1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd October 28, 2013 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66In addition to 67.Pa /etc/rc.conf.local 68you can also place smaller configuration files for each 69.Xr rc 8 70script in the 71.Pa /etc/rc.conf.d 72directory, which will be included by the 73.Va load_rc_config 74function. 75For jail configurations you could use the file 76.Pa /etc/rc.conf.d/jail 77to store jail specific configuration options. 78Also see the 79.Va rc_conf_files 80variable below. 81.Pp 82Options are set with 83.Dq Ar name Ns Li = Ns Ar value 84assignments that use 85.Xr sh 1 86syntax. 87The following list provides a name and short description for each 88variable that can be set in the 89.Nm 90file: 91.Bl -tag -width indent-two 92.It Va rc_debug 93.Pq Vt bool 94If set to 95.Dq Li YES , 96enable output of debug messages from rc scripts. 97This variable can be helpful in diagnosing mistakes when 98editing or integrating new scripts. 99Beware that this produces copious output to the terminal and 100.Xr syslog 3 . 101.It Va rc_info 102.Pq Vt bool 103If set to 104.Dq Li NO , 105disable informational messages from the rc scripts. 106Informational messages are displayed when 107a condition that is not serious enough to warrant a warning or 108an error occurs. 109.It Va rc_startmsgs 110.Pq Vt bool 111If set to 112.Dq Li YES , 113show 114.Dq Starting foo: 115when faststart is used (e.g., at boot time). 116.It Va early_late_divider 117.Pq Vt str 118The name of the script that should be used as the 119delimiter between the 120.Dq early 121and 122.Dq late 123stages of the boot process. 124The early stage should contain all the services needed to 125get the disks (local or remote) mounted so that the late 126stage can include scripts contained in the directories 127listed in the 128.Va local_startup 129variable (see below). 130Thus, the two likely candidates for this value are 131.Pa mountcritlocal 132for the typical system, and 133.Pa mountcritremote 134if the system needs remote file 135systems mounted to get access to the 136.Va local_startup 137directories; for example when 138.Pa /usr/local 139is NFS mounted. 140For 141.Pa rc.conf 142within a 143.Xr jail 8 144.Pa NETWORKING 145is likely to be an appropriate value. 146Extreme care should be taken when changing this value, 147and before changing it one should ensure that there are 148adequate provisions to recover from a failed boot 149(such as physical contact with the machine, 150or reliable remote console access). 151.It Va always_force_depends 152.Pq Vt bool 153Various 154.Pa rc.d 155scripts use the force_depend function to check whether required 156services are already running, and to start them if necessary. 157By default during boot time this check is bypassed if the 158required service is enabled in 159.Pa /etc/rc.conf[.local] . 160Setting this option will bypass that check at boot time and 161always test whether or not the service is actually running. 162Enabling this option is likely to increase your boot time if 163services are enabled that utilize the force_depend check. 164.It Ao Ar name Ac Ns Va _chroot 165.Pq Vt str 166.Xr chroot 167to this directory before running the service. 168.It Ao Ar name Ac Ns Va _user 169.Pq Vt str 170Run the service under this user account. 171.It Ao Ar name Ac Ns Va _group 172.Pq Vt str 173Run the chrooted service under this system group. Unlike the _user 174setting, this setting has no effect if the service is not chrooted. 175.It Ao Ar name Ac Ns Va _fib 176.Pq Vt int 177The 178.Xr setfib 1 179value to run the service under. 180.It Ao Ar name Ac Ns Va _nice 181.Pq Vt int 182The 183.Xr nice 1 184value to run the service under. 185.It Va apm_enable 186.Pq Vt bool 187If set to 188.Dq Li YES , 189enable support for Automatic Power Management with 190the 191.Xr apm 8 192command. 193.It Va apmd_enable 194.Pq Vt bool 195Run 196.Xr apmd 8 197to handle APM event from userland. 198This also enables support for APM. 199.It Va apmd_flags 200.Pq Vt str 201If 202.Va apmd_enable 203is set to 204.Dq Li YES , 205these are the flags to pass to the 206.Xr apmd 8 207daemon. 208.It Va devd_enable 209.Pq Vt bool 210Run 211.Xr devd 8 212to handle device added, removed or unknown events from the kernel. 213.It Va ddb_enable 214.Pq Vt bool 215Run 216.Xr ddb 8 217to install 218.Xr ddb 4 219scripts at boot time. 220.It Va ddb_config 221.Pq Vt str 222Configuration file for 223.Xr ddb 8 . 224Default 225.Pa /etc/ddb.conf . 226.It Va kld_list 227.Pq Vt str 228A list of kernel modules to load right after the local 229disks are mounted. 230Loading modules at this point in the boot process is 231much faster than doing it via 232.Pa /boot/loader.conf 233for those modules not necessary for mounting local disk. 234.It Va kldxref_enable 235.Pq Vt bool 236Set to 237.Dq Li NO 238by default. 239Set to 240.Dq Li YES 241to automatically rebuild 242.Pa linker.hints 243files with 244.Xr kldxref 8 245at boot time. 246.It Va kldxref_clobber 247.Pq Vt bool 248Set to 249.Dq Li NO 250by default. 