3366.Pa /etc/rc.d/moused 3367script. 3368Having this variable set to 3369.Dq Li YES 3370allows a 3371.Xr usb 4 3372mouse, 3373for example, 3374to be enabled as soon as it is plugged in. 3375.It Va moused_enable 3376.Pq Vt str 3377If set to 3378.Dq Li YES , 3379the 3380.Xr moused 8 3381daemon is started for doing cut/paste selection on the console. 3382.It Va moused_type 3383.Pq Vt str 3384This is the protocol type of the mouse connected to this host. 3385This variable must be set if 3386.Va moused_enable 3387is set to 3388.Dq Li YES , 3389but defaults to 3390.Dq Li auto 3391as the 3392.Xr moused 8 3393daemon 3394is able to detect the appropriate mouse type automatically in many cases. 3395Set this variable to 3396one from the following list if the automatic detection fails. 3397.Pp 3398If the mouse is attached to the PS/2 mouse port, choose 3399.Dq Li auto 3400or 3401.Dq Li ps/2 , 3402regardless of the brand and model of the mouse. 3403Likewise, if the 3404mouse is attached to the bus mouse port, choose 3405.Dq Li auto 3406or 3407.Dq Li busmouse . 3408All other protocols are for serial mice and will not work with 3409the PS/2 and bus mice. 3410If this is a USB mouse, 3411.Dq Li auto 3412is the only protocol type which will work. 3413.Pp 3414.Bl -tag -width ".Li x10mouseremote" -compact 3415.It Li microsoft 3416Microsoft mouse (serial) 3417.It Li intellimouse 3418Microsoft IntelliMouse (serial) 3419.It Li mousesystems 3420Mouse systems Corp.\& mouse (serial) 3421.It Li mmseries 3422MM Series mouse (serial) 3423.It Li logitech 3424Logitech mouse (serial) 3425.It Li busmouse 3426A bus mouse 3427.It Li mouseman 3428Logitech MouseMan and TrackMan (serial) 3429.It Li glidepoint 3430ALPS GlidePoint (serial) 3431.It Li thinkingmouse 3432Kensington ThinkingMouse (serial) 3433.It Li ps/2 3434PS/2 mouse 3435.It Li mmhittab 3436MM HitTablet (serial) 3437.It Li x10mouseremote 3438X10 MouseRemote (serial) 3439.It Li versapad 3440Interlink VersaPad (serial) 3441.El 3442.Pp 3443Even if the mouse is not in the above list, it may be compatible 3444with one in the list. 3445Refer to the manual page for 3446.Xr moused 8 3447for compatibility information. 3448.Pp 3449It should also be noted that while this is enabled, any 3450other client of the mouse (such as an X server) should access 3451the mouse through the virtual mouse device, 3452.Pa /dev/sysmouse , 3453and configure it as a 3454.Dq Li sysmouse 3455type mouse, since all 3456mouse data is converted to this single canonical format when 3457using 3458.Xr moused 8 . 3459If the client program does not support the 3460.Dq Li sysmouse 3461type, 3462specify the 3463.Dq Li mousesystems 3464type. 3465It is the second preferred type. 3466.It Va moused_port 3467.Pq Vt str 3468If 3469.Va moused_enable 3470is set to 3471.Dq Li YES , 3472this is the actual port the mouse is on. 3473It might be 3474.Pa /dev/cuau0 3475for a COM1 serial mouse, or 3476.Pa /dev/psm0 3477for a PS/2 mouse, for example. 3478.It Va moused_flags 3479.Pq Vt str 3480If 3481.Va moused_flags 3482is set, its value is used as an additional set of flags to pass to the 3483.Xr moused 8 3484daemon. 3485.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3486When 3487.Va moused_nondefault_enable 3488is enabled, and a 3489.Xr moused 8 3490daemon is started for a non-default port, the 3491.Va "moused_" Ns Ar XXX Ns Va "_flags" 3492set of options has precedence over and replaces the default 3493.Va moused_flags 3494(where 3495.Ar XXX 3496is the name of the non-default port, i.e.,\& 3497.Ar ums0 ) . 3498By setting 3499.Va "moused_" Ns Ar XXX Ns Va "_flags" 3500it is possible to set up a different set of default flags for each 3501.Xr moused 8 3502instance. 3503For example, you can use 3504.Dq Li "-3" 3505for the default 3506.Va moused_flags 3507to make your laptop's touchpad more comfortable to use, 3508but an empty set of options for 3509.Va moused_ums0_flags 3510when your 3511.Xr usb 4 3512mouse has three or more buttons. 3513.It Va mousechar_start 3514.Pq Vt int 3515If set to 3516.Dq Li NO , 3517the default mouse cursor character range 3518.Li 0xd0 Ns - Ns Li 0xd3 3519is used, 3520otherwise the range start is set 3521to 3522.Ar value 3523character, see 3524.Xr vidcontrol 1 . 3525Use if the default range is occupied in the language code table. 3526.It Va allscreens_flags 3527.Pq Vt str 3528If set, 3529.Xr vidcontrol 1 3530is run with these options for each of the virtual terminals 3531.Pq Pa /dev/ttyv* . 3532For example, 3533.Dq Fl m Cm on 3534will enable the mouse pointer on all virtual terminals 3535if 3536.Va moused_enable 3537is set to 3538.Dq Li YES . 3539.It Va allscreens_kbdflags 3540.Pq Vt str 3541If set, 3542.Xr kbdcontrol 1 3543is run with these options for each of the virtual terminals 3544.Pq Pa /dev/ttyv* . 3545For example, 3546.Dq Fl h Li 200 3547will set the 3548.Xr syscons 4 3549or 3550.Xr vt 4 3551scrollback (history) buffer to 200 lines. 3552.It Va cron_enable 3553.Pq Vt bool 3554If set to 3555.Dq Li YES , 3556run the 3557.Xr cron 8 3558daemon at system boot time. 3559.It Va cron_program 3560.Pq Vt str 3561Path to 3562.Xr cron 8 3563(default 3564.Pa /usr/sbin/cron ) . 3565.It Va cron_flags 3566.Pq Vt str 3567If 3568.Va cron_enable 3569is set to 3570.Dq Li YES , 3571these are the flags to pass to 3572.Xr cron 8 . 3573.It Va cron_dst 3574.Pq Vt bool 3575If set to 3576.Dq Li YES , 3577enable the special handling of transitions to and from the 3578Daylight Saving Time in 3579.Xr cron 8 3580(equivalent to using the flag 3581.Fl s ) . 3582.It Va lpd_program 3583.Pq Vt str 3584Path to 3585.Xr lpd 8 3586(default 3587.Pa /usr/sbin/lpd ) . 