1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd February 17, 2023 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories (where 84.Ao Ar dir Ac 85is each entry specified in 86 .Va local_startup , 87but with any trailing 88.Pa /rc.d 89stripped), 90which will be included by the 91.Va load_rc_config 92function. 93For jail configurations you could use the file 94.Pa /etc/rc.conf.d/jail 95to store jail-specific configuration options. 96If 97.Va local_startup 98contains 99.Pa /usr/local/etc/rc.d 100and 101.Pa /opt/conf , 102.Pa /usr/local/etc/rc.conf.d/jail 103and 104.Pa /opt/conf/rc.conf.d/jail 105will be loaded. 106If 107.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 108is a directory, 109all of files in the directory will be loaded. 110Also see the 111.Va rc_conf_files 112variable below. 113.Pp 114Options are set with 115.Dq Ar name Ns Li = Ns Ar value 116assignments that use 117.Xr sh 1 118syntax. 119The following list provides a name and short description for each 120variable that can be set in the 121.Nm 122file: 123.Bl -tag -width indent-two 124.It Va rc_debug 125.Pq Vt bool 126If set to 127.Dq Li YES , 128enable output of debug messages from rc scripts. 129This variable can be helpful in diagnosing mistakes when 130editing or integrating new scripts. 131Beware that this produces copious output to the terminal and 132.Xr syslog 3 . 133.It Va rc_info 134.Pq Vt bool 135If set to 136.Dq Li NO , 137disable informational messages from the rc scripts. 138Informational messages are displayed when 139a condition that is not serious enough to warrant a warning or 140an error occurs. 141.It Va rc_startmsgs 142.Pq Vt bool 143If set to 144.Dq Li YES , 145show 146.Dq Starting foo: 147when faststart is used (e.g., at boot time). 148.It Va early_late_divider 149.Pq Vt str 150The name of the script that should be used as the 151delimiter between the 152.Dq early 153and 154.Dq late 155stages of the boot process. 156The early stage should contain all the services needed to 157get the disks (local or remote) mounted so that the late 158stage can include scripts contained in the directories 159listed in the 160.Va local_startup 161variable (see below). 162Thus, the two likely candidates for this value are 163.Pa mountcritlocal 164for the typical system, and 165.Pa mountcritremote 166if the system needs remote file 167systems mounted to get access to the 168.Va local_startup 169directories; for example when 170.Pa /usr/local 171is NFS mounted. 172For 173.Pa rc.conf 174within a 175.Xr jail 8 176.Pa NETWORKING 177is likely to be an appropriate value. 178Extreme care should be taken when changing this value, 179and before changing it one should ensure that there are 180adequate provisions to recover from a failed boot 181(such as physical contact with the machine, 182or reliable remote console access). 183.It Va always_force_depends 184.Pq Vt bool 185Various 186.Pa rc.d 187scripts use the force_depend function to check whether required 188services are already running, and to start them if necessary. 189By default during boot time this check is bypassed if the 190required service is enabled in 191.Pa /etc/rc.conf[.local] . 192Setting this option will bypass that check at boot time and 193always test whether or not the service is actually running. 194Enabling this option is likely to increase your boot time if 195services are enabled that utilize the force_depend check. 196.It Ao Ar name Ac Ns Va _chroot 197.Pq Vt str 198.Xr chroot 8 199to this directory before running the service. 200.It Ao Ar name Ac Ns Va _fib 201.Pq Vt int 202The 203.Xr setfib 1 204value to run the service under. 205.It Ao Ar name Ac Ns Va _group 206.Pq Vt str 207Run the chrooted service under this system group. 208Unlike the 209.Ao Ar name Ac Ns Va _user 210setting, this setting has no effect if the service is not chrooted. 211.It Ao Ar name Ac Ns Va _limits 212.Pq Vt str 213Resource limits to apply to the service using 214.Xr limits 1 . 215By default, resource limits are based on the login class defined in 216.Ao Ar name Ac Ns Va _login_class . 217.It Ao Ar name Ac Ns Va _login_class 218.Pq Vt str 219Login class to be used with 220.Ao Ar name Ac Ns Va _limits . 221Defaults to 222.Dq Li daemon . 223.It Ao Ar name Ac Ns Va _nice 224.Pq Vt int 225The 226.Xr nice 1 227value to run the service under. 228.It Ao Ar name Ac Ns Va _oomprotect 229.Pq Vt str 230Use 231.Xr protect 1 232to prevent the service from being killed when swap space 233is exhausted. 234Use 235.Dq Li YES 236to protect only the service itself, and 237.Dq Li ALL 238to protect the service and all its child processes. 239.Pp 240Please note that rc scripts which redefine 241.Dl ${argument}_cmd 242.Pq see Xr rc.subr 8 243such as PostgreSQL will not inherit the OOM killer protection. 244.Pp 245This variable has no effect on services running within a 246.Xr jail 8 . 247.It Ao Ar name Ac Ns Va _umask 248.Pq Vt int 249Run the service using this 250.Xr umask 1 251value. 252.It Ao Ar name Ac Ns Va _user 253.Pq Vt str 254Run the service under this user account. 255.It Va apm_enable 256.Pq Vt bool 257If set to 258.Dq Li YES , 259enable support for Automatic Power Management with 260the 261.Xr apm 8 262command. 263.It Va apmd_enable 264.Pq Vt bool 265Run 266.Xr apmd 8 267to handle APM event from userland. 268This also enables support for APM. 269.It Va apmd_flags 270.Pq Vt str 271If 272.Va apmd_enable 273is set to 274.Dq Li YES , 275these are the flags to pass to the 276.Xr apmd 8 277daemon. 278.It Va devd_enable 279.Pq Vt bool 280Run 281.Xr devd 8 282to handle device added, removed or unknown events from the kernel. 283.It Va ddb_enable 284.Pq Vt bool 285Run 286.Xr ddb 8 287to install 288.Xr ddb 4 289scripts at boot time. 290.It Va ddb_config 291.Pq Vt str 292Configuration file for 293.Xr ddb 8 . 294Default 295.Pa /etc/ddb.conf . 296.It Va devmatch_enable 297.Pq Vt bool 298If set to 299.Dq Li NO , 300disable auto-loading of kernel modules with 301.Xr devmatch 8 . 302.It Va devmatch_blocklist 303.Pq Vt str 304A whitespace-separated list of kernel modules to be ignored by 305.Xr devmatch 8 . 306In addition, the 307.Xr kenv 1 308.Va devmatch_blocklist 309is appended to this variable to allow disabling of 310.Xr devmatch 8 311loaded modules from the boot loader. 312.It Va devmatch_blacklist 313.Pq Vt str 314This variable is deprecated. 315Use 316.Va devmatch_blocklist 317instead. 318A whitespace-separated list of kernel modules to be ignored by 319.Xr devmatch 8 . 320.It Va kld_list 321.Pq Vt str 322A whitespace-separated list of kernel modules to load right after 323the local disks are mounted, without any 324.Pa .ko 325extension or path. 326Loading modules at this point in the boot process is 327much faster than doing it via 328.Pa /boot/loader.conf 329for those modules not necessary for mounting local disks. 330.It Va kldxref_enable 331.Pq Vt bool 332Set to 333.Dq Li NO 334by default. 335Set to 336.Dq Li YES 337to automatically rebuild 338.Pa linker.hints 339files with 340.Xr kldxref 8 341at boot time. 342.It Va kldxref_clobber 343.Pq Vt bool 344Set to 345.Dq Li NO 346by default. 347If 348.Va kldxref_enable 349is true, 350setting to 351.Dq Li YES 352will overwrite existing 353.Pa linker.hints 354files at boot time. 355Otherwise, 356only missing 357.Pa linker.hints 358files are generated. 359.It Va kldxref_module_path 360.Pq Vt str 361Empty by default. 362A semi-colon 363.Pq Ql \&; 364delimited list of paths containing 365.Xr kld 4 366modules. 367If empty, 368the contents of the 369.Va kern.module_path 370.Xr sysctl 8 371are used. 372.It Va powerd_enable 373.Pq Vt bool 374If set to 375.Dq Li YES , 376enable the system power control facility with the 377.Xr powerd 8 378daemon. 379.It Va powerd_flags 380.Pq Vt str 381If 382.Va powerd_enable 383is set to 384.Dq Li YES , 385these are the flags to pass to the 386.Xr powerd 8 387daemon. 388.It Va tmpmfs 389Controls the creation of a 390.Pa /tmp 391memory file system. 392Always happens if set to 393.Dq Li YES 394and never happens if set to 395.Dq Li NO . 396If set to anything else, a memory file system is created if 397.Pa /tmp 398is not writable. 399.It Va tmpsize 400Controls the size of a created 401.Pa /tmp 402memory file system. 403.It Va tmpmfs_flags 404Extra options passed to the 405.Xr mdmfs 8 406utility when the memory file system for 407.Pa /tmp 408is created. 409The default is 410.Dq Li "-S" , 411which inhibits the use of softupdates on 412.Pa /tmp 413so that file system space is freed without delay 414after file truncation or deletion. 415See 416.Xr mdmfs 8 417for other options you can use in 418.Va tmpmfs_flags . 419.It Va varmfs 420Controls the creation of a 421.Pa /var 422memory file system. 423Always happens if set to 424.Dq Li YES 425and never happens if set to 426.Dq Li NO . 427If set to anything else, a memory file system is created if 428.Pa /var 429is not writable. 430.It Va varsize 431Controls the size of a created 432.Pa /var 433memory file system. 434.It Va varmfs_flags 435Extra options passed to the 436.Xr mdmfs 8 437utility when the memory file system for 438.Pa /var 439is created. 440The default is 441.Dq Li "-S" , 442which inhibits the use of softupdates on 443.Pa /var 444so that file system space is freed without delay 445after file truncation or deletion. 446See 447.Xr mdmfs 8 448for other options you can use in 449.Va varmfs_flags . 450.It Va populate_var 451Controls the automatic population of the 452.Pa /var 453file system. 454Always happens if set to 455.Dq Li YES 456and never happens if set to 457.Dq Li NO . 458If set to anything else, a memory file system is created if 459.Pa /var 460is not writable. 461Note that this process requires access to certain commands in 462.Pa /usr 463before 464.Pa /usr 465is mounted on normal systems. 466.It Va cleanvar_enable 467.Pq Vt bool 468Clean the 469.Pa /var 470directory. 471.It Va var_run_enable 472.Pq Vt bool 473Set to "YES" to enable saving of the 474.Pa /var/run 475directory strcucture into an mtree file at shutdown and the reload of the 476.Pa /var/run 477directory structure at boot. 478.It Va var_run_autosave 479.Pq Vt bool 480In some cases it may be undesirable to save 481.Pa /var/run 482at shutdown. 483When set to "NO" 484.Pa /var/run 485is loaded at reboot but not saved at shutdown. Typically in this scenario 486a 487.Pa service 488.Pa var_run 489.Pa save 490would be performed to save a copy of the 491.Pa /var/run 492directory structure once, to be reload during all subsequent reboots. 493.It Va var_run_mtree 494.Pq Vt str 495Where to save the 496.Pa /var/run 497mtree. The default location is 498.Pa /var/db/mtree/BSD.var-run.mtree . 499.It Va local_startup 500.Pq Vt str 501List of directories to search for startup script files. 502.It Va script_name_sep 503.Pq Vt str 504The field separator to use for breaking down the list of startup script files 505into individual filenames. 506The default is a space. 507It is not necessary to change this unless there are startup scripts with names 508containing spaces. 509.It Va hostapd_enable 510.Pq Vt bool 511Set to 512.Dq Li YES 513to start 514.Xr hostapd 8 515at system boot time. 516.It Va hostname 517.Pq Vt str 518The fully qualified domain name (FQDN) of this host on the network. 519This should almost certainly be set to something meaningful, even if 520there is no network connection. 521If 522.Xr dhclient 8 523is used to set the hostname via DHCP, 524this variable should be set to an empty string. 525Within a 526.Xr jail 8 527the hostname is generally already set and this variable may be absent. 528If this value remains unset when the system is done booting 529your console login will display the default hostname of 530.Dq Amnesiac . 531.It Va nisdomainname 532.Pq Vt str 533The NIS domain name of this host, or 534.Dq Li NO 535if NIS is not used. 536.It Va dhclient_program 537.Pq Vt str 538Path to the DHCP client program 539.Pa ( /sbin/dhclient , 540the 541.Ox 542DHCP client, 543is the default). 544.It Va dhclient_flags 545.Pq Vt str 546Additional flags to pass to the DHCP client program. 547For the 548.Ox 549DHCP client, see the 550.Xr dhclient 8 551manpage for a description of the command line options available. 552.It Va dhclient_flags_ Ns Aq Ar iface 553Additional flags to pass to the DHCP client program running on 554.Ar iface 555only. 556When specified, this variable overrides 557.Va dhclient_flags . 558.It Va background_dhclient 559.Pq Vt bool 560Set to 561.Dq Li YES 562to start the DHCP client in background. 563This can cause trouble with applications depending on 564a working network, but it will provide a faster startup 565in many cases. 566.It Va background_dhclient_ Ns Aq Ar iface 567When specified, this variable overrides the 568.Va background_dhclient 569variable for interface 570.Ar iface 571only. 572.It Va synchronous_dhclient 573.Pq Vt bool 574Set to 575.Dq Li YES 576to start 577.Xr dhclient 8 578synchronously at startup. 579This behavior can be overridden on a per-interface basis by replacing 580the 581.Dq Li DHCP 582keyword in the 583.Va ifconfig_ Ns Aq Ar interface 584variable with 585.Dq Li SYNCDHCP 586or 587.Dq Li NOSYNCDHCP . 588.It Va defaultroute_delay 589.Pq Vt int 590When set to a positive value, wait up to this long after configuring 591DHCP interfaces at startup to give the interfaces time to receive a lease. 592.It Va firewall_enable 593.Pq Vt bool 594Set to 595.Dq Li YES 596to load firewall rules at startup. 597If the kernel was not built with 598.Cd "options IPFIREWALL" , 599the 600.Pa ipfw.ko 601kernel module will be loaded. 602See also 603.Va ipfilter_enable . 604.It Va firewall_script 605.Pq Vt str 606This variable specifies the full path to the firewall script to run. 607The default is 608.Pa /etc/rc.firewall . 609.It Va firewall_type 610.Pq Vt str 611Names the firewall type from the selection in 612.Pa /etc/rc.firewall , 613or the file which contains the local firewall ruleset. 614Valid selections from 615.Pa /etc/rc.firewall 616are: 617.Pp 618.Bl -tag -width ".Li workstation" -compact 619.It Li open 620unrestricted IP access 621.It Li closed 622all IP services disabled, except via 623.Dq Li lo0 624.It Li client 625basic protection for a workstation 626.It Li workstation 627basic protection for a workstation using stateful firewalling 628.It Li simple 629basic protection for a LAN. 630.El 631.Pp 632If a filename is specified, the full path 633must be given. 634.Pp 635Most of the predefined rulesets define additional configuration variables. 636These are documented in 637.Pa /etc/rc.firewall . 638.It Va firewall_quiet 639.Pq Vt bool 640Set to 641.Dq Li YES 642to disable the display of firewall rules on the console during boot. 643.It Va firewall_logging 644.Pq Vt bool 645Set to 646.Dq Li YES 647to enable firewall event logging. 648This is equivalent to the 649.Dv IPFIREWALL_VERBOSE 650kernel option. 651.It Va firewall_logif 652.Pq Vt bool 653Set to 654.Dq Li YES 655to create pseudo interface 656.Li ipfw0 657for logging. 658For more details, see 659.Xr ipfw 8 660manual page. 661.It Va firewall_flags 662.Pq Vt str 663Flags passed to 664.Xr ipfw 8 665if 666.Va firewall_type 667specifies a filename. 668.It Va firewall_coscripts 669.Pq Vt str 670List of executables and/or rc scripts to run after firewall starts/stops. 671Default is empty. 672.\" ----- firewall_nat_enable setting -------------------------------- 673.It Va firewall_nat_enable 674.Pq Vt bool 675The 676.Xr ipfw 8 677equivalent of 678.Va natd_enable . 