251If 252.Va kldxref_enable 253is true, 254setting to 255.Dq Li YES 256will overwrite existing 257.Pa linker.hints 258files at boot time. 259Otherwise, 260only missing 261.Pa linker.hints 262files are generated. 263.It Va kldxref_module_path 264.Pq Vt str 265Empty by default. 266A semi-colon 267.Pq Ql \&; 268delimited list of paths containing 269.Xr kld 4 270modules. 271If empty, 272the contents of the 273.Va kern.module_path 274.Xr sysctl 8 275are used. 276.It Va powerd_enable 277.Pq Vt bool 278If set to 279.Dq Li YES , 280enable the system power control facility with the 281.Xr powerd 8 282daemon. 283.It Va powerd_flags 284.Pq Vt str 285If 286.Va powerd_enable 287is set to 288.Dq Li YES , 289these are the flags to pass to the 290.Xr powerd 8 291daemon. 292.It Va tmpmfs 293Controls the creation of a 294.Pa /tmp 295memory file system. 296Always happens if set to 297.Dq Li YES 298and never happens if set to 299.Dq Li NO . 300If set to anything else, a memory file system is created if 301.Pa /tmp 302is not writable. 303.It Va tmpsize 304Controls the size of a created 305.Pa /tmp 306memory file system. 307.It Va tmpmfs_flags 308Extra options passed to the 309.Xr mdmfs 8 310utility when the memory file system for 311.Pa /tmp 312is created. 313The default is 314.Dq Li "-S" , 315which inhibits the use of softupdates on 316.Pa /tmp 317so that file system space is freed without delay 318after file truncation or deletion. 319See 320.Xr mdmfs 8 321for other options you can use in 322.Va tmpmfs_flags . 323.It Va varmfs 324Controls the creation of a 325.Pa /var 326memory file system. 327Always happens if set to 328.Dq Li YES 329and never happens if set to 330.Dq Li NO . 331If set to anything else, a memory file system is created if 332.Pa /var 333is not writable. 334.It Va varsize 335Controls the size of a created 336.Pa /var 337memory file system. 338.It Va varmfs_flags 339Extra options passed to the 340.Xr mdmfs 8 341utility when the memory file system for 342.Pa /var 343is created. 344The default is 345.Dq Li "-S" , 346which inhibits the use of softupdates on 347.Pa /var 348so that file system space is freed without delay 349after file truncation or deletion. 350See 351.Xr mdmfs 8 352for other options you can use in 353.Va varmfs_flags . 354.It Va populate_var 355Controls the automatic population of the 356.Pa /var 357file system. 358Always happens if set to 359.Dq Li YES 360and never happens if set to 361.Dq Li NO . 362If set to anything else, a memory file system is created if 363.Pa /var 364is not writable. 365Note that this process requires access to certain commands in 366.Pa /usr 367before 368.Pa /usr 369is mounted on normal systems. 370.It Va cleanvar_enable 371.Pq Vt bool 372Clean the 373.Pa /var 374directory. 375.It Va local_startup 376.Pq Vt str 377List of directories to search for startup script files. 378.It Va script_name_sep 379.Pq Vt str 380The field separator to use for breaking down the list of startup script files 381into individual filenames. 382The default is a space. 383It is not necessary to change this unless there are startup scripts with names 384containing spaces. 385.It Va hostapd_enable 386.Pq Vt bool 387Set to 388.Dq Li YES 389to start 390.Xr hostapd 8 391at system boot time. 392.It Va hostname 393.Pq Vt str 394The fully qualified domain name (FQDN) of this host on the network. 395This should almost certainly be set to something meaningful, even if 396there is no network connection. 397If 398.Xr dhclient 8 399is used to set the hostname via DHCP, 400this variable should be set to an empty string. 401If this value remains unset when the system is done booting 402your console login will display the default hostname of 403.Dq Amnesiac . 404.It Va nisdomainname 405.Pq Vt str 406The NIS domain name of this host, or 407.Dq Li NO 408if NIS is not used. 409.It Va dhclient_program 410.Pq Vt str 411Path to the DHCP client program 412.Pa ( /sbin/dhclient , 413the 414.Ox 415DHCP client, 416is the default). 417.It Va dhclient_flags 418.Pq Vt str 419Additional flags to pass to the DHCP client program. 420For the 421.Ox 422DHCP client, see the 423.Xr dhclient 8 424manpage for a description of the command line options available. 425.It Va dhclient_flags_ Ns Aq Ar iface 426Additional flags to pass to the DHCP client program running on 427.Ar iface 428only. 429When specified, this variable overrides 430.Va dhclient_flags . 431.It Va background_dhclient 432.Pq Vt bool 433Set to 434.Dq Li YES 435to start the DHCP client in background. 436This can cause trouble with applications depending on 437a working network, but it will provide a faster startup 438in many cases. 439.It Va background_dhclient_ Ns Aq Ar iface 440When specified, this variable overrides the 441.Va background_dhclient 442variable for interface 443.Ar iface 444only. 445.It Va synchronous_dhclient 446.Pq Vt bool 447Set to 448.Dq Li YES 449to start 450.Xr dhclient 8 451synchronously at startup. 452This behavior can be overridden on a per-interface basis by replacing 453the 454.Dq Li DHCP 455keyword in the 456.Va ifconfig_ Ns Aq Ar interface 457variable with 458.Dq Li SYNCDHCP 459or 460.Dq Li NOSYNCDHCP . 