3588.It Va lpd_enable 3589.Pq Vt bool 3590If set to 3591.Dq Li YES , 3592run the 3593.Xr lpd 8 3594daemon at system boot time. 3595.It Va lpd_flags 3596.Pq Vt str 3597If 3598.Va lpd_enable 3599is set to 3600.Dq Li YES , 3601these are the flags to pass to the 3602.Xr lpd 8 3603daemon. 3604.It Va chkprintcap_enable 3605.Pq Vt bool 3606If set to 3607.Dq Li YES , 3608run the 3609.Xr chkprintcap 8 3610command before starting the 3611.Xr lpd 8 3612daemon. 3613.It Va chkprintcap_flags 3614.Pq Vt str 3615If 3616.Va lpd_enable 3617and 3618.Va chkprintcap_enable 3619are set to 3620.Dq Li YES , 3621these are the flags to pass to the 3622.Xr chkprintcap 8 3623program. 3624The default is 3625.Dq Li -d , 3626which causes missing directories to be created. 3627.It Va dumpdev 3628.Pq Vt str 3629Indicates the device (usually a swap partition) to which a crash dump 3630should be written in the event of a system crash. 3631If the value of this variable is 3632.Dq Li AUTO , 3633the first suitable swap device listed in 3634.Pa /etc/fstab 3635will be used as dump device. 3636Otherwise, the value of this variable is passed as the argument to 3637.Xr dumpon 8 3638and 3639.Xr savecore 8 . 3640To disable crash dumps, set this variable to 3641.Dq Li NO . 3642.It Va dumpon_flags 3643.Pq Vt str 3644Flags to pass to 3645.Xr dumpon 8 3646when configuring 3647.Va dumpdev 3648as the system dump device. 3649.It Va dumpdir 3650.Pq Vt str 3651When the system reboots after a crash and a crash dump is found on the 3652device specified by the 3653.Va dumpdev 3654variable, 3655.Xr savecore 8 3656will save that crash dump and a copy of the kernel to the directory 3657specified by the 3658.Va dumpdir 3659variable. 3660The default value is 3661.Pa /var/crash . 3662Set to 3663.Dq Li NO 3664to not run 3665.Xr savecore 8 3666at boot time when 3667.Va dumpdir 3668is set. 3669.It Va savecore_enable 3670.Pq Vt bool 3671If set to 3672.Dq Li NO , 3673disable automatic extraction of the crash dump from the 3674.Va dumpdev . 3675.It Va savecore_flags 3676.Pq Vt str 3677If crash dumps are enabled, these are the flags to pass to the 3678.Xr savecore 8 3679utility. 3680.It Va quota_enable 3681.Pq Vt bool 3682Set to 3683.Dq Li YES 3684to turn on user and group disk quotas on system startup via the 3685.Xr quotaon 8 3686command for all file systems marked as having quotas enabled in 3687.Pa /etc/fstab . 3688The kernel must be built with 3689.Cd "options QUOTA" 3690for disk quotas to function. 3691.It Va check_quotas 3692.Pq Vt bool 3693Set to 3694.Dq Li YES 3695to enable user and group disk quota checking via the 3696.Xr quotacheck 8 3697command. 3698.It Va quotacheck_flags 3699.Pq Vt str 3700If 3701.Va quota_enable 3702is set to 3703.Dq Li YES , 3704and 3705.Va check_quotas 3706is set to 3707.Dq Li YES , 3708these are the flags to pass to the 3709.Xr quotacheck 8 3710utility. 3711The default is 3712.Dq Li "-a" , 3713which checks quotas for all file systems with quotas enabled in 3714.Pa /etc/fstab . 3715.It Va quotaon_flags 3716.Pq Vt str 3717If 3718.Va quota_enable 3719is set to 3720.Dq Li YES , 3721these are the flags to pass to the 3722.Xr quotaon 8 3723utility. 3724The default is 3725.Dq Li "-a" , 3726which enables quotas for all file systems with quotas enabled in 3727.Pa /etc/fstab . 3728.It Va quotaoff_flags 3729.Pq Vt str 3730If 3731.Va quota_enable 3732is set to 3733.Dq Li YES , 3734these are the flags to pass to the 3735.Xr quotaoff 8 3736utility when shutting down the quota system. 3737The default is 3738.Dq Li "-a" , 3739which disables quotas for all file systems with quotas enabled in 3740.Pa /etc/fstab . 3741.It Va accounting_enable 3742.Pq Vt bool 3743Set to 3744.Dq Li YES 3745to enable system accounting through the 3746.Xr accton 8 3747facility. 3748.It Va firstboot_sentinel 3749.Pq Vt str 3750This variable specifies the full path to a 3751.Dq first boot 3752sentinel file. 3753If a file exists with this path, 3754.Pa rc.d 3755scripts with the 3756.Dq firstboot 3757keyword will be run on startup and the sentinel file will be deleted 3758after the boot process completes. 3759The sentinel file must be located on a writable file system which is 3760mounted no later than 3761.Va early_late_divider 3762to function properly. 3763The default is 3764.Pa /firstboot . 3765.It Va linux_enable 3766.Pq Vt bool 3767Set to 3768.Dq Li YES 3769to enable Linux/ELF binary emulation at system initial 3770boot time. 3771.It Va sysvipc_enable 3772.Pq Vt bool 3773If set to 3774.Dq Li YES , 3775load System V IPC primitives at boot time. 3776.It Va clear_tmp_enable 3777.Pq Vt bool 3778Set to 3779.Dq Li YES 3780to have 3781.Pa /tmp 3782cleaned at startup. 3783.It Va clear_tmp_X 3784.Pq Vt bool 3785Set to 3786.Dq Li NO 3787to disable removing of X11 lock files, 3788and the removal and (secure) recreation 3789of the various socket directories for X11 3790related programs. 3791.It Va ldconfig_paths 3792.Pq Vt str 3793Set to the list of shared library paths to use with 3794.Xr ldconfig 8 . 3795NOTE: 3796.Pa /lib 3797and 3798.Pa /usr/lib 3799will always be added first, so they need not appear in this list. 3800.It Va ldconfig32_paths 3801.Pq Vt str 3802Set to the list of 32-bit compatibility shared library paths to 3803use with 3804.Xr ldconfig 8 . 3805.It Va ldconfig_insecure 3806.Pq Vt bool 3807The 3808.Xr ldconfig 8 3809utility normally refuses to use directories 3810which are writable by anyone except root. 3811Set this variable to 3812.Dq Li YES 3813to disable that security check during system startup. 3814.It Va ldconfig_local_dirs 3815.Pq Vt str 3816Set to the list of local 3817.Xr ldconfig 8 3818directories. 3819The names of all files in the directories listed will be 3820passed as arguments to 3821.Xr ldconfig 8 . 