1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd May 4, 2024 26.Dt RC.CONF 5 27.Os 28.Sh NAME 29.Nm rc.conf 30.Nd system configuration information 31.Sh DESCRIPTION 32The file 33.Nm 34contains descriptive information about the local host name, configuration 35details for any potential network interfaces and which services should be 36started up at system initial boot time. 37In new installations, the 38.Nm 39file is generally initialized by the system installation utility. 40.Pp 41The purpose of 42.Nm 43is not to run commands or perform system startup actions 44directly. 45Instead, it is included by the 46various generic startup scripts in 47.Pa /etc 48which conditionalize their 49internal actions according to the settings found there. 50.Pp 51The 52.Pa /etc/rc.conf 53file is included from the file 54.Pa /etc/defaults/rc.conf , 55which specifies the default settings for all the available options. 56Options need only be specified in 57.Pa /etc/rc.conf 58when the system administrator wishes to override these defaults. 59The file 60.Pa /etc/defaults/vendor.conf 61allows vendors to override 62.Fx 63defaults. 64The file 65.Pa /etc/rc.conf.local 66is used to override settings in 67.Pa /etc/rc.conf 68for historical reasons. 69.Pp 70The sysrc(8) command provides a scripting interface to modify system 71config files. 72.Pp 73In addition to 74.Pa /etc/rc.conf.local 75you can also place smaller configuration files for each 76.Xr rc 8 77script in the 78.Pa /etc/rc.conf.d 79directory or 80.Ao Ar dir Ac Ns Pa /rc.conf.d 81directories (where 82.Ao Ar dir Ac 83is each entry specified in 84.Va local_startup , 85but with any trailing 86.Pa /rc.d 87stripped), 88which will be included by the 89.Va load_rc_config 90function. 91For jail configurations you could use the file 92.Pa /etc/rc.conf.d/jail 93to store jail-specific configuration options. 94If 95.Va local_startup 96contains 97.Pa /usr/local/etc/rc.d 98and 99.Pa /opt/conf , 100.Pa /usr/local/etc/rc.conf.d/jail 101and 102.Pa /opt/conf/rc.conf.d/jail 103will be loaded. 104If 105.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 106is a directory, 107all of the files in the directory will be loaded. 108Also see the 109.Va rc_conf_files 110variable below. 111.Pp 112Options are set with 113.Dq Ar name Ns Li = Ns Ar value 114assignments that use 115.Xr sh 1 116syntax. 117The following list provides a name and short description for each 118variable that can be set in the 119.Nm 120file: 121.Bl -tag -width indent-two 122.It Va rc_debug 123.Pq Vt bool 124If set to 125.Dq Li YES , 126enable output of debug messages from rc scripts. 127This variable can be helpful in diagnosing mistakes when 128editing or integrating new scripts. 129Beware that this produces copious output to the terminal and 130.Xr syslog 3 . 131.It Va rc_info 132.Pq Vt bool 133If set to 134.Dq Li NO , 135disable informational messages from the rc scripts. 136Informational messages are displayed when 137a condition that is not serious enough to warrant a warning or 138an error occurs. 139.It Va rc_startmsgs 140.Pq Vt bool 141If set to 142.Dq Li YES , 143show 144.Dq Starting foo: 145when faststart is used (e.g., at boot time). 146.It Va early_late_divider 147.Pq Vt str 148The name of the script that should be used as the 149delimiter between the 150.Dq early 151and 152.Dq late 153stages of the boot process. 154The early stage should contain all the services needed to 155get the disks (local or remote) mounted so that the late 156stage can include scripts contained in the directories 157listed in the 158.Va local_startup 159variable (see below). 160Thus, the two likely candidates for this value are 161.Pa mountcritlocal 162for the typical system, and 163.Pa mountcritremote 164if the system needs remote file 165systems mounted to get access to the 166.Va local_startup 167directories; for example when 168.Pa /usr/local 169is NFS mounted. 170For 171.Pa rc.conf 172within a 173.Xr jail 8 174.Pa NETWORKING 175is likely to be an appropriate value. 176Extreme care should be taken when changing this value, 177and before changing it one should ensure that there are 178adequate provisions to recover from a failed boot 179(such as physical contact with the machine, 180or reliable remote console access). 181.It Va always_force_depends 182.Pq Vt bool 183Various 184.Pa rc.d 185scripts use the force_depend function to check whether required 186services are already running, and to start them if necessary. 187By default during boot time this check is bypassed if the 188required service is enabled in 189.Pa /etc/rc.conf[.local] . 190Setting this option will bypass that check at boot time and 191always test whether or not the service is actually running. 192Enabling this option is likely to increase your boot time if 193services are enabled that utilize the force_depend check. 194.It Ao Ar name Ac Ns Va _chroot 195.Pq Vt str 196.Xr chroot 8 197to this directory before running the service. 198.It Ao Ar name Ac Ns Va _cpuset 199.Pq Vt str 200A list of CPUs to run the service on. 201Passed to 202.Xr cpuset 1 203using the 204.Fl l 205flag. 206.It Ao Ar name Ac Ns Va _fib 207.Pq Vt int 208The 209.Xr setfib 1 210value to run the service under. 211.It Ao Ar name Ac Ns Va _group 212.Pq Vt str 213Run the chrooted service under this system group. 214Unlike the 215.Ao Ar name Ac Ns Va _user 216setting, this setting has no effect if the service is not chrooted. 217.It Ao Ar name Ac Ns Va _limits 218.Pq Vt str 219Resource limits to apply to the service using 220.Xr limits 1 . 221By default, resource limits are based on the login class defined in 222.Ao Ar name Ac Ns Va _login_class . 223.It Ao Ar name Ac Ns Va _login_class 224.Pq Vt str 225Login class to be used with 226.Ao Ar name Ac Ns Va _limits . 227Defaults to 228.Dq Li daemon . 229.It Ao Ar name Ac Ns Va _nice 230.Pq Vt int 231The 232.Xr nice 1 233value to run the service under. 234.It Ao Ar name Ac Ns Va _oomprotect 235.Pq Vt str 236Use 237.Xr protect 1 238to prevent the service from being killed when swap space 239is exhausted. 240Use 241.Dq Li YES 242to protect only the service itself, and 243.Dq Li ALL 244to protect the service and all its child processes. 245.Pp 246Please note that rc scripts which redefine 247.Dl ${argument}_cmd 248.Pq see Xr rc.subr 8 249such as PostgreSQL will not inherit the OOM killer protection. 250.Pp 251This variable has no effect on services running within a 252.Xr jail 8 . 253.It Ao Ar name Ac Ns Va _setup 254.Pq Vt str 255Run the specified setup script right before starting the actual service 256command. 257Useful for automatic configuration file generation. 258.It Ao Ar name Ac Ns Va _umask 259.Pq Vt int 260Run the service using this 261.Xr umask 1 262value. 263.It Ao Ar name Ac Ns Va _user 264.Pq Vt str 265Run the service under this user account. 266.It Va apm_enable 267.Pq Vt bool 268If set to 269.Dq Li YES , 270enable support for Automatic Power Management with 271the 272.Xr apm 8 273command. 274.It Va apmd_enable 275.Pq Vt bool 276Run 277.Xr apmd 8 278to handle APM event from userland. 279This also enables support for APM. 280.It Va apmd_flags 281.Pq Vt str 282If 283.Va apmd_enable 284is set to 285.Dq Li YES , 286these are the flags to pass to the 287.Xr apmd 8 288daemon. 289.It Va devd_enable 290.Pq Vt bool 291Run 292.Xr devd 8 293to handle device added, removed or unknown events from the kernel. 294.It Va ddb_enable 295.Pq Vt bool 296Run 297.Xr ddb 8 298to install 299.Xr ddb 4 300scripts at boot time. 301.It Va ddb_config 302.Pq Vt str 303Configuration file for 304.Xr ddb 8 . 305Default 306.Pa /etc/ddb.conf . 307.It Va devmatch_enable 308.Pq Vt bool 309If set to 310.Dq Li NO , 311disable auto-loading of kernel modules with 312.Xr devmatch 8 . 313.It Va devmatch_blocklist 314.Pq Vt str 315A whitespace-separated list of kernel modules to be ignored by 316.Xr devmatch 8 . 317In addition, the 318.Xr kenv 1 319.Va devmatch_blocklist 320is appended to this variable to allow disabling of 321.Xr devmatch 8 322loaded modules from the boot loader. 323.It Va devmatch_blacklist 324.Pq Vt str 325This variable is deprecated. 326Use 327.Va devmatch_blocklist 328instead. 329A whitespace-separated list of kernel modules to be ignored by 330.Xr devmatch 8 . 331.It Va kld_list 332.Pq Vt str 333A whitespace-separated list of kernel modules to load right after 334the local disks are mounted, without any 335.Pa .ko 336extension or path. 337Loading modules at this point in the boot process is 338much faster than doing it via 339.Pa /boot/loader.conf 340for those modules not necessary for mounting local disks. 341.It Va kldxref_enable 342.Pq Vt bool 343Set to 344.Dq Li NO 345by default. 346Set to 347.Dq Li YES 348to automatically rebuild 349.Pa linker.hints 350files with 351.Xr kldxref 8 352at boot time. 353.It Va kldxref_clobber 354.Pq Vt bool 355Set to 356.Dq Li NO 357by default. 358If 359.Va kldxref_enable 360is true, 361setting to 362.Dq Li YES 363will overwrite existing 364.Pa linker.hints 365files at boot time. 366Otherwise, 367only missing 368.Pa linker.hints 369files are generated. 370.It Va kldxref_module_path 371.Pq Vt str 372Empty by default. 373A semi-colon 374.Pq Ql \&; 375delimited list of paths containing 376.Xr kld 4 377modules. 378If empty, 379the contents of the 380.Va kern.module_path 381.Xr sysctl 8 382are used. 383.It Va powerd_enable 384.Pq Vt bool 385If set to 386.Dq Li YES , 387enable the system power control facility with the 388.Xr powerd 8 389daemon. 390.It Va powerd_flags 391.Pq Vt str 392If 393.Va powerd_enable 394is set to 395.Dq Li YES , 396these are the flags to pass to the 397.Xr powerd 8 398daemon. 399.It Va tmpmfs 400Controls the creation of a 401.Pa /tmp 402memory file system. 403Always happens if set to 404.Dq Li YES 405and never happens if set to 406.Dq Li NO . 407If set to anything else, a memory file system is created if 408.Pa /tmp 409is not writable. 410.It Va tmpsize 411Controls the size of a created 412.Pa /tmp 413memory file system. 414.It Va tmpmfs_flags 415Extra options passed to the 416.Xr mdmfs 8 417utility when the memory file system for 418.Pa /tmp 419is created. 420The default is 421.Dq Li "-S" , 422which inhibits the use of softupdates on 423.Pa /tmp 424so that file system space is freed without delay 425after file truncation or deletion. 426See 427.Xr mdmfs 8 428for other options you can use in 429.Va tmpmfs_flags . 430.It Va varmfs 431Controls the creation of a 432.Pa /var 433memory file system. 434Always happens if set to 435.Dq Li YES 436and never happens if set to 437.Dq Li NO . 438If set to anything else, a memory file system is created if 439.Pa /var 440is not writable. 441.It Va varsize 442Controls the size of a created 443.Pa /var 444memory file system. 445.It Va varmfs_flags 446Extra options passed to the 447.Xr mdmfs 8 448utility when the memory file system for 449.Pa /var 450is created. 451The default is 452.Dq Li "-S" , 453which inhibits the use of softupdates on 454.Pa /var 455so that file system space is freed without delay 456after file truncation or deletion. 457See 458.Xr mdmfs 8 459for other options you can use in 460.Va varmfs_flags . 461.It Va populate_var 462Controls the automatic population of the 463.Pa /var 464file system. 465Always happens if set to 466.Dq Li YES 467and never happens if set to 468.Dq Li NO . 469If set to anything else, a memory file system is created if 470.Pa /var 471is not writable. 472Note that this process requires access to certain commands in 473.Pa /usr 474before 475.Pa /usr 476is mounted on normal systems. 477.It Va cleanvar_enable 478.Pq Vt bool 479Clean the 480.Pa /var 481directory. 482.It Va var_run_enable 483.Pq Vt bool 484Set to "YES" to enable saving of the 485.Pa /var/run 486directory structure into an mtree file at shutdown and the reload of the 487.Pa /var/run 488directory structure at boot. 489.It Va var_run_autosave 490.Pq Vt bool 491In some cases it may be undesirable to save 492.Pa /var/run 493at shutdown. 494When set to "NO" 495.Pa /var/run 496is loaded at reboot but not saved at shutdown. 497Typically in this scenario 498.Ql service var_run save 499would be performed to save a copy of the 500.Pa /var/run 501directory structure once, to be reloaded during all subsequent reboots. 502.It Va var_run_mtree 503.Pq Vt str 504Where to save the 505.Pa /var/run 506mtree. 507The default location is 508.Pa /var/db/mtree/BSD.var-run.mtree . 509.It Va local_startup 510.Pq Vt str 511List of directories to search for startup script files. 512.It Va script_name_sep 513.Pq Vt str 514The field separator to use for breaking down the list of startup script files 515into individual filenames. 516The default is a space. 517It is not necessary to change this unless there are startup scripts with names 518containing spaces. 519.It Va hostapd_enable 520.Pq Vt bool 521Set to 522.Dq Li YES 523to start 524.Xr hostapd 8 525at system boot time. 526.It Va hostname 527.Pq Vt str 528The fully qualified domain name (FQDN) of this host on the network. 529This should almost certainly be set to something meaningful, even if 530there is no network connection. 531If 532.Xr dhclient 8 533is used to set the hostname via DHCP, 534this variable should be set to an empty string. 535Within a 536.Xr jail 8 537the hostname is generally already set and this variable may be absent. 538If this value remains unset when the system is done booting 539your console login will display the default hostname of 540.Dq Amnesiac . 541.It Va nisdomainname 542.Pq Vt str 543The NIS domain name of this host, or 544.Dq Li NO 545if NIS is not used. 546.It Va hostid_enable 547.Pq Vt bool 548If set to 549.Dq Li NO , 550disable the generation or saving of the 551.Pa hostid 552and 553.Pa machine-id 554files at system boot and shutdown. 555.It Va hostid_file 556.Pq Vt str 557Path to the 558.Pa hostid 559file, default 560.Pa /etc/hostid . 561.It Va hostid_uuidgen_flags 562.Pq Vt str 563Flags passed to 564.Xr uuidgen 1 565when generating a software host UUID. 566This is used only if the system cannot determine a hardware UUID. 567Set to 568.Dq Li -r 569by default. 570.It Va machine_id_file 571.Pq Vt str 572Path to the 573.Pa machine-id 574file, default 575.Pa /etc/machine-id . 576.It Va dhclient_program 577.Pq Vt str 578Path to the DHCP client program, defaulting to 579.Pa /sbin/dhclient . 580.It Va dhclient_flags 581.Pq Vt str 582Additional flags to pass to the DHCP client program. 583See the 584.Xr dhclient 8 585manpage for a description of the command line options available. 586.It Va dhclient_flags_ Ns Aq Ar iface 587Additional flags to pass to the DHCP client program running on 588.Ar iface 589only. 590When specified, this variable overrides 591.Va dhclient_flags . 592.It Va background_dhclient 593.Pq Vt bool 594Set to 595.Dq Li YES 596to start the DHCP client in background. 597This can cause trouble with applications depending on 598a working network, but it will provide a faster startup 599in many cases. 600.It Va background_dhclient_ Ns Aq Ar iface 601When specified, this variable overrides the 602.Va background_dhclient 603variable for interface 604.Ar iface 605only. 606.It Va synchronous_dhclient 607.Pq Vt bool 608Set to 609.Dq Li YES 610to start 611.Xr dhclient 8 612synchronously at startup. 613This behavior can be overridden on a per-interface basis by replacing 614the 615.Dq Li DHCP 616keyword in the 617.Va ifconfig_ Ns Aq Ar interface 618variable with 619.Dq Li SYNCDHCP 620or 621.Dq Li NOSYNCDHCP . 622.It Va defaultroute_delay 623.Pq Vt int 624When set to a positive value, wait up to this long after configuring 625DHCP interfaces at startup to give the interfaces time to receive a lease. 626.It Va firewall_enable 627.Pq Vt bool 628Set to 629.Dq Li YES 630to load firewall rules at startup. 631If the kernel was not built with 632.Cd "options IPFIREWALL" , 633the 634.Pa ipfw.ko 635kernel module will be loaded. 636See also 637.Va ipfilter_enable . 