461.It Va defaultroute_delay 462.Pq Vt int 463When set to a positive value, wait up to this long after configuring 464DHCP interfaces at startup to give the interfaces time to receive a lease. 465.It Va firewall_enable 466.Pq Vt bool 467Set to 468.Dq Li YES 469to load firewall rules at startup. 470If the kernel was not built with 471.Cd "options IPFIREWALL" , 472the 473.Pa ipfw.ko 474kernel module will be loaded. 475See also 476.Va ipfilter_enable . 477.It Va firewall_script 478.Pq Vt str 479This variable specifies the full path to the firewall script to run. 480The default is 481.Pa /etc/rc.firewall . 482.It Va firewall_type 483.Pq Vt str 484Names the firewall type from the selection in 485.Pa /etc/rc.firewall , 486or the file which contains the local firewall ruleset. 487Valid selections from 488.Pa /etc/rc.firewall 489are: 490.Pp 491.Bl -tag -width ".Li simple" -compact 492.It Li open 493unrestricted IP access 494.It Li closed 495all IP services disabled, except via 496.Dq Li lo0 497.It Li client 498basic protection for a workstation 499.It Li simple 500basic protection for a LAN. 501.El 502.Pp 503If a filename is specified, the full path 504must be given. 505.It Va firewall_quiet 506.Pq Vt bool 507Set to 508.Dq Li YES 509to disable the display of firewall rules on the console during boot. 510.It Va firewall_logging 511.Pq Vt bool 512Set to 513.Dq Li YES 514to enable firewall event logging. 515This is equivalent to the 516.Dv IPFIREWALL_VERBOSE 517kernel option. 518.It Va firewall_logif 519.Pq Vt bool 520Set to 521.Dq Li YES 522to create pseudo interface 523.Li ipfw0 524for logging. 525For more details, see 526.Xr ipfw 8 527manual page. 528.It Va firewall_flags 529.Pq Vt str 530Flags passed to 531.Xr ipfw 8 532if 533.Va firewall_type 534specifies a filename. 535.It Va firewall_coscripts 536.Pq Vt str 537List of executables and/or rc scripts to run after firewall starts/stops. 538Default is empty. 539.\" ----- firewall_nat_enable setting -------------------------------- 540.It Va firewall_nat_enable 541.Pq Vt bool 542The 543.Xr ipfw 8 544equivalent of 545.Va natd_enable . 546Setting this to 547.Dq Li YES 548enables kernel NAT. 549.Va firewall_enable 550must also be set to 551.Dq Li YES . 552.It Va firewall_nat_interface 553.Pq Vt str 554The 555.Xr ipfw 8 556equivalent of 557.Va natd_interface . 558This is the name of the public interface or IP address on which 559kernel NAT should run. 560.It Va firewall_nat_flags 561.Pq Vt str 562Additional configuration parameters for kernel NAT should be placed here. 563.It Va dummynet_enable 564.Pq Vt bool 565Setting this to 566.Dq Li YES 567will automatically load the 568.Xr dummynet 4 569module if 570.Va firewall_enable 571is also set to 572.Dq Li YES . 573.\" ------------------------------------------------------------------- 574.It Va natd_program 575.Pq Vt str 576Path to 577.Xr natd 8 . 578.It Va natd_enable 579.Pq Vt bool 580Set to 581.Dq Li YES 582to enable 583.Xr natd 8 . 584.Va firewall_enable 585must also be set to 586.Dq Li YES , 587and 588.Xr divert 4 589sockets must be enabled in the kernel. 590If the kernel was not built with 591.Cd "options IPDIVERT" , 592the 593.Pa ipdivert.ko 594kernel module will be loaded. 595.It Va natd_interface 596.Pq Vt str 597This is the name of the public interface on which 598.Xr natd 8 599should run. 600The interface may be given as an interface name or as an IP address. 601.It Va natd_flags 602.Pq Vt str 603Additional 604.Xr natd 8 605flags should be placed here. 606The 607.Fl n 608or 609.Fl a 610flag is automatically added with the above 611.Va natd_interface 612as an argument. 613.\" ----- ipfilter_enable setting -------------------------------- 614.It Va ipfilter_enable 615.Pq Vt bool 616Set to 617.Dq Li NO 618by default. 619Setting this to 620.Dq Li YES 621enables 622.Xr ipf 8 623packet filtering. 624.Pp 625Typical usage will require putting 626.Bd -literal 627ipfilter_enable="YES" 628ipnat_enable="YES" 629ipmon_enable="YES" 630ipfs_enable="YES" 631.Ed 632.Pp 633into 634.Pa /etc/rc.conf 635and editing 636.Pa /etc/ipf.rules 637and 638.Pa /etc/ipnat.rules 639appropriately. 640.Pp 641Note that 642.Va ipfilter_enable 643and 644.Va ipnat_enable 645can be enabled independently. 646.Va ipmon_enable 647and 648.Va ipfs_enable 649both require at least one of 650.Va ipfilter_enable 651and 652.Va ipnat_enable 653to be enabled. 654.Pp 655Having 656.Bd -literal 657options IPFILTER 658options IPFILTER_LOG 659options IPFILTER_DEFAULT_BLOCK 660.Ed 661.Pp 662in the kernel configuration file is a good idea, too. 663.\" ----- ipfilter_program setting ------------------------------ 664.It Va ipfilter_program 665.Pq Vt str 666Path to 667.Xr ipf 8 668(default 669.Pa /sbin/ipf ) . 670.\" ----- ipfilter_rules setting -------------------------------- 671.It Va ipfilter_rules 672.Pq Vt str 673Set to 674.Pa /etc/ipf.rules 675by default. 676This variable contains the name of the filter rule definition file. 677The file is expected to be readable for the 678.Xr ipf 8 679command to execute. 680.\" ----- ipv6_ipfilter_rules setting --------------------------- 681.It Va ipv6_ipfilter_rules 682.Pq Vt str 683Set to 684.Pa /etc/ipf6.rules 685by default. 