679Setting this to 680.Dq Li YES 681will automatically load the 682.Xr ipfw 8 683NAT kernel module if 684.Va firewall_enable 685is also set to 686.Dq Li YES . 687.It Va firewall_nat_interface 688.Pq Vt str 689The 690.Xr ipfw 8 691equivalent of 692.Va natd_interface . 693This is the name of the public interface or IP address on which 694kernel NAT should run. 695.It Va firewall_nat_flags 696.Pq Vt str 697Additional configuration parameters for kernel NAT should be placed here. 698.It Va firewall_nat64_enable 699.Pq Vt bool 700Setting this to 701.Dq Li YES 702will automatically load the 703.Xr ipfw 8 704NAT64 kernel module if 705.Va firewall_enable 706is also set to 707.Dq Li YES . 708.It Va firewall_nptv6_enable 709.Pq Vt bool 710Setting this to 711.Dq Li YES 712will automatically load the 713.Xr ipfw 8 714NPTv6 kernel module if 715.Va firewall_enable 716is also set to 717.Dq Li YES . 718.It Va firewall_pmod_enable 719.Pq Vt bool 720Setting this to 721.Dq Li YES 722will automatically load the 723.Xr ipfw 8 724pmod kernel module if 725.Va firewall_enable 726is also set to 727.Dq Li YES . 728.It Va dummynet_enable 729.Pq Vt bool 730Setting this to 731.Dq Li YES 732will automatically load the 733.Xr dummynet 4 734module if 735.Va firewall_enable 736is also set to 737.Dq Li YES . 738.\" ------------------------------------------------------------------- 739.It Va ipfw_netflow_enable 740.Pq Vt bool 741Setting this to 742.Dq Li YES 743will enable netflow logging via 744.Xr ng_netflow 4 745.Pp 746By default a ipfw rule is inserted and all packets are duplicated with 747the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 748port using protocol version 5. 749.It Va ipfw_netflow_hook 750.Pq Vt int 751netflow hook name, must be numerical 752(default 753.Pa 9995 ) . 754.It Va ipfw_netflow_rule 755.Pq Vt int 756ipfw rule number 757(default 758.Pa 1000 ) . 759.It Va ipfw_netflow_ip 760.Pq Vt str 761Destination server ip for receiving netflow data 762(default 763.Pa 127.0.0.1 ) . 764.It Va ipfw_netflow_port 765.Pq Vt int 766Destination server port for receiving netflow data 767(default 768.Pa 9995 ) . 769.It Va ipfw_netflow_version 770.Pq Vt int 771Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 772.It Va ipfw_netflow_fib 773.Pq Vt int 774Only match packet in FIB 775.Pa ipfw_netflow_fib 776(default is undefined meaning all FIBs). 777.It Va natd_program 778.Pq Vt str 779Path to 780.Xr natd 8 . 781.It Va natd_enable 782.Pq Vt bool 783Set to 784.Dq Li YES 785to enable 786.Xr natd 8 . 787.Va firewall_enable 788must also be set to 789.Dq Li YES , 790and 791.Xr divert 4 792sockets must be enabled in the kernel. 793If the kernel was not built with 794.Cd "options IPDIVERT" , 795the 796.Pa ipdivert.ko 797kernel module will be loaded. 798.It Va natd_interface 799.Pq Vt str 800This is the name of the public interface on which 801.Xr natd 8 802should run. 803The interface may be given as an interface name or as an IP address. 804.It Va natd_flags 805.Pq Vt str 806Additional 807.Xr natd 8 808flags should be placed here. 809The 810.Fl n 811or 812.Fl a 813flag is automatically added with the above 814.Va natd_interface 815as an argument. 816.\" ----- ipfilter_enable setting -------------------------------- 817.It Va ipfilter_enable 818.Pq Vt bool 819Set to 820.Dq Li NO 821by default. 822Setting this to 823.Dq Li YES 824enables 825.Xr ipf 8 826packet filtering. 827.Pp 828Typical usage will require putting 829.Bd -literal 830ipfilter_enable="YES" 831ipnat_enable="YES" 832ipmon_enable="YES" 833ipfs_enable="YES" 834.Ed 835.Pp 836into 837.Pa /etc/rc.conf 838and editing 839.Pa /etc/ipf.rules 840and 841.Pa /etc/ipnat.rules 842appropriately. 843.Pp 844Note that 845.Va ipfilter_enable 846and 847.Va ipnat_enable 848can be enabled independently. 849.Va ipmon_enable 850and 851.Va ipfs_enable 852both require at least one of 853.Va ipfilter_enable 854and 855.Va ipnat_enable 856to be enabled. 857.Pp 858Having 859.Bd -literal 860options IPFILTER 861options IPFILTER_LOG 862options IPFILTER_DEFAULT_BLOCK 863.Ed 864.Pp 865in the kernel configuration file is a good idea, too. 866.\" ----- ipfilter_program setting ------------------------------ 867.It Va ipfilter_program 868.Pq Vt str 869Path to 870.Xr ipf 8 871(default 872.Pa /sbin/ipf ) . 873.\" ----- ipfilter_rules setting -------------------------------- 874.It Va ipfilter_rules 875.Pq Vt str 876Set to 877.Pa /etc/ipf.rules 878by default. 879This variable contains the name of the filter rule definition file. 880The file is expected to be readable for the 881.Xr ipf 8 882command to execute. 883.\" ----- ipfilter_flags setting -------------------------------- 884.It Va ipfilter_flags 885.Pq Vt str 886Empty by default. 887This variable contains flags passed to the 888.Xr ipf 8 889program. 890.\" ----- ipnat_enable setting ---------------------------------- 891.It Va ipnat_enable 892.Pq Vt bool 893Set to 894.Dq Li NO 895by default. 896Set it to 897.Dq Li YES 898to enable 899.Xr ipnat 8 900network address translation. 901See 902.Va ipfilter_enable 903for a detailed discussion. 904.\" ----- ipnat_program setting --------------------------------- 905.It Va ipnat_program 906.Pq Vt str 907Path to 908.Xr ipnat 8 909(default 910.Pa /sbin/ipnat ) . 911.\" ----- ipnat_rules setting ----------------------------------- 912.It Va ipnat_rules 913.Pq Vt str 914Set to 915.Pa /etc/ipnat.rules 916by default. 917This variable contains the name of the file 918holding the network address translation definition. 919This file is expected to be readable for the 920.Xr ipnat 8 921command to execute. 922.\" ----- ipnat_flags setting ----------------------------------- 923.It Va ipnat_flags 924.Pq Vt str 925Empty by default. 926This variable contains flags passed to the 927.Xr ipnat 8 928program. 929.\" ----- ipmon_enable setting ---------------------------------- 930.It Va ipmon_enable 931.Pq Vt bool 932Set to 933.Dq Li NO 934by default. 935Set it to 936.Dq Li YES 937to enable 938.Xr ipmon 8 939monitoring (logging 940.Xr ipf 8 941and 942.Xr ipnat 8 943events). 944Setting this variable needs setting 945.Va ipfilter_enable 946or 947.Va ipnat_enable 948too. 949See 950.Va ipfilter_enable 951for a detailed discussion. 952.\" ----- ipmon_program setting --------------------------------- 953.It Va ipmon_program 954.Pq Vt str 955Path to 956.Xr ipmon 8 957(default 958.Pa /sbin/ipmon ) . 959.\" ----- ipmon_flags setting ----------------------------------- 960.It Va ipmon_flags 961.Pq Vt str 962Set to 963.Dq Li -Ds 964by default. 965This variable contains flags passed to the 966.Xr ipmon 8 967program. 968Another typical example would be 969.Dq Fl D Pa /var/log/ipflog 970to have 971.Xr ipmon 8 972log directly to a file bypassing 973.Xr syslogd 8 . 974Make sure to adjust 975.Pa /etc/newsyslog.conf 976in such case like this: 977.Bd -literal 978/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 979.Ed 980.\" ----- ipfs_enable setting ----------------------------------- 981.It Va ipfs_enable 982.Pq Vt bool 983Set to 984.Dq Li NO 985by default. 986Set it to 987.Dq Li YES 988to enable 989.Xr ipfs 8 990saving the filter and NAT state tables during shutdown 991and reloading them during startup again. 992Setting this variable needs setting 993.Va ipfilter_enable 994or 995.Va ipnat_enable 996to 997.Dq Li YES 998too. 999See 1000.Va ipfilter_enable 1001for a detailed discussion. 1002Note that if 1003.Va kern_securelevel 1004is set to 3, 1005.Va ipfs_enable 1006cannot be used 1007because the raised securelevel will prevent 1008.Xr ipfs 8 1009from saving the state tables at shutdown time. 1010.\" ----- ipfs_program setting ---------------------------------- 1011.It Va ipfs_program 1012.Pq Vt str 1013Path to 1014.Xr ipfs 8 1015(default 1016.Pa /sbin/ipfs ) . 1017.\" ----- ipfs_flags setting ------------------------------------ 1018.It Va ipfs_flags 1019.Pq Vt str 1020Empty by default. 1021This variable contains flags passed to the 1022.Xr ipfs 8 1023program. 1024.\" ----- end of added ipf hook --------------------------------- 1025.It Va pf_enable 1026.Pq Vt bool 1027Set to 1028.Dq Li NO 1029by default. 1030Setting this to 1031.Dq Li YES 1032enables 1033.Xr pf 4 1034packet filtering. 1035.Pp 1036Typical usage will require putting 1037.Pp 1038.Dl pf_enable="YES" 1039.Pp 1040into 1041.Pa /etc/rc.conf 1042and editing 1043.Pa /etc/pf.conf 1044appropriately. 1045Adding 1046.Pp 1047.Dl "device pf" 1048.Pp 1049builds support for 1050.Xr pf 4 1051into the kernel, otherwise the 1052kernel module will be loaded. 1053.It Va pf_rules 1054.Pq Vt str 1055Path to 1056.Xr pf 4 1057ruleset configuration file 1058(default 1059.Pa /etc/pf.conf ) . 1060.It Va pf_program 1061.Pq Vt str 1062Path to 1063.Xr pfctl 8 1064(default 1065.Pa /sbin/pfctl ) . 1066.It Va pf_flags 1067.Pq Vt str 1068If 1069.Va pf_enable 1070is set to 1071.Dq Li YES , 1072these flags are passed to the 1073.Xr pfctl 8 1074program when loading the ruleset. 1075.It Va pf_fallback_rules_enable 1076.Pq Vt bool 1077Set to 1078.Dq Li NO 1079by default. 1080Setting this to 1081.Dq Li YES 1082enables loading 1083.Va pf_fallback_rules_file 1084or 1085.Va pf_fallback_rules 1086in case of a problem when loading the ruleset in 1087.Va pf_rules . 1088.It Va pf_fallback_rules_file 1089.Pq Vt str 1090Path to a pf ruleset to load in case of failure when loading the 1091ruleset in 1092.Va pf_rules 1093(default 1094.Pa /etc/pf-fallback.conf ) . 1095.It Va pf_fallback_rules 1096.Pq Vt str 1097A pf ruleset to load in case of failure when loading the ruleset in 1098.Va pf_rules 1099and 1100.Va pf_fallback_rules_file 1101is not found. 1102Multiple rules can be set as follows: 1103.Bd -literal 1104pf_fallback_rules="\\ 1105 block drop log all\\ 1106 pass in quick on em0" 1107.Pp 1108.Ed 1109The default fallback rule is 1110.Dq block drop log all 1111.It Va pflog_enable 1112.Pq Vt bool 1113Set to 1114.Dq Li NO 1115by default. 1116Setting this to 1117.Dq Li YES 1118enables 1119.Xr pflogd 8 1120which logs packets from the 1121.Xr pf 4 1122packet filter. 1123.It Va pflog_logfile 1124.Pq Vt str 1125If 1126.Va pflog_enable 1127is set to 1128.Dq Li YES 1129this controls where 1130.Xr pflogd 8 1131stores the logfile 1132(default 1133.Pa /var/log/pflog ) . 1134Check 1135.Pa /etc/newsyslog.conf 1136to adjust logfile rotation for this. 1137.It Va pflog_program 1138.Pq Vt str 1139Path to 1140.Xr pflogd 8 1141(default 1142.Pa /sbin/pflogd ) . 1143.It Va pflog_flags 1144.Pq Vt str 1145Empty by default. 1146This variable contains additional flags passed to the 1147.Xr pflogd 8 1148program. 1149.It Va pflog_instances 1150.Pq Vt str 1151If logging to more than one 1152.Xr pflog 4 1153interface is desired, 1154.Va pflog_instances 1155is set to the list of 1156.Xr pflogd 8 1157instances that should be started at system boot time. 1158If 1159.Va pflog_instances 1160is set, for each whitespace-separated 1161.Ar element 1162in the list, 1163.Ao Ar element Ac Ns Va _dev 1164and 1165.Ao Ar element Ac Ns Va _logfile 1166elements are assumed to exist. 1167.Ao Ar element Ac Ns Va _dev 1168must contain the 1169.Xr pflog 4 1170interface to be watched by the named 1171.Xr pflogd 8 1172instance. 1173.Ao Ar element Ac Ns Va _logfile 1174must contain the name of the logfile that will be used by the 1175.Xr pflogd 8 1176instance. 1177.It Va ftpproxy_enable 1178.Pq Vt bool 1179Set to 1180.Dq Li NO 1181by default. 1182Setting this to 1183.Dq Li YES 1184enables 1185.Xr ftp-proxy 8 1186which supports the 1187.Xr pf 4 1188packet filter in translating ftp connections. 1189.It Va ftpproxy_flags 1190.Pq Vt str 1191Empty by default. 1192This variable contains additional flags passed to the 1193.Xr ftp-proxy 8 1194program. 1195.It Va ftpproxy_instances 1196.Pq Vt str 1197Empty by default. 1198If multiple instances of 1199.Xr ftp-proxy 8 1200are desired at boot time, 1201.Va ftpproxy_instances 1202should contain a whitespace-separated list of instance names. 1203For each 1204.Ar element 1205in the list, a variable named 1206.Ao Ar element Ac Ns Va _flags 1207should be defined, containing the command-line flags to be passed to the 1208.Xr ftp-proxy 8 1209instance. 1210.It Va pfsync_enable 1211.Pq Vt bool 1212Set to 1213.Dq Li NO 1214by default. 1215Setting this to 1216.Dq Li YES 1217enables exposing 1218.Xr pf 4 1219state changes to other hosts over the network by means of 1220.Xr pfsync 4 . 1221The 1222.Va pfsync_syncdev 1223variable 1224must also be set then. 1225.It Va pfsync_syncdev 1226.Pq Vt str 1227Empty by default. 1228This variable specifies the name of the network interface 1229.Xr pfsync 4 1230should operate through. 1231It must be set accordingly if 1232.Va pfsync_enable 1233is set to 1234.Dq Li YES . 1235.It Va pfsync_syncpeer 1236.Pq Vt str 1237Empty by default. 1238This variable is optional. 1239By default, state change messages are sent out on the synchronisation 1240interface using IP multicast packets. 1241The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1242224.0.0.240. 1243When a peer address is specified using the 1244.Va pfsync_syncpeer 1245option, the peer address is used as a destination for the pfsync 1246traffic, and the traffic can then be protected using 1247.Xr ipsec 4 . 1248See the 1249.Xr pfsync 4 1250manpage for more details about using 1251.Xr ipsec 4 1252with 1253.Xr pfsync 4 1254interfaces. 1255.It Va pfsync_ifconfig 1256.Pq Vt str 1257Empty by default. 1258This variable can contain additional options to be passed to the 1259.Xr ifconfig 8 1260command used to set up 1261.Xr pfsync 4 . 1262.It Va tcp_extensions 1263.Pq Vt bool 1264Set to 1265.Dq Li YES 1266by default. 1267Setting this to 1268.Dq Li NO 1269disables certain TCP options as described by 1270.Rs 1271.%T "RFC 1323" 1272.Re 1273Setting this to 1274.Dq Li NO 1275might help remedy such problems with connections as randomly hanging 1276or other weird behavior. 1277Some network devices are known 1278to be broken with respect to these options. 1279.It Va log_in_vain 1280.Pq Vt int 1281Set to 0 by default. 1282The 1283.Xr sysctl 8 1284variables, 1285.Va net.inet.tcp.log_in_vain 1286and 1287.Va net.inet.udp.log_in_vain , 1288as described in 1289.Xr tcp 4 1290and 1291.Xr udp 4 , 1292are set to the given value. 1293.It Va tcp_keepalive 1294.Pq Vt bool 1295Set to 1296.Dq Li YES 1297by default. 1298Setting to 1299.Dq Li NO 1300will disable probing idle TCP connections to verify that the 1301peer is still up and reachable. 1302.It Va tcp_drop_synfin 1303.Pq Vt bool 1304Set to 1305.Dq Li NO 1306by default. 1307Setting to 1308.Dq Li YES 1309will cause the kernel to ignore TCP frames that have both 1310the SYN and FIN flags set. 1311This prevents OS fingerprinting, but may 1312break some legitimate applications. 1313.It Va icmp_drop_redirect 1314.Pq Vt bool 1315Set to 1316.Dq Li AUTO 1317by default. 1318This setting will be identical to 1319.Dq Li YES , 1320if a dynamicrouting daemon is enabled, because redirect processing may 1321cause performance issues for large routing tables. 1322If no such service is enabled, this setting behaves like a 1323.Dq Li NO . 1324Setting to 1325.Dq Li YES 1326will cause the kernel to ignore ICMP REDIRECT packets. 1327Setting to 1328.Dq Li NO 1329will cause the kernel to process ICMP REDIRECT packets. 1330Refer to 1331.Xr icmp 4 1332for more information. 1333.It Va icmp_log_redirect 1334.Pq Vt bool 1335Set to 1336.Dq Li NO 1337by default. 1338Setting to 1339.Dq Li YES 1340will cause the kernel to log ICMP REDIRECT packets. 