638.It Va firewall_script 639.Pq Vt str 640This variable specifies the full path to the firewall script to run. 641The default is 642.Pa /etc/rc.firewall . 643.It Va firewall_type 644.Pq Vt str 645Names the firewall type from the selection in 646.Pa /etc/rc.firewall , 647or the file which contains the local firewall ruleset. 648Valid selections from 649.Pa /etc/rc.firewall 650are: 651.Pp 652.Bl -tag -width ".Li workstation" -compact 653.It Li open 654unrestricted IP access 655.It Li closed 656all IP services disabled, except via 657.Dq Li lo0 658.It Li client 659basic protection for a workstation 660.It Li workstation 661basic protection for a workstation using stateful firewalling 662.It Li simple 663basic protection for a LAN. 664.El 665.Pp 666If a filename is specified, the full path 667must be given. 668.Pp 669Most of the predefined rulesets define additional configuration variables. 670These are documented in 671.Pa /etc/rc.firewall . 672.It Va firewall_quiet 673.Pq Vt bool 674Set to 675.Dq Li YES 676to disable the display of firewall rules on the console during boot. 677.It Va firewall_logging 678.Pq Vt bool 679Set to 680.Dq Li YES 681to enable firewall event logging. 682This is equivalent to the 683.Dv IPFIREWALL_VERBOSE 684kernel option. 685.It Va firewall_logif 686.Pq Vt bool 687Set to 688.Dq Li YES 689to create pseudo interface 690.Li ipfw0 691for logging. 692For more details, see 693.Xr ipfw 8 694manual page. 695.It Va firewall_flags 696.Pq Vt str 697Flags passed to 698.Xr ipfw 8 699if 700.Va firewall_type 701specifies a filename. 702.It Va firewall_coscripts 703.Pq Vt str 704List of executables and/or rc scripts to run after firewall starts/stops. 705Default is empty. 706.\" ----- firewall_nat_enable setting -------------------------------- 707.It Va firewall_nat_enable 708.Pq Vt bool 709The 710.Xr ipfw 8 711equivalent of 712.Va natd_enable . 713Setting this to 714.Dq Li YES 715will automatically load the 716.Xr ipfw 8 717NAT kernel module if 718.Va firewall_enable 719is also set to 720.Dq Li YES . 721.It Va firewall_nat_interface 722.Pq Vt str 723The 724.Xr ipfw 8 725equivalent of 726.Va natd_interface . 727This is the name of the public interface or IP address on which 728kernel NAT should run. 729.It Va firewall_nat_flags 730.Pq Vt str 731Additional configuration parameters for kernel NAT should be placed here. 732.It Va firewall_nat64_enable 733.Pq Vt bool 734Setting this to 735.Dq Li YES 736will automatically load the 737.Xr ipfw 8 738NAT64 kernel module if 739.Va firewall_enable 740is also set to 741.Dq Li YES . 742.It Va firewall_nptv6_enable 743.Pq Vt bool 744Setting this to 745.Dq Li YES 746will automatically load the 747.Xr ipfw 8 748NPTv6 kernel module if 749.Va firewall_enable 750is also set to 751.Dq Li YES . 752.It Va firewall_pmod_enable 753.Pq Vt bool 754Setting this to 755.Dq Li YES 756will automatically load the 757.Xr ipfw 8 758pmod kernel module if 759.Va firewall_enable 760is also set to 761.Dq Li YES . 762.It Va dummynet_enable 763.Pq Vt bool 764Setting this to 765.Dq Li YES 766will automatically load the 767.Xr dummynet 4 768module if 769.Va firewall_enable 770is also set to 771.Dq Li YES . 772.\" ------------------------------------------------------------------- 773.It Va ipfw_netflow_enable 774.Pq Vt bool 775Setting this to 776.Dq Li YES 777will enable netflow logging via 778.Xr ng_netflow 4 . 779.Pp 780By default a ipfw rule is inserted and all packets are duplicated with 781the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 782port using protocol version 5. 783.It Va ipfw_netflow_hook 784.Pq Vt int 785netflow hook name, must be numerical 786(default 787.Pa 9995 ) . 788.It Va ipfw_netflow_rule 789.Pq Vt int 790ipfw rule number 791(default 792.Pa 1000 ) . 793.It Va ipfw_netflow_ip 794.Pq Vt str 795Destination server ip for receiving netflow data 796(default 797.Pa 127.0.0.1 ) . 798.It Va ipfw_netflow_port 799.Pq Vt int 800Destination server port for receiving netflow data 801(default 802.Pa 9995 ) . 803.It Va ipfw_netflow_version 804.Pq Vt int 805Do not set for using version 5 of the netflow protocol, set it to 9 for using 806version 9. 807.It Va ipfw_netflow_fib 808.Pq Vt int 809Only match packet in FIB 810.Pa ipfw_netflow_fib 811(default is undefined meaning all FIBs). 812.It Va natd_program 813.Pq Vt str 814Path to 815.Xr natd 8 . 816.It Va natd_enable 817.Pq Vt bool 818Set to 819.Dq Li YES 820to enable 821.Xr natd 8 . 822.Va firewall_enable 823must also be set to 824.Dq Li YES , 825and 826.Xr divert 4 827sockets must be enabled in the kernel. 828If the kernel was not built with 829.Cd "options IPDIVERT" , 830the 831.Pa ipdivert.ko 832kernel module will be loaded. 833.It Va natd_interface 834.Pq Vt str 835This is the name of the public interface on which 836.Xr natd 8 837should run. 838The interface may be given as an interface name or as an IP address. 839.It Va natd_flags 840.Pq Vt str 841Additional 842.Xr natd 8 843flags should be placed here. 844The 845.Fl n 846or 847.Fl a 848flag is automatically added with the above 849.Va natd_interface 850as an argument. 851.\" ----- ipfilter_enable setting -------------------------------- 852.It Va ipfilter_enable 853.Pq Vt bool 854Set to 855.Dq Li NO 856by default. 857Setting this to 858.Dq Li YES 859enables 860.Xr ipf 8 861packet filtering. 862.Pp 863Typical usage will require putting 864.Bd -literal 865ipfilter_enable="YES" 866ipnat_enable="YES" 867ipmon_enable="YES" 868ipfs_enable="YES" 869.Ed 870.Pp 871into 872.Pa /etc/rc.conf 873and editing 874.Pa /etc/ipf.rules 875and 876.Pa /etc/ipnat.rules 877appropriately. 878.Pp 879Note that 880.Va ipfilter_enable 881and 882.Va ipnat_enable 883can be enabled independently. 884.Va ipmon_enable 885and 886.Va ipfs_enable 887both require at least one of 888.Va ipfilter_enable 889and 890.Va ipnat_enable 891to be enabled. 892.Pp 893Having 894.Bd -literal 895options IPFILTER 896options IPFILTER_LOG 897options IPFILTER_DEFAULT_BLOCK 898.Ed 899.Pp 900in the kernel configuration file is a good idea, too. 901.\" ----- ipfilter_program setting ------------------------------ 902.It Va ipfilter_program 903.Pq Vt str 904Path to 905.Xr ipf 8 906(default 907.Pa /sbin/ipf ) . 908.\" ----- ipfilter_rules setting -------------------------------- 909.It Va ipfilter_rules 910.Pq Vt str 911Set to 912.Pa /etc/ipf.rules 913by default. 914This variable contains the name of the filter rule definition file. 915The file is expected to be readable for the 916.Xr ipf 8 917command to execute. 918.\" ----- ipfilter_flags setting -------------------------------- 919.It Va ipfilter_flags 920.Pq Vt str 921Empty by default. 922This variable contains flags passed to the 923.Xr ipf 8 924program. 925.\" ----- ipnat_enable setting ---------------------------------- 926.It Va ipnat_enable 927.Pq Vt bool 928Set to 929.Dq Li NO 930by default. 931Set it to 932.Dq Li YES 933to enable 934.Xr ipnat 8 935network address translation. 936See 937.Va ipfilter_enable 938for a detailed discussion. 939.\" ----- ipnat_program setting --------------------------------- 940.It Va ipnat_program 941.Pq Vt str 942Path to 943.Xr ipnat 8 944(default 945.Pa /sbin/ipnat ) . 946.\" ----- ipnat_rules setting ----------------------------------- 947.It Va ipnat_rules 948.Pq Vt str 949Set to 950.Pa /etc/ipnat.rules 951by default. 952This variable contains the name of the file 953holding the network address translation definition. 954This file is expected to be readable for the 955.Xr ipnat 8 956command to execute. 957.\" ----- ipnat_flags setting ----------------------------------- 958.It Va ipnat_flags 959.Pq Vt str 960Empty by default. 961This variable contains flags passed to the 962.Xr ipnat 8 963program. 964.\" ----- ipmon_enable setting ---------------------------------- 965.It Va ipmon_enable 966.Pq Vt bool 967Set to 968.Dq Li NO 969by default. 970Set it to 971.Dq Li YES 972to enable 973.Xr ipmon 8 974monitoring (logging 975.Xr ipf 8 976and 977.Xr ipnat 8 978events). 979Setting this variable needs setting 980.Va ipfilter_enable 981or 982.Va ipnat_enable 983too. 984See 985.Va ipfilter_enable 986for a detailed discussion. 987.\" ----- ipmon_program setting --------------------------------- 988.It Va ipmon_program 989.Pq Vt str 990Path to 991.Xr ipmon 8 992(default 993.Pa /sbin/ipmon ) . 994.\" ----- ipmon_flags setting ----------------------------------- 995.It Va ipmon_flags 996.Pq Vt str 997Set to 998.Dq Li -Ds 999by default. 1000This variable contains flags passed to the 1001.Xr ipmon 8 1002program. 1003Another typical example would be 1004.Dq Fl D Pa /var/log/ipflog 1005to have 1006.Xr ipmon 8 1007log directly to a file bypassing 1008.Xr syslogd 8 . 1009Make sure to adjust 1010.Pa /etc/newsyslog.conf 1011in such case like this: 1012.Bd -literal 1013/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 1014.Ed 1015.\" ----- ipfs_enable setting ----------------------------------- 1016.It Va ipfs_enable 1017.Pq Vt bool 1018Set to 1019.Dq Li NO 1020by default. 1021Set it to 1022.Dq Li YES 1023to enable 1024.Xr ipfs 8 1025saving the filter and NAT state tables during shutdown 1026and reloading them during startup again. 1027Setting this variable needs setting 1028.Va ipfilter_enable 1029or 1030.Va ipnat_enable 1031to 1032.Dq Li YES 1033too. 1034See 1035.Va ipfilter_enable 1036for a detailed discussion. 1037Note that if 1038.Va kern_securelevel 1039is set to 3, 1040.Va ipfs_enable 1041cannot be used 1042because the raised securelevel will prevent 1043.Xr ipfs 8 1044from saving the state tables at shutdown time. 1045.\" ----- ipfs_program setting ---------------------------------- 1046.It Va ipfs_program 1047.Pq Vt str 1048Path to 1049.Xr ipfs 8 1050(default 1051.Pa /sbin/ipfs ) . 1052.\" ----- ipfs_flags setting ------------------------------------ 1053.It Va ipfs_flags 1054.Pq Vt str 1055Empty by default. 1056This variable contains flags passed to the 1057.Xr ipfs 8 1058program. 1059.\" ----- end of added ipf hook --------------------------------- 1060.It Va pf_enable 1061.Pq Vt bool 1062Set to 1063.Dq Li NO 1064by default. 1065Setting this to 1066.Dq Li YES 1067enables 1068.Xr pf 4 1069packet filtering. 1070.Pp 1071Typical usage will require putting 1072.Pp 1073.Dl pf_enable="YES" 1074.Pp 1075into 1076.Pa /etc/rc.conf 1077and editing 1078.Pa /etc/pf.conf 1079appropriately. 1080Adding 1081.Pp 1082.Dl "device pf" 1083.Pp 1084builds support for 1085.Xr pf 4 1086into the kernel, otherwise the 1087kernel module will be loaded. 1088.It Va pf_rules 1089.Pq Vt str 1090Path to 1091.Xr pf 4 1092ruleset configuration file 1093(default 1094.Pa /etc/pf.conf ) . 1095.It Va pf_program 1096.Pq Vt str 1097Path to 1098.Xr pfctl 8 1099(default 1100.Pa /sbin/pfctl ) . 1101.It Va pf_flags 1102.Pq Vt str 1103If 1104.Va pf_enable 1105is set to 1106.Dq Li YES , 1107these flags are passed to the 1108.Xr pfctl 8 1109program when loading the ruleset. 1110.It Va pf_fallback_rules_enable 1111.Pq Vt bool 1112Set to 1113.Dq Li NO 1114by default. 1115Setting this to 1116.Dq Li YES 1117enables loading 1118.Va pf_fallback_rules_file 1119or 1120.Va pf_fallback_rules 1121in case of a problem when loading the ruleset in 1122.Va pf_rules . 1123.It Va pf_fallback_rules_file 1124.Pq Vt str 1125Path to a pf ruleset to load in case of failure when loading the 1126ruleset in 1127.Va pf_rules 1128(default 1129.Pa /etc/pf-fallback.conf ) . 1130.It Va pf_fallback_rules 1131.Pq Vt str 1132A pf ruleset to load in case of failure when loading the ruleset in 1133.Va pf_rules 1134and 1135.Va pf_fallback_rules_file 1136is not found. 1137Multiple rules can be set as follows: 1138.Bd -literal 1139pf_fallback_rules="\\ 1140 block drop log all\\ 1141 pass in quick on em0" 1142.Pp 1143.Ed 1144The default fallback rule is 1145.Dq block drop log all 1146.It Va pflog_enable 1147.Pq Vt bool 1148Set to 1149.Dq Li NO 1150by default. 1151Setting this to 1152.Dq Li YES 1153enables 1154.Xr pflogd 8 1155which logs packets from the 1156.Xr pf 4 1157packet filter. 1158.It Va pflog_logfile 1159.Pq Vt str 1160If 1161.Va pflog_enable 1162is set to 1163.Dq Li YES 1164this controls where 1165.Xr pflogd 8 1166stores the logfile 1167(default 1168.Pa /var/log/pflog ) . 1169Check 1170.Pa /etc/newsyslog.conf 1171to adjust logfile rotation for this. 1172.It Va pflog_program 1173.Pq Vt str 1174Path to 1175.Xr pflogd 8 1176(default 1177.Pa /sbin/pflogd ) . 1178.It Va pflog_flags 1179.Pq Vt str 1180Empty by default. 1181This variable contains additional flags passed to the 1182.Xr pflogd 8 1183program. 1184.It Va pflog_instances 1185.Pq Vt str 1186If logging to more than one 1187.Xr pflog 4 1188interface is desired, 1189.Va pflog_instances 1190is set to the list of 1191.Xr pflogd 8 1192instances that should be started at system boot time. 1193If 1194.Va pflog_instances 1195is set, for each whitespace-separated 1196.Ar element 1197in the list, 1198.Ao Ar element Ac Ns Va _dev 1199and 1200.Ao Ar element Ac Ns Va _logfile 1201elements are assumed to exist. 1202.Ao Ar element Ac Ns Va _dev 1203must contain the 1204.Xr pflog 4 1205interface to be watched by the named 1206.Xr pflogd 8 1207instance. 1208.Ao Ar element Ac Ns Va _logfile 1209must contain the name of the logfile that will be used by the 1210.Xr pflogd 8 1211instance. 1212.It Va ftpproxy_enable 1213.Pq Vt bool 1214Set to 1215.Dq Li NO 1216by default. 1217Setting this to 1218.Dq Li YES 1219enables 1220.Xr ftp-proxy 8 1221which supports the 1222.Xr pf 4 1223packet filter in translating ftp connections. 1224.It Va ftpproxy_flags 1225.Pq Vt str 1226Empty by default. 1227This variable contains additional flags passed to the 1228.Xr ftp-proxy 8 1229program. 1230.It Va ftpproxy_instances 1231.Pq Vt str 1232Empty by default. 1233If multiple instances of 1234.Xr ftp-proxy 8 1235are desired at boot time, 1236.Va ftpproxy_instances 1237should contain a whitespace-separated list of instance names. 1238For each 1239.Ar element 1240in the list, a variable named 1241.Ao Ar element Ac Ns Va _flags 1242should be defined, containing the command-line flags to be passed to the 1243.Xr ftp-proxy 8 1244instance. 1245.It Va pfsync_enable 1246.Pq Vt bool 1247Set to 1248.Dq Li NO 1249by default. 1250Setting this to 1251.Dq Li YES 1252enables exposing 1253.Xr pf 4 1254state changes to other hosts over the network by means of 1255.Xr pfsync 4 . 1256The 1257.Va pfsync_syncdev 1258variable 1259must also be set then. 1260.It Va pfsync_syncdev 1261.Pq Vt str 1262Empty by default. 1263This variable specifies the name of the network interface 1264.Xr pfsync 4 1265should operate through. 1266It must be set accordingly if 1267.Va pfsync_enable 1268is set to 1269.Dq Li YES . 1270.It Va pfsync_syncpeer 1271.Pq Vt str 1272Empty by default. 1273This variable is optional. 1274By default, state change messages are sent out on the synchronisation 1275interface using IP multicast packets. 1276The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1277224.0.0.240. 1278When a peer address is specified using the 1279.Va pfsync_syncpeer 1280option, the peer address is used as a destination for the pfsync 1281traffic, and the traffic can then be protected using 1282.Xr ipsec 4 . 1283See the 1284.Xr pfsync 4 1285manpage for more details about using 1286.Xr ipsec 4 1287with 1288.Xr pfsync 4 1289interfaces. 1290.It Va pfsync_ifconfig 1291.Pq Vt str 1292Empty by default. 1293This variable can contain additional options to be passed to the 1294.Xr ifconfig 8 1295command used to set up 1296.Xr pfsync 4 . 1297.It Va tcp_extensions 1298.Pq Vt bool 1299Set to 1300.Dq Li YES 1301by default. 1302Setting this to 1303.Dq Li NO 1304disables certain TCP options as described by 1305.Rs 1306.%T "RFC 1323" 1307.Re 1308Setting this to 1309.Dq Li NO 1310might help remedy such problems with connections as randomly hanging 1311or other weird behavior. 1312Some network devices are known 1313to be broken with respect to these options. 1314.It Va log_in_vain 1315.Pq Vt int 1316Set to 0 by default. 