686This variable contains the IPv6 filter rule definition file. 687The file is expected to be readable for the 688.Xr ipf 8 689command to execute. 690.\" ----- ipfilter_flags setting -------------------------------- 691.It Va ipfilter_flags 692.Pq Vt str 693Empty by default. 694This variable contains flags passed to the 695.Xr ipf 8 696program. 697.\" ----- ipnat_enable setting ---------------------------------- 698.It Va ipnat_enable 699.Pq Vt bool 700Set to 701.Dq Li NO 702by default. 703Set it to 704.Dq Li YES 705to enable 706.Xr ipnat 8 707network address translation. 708See 709.Va ipfilter_enable 710for a detailed discussion. 711.\" ----- ipnat_program setting --------------------------------- 712.It Va ipnat_program 713.Pq Vt str 714Path to 715.Xr ipnat 8 716(default 717.Pa /sbin/ipnat ) . 718.\" ----- ipnat_rules setting ----------------------------------- 719.It Va ipnat_rules 720.Pq Vt str 721Set to 722.Pa /etc/ipnat.rules 723by default. 724This variable contains the name of the file 725holding the network address translation definition. 726This file is expected to be readable for the 727.Xr ipnat 8 728command to execute. 729.\" ----- ipnat_flags setting ----------------------------------- 730.It Va ipnat_flags 731.Pq Vt str 732Empty by default. 733This variable contains flags passed to the 734.Xr ipnat 8 735program. 736.\" ----- ipmon_enable setting ---------------------------------- 737.It Va ipmon_enable 738.Pq Vt bool 739Set to 740.Dq Li NO 741by default. 742Set it to 743.Dq Li YES 744to enable 745.Xr ipmon 8 746monitoring (logging 747.Xr ipf 8 748and 749.Xr ipnat 8 750events). 751Setting this variable needs setting 752.Va ipfilter_enable 753or 754.Va ipnat_enable 755too. 756See 757.Va ipfilter_enable 758for a detailed discussion. 759.\" ----- ipmon_program setting --------------------------------- 760.It Va ipmon_program 761.Pq Vt str 762Path to 763.Xr ipmon 8 764(default 765.Pa /sbin/ipmon ) . 766.\" ----- ipmon_flags setting ----------------------------------- 767.It Va ipmon_flags 768.Pq Vt str 769Set to 770.Dq Li -Ds 771by default. 772This variable contains flags passed to the 773.Xr ipmon 8 774program. 775Another typical example would be 776.Dq Fl D Pa /var/log/ipflog 777to have 778.Xr ipmon 8 779log directly to a file bypassing 780.Xr syslogd 8 . 781Make sure to adjust 782.Pa /etc/newsyslog.conf 783in such case like this: 784.Bd -literal 785/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 786.Ed 787.\" ----- ipfs_enable setting ----------------------------------- 788.It Va ipfs_enable 789.Pq Vt bool 790Set to 791.Dq Li NO 792by default. 793Set it to 794.Dq Li YES 795to enable 796.Xr ipfs 8 797saving the filter and NAT state tables during shutdown 798and reloading them during startup again. 799Setting this variable needs setting 800.Va ipfilter_enable 801or 802.Va ipnat_enable 803to 804.Dq Li YES 805too. 806See 807.Va ipfilter_enable 808for a detailed discussion. 809Note that if 810.Va kern_securelevel 811is set to 3, 812.Va ipfs_enable 813cannot be used 814because the raised securelevel will prevent 815.Xr ipfs 8 816from saving the state tables at shutdown time. 817.\" ----- ipfs_program setting ---------------------------------- 818.It Va ipfs_program 819.Pq Vt str 820Path to 821.Xr ipfs 8 822(default 823.Pa /sbin/ipfs ) . 824.\" ----- ipfs_flags setting ------------------------------------ 825.It Va ipfs_flags 826.Pq Vt str 827Empty by default. 828This variable contains flags passed to the 829.Xr ipfs 8 830program. 831.\" ----- end of added ipf hook --------------------------------- 832.It Va pf_enable 833.Pq Vt bool 834Set to 835.Dq Li NO 836by default. 837Setting this to 838.Dq Li YES 839enables 840.Xr pf 4 841packet filtering. 842.Pp 843Typical usage will require putting 844.Pp 845.Dl pf_enable="YES" 846.Pp 847into 848.Pa /etc/rc.conf 849and editing 850.Pa /etc/pf.conf 851appropriately. 852Adding 853.Pp 854.Dl "device pf" 855.Pp 856builds support for 857.Xr pf 4 858into the kernel, otherwise the 859kernel module will be loaded. 860.It Va pf_rules 861.Pq Vt str 862Path to 863.Xr pf 4 864ruleset configuration file 865(default 866.Pa /etc/pf.conf ) . 867.It Va pf_program 868.Pq Vt str 869Path to 870.Xr pfctl 8 871(default 872.Pa /sbin/pfctl ) . 873.It Va pf_flags 874.Pq Vt str 875If 876.Va pf_enable 877is set to 878.Dq Li YES , 879these flags are passed to the 880.Xr pfctl 8 881program when loading the ruleset. 882.It Va pflog_enable 883.Pq Vt bool 884Set to 885.Dq Li NO 886by default. 887Setting this to 888.Dq Li YES 889enables 890.Xr pflogd 8 891which logs packets from the 892.Xr pf 4 893packet filter. 894.It Va pflog_logfile 895.Pq Vt str 896If 897.Va pflog_enable 898is set to 899.Dq Li YES 900this controls where 901.Xr pflogd 8 902stores the logfile 903(default 904.Pa /var/log/pflog ) . 905Check 906.Pa /etc/newsyslog.conf 907to adjust logfile rotation for this. 908.It Va pflog_program 909.Pq Vt str 910Path to 911.Xr pflogd 8 912(default 913.Pa /sbin/pflogd ) . 914.It Va pflog_flags 915.Pq Vt str 916Empty by default. 917This variable contains additional flags passed to the 918.Xr pflogd 8 919program. 