1341Note that 1342the log messages are not rate-limited, so this option should only be used 1343for troubleshooting networks. 1344Refer to 1345.Xr icmp 4 1346for more information. 1347.It Va icmp_bmcastecho 1348.Pq Vt bool 1349Set to 1350.Dq Li YES 1351to respond to broadcast or multicast ICMP ping packets. 1352Refer to 1353.Xr icmp 4 1354for more information. 1355.It Va ip_portrange_first 1356.Pq Vt int 1357If not set to 1358.Dq Li NO , 1359this is the first port in the default portrange. 1360Refer to 1361.Xr ip 4 1362for more information. 1363.It Va ip_portrange_last 1364.Pq Vt int 1365If not set to 1366.Dq Li NO , 1367this is the last port in the default portrange. 1368Refer to 1369.Xr ip 4 1370for more information. 1371.It Va network_interfaces 1372.Pq Vt str 1373Set to the list of network interfaces to configure on this host or 1374.Dq Li AUTO 1375(the default) for all current interfaces. 1376Setting the 1377.Va network_interfaces 1378variable to anything other than the default is deprecated. 1379Interfaces that the administrator wishes to store configuration for, 1380but not start at boot should be configured with the 1381.Dq Li NOAUTO 1382keyword in their 1383.Va ifconfig_ Ns Aq Ar interface 1384variables as described below. 1385.Pp 1386An 1387.Va ifconfig_ Ns Aq Ar interface 1388variable is also assumed to exist for each value of 1389.Ar interface . 1390When an interface name contains any of the characters 1391.Dq Li .-/+ 1392they are translated to 1393.Dq Li _ 1394before lookup. 1395The variable can contain arguments to 1396.Xr ifconfig 8 , 1397as well as special case-insensitive keywords described below. 1398Such keywords are removed before passing the value to 1399.Xr ifconfig 8 1400while the order of the other arguments is preserved. 1401.Pp 1402It is possible to add IP alias entries using 1403.Xr ifconfig 8 1404syntax with the address family keyword such as 1405.Li inet . 1406Assuming that the interface in question was 1407.Li em0 , 1408it might look something like this: 1409.Bd -literal 1410ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1411ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1412.Ed 1413.Pp 1414It also possible to configure multiple IP addresses in Classless 1415Inter-Domain Routing 1416.Pq CIDR 1417address notation, 1418whose each address component can be a range like 1419.Li inet 192.0.2.5-23/24 1420or 1421.Li inet6 2001:db8:1-f::1/64 . 1422This notation allows address and prefix length part only, 1423not the other address modifiers. 1424Note that the maximum number of the generated addresses from a range 1425specification is limited to an integer value specified in 1426.Va netif_ipexpand_max 1427in 1428.Nm 1429because a small typo can unexpectedly generate a large number of addresses. 1430The default value is 1431.Li 2048 . 1432It can be increased by adding the following line into 1433.Nm : 1434.Bd -literal 1435netif_ipexpand_max="4096" 1436.Ed 1437.Pp 1438In the case of 1439.Li 192.0.2.5-23/24 , 1440the address 192.0.2.5 will be configured with the 1441netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1442the non-conflicting netmask /32 as explained in the 1443.Xr ifconfig 8 1444alias section. 1445Note that this special netmask handling is only for 1446.Li inet , 1447not for the other address families such as 1448.Li inet6 . 1449.Pp 1450With the interface in question being 1451.Li em0 , 1452an example could look like: 1453.Bd -literal 1454ifconfig_em0_alias2="inet 192.0.2.129/27" 1455ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1456.Ed 1457.Pp 1458and so on. 1459.Pp 1460Note that deprecated 1461.Va ipv4_addrs_ Ns Aq Ar interface 1462variable was supported for IPv4 CIDR address notation. 1463The 1464.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1465variable replaces it, though 1466.Va ipv4_addrs_ Ns Aq Ar interface 1467is still supported for backward compatibility. 1468.Pp 1469For each 1470.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1471entry with an address family keyword, 1472its contents are passed to 1473.Xr ifconfig 8 . 1474Execution stops at the first unsuccessful access, so if 1475something like this is present: 1476.Bd -literal 1477ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1478ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1479ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1480ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1481.Ed 1482.Pp 1483Then note that alias4 would 1484.Em not 1485be added since the search would 1486stop with the missing 1487.Dq Li alias3 1488entry. 1489Because of this difficult to manage behavior, 1490there is 1491.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1492variable, which has the same functionality as 1493.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1494and can have all of entries in a variable like the following: 1495.Bd -literal 1496ifconfig_em0_aliases="\\ 1497 inet 127.0.0.251 netmask 0xffffffff \\ 1498 inet 127.0.0.252 netmask 0xffffffff \\ 1499 inet 127.0.0.253 netmask 0xffffffff \\ 1500 inet 127.0.0.254 netmask 0xffffffff" 1501.Ed 1502.Pp 1503It also supports CIDR notation. 1504.Pp 1505If the 1506.Pa /etc/start_if . Ns Aq Ar interface 1507file is present, it is read and executed by the 1508.Xr sh 1 1509interpreter 1510before configuring the interface as specified in the 1511.Va ifconfig_ Ns Aq Ar interface 1512and 1513.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1514variables. 1515.Pp 1516If a 1517.Va vlans_ Ns Aq Ar interface 1518variable is set, 1519a 1520.Xr vlan 4 1521interface will be created for each item in the list with the 1522.Ar vlandev 1523argument set to 1524.Ar interface . 1525If a vlan interface's name is a number, 1526then that number is used as the vlan tag and the new vlan interface is 1527named 1528.Ar interface . Ns Ar tag . 1529Otherwise, 1530the vlan tag must be specified via a 1531.Va vlan 1532parameter in the 1533.Va create_args_ Ns Aq Ar interface 1534variable. 1535.Pp 1536To create a vlan device named 1537.Li em0.101 1538on 1539.Li em0 1540with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1541.Bd -literal 1542vlans_em0="101" 1543ifconfig_em0_101="inet 192.0.2.1/24" 1544.Ed 1545.Pp 1546To create a vlan device named 1547.Li myvlan 1548on 1549.Li em0 1550with the vlan tag 102: 1551.Bd -literal 1552vlans_em0="myvlan" 1553create_args_myvlan="vlan 102" 1554.Ed 1555.Pp 1556If a 1557.Va wlans_ Ns Aq Ar interface 1558variable is set, 1559an 1560.Xr wlan 4 1561interface will be created for each item in the list with the 1562.Ar wlandev 1563argument set to 1564.Ar interface . 1565Further wlan cloning arguments may be passed to the 1566.Xr ifconfig 8 1567.Cm create 1568command by setting the 1569.Va create_args_ Ns Aq Ar interface 1570variable. 1571One or more 1572.Xr wlan 4 1573devices must be created for each wireless devices as of 1574.Fx 8.0 . 1575Debugging flags for 1576.Xr wlan 4 1577devices as set by 1578.Xr wlandebug 8 1579may be specified with an 1580.Va wlandebug_ Ns Aq Ar interface 1581variable. 1582The contents of this variable will be passed directly to 1583.Xr wlandebug 8 . 1584.Pp 1585If the 1586.Va ifconfig_ Ns Aq Ar interface 1587contains the keyword 1588.Dq Li NOAUTO 1589then the interface will not be configured 1590at boot or by 1591.Pa /etc/pccard_ether 1592when 1593.Va network_interfaces 1594is set to 1595.Dq Li AUTO . 1596.Pp 1597It is possible to bring up an interface with DHCP by adding 1598.Dq Li DHCP 1599to the 1600.Va ifconfig_ Ns Aq Ar interface 1601variable. 1602For instance, to initialize the 1603.Li em0 1604device via DHCP, 1605it is possible to use something like: 1606.Bd -literal 1607ifconfig_em0="DHCP" 1608.Ed 1609.Pp 1610If you want to configure your wireless interface with 1611.Xr wpa_supplicant 8 1612for use with WPA, EAP/LEAP or WEP, you need to add 1613.Dq Li WPA 1614to the 1615.Va ifconfig_ Ns Aq Ar interface 1616variable. 1617.Pp 1618On the other hand, if you want to configure your wireless interface with 1619.Xr hostapd 8 , 1620you need to add 1621.Dq Li HOSTAP 1622to the 1623.Va ifconfig_ Ns Aq Ar interface 1624variable. 1625.Xr hostapd 8 1626will use the settings from 1627.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1628.Pp 1629Finally, you can add 1630.Xr ifconfig 8 1631options in this variable, in addition to the 1632.Pa /etc/start_if . Ns Aq Ar interface 1633file. 1634For instance, to configure an 1635.Xr ath 4 1636wireless device in station mode with an address obtained 1637via DHCP, using WPA authentication and 802.11b mode, it is 1638possible to use something like: 1639.Bd -literal 1640wlans_ath0="wlan0" 1641ifconfig_wlan0="DHCP WPA mode 11b" 1642.Ed 1643.Pp 1644In addition to the 1645.Va ifconfig_ Ns Aq Ar interface 1646form, a fallback variable 1647.Va ifconfig_DEFAULT 1648may be configured. 1649It will be used for all interfaces with no 1650.Va ifconfig_ Ns Aq Ar interface 1651variable. 1652This is intended to replace the no longer supported 1653.Va pccard_ifconfig 1654variable. 1655.Pp 1656It is also possible to rename an interface by doing: 1657.Bd -literal 1658ifconfig_em0_name="net0" 1659ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1660.Ed 1661.It Va ipv6_enable 1662.Pq Vt bool 1663This variable is deprecated. 1664Use 1665.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1666and 1667.Va ipv6_activate_all_interfaces 1668if necessary. 1669.Pp 1670If the variable is 1671.Dq Li YES , 1672.Dq Li inet6 accept_rtadv 1673is added to all of 1674.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1675and the 1676.Va ipv6_activate_all_interfaces 1677is defined as 1678.Dq Li YES . 1679.It Va ipv6_prefer 1680.Pq Vt bool 1681This variable is deprecated. 1682Use 1683.Va ip6addrctl_policy 1684instead. 1685.Pp 1686If the variable is 1687.Dq Li YES , 1688the default address selection policy table set by 1689.Xr ip6addrctl 8 1690will be IPv6-preferred. 1691.Pp 1692If the variable is 1693.Dq Li NO , 1694the default address selection policy table set by 1695.Xr ip6addrctl 8 1696will be IPv4-preferred. 1697.It Va ipv6_activate_all_interfaces 1698.Pq Vt bool 1699This controls initial configuration on IPv6-capable 1700interfaces with no corresponding 1701.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1702variable. 1703Note that it is not always necessary to set this variable to 1704.Dq YES 1705to use IPv6 functionality on 1706.Fx . 1707In most cases, just configuring 1708.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1709variables works. 1710.Pp 1711If the variable is 1712.Dq Li NO , 1713all interfaces which do not have a corresponding 1714.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1715variable will be marked as 1716.Dq Li IFDISABLED 1717at creation. 1718This means that all of IPv6 functionality on that interface 1719is completely disabled to enforce a security policy. 1720If the variable is set to 1721.Dq YES , 1722the flag will be cleared on all of the interfaces. 1723.Pp 1724In most cases, just defining an 1725.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1726for an IPv6-capable interface should be sufficient. 1727However, if an interface is added dynamically 1728.Pq by some tunneling protocols such as PPP, for example , 1729it is often difficult to define the variable in advance. 1730In such a case, configuring the 1731.Dq Li IFDISABLED 1732flag can be disabled by setting this variable to 1733.Dq YES . 1734.Pp 1735For more details of the 1736.Dq Li IFDISABLED 1737flag and keywords 1738.Dq Li inet6 ifdisabled , 1739see 1740.Xr ifconfig 8 . 1741.Pp 1742Default is 1743.Dq Li NO . 1744.It Va ipv6_privacy 1745.Pq Vt bool 1746If the variable is 1747.Dq Li YES 1748privacy addresses will be generated for each IPv6 1749interface as described in RFC 4941. 1750.It Va ipv6_network_interfaces 1751.Pq Vt str 1752This is the IPv6 equivalent of 1753.Va network_interfaces . 1754Normally manual configuration of this variable is not needed. 1755.It Va ipv6_cpe_wanif 1756.Pq Vt str 1757If the variable is set to an interface name, 1758the 1759.Xr ifconfig 8 1760options 1761.Dq inet6 -no_radr accept_rtadv 1762will be added to the specified interface automatically before evaluating 1763.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1764and two 1765.Xr sysctl 8 1766variables 1767.Va net.inet6.ip6.rfc6204w3 1768and 1769.Va net.inet6.ip6.no_radr 1770will be set to 1. 1771.Pp 1772This means the specified interface will accept ICMPv6 Router 1773Advertisement messages on that link and add the discovered 1774routers into the Default Router List. 1775While the other interfaces can still accept RA messages if the 1776.Dq inet6 accept_rtadv 1777option is specified, adding 1778routes into the Default Router List will be disabled by 1779.Dq inet6 no_radr 1780option by default. 1781See 1782.Xr ifconfig 8 1783for more details. 1784.Pp 1785Note that ICMPv6 Router Advertisement messages will be 1786accepted even when 1787.Va net.inet6.ip6.forwarding 1788is 1 1789.Pq packet forwarding is enabled 1790when 1791.Va net.inet6.ip6.rfc6204w3 1792is set to 1. 1793.Pp 1794Default is 1795.Dq Li NO . 1796.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1797.Pq Vt str 1798This assigns arbitrary description to an interface. 1799The 1800.Xr sysctl 8 1801variable 1802.Va net.ifdescr_maxlen 1803limits its length. 1804This static setting may be overridden by commands 1805started with dynamic interface configuration utilities 1806like 1807.Xr dhclient 8 1808hooks. 1809The description can be seen with 1810.Xr ifconfig 8 1811command and it may be exported with 1812.Xr bsnmpd 1 1813daemon using its MIB-2 module. 1814.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1815.Pq Vt str 1816IPv6 functionality on an interface should be configured by 1817.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1818instead of setting ifconfig parameters in 1819.Va ifconfig_ Ns Aq Ar interface . 1820If this variable is empty, all of IPv6 configurations on the 1821specified interface by other variables such as 1822.Va ipv6_prefix_ Ns Ao Ar interface Ac 1823will be ignored. 1824.Pp 1825Aliases should be set by 1826.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1827with 1828.Dq Li inet6 1829keyword. 1830For example: 1831.Bd -literal 1832ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1833ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1834.Ed 1835.Pp 1836Interfaces that have an 1837.Dq Li inet6 accept_rtadv 1838keyword in 1839.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1840setting will be automatically configured by SLAAC 1841.Pq StateLess Address AutoConfiguration 1842described in 1843.Rs 1844.%T "RFC 4862" 1845.Re 1846.Pp 1847Note that a link-local address will be automatically configured in 1848addition to the configured global-scope addresses because the IPv6 1849specifications require it on each link. 1850The address is calculated from the MAC address by using an algorithm 1851defined in 1852.Rs 1853.%T "RFC 4862" 1854.%O "Section 5.3" 1855.Re 1856.Pp 1857If only a link-local address is needed on the interface, 1858the following configuration can be used: 1859.Bd -literal 1860ifconfig_em0_ipv6="inet6 auto_linklocal" 1861.Ed 1862.Pp 1863A link-local address can also be configured manually. 1864This is useful for the default router address of an IPv6 router 1865so that it does not change when the network interface 1866card is replaced. 1867For example: 1868.Bd -literal 1869ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1870.Ed 1871.It Va ipv6_prefix_ Ns Aq Ar interface 1872.Pq Vt str 1873If one or more prefixes are defined in 1874.Va ipv6_prefix_ Ns Aq Ar interface 1875addresses based on each prefix and the EUI-64 interface index will be 1876configured on that interface. 