1317The 1318.Xr sysctl 8 1319variables, 1320.Va net.inet.tcp.log_in_vain 1321and 1322.Va net.inet.udp.log_in_vain , 1323as described in 1324.Xr tcp 4 1325and 1326.Xr udp 4 , 1327are set to the given value. 1328.It Va tcp_keepalive 1329.Pq Vt bool 1330Set to 1331.Dq Li YES 1332by default. 1333Setting to 1334.Dq Li NO 1335will disable probing idle TCP connections to verify that the 1336peer is still up and reachable. 1337.It Va tcp_drop_synfin 1338.Pq Vt bool 1339Set to 1340.Dq Li NO 1341by default. 1342Setting to 1343.Dq Li YES 1344will cause the kernel to ignore TCP frames that have both 1345the SYN and FIN flags set. 1346This prevents OS fingerprinting, but may 1347break some legitimate applications. 1348.It Va icmp_drop_redirect 1349.Pq Vt bool 1350Set to 1351.Dq Li AUTO 1352by default. 1353This setting will be identical to 1354.Dq Li YES , 1355if a dynamic routing daemon is enabled, because redirect processing may 1356cause performance issues for large routing tables. 1357If no such service is enabled, this setting behaves like a 1358.Dq Li NO . 1359Setting to 1360.Dq Li YES 1361will cause the kernel to ignore ICMP REDIRECT packets. 1362Setting to 1363.Dq Li NO 1364will cause the kernel to process ICMP REDIRECT packets. 1365Refer to 1366.Xr icmp 4 1367for more information. 1368.It Va icmp_log_redirect 1369.Pq Vt bool 1370Set to 1371.Dq Li NO 1372by default. 1373Setting to 1374.Dq Li YES 1375will cause the kernel to log ICMP REDIRECT packets. 1376Note that 1377the log messages are not rate-limited, so this option should only be used 1378for troubleshooting networks. 1379Refer to 1380.Xr icmp 4 1381for more information. 1382.It Va icmp_bmcastecho 1383.Pq Vt bool 1384Set to 1385.Dq Li YES 1386to respond to broadcast or multicast ICMP ping packets. 1387Refer to 1388.Xr icmp 4 1389for more information. 1390.It Va ip_portrange_first 1391.Pq Vt int 1392If not set to 1393.Dq Li NO , 1394this is the first port in the default portrange. 1395Refer to 1396.Xr ip 4 1397for more information. 1398.It Va ip_portrange_last 1399.Pq Vt int 1400If not set to 1401.Dq Li NO , 1402this is the last port in the default portrange. 1403Refer to 1404.Xr ip 4 1405for more information. 1406.It Va network_interfaces 1407.Pq Vt str 1408Set to the list of network interfaces to configure on this host or 1409.Dq Li AUTO 1410(the default) for all current interfaces. 1411Setting the 1412.Va network_interfaces 1413variable to anything other than the default is deprecated. 1414Interfaces that the administrator wishes to store configuration for, 1415but not start at boot should be configured with the 1416.Dq Li NOAUTO 1417keyword in their 1418.Va ifconfig_ Ns Aq Ar interface 1419variables as described below. 1420.Pp 1421An 1422.Va ifconfig_ Ns Aq Ar interface 1423variable is assumed to exist for each value of 1424.Ar interface . 1425When an interface name contains any of the characters 1426.Dq Li .-/+ 1427they are translated to 1428.Dq Li _ 1429before lookup. 1430For example, the interface 1431.Va em0.102 1432would be configured using the variable 1433.Va ifconfig_em0_102 . 1434.Pp 1435The variable can contain arguments to 1436.Xr ifconfig 8 , 1437as well as special case-insensitive keywords described below. 1438Such keywords are removed before passing the value to 1439.Xr ifconfig 8 1440while the order of the other arguments is preserved. 1441.Pp 1442For example, to assign the IPv4 address 192.0.2.1/24 to the interface em0: 1443.Bd -literal 1444ifconfig_em0="inet 192.0.2.1/24 up" 1445.Ed 1446.Pp 1447If the variable 1448.Va ifconfig_ Ns Ao Ar interface Ac Ns Pa _ipv6 1449is set, then 1450.Va ifconfig_ Ns Aq Ar interface 1451does not need to be set unless an IPv4 address should also be assigned to 1452the interface. 1453.Pp 1454It is possible to add IP alias entries using 1455.Xr ifconfig 8 1456syntax with the address family keyword such as 1457.Li inet . 1458Assuming that the interface in question was 1459.Li em0 , 1460it might look something like this: 1461.Bd -literal 1462ifconfig_em0_alias0="inet 127.0.0.253/32" 1463ifconfig_em0_alias1="inet 127.0.0.254/32" 1464.Ed 1465.Pp 1466It also possible to configure multiple IP addresses in Classless 1467Inter-Domain Routing 1468.Pq CIDR 1469address notation, 1470whose each address component can be a range like 1471.Li inet 192.0.2.5-23/24 1472or 1473.Li inet6 2001:db8:1-f::1/64 . 1474This notation allows address and prefix length part only, 1475not the other address modifiers. 1476Note that the maximum number of the generated addresses from a range 1477specification is limited to an integer value specified in 1478.Va netif_ipexpand_max 1479in 1480.Nm 1481because a small typo can unexpectedly generate a large number of addresses. 1482The default value is 1483.Li 2048 . 1484It can be increased by adding the following line into 1485.Nm : 1486.Bd -literal 1487netif_ipexpand_max="4096" 1488.Ed 1489.Pp 1490In the case of 1491.Li 192.0.2.5-23/24 , 1492the address 192.0.2.5 will be configured with the prefix length /24 and the 1493addresses 192.0.2.6 to 192.0.2.23 with the non-conflicting prefix length /32 as 1494explained in the 1495.Xr ifconfig 8 1496alias section. 1497Note that this special CIDR handling is only for 1498.Li inet , 1499not for the other address families such as 1500.Li inet6 . 1501.Pp 1502With the interface in question being 1503.Li em0 , 1504an example could look like: 1505.Bd -literal 1506ifconfig_em0_alias2="inet 192.0.2.129/27" 1507ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1508.Ed 1509.Pp 1510and so on. 1511.Pp 1512Note that deprecated 1513.Va ipv4_addrs_ Ns Aq Ar interface 1514variable was supported for IPv4 CIDR address notation. 1515The 1516.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1517variable replaces it, though 1518.Va ipv4_addrs_ Ns Aq Ar interface 1519is still supported for backward compatibility. 1520.Pp 1521For each 1522.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1523entry with an address family keyword, 1524its contents are passed to 1525.Xr ifconfig 8 . 1526Execution stops at the first unsuccessful access, so if 1527something like this is present: 1528.Bd -literal 1529ifconfig_em0_alias0="inet 127.0.0.251/32" 1530ifconfig_em0_alias1="inet 127.0.0.252/32" 1531ifconfig_em0_alias2="inet 127.0.0.253/32" 1532ifconfig_em0_alias4="inet 127.0.0.254/32" 1533.Ed 1534.Pp 1535Then note that alias4 would 1536.Em not 1537be added since the search would 1538stop with the missing 1539.Dq Li alias3 1540entry. 1541Because of this difficult to manage behavior, 1542there is 1543.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1544variable, which has the same functionality as 1545.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1546and can have all of the entries in a variable like the following: 1547.Bd -literal 1548ifconfig_em0_aliases="\\ 1549 inet 127.0.0.251/32 \\ 1550 inet 127.0.0.252/32 \\ 1551 inet 127.0.0.253/32 \\ 1552 inet 127.0.0.254/32" 1553.Ed 1554.Pp 1555It also supports netmask notation for backward compatibility. 1556.Pp 1557If the 1558.Pa /etc/start_if . Ns Aq Ar interface 1559file is present, it is read and executed by the 1560.Xr sh 1 1561interpreter 1562before configuring the interface as specified in the 1563.Va ifconfig_ Ns Aq Ar interface 1564and 1565.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1566variables. 1567.Pp 1568If a 1569.Va vlans_ Ns Aq Ar interface 1570variable is set, 1571a 1572.Xr vlan 4 1573interface will be created for each item in the list with the 1574.Ar vlandev 1575argument set to 1576.Ar interface . 1577If a vlan interface's name is a number, 1578then that number is used as the vlan tag and the new vlan interface is 1579named 1580.Ar interface . Ns Ar tag . 1581Otherwise, 1582the vlan tag must be specified via a 1583.Va vlan 1584parameter in the 1585.Va create_args_ Ns Aq Ar interface 1586variable. 1587.Pp 1588To create a vlan device named 1589.Li em0.101 1590on 1591.Li em0 1592with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24: 1593.Bd -literal 1594vlans_em0="101" 1595ifconfig_em0_101="inet 192.0.2.1/24" 1596.Ed 1597.Pp 1598To create a vlan device named 1599.Li myvlan 1600on 1601.Li em0 1602with the vlan tag 102: 1603.Bd -literal 1604vlans_em0="myvlan" 1605create_args_myvlan="vlan 102" 1606.Ed 1607.Pp 1608If a 1609.Va wlans_ Ns Aq Ar interface 1610variable is set, 1611an 1612.Xr wlan 4 1613interface will be created for each item in the list with the 1614.Ar wlandev 1615argument set to 1616.Ar interface . 1617Further wlan cloning arguments may be passed to the 1618.Xr ifconfig 8 1619.Cm create 1620command by setting the 1621.Va create_args_ Ns Aq Ar interface 1622variable. 1623One or more 1624.Xr wlan 4 1625devices must be created for each wireless device as of 1626.Fx 8.0 . 1627Debugging flags for 1628.Xr wlan 4 1629devices as set by 1630.Xr wlandebug 8 1631may be specified with an 1632.Va wlandebug_ Ns Aq Ar interface 1633variable. 1634The contents of this variable will be passed directly to 1635.Xr wlandebug 8 . 1636.Pp 1637If the 1638.Va ifconfig_ Ns Aq Ar interface 1639contains the keyword 1640.Dq Li NOAUTO 1641then the interface will not be configured 1642at boot or by 1643.Pa /etc/pccard_ether 1644when 1645.Va network_interfaces 1646is set to 1647.Dq Li AUTO . 1648.Pp 1649It is possible to bring up an interface with DHCP by adding 1650.Dq Li DHCP 1651to the 1652.Va ifconfig_ Ns Aq Ar interface 1653variable. 1654For instance, to initialize the 1655.Li em0 1656device via DHCP, 1657it is possible to use something like: 1658.Bd -literal 1659ifconfig_em0="DHCP" 1660.Ed 1661.Pp 1662If you want to configure your wireless interface with 1663.Xr wpa_supplicant 8 1664for use with WPA, EAP/LEAP or WEP, you need to add 1665.Dq Li WPA 1666to the 1667.Va ifconfig_ Ns Aq Ar interface 1668variable. 1669.Pp 1670On the other hand, if you want to configure your wireless interface with 1671.Xr hostapd 8 , 1672you need to add 1673.Dq Li HOSTAP 1674to the 1675.Va ifconfig_ Ns Aq Ar interface 1676variable. 1677.Xr hostapd 8 1678will use the settings from 1679.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1680.Pp 1681Finally, you can add 1682.Xr ifconfig 8 1683options in this variable, in addition to the 1684.Pa /etc/start_if . Ns Aq Ar interface 1685file. 1686For instance, to configure an 1687.Xr ath 4 1688wireless device in station mode with an address obtained 1689via DHCP, using WPA authentication and 802.11b mode, it is 1690possible to use something like: 1691.Bd -literal 1692wlans_ath0="wlan0" 1693ifconfig_wlan0="DHCP WPA mode 11b" 1694.Ed 1695.Pp 1696In addition to the 1697.Va ifconfig_ Ns Aq Ar interface 1698form, a fallback variable 1699.Va ifconfig_DEFAULT 1700may be configured. 1701It will be used for all interfaces with no 1702.Va ifconfig_ Ns Aq Ar interface 1703variable. 1704.Pp 1705It is also possible to rename an interface by doing: 1706.Bd -literal 1707ifconfig_em0_name="net0" 1708ifconfig_net0="inet 192.0.2.1/24" 1709.Ed 1710.It Va ipv6_enable 1711.Pq Vt bool 1712This variable is deprecated. 1713Use 1714.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1715and 1716.Va ipv6_activate_all_interfaces 1717if necessary. 1718.Pp 1719If the variable is 1720.Dq Li YES , 1721.Dq Li inet6 accept_rtadv 1722is added to all of 1723.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1724and the 1725.Va ipv6_activate_all_interfaces 1726is defined as 1727.Dq Li YES . 1728.It Va ipv6_prefer 1729.Pq Vt bool 1730This variable is deprecated. 1731Use 1732.Va ip6addrctl_policy 1733instead. 1734.Pp 1735If the variable is 1736.Dq Li YES , 1737the default address selection policy table set by 1738.Xr ip6addrctl 8 1739will be IPv6-preferred. 1740.Pp 1741If the variable is 1742.Dq Li NO , 1743the default address selection policy table set by 1744.Xr ip6addrctl 8 1745will be IPv4-preferred. 1746.It Va ipv6_activate_all_interfaces 1747.Pq Vt bool 1748This controls initial configuration on IPv6-capable 1749interfaces with no corresponding 1750.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1751variable. 1752Note that it is not always necessary to set this variable to 1753.Dq YES 1754to use IPv6 functionality on 1755.Fx . 1756In most cases, just configuring 1757.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1758variables works. 1759.Pp 1760If the variable is 1761.Dq Li NO , 1762all interfaces which do not have a corresponding 1763.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1764variable will be marked as 1765.Dq Li IFDISABLED 1766at creation. 1767This means that all IPv6 functionality on that interface 1768is completely disabled to enforce a security policy. 1769If the variable is set to 1770.Dq YES , 1771the flag will be cleared on all of the interfaces. 1772.Pp 1773In most cases, just defining an 1774.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1775for an IPv6-capable interface should be sufficient. 1776However, if an interface is added dynamically 1777.Pq by some tunneling protocols such as PPP, for example , 1778it is often difficult to define the variable in advance. 1779In such a case, configuring the 1780.Dq Li IFDISABLED 1781flag can be disabled by setting this variable to 1782.Dq YES . 1783.Pp 1784For more details of the 1785.Dq Li IFDISABLED 1786flag and keywords 1787.Dq Li inet6 ifdisabled , 1788see 1789.Xr ifconfig 8 . 1790.Pp 1791Default is 1792.Dq Li NO . 1793.It Va ipv6_privacy 1794.Pq Vt bool 1795If the variable is 1796.Dq Li YES 1797privacy addresses will be generated for each IPv6 1798interface as described in RFC 4941. 1799.It Va ipv6_network_interfaces 1800.Pq Vt str 1801This is the IPv6 equivalent of 1802.Va network_interfaces . 1803Normally manual configuration of this variable is not needed. 1804.It Va ipv6_cpe_wanif 1805.Pq Vt str 1806If the variable is set to an interface name, 1807the 1808.Xr ifconfig 8 1809options 1810.Dq inet6 -no_radr accept_rtadv 1811will be added to the specified interface automatically before evaluating 1812.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1813and two 1814.Xr sysctl 8 1815variables 1816.Va net.inet6.ip6.rfc6204w3 1817and 1818.Va net.inet6.ip6.no_radr 1819will be set to 1. 1820.Pp 1821This means the specified interface will accept ICMPv6 Router 1822Advertisement messages on that link and add the discovered 1823routers into the Default Router List. 1824While the other interfaces can still accept RA messages if the 1825.Dq inet6 accept_rtadv 1826option is specified, adding 1827routes into the Default Router List will be disabled by 1828.Dq inet6 no_radr 1829option by default. 1830See 1831.Xr ifconfig 8 1832for more details. 1833.Pp 1834Note that ICMPv6 Router Advertisement messages will be 1835accepted even when 1836.Va net.inet6.ip6.forwarding 1837is 1 1838.Pq packet forwarding is enabled 1839when 1840.Va net.inet6.ip6.rfc6204w3 1841is set to 1. 1842.Pp 1843Default is 1844.Dq Li NO . 1845.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1846.Pq Vt str 1847This assigns arbitrary description to an interface. 1848The 1849.Xr sysctl 8 1850variable 1851.Va net.ifdescr_maxlen 1852limits its length. 1853This static setting may be overridden by commands 1854started with dynamic interface configuration utilities 1855like 1856.Xr dhclient 8 1857hooks. 1858The description can be seen with 1859.Xr ifconfig 8 1860command and it may be exported with 1861.Xr bsnmpd 1 1862daemon using its MIB-2 module. 1863.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1864.Pq Vt str 1865IPv6 functionality on an interface should be configured by 1866.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1867instead of setting ifconfig parameters in 1868.Va ifconfig_ Ns Aq Ar interface . 1869If this variable is empty, all IPv6 configurations on the 1870specified interface by other variables such as 1871.Va ipv6_prefix_ Ns Ao Ar interface Ac 1872will be ignored. 1873.Pp 1874Aliases should be set by 1875.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1876with 1877.Dq Li inet6 1878keyword. 