920.It Va ftpproxy_enable 921.Pq Vt bool 922Set to 923.Dq Li NO 924by default. 925Setting this to 926.Dq Li YES 927enables 928.Xr ftp-proxy 8 929which supports the 930.Xr pf 4 931packet filter in translating ftp connections. 932.It Va ftpproxy_flags 933.Pq Vt str 934Empty by default. 935This variable contains additional flags passed to the 936.Xr ftp-proxy 8 937program. 938.It Va pfsync_enable 939.Pq Vt bool 940Set to 941.Dq Li NO 942by default. 943Setting this to 944.Dq Li YES 945enables exposing 946.Xr pf 4 947state changes to other hosts over the network by means of 948.Xr pfsync 4 . 949The 950.Va pfsync_syncdev 951variable 952must also be set then. 953.It Va pfsync_syncdev 954.Pq Vt str 955Empty by default. 956This variable specifies the name of the network interface 957.Xr pfsync 4 958should operate through. 959It must be set accordingly if 960.Va pfsync_enable 961is set to 962.Dq Li YES . 963.It Va pfsync_syncpeer 964.Pq Vt str 965Empty by default. 966This variable is optional. 967By default, state change messages are sent out on the synchronisation 968interface using IP multicast packets. 969The protocol is IP protocol 240, PFSYNC, and the multicast group used is 970224.0.0.240. 971When a peer address is specified using the 972.Va pfsync_syncpeer 973option, the peer address is used as a destination for the pfsync 974traffic, and the traffic can then be protected using 975.Xr ipsec 4 . 976See the 977.Xr pfsync 4 978manpage for more details about using 979.Xr ipsec 4 980with 981.Xr pfsync 4 982interfaces. 983.It Va pfsync_ifconfig 984.Pq Vt str 985Empty by default. 986This variable can contain additional options to be passed to the 987.Xr ifconfig 8 988command used to set up 989.Xr pfsync 4 . 990.It Va tcp_extensions 991.Pq Vt bool 992Set to 993.Dq Li YES 994by default. 995Setting this to 996.Dq Li NO 997disables certain TCP options as described by 998.Rs 999.%T "RFC 1323" 1000.Re 1001Setting this to 1002.Dq Li NO 1003might help remedy such problems with connections as randomly hanging 1004or other weird behavior. 1005Some network devices are known 1006to be broken with respect to these options. 1007.It Va log_in_vain 1008.Pq Vt int 1009Set to 0 by default. 1010The 1011.Xr sysctl 8 1012variables, 1013.Va net.inet.tcp.log_in_vain 1014and 1015.Va net.inet.udp.log_in_vain , 1016as described in 1017.Xr tcp 4 1018and 1019.Xr udp 4 , 1020are set to the given value. 1021.It Va tcp_keepalive 1022.Pq Vt bool 1023Set to 1024.Dq Li YES 1025by default. 1026Setting to 1027.Dq Li NO 1028will disable probing idle TCP connections to verify that the 1029peer is still up and reachable. 1030.It Va tcp_drop_synfin 1031.Pq Vt bool 1032Set to 1033.Dq Li NO 1034by default. 1035Setting to 1036.Dq Li YES 1037will cause the kernel to ignore TCP frames that have both 1038the SYN and FIN flags set. 1039This prevents OS fingerprinting, but may 1040break some legitimate applications. 1041.It Va icmp_drop_redirect 1042.Pq Vt bool 1043Set to 1044.Dq Li NO 1045by default. 1046Setting to 1047.Dq Li YES 1048will cause the kernel to ignore ICMP REDIRECT packets. 1049Refer to 1050.Xr icmp 4 1051for more information. 1052.It Va icmp_log_redirect 1053.Pq Vt bool 1054Set to 1055.Dq Li NO 1056by default. 1057Setting to 1058.Dq Li YES 1059will cause the kernel to log ICMP REDIRECT packets. 1060Note that 1061the log messages are not rate-limited, so this option should only be used 1062for troubleshooting networks. 1063Refer to 1064.Xr icmp 4 1065for more information. 1066.It Va icmp_bmcastecho 1067.Pq Vt bool 1068Set to 1069.Dq Li YES 1070to respond to broadcast or multicast ICMP ping packets. 1071Refer to 1072.Xr icmp 4 1073for more information. 1074.It Va ip_portrange_first 1075.Pq Vt int 1076If not set to 1077.Dq Li NO , 1078this is the first port in the default portrange. 1079Refer to 1080.Xr ip 4 1081for more information. 1082.It Va ip_portrange_last 1083.Pq Vt int 1084If not set to 1085.Dq Li NO , 1086this is the last port in the default portrange. 1087Refer to 1088.Xr ip 4 1089for more information. 1090.It Va network_interfaces 1091.Pq Vt str 1092Set to the list of network interfaces to configure on this host or 1093.Dq Li AUTO 1094(the default) for all current interfaces. 1095Setting the 1096.Va network_interfaces 1097variable to anything other than the default is deprecated. 1098Interfaces that the administrator wishes to store configuration for, 1099but not start at boot should be configured with the 1100.Dq Li NOAUTO 1101keyword in their 1102.Va ifconfig_ Ns Aq Ar interface 1103variables as described below. 1104.Pp 1105An 1106.Va ifconfig_ Ns Aq Ar interface 1107variable is also assumed to exist for each value of 1108.Ar interface . 1109When an interface name contains any of the characters 1110.Dq Li .-/+ 1111they are translated to 1112.Dq Li _ 1113before lookup. 1114The variable can contain arguments to 1115.Xr ifconfig 8 , 1116as well as special case-insensitive keywords described below. 1117Such keywords are removed before passing the value to 1118.Xr ifconfig 8 1119while the order of the other arguments is preserved. 