1877Note that this variable will be ignored when 1878.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1879is empty. 1880.Pp 1881For example, the following configuration 1882.Bd -literal 1883ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1884.Ed 1885.Pp 1886is equivalent to the following: 1887.Bd -literal 1888ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1889ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1890ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1891ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1892.Ed 1893.Pp 1894These Subnet-Router anycast addresses will be added only when 1895.Va ipv6_gateway_enable 1896is YES. 1897.It Va ipv6_default_interface 1898.Pq Vt str 1899If not set to 1900.Dq Li NO , 1901this is the default output interface for scoped addresses. 1902This works only with ipv6_gateway_enable="NO". 1903.It Va ip6addrctl_enable 1904.Pq Vt bool 1905This variable is to enable configuring default address selection policy table 1906.Pq RFC 3484 . 1907The table can be specified in another variable 1908.Va ip6addrctl_policy . 1909For 1910.Va ip6addrctl_policy 1911the following keywords can be specified: 1912.Dq Li ipv4_prefer , 1913.Dq Li ipv6_prefer , 1914or 1915.Dq Li AUTO . 1916.Pp 1917If 1918.Dq Li ipv4_prefer 1919or 1920.Dq Li ipv6_prefer 1921is specified, 1922.Xr ip6addrctl 8 1923installs a pre-defined policy table described in Section 10.3 1924.Pq IPv4-preferred 1925or 2.1 1926.Pq IPv6-preferred 1927of RFC 3484. 1928.Pp 1929If 1930.Dq Li AUTO 1931is specified, it attempts to read a file 1932.Pa /etc/ip6addrctl.conf 1933first. 1934If this file is found, 1935.Xr ip6addrctl 8 1936reads and installs it. 1937If not found, a policy is automatically set 1938according to 1939.Va ipv6_activate_all_interfaces 1940variable; if the variable is set to 1941.Dq Li YES 1942the IPv6-preferred one is used. 1943Otherwise IPv4-preferred. 1944.Pp 1945The default value of 1946.Va ip6addrctl_enable 1947and 1948.Va ip6addrctl_policy 1949are 1950.Dq Li YES 1951and 1952.Dq Li AUTO , 1953respectively. 1954.It Va cloned_interfaces 1955.Pq Vt str 1956Set to the list of clonable network interfaces to create on this host. 1957Further cloning arguments may be passed to the 1958.Xr ifconfig 8 1959.Cm create 1960command for each interface by setting the 1961.Va create_args_ Ns Aq Ar interface 1962variable. 1963If an interface name is specified with 1964.Dq :sticky 1965keyword, 1966the interface will not be destroyed even when 1967.Pa rc.d/netif 1968script is invoked with 1969.Dq stop 1970argument. 1971This is useful when reconfiguring the interface without destroying it. 1972Entries in 1973.Va cloned_interfaces 1974are automatically appended to 1975.Va network_interfaces 1976for configuration. 1977.It Va cloned_interfaces_sticky 1978.Pq Vt bool 1979This variable is to globally enable functionality of 1980.Dq :sticky 1981keyword in 1982.Va cloned_interfaces 1983for all interfaces. 1984The default value is 1985.Dq NO . 1986Even if this variable is specified to 1987.Dq YES , 1988.Dq :nosticky 1989keyword can be used to override it on per interface basis. 1990.It Va gif_interfaces 1991Set to the list of 1992.Xr gif 4 1993tunnel interfaces to configure on this host. 1994A 1995.Va gifconfig_ Ns Aq Ar interface 1996variable is assumed to exist for each value of 1997.Ar interface . 1998The value of this variable is used to configure the link layer of the 1999tunnel using the 2000.Cm tunnel 2001option to 2002.Xr ifconfig 8 . 2003Additionally, this option ensures that each listed interface is created 2004via the 2005.Cm create 2006option to 2007.Xr ifconfig 8 2008before attempting to configure it. 2009.Pp 2010For example, configure two 2011.Xr gif 4 2012interfaces with: 2013.Bd -literal 2014gif_interfaces="gif0 gif1" 2015gifconfig_gif0="100.64.0.1 100.64.0.2" 2016ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 2017gifconfig_gif1="inet6 2a00::1 2a01::1" 2018ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 2019.Ed 2020.It Va ppp_enable 2021.Pq Vt bool 2022If set to 2023.Dq Li YES , 2024run the 2025.Xr ppp 8 2026daemon. 2027.It Va ppp_profile 2028.Pq Vt str 2029The name of the profile to use from 2030.Pa /etc/ppp/ppp.conf . 2031Also used for per-profile overrides of 2032.Va ppp_mode 2033and 2034.Va ppp_nat , 2035and 2036.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2037When the profile name contains any of the characters 2038.Dq Li .-/+ 2039they are translated to 2040.Dq Li _ 2041for the proposes of the override variable names. 2042.It Va ppp_mode 2043.Pq Vt str 2044Mode in which to run the 2045.Xr ppp 8 2046daemon. 2047.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2048.Pq Vt str 2049Overrides the global 2050.Va ppp_mode 2051for 2052.Ar profile . 2053Accepted modes are 2054.Dq Li auto , 2055.Dq Li ddial , 2056.Dq Li direct 2057and 2058.Dq Li dedicated . 2059See the manual for a full description. 2060.It Va ppp_nat 2061.Pq Vt bool 2062If set to 2063.Dq Li YES , 2064enables network address translation. 2065Used in conjunction with 2066.Va gateway_enable 2067allows hosts on private network addresses access to the Internet using 2068this host as a network address translating router. 2069Default is 2070.Dq Li YES . 2071.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2072.Pq Vt str 2073Overrides the global 2074.Va ppp_nat 2075for 2076.Ar profile . 2077.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2078.Pq Vt int 2079Set the unit number to be used for this profile. 2080See the manual description of 2081.Fl unit Ns Ar N 2082for details. 2083.It Va ppp_user 2084.Pq Vt str 2085The name of the user under which 2086.Xr ppp 8 2087should be started. 2088By 2089default, 2090.Xr ppp 8 2091is started as 2092.Dq Li root . 2093.It Va rc_conf_files 2094.Pq Vt str 2095This option is used to specify a list of files that will override 2096the settings in 2097.Pa /etc/defaults/rc.conf . 2098The files will be read in the order in which they are specified and should 2099include the full path to the file. 2100By default, the files specified are 2101.Pa /etc/rc.conf 2102and 2103.Pa /etc/rc.conf.local 2104.It Va zfs_enable 2105.Pq Vt bool 2106If set to 2107.Dq Li YES , 2108.Pa /etc/rc.d/zfs 2109will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2110(ZVOLs). 2111.It Va zpool_reguid 2112.Pq Vt str 2113A space-separated list of ZFS pool names for which new pool GUIDs should be 2114assigned upon first boot. 2115This is useful when using a ZFS pool copied from a template, such as a virtual 2116machine image. 2117.It Va zpool_upgrade 2118.Pq Vt str 2119A space-separated list of ZFS pool names for which version should be upgraded 2120upon first boot. 2121This is useful when using a ZFS pool generated by the 2122.Xr makefs 8 2123utility. 2124.It Va gptboot_enable 2125.Pq Vt bool 2126If set to 2127.Dq Li YES , 2128.Pa /etc/rc.d/gptboot 2129will log if the system successfully (or not) booted from a GPT partition, 2130which had the 2131.Ar bootonce 2132attribute set using 2133.Xr gpart 8 2134utility. 2135.It Va gbde_autoattach_all 2136.Pq Vt bool 2137If set to 2138.Dq Li YES , 2139.Pa /etc/rc.d/gbde 2140will attempt to automatically initialize your .bde devices in 2141.Pa /etc/fstab . 2142.It Va gbde_devices 2143.Pq Vt str 2144List the devices that the script should try to attach, 2145or 2146.Dq Li AUTO . 2147.It Va gbde_lockdir 2148.Pq Vt str 2149The directory where the 2150.Xr gbde 4 2151lockfiles are located. 2152The default lockfile directory is 2153.Pa /etc . 2154.Pp 2155The lockfile for each individual 2156.Xr gbde 4 2157device can be overridden by setting the variable 2158.Va gbde_lock_ Ns Aq Ar device , 2159where 2160.Ar device 2161is the encrypted device without the 2162.Dq Pa /dev/ 2163and 2164.Dq Pa .bde 2165parts. 2166.It Va gbde_attach_attempts 2167.Pq Vt int 2168Number of times to attempt attaching to a 2169.Xr gbde 4 2170device, i.e., how many times the user is asked for the pass-phrase. 2171Default is 3. 2172.It Va geli_devices 2173.Pq Vt str 2174List of devices to automatically attach on boot. 2175Note that .eli devices from 2176.Pa /etc/fstab 2177are automatically appended to this list. 2178.It Va geli_groups 2179.Pq Vt str 2180List of groups containing devices to automatically attach on boot with the same 2181keyfiles and passphrase. 2182This must be accompanied with a corresponding 2183.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2184variable. 2185.It Va geli_tries 2186.Pq Vt int 2187Number of times user is asked for the pass-phrase. 2188If empty, it will be taken from 2189.Va kern.geom.eli.tries 2190sysctl variable. 2191.It Va geli_default_flags 2192.Pq Vt str 2193Default flags to use by 2194.Xr geli 8 2195when configuring disk encryption. 2196Flags can be configured for every device separately by defining the 2197.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2198variable, and for every group separately by defining the 2199.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2200variable. 2201.It Va geli_autodetach 2202.Pq Vt str 2203Specifies if GELI devices should be marked for detach on last close after 2204file systems are mounted. 2205Default is 2206.Dq Li YES . 2207This can be changed for every device separately by defining the 2208.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2209variable. 2210.It Va root_rw_mount 2211.Pq Vt bool 2212Set to 2213.Dq Li YES 2214by default. 2215After the file systems are checked at boot time, the root file system 2216is remounted as read-write if this is set to 2217.Dq Li YES . 2218Diskless systems that mount their root file system from a read-only remote 2219NFS share should set this to 2220.Dq Li NO 2221in their 2222.Pa rc.conf . 2223.It Va fsck_y_enable 2224.Pq Vt bool 2225If set to 2226.Dq Li YES , 2227.Xr fsck 8 2228will be run with the 2229.Fl y 2230flag if the initial preen 2231of the file systems fails. 2232.It Va background_fsck 2233.Pq Vt bool 2234If set to 2235.Dq Li NO , 2236the system will not attempt to run 2237.Xr fsck 8 2238in the background where possible. 2239.It Va background_fsck_delay 2240.Pq Vt int 2241The amount of time in seconds to sleep before starting a background 2242.Xr fsck 8 . 2243It defaults to sixty seconds to allow large applications such as 2244the X server to start before disk I/O bandwidth is monopolized by 2245.Xr fsck 8 . 2246If set to a negative number, the background file system check will be 2247delayed indefinitely to allow the administrator to run it at a more 2248convenient time. 2249For example it may be run from 2250.Xr cron 8 2251by adding a line like 2252.Pp 2253.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2254.Pp 2255to 2256.Pa /etc/crontab . 2257.It Va netfs_types 2258.Pq Vt str 2259List of file system types that are network-based. 2260This list should generally not be modified by end users. 2261Use 2262.Va extra_netfs_types 2263instead. 2264.It Va extra_netfs_types 2265.Pq Vt str 2266If set to something other than 2267.Dq Li NO 2268(the default), 2269this variable extends the list of file system types 2270for which automatic mounting at startup by 2271.Xr rc 8 2272should be delayed until the network is initialized. 2273It should contain 2274a whitespace-separated list of network file system descriptor pairs, 2275each consisting of a file system type as passed to 2276.Xr mount 8 2277and a human-readable, one-word description, 2278joined with a colon 2279.Pq Ql \&: . 2280Extending the default list in this way is only necessary 2281when third party file system types are used. 2282.It Va syslogd_enable 2283.Pq Vt bool 2284If set to 2285.Dq Li YES , 2286run the 2287.Xr syslogd 8 2288daemon. 2289.It Va syslogd_program 2290.Pq Vt str 2291Path to 2292.Xr syslogd 8 2293(default 2294.Pa /usr/sbin/syslogd ) . 2295.It Va syslogd_flags 2296.Pq Vt str 2297If 2298.Va syslogd_enable 2299is set to 2300.Dq Li YES , 2301these are the flags to pass to 2302.Xr syslogd 8 . 2303.It Va inetd_enable 2304.Pq Vt bool 2305If set to 2306.Dq Li YES , 2307run the 2308.Xr inetd 8 2309daemon. 2310.It Va inetd_program 2311.Pq Vt str 2312Path to 2313.Xr inetd 8 2314(default 2315.Pa /usr/sbin/inetd ) . 2316.It Va inetd_flags 2317.Pq Vt str 2318If 2319.Va inetd_enable 2320is set to 2321.Dq Li YES , 2322these are the flags to pass to 2323.Xr inetd 8 . 2324.It Va hastd_enable 2325.Pq Vt bool 2326If set to 2327.Dq Li YES , 2328run the 2329.Xr hastd 8 2330daemon. 2331.It Va hastd_program 2332.Pq Vt str 2333Path to 2334.Xr hastd 8 2335(default 2336.Pa /sbin/hastd ) . 2337.It Va hastd_flags 2338.Pq Vt str 2339If 2340.Va hastd_enable 2341is set to 2342.Dq Li YES , 2343these are the flags to pass to 2344.Xr hastd 8 . 2345.It Va local_unbound_enable 2346.Pq Vt bool 2347If set to 2348.Dq Li YES , 2349run the 2350.Xr unbound 8 2351daemon as a local caching resolver. 2352.It Va kdc_enable 2353.Pq Vt bool 2354Set to 2355.Dq Li YES 2356to start a Kerberos 5 authentication server 2357at boot time. 2358.It Va kdc_program 2359.Pq Vt str 2360If 2361.Va kdc_enable 2362is set to 2363.Dq Li YES 2364this is the path to Kerberos 5 Authentication Server. 2365.It Va kdc_flags 2366.Pq Vt str 2367Empty by default. 2368This variable contains additional flags to be passed to the Kerberos 5 2369authentication server. 2370.It Va kadmind_enable 2371.Pq Vt bool 2372Set to 2373.Dq Li YES 2374to start 2375.Xr kadmind 8 , 2376the Kerberos 5 Administration Daemon; set to 2377.Dq Li NO 2378on a slave server. 2379.It Va kadmind_program 2380.Pq Vt str 2381If 2382.Va kadmind_enable 2383is set to 2384.Dq Li YES 2385this is the path to Kerberos 5 Administration Daemon. 2386.It Va kpasswdd_enable 2387.Pq Vt bool 2388Set to 2389.Dq Li YES 2390to start 2391.Xr kpasswdd 8 , 2392the Kerberos 5 Password-Changing Daemon; set to 2393.Dq Li NO 2394on a slave server. 2395.It Va kpasswdd_program 2396.Pq Vt str 2397If 2398.Va kpasswdd_enable 2399is set to 2400.Dq Li YES 2401this is the path to Kerberos 5 Password-Changing Daemon. 2402.It Va kfd_enable 2403.Pq Vt bool 2404Set to 2405.Dq Li YES 2406to start 2407.Xr kfd 8 , 2408the Kerberos 5 ticket forwarding daemon, at the boot time. 2409.It Va kfd_program 2410.Pq Vt str 2411Path to 2412.Xr kfd 8 2413(default 2414.Pa /usr/libexec/kfd ) . 2415.It Va rwhod_enable 2416.Pq Vt bool 2417If set to 2418.Dq Li YES , 2419run the 2420.Xr rwhod 8 2421daemon at boot time. 2422.It Va rwhod_flags 2423.Pq Vt str 2424If 2425.Va rwhod_enable 2426is set to 2427.Dq Li YES , 2428these are the flags to pass to it. 2429.It Va update_motd 2430.Pq Vt bool 2431If set to 2432.Dq Li YES , 2433.Pa /etc/motd 2434will be updated at boot time to reflect the kernel release 2435being run. 2436If set to 2437.Dq Li NO , 2438.Pa /etc/motd 2439will not be updated. 2440.It Va nfs_client_enable 2441.Pq Vt bool 2442If set to 2443.Dq Li YES , 2444run the NFS client daemons at boot time. 2445.It Va nfs_access_cache 2446.Pq Vt int 2447If 2448.Va nfs_client_enable 2449is set to 2450.Dq Li YES , 2451this can be set to 2452.Dq Li 0 2453to disable NFS ACCESS RPC caching, or to the number of seconds for which 2454NFS ACCESS 2455results should be cached. 2456A value of 2-10 seconds will substantially reduce network 2457traffic for many NFS operations. 2458.It Va nfs_server_enable 2459.Pq Vt bool 2460If set to 2461.Dq Li YES , 2462run the NFS server daemons at boot time. 2463.It Va nfs_server_flags 2464.Pq Vt str 2465If 2466.Va nfs_server_enable 2467is set to 2468.Dq Li YES , 2469these are the flags to pass to the 2470.Xr nfsd 8 2471daemon. 