1879For example: 1880.Bd -literal 1881ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1882ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1883.Ed 1884.Pp 1885Interfaces that have an 1886.Dq Li inet6 accept_rtadv 1887keyword in 1888.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1889setting will be automatically configured by SLAAC 1890.Pq StateLess Address AutoConfiguration 1891described in 1892.Rs 1893.%T "RFC 4862" 1894.Re 1895.Pp 1896Note that a link-local address will be automatically configured in 1897addition to the configured global-scope addresses because the IPv6 1898specifications require it on each link. 1899The address is calculated from the MAC address by using an algorithm 1900defined in 1901.Rs 1902.%T "RFC 4862" 1903.%O "Section 5.3" 1904.Re 1905.Pp 1906If only a link-local address is needed on the interface, 1907the following configuration can be used: 1908.Bd -literal 1909ifconfig_em0_ipv6="inet6 auto_linklocal" 1910.Ed 1911.Pp 1912A link-local address can also be configured manually. 1913This is useful for the default router address of an IPv6 router 1914so that it does not change when the network interface 1915card is replaced. 1916For example: 1917.Bd -literal 1918ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1919.Ed 1920.It Va ipv6_prefix_ Ns Aq Ar interface 1921.Pq Vt str 1922If one or more prefixes are defined in 1923.Va ipv6_prefix_ Ns Aq Ar interface 1924addresses based on each prefix and the EUI-64 interface index will be 1925configured on that interface. 1926Note that this variable will be ignored when 1927.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1928is empty. 1929.Pp 1930For example, the following configuration 1931.Bd -literal 1932ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1933.Ed 1934.Pp 1935is equivalent to the following: 1936.Bd -literal 1937ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1938ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1939ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1940ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1941.Ed 1942.Pp 1943These Subnet-Router anycast addresses will be added only when 1944.Va ipv6_gateway_enable 1945is YES. 1946.It Va ipv6_default_interface 1947.Pq Vt str 1948If not set to 1949.Dq Li NO , 1950this is the default output interface for scoped addresses. 1951This works only with ipv6_gateway_enable="NO". 1952.It Va ip6addrctl_enable 1953.Pq Vt bool 1954This variable is to enable configuring default address selection policy table 1955.Pq RFC 3484 . 1956The table can be specified in another variable 1957.Va ip6addrctl_policy . 1958For 1959.Va ip6addrctl_policy 1960the following keywords can be specified: 1961.Dq Li ipv4_prefer , 1962.Dq Li ipv6_prefer , 1963or 1964.Dq Li AUTO . 1965.Pp 1966If 1967.Dq Li ipv4_prefer 1968or 1969.Dq Li ipv6_prefer 1970is specified, 1971.Xr ip6addrctl 8 1972installs a pre-defined policy table described in Section 10.3 1973.Pq IPv4-preferred 1974or 2.1 1975.Pq IPv6-preferred 1976of RFC 3484. 1977.Pp 1978If 1979.Dq Li AUTO 1980is specified, it attempts to read a file 1981.Pa /etc/ip6addrctl.conf 1982first. 1983If this file is found, 1984.Xr ip6addrctl 8 1985reads and installs it. 1986If not found, a policy is automatically set 1987according to 1988.Va ipv6_activate_all_interfaces 1989variable; if the variable is set to 1990.Dq Li YES 1991the IPv6-preferred one is used. 1992Otherwise IPv4-preferred. 1993.Pp 1994The default value of 1995.Va ip6addrctl_enable 1996and 1997.Va ip6addrctl_policy 1998are 1999.Dq Li YES 2000and 2001.Dq Li AUTO , 2002respectively. 2003.It Va cloned_interfaces 2004.Pq Vt str 2005Set to the list of clonable network interfaces to create on this host. 2006Further cloning arguments may be passed to the 2007.Xr ifconfig 8 2008.Cm create 2009command for each interface by setting the 2010.Va create_args_ Ns Aq Ar interface 2011variable. 2012If an interface name is specified with 2013.Dq :sticky 2014keyword, 2015the interface will not be destroyed even when 2016.Pa rc.d/netif 2017script is invoked with 2018.Dq stop 2019argument. 2020This is useful when reconfiguring the interface without destroying it. 2021Entries in 2022.Va cloned_interfaces 2023are automatically appended to 2024.Va network_interfaces 2025for configuration. 2026.It Va cloned_interfaces_sticky 2027.Pq Vt bool 2028This variable is to globally enable functionality of 2029.Dq :sticky 2030keyword in 2031.Va cloned_interfaces 2032for all interfaces. 2033The default value is 2034.Dq NO . 2035Even if this variable is specified to 2036.Dq YES , 2037.Dq :nosticky 2038keyword can be used to override it on per interface basis. 2039.It Va gif_interfaces 2040Set to the list of 2041.Xr gif 4 2042tunnel interfaces to configure on this host. 2043A 2044.Va gifconfig_ Ns Aq Ar interface 2045variable is assumed to exist for each value of 2046.Ar interface . 2047The value of this variable is used to configure the link layer of the 2048tunnel using the 2049.Cm tunnel 2050option to 2051.Xr ifconfig 8 . 2052Additionally, this option ensures that each listed interface is created 2053via the 2054.Cm create 2055option to 2056.Xr ifconfig 8 2057before attempting to configure it. 2058.Pp 2059For example, configure two 2060.Xr gif 4 2061interfaces with: 2062.Bd -literal 2063gif_interfaces="gif0 gif1" 2064gifconfig_gif0="100.64.0.1 100.64.0.2" 2065ifconfig_gif0="inet 10.0.0.1/30 10.0.0.2" 2066gifconfig_gif1="inet6 2a00::1 2a01::1" 2067ifconfig_gif1="inet 10.1.0.1/30 10.1.0.2" 2068.Ed 2069.It Va ppp_enable 2070.Pq Vt bool 2071If set to 2072.Dq Li YES , 2073run the 2074.Xr ppp 8 2075daemon. 2076.It Va ppp_profile 2077.Pq Vt str 2078The name of the profile to use from 2079.Pa /etc/ppp/ppp.conf . 2080Also used for per-profile overrides of 2081.Va ppp_mode 2082and 2083.Va ppp_nat , 2084and 2085.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2086When the profile name contains any of the characters 2087.Dq Li .-/+ 2088they are translated to 2089.Dq Li _ 2090for the proposes of the override variable names. 2091.It Va ppp_mode 2092.Pq Vt str 2093Mode in which to run the 2094.Xr ppp 8 2095daemon. 2096.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2097.Pq Vt str 2098Overrides the global 2099.Va ppp_mode 2100for 2101.Ar profile . 2102Accepted modes are 2103.Dq Li auto , 2104.Dq Li ddial , 2105.Dq Li direct 2106and 2107.Dq Li dedicated . 2108See the manual for a full description. 2109.It Va ppp_nat 2110.Pq Vt bool 2111If set to 2112.Dq Li YES , 2113enables network address translation. 2114Used in conjunction with 2115.Va gateway_enable 2116allows hosts on private network addresses access to the Internet using 2117this host as a network address translating router. 2118Default is 2119.Dq Li YES . 2120.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2121.Pq Vt str 2122Overrides the global 2123.Va ppp_nat 2124for 2125.Ar profile . 2126.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2127.Pq Vt int 2128Set the unit number to be used for this profile. 2129See the manual description of 2130.Fl unit Ns Ar N 2131for details. 2132.It Va ppp_user 2133.Pq Vt str 2134The name of the user under which 2135.Xr ppp 8 2136should be started. 2137By 2138default, 2139.Xr ppp 8 2140is started as 2141.Dq Li root . 2142.It Va rc_conf_files 2143.Pq Vt str 2144This option is used to specify a list of files that will override 2145the settings in 2146.Pa /etc/defaults/rc.conf . 2147The files will be read in the order in which they are specified and should 2148include the full path to the file. 2149By default, the files specified are 2150.Pa /etc/rc.conf 2151and 2152.Pa /etc/rc.conf.local . 2153.It Va zfs_enable 2154.Pq Vt bool 2155If set to 2156.Dq Li YES , 2157.Pa /etc/rc.d/zfs 2158will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2159(ZVOLs). 2160.It Va zpool_reguid 2161.Pq Vt str 2162A space-separated list of ZFS pool names for which new pool GUIDs should be 2163assigned upon first boot. 2164This is useful when using a ZFS pool copied from a template, such as a virtual 2165machine image. 2166.It Va zpool_upgrade 2167.Pq Vt str 2168A space-separated list of ZFS pool names for which the version should be 2169upgraded upon first boot. 2170This is useful when using a ZFS pool generated by the 2171.Xr makefs 8 2172utility. 2173.It Va gptboot_enable 2174.Pq Vt bool 2175If set to 2176.Dq Li YES , 2177.Pa /etc/rc.d/gptboot 2178will log if the system successfully (or not) booted from a GPT partition, 2179which had the 2180.Ar bootonce 2181attribute set using 2182.Xr gpart 8 2183utility. 2184.It Va gbde_autoattach_all 2185.Pq Vt bool 2186If set to 2187.Dq Li YES , 2188.Pa /etc/rc.d/gbde 2189will attempt to automatically initialize the .bde devices specified in 2190.Pa /etc/fstab . 2191.It Va gbde_devices 2192.Pq Vt str 2193List the devices that the script should try to attach, 2194or 2195.Dq Li AUTO . 2196.It Va gbde_lockdir 2197.Pq Vt str 2198The directory where the 2199.Xr gbde 4 2200lockfiles are located. 2201The default lockfile directory is 2202.Pa /etc . 2203.Pp 2204The lockfile for each individual 2205.Xr gbde 4 2206device can be overridden by setting the variable 2207.Va gbde_lock_ Ns Aq Ar device , 2208where 2209.Ar device 2210is the encrypted device without the 2211.Dq Pa /dev/ 2212and 2213.Dq Pa .bde 2214parts. 2215.It Va gbde_attach_attempts 2216.Pq Vt int 2217Number of times to attempt attaching to a 2218.Xr gbde 4 2219device, i.e., how many times the user is asked for the pass-phrase. 2220Default is 3. 2221.It Va geli_devices 2222.Pq Vt str 2223List of devices to automatically attach on boot. 2224Note that .eli devices from 2225.Pa /etc/fstab 2226are automatically appended to this list. 2227.It Va geli_groups 2228.Pq Vt str 2229List of groups containing devices to automatically attach on boot with the same 2230keyfiles and passphrase. 2231This must be accompanied with a corresponding 2232.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2233variable. 2234.It Va geli_tries 2235.Pq Vt int 2236Number of times user is asked for the pass-phrase. 2237If empty, it will be taken from 2238.Va kern.geom.eli.tries 2239sysctl variable. 2240.It Va geli_default_flags 2241.Pq Vt str 2242Default flags to use by 2243.Xr geli 8 2244when configuring disk encryption. 2245Flags can be configured for every device separately by defining the 2246.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2247variable, and for every group separately by defining the 2248.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2249variable. 2250.It Va geli_autodetach 2251.Pq Vt str 2252Specifies if GELI devices should be marked for detach on last close after 2253file systems are mounted. 2254Default is 2255.Dq Li YES . 2256This can be changed for every device separately by defining the 2257.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2258variable. 2259.It Va root_rw_mount 2260.Pq Vt bool 2261Set to 2262.Dq Li YES 2263by default. 2264After the file systems are checked at boot time, the root file system 2265is remounted as read-write if this is set to 2266.Dq Li YES . 2267Diskless systems that mount their root file system from a read-only remote 2268NFS share should set this to 2269.Dq Li NO 2270in their 2271.Pa rc.conf . 2272.It Va fsck_y_enable 2273.Pq Vt bool 2274If set to 2275.Dq Li YES , 2276.Xr fsck 8 2277will be run with the 2278.Fl y 2279flag if the initial preen 2280of the file systems fails. 2281.It Va background_fsck 2282.Pq Vt bool 2283If set to 2284.Dq Li NO , 2285the system will not attempt to run 2286.Xr fsck 8 2287in the background where possible. 2288.It Va background_fsck_delay 2289.Pq Vt int 2290The amount of time in seconds to sleep before starting a background 2291.Xr fsck 8 . 2292It defaults to sixty seconds to allow large applications such as 2293the X server to start before disk I/O bandwidth is monopolized by 2294.Xr fsck 8 . 2295If set to a negative number, the background file system check will be 2296delayed indefinitely to allow the administrator to run it at a more 2297convenient time. 2298For example it may be run from 2299.Xr cron 8 2300by adding a line like 2301.Pp 2302.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2303.Pp 2304to 2305.Pa /etc/crontab . 2306.It Va netfs_types 2307.Pq Vt str 2308List of file system types that are network-based. 2309This list should generally not be modified by end users. 2310Use 2311.Va extra_netfs_types 2312instead. 2313.It Va extra_netfs_types 2314.Pq Vt str 2315If set to something other than 2316.Dq Li NO 2317(the default), 2318this variable extends the list of file system types 2319for which automatic mounting at startup by 2320.Xr rc 8 2321should be delayed until the network is initialized. 2322It should contain 2323a whitespace-separated list of network file system descriptor pairs, 2324each consisting of a file system type as passed to 2325.Xr mount 8 2326and a human-readable, one-word description, 2327joined with a colon 2328.Pq Ql \&: . 2329Extending the default list in this way is only necessary 2330when third party file system types are used. 2331.It Va syslogd_enable 2332.Pq Vt bool 2333If set to 2334.Dq Li YES , 2335run the 2336.Xr syslogd 8 2337daemon. 2338Note, the 2339.Va syslogd_oomprotect 2340variable is set to 2341.Dq Li YES 2342by default in 2343.Pa /etc/defaults/rc.conf . 2344.It Va syslogd_program 2345.Pq Vt str 2346Path to 2347.Xr syslogd 8 2348(default 2349.Pa /usr/sbin/syslogd ) . 2350.It Va syslogd_flags 2351.Pq Vt str 2352If 2353.Va syslogd_enable 2354is set to 2355.Dq Li YES , 2356these are the flags to pass to 2357.Xr syslogd 8 . 2358.It Va inetd_enable 2359.Pq Vt bool 2360If set to 2361.Dq Li YES , 2362run the 2363.Xr inetd 8 2364daemon. 2365.It Va inetd_program 2366.Pq Vt str 2367Path to 2368.Xr inetd 8 2369(default 2370.Pa /usr/sbin/inetd ) . 2371.It Va inetd_flags 2372.Pq Vt str 2373If 2374.Va inetd_enable 2375is set to 2376.Dq Li YES , 2377these are the flags to pass to 2378.Xr inetd 8 . 2379.It Va hastd_enable 2380.Pq Vt bool 2381If set to 2382.Dq Li YES , 2383run the 2384.Xr hastd 8 2385daemon. 2386.It Va hastd_program 2387.Pq Vt str 2388Path to 2389.Xr hastd 8 2390(default 2391.Pa /sbin/hastd ) . 2392.It Va hastd_flags 2393.Pq Vt str 2394If 2395.Va hastd_enable 2396is set to 2397.Dq Li YES , 2398these are the flags to pass to 2399.Xr hastd 8 . 2400.It Va local_unbound_enable 2401.Pq Vt bool 2402If set to 2403.Dq Li YES , 2404run the 2405.Xr unbound 8 2406daemon as a local caching DNS resolver. 2407Note, the 2408.Va local_unbound_oomprotect 2409variable is set to 2410.Dq Li YES 2411by default in 2412.Pa /etc/defaults/rc.conf . 2413.It Va nscd_enable 2414.Pq Vt bool 2415Set to 2416.Dq Li YES 2417to start the 2418.Xr nscd 8 2419caching daemon for the 2420.Nm nsswitch 2421subsystem. 2422.It Va nscd_flags 2423.Pq Vt str 2424If 2425.Va nscd_enable 2426is set to 2427.Dq Li YES , 2428these flags are passed to 2429.Xr nscd 8 . 2430.It Va kdc_enable 2431.Pq Vt bool 2432Set to 2433.Dq Li YES 2434to start a Kerberos 5 authentication server 2435at boot time. 2436.It Va kdc_program 2437.Pq Vt str 2438If 2439.Va kdc_enable 2440is set to 2441.Dq Li YES 2442this is the path to Kerberos 5 Authentication Server. 2443.It Va kdc_flags 2444.Pq Vt str 2445Empty by default. 2446This variable contains additional flags to be passed to the Kerberos 5 2447authentication server. 2448.It Va kadmind_enable 2449.Pq Vt bool 2450Set to 2451.Dq Li YES 2452to start 2453.Xr kadmind 8 , 2454the Kerberos 5 Administration Daemon; set to 2455.Dq Li NO 2456on a slave server. 2457.It Va kadmind_program 2458.Pq Vt str 2459If 2460.Va kadmind_enable 2461is set to 2462.Dq Li YES 2463this is the path to Kerberos 5 Administration Daemon. 2464.It Va kpasswdd_enable 2465.Pq Vt bool 2466Set to 2467.Dq Li YES 2468to start 2469.Xr kpasswdd 8 , 2470the Kerberos 5 Password-Changing Daemon; set to 2471.Dq Li NO 2472on a slave server. 