1120.Pp 1121It is possible to add IP alias entries using 1122.Xr ifconfig 8 1123syntax with the address family keyword such as 1124.Li inet . 1125Assuming that the interface in question was 1126.Li ed0 , 1127it might look something like this: 1128.Bd -literal 1129ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1130ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1131.Ed 1132.Pp 1133It also possible to configure multiple IP addresses in Classless 1134Inter-Domain Routing 1135.Pq CIDR 1136address notation, 1137whose each address component can be a range like 1138.Li inet 192.0.2.5-23/24 1139or 1140.Li inet6 2001:db8:1-f::1/64 . 1141This notation allows address and prefix length part only, 1142not the other address modifiers. 1143.Pp 1144In the case of 1145.Li 192.0.2.5-23/24 , 1146the address 192.0.2.5 will be configured with the 1147netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1148the non-conflicting netmask /32 as explained in the 1149.Xr ifconfig 8 1150alias section. 1151Note that this special netmask handling is only for 1152.Li inet , 1153not for the other address families such as 1154.Li inet6 . 1155.Pp 1156With the interface in question being 1157.Li ed0 , 1158an example could look like: 1159.Bd -literal 1160ifconfig_ed0_alias2="inet 192.0.2.129/27" 1161ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1162.Ed 1163.Pp 1164and so on. 1165.Pp 1166Note that 1167.Va ipv4_addrs_ Ns Aq Ar interface 1168variable was supported for IPv4 CIDR address notation. 1169It is now deprecated because the functionality was integrated into 1170.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1171though 1172.Va ipv4_addrs_ Ns Aq Ar interface 1173is still supported for backward compatibility. 1174.Pp 1175For each 1176.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1177entry with an address family keyword, 1178its contents are passed to 1179.Xr ifconfig 8 . 1180Execution stops at the first unsuccessful access, so if 1181something like this is present: 1182.Bd -literal 1183ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1184ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1185ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1186ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1187.Ed 1188.Pp 1189Then note that alias4 would 1190.Em not 1191be added since the search would 1192stop with the missing 1193.Dq Li alias3 1194entry. 1195Because of this difficult to manage behavior, 1196there is 1197.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1198variable, which has the same functionality as 1199.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1200and can have all of entries in a variable like the following: 1201.Bd -literal 1202ifconfig_ed0_aliases="\\ 1203 inet 127.0.0.251 netmask 0xffffffff \\ 1204 inet 127.0.0.252 netmask 0xffffffff \\ 1205 inet 127.0.0.253 netmask 0xffffffff \\ 1206 inet 127.0.0.254 netmask 0xffffffff" 1207.Ed 1208.Pp 1209It also supports CIDR notation. 1210.Pp 1211If the 1212.Pa /etc/start_if. Ns Aq Ar interface 1213file is present, it is read and executed by the 1214.Xr sh 1 1215interpreter 1216before configuring the interface as specified in the 1217.Va ifconfig_ Ns Aq Ar interface 1218and 1219.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1220variables. 1221.Pp 1222If a 1223.Va vlans_ Ns Aq Ar interface 1224variable is set, 1225a 1226.Xr vlan 4 1227interface will be created for each item in the list with the 1228.Ar vlandev 1229argument set to 1230.Ar interface . 1231If a vlan interface's name is a number, 1232then that number is used as the vlan tag and the new vlan interface is 1233named 1234.Ar interface . Ns Ar tag . 1235Otherwise, 1236the vlan tag must be specified via a 1237.Va vlan 1238parameter in the 1239.Va create_args_ Ns Aq Ar interface 1240variable. 1241.Pp 1242To create a vlan device named 1243.Li em0.101 1244on 1245.Li em0 1246with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1247.Bd -literal 1248vlans_em0="101" 1249ifconfig_em0_101="inet 192.0.2.1/24" 1250.Ed 1251.Pp 1252To create a vlan device named 1253.Li myvlan 1254on 1255.Li em0 1256with the vlan tag 102: 1257.Bd -literal 1258vlans_em0="myvlan" 1259create_args_myvlan="vlan 102" 1260.Ed 1261.Pp 1262If a 1263.Va wlans_ Ns Aq Ar interface 1264variable is set, 1265an 1266.Xr wlan 4 1267interface will be created for each item in the list with the 1268.Ar wlandev 1269argument set to 1270.Ar interface . 1271Further wlan cloning arguments may be passed to the 1272.Xr ifconfig 8 1273.Cm create 1274command by setting the 1275.Va create_args_ Ns Aq Ar interface 1276variable. 1277One or more 1278.Xr wlan 4 1279devices must be created for each wireless devices as of 1280.Fx 8.0 . 1281Debugging flags for 1282.Xr wlan 4 1283devices as set by 1284.Xr wlandebug 8 1285may be specified with an 1286.Va wlandebug_ Ns Aq Ar interface 1287variable. 1288The contents of this variable will be passed directly to 1289.Xr wlandebug 8 . 1290.Pp 1291If the 1292.Va ifconfig_ Ns Aq Ar interface 1293contains the keyword 1294.Dq Li NOAUTO 1295then the interface will not be configured 1296at boot or by 1297.Pa /etc/pccard_ether 1298when 1299.Va network_interfaces 1300is set to 1301.Dq Li AUTO . 