2472.It Va nfsv4_server_enable 2473.Pq Vt bool 2474If 2475.Va nfs_server_enable 2476is set to 2477.Dq Li YES 2478and 2479.Va nfsv4_server_enable 2480is set to 2481.Dq Li YES , 2482enable the server for NFSv4 as well as NFSv2 and NFSv3. 2483.It Va nfsv4_server_only 2484.Pq Vt bool 2485If 2486.Va nfs_server_enable 2487is set to 2488.Dq Li YES 2489and 2490.Va nfsv4_server_only 2491is set to 2492.Dq Li YES , 2493enable the NFS server for NFSv4 only. 2494.It Va nfs_server_maxio 2495.Pq Vt int 2496value to set vfs.nfsd.srvmaxio to, which is the 2497maximum I/O size for the NFS server. 2498.It Va tlsclntd_enable 2499.Pq Vt bool 2500If set to 2501.Dq Li YES , 2502run the 2503.Xr rpc.tlsclntd 8 2504daemon, which is needed for NFS-over-TLS NFS mounts. 2505.It Va tlsservd_enable 2506.Pq Vt bool 2507If set to 2508.Dq Li YES , 2509run the 2510.Xr rpc.tlsservd 8 2511daemon, which is needed for the 2512.Xr nfsd 8 2513to support NFS-over-TLS NFS mounts. 2514.It Va nfsuserd_enable 2515.Pq Vt bool 2516If 2517.Va nfsuserd_enable 2518is set to 2519.Dq Li YES , 2520run the nfsuserd daemon, which is needed for NFSv4 in order 2521to map between user/group names vs uid/gid numbers. 2522If 2523.Va nfsv4_server_enable 2524is set to 2525.Dq Li YES , 2526this will be forced enabled. 2527.It Va nfsuserd_flags 2528.Pq Vt str 2529If 2530.Va nfsuserd_enable 2531is set to 2532.Dq Li YES , 2533these are the flags to pass to the 2534.Xr nfsuserd 8 2535daemon. 2536.It Va nfscbd_enable 2537.Pq Vt bool 2538If 2539.Va nfscbd_enable 2540is set to 2541.Dq Li YES , 2542run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2543.It Va nfscbd_flags 2544.Pq Vt str 2545If 2546.Va nfscbd_enable 2547is set to 2548.Dq Li YES , 2549these are the flags to pass to the 2550.Xr nfscbd 8 2551daemon. 2552.It Va mountd_enable 2553.Pq Vt bool 2554If set to 2555.Dq Li YES , 2556and no 2557.Va nfs_server_enable 2558is set, start 2559.Xr mountd 8 , 2560but not 2561.Xr nfsd 8 2562daemon. 2563It is commonly needed to run CFS without real NFS used. 2564.It Va mountd_flags 2565.Pq Vt str 2566If 2567.Va mountd_enable 2568is set to 2569.Dq Li YES , 2570these are the flags to pass to the 2571.Xr mountd 8 2572daemon. 2573.It Va weak_mountd_authentication 2574.Pq Vt bool 2575If set to 2576.Dq Li YES , 2577allow services like PCNFSD to make non-privileged mount 2578requests. 2579.It Va nfs_reserved_port_only 2580.Pq Vt bool 2581If set to 2582.Dq Li YES , 2583provide NFS services only on a secure port. 2584.It Va nfs_bufpackets 2585.Pq Vt int 2586If set to a number, indicates the number of packets worth of 2587socket buffer space to reserve on an NFS client. 2588The kernel default is typically 4. 2589Using a higher number may be 2590useful on gigabit networks to improve performance. 2591The minimum value is 25922 and the maximum is 64. 2593.It Va rpc_lockd_enable 2594.Pq Vt bool 2595If set to 2596.Dq Li YES 2597and also an NFS server or client, run 2598.Xr rpc.lockd 8 2599at boot time. 2600.It Va rpc_lockd_flags 2601.Pq Vt str 2602If 2603.Va rpc_lockd_enable 2604is set to 2605.Dq Li YES , 2606these are the flags to pass to the 2607.Xr rpc.lockd 8 2608daemon. 2609.It Va rpc_statd_enable 2610.Pq Vt bool 2611If set to 2612.Dq Li YES 2613and also an NFS server or client, run 2614.Xr rpc.statd 8 2615at boot time. 2616.It Va rpc_statd_flags 2617.Pq Vt str 2618If 2619.Va rpc_statd_enable 2620is set to 2621.Dq Li YES , 2622these are the flags to pass to the 2623.Xr rpc.statd 8 2624daemon. 2625.It Va rpcbind_program 2626.Pq Vt str 2627Path to 2628.Xr rpcbind 8 2629(default 2630.Pa /usr/sbin/rpcbind ) . 2631.It Va rpcbind_enable 2632.Pq Vt bool 2633If set to 2634.Dq Li YES , 2635run the 2636.Xr rpcbind 8 2637service at boot time. 2638.It Va rpcbind_flags 2639.Pq Vt str 2640If 2641.Va rpcbind_enable 2642is set to 2643.Dq Li YES , 2644these are the flags to pass to the 2645.Xr rpcbind 8 2646daemon. 2647.It Va keyserv_enable 2648.Pq Vt bool 2649If set to 2650.Dq Li YES , 2651run the 2652.Xr keyserv 8 2653daemon on boot for running Secure RPC. 2654.It Va keyserv_flags 2655.Pq Vt str 2656If 2657.Va keyserv_enable 2658is set to 2659.Dq Li YES , 2660these are the flags to pass to 2661.Xr keyserv 8 2662daemon. 2663.It Va pppoed_enable 2664.Pq Vt bool 2665If set to 2666.Dq Li YES , 2667run the 2668.Xr pppoed 8 2669daemon at boot time to provide PPP over Ethernet services. 2670.It Va pppoed_ Ns Aq Ar provider 2671.Pq Vt str 2672.Xr pppoed 8 2673listens to requests to this 2674.Ar provider 2675and ultimately runs 2676.Xr ppp 8 2677with a 2678.Ar system 2679argument of the same name. 2680.It Va pppoed_flags 2681.Pq Vt str 2682Additional flags to pass to 2683.Xr pppoed 8 . 2684.It Va pppoed_interface 2685.Pq Vt str 2686The network interface to run 2687.Xr pppoed 8 2688on. 2689This is mandatory when 2690.Va pppoed_enable 2691is set to 2692.Dq Li YES . 2693.It Va ntpdate_enable 2694.Pq Vt bool 2695If set to 2696.Dq Li YES , 2697run 2698.Xr ntpdate 8 2699at system startup. 2700This command is intended to 2701synchronize the system clock only 2702.Em once 2703from some standard reference. 2704.Pp 2705Note that the use of the 2706.Va ntpd_sync_on_start 2707variable is a preferred alternative to the 2708.Xr ntpdate 8 2709utility as 2710.Xr ntpdate 8 2711is to be retired from the NTP distribution. 2712.It Va ntpdate_config 2713.Pq Vt str 2714Configuration file for 2715.Xr ntpdate 8 . 2716Default 2717.Pa /etc/ntp.conf . 2718.It Va ntpdate_hosts 2719.Pq Vt str 2720A whitespace-separated list of NTP servers to synchronize with at startup. 2721The default is to use the servers listed in 2722.Va ntpdate_config , 2723if that file exists. 2724.It Va ntpdate_program 2725.Pq Vt str 2726Path to 2727.Xr ntpdate 8 2728(default 2729.Pa /usr/sbin/ntpdate ) . 2730.It Va ntpdate_flags 2731.Pq Vt str 2732If 2733.Va ntpdate_enable 2734is set to 2735.Dq Li YES , 2736these are the flags to pass to the 2737.Xr ntpdate 8 2738command (typically a hostname). 2739.It Va ntpd_enable 2740.Pq Vt bool 2741If set to 2742.Dq Li YES , 2743run the 2744.Xr ntpd 8 2745command at boot time. 2746.It Va ntpd_program 2747.Pq Vt str 2748Path to 2749.Xr ntpd 8 2750(default 2751.Pa /usr/sbin/ntpd ) . 2752.It Va ntpd_config 2753.Pq Vt str 2754Path to 2755.Xr ntpd 8 2756configuration file. 2757Default 2758.Pa /etc/ntp.conf . 2759.It Va ntpd_flags 2760.Pq Vt str 2761If 2762.Va ntpd_enable 2763is set to 2764.Dq Li YES , 2765these are the flags to pass to the 2766.Xr ntpd 8 2767daemon. 2768.It Va ntpd_sync_on_start 2769.Pq Vt bool 2770If set to 2771.Dq Li YES , 2772.Xr ntpd 8 2773is run with the 2774.Fl g 2775flag, which syncs the system's clock on startup. 2776See 2777.Xr ntpd 8 2778for more information regarding the 2779.Fl g 2780option. 2781This is a preferred alternative to using 2782.Xr ntpdate 8 2783or specifying the 2784.Va ntpdate_enable 2785variable. 2786.It Va nis_client_enable 2787.Pq Vt bool 2788If set to 2789.Dq Li YES , 2790run the 2791.Xr ypbind 8 2792service at system boot time. 2793.It Va nis_client_flags 2794.Pq Vt str 2795If 2796.Va nis_client_enable 2797is set to 2798.Dq Li YES , 2799these are the flags to pass to the 2800.Xr ypbind 8 2801service. 2802.It Va nis_ypldap_enable 2803.Pq Vt bool 2804If set to 2805.Dq Li YES , 2806run the 2807.Xr ypldap 8 2808daemon at system boot time. 2809.It Va nis_ypldap_flags 2810.Pq Vt str 2811If 2812.Va nis.ypldap_enable 2813is set to 2814.Dq Li YES , 2815these are the flags to pass to the 2816.Xr ypldap 8 2817daemon. 2818.It Va nis_ypset_enable 2819.Pq Vt bool 2820If set to 2821.Dq Li YES , 2822run the 2823.Xr ypset 8 2824daemon at system boot time. 2825.It Va nis_ypset_flags 2826.Pq Vt str 2827If 2828.Va nis_ypset_enable 2829is set to 2830.Dq Li YES , 2831these are the flags to pass to the 2832.Xr ypset 8 2833daemon. 2834.It Va nis_server_enable 2835.Pq Vt bool 2836If set to 2837.Dq Li YES , 2838run the 2839.Xr ypserv 8 2840daemon at system boot time. 2841.It Va nis_server_flags 2842.Pq Vt str 2843If 2844.Va nis_server_enable 2845is set to 2846.Dq Li YES , 2847these are the flags to pass to the 2848.Xr ypserv 8 2849daemon. 2850.It Va nis_ypxfrd_enable 2851.Pq Vt bool 2852If set to 2853.Dq Li YES , 2854run the 2855.Xr rpc.ypxfrd 8 2856daemon at system boot time. 2857.It Va nis_ypxfrd_flags 2858.Pq Vt str 2859If 2860.Va nis_ypxfrd_enable 2861is set to 2862.Dq Li YES , 2863these are the flags to pass to the 2864.Xr rpc.ypxfrd 8 2865daemon. 2866.It Va nis_yppasswdd_enable 2867.Pq Vt bool 2868If set to 2869.Dq Li YES , 2870run the 2871.Xr rpc.yppasswdd 8 2872daemon at system boot time. 2873.It Va nis_yppasswdd_flags 2874.Pq Vt str 2875If 2876.Va nis_yppasswdd_enable 2877is set to 2878.Dq Li YES , 2879these are the flags to pass to the 2880.Xr rpc.yppasswdd 8 2881daemon. 2882.It Va rpc_ypupdated_enable 2883.Pq Vt bool 2884If set to 2885.Dq Li YES , 2886run the 2887.Nm rpc.ypupdated 2888daemon at system boot time. 2889.It Va bsnmpd_enable 2890.Pq Vt bool 2891If set to 2892.Dq Li YES , 2893run the 2894.Xr bsnmpd 1 2895daemon at system boot time. 2896Be sure to understand the security implications of running SNMP daemon 2897on your host. 2898.It Va bsnmpd_flags 2899.Pq Vt str 2900If 2901.Va bsnmpd_enable 2902is set to 2903.Dq Li YES , 2904these are the flags to pass to the 2905.Xr bsnmpd 1 2906daemon. 2907.It Va defaultrouter 2908.Pq Vt str 2909If not set to 2910.Dq Li NO , 2911create a default route to this host name or IP address 2912(use an IP address if this router is also required to get to the 2913name server!). 2914.It Va defaultrouter_fibN 2915.Pq Vt str 2916If not set to 2917.Dq Li NO , 2918create a default route in FIB N to this host name or IP address. 2919.It Va ipv6_defaultrouter 2920.Pq Vt str 2921The IPv6 equivalent of 2922.Va defaultrouter . 2923.It Va ipv6_defaultrouter_fibN 2924.Pq Vt str 2925The IPv6 equivalent of 2926.Va defaultrouter_fibN . 2927.It Va static_arp_pairs 2928.Pq Vt str 2929Set to the list of static ARP pairs that are to be added at system 2930boot time. 2931For each whitespace separated 2932.Ar element 2933in the value, a 2934.Va static_arp_ Ns Aq Ar element 2935variable is assumed to exist whose contents will later be passed to a 2936.Dq Nm arp Cm -S 2937operation. 2938For example 2939.Bd -literal 2940static_arp_pairs="gw" 2941static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2942.Ed 2943.It Va static_ndp_pairs 2944.Pq Vt str 2945Set to the list of static NDP pairs that are to be added at system 2946boot time. 2947For each whitespace separated 2948.Ar element 2949in the value, a 2950.Va static_ndp_ Ns Aq Ar element 2951variable is assumed to exist whose contents will later be passed to a 2952.Dq Nm ndp Cm -s 2953operation. 2954For example 2955.Bd -literal 2956static_ndp_pairs="gw" 2957static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2958.Ed 2959.It Va static_routes 2960.Pq Vt str 2961Set to the list of static routes that are to be added at system 2962boot time. 2963If not set to 2964.Dq Li NO 2965then for each whitespace separated 2966.Ar element 2967in the value, a 2968.Va route_ Ns Aq Ar element 2969variable is assumed to exist 2970whose contents will later be passed to a 2971.Dq Nm route Cm add 2972operation. 2973For example: 2974.Bd -literal 2975static_routes="ext mcast:gif0 gif0local:gif0" 2976route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2977route_mcast="-net 224.0.0.0/4 -iface gif0" 2978route_gif0local="-host 169.254.1.1 -iface lo0" 2979.Ed 2980.Pp 2981When an 2982.Ar element 2983is in the form of 2984.Li name:ifname , 2985the route is specific to the interface 2986.Li ifname . 2987.It Va ipv6_static_routes 2988.Pq Vt str 2989The IPv6 equivalent of 2990.Va static_routes . 2991If not set to 2992.Dq Li NO 2993then for each whitespace separated 2994.Ar element 2995in the value, a 2996.Va ipv6_route_ Ns Aq Ar element 2997variable is assumed to exist 2998whose contents will later be passed to a 2999.Dq Nm route Cm add Fl inet6 3000operation. 3001.It Va gateway_enable 3002.Pq Vt bool 3003If set to 3004.Dq Li YES , 3005configure host to act as an IP router, e.g.\& to forward packets 3006between interfaces. 3007.It Va ipv6_gateway_enable 3008.Pq Vt bool 3009The IPv6 equivalent of 3010.Va gateway_enable . 3011.It Va routed_enable 3012.Pq Vt bool 3013If set to 3014.Dq Li YES , 3015run a routing daemon of some sort, based on the 3016settings of 3017.Va routed_program 3018and 3019.Va routed_flags . 3020.It Va route6d_enable 3021.Pq Vt bool 3022The IPv6 equivalent of 3023.Va routed_enable . 3024If set to 3025.Dq Li YES , 3026run a routing daemon of some sort, based on the 3027settings of 3028.Va route6d_program 3029and 3030.Va route6d_flags . 3031.It Va routed_program 3032.Pq Vt str 3033If 3034.Va routed_enable 3035is set to 3036.Dq Li YES , 3037this is the name of the routing daemon to use. 3038.It Va route6d_program 3039.Pq Vt str 3040The IPv6 equivalent of 3041.Va routed_program . 3042.It Va routed_flags 3043.Pq Vt str 3044If 3045.Va routed_enable 3046is set to 3047.Dq Li YES , 3048these are the flags to pass to the routing daemon. 3049.It Va route6d_flags 3050.Pq Vt str 3051The IPv6 equivalent of 3052.Va routed_flags . 3053.It Va rtadvd_enable 3054.Pq Vt bool 3055If set to 3056.Dq Li YES , 3057run the 3058.Xr rtadvd 8 3059daemon at boot time. 3060The 3061.Xr rtadvd 8 3062utility sends ICMPv6 Router Advertisement messages to 3063the interfaces specified in 3064.Va rtadvd_interfaces . 3065This should only be enabled with great care. 3066You may want to fine-tune 3067.Xr rtadvd.conf 5 . 3068.It Va rtadvd_interfaces 3069.Pq Vt str 3070If 3071.Va rtadvd_enable 3072is set to 3073.Dq Li YES 3074this is the list of interfaces to use. 3075.It Va arpproxy_all 3076.Pq Vt bool 3077If set to 3078.Dq Li YES , 3079enable global proxy ARP. 3080.It Va forward_sourceroute 3081.Pq Vt bool 3082If set to 3083.Dq Li YES 3084and 3085.Va gateway_enable 3086is also set to 3087.Dq Li YES , 3088source-routed packets are forwarded. 3089.It Va accept_sourceroute 3090.Pq Vt bool 3091If set to 3092.Dq Li YES , 3093the system will accept source-routed packets directed at it. 3094.It Va rarpd_enable 3095.Pq Vt bool 3096If set to 3097.Dq Li YES , 3098run the 3099.Xr rarpd 8 3100daemon at system boot time. 3101.It Va rarpd_flags 3102.Pq Vt str 3103If 3104.Va rarpd_enable 3105is set to 3106.Dq Li YES , 3107these are the flags to pass to the 3108.Xr rarpd 8 3109daemon. 3110.It Va bootparamd_enable 3111.Pq Vt bool 3112If set to 3113.Dq Li YES , 3114run the 3115.Xr bootparamd 8 3116daemon at system boot time. 3117.It Va bootparamd_flags 3118.Pq Vt str 3119If 3120.Va bootparamd_enable 3121is set to 3122.Dq Li YES , 3123these are the flags to pass to the 3124.Xr bootparamd 8 3125daemon. 3126.It Va stf_interface_ipv4addr 3127.Pq Vt str 3128If not set to 3129.Dq Li NO , 3130this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3131interface). 3132Specify this entry to enable the 6to4 interface. 3133.It Va stf_interface_ipv4plen 3134.Pq Vt int 3135Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3136An effective value is 0-31. 3137.It Va stf_interface_ipv6_ifid 3138.Pq Vt str 3139IPv6 interface ID for 3140.Xr stf 4 . 3141This can be set to 3142.Dq Li AUTO . 3143.It Va stf_interface_ipv6_slaid 3144.Pq Vt str 3145IPv6 Site Level Aggregator for 3146.Xr stf 4 . 3147.It Va ipv6_ipv4mapping 3148.Pq Vt bool 3149If set to 3150.Dq Li YES 3151this enables IPv4 mapped IPv6 address communication (like 3152.Li ::ffff:a.b.c.d ) . 