3822.It Va ldconfig_local32_dirs 3823.Pq Vt str 3824Set to the list of local 32-bit compatibility 3825.Xr ldconfig 8 3826directories. 3827The names of all files in the directories listed will be 3828passed as arguments to 3829.Dq Nm ldconfig Fl 32 . 3830.It Va kern_securelevel_enable 3831.Pq Vt bool 3832Set to 3833.Dq Li YES 3834to set the kernel security level at system startup. 3835.It Va kern_securelevel 3836.Pq Vt int 3837The kernel security level to set at startup. 3838The allowed range of 3839.Ar value 3840ranges from \-1 (the compile time default) to 3 (the 3841most secure). 3842See 3843.Xr security 7 3844for the list of possible security levels and their effect 3845on system operation. 3846.It Va sshd_program 3847.Pq Vt str 3848Path to the SSH server program 3849.Pa ( /usr/sbin/sshd 3850is the default). 3851.It Va sshd_enable 3852.Pq Vt bool 3853Set to 3854.Dq Li YES 3855to start 3856.Xr sshd 8 3857at system boot time. 3858Note, the 3859.Va sshd_oomprotect 3860variable is set to 3861.Dq Li YES 3862by default in 3863.Pa /etc/defaults/rc.conf . 3864.It Va sshd_flags 3865.Pq Vt str 3866If 3867.Va sshd_enable 3868is set to 3869.Dq Li YES , 3870these are the flags to pass to the 3871.Xr sshd 8 3872daemon. 3873.It Va ftpd_program 3874.Pq Vt str 3875Path to the FTP server program 3876.Pa ( /usr/libexec/ftpd 3877is the default). 3878.It Va ftpd_enable 3879.Pq Vt bool 3880Set to 3881.Dq Li YES 3882to start 3883.Xr ftpd 8 3884as a stand-alone daemon at system boot time. 3885.It Va ftpd_flags 3886.Pq Vt str 3887If 3888.Va ftpd_enable 3889is set to 3890.Dq Li YES , 3891these are the additional flags to pass to the 3892.Xr ftpd 8 3893daemon. 3894.It Va watchdogd_enable 3895.Pq Vt bool 3896If set to 3897.Dq Li YES , 3898start the 3899.Xr watchdogd 8 3900daemon at boot time. 3901This requires that the kernel have been compiled with a 3902.Xr watchdog 4 3903compatible device. 3904.It Va watchdogd_flags 3905.Pq Vt str 3906If 3907.Va watchdogd_enable 3908is set to 3909.Dq Li YES , 3910these are the flags passed to the 3911.Xr watchdogd 8 3912daemon. 3913.It Va watchdogd_timeout 3914.Pq Vt int 3915If 3916.Va watchdogd_enable 3917is set to 3918.Dq Li YES , 3919this is a timeout that will be used by the 3920.Xr watchdogd 8 3921daemon. 3922If this option is set, it overrides 3923.Fl t 3924in 3925.Va watchdogd_flags . 3926.It Va watchdogd_shutdown_timeout 3927.Pq Vt int 3928If 3929.Va watchdogd_enable 3930is set to 3931.Dq Li YES , 3932this is a timeout that will be set by the 3933.Xr watchdogd 8 3934daemon when it exits during the system shutdown. 3935This timeout will not be set when returning to the single-user mode 3936or when the watchdogd service is stopped individually using the 3937.Xr service 8 3938command or the rc.d script. 3939Note that the timeout will be applied if 3940.Xr watchdogd 8 3941is stopped outside of 3942.Xr rc 8 3943framework. 3944If this option is set, it overrides 3945.Fl x 3946in 3947.Va watchdogd_flags . 3948.It Va devfs_rulesets 3949.Pq Vt str 3950List of files containing sets of rules for 3951.Xr devfs 8 . 3952.It Va devfs_system_ruleset 3953.Pq Vt str 3954Rule name(s) to apply to the system 3955.Pa /dev 3956itself. 3957.It Va devfs_set_rulesets 3958.Pq Vt str 3959Pairs of already-mounted 3960.Pa dev 3961directories and rulesets that should be applied to them. 3962For example: /mount/dev=ruleset_name 3963.It Va devfs_load_rulesets 3964.Pq Vt bool 3965If set, always load the default rulesets listed in 3966.Va devfs_rulesets . 3967.It Va performance_cx_lowest 3968.Pq Vt str 3969CPU idle state to use while on AC power. 3970The string 3971.Dq Li LOW 3972indicates that 3973.Xr acpi 4 3974should use the lowest power state available while 3975.Dq Li HIGH 3976indicates that the lowest latency state (less power savings) should be used. 3977.It Va performance_cpu_freq 3978.Pq Vt str 3979CPU clock frequency to use while on AC power. 3980The string 3981.Dq Li LOW 3982indicates that 3983.Xr cpufreq 4 3984should use the lowest frequency available while 3985.Dq Li HIGH 3986indicates that the highest frequency (less power savings) should be used. 3987.It Va economy_cx_lowest 3988.Pq Vt str 3989CPU idle state to use when off AC power. 3990The string 3991.Dq Li LOW 3992indicates that 3993.Xr acpi 4 3994should use the lowest power state available while 3995.Dq Li HIGH 3996indicates that the lowest latency state (less power savings) should be used. 3997.It Va economy_cpu_freq 3998.Pq Vt str 3999CPU clock frequency to use when off AC power. 4000The string 4001.Dq Li LOW 4002indicates that 4003.Xr cpufreq 4 4004should use the lowest frequency available while 4005.Dq Li HIGH 4006indicates that the highest frequency (less power savings) should be used. 4007.It Va jail_enable 4008.Pq Vt bool 4009If set to 4010.Dq Li NO , 4011any configured jails will not be started. 4012.It Va jail_conf 4013.Pq Vt str 4014The configuration filename used by 4015.Xr jail 8 4016utility. 4017The default value is 4018.Pa /etc/jail.conf . 4019.Pa /etc/jail\&. Ns Ao Va jname Ac Ns Pa .conf 4020and 4021.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf 4022will also be used if 4023.Ao Va jname Ac 4024is set in 4025.Va jail_list . 4026.It Va jail_parallel_start 4027.Pq Vt bool 4028If set to 4029.Dq Li YES , 4030all configured jails will be started in the background (in parallel). 4031.It Va jail_flags 4032.Pq Vt str 4033Unset by default. 4034When set, use as default value for 4035.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4036for every jail in 4037.Va jail_list . 4038.It Va jail_list 4039.Pq Vt str 4040A space-delimited list of jail names. 4041When left empty, all of the 4042.Xr jail 8 4043instances defined in the configuration file are started. 