1302.Pp 1303It is possible to bring up an interface with DHCP by adding 1304.Dq Li DHCP 1305to the 1306.Va ifconfig_ Ns Aq Ar interface 1307variable. 1308For instance, to initialize the 1309.Li ed0 1310device via DHCP, 1311it is possible to use something like: 1312.Bd -literal 1313ifconfig_ed0="DHCP" 1314.Ed 1315.Pp 1316If you want to configure your wireless interface with 1317.Xr wpa_supplicant 8 1318for use with WPA, EAP/LEAP or WEP, you need to add 1319.Dq Li WPA 1320to the 1321.Va ifconfig_ Ns Aq Ar interface 1322variable. 1323.Pp 1324On the other hand, if you want to configure your wireless interface with 1325.Xr hostapd 8 , 1326you need to add 1327.Dq Li HOSTAP 1328to the 1329.Va ifconfig_ Ns Aq Ar interface 1330variable. 1331.Xr hostapd 8 1332will use the settings from 1333.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1334.Pp 1335Finally, you can add 1336.Xr ifconfig 8 1337options in this variable, in addition to the 1338.Pa /etc/start_if. Ns Aq Ar interface 1339file. 1340For instance, to configure an 1341.Xr ath 4 1342wireless device in station mode with an address obtained 1343via DHCP, using WPA authentication and 802.11b mode, it is 1344possible to use something like: 1345.Bd -literal 1346wlans_ath0="wlan0" 1347ifconfig_wlan0="DHCP WPA mode 11b" 1348.Ed 1349.Pp 1350In addition to the 1351.Va ifconfig_ Ns Aq Ar interface 1352form, a fallback variable 1353.Va ifconfig_DEFAULT 1354may be configured. 1355It will be used for all interfaces with no 1356.Va ifconfig_ Ns Aq Ar interface 1357variable. 1358This is intended to replace the no longer supported 1359.Va pccard_ifconfig 1360variable. 1361.Pp 1362It is also possible to rename an interface by doing: 1363.Bd -literal 1364ifconfig_ed0_name="net0" 1365ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1366.Ed 1367.It Va ipv6_enable 1368.Pq Vt bool 1369This variable is deprecated. 1370Use 1371.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1372and 1373.Va ipv6_activate_all_interfaces 1374if necessary. 1375.Pp 1376If the variable is 1377.Dq Li YES , 1378.Dq Li inet6 accept_rtadv 1379is added to all of 1380.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1381and the 1382.Va ipv6_activate_all_interfaces 1383is defined as 1384.Dq Li YES . 1385.It Va ipv6_prefer 1386.Pq Vt bool 1387This variable is deprecated. 1388Use 1389.Va ip6addrctl_policy 1390instead. 1391.Pp 1392If the variable is 1393.Dq Li YES , 1394the default address selection policy table set by 1395.Xr ip6addrctl 8 1396will be IPv6-preferred. 1397.Pp 1398If the variable is 1399.Dq Li NO , 1400the default address selection policy table set by 1401.Xr ip6addrctl 8 1402will be IPv4-preferred. 1403.It Va ipv6_activate_all_interfaces 1404.Pq Vt bool 1405This controls initial configuration on IPv6-capable 1406interfaces with no corresponding 1407.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1408variable. 1409Note that it is not always necessary to set this variable to 1410.Dq YES 1411to use IPv6 functionality on 1412.Fx . 1413In most cases, just configuring 1414.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1415variables works. 1416.Pp 1417If the variable is 1418.Dq Li NO , 1419all interfaces which do not have a corresponding 1420.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1421variable will be marked as 1422.Dq Li IFDISABLED 1423at creation. 1424This means that all of IPv6 functionality on that interface 1425is completely disabled to enforce a security policy. 1426If the variable is set to 1427.Dq YES , 1428the flag will be cleared on all of the interfaces. 1429.Pp 1430In most cases, just defining an 1431.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1432for an IPv6-capable interface should be sufficient. 1433However, if an interface is added dynamically 1434.Pq by some tunneling protocols such as PPP, for example , 1435it is often difficult to define the variable in advance. 1436In such a case, configuring the 1437.Dq Li IFDISABLED 1438flag can be disabled by setting this variable to 1439.Dq YES . 1440.Pp 1441For more details of the 1442.Dq Li IFDISABLED 1443flag and keywords 1444.Dq Li inet6 ifdisabled , 1445see 1446.Xr ifconfig 8 . 1447.Pp 1448Default is 1449.Dq Li NO . 1450.It Va ipv6_privacy 1451.Pq Vt bool 1452If the variable is 1453.Dq Li YES 1454privacy addresses will be generated for each IPv6 1455interface as described in RFC 4941. 1456.It Va ipv6_network_interfaces 1457.Pq Vt str 1458This is the IPv6 equivalent of 1459.Va network_interfaces . 1460Normally manual configuration of this variable is not needed. 1461.Pp 1462.It Va ipv6_cpe_wanif 1463.Pq Vt str 1464If the variable is set to an interface name, 1465the 1466.Xr ifconfig 8 1467options 1468.Dq inet6 -no_radr accept_rtadv 1469will be added to the specified interface automatically before evaluating 1470.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1471and two 1472.Xr sysctl 8 1473variables 1474.Va net.inet6.ip6.rfc6204w3 1475and 1476.Va net.inet6.ip6.no_radr 1477will be set to 1. 