3153.It Va rtsold_enable 3154.Pq Vt bool 3155Set to 3156.Dq Li YES 3157to enable the 3158.Xr rtsold 8 3159daemon to send ICMPv6 Router Solicitation messages. 3160.It Va rtsold_flags 3161.Pq Vt str 3162If 3163.Va rtsold_enable 3164is set to 3165.Dq Li YES , 3166these are the flags to pass to 3167.Xr rtsold 8 . 3168.It Va rtsol_flags 3169.Pq Vt str 3170For interfaces configured with the 3171.Dq Li inet6 accept_rtadv 3172keyword, these are the flags to pass to 3173.Xr rtsol 8 . 3174.Pp 3175Note that 3176.Va rtsold_enable 3177is mutually exclusive to 3178.Va rtsol_flags ; 3179.Va rtsold_enable 3180takes precedence. 3181.It Va keybell 3182.Pq Vt str 3183The keyboard bell sound. 3184Set to 3185.Dq Li normal , 3186.Dq Li visual , 3187.Dq Li off , 3188or 3189.Dq Li NO 3190if the default behavior is desired. 3191For details, refer to the 3192.Xr kbdcontrol 1 3193manpage. 3194.It Va keyboard 3195.Pq Vt str 3196If set to a non-null string, the virtual console's keyboard input is 3197set to this device. 3198.It Va keymap 3199.Pq Vt str 3200If set to 3201.Dq Li NO , 3202no keymap is installed, otherwise the value is used to install 3203the keymap file found in 3204.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3205(if using 3206.Xr syscons 4 ) or 3207.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3208(if using 3209.Xr vt 4 ) . 3210.It Va keyrate 3211.Pq Vt str 3212The keyboard repeat speed. 3213Set to 3214.Dq Li slow , 3215.Dq Li normal , 3216.Dq Li fast , 3217or 3218.Dq Li NO 3219if the default behavior is desired. 3220.It Va keychange 3221.Pq Vt str 3222If not set to 3223.Dq Li NO , 3224attempt to program the function keys with the value. 3225The value should 3226be a single string of the form: 3227.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3228.It Va cursor 3229.Pq Vt str 3230Can be set to the value of 3231.Dq Li normal , 3232.Dq Li blink , 3233.Dq Li destructive , 3234or 3235.Dq Li NO 3236to set the cursor behavior explicitly or choose the default behavior. 3237.It Va scrnmap 3238.Pq Vt str 3239If set to 3240.Dq Li NO , 3241no screen map is installed, otherwise the value is used to install 3242the screen map file in 3243.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3244This parameter is ignored when using 3245.Xr vt 4 3246as the console driver. 3247.It Va font8x16 3248.Pq Vt str 3249If set to 3250.Dq Li NO , 3251the default 8x16 font value is used for screen size requests, otherwise 3252the value in 3253.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3254or 3255.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3256is used (depending on the console driver being used). 3257.It Va font8x14 3258.Pq Vt str 3259If set to 3260.Dq Li NO , 3261the default 8x14 font value is used for screen size requests, otherwise 3262the value in 3263.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3264or 3265.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3266is used (depending on the console driver being used). 3267.It Va font8x8 3268.Pq Vt str 3269If set to 3270.Dq Li NO , 3271the default 8x8 font value is used for screen size requests, otherwise 3272the value in 3273.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3274or 3275.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3276is used (depending on the console driver being used). 3277.It Va blanktime 3278.Pq Vt int 3279If set to 3280.Dq Li NO , 3281the default screen blanking interval is used, otherwise it is set 3282to 3283.Ar value 3284seconds. 3285.It Va saver 3286.Pq Vt str 3287If not set to 3288.Dq Li NO , 3289this is the actual screen saver to use 3290.Li ( blank , snake , daemon , 3291etc). 3292.It Va moused_nondefault_enable 3293.Pq Vt str 3294If set to 3295.Dq Li NO , 3296the mouse device specified on 3297the command line is not automatically treated as enabled by the 3298.Pa /etc/rc.d/moused 3299script. 3300Having this variable set to 3301.Dq Li YES 3302allows a 3303.Xr usb 4 3304mouse, 3305for example, 3306to be enabled as soon as it is plugged in. 3307.It Va moused_enable 3308.Pq Vt str 3309If set to 3310.Dq Li YES , 3311the 3312.Xr moused 8 3313daemon is started for doing cut/paste selection on the console. 3314.It Va moused_type 3315.Pq Vt str 3316This is the protocol type of the mouse connected to this host. 3317This variable must be set if 3318.Va moused_enable 3319is set to 3320.Dq Li YES . 3321The 3322.Xr moused 8 3323daemon 3324is able to detect the appropriate mouse type automatically in many cases. 3325Set this variable to 3326.Dq Li auto 3327to let the daemon detect it, or 3328select one from the following list if the automatic detection fails. 3329.Pp 3330If the mouse is attached to the PS/2 mouse port, choose 3331.Dq Li auto 3332or 3333.Dq Li ps/2 , 3334regardless of the brand and model of the mouse. 3335Likewise, if the 3336mouse is attached to the bus mouse port, choose 3337.Dq Li auto 3338or 3339.Dq Li busmouse . 3340All other protocols are for serial mice and will not work with 3341the PS/2 and bus mice. 3342If this is a USB mouse, 3343.Dq Li auto 3344is the only protocol type which will work. 3345.Pp 3346.Bl -tag -width ".Li x10mouseremote" -compact 3347.It Li microsoft 3348Microsoft mouse (serial) 3349.It Li intellimouse 3350Microsoft IntelliMouse (serial) 3351.It Li mousesystems 3352Mouse systems Corp.\& mouse (serial) 3353.It Li mmseries 3354MM Series mouse (serial) 3355.It Li logitech 3356Logitech mouse (serial) 3357.It Li busmouse 3358A bus mouse 3359.It Li mouseman 3360Logitech MouseMan and TrackMan (serial) 3361.It Li glidepoint 3362ALPS GlidePoint (serial) 3363.It Li thinkingmouse 3364Kensington ThinkingMouse (serial) 3365.It Li ps/2 3366PS/2 mouse 3367.It Li mmhittab 3368MM HitTablet (serial) 3369.It Li x10mouseremote 3370X10 MouseRemote (serial) 3371.It Li versapad 3372Interlink VersaPad (serial) 3373.El 3374.Pp 3375Even if the mouse is not in the above list, it may be compatible 3376with one in the list. 3377Refer to the manual page for 3378.Xr moused 8 3379for compatibility information. 3380.Pp 3381It should also be noted that while this is enabled, any 3382other client of the mouse (such as an X server) should access 3383the mouse through the virtual mouse device, 3384.Pa /dev/sysmouse , 3385and configure it as a 3386.Dq Li sysmouse 3387type mouse, since all 3388mouse data is converted to this single canonical format when 3389using 3390.Xr moused 8 . 3391If the client program does not support the 3392.Dq Li sysmouse 3393type, 3394specify the 3395.Dq Li mousesystems 3396type. 3397It is the second preferred type. 3398.It Va moused_port 3399.Pq Vt str 3400If 3401.Va moused_enable 3402is set to 3403.Dq Li YES , 3404this is the actual port the mouse is on. 3405It might be 3406.Pa /dev/cuau0 3407for a COM1 serial mouse, or 3408.Pa /dev/psm0 3409for a PS/2 mouse, for example. 3410.It Va moused_flags 3411.Pq Vt str 3412If 3413.Va moused_flags 3414is set, its value is used as an additional set of flags to pass to the 3415.Xr moused 8 3416daemon. 3417.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3418When 3419.Va moused_nondefault_enable 3420is enabled, and a 3421.Xr moused 8 3422daemon is started for a non-default port, the 3423.Va "moused_" Ns Ar XXX Ns Va "_flags" 3424set of options has precedence over and replaces the default 3425.Va moused_flags 3426(where 3427.Ar XXX 3428is the name of the non-default port, i.e.,\& 3429.Ar ums0 ) . 3430By setting 3431.Va "moused_" Ns Ar XXX Ns Va "_flags" 3432it is possible to set up a different set of default flags for each 3433.Xr moused 8 3434instance. 3435For example, you can use 3436.Dq Li "-3" 3437for the default 3438.Va moused_flags 3439to make your laptop's touchpad more comfortable to use, 3440but an empty set of options for 3441.Va moused_ums0_flags 3442when your 3443.Xr usb 4 3444mouse has three or more buttons. 3445.It Va mousechar_start 3446.Pq Vt int 3447If set to 3448.Dq Li NO , 3449the default mouse cursor character range 3450.Li 0xd0 Ns - Ns Li 0xd3 3451is used, 3452otherwise the range start is set 3453to 3454.Ar value 3455character, see 3456.Xr vidcontrol 1 . 3457Use if the default range is occupied in the language code table. 3458.It Va allscreens_flags 3459.Pq Vt str 3460If set, 3461.Xr vidcontrol 1 3462is run with these options for each of the virtual terminals 3463.Pq Pa /dev/ttyv* . 3464For example, 3465.Dq Fl m Cm on 3466will enable the mouse pointer on all virtual terminals 3467if 3468.Va moused_enable 3469is set to 3470.Dq Li YES . 3471.It Va allscreens_kbdflags 3472.Pq Vt str 3473If set, 3474.Xr kbdcontrol 1 3475is run with these options for each of the virtual terminals 3476.Pq Pa /dev/ttyv* . 3477For example, 3478.Dq Fl h Li 200 3479will set the 3480.Xr syscons 4 3481or 3482.Xr vt 4 3483scrollback (history) buffer to 200 lines. 3484.It Va cron_enable 3485.Pq Vt bool 3486If set to 3487.Dq Li YES , 3488run the 3489.Xr cron 8 3490daemon at system boot time. 3491.It Va cron_program 3492.Pq Vt str 3493Path to 3494.Xr cron 8 3495(default 3496.Pa /usr/sbin/cron ) . 3497.It Va cron_flags 3498.Pq Vt str 3499If 3500.Va cron_enable 3501is set to 3502.Dq Li YES , 3503these are the flags to pass to 3504.Xr cron 8 . 3505.It Va cron_dst 3506.Pq Vt bool 3507If set to 3508.Dq Li YES , 3509enable the special handling of transitions to and from the 3510Daylight Saving Time in 3511.Xr cron 8 3512(equivalent to using the flag 3513.Fl s ) . 3514.It Va lpd_program 3515.Pq Vt str 3516Path to 3517.Xr lpd 8 3518(default 3519.Pa /usr/sbin/lpd ) . 3520.It Va lpd_enable 3521.Pq Vt bool 3522If set to 3523.Dq Li YES , 3524run the 3525.Xr lpd 8 3526daemon at system boot time. 3527.It Va lpd_flags 3528.Pq Vt str 3529If 3530.Va lpd_enable 3531is set to 3532.Dq Li YES , 3533these are the flags to pass to the 3534.Xr lpd 8 3535daemon. 3536.It Va chkprintcap_enable 3537.Pq Vt bool 3538If set to 3539.Dq Li YES , 3540run the 3541.Xr chkprintcap 8 3542command before starting the 3543.Xr lpd 8 3544daemon. 3545.It Va chkprintcap_flags 3546.Pq Vt str 3547If 3548.Va lpd_enable 3549and 3550.Va chkprintcap_enable 3551are set to 3552.Dq Li YES , 3553these are the flags to pass to the 3554.Xr chkprintcap 8 3555program. 3556The default is 3557.Dq Li -d , 3558which causes missing directories to be created. 3559.It Va dumpdev 3560.Pq Vt str 3561Indicates the device (usually a swap partition) to which a crash dump 3562should be written in the event of a system crash. 3563If the value of this variable is 3564.Dq Li AUTO , 3565the first suitable swap device listed in 3566.Pa /etc/fstab 3567will be used as dump device. 3568Otherwise, the value of this variable is passed as the argument to 3569.Xr dumpon 8 3570and 3571.Xr savecore 8 . 3572To disable crash dumps, set this variable to 3573.Dq Li NO . 3574.It Va dumpon_flags 3575.Pq Vt str 3576Flags to pass to 3577.Xr dumpon 8 3578when configuring 3579.Va dumpdev 3580as the system dump device. 3581.It Va dumpdir 3582.Pq Vt str 3583When the system reboots after a crash and a crash dump is found on the 3584device specified by the 3585.Va dumpdev 3586variable, 3587.Xr savecore 8 3588will save that crash dump and a copy of the kernel to the directory 3589specified by the 3590.Va dumpdir 3591variable. 3592The default value is 3593.Pa /var/crash . 3594Set to 3595.Dq Li NO 3596to not run 3597.Xr savecore 8 3598at boot time when 3599.Va dumpdir 3600is set. 3601.It Va savecore_enable 3602.Pq Vt bool 3603If set to 3604.Dq Li NO , 3605disable automatic extraction of the crash dump from the 3606.Va dumpdev . 3607.It Va savecore_flags 3608.Pq Vt str 3609If crash dumps are enabled, these are the flags to pass to the 3610.Xr savecore 8 3611utility. 3612.It Va quota_enable 3613.Pq Vt bool 3614Set to 3615.Dq Li YES 3616to turn on user and group disk quotas on system startup via the 3617.Xr quotaon 8 3618command for all file systems marked as having quotas enabled in 3619.Pa /etc/fstab . 3620The kernel must be built with 3621.Cd "options QUOTA" 3622for disk quotas to function. 3623.It Va check_quotas 3624.Pq Vt bool 3625Set to 3626.Dq Li YES 3627to enable user and group disk quota checking via the 3628.Xr quotacheck 8 3629command. 3630.It Va quotacheck_flags 3631.Pq Vt str 3632If 3633.Va quota_enable 3634is set to 3635.Dq Li YES , 3636and 3637.Va check_quotas 3638is set to 3639.Dq Li YES , 3640these are the flags to pass to the 3641.Xr quotacheck 8 3642utility. 3643The default is 3644.Dq Li "-a" , 3645which checks quotas for all file systems with quotas enabled in 3646.Pa /etc/fstab . 3647.It Va quotaon_flags 3648.Pq Vt str 3649If 3650.Va quota_enable 3651is set to 3652.Dq Li YES , 3653these are the flags to pass to the 3654.Xr quotaon 8 3655utility. 3656The default is 3657.Dq Li "-a" , 3658which enables quotas for all file systems with quotas enabled in 3659.Pa /etc/fstab . 3660.It Va quotaoff_flags 3661.Pq Vt str 3662If 3663.Va quota_enable 3664is set to 3665.Dq Li YES , 3666these are the flags to pass to the 3667.Xr quotaoff 8 3668utility when shutting down the quota system. 3669The default is 3670.Dq Li "-a" , 3671which disables quotas for all file systems with quotas enabled in 3672.Pa /etc/fstab . 3673.It Va accounting_enable 3674.Pq Vt bool 3675Set to 3676.Dq Li YES 3677to enable system accounting through the 3678.Xr accton 8 3679facility. 3680.It Va firstboot_sentinel 3681.Pq Vt str 3682This variable specifies the full path to a 3683.Dq first boot 3684sentinel file. 3685If a file exists with this path, 3686.Pa rc.d 3687scripts with the 3688.Dq firstboot 3689keyword will be run on startup and the sentinel file will be deleted 3690after the boot process completes. 3691The sentinel file must be located on a writable file system which is 3692mounted no later than 3693.Va early_late_divider 3694to function properly. 3695The default is 3696.Pa /firstboot . 3697.It Va linux_enable 3698.Pq Vt bool 3699Set to 3700.Dq Li YES 3701to enable Linux/ELF binary emulation at system initial 3702boot time. 3703.It Va sysvipc_enable 3704.Pq Vt bool 3705If set to 3706.Dq Li YES , 3707load System V IPC primitives at boot time. 3708.It Va clear_tmp_enable 3709.Pq Vt bool 3710Set to 3711.Dq Li YES 3712to have 3713.Pa /tmp 3714cleaned at startup. 3715.It Va clear_tmp_X 3716.Pq Vt bool 3717Set to 3718.Dq Li NO 3719to disable removing of X11 lock files, 3720and the removal and (secure) recreation 3721of the various socket directories for X11 3722related programs. 3723.It Va ldconfig_paths 3724.Pq Vt str 3725Set to the list of shared library paths to use with 3726.Xr ldconfig 8 . 3727NOTE: 3728.Pa /lib 3729and 3730.Pa /usr/lib 3731will always be added first, so they need not appear in this list. 3732.It Va ldconfig32_paths 3733.Pq Vt str 3734Set to the list of 32-bit compatibility shared library paths to 3735use with 3736.Xr ldconfig 8 . 3737.It Va ldconfig_insecure 3738.Pq Vt bool 3739The 3740.Xr ldconfig 8 3741utility normally refuses to use directories 3742which are writable by anyone except root. 3743Set this variable to 3744.Dq Li YES 3745to disable that security check during system startup. 3746.It Va ldconfig_local_dirs 3747.Pq Vt str 3748Set to the list of local 3749.Xr ldconfig 8 3750directories. 3751The names of all files in the directories listed will be 3752passed as arguments to 3753.Xr ldconfig 8 . 3754.It Va ldconfig_local32_dirs 3755.Pq Vt str 3756Set to the list of local 32-bit compatibility 3757.Xr ldconfig 8 3758directories. 3759The names of all files in the directories listed will be 3760passed as arguments to 3761.Dq Nm ldconfig Fl 32 . 