4044The names specified in this list control the jail startup order. 4045.Xr jail 8 4046instances missing from 4047.Va jail_list 4048must be started manually. 4049Note that a jail's 4050.Va depend 4051parameter in the configuration file may override this list. 4052.It Va jail_reverse_stop 4053.Pq Vt bool 4054When set to 4055.Dq Li YES , 4056all configured jails in 4057.Va jail_list 4058are stopped in reverse order. 4059.It Va jail_ Ns * variables 4060Note that older releases supported per-jail configuration via 4061.Nm 4062variables. 4063For example, 4064hostname of a jail named 4065.Li vjail 4066was able to be set by 4067.Li jail_vjail_hostname . 4068These per-jail configuration variables are now obsolete in favor of 4069.Xr jail 8 4070configuration file. 4071For backward compatibility, 4072when per-jail configuration variables are defined, 4073.Xr jail 8 4074configuration files are created as 4075.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4076and used. 4077.Pp 4078The following per-jail parameters are handled by 4079.Pa rc.d/jail 4080script out of their corresponding 4081.Nm 4082variables. 4083In addition to them, parameters in 4084.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4085will be added to the configuration file. 4086They must be a semi-colon 4087.Pq Ql \&; 4088delimited list of 4089.Dq key=value . 4090For more details, 4091see 4092.Xr jail 8 4093manual page. 4094.Bl -tag -width "host.hostname" -offset indent 4095.It Li path 4096set from 4097.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4098.It Li host.hostname 4099set from 4100.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4101.It Li exec.consolelog 4102set from 4103.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4104The default value is 4105.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4106.It Li interface 4107set from 4108.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4109.It Li vnet.interface 4110set from 4111.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4112This implies 4113.Li vnet 4114parameter will be enabled and cannot be specified with 4115.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4116.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4117and/or 4118.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4119at the same time. 4120.It Li fstab 4121set from 4122.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4123.It Li mount 4124set from 4125.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4126.It Li exec.fib 4127set from 4128.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4129.It Li exec.start 4130set from 4131.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4132The parameter name was 4133.Li command 4134in some older releases. 4135.It Li exec.prestart 4136set from 4137.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4138.It Li exec.poststart 4139set from 4140.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4141.It Li exec.stop 4142set from 4143.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4144.It Li exec.prestop 4145set from 4146.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4147.It Li exec.poststop 4148set from 4149.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4150.It Li ip4.addr 4151set if 4152.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4153or 4154.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4155contain IPv4 addresses 4156.It Li ip6.addr 4157set if 4158.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4159or 4160.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4161contain IPv6 addresses 4162.It Li allow.mount 4163set from 4164.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4165.It Li mount.devfs 4166set from 4167.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4168.It Li devfs_ruleset 4169set from 4170.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4171This must be an integer, 4172not a string. 4173.It Li mount.fdescfs 4174set from 4175.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4176.It Li allow.set_hostname 4177set from 4178.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4179.It Li allow.rawsocket 4180set from 4181.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4182.It Li allow.sysvipc 4183set from 4184.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4185.El 4186.\" ----------------------------------------------------- 4187.It Va harvest_mask 4188.Pq Vt int 4189Set to a bit-mask 4190representing the entropy sources 4191you wish to harvest. 4192Refer to 4193.Xr random 4 4194for more information. 4195.It Va entropy_dir 4196.Pq Vt str 4197Set to 4198.Dq Li NO 4199to disable caching entropy via 4200.Xr cron 8 . 4201Otherwise set to the directory 4202in which the entropy files are stored. 4203To be useful, 4204there must be 4205a system cron job 4206that regularly writes and rotates 4207files here. 4208All files found 4209will be used at boot time. 4210The default is 4211.Pa /var/db/entropy . 4212.It Va entropy_file 4213.Pq Vt str 4214Set to 4215.Dq Li NO 4216to disable caching entropy through reboots. 4217Otherwise set to the name 4218of a file used to store cached entropy. 4219This file should be located 4220on a file system that is readable 4221before all the volumes specified in 4222.Xr fstab 5 4223are mounted. 4224By default, 4225.Pa /entropy 4226is used, 4227but if 4228.Pa /var/db/entropy-file 4229is found it will also be used. 4230This will be of some use to 4231.Xr bsdinstall 8 . 4232.It Va entropy_boot_file 4233.Pq Vt str 4234Set to 4235.Dq Li NO 4236to disable 4237very early caching entropy 4238through reboots. 4239Otherwise set to the filename 4240used to read 4241very early reboot cached entropy. 4242This file should be located where 4243.Xr loader 8 4244can read it. 4245See also 4246.Xr loader.conf 5 . 