2473.It Va kpasswdd_program 2474.Pq Vt str 2475If 2476.Va kpasswdd_enable 2477is set to 2478.Dq Li YES 2479this is the path to Kerberos 5 Password-Changing Daemon. 2480.It Va kfd_enable 2481.Pq Vt bool 2482Set to 2483.Dq Li YES 2484to start 2485.Xr kfd 8 , 2486the Kerberos 5 ticket forwarding daemon, at the boot time. 2487.It Va kfd_program 2488.Pq Vt str 2489Path to 2490.Xr kfd 8 2491(default 2492.Pa /usr/libexec/kfd ) . 2493.It Va rwhod_enable 2494.Pq Vt bool 2495If set to 2496.Dq Li YES , 2497run the 2498.Xr rwhod 8 2499daemon at boot time. 2500.It Va rwhod_flags 2501.Pq Vt str 2502If 2503.Va rwhod_enable 2504is set to 2505.Dq Li YES , 2506these are the flags to pass to it. 2507.It Va update_motd 2508.Pq Vt bool 2509If set to 2510.Dq Li YES , 2511.Pa /var/run/motd 2512will be updated at boot time to reflect the kernel release 2513being run. 2514If set to 2515.Dq Li NO , 2516.Pa /var/run/motd 2517will not be updated. 2518.It Va nfs_client_enable 2519.Pq Vt bool 2520If set to 2521.Dq Li YES , 2522run the NFS client daemons at boot time. 2523.It Va nfs_access_cache 2524.Pq Vt int 2525If 2526.Va nfs_client_enable 2527is set to 2528.Dq Li YES , 2529this can be set to 2530.Dq Li 0 2531to disable NFS ACCESS RPC caching, or to the number of seconds for which 2532NFS ACCESS 2533results should be cached. 2534A value of 2-10 seconds will substantially reduce network 2535traffic for many NFS operations. 2536.It Va nfs_server_enable 2537.Pq Vt bool 2538If set to 2539.Dq Li YES , 2540run the NFS server daemons at boot time. 2541.It Va nfs_server_flags 2542.Pq Vt str 2543If 2544.Va nfs_server_enable 2545is set to 2546.Dq Li YES , 2547these are the flags to pass to the 2548.Xr nfsd 8 2549daemon. 2550.It Va nfsv4_server_enable 2551.Pq Vt bool 2552If 2553.Va nfs_server_enable 2554is set to 2555.Dq Li YES 2556and 2557.Va nfsv4_server_enable 2558is set to 2559.Dq Li YES , 2560enable the server for NFSv4 as well as NFSv2 and NFSv3. 2561.It Va nfsv4_server_only 2562.Pq Vt bool 2563If 2564.Va nfs_server_enable 2565is set to 2566.Dq Li YES 2567and 2568.Va nfsv4_server_only 2569is set to 2570.Dq Li YES , 2571enable the NFS server for NFSv4 only. 2572.It Va nfs_server_maxio 2573.Pq Vt int 2574value to set vfs.nfsd.srvmaxio to, which is the 2575maximum I/O size for the NFS server. 2576.It Va tlsclntd_enable 2577.Pq Vt bool 2578If set to 2579.Dq Li YES , 2580run the 2581.Xr rpc.tlsclntd 8 2582daemon, which is needed for NFS-over-TLS NFS mounts. 2583.It Va tlsservd_enable 2584.Pq Vt bool 2585If set to 2586.Dq Li YES , 2587run the 2588.Xr rpc.tlsservd 8 2589daemon, which is needed for the 2590.Xr nfsd 8 2591to support NFS-over-TLS NFS mounts. 2592.It Va nfsuserd_enable 2593.Pq Vt bool 2594If 2595.Va nfsuserd_enable 2596is set to 2597.Dq Li YES , 2598run the nfsuserd daemon, which is needed for NFSv4 in order 2599to map between user/group names vs uid/gid numbers. 2600If 2601.Va nfsv4_server_enable 2602is set to 2603.Dq Li YES , 2604this will be forced enabled. 2605.It Va nfsuserd_flags 2606.Pq Vt str 2607If 2608.Va nfsuserd_enable 2609is set to 2610.Dq Li YES , 2611these are the flags to pass to the 2612.Xr nfsuserd 8 2613daemon. 2614.It Va nfscbd_enable 2615.Pq Vt bool 2616If 2617.Va nfscbd_enable 2618is set to 2619.Dq Li YES , 2620run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2621.It Va nfscbd_flags 2622.Pq Vt str 2623If 2624.Va nfscbd_enable 2625is set to 2626.Dq Li YES , 2627these are the flags to pass to the 2628.Xr nfscbd 8 2629daemon. 2630.It Va mountd_enable 2631.Pq Vt bool 2632If set to 2633.Dq Li YES , 2634and no 2635.Va nfs_server_enable 2636is set, start 2637.Xr mountd 8 , 2638but not 2639.Xr nfsd 8 2640daemon. 2641It is commonly needed to run CFS without real NFS used. 2642.It Va mountd_flags 2643.Pq Vt str 2644If 2645.Va mountd_enable 2646is set to 2647.Dq Li YES , 2648these are the flags to pass to the 2649.Xr mountd 8 2650daemon. 2651.It Va weak_mountd_authentication 2652.Pq Vt bool 2653If set to 2654.Dq Li YES , 2655allow services like PCNFSD to make non-privileged mount 2656requests. 2657.It Va nfs_reserved_port_only 2658.Pq Vt bool 2659If set to 2660.Dq Li YES , 2661provide NFS services only on a secure port. 2662.It Va nfs_bufpackets 2663.Pq Vt int 2664If set to a number, indicates the number of packets worth of 2665socket buffer space to reserve on an NFS client. 2666The kernel default is typically 4. 2667Using a higher number may be 2668useful on gigabit networks to improve performance. 2669The minimum value is 26702 and the maximum is 64. 2671.It Va rpc_lockd_enable 2672.Pq Vt bool 2673If set to 2674.Dq Li YES 2675and also an NFS server or client, run 2676.Xr rpc.lockd 8 2677at boot time. 2678.It Va rpc_lockd_flags 2679.Pq Vt str 2680If 2681.Va rpc_lockd_enable 2682is set to 2683.Dq Li YES , 2684these are the flags to pass to the 2685.Xr rpc.lockd 8 2686daemon. 2687.It Va rpc_statd_enable 2688.Pq Vt bool 2689If set to 2690.Dq Li YES 2691and also an NFS server or client, run 2692.Xr rpc.statd 8 2693at boot time. 2694.It Va rpc_statd_flags 2695.Pq Vt str 2696If 2697.Va rpc_statd_enable 2698is set to 2699.Dq Li YES , 2700these are the flags to pass to the 2701.Xr rpc.statd 8 2702daemon. 2703.It Va rpcbind_program 2704.Pq Vt str 2705Path to 2706.Xr rpcbind 8 2707(default 2708.Pa /usr/sbin/rpcbind ) . 2709.It Va rpcbind_enable 2710.Pq Vt bool 2711If set to 2712.Dq Li YES , 2713run the 2714.Xr rpcbind 8 2715service at boot time. 2716.It Va rpcbind_flags 2717.Pq Vt str 2718If 2719.Va rpcbind_enable 2720is set to 2721.Dq Li YES , 2722these are the flags to pass to the 2723.Xr rpcbind 8 2724daemon. 2725.It Va keyserv_enable 2726.Pq Vt bool 2727If set to 2728.Dq Li YES , 2729run the 2730.Xr keyserv 8 2731daemon on boot for running Secure RPC. 2732.It Va keyserv_flags 2733.Pq Vt str 2734If 2735.Va keyserv_enable 2736is set to 2737.Dq Li YES , 2738these are the flags to pass to 2739.Xr keyserv 8 2740daemon. 2741.It Va pppoed_enable 2742.Pq Vt bool 2743If set to 2744.Dq Li YES , 2745run the 2746.Xr pppoed 8 2747daemon at boot time to provide PPP over Ethernet services. 2748.It Va pppoed_ Ns Aq Ar provider 2749.Pq Vt str 2750.Xr pppoed 8 2751listens to requests to this 2752.Ar provider 2753and ultimately runs 2754.Xr ppp 8 2755with a 2756.Ar system 2757argument of the same name. 2758.It Va pppoed_flags 2759.Pq Vt str 2760Additional flags to pass to 2761.Xr pppoed 8 . 2762.It Va pppoed_interface 2763.Pq Vt str 2764The network interface to run 2765.Xr pppoed 8 2766on. 2767This is mandatory when 2768.Va pppoed_enable 2769is set to 2770.Dq Li YES . 2771.It Va ntpdate_enable 2772.Pq Vt bool 2773If set to 2774.Dq Li YES , 2775run 2776.Xr ntpdate 8 2777at system startup. 2778This command is intended to 2779synchronize the system clock only 2780.Em once 2781from some standard reference. 2782.Pp 2783Note that the use of the 2784.Va ntpd_sync_on_start 2785variable is a preferred alternative to the 2786.Xr ntpdate 8 2787utility as 2788.Xr ntpdate 8 2789is to be retired from the NTP distribution. 2790.It Va ntpdate_config 2791.Pq Vt str 2792Configuration file for 2793.Xr ntpdate 8 . 2794Default 2795.Pa /etc/ntp.conf . 2796.It Va ntpdate_hosts 2797.Pq Vt str 2798A whitespace-separated list of NTP servers to synchronize with at startup. 2799The default is to use the servers listed in 2800.Va ntpdate_config , 2801if that file exists. 2802.It Va ntpdate_program 2803.Pq Vt str 2804Path to 2805.Xr ntpdate 8 2806(default 2807.Pa /usr/sbin/ntpdate ) . 2808.It Va ntpdate_flags 2809.Pq Vt str 2810If 2811.Va ntpdate_enable 2812is set to 2813.Dq Li YES , 2814these are the flags to pass to the 2815.Xr ntpdate 8 2816command (typically a hostname). 2817.It Va ntpd_enable 2818.Pq Vt bool 2819If set to 2820.Dq Li YES , 2821run the 2822.Xr ntpd 8 2823command at boot time. 2824.It Va ntpd_program 2825.Pq Vt str 2826Path to 2827.Xr ntpd 8 2828(default 2829.Pa /usr/sbin/ntpd ) . 2830.It Va ntpd_config 2831.Pq Vt str 2832Path to 2833.Xr ntpd 8 2834configuration file. 2835Default 2836.Pa /etc/ntp.conf . 2837.It Va ntpd_flags 2838.Pq Vt str 2839If 2840.Va ntpd_enable 2841is set to 2842.Dq Li YES , 2843these are the flags to pass to the 2844.Xr ntpd 8 2845daemon. 2846.It Va ntpd_sync_on_start 2847.Pq Vt bool 2848If set to 2849.Dq Li YES , 2850.Xr ntpd 8 2851is run with the 2852.Fl g 2853flag, which syncs the system's clock on startup. 2854See 2855.Xr ntpd 8 2856for more information regarding the 2857.Fl g 2858option. 2859This is a preferred alternative to using 2860.Xr ntpdate 8 2861or specifying the 2862.Va ntpdate_enable 2863variable. 2864.It Va nis_client_enable 2865.Pq Vt bool 2866If set to 2867.Dq Li YES , 2868run the 2869.Xr ypbind 8 2870service at system boot time. 2871.It Va nis_client_flags 2872.Pq Vt str 2873If 2874.Va nis_client_enable 2875is set to 2876.Dq Li YES , 2877these are the flags to pass to the 2878.Xr ypbind 8 2879service. 2880.It Va nis_ypldap_enable 2881.Pq Vt bool 2882If set to 2883.Dq Li YES , 2884run the 2885.Xr ypldap 8 2886daemon at system boot time. 2887.It Va nis_ypldap_flags 2888.Pq Vt str 2889If 2890.Va nis.ypldap_enable 2891is set to 2892.Dq Li YES , 2893these are the flags to pass to the 2894.Xr ypldap 8 2895daemon. 2896.It Va nis_ypset_enable 2897.Pq Vt bool 2898If set to 2899.Dq Li YES , 2900run the 2901.Xr ypset 8 2902daemon at system boot time. 2903.It Va nis_ypset_flags 2904.Pq Vt str 2905If 2906.Va nis_ypset_enable 2907is set to 2908.Dq Li YES , 2909these are the flags to pass to the 2910.Xr ypset 8 2911daemon. 2912.It Va nis_server_enable 2913.Pq Vt bool 2914If set to 2915.Dq Li YES , 2916run the 2917.Xr ypserv 8 2918daemon at system boot time. 2919.It Va nis_server_flags 2920.Pq Vt str 2921If 2922.Va nis_server_enable 2923is set to 2924.Dq Li YES , 2925these are the flags to pass to the 2926.Xr ypserv 8 2927daemon. 2928.It Va nis_ypxfrd_enable 2929.Pq Vt bool 2930If set to 2931.Dq Li YES , 2932run the 2933.Xr rpc.ypxfrd 8 2934daemon at system boot time. 2935.It Va nis_ypxfrd_flags 2936.Pq Vt str 2937If 2938.Va nis_ypxfrd_enable 2939is set to 2940.Dq Li YES , 2941these are the flags to pass to the 2942.Xr rpc.ypxfrd 8 2943daemon. 2944.It Va nis_yppasswdd_enable 2945.Pq Vt bool 2946If set to 2947.Dq Li YES , 2948run the 2949.Xr rpc.yppasswdd 8 2950daemon at system boot time. 2951.It Va nis_yppasswdd_flags 2952.Pq Vt str 2953If 2954.Va nis_yppasswdd_enable 2955is set to 2956.Dq Li YES , 2957these are the flags to pass to the 2958.Xr rpc.yppasswdd 8 2959daemon. 2960.It Va rpc_ypupdated_enable 2961.Pq Vt bool 2962If set to 2963.Dq Li YES , 2964run the 2965.Nm rpc.ypupdated 2966daemon at system boot time. 2967.It Va bsnmpd_enable 2968.Pq Vt bool 2969If set to 2970.Dq Li YES , 2971run the 2972.Xr bsnmpd 1 2973daemon at system boot time. 2974Be sure to understand the security implications of running an SNMP daemon 2975on your host. 2976.It Va bsnmpd_flags 2977.Pq Vt str 2978If 2979.Va bsnmpd_enable 2980is set to 2981.Dq Li YES , 2982these are the flags to pass to the 2983.Xr bsnmpd 1 2984daemon. 2985.It Va defaultrouter 2986.Pq Vt str 2987If not set to 2988.Dq Li NO , 2989create a default route to this host name or IP address 2990(use an IP address if this router is also required to get to the 2991name server!). 2992.It Va defaultrouter_fibN 2993.Pq Vt str 2994If not set to 2995.Dq Li NO , 2996create a default route in FIB N to this host name or IP address. 2997.It Va ipv6_defaultrouter 2998.Pq Vt str 2999The IPv6 equivalent of 3000.Va defaultrouter . 3001.It Va ipv6_defaultrouter_fibN 3002.Pq Vt str 3003The IPv6 equivalent of 3004.Va defaultrouter_fibN . 3005.It Va static_arp_pairs 3006.Pq Vt str 3007Set to the list of static ARP pairs that are to be added at system 3008boot time. 3009For each whitespace separated 3010.Ar element 3011in the value, a 3012.Va static_arp_ Ns Aq Ar element 3013variable is assumed to exist whose contents will later be passed to a 3014.Dq Nm arp Cm -S 3015operation. 3016For example 3017.Bd -literal 3018static_arp_pairs="gw" 3019static_arp_gw="192.168.1.1 00:01:02:03:04:05" 3020.Ed 3021.It Va static_ndp_pairs 3022.Pq Vt str 3023Set to the list of static NDP pairs that are to be added at system 3024boot time. 3025For each whitespace separated 3026.Ar element 3027in the value, a 3028.Va static_ndp_ Ns Aq Ar element 3029variable is assumed to exist whose contents will later be passed to a 3030.Dq Nm ndp Cm -s 3031operation. 3032For example 3033.Bd -literal 3034static_ndp_pairs="gw" 3035static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 3036.Ed 3037.It Va static_routes 3038.Pq Vt str 3039Set to the list of static routes that are to be added at system 3040boot time. 3041If not set to 3042.Dq Li NO 3043then for each whitespace separated 3044.Ar element 3045in the value, a 3046.Va route_ Ns Aq Ar element 3047variable is assumed to exist 3048whose contents will later be passed to a 3049.Dq Nm route Cm add 3050operation. 3051For example: 3052.Bd -literal 3053static_routes="ext mcast:gif0 gif0local:gif0" 3054route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 3055route_mcast="-net 224.0.0.0/4 -iface gif0" 3056route_gif0local="-host 169.254.1.1 -iface lo0" 3057.Ed 3058.Pp 3059When an 3060.Ar element 3061is in the form of 3062.Li name:ifname , 3063the route is specific to the interface 3064.Li ifname . 3065.It Va ipv6_static_routes 3066.Pq Vt str 3067The IPv6 equivalent of 3068.Va static_routes . 3069If not set to 3070.Dq Li NO 3071then for each whitespace separated 3072.Ar element 3073in the value, a 3074.Va ipv6_route_ Ns Aq Ar element 3075variable is assumed to exist 3076whose contents will later be passed to a 3077.Dq Nm route Cm add Fl inet6 3078operation. 3079.It Va gateway_enable 3080.Pq Vt bool 3081If set to 3082.Dq Li YES , 3083configure host to act as an IP router, e.g.\& to forward packets 3084between interfaces. 3085.It Va ipv6_gateway_enable 3086.Pq Vt bool 3087The IPv6 equivalent of 3088.Va gateway_enable . 3089.It Va routed_enable 3090.Pq Vt bool 3091If set to 3092.Dq Li YES , 3093run a routing daemon of some sort, based on the 3094settings of 3095.Va routed_program 3096and 3097.Va routed_flags . 3098.It Va route6d_enable 3099.Pq Vt bool 3100The IPv6 equivalent of 3101.Va routed_enable . 3102If set to 3103.Dq Li YES , 3104run a routing daemon of some sort, based on the 3105settings of 3106.Va route6d_program 3107and 3108.Va route6d_flags . 3109.It Va routed_program 3110.Pq Vt str 3111If 3112.Va routed_enable 3113is set to 3114.Dq Li YES , 3115this is the name of the routing daemon to use. 3116The default is 3117.Xr routed 8 . 3118.It Va route6d_program 3119.Pq Vt str 3120The IPv6 equivalent of 3121.Va routed_program . 3122The default is 3123.Xr route6d 8 . 3124.It Va routed_flags 3125.Pq Vt str 3126If 3127.Va routed_enable 3128is set to 3129.Dq Li YES , 3130these are the flags to pass to the routing daemon. 3131.It Va route6d_flags 3132.Pq Vt str 3133The IPv6 equivalent of 3134.Va routed_flags . 3135.It Va rtadvd_enable 3136.Pq Vt bool 3137If set to 3138.Dq Li YES , 3139run the 3140.Xr rtadvd 8 3141daemon at boot time. 3142The 3143.Xr rtadvd 8 3144utility sends ICMPv6 Router Advertisement messages to 3145the interfaces specified in 3146.Va rtadvd_interfaces . 3147This should only be enabled with great care. 3148You may want to fine-tune 3149.Xr rtadvd.conf 5 . 3150.It Va rtadvd_interfaces 3151.Pq Vt str 3152If 3153.Va rtadvd_enable 3154is set to 3155.Dq Li YES 3156this is the list of interfaces to use. 3157.It Va arpproxy_all 3158.Pq Vt bool 3159If set to 3160.Dq Li YES , 3161enable global proxy ARP. 3162.It Va forward_sourceroute 3163.Pq Vt bool 3164If set to 3165.Dq Li YES 3166and 3167.Va gateway_enable 3168is also set to 3169.Dq Li YES , 3170source-routed packets are forwarded. 3171.It Va accept_sourceroute 3172.Pq Vt bool 3173If set to 3174.Dq Li YES , 3175the system will accept source-routed packets directed at it. 3176.It Va rarpd_enable 3177.Pq Vt bool 3178If set to 3179.Dq Li YES , 3180run the 3181.Xr rarpd 8 3182daemon at system boot time. 3183.It Va rarpd_flags 3184.Pq Vt str 3185If 3186.Va rarpd_enable 3187is set to 3188.Dq Li YES , 3189these are the flags to pass to the 3190.Xr rarpd 8 3191daemon. 