3762.It Va kern_securelevel_enable 3763.Pq Vt bool 3764Set to 3765.Dq Li YES 3766to set the kernel security level at system startup. 3767.It Va kern_securelevel 3768.Pq Vt int 3769The kernel security level to set at startup. 3770The allowed range of 3771.Ar value 3772ranges from \-1 (the compile time default) to 3 (the 3773most secure). 3774See 3775.Xr security 7 3776for the list of possible security levels and their effect 3777on system operation. 3778.It Va sshd_program 3779.Pq Vt str 3780Path to the SSH server program 3781.Pa ( /usr/sbin/sshd 3782is the default). 3783.It Va sshd_enable 3784.Pq Vt bool 3785Set to 3786.Dq Li YES 3787to start 3788.Xr sshd 8 3789at system boot time. 3790.It Va sshd_flags 3791.Pq Vt str 3792If 3793.Va sshd_enable 3794is set to 3795.Dq Li YES , 3796these are the flags to pass to the 3797.Xr sshd 8 3798daemon. 3799.It Va ftpd_program 3800.Pq Vt str 3801Path to the FTP server program 3802.Pa ( /usr/libexec/ftpd 3803is the default). 3804.It Va ftpd_enable 3805.Pq Vt bool 3806Set to 3807.Dq Li YES 3808to start 3809.Xr ftpd 8 3810as a stand-alone daemon at system boot time. 3811.It Va ftpd_flags 3812.Pq Vt str 3813If 3814.Va ftpd_enable 3815is set to 3816.Dq Li YES , 3817these are the additional flags to pass to the 3818.Xr ftpd 8 3819daemon. 3820.It Va watchdogd_enable 3821.Pq Vt bool 3822If set to 3823.Dq Li YES , 3824start the 3825.Xr watchdogd 8 3826daemon at boot time. 3827This requires that the kernel have been compiled with a 3828.Xr watchdog 4 3829compatible device. 3830.It Va watchdogd_flags 3831.Pq Vt str 3832If 3833.Va watchdogd_enable 3834is set to 3835.Dq Li YES , 3836these are the flags passed to the 3837.Xr watchdogd 8 3838daemon. 3839.It Va watchdogd_timeout 3840.Pq Vt int 3841If 3842.Va watchdogd_enable 3843is set to 3844.Dq Li YES , 3845this is a timeout that will be used by the 3846.Xr watchdogd 8 3847daemon. 3848If this option is set, it overrides 3849.Fl t 3850in 3851.Va watchdogd_flags . 3852.It Va watchdogd_shutdown_timeout 3853.Pq Vt int 3854If 3855.Va watchdogd_enable 3856is set to 3857.Dq Li YES , 3858this is a timeout that will be set by the 3859.Xr watchdogd 8 3860daemon when it exits during the system shutdown. 3861This timeout will not be set when returning to the single-user mode 3862or when the watchdogd service is stopped individually using the 3863.Xr service 8 3864command or the rc.d script. 3865Note that the timeout will be applied if 3866.Xr watchdogd 8 3867is stopped outside of 3868.Xr rc 8 3869framework. 3870If this option is set, it overrides 3871.Fl x 3872in 3873.Va watchdogd_flags . 3874.It Va devfs_rulesets 3875.Pq Vt str 3876List of files containing sets of rules for 3877.Xr devfs 8 . 3878.It Va devfs_system_ruleset 3879.Pq Vt str 3880Rule name(s) to apply to the system 3881.Pa /dev 3882itself. 3883.It Va devfs_set_rulesets 3884.Pq Vt str 3885Pairs of already-mounted 3886.Pa dev 3887directories and rulesets that should be applied to them. 3888For example: /mount/dev=ruleset_name 3889.It Va devfs_load_rulesets 3890.Pq Vt bool 3891If set, always load the default rulesets listed in 3892.Va devfs_rulesets . 3893.It Va performance_cx_lowest 3894.Pq Vt str 3895CPU idle state to use while on AC power. 3896The string 3897.Dq Li LOW 3898indicates that 3899.Xr acpi 4 3900should use the lowest power state available while 3901.Dq Li HIGH 3902indicates that the lowest latency state (less power savings) should be used. 3903.It Va performance_cpu_freq 3904.Pq Vt str 3905CPU clock frequency to use while on AC power. 3906The string 3907.Dq Li LOW 3908indicates that 3909.Xr cpufreq 4 3910should use the lowest frequency available while 3911.Dq Li HIGH 3912indicates that the highest frequency (less power savings) should be used. 3913.It Va economy_cx_lowest 3914.Pq Vt str 3915CPU idle state to use when off AC power. 3916The string 3917.Dq Li LOW 3918indicates that 3919.Xr acpi 4 3920should use the lowest power state available while 3921.Dq Li HIGH 3922indicates that the lowest latency state (less power savings) should be used. 3923.It Va economy_cpu_freq 3924.Pq Vt str 3925CPU clock frequency to use when off AC power. 3926The string 3927.Dq Li LOW 3928indicates that 3929.Xr cpufreq 4 3930should use the lowest frequency available while 3931.Dq Li HIGH 3932indicates that the highest frequency (less power savings) should be used. 3933.It Va jail_enable 3934.Pq Vt bool 3935If set to 3936.Dq Li NO , 3937any configured jails will not be started. 3938.It Va jail_conf 3939.Pq Vt str 3940The configuration filename used by 3941.Xr jail 8 3942utility. 3943The default value is 3944.Pa /etc/jail.conf . 3945.Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf 3946and 3947.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf 3948will also be used if 3949.Va Ao Ar jname Ac Va 3950is set in 3951.Va jail_list . 3952.It Va jail_parallel_start 3953.Pq Vt bool 3954If set to 3955.Dq Li YES , 3956all configured jails will be started in the background (in parallel). 3957.It Va jail_flags 3958.Pq Vt str 3959Unset by default. 3960When set, use as default value for 3961.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3962for every jail in 3963.Va jail_list . 3964.It Va jail_list 3965.Pq Vt str 3966A space-delimited list of jail names. 3967When left empty, all of the 3968.Xr jail 8 3969instances defined in the configuration file are started. 3970The names specified in this list control the jail startup order. 3971.Xr jail 8 3972instances missing from 3973.Va jail_list 3974must be started manually. 3975Note that a jail's 3976.Va depend 3977parameter in the configuration file may override this list. 3978.It Va jail_reverse_stop 3979.Pq Vt bool 3980When set to 3981.Dq Li YES , 3982all configured jails in 3983.Va jail_list 3984are stopped in reverse order. 3985.It Va jail_ Ns * variables 3986Note that older releases supported per-jail configuration via 3987.Nm 3988variables. 3989For example, 3990hostname of a jail named 3991.Li vjail 3992was able to be set by 3993.Li jail_vjail_hostname . 3994These per-jail configuration variables are now obsolete in favor of 3995.Xr jail 8 3996configuration file. 3997For backward compatibility, 3998when per-jail configuration variables are defined, 3999.Xr jail 8 4000configuration files are created as 4001.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4002and used. 4003.Pp 4004The following per-jail parameters are handled by 4005.Pa rc.d/jail 4006script out of their corresponding 4007.Nm 4008variables. 4009In addition to them, parameters in 4010.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4011will be added to the configuration file. 4012They must be a semi-colon 4013.Pq Ql \&; 4014delimited list of 4015.Dq key=value . 4016For more details, 4017see 4018.Xr jail 8 4019manual page. 4020.Bl -tag -width "host.hostname" -offset indent 4021.It Li path 4022set from 4023.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4024.It Li host.hostname 4025set from 4026.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4027.It Li exec.consolelog 4028set from 4029.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4030The default value is 4031.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4032.It Li interface 4033set from 4034.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4035.It Li vnet.interface 4036set from 4037.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4038This implies 4039.Li vnet 4040parameter will be enabled and cannot be specified with 4041.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4042.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4043and/or 4044.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4045at the same time. 4046.It Li fstab 4047set from 4048.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4049.It Li mount 4050set from 4051.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4052.It Li exec.fib 4053set from 4054.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4055.It Li exec.start 4056set from 4057.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4058The parameter name was 4059.Li command 4060in some older releases. 4061.It Li exec.prestart 4062set from 4063.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4064.It Li exec.poststart 4065set from 4066.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4067.It Li exec.stop 4068set from 4069.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4070.It Li exec.prestop 4071set from 4072.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4073.It Li exec.poststop 4074set from 4075.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4076.It Li ip4.addr 4077set if 4078.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4079or 4080.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4081contain IPv4 addresses 4082.It Li ip6.addr 4083set if 4084.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4085or 4086.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4087contain IPv6 addresses 4088.It Li allow.mount 4089set from 4090.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4091.It Li mount.devfs 4092set from 4093.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4094.It Li devfs_ruleset 4095set from 4096.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4097This must be an integer, 4098not a string. 4099.It Li mount.fdescfs 4100set from 4101.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4102.It Li allow.set_hostname 4103set from 4104.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4105.It Li allow.rawsocket 4106set from 4107.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4108.It Li allow.sysvipc 4109set from 4110.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4111.El 4112.\" ----------------------------------------------------- 4113.It Va harvest_mask 4114.Pq Vt int 4115Set to a bit-mask 4116representing the entropy sources 4117you wish to harvest. 4118Refer to 4119.Xr random 4 4120for more information. 4121.It Va entropy_dir 4122.Pq Vt str 4123Set to 4124.Dq Li NO 4125to disable caching entropy via 4126.Xr cron 8 . 4127Otherwise set to the directory 4128in which the entropy files are stored. 4129To be useful, 4130there must be 4131a system cron job 4132that regularly writes and rotates 4133files here. 4134All files found 4135will be used at boot time. 4136The default is 4137.Pa /var/db/entropy . 4138.It Va entropy_file 4139.Pq Vt str 4140Set to 4141.Dq Li NO 4142to disable caching entropy through reboots. 4143Otherwise set to the name 4144of a file used to store cached entropy. 4145This file should be located 4146on a file system that is readable 4147before all the volumes specified in 4148.Xr fstab 5 4149are mounted. 4150By default, 4151.Pa /entropy 4152is used, 4153but if 4154.Pa /var/db/entropy-file 4155is found it will also be used. 4156This will be of some use to 4157.Xr bsdinstall 8 . 4158.It Va entropy_boot_file 4159.Pq Vt str 4160Set to 4161.Dq Li NO 4162to disable 4163very early caching entropy 4164through reboots. 4165Otherwise set to the filename 4166used to read 4167very early reboot cached entropy. 4168This file should be located where 4169.Xr loader 8 4170can read it. 4171See also 4172.Xr loader.conf 5 . 4173The default location is 4174.Pa /boot/entropy . 4175.It Va entropy_save_sz 4176.Pq Vt int 4177Size of the entropy cache files saved by 4178.Nm save-entropy 4179periodically. 4180.It Va entropy_save_num 4181.Pq Vt int 4182Number of entropy cache files to save by 4183.Nm save-entropy 4184periodically. 4185.It Va ipsec_enable 4186.Pq Vt bool 4187Set to 4188.Dq Li YES 4189to run 4190.Xr setkey 8 4191on 4192.Va ipsec_file 4193at boot time. 4194.It Va ipsec_file 4195.Pq Vt str 4196Configuration file for 4197.Xr setkey 8 . 4198.It Va dmesg_enable 4199.Pq Vt bool 4200Set to 4201.Dq Li YES 4202to save 4203.Xr dmesg 8 4204to 4205.Pa /var/run/dmesg.boot 4206on boot. 4207.It Va rcshutdown_timeout 4208.Pq Vt int 4209If set, start a watchdog timer in the background which will terminate 4210.Pa rc.shutdown 4211if 4212.Xr shutdown 8 4213has not completed within the specified time (in seconds). 4214Notice that in addition to this soft timeout, 4215.Xr init 8 4216also applies a hard timeout for the execution of 4217.Pa rc.shutdown . 4218This is configured via 4219.Xr sysctl 8 4220variable 4221.Va kern.init_shutdown_timeout 4222and defaults to 120 seconds. 4223Setting the value of 4224.Va rcshutdown_timeout 4225to more than 120 seconds will have no effect until the 4226.Xr sysctl 8 4227variable 4228.Va kern.init_shutdown_timeout 4229is also increased. 4230.It Va virecover_enable 4231.Pq Vt bool 4232Set to 4233.Dq Li NO 4234to prevent the system from trying to 4235recover pre-maturely terminated 4236.Xr vi 1 4237sessions. 4238.It Va ugidfw_enable 4239.Pq Vt bool 4240Set to 4241.Dq Li YES 4242to load the 4243.Xr mac_bsdextended 4 4244module upon system initialization and load a default 4245ruleset file. 4246.It Va bsdextended_script 4247.Pq Vt str 4248The default 4249.Xr mac_bsdextended 4 4250ruleset file to load. 4251The default value of this variable is 4252.Pa /etc/rc.bsdextended . 4253.It Va newsyslog_enable 4254.Pq Vt bool 4255If set to 4256.Dq Li YES , 4257run 4258.Xr newsyslog 8 4259command at startup. 4260.It Va newsyslog_flags 4261.Pq Vt str 4262If 4263.Va newsyslog_enable 4264is set to 4265.Dq Li YES , 4266these are the flags to pass to the 4267.Xr newsyslog 8 4268program. 4269The default is 4270.Dq Li -CN , 4271which causes log files flagged with a 4272.Cm C 4273to be created. 4274.It Va mdconfig_md Ns Aq Ar X 4275.Pq Vt str 4276Arguments to 4277.Xr mdconfig 8 4278for 4279.Xr md 4 4280device 4281.Ar X . 4282At minimum a 4283.Fl t Ar type 4284must be specified and either a 4285.Fl s Ar size 4286for malloc or swap backed 4287.Xr md 4 4288devices or a 4289.Fl f Ar file 4290for vnode backed 4291.Xr md 4 4292devices. 4293Note that 4294.Va mdconfig_md Ns Aq Ar X 4295variables are evaluated until one variable is unset or null. 4296.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4297.Pq Vt str 4298Optional arguments passed to 4299.Xr newfs 8 4300to initialize 4301.Xr md 4 4302device 4303.Ar X . 4304.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4305.Pq Vt str 4306An ownership specification passed to 4307.Xr chown 8 4308after the specified 4309.Xr md 4 4310device 4311.Ar X 4312has been mounted. 4313Both the 4314.Xr md 4 4315device and the mount point will be changed. 4316.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4317.Pq Vt str 4318A mode string passed to 4319.Xr chmod 1 4320after the specified 4321.Xr md 4 4322device 4323.Ar X 4324has been mounted. 4325Both the 4326.Xr md 4 4327device and the mount point will be changed. 4328.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4329.Pq Vt str 4330Files to be copied to the mount point of the 4331.Xr md 4 4332device 4333.Ar X 4334after it has been mounted. 4335.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4336.Pq Vt str 4337Command to execute after the specified 4338.Xr md 4 4339device 4340.Ar X 4341has been mounted. 4342Note that the command is passed to 4343.Ic eval 4344and that both 4345.Va _dev 4346and 4347.Va _mp 4348variables can be used to reference respectively the 4349.Xr md 4 4350device and the mount point. 4351Assuming that the 4352.Xr md 4 4353device is 4354.Li md0 , 4355one could set the following: 4356.Bd -literal 4357mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4358.Ed 4359.It Va autobridge_interfaces 4360.Pq Vt str 4361Set to the list of bridge interfaces that will have newly arriving interfaces 4362checked against to be automatically added. 