4247The default location is 4248.Pa /boot/entropy . 4249.It Va entropy_save_sz 4250.Pq Vt int 4251Size of the entropy cache files saved by 4252.Nm save-entropy 4253periodically. 4254.It Va entropy_save_num 4255.Pq Vt int 4256Number of entropy cache files to save by 4257.Nm save-entropy 4258periodically. 4259.It Va ipsec_enable 4260.Pq Vt bool 4261Set to 4262.Dq Li YES 4263to run 4264.Xr setkey 8 4265on 4266.Va ipsec_file 4267at boot time. 4268.It Va ipsec_file 4269.Pq Vt str 4270Configuration file for 4271.Xr setkey 8 . 4272.It Va dmesg_enable 4273.Pq Vt bool 4274Set to 4275.Dq Li YES 4276to save 4277.Xr dmesg 8 4278to 4279.Pa /var/run/dmesg.boot 4280on boot. 4281.It Va rcshutdown_timeout 4282.Pq Vt int 4283If set, start a watchdog timer in the background which will terminate 4284.Pa rc.shutdown 4285if 4286.Xr shutdown 8 4287has not completed within the specified time (in seconds). 4288Notice that in addition to this soft timeout, 4289.Xr init 8 4290also applies a hard timeout for the execution of 4291.Pa rc.shutdown . 4292This is configured via 4293.Xr sysctl 8 4294variable 4295.Va kern.init_shutdown_timeout 4296and defaults to 120 seconds. 4297Setting the value of 4298.Va rcshutdown_timeout 4299to more than 120 seconds will have no effect until the 4300.Xr sysctl 8 4301variable 4302.Va kern.init_shutdown_timeout 4303is also increased. 4304.It Va virecover_enable 4305.Pq Vt bool 4306Set to 4307.Dq Li NO 4308to prevent the system from trying to 4309recover prematurely terminated 4310.Xr vi 1 4311sessions. 4312.It Va ugidfw_enable 4313.Pq Vt bool 4314Set to 4315.Dq Li YES 4316to load the 4317.Xr mac_bsdextended 4 4318module upon system initialization and load a default 4319ruleset file. 4320.It Va bsdextended_script 4321.Pq Vt str 4322The default 4323.Xr mac_bsdextended 4 4324ruleset file to load. 4325The default value of this variable is 4326.Pa /etc/rc.bsdextended . 4327.It Va newsyslog_enable 4328.Pq Vt bool 4329If set to 4330.Dq Li YES , 4331run 4332.Xr newsyslog 8 4333command at startup. 4334.It Va newsyslog_flags 4335.Pq Vt str 4336If 4337.Va newsyslog_enable 4338is set to 4339.Dq Li YES , 4340these are the flags to pass to the 4341.Xr newsyslog 8 4342program. 4343The default is 4344.Dq Li -CN , 4345which causes log files flagged with a 4346.Cm C 4347to be created. 4348.It Va mdconfig_md Ns Aq Ar X 4349.Pq Vt str 4350Arguments to 4351.Xr mdconfig 8 4352for 4353.Xr md 4 4354device 4355.Ar X . 4356At minimum a 4357.Fl t Ar type 4358must be specified and either a 4359.Fl s Ar size 4360for malloc or swap backed 4361.Xr md 4 4362devices or a 4363.Fl f Ar file 4364for vnode backed 4365.Xr md 4 4366devices. 4367Note that 4368.Va mdconfig_md Ns Aq Ar X 4369variables are evaluated until one variable is unset or null. 4370.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4371.Pq Vt str 4372Optional arguments passed to 4373.Xr newfs 8 4374to initialize 4375.Xr md 4 4376device 4377.Ar X . 4378.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4379.Pq Vt str 4380An ownership specification passed to 4381.Xr chown 8 4382after the specified 4383.Xr md 4 4384device 4385.Ar X 4386has been mounted. 4387Both the 4388.Xr md 4 4389device and the mount point will be changed. 4390.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4391.Pq Vt str 4392A mode string passed to 4393.Xr chmod 1 4394after the specified 4395.Xr md 4 4396device 4397.Ar X 4398has been mounted. 4399Both the 4400.Xr md 4 4401device and the mount point will be changed. 4402.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4403.Pq Vt str 4404Files to be copied to the mount point of the 4405.Xr md 4 4406device 4407.Ar X 4408after it has been mounted. 4409.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4410.Pq Vt str 4411Command to execute after the specified 4412.Xr md 4 4413device 4414.Ar X 4415has been mounted. 4416Note that the command is passed to 4417.Ic eval 4418and that both 4419.Va _dev 4420and 4421.Va _mp 4422variables can be used to reference respectively the 4423.Xr md 4 4424device and the mount point. 4425Assuming that the 4426.Xr md 4 4427device is 4428.Li md0 , 4429one could set the following: 4430.Bd -literal 4431mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4432.Ed 4433.It Va autobridge_interfaces 4434.Pq Vt str 4435Set to the list of bridge interfaces that will have newly arriving interfaces 4436checked against to be automatically added. 4437If not set to 4438.Dq Li NO 4439then for each whitespace separated 4440.Ar element 4441in the value, a 4442.Va autobridge_ Ns Aq Ar element 4443variable is assumed to exist which has a whitespace separated list of interface 4444names to match, these names can use wildcards. 4445For example: 4446.Bd -literal 4447autobridge_interfaces="bridge0" 4448autobridge_bridge0="tap* dc0 vlan[345]" 4449.Ed 4450.It Va mixer_enable 4451.Pq Vt bool 4452If set to 4453.Dq Li YES , 4454enable support for sound mixer. 4455.It Va hcsecd_enable 4456.Pq Vt bool 4457If set to 4458.Dq Li YES , 4459enable Bluetooth security daemon. 4460.It Va hcsecd_config 4461.Pq Vt str 4462Configuration file for 4463.Xr hcsecd 8 . 4464Default 4465.Pa /etc/bluetooth/hcsecd.conf . 4466.It Va sdpd_enable 4467.Pq Vt bool 4468If set to 4469.Dq Li YES , 4470enable Bluetooth Service Discovery Protocol daemon. 4471.It Va sdpd_control 4472.Pq Vt str 4473Path to 4474.Xr sdpd 8 4475control socket. 4476Default 4477.Pa /var/run/sdp . 4478.It Va sdpd_groupname 4479.Pq Vt str 4480Sets 4481.Xr sdpd 8 4482group to run as after it initializes. 4483Default 4484.Dq Li nobody . 4485.It Va sdpd_username 4486.Pq Vt str 4487Sets 4488.Xr sdpd 8 4489user to run as after it initializes. 4490Default 4491.Dq Li nobody . 