3192.It Va bootparamd_enable 3193.Pq Vt bool 3194If set to 3195.Dq Li YES , 3196run the 3197.Xr bootparamd 8 3198daemon at system boot time. 3199.It Va bootparamd_flags 3200.Pq Vt str 3201If 3202.Va bootparamd_enable 3203is set to 3204.Dq Li YES , 3205these are the flags to pass to the 3206.Xr bootparamd 8 3207daemon. 3208.It Va stf_interface_ipv4addr 3209.Pq Vt str 3210If not set to 3211.Dq Li NO , 3212this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3213interface). 3214Specify this entry to enable the 6to4 interface. 3215.It Va stf_interface_ipv4plen 3216.Pq Vt int 3217Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3218An effective value is 0-31. 3219.It Va stf_interface_ipv6_ifid 3220.Pq Vt str 3221IPv6 interface ID for 3222.Xr stf 4 . 3223This can be set to 3224.Dq Li AUTO . 3225.It Va stf_interface_ipv6_slaid 3226.Pq Vt str 3227IPv6 Site Level Aggregator for 3228.Xr stf 4 . 3229.It Va ipv6_ipv4mapping 3230.Pq Vt bool 3231If set to 3232.Dq Li YES 3233this enables IPv4 mapped IPv6 address communication (like 3234.Li ::ffff:a.b.c.d ) . 3235.It Va rtsold_enable 3236.Pq Vt bool 3237Set to 3238.Dq Li YES 3239to enable the 3240.Xr rtsold 8 3241daemon to send ICMPv6 Router Solicitation messages. 3242.It Va rtsold_flags 3243.Pq Vt str 3244If 3245.Va rtsold_enable 3246is set to 3247.Dq Li YES , 3248these are the flags to pass to 3249.Xr rtsold 8 . 3250.It Va rtsol_flags 3251.Pq Vt str 3252For interfaces configured with the 3253.Dq Li inet6 accept_rtadv 3254keyword, these are the flags to pass to 3255.Xr rtsol 8 . 3256.Pp 3257Note that 3258.Va rtsold_enable 3259is mutually exclusive to 3260.Va rtsol_flags ; 3261.Va rtsold_enable 3262takes precedence. 3263.It Va keybell 3264.Pq Vt str 3265The keyboard bell sound. 3266Set to 3267.Dq Li normal , 3268.Dq Li visual , 3269.Dq Li off , 3270or 3271.Dq Li NO 3272if the default behavior is desired. 3273For details, refer to the 3274.Xr kbdcontrol 1 3275manpage. 3276.It Va keyboard 3277.Pq Vt str 3278If set to a non-null string, the virtual console's keyboard input is 3279set to this device. 3280.It Va keymap 3281.Pq Vt str 3282If set to 3283.Dq Li NO , 3284no keymap is installed, otherwise the value is used to install 3285the keymap file found in 3286.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3287(if using 3288.Xr syscons 4 ) or 3289.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3290(if using 3291.Xr vt 4 ) . 3292.It Va keyrate 3293.Pq Vt str 3294The keyboard repeat speed. 3295Set to 3296.Dq Li slow , 3297.Dq Li normal , 3298.Dq Li fast , 3299or 3300.Dq Li NO 3301if the default behavior is desired. 3302.It Va keychange 3303.Pq Vt str 3304If not set to 3305.Dq Li NO , 3306attempt to program the function keys with the value. 3307The value should 3308be a single string of the form: 3309.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3310.It Va cursor 3311.Pq Vt str 3312Can be set to the value of 3313.Dq Li normal , 3314.Dq Li blink , 3315.Dq Li destructive , 3316or 3317.Dq Li NO 3318to set the cursor behavior explicitly or choose the default behavior. 3319.It Va scrnmap 3320.Pq Vt str 3321If set to 3322.Dq Li NO , 3323no screen map is installed, otherwise the value is used to install 3324the screen map file in 3325.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3326This parameter is ignored when using 3327.Xr vt 4 3328as the console driver. 3329.It Va font8x16 3330.Pq Vt str 3331If set to 3332.Dq Li NO , 3333the default 8x16 font value is used for screen size requests, otherwise 3334the value in 3335.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3336or 3337.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3338is used (depending on the console driver being used). 3339.It Va font8x14 3340.Pq Vt str 3341If set to 3342.Dq Li NO , 3343the default 8x14 font value is used for screen size requests, otherwise 3344the value in 3345.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3346or 3347.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3348is used (depending on the console driver being used). 3349.It Va font8x8 3350.Pq Vt str 3351If set to 3352.Dq Li NO , 3353the default 8x8 font value is used for screen size requests, otherwise 3354the value in 3355.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3356or 3357.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3358is used (depending on the console driver being used). 3359.It Va blanktime 3360.Pq Vt int 3361If set to 3362.Dq Li NO , 3363the default screen blanking interval is used, otherwise it is set 3364to 3365.Ar value 3366seconds. 3367.It Va saver 3368.Pq Vt str 3369If not set to 3370.Dq Li NO , 3371this is the actual screen saver to use 3372.Li ( blank , snake , daemon , 3373etc). 3374.It Va moused_nondefault_enable 3375.Pq Vt str 3376If set to 3377.Dq Li NO , 3378the mouse device specified on 3379the command line is not automatically treated as enabled by the 3380.Pa /etc/rc.d/moused 3381script. 3382Having this variable set to 3383.Dq Li YES 3384allows a 3385.Xr usb 4 3386mouse, 3387for example, 3388to be enabled as soon as it is plugged in. 3389.It Va moused_enable 3390.Pq Vt str 3391If set to 3392.Dq Li YES , 3393the 3394.Xr moused 8 3395daemon is started for doing cut/paste selection on the console. 3396.It Va moused_type 3397.Pq Vt str 3398This is the protocol type of the mouse connected to this host. 3399This variable must be set if 3400.Va moused_enable 3401is set to 3402.Dq Li YES , 3403but defaults to 3404.Dq Li auto 3405as the 3406.Xr moused 8 3407daemon 3408is able to detect the appropriate mouse type automatically in many cases. 3409Set this variable to 3410one from the following list if the automatic detection fails. 3411.Pp 3412If the mouse is attached to the PS/2 mouse port, choose 3413.Dq Li auto 3414or 3415.Dq Li ps/2 , 3416regardless of the brand and model of the mouse. 3417Likewise, if the 3418mouse is attached to the bus mouse port, choose 3419.Dq Li auto 3420or 3421.Dq Li busmouse . 3422All other protocols are for serial mice and will not work with 3423the PS/2 and bus mice. 3424If this is a USB mouse, 3425.Dq Li auto 3426is the only protocol type which will work. 3427.Pp 3428.Bl -tag -width ".Li x10mouseremote" -compact 3429.It Li microsoft 3430Microsoft mouse (serial) 3431.It Li intellimouse 3432Microsoft IntelliMouse (serial) 3433.It Li mousesystems 3434Mouse systems Corp.\& mouse (serial) 3435.It Li mmseries 3436MM Series mouse (serial) 3437.It Li logitech 3438Logitech mouse (serial) 3439.It Li busmouse 3440A bus mouse 3441.It Li mouseman 3442Logitech MouseMan and TrackMan (serial) 3443.It Li glidepoint 3444ALPS GlidePoint (serial) 3445.It Li thinkingmouse 3446Kensington ThinkingMouse (serial) 3447.It Li ps/2 3448PS/2 mouse 3449.It Li mmhittab 3450MM HitTablet (serial) 3451.It Li x10mouseremote 3452X10 MouseRemote (serial) 3453.It Li versapad 3454Interlink VersaPad (serial) 3455.El 3456.Pp 3457Even if the mouse is not in the above list, it may be compatible 3458with one in the list. 3459Refer to the manual page for 3460.Xr moused 8 3461for compatibility information. 3462.Pp 3463It should also be noted that while this is enabled, any 3464other client of the mouse (such as an X server) should access 3465the mouse through the virtual mouse device, 3466.Pa /dev/sysmouse , 3467and configure it as a 3468.Dq Li sysmouse 3469type mouse, since all 3470mouse data is converted to this single canonical format when 3471using 3472.Xr moused 8 . 3473If the client program does not support the 3474.Dq Li sysmouse 3475type, 3476specify the 3477.Dq Li mousesystems 3478type. 3479It is the second preferred type. 3480.It Va moused_port 3481.Pq Vt str 3482If 3483.Va moused_enable 3484is set to 3485.Dq Li YES , 3486this is the actual port the mouse is on. 3487It might be 3488.Pa /dev/cuau0 3489for a COM1 serial mouse, or 3490.Pa /dev/psm0 3491for a PS/2 mouse, for example. 3492.It Va moused_flags 3493.Pq Vt str 3494If 3495.Va moused_flags 3496is set, its value is used as an additional set of flags to pass to the 3497.Xr moused 8 3498daemon. 3499.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3500When 3501.Va moused_nondefault_enable 3502is enabled, and a 3503.Xr moused 8 3504daemon is started for a non-default port, the 3505.Va "moused_" Ns Ar XXX Ns Va "_flags" 3506set of options has precedence over and replaces the default 3507.Va moused_flags 3508(where 3509.Ar XXX 3510is the name of the non-default port, i.e.,\& 3511.Ar ums0 ) . 3512By setting 3513.Va "moused_" Ns Ar XXX Ns Va "_flags" 3514it is possible to set up a different set of default flags for each 3515.Xr moused 8 3516instance. 3517For example, you can use 3518.Dq Li "-3" 3519for the default 3520.Va moused_flags 3521to make your laptop's touchpad more comfortable to use, 3522but an empty set of options for 3523.Va moused_ums0_flags 3524when your 3525.Xr usb 4 3526mouse has three or more buttons. 3527.It Va mousechar_start 3528.Pq Vt int 3529If set to 3530.Dq Li NO , 3531the default mouse cursor character range 3532.Li 0xd0 Ns - Ns Li 0xd3 3533is used, 3534otherwise the range start is set 3535to 3536.Ar value 3537character, see 3538.Xr vidcontrol 1 . 3539Use if the default range is occupied in the language code table. 3540.It Va allscreens_flags 3541.Pq Vt str 3542If set, 3543.Xr vidcontrol 1 3544is run with these options for each of the virtual terminals 3545.Pq Pa /dev/ttyv* . 3546For example, 3547.Dq Fl m Cm on 3548will enable the mouse pointer on all virtual terminals 3549if 3550.Va moused_enable 3551is set to 3552.Dq Li YES . 3553.It Va allscreens_kbdflags 3554.Pq Vt str 3555If set, 3556.Xr kbdcontrol 1 3557is run with these options for each of the virtual terminals 3558.Pq Pa /dev/ttyv* . 3559For example, 3560.Dq Fl h Li 200 3561will set the 3562.Xr syscons 4 3563or 3564.Xr vt 4 3565scrollback (history) buffer to 200 lines. 3566.It Va cron_enable 3567.Pq Vt bool 3568If set to 3569.Dq Li YES , 3570run the 3571.Xr cron 8 3572daemon at system boot time. 3573.It Va cron_program 3574.Pq Vt str 3575Path to 3576.Xr cron 8 3577(default 3578.Pa /usr/sbin/cron ) . 3579.It Va cron_flags 3580.Pq Vt str 3581If 3582.Va cron_enable 3583is set to 3584.Dq Li YES , 3585these are the flags to pass to 3586.Xr cron 8 . 3587.It Va cron_dst 3588.Pq Vt bool 3589If set to 3590.Dq Li YES , 3591enable the special handling of transitions to and from the 3592Daylight Saving Time in 3593.Xr cron 8 3594(equivalent to using the flag 3595.Fl s ) . 3596.It Va lpd_program 3597.Pq Vt str 3598Path to 3599.Xr lpd 8 3600(default 3601.Pa /usr/sbin/lpd ) . 3602.It Va lpd_enable 3603.Pq Vt bool 3604If set to 3605.Dq Li YES , 3606run the 3607.Xr lpd 8 3608daemon at system boot time. 3609.It Va lpd_flags 3610.Pq Vt str 3611If 3612.Va lpd_enable 3613is set to 3614.Dq Li YES , 3615these are the flags to pass to the 3616.Xr lpd 8 3617daemon. 3618.It Va chkprintcap_enable 3619.Pq Vt bool 3620If set to 3621.Dq Li YES , 3622run the 3623.Xr chkprintcap 8 3624command before starting the 3625.Xr lpd 8 3626daemon. 3627.It Va chkprintcap_flags 3628.Pq Vt str 3629If 3630.Va lpd_enable 3631and 3632.Va chkprintcap_enable 3633are set to 3634.Dq Li YES , 3635these are the flags to pass to the 3636.Xr chkprintcap 8 3637program. 3638The default is 3639.Dq Li -d , 3640which causes missing directories to be created. 3641.It Va dumpdev 3642.Pq Vt str 3643Indicates the device (usually a swap partition) to which a crash dump 3644should be written in the event of a system crash. 3645If the value of this variable is 3646.Dq Li AUTO , 3647the first suitable swap device listed in 3648.Pa /etc/fstab 3649will be used as dump device. 3650Otherwise, the value of this variable is passed as the argument to 3651.Xr dumpon 8 3652and 3653.Xr savecore 8 . 3654To disable crash dumps, set this variable to 3655.Dq Li NO . 3656.It Va dumpon_flags 3657.Pq Vt str 3658Flags to pass to 3659.Xr dumpon 8 3660when configuring 3661.Va dumpdev 3662as the system dump device. 3663.It Va dumpdir 3664.Pq Vt str 3665When the system reboots after a crash and a crash dump is found on the 3666device specified by the 3667.Va dumpdev 3668variable, 3669.Xr savecore 8 3670will save that crash dump and a copy of the kernel to the directory 3671specified by the 3672.Va dumpdir 3673variable. 3674The default value is 3675.Pa /var/crash . 3676Set to 3677.Dq Li NO 3678to not run 3679.Xr savecore 8 3680at boot time when 3681.Va dumpdir 3682is set. 3683.It Va savecore_enable 3684.Pq Vt bool 3685If set to 3686.Dq Li NO , 3687disable automatic extraction of the crash dump from the 3688.Va dumpdev . 3689.It Va savecore_flags 3690.Pq Vt str 3691If crash dumps are enabled, these are the flags to pass to the 3692.Xr savecore 8 3693utility. 3694.It Va quota_enable 3695.Pq Vt bool 3696Set to 3697.Dq Li YES 3698to turn on user and group disk quotas on system startup via the 3699.Xr quotaon 8 3700command for all file systems marked as having quotas enabled in 3701.Pa /etc/fstab . 3702The kernel must be built with 3703.Cd "options QUOTA" 3704for disk quotas to function. 3705.It Va check_quotas 3706.Pq Vt bool 3707Set to 3708.Dq Li YES 3709to enable user and group disk quota checking via the 3710.Xr quotacheck 8 3711command. 3712.It Va quotacheck_flags 3713.Pq Vt str 3714If 3715.Va quota_enable 3716is set to 3717.Dq Li YES , 3718and 3719.Va check_quotas 3720is set to 3721.Dq Li YES , 3722these are the flags to pass to the 3723.Xr quotacheck 8 3724utility. 3725The default is 3726.Dq Li "-a" , 3727which checks quotas for all file systems with quotas enabled in 3728.Pa /etc/fstab . 3729.It Va quotaon_flags 3730.Pq Vt str 3731If 3732.Va quota_enable 3733is set to 3734.Dq Li YES , 3735these are the flags to pass to the 3736.Xr quotaon 8 3737utility. 3738The default is 3739.Dq Li "-a" , 3740which enables quotas for all file systems with quotas enabled in 3741.Pa /etc/fstab . 3742.It Va quotaoff_flags 3743.Pq Vt str 3744If 3745.Va quota_enable 3746is set to 3747.Dq Li YES , 3748these are the flags to pass to the 3749.Xr quotaoff 8 3750utility when shutting down the quota system. 3751The default is 3752.Dq Li "-a" , 3753which disables quotas for all file systems with quotas enabled in 3754.Pa /etc/fstab . 3755.It Va accounting_enable 3756.Pq Vt bool 3757Set to 3758.Dq Li YES 3759to enable system accounting through the 3760.Xr accton 8 3761facility. 3762.It Va firstboot_sentinel 3763.Pq Vt str 3764This variable specifies the full path to a 3765.Dq first boot 3766sentinel file. 3767If a file exists with this path, 3768.Pa rc.d 3769scripts with the 3770.Dq firstboot 3771keyword will be run on startup and the sentinel file will be deleted 3772after the boot process completes. 3773The sentinel file must be located on a writable file system which is 3774mounted no later than 3775.Va early_late_divider 3776to function properly. 3777The default is 3778.Pa /firstboot . 3779.It Va linux_enable 3780.Pq Vt bool 3781Set to 3782.Dq Li YES 3783to enable Linux/ELF binary emulation at system initial 3784boot time. 3785.It Va sysvipc_enable 3786.Pq Vt bool 3787If set to 3788.Dq Li YES , 3789load System V IPC primitives at boot time. 3790.It Va clear_tmp_enable 3791.Pq Vt bool 3792Set to 3793.Dq Li YES 3794to have 3795.Pa /tmp 3796cleaned at startup. 3797.It Va clear_tmp_X 3798.Pq Vt bool 3799Set to 3800.Dq Li NO 3801to disable removing of X11 lock files, 3802and the removal and (secure) recreation 3803of the various socket directories for X11 3804related programs. 3805.It Va ldconfig_paths 3806.Pq Vt str 3807Set to the list of shared library paths to use with 3808.Xr ldconfig 8 . 3809NOTE: 3810.Pa /lib 3811and 3812.Pa /usr/lib 3813will always be added first, so they need not appear in this list. 3814.It Va ldconfig32_paths 3815.Pq Vt str 3816Set to the list of 32-bit compatibility shared library paths to 3817use with 3818.Xr ldconfig 8 . 