4363If not set to 4364.Dq Li NO 4365then for each whitespace separated 4366.Ar element 4367in the value, a 4368.Va autobridge_ Ns Aq Ar element 4369variable is assumed to exist which has a whitespace separated list of interface 4370names to match, these names can use wildcards. 4371For example: 4372.Bd -literal 4373autobridge_interfaces="bridge0" 4374autobridge_bridge0="tap* dc0 vlan[345]" 4375.Ed 4376.It Va mixer_enable 4377.Pq Vt bool 4378If set to 4379.Dq Li YES , 4380enable support for sound mixer. 4381.It Va hcsecd_enable 4382.Pq Vt bool 4383If set to 4384.Dq Li YES , 4385enable Bluetooth security daemon. 4386.It Va hcsecd_config 4387.Pq Vt str 4388Configuration file for 4389.Xr hcsecd 8 . 4390Default 4391.Pa /etc/bluetooth/hcsecd.conf . 4392.It Va sdpd_enable 4393.Pq Vt bool 4394If set to 4395.Dq Li YES , 4396enable Bluetooth Service Discovery Protocol daemon. 4397.It Va sdpd_control 4398.Pq Vt str 4399Path to 4400.Xr sdpd 8 4401control socket. 4402Default 4403.Pa /var/run/sdp . 4404.It Va sdpd_groupname 4405.Pq Vt str 4406Sets 4407.Xr sdpd 8 4408group to run as after it initializes. 4409Default 4410.Dq Li nobody . 4411.It Va sdpd_username 4412.Pq Vt str 4413Sets 4414.Xr sdpd 8 4415user to run as after it initializes. 4416Default 4417.Dq Li nobody . 4418.It Va bthidd_enable 4419.Pq Vt bool 4420If set to 4421.Dq Li YES , 4422enable Bluetooth Human Interface Device daemon. 4423.It Va bthidd_config 4424.Pq Vt str 4425Configuration file for 4426.Xr bthidd 8 . 4427Default 4428.Pa /etc/bluetooth/bthidd.conf . 4429.It Va bthidd_hids 4430.Pq Vt str 4431Path to a file, where 4432.Xr bthidd 8 4433will store information about known HID devices. 4434Default 4435.Pa /var/db/bthidd.hids . 4436.It Va rfcomm_pppd_server_enable 4437.Pq Vt bool 4438If set to 4439.Dq Li YES , 4440enable Bluetooth RFCOMM PPP wrapper daemon. 4441.It Va rfcomm_pppd_server_profile 4442.Pq Vt str 4443The name of the profile to use from 4444.Pa /etc/ppp/ppp.conf . 4445Multiple profiles can be specified here. 4446Also used to specify per-profile overrides. 4447When the profile name contains any of the characters 4448.Dq Li .-/+ 4449they are translated to 4450.Dq Li _ 4451for the proposes of the override variable names. 4452.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4453.Pq Vt str 4454Overrides local address to listen on. 4455By default 4456.Xr rfcomm_pppd 8 4457will listen on 4458.Dq Li ANY 4459address. 4460The address can be specified as BD_ADDR or name. 4461.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4462.Pq Vt str 4463Overrides local RFCOMM channel to listen on. 4464By default 4465.Xr rfcomm_pppd 8 4466will listen on RFCOMM channel 1. 4467Must set properly if multiple profiles used in the same time. 4468.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4469.Pq Vt bool 4470Tells 4471.Xr rfcomm_pppd 8 4472if it should register Serial Port service on the specified RFCOMM channel. 4473Default 4474.Dq Li NO . 4475.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4476.Pq Vt bool 4477Tells 4478.Xr rfcomm_pppd 8 4479if it should register Dial-Up Networking service on the specified 4480RFCOMM channel. 4481Default 4482.Dq Li NO . 4483.It Va ubthidhci_enable 4484.Pq Vt bool 4485If set to 4486.Dq Li YES , 4487change the USB Bluetooth controller from HID mode to HCI mode. 4488You also need to specify the location of USB Bluetooth controller with the 4489.Va ubthidhci_busnum 4490and 4491.Va ubthidhci_addr 4492variables. 4493.It Va ubthidhci_busnum 4494Bus number where the USB Bluetooth controller is located. 4495Check the output of 4496.Xr usbconfig 8 4497on your system to find this information. 4498.It Va ubthidhci_addr 4499Bus address of the USB Bluetooth controller. 4500Check the output of 4501.Xr usbconfig 8 4502on your system to find this information. 4503.It Va utx_enable 4504.Pq Vt bool 4505Set to 4506.Dq Li YES 4507to enable user accounting through the 4508.Xr utx 8 4509facility. 4510.It Va netwait_enable 4511.Pq Vt bool 4512If set to 4513.Dq Li YES , 4514delays the start of network-reliant services until 4515.Va netwait_if 4516is up and ICMP packets to a destination defined in 4517.Va netwait_ip 4518are flowing. 4519Link state is examined first, followed by 4520.Dq Li pinging 4521an IP address to verify network usability. 4522If no destination can be reached or timeouts are exceeded, 4523network services are started anyway with no guarantee that 4524the network is usable. 4525Use of this variable requires both 4526.Va netwait_ip 4527and 4528.Va netwait_if 4529to be set. 4530.It Va netwait_ip 4531.Pq Vt str 4532Empty by default. 4533This variable contains a space-delimited list of IP addresses to 4534.Xr ping 8 . 4535DNS hostnames should not be used as resolution is not guaranteed 4536to be functional at this point. 4537If multiple IP addresses are specified, 4538each will be tried until one is successful or the list is exhausted. 4539.It Va netwait_timeout 4540.Pq Vt int 4541Indicates the total number of seconds to perform a 4542.Dq Li ping 4543against each IP address in 4544.Va netwait_ip , 4545at a rate of one ping per second. 4546If any of the pings are successful, 4547full network connectivity is considered reliable. 4548The default is 60. 4549.It Va netwait_if 4550.Pq Vt str 4551Empty by default. 4552Defines the name of the network interface on which watch for link. 4553.Xr ifconfig 8 4554is used to monitor the interface, looking for 4555.Dq Li status: no carrier . 4556Once gone, the link is considered up. 4557This can be a 4558.Xr vlan 4 4559interface if desired. 4560.It Va netwait_if_timeout 4561.Pq Vt int 4562Defines the total number of seconds to wait for link to become usable, 4563polled at a 1-second interval. 4564The default is 30. 4565.It Va rctl_enable 4566.Pq Vt bool 4567If set to 4568.Dq Li YES , 4569load 4570.Xr rctl 8 4571rules from the defined ruleset. 4572The kernel must be built with 4573.Cd "options RACCT" 4574and 4575.Cd "options RCTL" . 4576.It Va rctl_rules 4577.Pq Vt str 4578Set to 4579.Pa /etc/rctl.conf 4580by default. 4581This variables contains the 4582.Xr rctl.conf 5 4583ruleset to load for 4584.Xr rctl 8 . 4585.It Va iovctl_files 4586.Pq Vt str 4587A space-separated list of configuration files used by 4588.Xr iovctl 8 . 4589The default value is an empty string. 4590.It Va autofs_enable 4591.Pq Vt bool 4592If set to 4593.Dq Li YES , 4594start the 4595.Xr automount 8 4596utility and the 4597.Xr automountd 8 4598and 4599.Xr autounmountd 8 4600daemons at boot time. 4601.It Va automount_flags 4602.Pq Vt str 4603If 4604.Va autofs_enable 4605is set to 4606.Dq Li YES , 4607these are the flags to pass to the 4608.Xr automount 8 4609program. 4610By default no flags are passed. 4611.It Va automountd_flags 4612.Pq Vt str 4613If 4614.Va autofs_enable 4615is set to 4616.Dq Li YES , 4617these are the flags to pass to the 4618.Xr automountd 8 4619daemon. 4620By default no flags are passed. 4621.It Va autounmountd_flags 4622.Pq Vt str 4623If 4624.Va autofs_enable 4625is set to 4626.Dq Li YES , 4627these are the flags to pass to the 4628.Xr autounmountd 8 4629daemon. 4630By default no flags are passed. 4631.It Va ctld_enable 4632.Pq Vt bool 4633If set to 4634.Dq Li YES , 4635start the 4636.Xr ctld 8 4637daemon at boot time. 4638.It Va iscsid_enable 4639.Pq Vt bool 4640If set to 4641.Dq Li YES , 4642start the 4643.Xr iscsid 8 4644daemon at boot time. 4645.It Va iscsictl_enable 4646.Pq Vt bool 4647If set to 4648.Dq Li YES , 4649start the 4650.Xr iscsictl 8 4651utility at boot time. 4652.It Va iscsictl_flags 4653.Pq Vt str 4654If 4655.Va iscsictl_enable 4656is set to 4657.Dq Li YES , 4658these are the flags to pass to the 4659.Xr iscsictl 8 4660program. 4661The default is 4662.Dq Li -Aa , 4663which configures sessions based on the 4664.Pa /etc/iscsi.conf 4665configuration file. 4666.It Va cfumass_enable 4667.Pq Vt bool 4668If set to 4669.Dq Li YES , 4670create and export an USB LUN using 4671.Xr cfumass 4 4672at boot time. 4673.It Va cfumass_dir 4674.Pq Vt str 4675The directory where the files exported by USB LUN are located. 4676The default directory is 4677.Pa /var/cfumass . 4678.It Va service_delete_empty 4679.Pq Vt bool 4680If set to 4681.Dq Li YES , 4682.Ql Li service delete 4683removes empty 4684.Dq Li rc.conf.d 4685files. 4686.It Va zfs_bootonce_activate 4687.Pq Vt bool 4688If set to 4689.Dq Li YES , 4690and a boot environment marked bootonce is successfully booted, 4691it will be made permanently active. 4692.It Va zfskeys_enable 4693.Pq Vt bool 4694If set to 4695.Dq Li YES , 4696enable auto-loading of encryption keys for encrypted ZFS datasets. 4697For every dataset the script will first load the appropriate encryption key 4698and then attempt to unlock the dataset. 4699.Pp 4700The script operates only on datasets which are encrypted with 4701ZFS native encryption 4702and have a ZFS 4703.Dq Li keylocation 4704dataset property beginning with 4705.Dq Li file:// . 4706.It Va zfskeys_datasets 4707.Pq Vt str 4708A whitespace-separated list of ZFS datasets to unlock. 4709The list is empty by default, 4710which means that the script will attempt to unlock all datasets. 4711.It Va zfskeys_timeout 4712.Pq Vt int 4713Define the total number of seconds to wait for the zfskeys script 4714to unlock an encrypted dataset. 4715The default is 10. 4716.It Va sendmail_enable 4717.Pq Vt str 4718If set to 4719.Dq Li YES , 4720run the 4721.Xr sendmail 8 4722daemon at system boot time. 4723If set to 4724.Dq Li NO , 4725do not run a 4726.Xr sendmail 8 4727daemon to listen for incoming network mail. 4728This does not preclude a 4729.Xr sendmail 8 4730daemon listening on the SMTP port of the loopback interface. 4731The 4732.Dq Li NONE 4733option sets each 4734.Va sendmail_enable , 4735.Va sendmail_submit_enable , 4736.Va sendmail_outbound_enable , 4737.Va sendmail_msp_queue_enable 4738to 4739.Dq Li NO . 4740.It Va sendmail_cert_create 4741.Pq Vt str 4742If 4743.Va sendmail_enable 4744is set to 4745.Dq Li YES , 4746create a signed certificate 4747.Pa /etc/mail/certs/host.cert 4748representing 4749.Pa /etc/mail/certs/host.key 4750by the CA certificate in 4751.Pa /etc/mail/certs/cacert.pem . 4752This will enable connecting hosts to negotiate STARTTLS allowing incoming 4753email to be encrypted in transit. 4754.Xr sendmail 8 4755needs to be configured to use these generated files. 4756The default configuration in 4757.Pa /etc/mail/freebsd.mc 4758has the required options in it. 4759.It Va sendmail_cert_cn 4760.Pq Vt str 4761If 4762.Va sendmail_enable 4763is set to 4764.Dq Li YES 4765and 4766.Va sendmail_cert_create 4767is set to 4768.Dq Li YES , 4769this is the Common Name (CN) of the certificate that will be created. 4770If 4771.Va sendmail_cert_cn 4772is not set, the system's hostname will be used. 4773If there is no hostname set, 4774.Dq Li amnesiac 4775will be used. 4776.It Va sendmail_flags 4777.Pq Vt str 4778If 4779.Va sendmail_enable 4780is set to 4781.Dq Li YES , 4782these are the flags to pass to the 4783.Xr sendmail 8 4784daemon. 4785.It Va sendmail_submit_enable 4786.Pq Vt bool 4787If set to 4788.Dq Li YES 4789and 4790.Va sendmail_enable 4791is set to 4792.Dq Li NO , 4793run 4794.Xr sendmail 8 4795using 4796.Va sendmail_submit_flags 4797instead of 4798.Va sendmail_flags . 4799This is intended to allow local mail submission via 4800a localhost-only listening SMTP service required for running 4801.Xr sendmail 8 4802as a non-set-user-ID binary. 4803Note that this does not work inside 4804.Xr jail 2 4805systems, as jails do not allow binding to just the localhost interface. 4806.It Va sendmail_submit_flags 4807.Pq Vt str 4808If 4809.Va sendmail_enable 4810is set to 4811.Dq Li NO 4812and 4813.Va sendmail_submit_enable 4814is set to 4815.Dq Li YES , 4816these are the flags to pass to the 4817.Xr sendmail 8 4818daemon. 4819.It Va sendmail_outbound_enable 4820.Pq Vt bool 4821If set to 4822.Dq Li YES 4823and both 4824.Va sendmail_enable 4825and 4826.Va sendmail_submit_enable 4827are set to 4828.Dq Li NO , 4829run 4830.Xr sendmail 8 4831using 4832.Va sendmail_outbound_flags 4833instead of 4834.Va sendmail_flags . 4835This is intended to allow local mail queue management 4836for systems that do not offer a listening SMTP service. 4837.It Va sendmail_outbound_flags 4838.Pq Vt str 4839If both 4840.Va sendmail_enable 4841and 4842.Va sendmail_submit_enable 4843are set to 4844.Dq Li NO 4845and 4846.Va sendmail_outbound_enable 4847is set to 4848.Dq Li YES , 4849these are the flags to pass to the 4850.Xr sendmail 8 4851daemon. 4852.It Va sendmail_msp_queue_enable 4853.Pq Vt bool 4854If set to 4855.Dq Li YES , 4856start a client (MSP) queue runner 4857.Xr sendmail 8 4858daemon at system boot time. 4859As of sendmail 8.12, a separate queue is used for command line 4860submissions. 4861The client queue runner ensures that nothing is 4862left behind in the submission queue. 4863.It Va sendmail_msp_queue_flags 4864.Pq Vt str 4865If 4866.Va sendmail_msp_queue_enable 4867is set to 4868daemon. 4869.Dq Li YES , 4870these are the flags to pass to the 4871.Xr sendmail 8 4872.El 4873.Sh FILES 4874.Bl -tag -width "/etc/defaults/rc.conf" -compact 4875.It Pa /etc/defaults/rc.conf 4876.It Pa /etc/defaults/vendor.conf 4877.It Pa /etc/rc.conf 4878.It Pa /etc/rc.conf.local 4879.It Pa /etc/rc.conf.d/ 4880.El 4881.Sh SEE ALSO 4882.Xr chmod 1 , 4883.Xr gdb 1 Pq Pa ports/devel/gdb , 4884.Xr info 1 , 4885.Xr kbdcontrol 1 , 4886.Xr limits 1 , 4887.Xr protect 1 , 4888.Xr sh 1 , 4889.Xr umask 1 , 4890.Xr vi 1 , 4891.Xr vidcontrol 1 , 4892.Xr bridge 4 , 4893.Xr dummynet 4 , 4894.Xr ip 4 , 4895.Xr ipf 4 , 4896.Xr ipfw 4 , 4897.Xr ipnat 4 , 4898.Xr kld 4 , 4899.Xr pf 4 , 4900.Xr pflog 4 , 4901.Xr pfsync 4 , 4902.Xr tcp 4 , 4903.Xr udp 4 , 4904.Xr exports 5 , 4905.Xr fstab 5 , 4906.Xr ipf 5 , 4907.Xr ipnat 5 , 4908.Xr jail.conf 5 , 4909.Xr loader.conf 5 , 4910.Xr login.conf 5 , 4911.Xr motd 5 , 4912.Xr newsyslog.conf 5 , 4913.Xr pf.conf 5 , 4914.Xr firewall 7 , 4915.Xr growfs 7 , 4916.Xr security 7 , 4917.Xr tuning 7 , 4918.Xr accton 8 , 4919.Xr apm 8 , 4920.Xr bsdinstall 8 , 4921.Xr bthidd 8 , 4922.Xr chkprintcap 8 , 4923.Xr chown 8 , 4924.Xr cron 8 , 4925.Xr devfs 8 , 4926.Xr dhclient 8 , 4927.Xr ftpd 8 , 4928.Xr geli 8 , 4929.Xr hcsecd 8 , 4930.Xr ifconfig 8 , 4931.Xr inetd 8 , 4932.Xr iovctl 8 , 4933.Xr ipf 8 , 4934.Xr ipfw 8 , 4935.Xr ipnat 8 , 4936.Xr jail 8 , 4937.Xr kldxref 8 , 4938.Xr loader 8 , 4939.Xr lpd 8 , 4940.Xr makewhatis 8 , 4941.Xr mdconfig 8 , 4942.Xr mdmfs 8 , 4943.Xr mixer 8 , 4944.Xr mountd 8 , 4945.Xr moused 8 , 4946.Xr newfs 8 , 4947.Xr newsyslog 8 , 4948.Xr nfsd 8 , 4949.Xr ntpd 8 , 4950.Xr ntpdate 8 , 4951.Xr pfctl 8 , 4952.Xr pflogd 8 , 4953.Xr ping 8 , 4954.Xr powerd 8 , 4955.Xr quotacheck 8 , 4956.Xr quotaon 8 , 4957.Xr rc 8 , 4958.Xr rc.subr 8 , 4959.Xr rcorder 8 , 4960.Xr rfcomm_pppd 8 , 4961.Xr route 8 , 4962.Xr routed 8 , 4963.Xr rpc.lockd 8 , 4964.Xr rpc.statd 8 , 4965.Xr rpc.tlsclntd 8 , 4966.Xr rpc.tlsservd 8 , 4967.Xr rpcbind 8 , 4968.Xr rwhod 8 , 4969.Xr savecore 8 , 4970.Xr sdpd 8 , 4971.Xr sendmail 8 , 4972.Xr service 8 , 4973.Xr sshd 8 , 4974.Xr swapon 8 , 4975.Xr sysctl 8 , 4976.Xr syslogd 8 , 4977.Xr sysrc 8 , 4978.Xr unbound 8 , 4979.Xr usbconfig 8 , 4980.Xr utx 8 , 4981.Xr wlandebug 8 , 4982.Xr yp 8 , 4983.Xr ypbind 8 , 4984.Xr ypserv 8 , 4985.Xr ypset 8 4986.Sh HISTORY 4987The 4988.Nm 4989file appeared in 4990.Fx 2.2.2 . 4991.Sh AUTHORS 4992.An Jordan K. Hubbard . 4993