4492.It Va bthidd_enable 4493.Pq Vt bool 4494If set to 4495.Dq Li YES , 4496enable Bluetooth Human Interface Device daemon. 4497.It Va bthidd_config 4498.Pq Vt str 4499Configuration file for 4500.Xr bthidd 8 . 4501Default 4502.Pa /etc/bluetooth/bthidd.conf . 4503.It Va bthidd_hids 4504.Pq Vt str 4505Path to a file, where 4506.Xr bthidd 8 4507will store information about known HID devices. 4508Default 4509.Pa /var/db/bthidd.hids . 4510.It Va rfcomm_pppd_server_enable 4511.Pq Vt bool 4512If set to 4513.Dq Li YES , 4514enable Bluetooth RFCOMM PPP wrapper daemon. 4515.It Va rfcomm_pppd_server_profile 4516.Pq Vt str 4517The name of the profile to use from 4518.Pa /etc/ppp/ppp.conf . 4519Multiple profiles can be specified here. 4520Also used to specify per-profile overrides. 4521When the profile name contains any of the characters 4522.Dq Li .-/+ 4523they are translated to 4524.Dq Li _ 4525for the proposes of the override variable names. 4526.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4527.Pq Vt str 4528Overrides local address to listen on. 4529By default 4530.Xr rfcomm_pppd 8 4531will listen on 4532.Dq Li ANY 4533address. 4534The address can be specified as BD_ADDR or name. 4535.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4536.Pq Vt str 4537Overrides local RFCOMM channel to listen on. 4538By default 4539.Xr rfcomm_pppd 8 4540will listen on RFCOMM channel 1. 4541Must set properly if multiple profiles used in the same time. 4542.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4543.Pq Vt bool 4544Tells 4545.Xr rfcomm_pppd 8 4546if it should register Serial Port service on the specified RFCOMM channel. 4547Default 4548.Dq Li NO . 4549.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4550.Pq Vt bool 4551Tells 4552.Xr rfcomm_pppd 8 4553if it should register Dial-Up Networking service on the specified 4554RFCOMM channel. 4555Default 4556.Dq Li NO . 4557.It Va ubthidhci_enable 4558.Pq Vt bool 4559If set to 4560.Dq Li YES , 4561change the USB Bluetooth controller from HID mode to HCI mode. 4562You also need to specify the location of USB Bluetooth controller with the 4563.Va ubthidhci_busnum 4564and 4565.Va ubthidhci_addr 4566variables. 4567.It Va ubthidhci_busnum 4568Bus number where the USB Bluetooth controller is located. 4569Check the output of 4570.Xr usbconfig 8 4571on your system to find this information. 4572.It Va ubthidhci_addr 4573Bus address of the USB Bluetooth controller. 4574Check the output of 4575.Xr usbconfig 8 4576on your system to find this information. 4577.It Va utx_enable 4578.Pq Vt bool 4579Set to 4580.Dq Li YES 4581to enable user accounting through the 4582.Xr utx 8 4583facility. 4584.It Va netwait_enable 4585.Pq Vt bool 4586If set to 4587.Dq Li YES , 4588delays the start of network-reliant services until 4589.Va netwait_if 4590is up and ICMP packets to a destination defined in 4591.Va netwait_ip 4592are flowing. 4593Link state is examined first, followed by 4594.Dq Li pinging 4595an IP address to verify network usability. 4596If no destination can be reached or timeouts are exceeded, 4597network services are started anyway with no guarantee that 4598the network is usable. 4599Use of this variable requires both 4600.Va netwait_ip 4601and 4602.Va netwait_if 4603to be set. 4604.It Va netwait_ip 4605.Pq Vt str 4606Empty by default. 4607This variable contains a space-delimited list of IP addresses to 4608.Xr ping 8 . 4609DNS hostnames should not be used as resolution is not guaranteed 4610to be functional at this point. 4611If multiple IP addresses are specified, 4612each will be tried until one is successful or the list is exhausted. 4613.It Va netwait_timeout 4614.Pq Vt int 4615Indicates the total number of seconds to perform a 4616.Dq Li ping 4617against each IP address in 4618.Va netwait_ip , 4619at a rate of one ping per second. 4620If any of the pings are successful, 4621full network connectivity is considered reliable. 4622The default is 60. 4623.It Va netwait_if 4624.Pq Vt str 4625Empty by default. 4626Defines the name of the network interface on which watch for link. 4627.Xr ifconfig 8 4628is used to monitor the interface, looking for 4629.Dq Li status: no carrier . 4630Once gone, the link is considered up. 4631This can be a 4632.Xr vlan 4 4633interface if desired. 4634.It Va netwait_if_timeout 4635.Pq Vt int 4636Defines the total number of seconds to wait for link to become usable, 4637polled at a 1-second interval. 4638The default is 30. 4639.It Va rctl_enable 4640.Pq Vt bool 4641If set to 4642.Dq Li YES , 4643load 4644.Xr rctl 8 4645rules from the defined ruleset. 4646The kernel must be built with 4647.Cd "options RACCT" 4648and 4649.Cd "options RCTL" . 4650.It Va rctl_rules 4651.Pq Vt str 4652Set to 4653.Pa /etc/rctl.conf 4654by default. 4655This variables contains the 4656.Xr rctl.conf 5 4657ruleset to load for 4658.Xr rctl 8 . 4659.It Va iovctl_files 4660.Pq Vt str 4661A space-separated list of configuration files used by 4662.Xr iovctl 8 . 4663The default value is an empty string. 4664.It Va autofs_enable 4665.Pq Vt bool 4666If set to 4667.Dq Li YES , 4668start the 4669.Xr automount 8 4670utility and the 4671.Xr automountd 8 4672and 4673.Xr autounmountd 8 4674daemons at boot time. 4675.It Va automount_flags 4676.Pq Vt str 4677If 4678.Va autofs_enable 4679is set to 4680.Dq Li YES , 4681these are the flags to pass to the 4682.Xr automount 8 4683program. 4684By default no flags are passed. 4685.It Va automountd_flags 4686.Pq Vt str 4687If 4688.Va autofs_enable 4689is set to 4690.Dq Li YES , 4691these are the flags to pass to the 4692.Xr automountd 8 4693daemon. 4694By default no flags are passed. 