3819.It Va ldconfig_insecure 3820.Pq Vt bool 3821The 3822.Xr ldconfig 8 3823utility normally refuses to use directories 3824which are writable by anyone except root. 3825Set this variable to 3826.Dq Li YES 3827to disable that security check during system startup. 3828.It Va ldconfig_local_dirs 3829.Pq Vt str 3830Set to the list of local 3831.Xr ldconfig 8 3832directories. 3833The names of all files in the directories listed will be 3834passed as arguments to 3835.Xr ldconfig 8 . 3836.It Va ldconfig_local32_dirs 3837.Pq Vt str 3838Set to the list of local 32-bit compatibility 3839.Xr ldconfig 8 3840directories. 3841The names of all files in the directories listed will be 3842passed as arguments to 3843.Dq Nm ldconfig Fl 32 . 3844.It Va kern_securelevel_enable 3845.Pq Vt bool 3846Set to 3847.Dq Li YES 3848to set the kernel security level at system startup. 3849.It Va kern_securelevel 3850.Pq Vt int 3851The kernel security level to set at startup. 3852The allowed range of 3853.Ar value 3854ranges from \-1 (the compile time default) to 3 (the 3855most secure). 3856See 3857.Xr security 7 3858for the list of possible security levels and their effect 3859on system operation. 3860.It Va sshd_program 3861.Pq Vt str 3862Path to the SSH server program 3863.Pa ( /usr/sbin/sshd 3864is the default). 3865.It Va sshd_enable 3866.Pq Vt bool 3867Set to 3868.Dq Li YES 3869to start 3870.Xr sshd 8 3871at system boot time. 3872Note, the 3873.Va sshd_oomprotect 3874variable is set to 3875.Dq Li YES 3876by default in 3877.Pa /etc/defaults/rc.conf . 3878.It Va sshd_flags 3879.Pq Vt str 3880If 3881.Va sshd_enable 3882is set to 3883.Dq Li YES , 3884these are the flags to pass to the 3885.Xr sshd 8 3886daemon. 3887.It Va ftpd_program 3888.Pq Vt str 3889Path to the FTP server program 3890.Pa ( /usr/libexec/ftpd 3891is the default). 3892.It Va ftpd_enable 3893.Pq Vt bool 3894Set to 3895.Dq Li YES 3896to start 3897.Xr ftpd 8 3898as a stand-alone daemon at system boot time. 3899.It Va ftpd_flags 3900.Pq Vt str 3901If 3902.Va ftpd_enable 3903is set to 3904.Dq Li YES , 3905these are the additional flags to pass to the 3906.Xr ftpd 8 3907daemon. 3908.It Va watchdogd_enable 3909.Pq Vt bool 3910If set to 3911.Dq Li YES , 3912start the 3913.Xr watchdogd 8 3914daemon at boot time. 3915This requires that the kernel have been compiled with a 3916.Xr watchdog 4 3917compatible device. 3918.It Va watchdogd_flags 3919.Pq Vt str 3920If 3921.Va watchdogd_enable 3922is set to 3923.Dq Li YES , 3924these are the flags passed to the 3925.Xr watchdogd 8 3926daemon. 3927.It Va watchdogd_timeout 3928.Pq Vt int 3929If 3930.Va watchdogd_enable 3931is set to 3932.Dq Li YES , 3933this is a timeout that will be used by the 3934.Xr watchdogd 8 3935daemon. 3936If this option is set, it overrides 3937.Fl t 3938in 3939.Va watchdogd_flags . 3940.It Va watchdogd_shutdown_timeout 3941.Pq Vt int 3942If 3943.Va watchdogd_enable 3944is set to 3945.Dq Li YES , 3946this is a timeout that will be set by the 3947.Xr watchdogd 8 3948daemon when it exits during the system shutdown. 3949This timeout will not be set when returning to the single-user mode 3950or when the watchdogd service is stopped individually using the 3951.Xr service 8 3952command or the rc.d script. 3953Note that the timeout will be applied if 3954.Xr watchdogd 8 3955is stopped outside of 3956.Xr rc 8 3957framework. 3958If this option is set, it overrides 3959.Fl x 3960in 3961.Va watchdogd_flags . 3962.It Va devfs_rulesets 3963.Pq Vt str 3964List of files containing sets of rules for 3965.Xr devfs 8 . 3966.It Va devfs_system_ruleset 3967.Pq Vt str 3968Rule name(s) to apply to the system 3969.Pa /dev 3970itself. 3971.It Va devfs_set_rulesets 3972.Pq Vt str 3973Pairs of already-mounted 3974.Pa dev 3975directories and rulesets that should be applied to them. 3976For example: /mount/dev=ruleset_name 3977.It Va devfs_load_rulesets 3978.Pq Vt bool 3979If set, always load the default rulesets listed in 3980.Va devfs_rulesets . 3981.It Va performance_cx_lowest 3982.Pq Vt str 3983CPU idle state to use while on AC power. 3984The string 3985.Dq Li LOW 3986indicates that 3987.Xr acpi 4 3988should use the lowest power state available while 3989.Dq Li HIGH 3990indicates that the lowest latency state (less power savings) should be used. 3991.It Va performance_cpu_freq 3992.Pq Vt str 3993CPU clock frequency to use while on AC power. 3994The string 3995.Dq Li LOW 3996indicates that 3997.Xr cpufreq 4 3998should use the lowest frequency available while 3999.Dq Li HIGH 4000indicates that the highest frequency (less power savings) should be used. 4001.It Va economy_cx_lowest 4002.Pq Vt str 4003CPU idle state to use when off AC power. 4004The string 4005.Dq Li LOW 4006indicates that 4007.Xr acpi 4 4008should use the lowest power state available while 4009.Dq Li HIGH 4010indicates that the lowest latency state (less power savings) should be used. 4011.It Va economy_cpu_freq 4012.Pq Vt str 4013CPU clock frequency to use when off AC power. 4014The string 4015.Dq Li LOW 4016indicates that 4017.Xr cpufreq 4 4018should use the lowest frequency available while 4019.Dq Li HIGH 4020indicates that the highest frequency (less power savings) should be used. 4021.It Va jail_enable 4022.Pq Vt bool 4023If set to 4024.Dq Li NO , 4025any configured jails will not be started. 4026.It Va jail_conf 4027.Pq Vt str 4028The configuration filename used by 4029.Xr jail 8 4030utility. 4031The default value is 4032.Pa /etc/jail.conf . 4033.Pa /etc/jail\&. Ns Ao Va jname Ac Ns Pa .conf 4034and 4035.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf 4036will also be used if 4037.Ao Va jname Ac 4038is set in 4039.Va jail_list . 4040.It Va jail_parallel_start 4041.Pq Vt bool 4042If set to 4043.Dq Li YES , 4044all configured jails will be started in the background (in parallel). 4045.It Va jail_flags 4046.Pq Vt str 4047Unset by default. 4048When set, use as default value for 4049.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4050for every jail in 4051.Va jail_list . 4052.It Va jail_list 4053.Pq Vt str 4054A space-delimited list of jail names. 4055When left empty, all of the 4056.Xr jail 8 4057instances defined in the configuration file are started. 4058The names specified in this list control the jail startup order. 4059.Xr jail 8 4060instances missing from 4061.Va jail_list 4062must be started manually. 4063Note that a jail's 4064.Va depend 4065parameter in the configuration file may override this list. 4066.It Va jail_reverse_stop 4067.Pq Vt bool 4068When set to 4069.Dq Li YES , 4070all configured jails in 4071.Va jail_list 4072are stopped in reverse order. 4073.It Va jail_ Ns * variables 4074Note that older releases supported per-jail configuration via 4075.Nm 4076variables. 4077For example, 4078hostname of a jail named 4079.Li vjail 4080was able to be set by 4081.Li jail_vjail_hostname . 4082These per-jail configuration variables are now obsolete in favor of 4083.Xr jail 8 4084configuration file. 4085For backward compatibility, 4086when per-jail configuration variables are defined, 4087.Xr jail 8 4088configuration files are created as 4089.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4090and used. 4091.Pp 4092The following per-jail parameters are handled by 4093.Pa rc.d/jail 4094script out of their corresponding 4095.Nm 4096variables. 4097In addition to them, parameters in 4098.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4099will be added to the configuration file. 4100They must be a semi-colon 4101.Pq Ql \&; 4102delimited list of 4103.Dq key=value . 4104For more details, 4105see 4106.Xr jail 8 4107manual page. 4108.Bl -tag -width "host.hostname" -offset indent 4109.It Li path 4110set from 4111.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4112.It Li host.hostname 4113set from 4114.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4115.It Li exec.consolelog 4116set from 4117.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4118The default value is 4119.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4120.It Li interface 4121set from 4122.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4123.It Li vnet.interface 4124set from 4125.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4126This implies 4127.Li vnet 4128parameter will be enabled and cannot be specified with 4129.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4130.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4131and/or 4132.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4133at the same time. 4134.It Li fstab 4135set from 4136.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4137.It Li mount 4138set from 4139.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4140.It Li exec.fib 4141set from 4142.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4143.It Li exec.start 4144set from 4145.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4146The parameter name was 4147.Li command 4148in some older releases. 4149.It Li exec.prestart 4150set from 4151.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4152.It Li exec.poststart 4153set from 4154.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4155.It Li exec.stop 4156set from 4157.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4158.It Li exec.prestop 4159set from 4160.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4161.It Li exec.poststop 4162set from 4163.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4164.It Li ip4.addr 4165set if 4166.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4167or 4168.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4169contain IPv4 addresses 4170.It Li ip6.addr 4171set if 4172.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4173or 4174.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4175contain IPv6 addresses 4176.It Li allow.mount 4177set from 4178.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4179.It Li mount.devfs 4180set from 4181.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4182.It Li devfs_ruleset 4183set from 4184.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4185This must be an integer, 4186not a string. 4187.It Li mount.fdescfs 4188set from 4189.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4190.It Li allow.set_hostname 4191set from 4192.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4193.It Li allow.rawsocket 4194set from 4195.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4196.It Li allow.sysvipc 4197set from 4198.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4199.El 4200.\" ----------------------------------------------------- 4201.It Va harvest_mask 4202.Pq Vt int 4203Set to a bit-mask 4204representing the entropy sources 4205you wish to harvest. 4206Refer to 4207.Xr random 4 4208for more information. 4209.It Va entropy_dir 4210.Pq Vt str 4211Set to 4212.Dq Li NO 4213to disable caching entropy via 4214.Xr cron 8 . 4215Otherwise set to the directory 4216in which the entropy files are stored. 4217To be useful, 4218there must be 4219a system cron job 4220that regularly writes and rotates 4221files here. 4222All files found 4223will be used at boot time. 4224The default is 4225.Pa /var/db/entropy . 4226.It Va entropy_file 4227.Pq Vt str 4228Set to 4229.Dq Li NO 4230to disable caching entropy through reboots. 4231Otherwise set to the name 4232of a file used to store cached entropy. 4233This file should be located 4234on a file system that is readable 4235before all the volumes specified in 4236.Xr fstab 5 4237are mounted. 4238By default, 4239.Pa /entropy 4240is used, 4241but if 4242.Pa /var/db/entropy-file 4243is found it will also be used. 4244This will be of some use to 4245.Xr bsdinstall 8 . 4246.It Va entropy_boot_file 4247.Pq Vt str 4248Set to 4249.Dq Li NO 4250to disable 4251very early caching entropy 4252through reboots. 4253Otherwise set to the filename 4254used to read 4255very early reboot cached entropy. 4256This file should be located where 4257.Xr loader 8 4258can read it. 4259See also 4260.Xr loader.conf 5 . 4261The default location is 4262.Pa /boot/entropy . 4263.It Va entropy_save_sz 4264.Pq Vt int 4265Size of the entropy cache files saved by 4266.Nm save-entropy 4267periodically. 4268.It Va entropy_save_num 4269.Pq Vt int 4270Number of entropy cache files to save by 4271.Nm save-entropy 4272periodically. 4273.It Va ipsec_enable 4274.Pq Vt bool 4275Set to 4276.Dq Li YES 4277to run 4278.Xr setkey 8 4279on 4280.Va ipsec_file 4281at boot time. 4282.It Va ipsec_file 4283.Pq Vt str 4284Configuration file for 4285.Xr setkey 8 . 4286.It Va dmesg_enable 4287.Pq Vt bool 4288Set to 4289.Dq Li YES 4290to save 4291.Xr dmesg 8 4292to 4293.Pa /var/run/dmesg.boot 4294on boot. 4295.It Va rcshutdown_timeout 4296.Pq Vt int 4297If set, start a watchdog timer in the background which will terminate 4298.Pa rc.shutdown 4299if 4300.Xr shutdown 8 4301has not completed within the specified time (in seconds). 4302Notice that in addition to this soft timeout, 4303.Xr init 8 4304also applies a hard timeout for the execution of 4305.Pa rc.shutdown . 4306This is configured via 4307.Xr sysctl 8 4308variable 4309.Va kern.init_shutdown_timeout 4310and defaults to 120 seconds. 4311Setting the value of 4312.Va rcshutdown_timeout 4313to more than 120 seconds will have no effect until the 4314.Xr sysctl 8 4315variable 4316.Va kern.init_shutdown_timeout 4317is also increased. 4318.It Va virecover_enable 4319.Pq Vt bool 4320Set to 4321.Dq Li NO 4322to prevent the system from trying to 4323recover prematurely terminated 4324.Xr vi 1 4325sessions. 4326.It Va ugidfw_enable 4327.Pq Vt bool 4328Set to 4329.Dq Li YES 4330to load the 4331.Xr mac_bsdextended 4 4332module upon system initialization and load a default 4333ruleset file. 4334.It Va bsdextended_script 4335.Pq Vt str 4336The default 4337.Xr mac_bsdextended 4 4338ruleset file to load. 4339The default value of this variable is 4340.Pa /etc/rc.bsdextended . 4341.It Va newsyslog_enable 4342.Pq Vt bool 4343If set to 4344.Dq Li YES , 4345run 4346.Xr newsyslog 8 4347command at startup. 4348.It Va newsyslog_flags 4349.Pq Vt str 4350If 4351.Va newsyslog_enable 4352is set to 4353.Dq Li YES , 4354these are the flags to pass to the 4355.Xr newsyslog 8 4356program. 4357The default is 4358.Dq Li -CN , 4359which causes log files flagged with a 4360.Cm C 4361to be created. 4362.It Va mdconfig_md Ns Aq Ar X 4363.Pq Vt str 4364Arguments to 4365.Xr mdconfig 8 4366for 4367.Xr md 4 4368device 4369.Ar X . 4370At minimum a 4371.Fl t Ar type 4372must be specified and either a 4373.Fl s Ar size 4374for malloc or swap backed 4375.Xr md 4 4376devices or a 4377.Fl f Ar file 4378for vnode backed 4379.Xr md 4 4380devices. 4381Note that 4382.Va mdconfig_md Ns Aq Ar X 4383variables are evaluated until one variable is unset or null. 4384.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4385.Pq Vt str 4386Optional arguments passed to 4387.Xr newfs 8 4388to initialize 4389.Xr md 4 4390device 4391.Ar X . 4392.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4393.Pq Vt str 4394An ownership specification passed to 4395.Xr chown 8 4396after the specified 4397.Xr md 4 4398device 4399.Ar X 4400has been mounted. 4401Both the 4402.Xr md 4 4403device and the mount point will be changed. 4404.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4405.Pq Vt str 4406A mode string passed to 4407.Xr chmod 1 4408after the specified 4409.Xr md 4 4410device 4411.Ar X 4412has been mounted. 4413Both the 4414.Xr md 4 4415device and the mount point will be changed. 4416.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4417.Pq Vt str 4418Files to be copied to the mount point of the 4419.Xr md 4 4420device 4421.Ar X 4422after it has been mounted. 4423.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4424.Pq Vt str 4425Command to execute after the specified 4426.Xr md 4 4427device 4428.Ar X 4429has been mounted. 4430Note that the command is passed to 4431.Ic eval 4432and that both 4433.Va _dev 4434and 4435.Va _mp 4436variables can be used to reference respectively the 4437.Xr md 4 4438device and the mount point. 4439Assuming that the 4440.Xr md 4 4441device is 4442.Li md0 , 4443one could set the following: 4444.Bd -literal 4445mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4446.Ed 4447.It Va autobridge_interfaces 4448.Pq Vt str 4449Set to the list of bridge interfaces that will have newly arriving interfaces 4450checked against to be automatically added. 4451If not set to 4452.Dq Li NO 4453then for each whitespace separated 4454.Ar element 4455in the value, a 4456.Va autobridge_ Ns Aq Ar element 4457variable is assumed to exist which has a whitespace separated list of interface 4458names to match, these names can use wildcards. 4459For example: 4460.Bd -literal 4461autobridge_interfaces="bridge0" 4462autobridge_bridge0="tap* dc0 vlan[345]" 4463.Ed 4464.It Va mixer_enable 4465.Pq Vt bool 4466If set to 4467.Dq Li YES , 4468enable support for sound mixer. 4469.It Va hcsecd_enable 4470.Pq Vt bool 4471If set to 4472.Dq Li YES , 4473enable Bluetooth security daemon. 4474.It Va hcsecd_config 4475.Pq Vt str 4476Configuration file for 4477.Xr hcsecd 8 . 4478Default 4479.Pa /etc/bluetooth/hcsecd.conf . 4480.It Va sdpd_enable 4481.Pq Vt bool 4482If set to 4483.Dq Li YES , 4484enable Bluetooth Service Discovery Protocol daemon. 4485.It Va sdpd_control 4486.Pq Vt str 4487Path to 4488.Xr sdpd 8 4489control socket. 4490Default 4491.Pa /var/run/sdp . 4492.It Va sdpd_groupname 4493.Pq Vt str 4494Sets 4495.Xr sdpd 8 4496group to run as after it initializes. 4497Default 4498.Dq Li nobody . 4499.It Va sdpd_username 4500.Pq Vt str 4501Sets 4502.Xr sdpd 8 4503user to run as after it initializes. 4504Default 4505.Dq Li nobody . 4506.It Va bthidd_enable 4507.Pq Vt bool 4508If set to 4509.Dq Li YES , 4510enable Bluetooth Human Interface Device daemon. 4511.It Va bthidd_config 4512.Pq Vt str 4513Configuration file for 4514.Xr bthidd 8 . 4515Default 4516.Pa /etc/bluetooth/bthidd.conf . 4517.It Va bthidd_hids 4518.Pq Vt str 4519Path to a file, where 4520.Xr bthidd 8 4521will store information about known HID devices. 4522Default 4523.Pa /var/db/bthidd.hids . 4524.It Va rfcomm_pppd_server_enable 4525.Pq Vt bool 4526If set to 4527.Dq Li YES , 4528enable Bluetooth RFCOMM PPP wrapper daemon. 4529.It Va rfcomm_pppd_server_profile 4530.Pq Vt str 4531The name of the profile to use from 4532.Pa /etc/ppp/ppp.conf . 4533Multiple profiles can be specified here. 4534Also used to specify per-profile overrides. 4535When the profile name contains any of the characters 4536.Dq Li .-/+ 4537they are translated to 4538.Dq Li _ 4539for the proposes of the override variable names. 4540.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4541.Pq Vt str 4542Overrides local address to listen on. 4543By default 4544.Xr rfcomm_pppd 8 4545will listen on 4546.Dq Li ANY 4547address. 4548The address can be specified as BD_ADDR or name. 4549.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4550.Pq Vt str 4551Overrides local RFCOMM channel to listen on. 4552By default 4553.Xr rfcomm_pppd 8 4554will listen on RFCOMM channel 1. 4555Must set properly if multiple profiles used in the same time. 4556.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4557.Pq Vt bool 4558Tells 4559.Xr rfcomm_pppd 8 4560if it should register Serial Port service on the specified RFCOMM channel. 4561Default 4562.Dq Li NO . 4563.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4564.Pq Vt bool 4565Tells 4566.Xr rfcomm_pppd 8 4567if it should register Dial-Up Networking service on the specified 4568RFCOMM channel. 4569Default 4570.Dq Li NO . 4571.It Va ubthidhci_enable 4572.Pq Vt bool 4573If set to 4574.Dq Li YES , 4575change the USB Bluetooth controller from HID mode to HCI mode. 4576You also need to specify the location of USB Bluetooth controller with the 4577.Va ubthidhci_busnum 4578and 4579.Va ubthidhci_addr 4580variables. 4581.It Va ubthidhci_busnum 4582Bus number where the USB Bluetooth controller is located. 4583Check the output of 4584.Xr usbconfig 8 4585on your system to find this information. 4586.It Va ubthidhci_addr 4587Bus address of the USB Bluetooth controller. 4588Check the output of 4589.Xr usbconfig 8 4590on your system to find this information. 4591.It Va utx_enable 4592.Pq Vt bool 4593Set to 4594.Dq Li YES 4595to enable user accounting through the 4596.Xr utx 8 4597facility. 4598.It Va netwait_enable 4599.Pq Vt bool 4600If set to 4601.Dq Li YES , 4602delays the start of network-reliant services until 4603.Va netwait_if 4604is up and ICMP packets to a destination defined in 4605.Va netwait_ip 4606are flowing. 4607Link state is examined first, followed by 4608.Dq Li pinging 4609an IP address to verify network usability. 4610If no destination can be reached or timeouts are exceeded, 4611network services are started anyway with no guarantee that 4612the network is usable. 4613Use of this variable requires both 4614.Va netwait_ip 4615and 4616.Va netwait_if 4617to be set. 4618.It Va netwait_ip 4619.Pq Vt str 4620Empty by default. 4621This variable contains a space-delimited list of IP addresses to 4622.Xr ping 8 . 4623DNS hostnames should not be used as resolution is not guaranteed 4624to be functional at this point. 4625If multiple IP addresses are specified, 4626each will be tried until one is successful or the list is exhausted. 4627.It Va netwait_timeout 4628.Pq Vt int 4629Indicates the total number of seconds to perform a 4630.Dq Li ping 4631against each IP address in 4632.Va netwait_ip , 4633at a rate of one ping per second. 4634If any of the pings are successful, 4635full network connectivity is considered reliable. 4636The default is 60. 4637.It Va netwait_if 4638.Pq Vt str 4639Empty by default. 4640Defines the name of the network interface on which watch for link. 4641.Xr ifconfig 8 4642is used to monitor the interface, looking for 4643.Dq Li status: no carrier . 4644Once gone, the link is considered up. 4645This can be a 4646.Xr vlan 4 4647interface if desired. 4648.It Va netwait_if_timeout 4649.Pq Vt int 4650Defines the total number of seconds to wait for link to become usable, 4651polled at a 1-second interval. 4652The default is 30. 4653.It Va rctl_enable 4654.Pq Vt bool 4655If set to 4656.Dq Li YES , 4657load 4658.Xr rctl 8 4659rules from the defined ruleset. 4660The kernel must be built with 4661.Cd "options RACCT" 4662and 4663.Cd "options RCTL" . 4664.It Va rctl_rules 4665.Pq Vt str 4666Set to 4667.Pa /etc/rctl.conf 4668by default. 4669This variables contains the 4670.Xr rctl.conf 5 4671ruleset to load for 4672.Xr rctl 8 . 4673.It Va iovctl_files 4674.Pq Vt str 4675A space-separated list of configuration files used by 4676.Xr iovctl 8 . 4677The default value is an empty string. 4678.It Va autofs_enable 4679.Pq Vt bool 4680If set to 4681.Dq Li YES , 4682start the 4683.Xr automount 8 4684utility and the 4685.Xr automountd 8 4686and 4687.Xr autounmountd 8 4688daemons at boot time. 4689.It Va automount_flags 4690.Pq Vt str 4691If 4692.Va autofs_enable 4693is set to 4694.Dq Li YES , 4695these are the flags to pass to the 4696.Xr automount 8 4697program. 4698By default no flags are passed. 4699.It Va automountd_flags 4700.Pq Vt str 4701If 4702.Va autofs_enable 4703is set to 4704.Dq Li YES , 4705these are the flags to pass to the 4706.Xr automountd 8 4707daemon. 4708By default no flags are passed. 4709.It Va autounmountd_flags 4710.Pq Vt str 4711If 4712.Va autofs_enable 4713is set to 4714.Dq Li YES , 4715these are the flags to pass to the 4716.Xr autounmountd 8 4717daemon. 4718By default no flags are passed. 4719.It Va ctld_enable 4720.Pq Vt bool 4721If set to 4722.Dq Li YES , 4723start the 4724.Xr ctld 8 4725daemon at boot time. 4726.It Va iscsid_enable 4727.Pq Vt bool 4728If set to 4729.Dq Li YES , 4730start the 4731.Xr iscsid 8 4732daemon at boot time. 4733.It Va iscsictl_enable 4734.Pq Vt bool 4735If set to 4736.Dq Li YES , 4737start the 4738.Xr iscsictl 8 4739utility at boot time. 4740.It Va iscsictl_flags 4741.Pq Vt str 4742If 4743.Va iscsictl_enable 4744is set to 4745.Dq Li YES , 4746these are the flags to pass to the 4747.Xr iscsictl 8 4748program. 4749The default is 4750.Dq Li -Aa , 4751which configures sessions based on the 4752.Pa /etc/iscsi.conf 4753configuration file. 4754.It Va cfumass_enable 4755.Pq Vt bool 4756If set to 4757.Dq Li YES , 4758create and export an USB LUN using 4759.Xr cfumass 4 4760at boot time. 4761.It Va cfumass_dir 4762.Pq Vt str 4763The directory where the files exported by USB LUN are located. 4764The default directory is 4765.Pa /var/cfumass . 4766.It Va service_delete_empty 4767.Pq Vt bool 4768If set to 4769.Dq Li YES , 4770.Ql Li service delete 4771removes empty 4772.Dq Li rc.conf.d 4773files. 4774.It Va zfs_bootonce_activate 4775.Pq Vt bool 4776If set to 4777.Dq Li YES , 4778and a boot environment marked bootonce is successfully booted, 4779it will be made permanently active. 4780.It Va zfskeys_enable 4781.Pq Vt bool 4782If set to 4783.Dq Li YES , 4784enable auto-loading of encryption keys for encrypted ZFS datasets. 4785For every dataset the script will first load the appropriate encryption key 4786and then attempt to unlock the dataset. 4787.Pp 4788The script operates only on datasets which are encrypted with 4789ZFS native encryption 4790and have a ZFS 4791.Dq Li keylocation 4792dataset property beginning with 4793.Dq Li file:// . 4794.It Va zfskeys_datasets 4795.Pq Vt str 4796A whitespace-separated list of ZFS datasets to unlock. 4797The list is empty by default, 4798which means that the script will attempt to unlock all datasets. 4799.It Va zfskeys_timeout 4800.Pq Vt int 4801Define the total number of seconds to wait for the zfskeys script 4802to unlock an encrypted dataset. 4803The default is 10. 4804.It Va sendmail_enable 4805.Pq Vt str 4806If set to 4807.Dq Li YES , 4808run the 4809.Xr sendmail 8 4810daemon at system boot time. 4811If set to 4812.Dq Li NO , 4813do not run a 4814.Xr sendmail 8 4815daemon to listen for incoming network mail. 4816This does not preclude a 4817.Xr sendmail 8 4818daemon listening on the SMTP port of the loopback interface. 4819The 4820.Dq Li NONE 4821option sets each 4822.Va sendmail_enable , 4823.Va sendmail_submit_enable , 4824.Va sendmail_outbound_enable , 4825.Va sendmail_msp_queue_enable 4826to 4827.Dq Li NO . 4828.It Va sendmail_cert_create 4829.Pq Vt str 4830If 4831.Va sendmail_enable 4832is set to 4833.Dq Li YES , 4834create a signed certificate 4835.Pa /etc/mail/certs/host.cert 4836representing 4837.Pa /etc/mail/certs/host.key 4838by the CA certificate in 4839.Pa /etc/mail/certs/cacert.pem . 4840This will enable connecting hosts to negotiate STARTTLS allowing incoming 4841email to be encrypted in transit. 4842.Xr sendmail 8 4843needs to be configured to use these generated files. 4844The default configuration in 4845.Pa /etc/mail/freebsd.mc 4846has the required options in it. 4847.It Va sendmail_cert_cn 4848.Pq Vt str 4849If 4850.Va sendmail_enable 4851is set to 4852.Dq Li YES 4853and 4854.Va sendmail_cert_create 4855is set to 4856.Dq Li YES , 4857this is the Common Name (CN) of the certificate that will be created. 4858If 4859.Va sendmail_cert_cn 4860is not set, the system's hostname will be used. 4861If there is no hostname set, 4862.Dq Li amnesiac 4863will be used. 4864.It Va sendmail_flags 4865.Pq Vt str 4866If 4867.Va sendmail_enable 4868is set to 4869.Dq Li YES , 4870these are the flags to pass to the 4871.Xr sendmail 8 4872daemon. 4873.It Va sendmail_submit_enable 4874.Pq Vt bool 4875If set to 4876.Dq Li YES 4877and 4878.Va sendmail_enable 4879is set to 4880.Dq Li NO , 4881run 4882.Xr sendmail 8 4883using 4884.Va sendmail_submit_flags 4885instead of 4886.Va sendmail_flags . 4887This is intended to allow local mail submission via 4888a localhost-only listening SMTP service required for running 4889.Xr sendmail 8 4890as a non-set-user-ID binary. 4891Note that this does not work inside 4892.Xr jail 2 4893systems, as jails do not allow binding to just the localhost interface. 4894.It Va sendmail_submit_flags 4895.Pq Vt str 4896If 4897.Va sendmail_enable 4898is set to 4899.Dq Li NO 4900and 4901.Va sendmail_submit_enable 4902is set to 4903.Dq Li YES , 4904these are the flags to pass to the 4905.Xr sendmail 8 4906daemon. 4907.It Va sendmail_outbound_enable 4908.Pq Vt bool 4909If set to 4910.Dq Li YES 4911and both 4912.Va sendmail_enable 4913and 4914.Va sendmail_submit_enable 4915are set to 4916.Dq Li NO , 4917run 4918.Xr sendmail 8 4919using 4920.Va sendmail_outbound_flags 4921instead of 4922.Va sendmail_flags . 4923This is intended to allow local mail queue management 4924for systems that do not offer a listening SMTP service. 4925.It Va sendmail_outbound_flags 4926.Pq Vt str 4927If both 4928.Va sendmail_enable 4929and 4930.Va sendmail_submit_enable 4931are set to 4932.Dq Li NO 4933and 4934.Va sendmail_outbound_enable 4935is set to 4936.Dq Li YES , 4937these are the flags to pass to the 4938.Xr sendmail 8 4939daemon. 4940.It Va sendmail_msp_queue_enable 4941.Pq Vt bool 4942If set to 4943.Dq Li YES , 4944start a client (MSP) queue runner 4945.Xr sendmail 8 4946daemon at system boot time. 4947As of sendmail 8.12, a separate queue is used for command line 4948submissions. 4949The client queue runner ensures that nothing is 4950left behind in the submission queue. 4951.It Va sendmail_msp_queue_flags 4952.Pq Vt str 4953If 4954.Va sendmail_msp_queue_enable 4955is set to 4956daemon. 4957.Dq Li YES , 4958these are the flags to pass to the 4959.Xr sendmail 8 4960.El 4961.Sh FILES 4962.Bl -tag -width "/etc/defaults/rc.conf" -compact 4963.It Pa /etc/defaults/rc.conf 4964.It Pa /etc/defaults/vendor.conf 4965.It Pa /etc/rc.conf 4966.It Pa /etc/rc.conf.local 4967.It Pa /etc/rc.conf.d/ 4968.El 4969.Sh SEE ALSO 4970.Xr chmod 1 , 4971.Xr cpuset 1 , 4972.Xr gdb 1 Pq Pa ports/devel/gdb , 4973.Xr kbdcontrol 1 , 4974.Xr limits 1 , 4975.Xr protect 1 , 4976.Xr sh 1 , 4977.Xr umask 1 , 4978.Xr uuidgen 1 , 4979.Xr vi 1 , 4980.Xr vidcontrol 1 , 4981.Xr bridge 4 , 4982.Xr dummynet 4 , 4983.Xr ip 4 , 4984.Xr ipf 4 , 4985.Xr ipfw 4 , 4986.Xr ipnat 4 , 4987.Xr kld 4 , 4988.Xr pf 4 , 4989.Xr pflog 4 , 4990.Xr pfsync 4 , 4991.Xr tcp 4 , 4992.Xr udp 4 , 4993.Xr exports 5 , 4994.Xr fstab 5 , 4995.Xr ipf 5 , 4996.Xr ipnat 5 , 4997.Xr jail.conf 5 , 4998.Xr loader.conf 5 , 4999.Xr login.conf 5 , 5000.Xr motd 5 , 5001.Xr newsyslog.conf 5 , 5002.Xr pf.conf 5 , 5003.Xr firewall 7 , 5004.Xr growfs 7 , 5005.Xr security 7 , 5006.Xr tuning 7 , 5007.Xr accton 8 , 5008.Xr apm 8 , 5009.Xr bsdinstall 8 , 5010.Xr bthidd 8 , 5011.Xr chkprintcap 8 , 5012.Xr chown 8 , 5013.Xr cron 8 , 5014.Xr devfs 8 , 5015.Xr dhclient 8 , 5016.Xr ftpd 8 , 5017.Xr geli 8 , 5018.Xr hcsecd 8 , 5019.Xr ifconfig 8 , 5020.Xr inetd 8 , 5021.Xr iovctl 8 , 5022.Xr ipf 8 , 5023.Xr ipfw 8 , 5024.Xr ipnat 8 , 5025.Xr jail 8 , 5026.Xr kldxref 8 , 5027.Xr loader 8 , 5028.Xr lpd 8 , 5029.Xr makewhatis 8 , 5030.Xr mdconfig 8 , 5031.Xr mdmfs 8 , 5032.Xr mixer 8 , 5033.Xr mountd 8 , 5034.Xr moused 8 , 5035.Xr newfs 8 , 5036.Xr newsyslog 8 , 5037.Xr nfsd 8 , 5038.Xr ntpd 8 , 5039.Xr ntpdate 8 , 5040.Xr pfctl 8 , 5041.Xr pflogd 8 , 5042.Xr ping 8 , 5043.Xr powerd 8 , 5044.Xr quotacheck 8 , 5045.Xr quotaon 8 , 5046.Xr rc 8 , 5047.Xr rc.subr 8 , 5048.Xr rcorder 8 , 5049.Xr rfcomm_pppd 8 , 5050.Xr route 8 , 5051.Xr route6d 8 , 5052.Xr routed 8 , 5053.Xr rpc.lockd 8 , 5054.Xr rpc.statd 8 , 5055.Xr rpc.tlsclntd 8 , 5056.Xr rpc.tlsservd 8 , 5057.Xr rpcbind 8 , 5058.Xr rwhod 8 , 5059.Xr savecore 8 , 5060.Xr sdpd 8 , 5061.Xr sendmail 8 , 5062.Xr service 8 , 5063.Xr sshd 8 , 5064.Xr swapon 8 , 5065.Xr sysctl 8 , 5066.Xr syslogd 8 , 5067.Xr sysrc 8 , 5068.Xr unbound 8 , 5069.Xr usbconfig 8 , 5070.Xr utx 8 , 5071.Xr wlandebug 8 , 5072.Xr yp 8 , 5073.Xr ypbind 8 , 5074.Xr ypserv 8 , 5075.Xr ypset 8 5076.Sh HISTORY 5077The 5078.Nm 5079file appeared in 5080.Fx 2.2.2 . 5081.Sh AUTHORS 5082.An Jordan K. Hubbard . 5083