4695.It Va autounmountd_flags 4696.Pq Vt str 4697If 4698.Va autofs_enable 4699is set to 4700.Dq Li YES , 4701these are the flags to pass to the 4702.Xr autounmountd 8 4703daemon. 4704By default no flags are passed. 4705.It Va ctld_enable 4706.Pq Vt bool 4707If set to 4708.Dq Li YES , 4709start the 4710.Xr ctld 8 4711daemon at boot time. 4712.It Va iscsid_enable 4713.Pq Vt bool 4714If set to 4715.Dq Li YES , 4716start the 4717.Xr iscsid 8 4718daemon at boot time. 4719.It Va iscsictl_enable 4720.Pq Vt bool 4721If set to 4722.Dq Li YES , 4723start the 4724.Xr iscsictl 8 4725utility at boot time. 4726.It Va iscsictl_flags 4727.Pq Vt str 4728If 4729.Va iscsictl_enable 4730is set to 4731.Dq Li YES , 4732these are the flags to pass to the 4733.Xr iscsictl 8 4734program. 4735The default is 4736.Dq Li -Aa , 4737which configures sessions based on the 4738.Pa /etc/iscsi.conf 4739configuration file. 4740.It Va cfumass_enable 4741.Pq Vt bool 4742If set to 4743.Dq Li YES , 4744create and export an USB LUN using 4745.Xr cfumass 4 4746at boot time. 4747.It Va cfumass_dir 4748.Pq Vt str 4749The directory where the files exported by USB LUN are located. 4750The default directory is 4751.Pa /var/cfumass . 4752.It Va service_delete_empty 4753.Pq Vt bool 4754If set to 4755.Dq Li YES , 4756.Ql Li service delete 4757removes empty 4758.Dq Li rc.conf.d 4759files. 4760.It Va zfs_bootonce_activate 4761.Pq Vt bool 4762If set to 4763.Dq Li YES , 4764and a boot environment marked bootonce is successfully booted, 4765it will be made permanently active. 4766.It Va zfskeys_enable 4767.Pq Vt bool 4768If set to 4769.Dq Li YES , 4770enable auto-loading of encryption keys for encrypted ZFS datasets. 4771For every dataset the script will first load the appropriate encryption key 4772and then attempt to unlock the dataset. 4773.Pp 4774The script operates only on datasets which are encrypted with 4775ZFS native encryption 4776and have a ZFS 4777.Dq Li keylocation 4778dataset property beginning with 4779.Dq Li file:// . 4780.It Va zfskeys_datasets 4781.Pq Vt str 4782A whitespace-separated list of ZFS datasets to unlock. 4783The list is empty by default, 4784which means that the script will attempt to unlock all datasets. 4785.It Va zfskeys_timeout 4786.Pq Vt int 4787Define the total number of seconds to wait for the zfskeys script 4788to unlock an encrypted dataset. 4789The default is 10. 4790.It Va sendmail_enable 4791.Pq Vt str 4792If set to 4793.Dq Li YES , 4794run the 4795.Xr sendmail 8 4796daemon at system boot time. 4797If set to 4798.Dq Li NO , 4799do not run a 4800.Xr sendmail 8 4801daemon to listen for incoming network mail. 4802This does not preclude a 4803.Xr sendmail 8 4804daemon listening on the SMTP port of the loopback interface. 4805The 4806.Dq Li NONE 4807option sets each 4808.Va sendmail_enable , 4809.Va sendmail_submit_enable , 4810.Va sendmail_outbound_enable , 4811.Va sendmail_msp_queue_enable 4812to 4813.Dq Li NO . 4814.It Va sendmail_cert_create 4815.Pq Vt str 4816If 4817.Va sendmail_enable 4818is set to 4819.Dq Li YES , 4820create a signed certificate 4821.Pa /etc/mail/certs/host.cert 4822representing 4823.Pa /etc/mail/certs/host.key 4824by the CA certificate in 4825.Pa /etc/mail/certs/cacert.pem . 4826This will enable connecting hosts to negotiate STARTTLS allowing incoming 4827email to be encrypted in transit. 4828.Xr sendmail 8 4829needs to be configured to use these generated files. 4830The default configuration in 4831.Pa /etc/mail/freebsd.mc 4832has the required options in it. 4833.It Va sendmail_cert_cn 4834.Pq Vt str 4835If 4836.Va sendmail_enable 4837is set to 4838.Dq Li YES 4839and 4840.Va sendmail_cert_create 4841is set to 4842.Dq Li YES , 4843this is the Common Name (CN) of the certificate that will be created. 4844If 4845.Va sendmail_cert_cn 4846is not set, the system's hostname will be used. 4847If there is no hostname set, 4848.Dq Li amnesiac 4849will be used. 4850.It Va sendmail_flags 4851.Pq Vt str 4852If 4853.Va sendmail_enable 4854is set to 4855.Dq Li YES , 4856these are the flags to pass to the 4857.Xr sendmail 8 4858daemon. 4859.It Va sendmail_submit_enable 4860.Pq Vt bool 4861If set to 4862.Dq Li YES 4863and 4864.Va sendmail_enable 4865is set to 4866.Dq Li NO , 4867run 4868.Xr sendmail 8 4869using 4870.Va sendmail_submit_flags 4871instead of 4872.Va sendmail_flags . 4873This is intended to allow local mail submission via 4874a localhost-only listening SMTP service required for running 4875.Xr sendmail 8 4876as a non-set-user-ID binary. 4877Note that this does not work inside 4878.Xr jail 2 4879systems, as jails do not allow binding to just the localhost interface. 4880.It Va sendmail_submit_flags 4881.Pq Vt str 4882If 4883.Va sendmail_enable 4884is set to 4885.Dq Li NO 4886and 4887.Va sendmail_submit_enable 4888is set to 4889.Dq Li YES , 4890these are the flags to pass to the 4891.Xr sendmail 8 4892daemon. 4893.It Va sendmail_outbound_enable 4894.Pq Vt bool 4895If set to 4896.Dq Li YES 4897and both 4898.Va sendmail_enable 4899and 4900.Va sendmail_submit_enable 4901are set to 4902.Dq Li NO , 4903run 4904.Xr sendmail 8 4905using 4906.Va sendmail_outbound_flags 4907instead of 4908.Va sendmail_flags . 4909This is intended to allow local mail queue management 4910for systems that do not offer a listening SMTP service. 4911.It Va sendmail_outbound_flags 4912.Pq Vt str 4913If both 4914.Va sendmail_enable 4915and 4916.Va sendmail_submit_enable 4917are set to 4918.Dq Li NO 4919and 4920.Va sendmail_outbound_enable 4921is set to 4922.Dq Li YES , 4923these are the flags to pass to the 4924.Xr sendmail 8 4925daemon. 4926.It Va sendmail_msp_queue_enable 4927.Pq Vt bool 4928If set to 4929.Dq Li YES , 4930start a client (MSP) queue runner 4931.Xr sendmail 8 4932daemon at system boot time. 4933As of sendmail 8.12, a separate queue is used for command line 4934submissions. 4935The client queue runner ensures that nothing is 4936left behind in the submission queue. 4937.It Va sendmail_msp_queue_flags 4938.Pq Vt str 4939If 4940.Va sendmail_msp_queue_enable 4941is set to 4942daemon. 4943.Dq Li YES , 4944these are the flags to pass to the 4945.Xr sendmail 8 4946.El 4947.Sh SERVICE JAILS 4948The service jails part of the rc system automatically puts a service 4949into a jail. 4950This jail inherits the filesystem and various other parts of the 4951parent (if you allow child-jails in your jails, service jails 4952can be used in jails) depending on the content of the 4953.Ao Ar name Ac Ns Va _svcj_options 4954variable. 4955Typically this variable is set inside rc scripts, but it can be 4956overriden in the rc config. 4957Valid options for 4958.Ao Ar name Ac Ns Va _svcj_options 4959are: 4960.Bl -tag -width indent-two 4961.It mlock 4962Allows to lock memory pages into the physical memory. 4963.It netv4 4964Inherit the IPv4 address and allows to open reserved ports. 4965This can not be combined with 4966.Pa netv6 . 4967.It netv6 4968Inherit the IPv6 address and allows to open reserved ports. 4969This can not be combined with 4970.Pa netv4 . 4971.It net_basic 4972Inherits the IPv4 and IPv6 addresses and allows to open 4973reserved ports. 4974.It net_raw 4975Allow to open raw sockets. 4976This option can be combined with 4977.Pa netv4 , 4978.Pa netv6 , 4979.Pa net_basic . 4980.It net_all 4981Inherits the IPv4 and IPv6 addresses, allows to open reserved 4982ports, allows to open raw sockets, and allows to open sockets 4983of protocol stacks that have not had jail functionality added 4984to them. 4985.It nfsd 4986Allows to run nfsd and affiliated daemons. 4987.It sysvipc 4988Inherits the SysV semaphores, SysV shared memory and 4989SysV messages from the host or the parent jail. 4990.It sysvipcnew 4991Creates a new namespace for SysV semaphores, SysV shared memory 4992and SysV messages for this particular service jail. 4993.It vmm 4994Allows access to 4995.Xr vmm 4 . 4996This option is only available when 4997.Xr vmm 4 4998is enabled in the kernel. 4999.El 5000 5001All non-network options can be combined with all other options. 5002From the SysV options only one option can be specified. 5003 5004If the 5005.Ao Ar name Ac Ns Va _svcj 5006variable is set to 5007.Dq Li YES , 5008this particular service is started in a 5009service jail named 5010.Va svcj- Ns Ar name . 5011 5012The 5013.Va svcj_all_enable 5014variable allows to enable service jails for all services of the 5015system at once. 5016Services which have 5017.Ao Ar name Ac Ns Va _svcj 5018set to 5019.Dq Li NO 5020are excluded. 5021Some services may set 5022.Ao Ar name Ac Ns Va _svcj 5023to 5024.Dq Li NO 5025in the script to either prevent service jails for this 5026service at all, or may set it to 5027.Dq Li NO 5028if it is not set in the 5029rc config, to exclude it from 5030.Va svcj_all_enable 5031but allow to explicitely enable it. 5032The sshd service for example would not see other jails, if 5033it would run as a service jail. 5034This may or may not be what is needed, and as such it is 5035excluded from 5036.Va svcj_all_enable 5037but can be enabled via setting 5038.Va sshd_svcj 5039to 5040.Dq Li YES . 5041.Sh FILES 5042.Bl -tag -width "/etc/defaults/rc.conf" -compact 5043.It Pa /etc/defaults/rc.conf 5044.It Pa /etc/defaults/vendor.conf 5045.It Pa /etc/rc.conf 5046.It Pa /etc/rc.conf.local 5047.It Pa /etc/rc.conf.d/ 5048.El 5049.Sh SEE ALSO 5050.Xr chmod 1 , 5051.Xr cpuset 1 , 5052.Xr gdb 1 Pq Pa ports/devel/gdb , 5053.Xr kbdcontrol 1 , 5054.Xr limits 1 , 5055.Xr protect 1 , 5056.Xr sh 1 , 5057.Xr umask 1 , 5058.Xr uuidgen 1 , 5059.Xr vi 1 , 5060.Xr vidcontrol 1 , 5061.Xr bridge 4 , 5062.Xr dummynet 4 , 5063.Xr ip 4 , 5064.Xr ipf 4 , 5065.Xr ipfw 4 , 5066.Xr ipnat 4 , 5067.Xr kld 4 , 5068.Xr pf 4 , 5069.Xr pflog 4 , 5070.Xr pfsync 4 , 5071.Xr tcp 4 , 5072.Xr udp 4 , 5073.Xr exports 5 , 5074.Xr fstab 5 , 5075.Xr ipf 5 , 5076.Xr ipnat 5 , 5077.Xr jail.conf 5 , 5078.Xr loader.conf 5 , 5079.Xr login.conf 5 , 5080.Xr motd 5 , 5081.Xr newsyslog.conf 5 , 5082.Xr pf.conf 5 , 5083.Xr firewall 7 , 5084.Xr growfs 7 , 5085.Xr security 7 , 5086.Xr tuning 7 , 5087.Xr accton 8 , 5088.Xr apm 8 , 5089.Xr bsdinstall 8 , 5090.Xr bthidd 8 , 5091.Xr chkprintcap 8 , 5092.Xr chown 8 , 5093.Xr cron 8 , 5094.Xr devfs 8 , 5095.Xr dhclient 8 , 5096.Xr ftpd 8 , 5097.Xr geli 8 , 5098.Xr hcsecd 8 , 5099.Xr ifconfig 8 , 5100.Xr inetd 8 , 5101.Xr iovctl 8 , 5102.Xr ipf 8 , 5103.Xr ipfw 8 , 5104.Xr ipnat 8 , 5105.Xr jail 8 , 5106.Xr kldxref 8 , 5107.Xr loader 8 , 5108.Xr lpd 8 , 5109.Xr makewhatis 8 , 5110.Xr mdconfig 8 , 5111.Xr mdmfs 8 , 5112.Xr mixer 8 , 5113.Xr mountd 8 , 5114.Xr moused 8 , 5115.Xr newfs 8 , 5116.Xr newsyslog 8 , 5117.Xr nfsd 8 , 5118.Xr ntpd 8 , 5119.Xr ntpdate 8 , 5120.Xr pfctl 8 , 5121.Xr pflogd 8 , 5122.Xr ping 8 , 5123.Xr powerd 8 , 5124.Xr quotacheck 8 , 5125.Xr quotaon 8 , 5126.Xr rc 8 , 5127.Xr rc.subr 8 , 5128.Xr rcorder 8 , 5129.Xr rfcomm_pppd 8 , 5130.Xr route 8 , 5131.Xr route6d 8 , 5132.Xr routed 8 , 5133.Xr rpc.lockd 8 , 5134.Xr rpc.statd 8 , 5135.Xr rpc.tlsclntd 8 , 5136.Xr rpc.tlsservd 8 , 5137.Xr rpcbind 8 , 5138.Xr rwhod 8 , 5139.Xr savecore 8 , 5140.Xr sdpd 8 , 5141.Xr sendmail 8 , 5142.Xr service 8 , 5143.Xr sshd 8 , 5144.Xr swapon 8 , 5145.Xr sysctl 8 , 5146.Xr syslogd 8 , 5147.Xr sysrc 8 , 5148.Xr unbound 8 , 5149.Xr usbconfig 8 , 5150.Xr utx 8 , 5151.Xr wlandebug 8 , 5152.Xr yp 8 , 5153.Xr ypbind 8 , 5154.Xr ypserv 8 , 5155.Xr ypset 8 5156.Sh HISTORY 5157The 5158.Nm 5159file appeared in 5160.Fx 2.2.2 . 5161.Sh AUTHORS 5162.An Jordan K. Hubbard . 5163