1478.Pp 1479This means the specified interface will accept ICMPv6 Router 1480Advertisement messages on that link and add the discovered 1481routers into the Default Router List. 1482While the other interfaces can still accept RA messages if the 1483.Dq inet6 accept_rtadv 1484option is specified, adding 1485routes into the Default Router List will be disabled by 1486.Dq inet6 no_radr 1487option by default. 1488See 1489.Xr ifconfig 8 1490for more details. 1491.Pp 1492Note that ICMPv6 Router Advertisement messages will be 1493accepted even when 1494.Va net.inet6.ip6.forwarding 1495is 1 1496.Pq packet forwarding is enabled 1497when 1498.Va net.inet6.ip6.rfc6204w3 1499is set to 1. 1500.Pp 1501Default is 1502.Dq Li NO . 1503.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1504.Pq Vt str 1505IPv6 functionality on an interface should be configured by 1506.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1507instead of setting ifconfig parameters in 1508.Va ifconfig_ Ns Aq Ar interface . 1509If this variable is empty, all of IPv6 configurations on the 1510specified interface by other variables such as 1511.Va ipv6_prefix_ Ns Ao Ar interface Ac 1512will be ignored. 1513.Pp 1514Aliases should be set by 1515.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1516with 1517.Dq Li inet6 1518keyword. 1519For example: 1520.Bd -literal 1521ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1522ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1523.Ed 1524.Pp 1525Interfaces that have an 1526.Dq Li inet6 accept_rtadv 1527keyword in 1528.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1529setting will be automatically configured by SLAAC 1530.Pq StateLess Address AutoConfiguration 1531described in 1532.Rs 1533.%T "RFC 4862" 1534.Re 1535.Pp 1536Note that a link-local address will be automatically configured in 1537addition to the configured global-scope addresses because the IPv6 1538specifications require it on each link. 1539The address is calculated from the MAC address by using an algorithm 1540defined in 1541.Rs 1542.%T "RFC 4862" 1543.%O "Section 5.3" 1544.Re 1545.Pp 1546If only a link-local address is needed on the interface, 1547the following configuration can be used: 1548.Bd -literal 1549ifconfig_ed0_ipv6="inet6 auto_linklocal" 1550.Ed 1551.Pp 1552A link-local address can also be configured manually. 1553This is useful for the default router address of an IPv6 router 1554so that it does not change when the network interface 1555card is replaced. 1556For example: 1557.Bd -literal 1558ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1559.Ed 1560.It Va ipv6_prefix_ Ns Aq Ar interface 1561.Pq Vt str 1562If one or more prefixes are defined in 1563.Va ipv6_prefix_ Ns Aq Ar interface 1564addresses based on each prefix and the EUI-64 interface index will be 1565configured on that interface. 1566Note that this variable will be ignored when 1567.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1568is empty. 1569.Pp 1570For example, the following configuration 1571.Bd -literal 1572ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1573.Ed 1574.Pp 1575is equivalent to the following: 1576.Bd -literal 1577ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1578ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1579ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1580ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1581.Ed 1582.Pp 1583These Subnet-Router anycast addresses will be added only when 1584.Va ipv6_gateway_enable 1585is YES. 1586.It Va ipv6_default_interface 1587.Pq Vt str 1588If not set to 1589.Dq Li NO , 1590this is the default output interface for scoped addresses. 1591This works only with ipv6_gateway_enable="NO". 1592.It Va ip6addrctl_enable 1593.Pq Vt bool 1594This variable is to enable configuring default address selection policy table 1595.Pq RFC 3484 . 1596The table can be specified in another variable 1597.Va ip6addrctl_policy . 1598For 1599.Va ip6addrctl_policy 1600the following keywords can be specified: 1601.Dq Li ipv4_prefer , 1602.Dq Li ipv6_prefer , 1603or 1604.Dq Li AUTO . 1605.Pp 1606If 1607.Dq Li ipv4_prefer 1608or 1609.Dq Li ipv6_prefer 1610is specified, 1611.Xr ip6addrctl 8 1612installs a pre-defined policy table described in Section 2.1 1613.Pq IPv6-preferred 1614or 10.3 1615.Pq IPv4-preferred 1616of RFC 3484. 1617.Pp 1618If 1619.Dq Li AUTO 1620is specified, it attempts to read a file 1621.Pa /etc/ip6addrctl.conf 1622first. 1623If this file is found, 1624.Xr ip6addrctl 8 1625reads and installs it. 1626If not found, a policy is automatically set 1627according to 1628.Va ipv6_activate_all_interfaces 1629variable; if the variable is set to 1630.Dq Li YES 1631the IPv6-preferred one is used. 1632Otherwise IPv4-preferred. 1633.Pp 1634The default value of 1635.Va ip6addrctl_enable 1636and 1637.Va ip6addrctl_policy 1638are 1639.Dq Li YES 1640and 1641.Dq Li AUTO , 1642respectively. 1643.It Va cloned_interfaces 1644.Pq Vt str 1645Set to the list of clonable network interfaces to create on this host. 1646Further cloning arguments may be passed to the 1647.Xr ifconfig 8 1648.Cm create 1649command for each interface by setting the 1650.Va create_args_ Ns Aq Ar interface 1651variable. 1652If an interface name is specified with 1653.Dq :sticky 1654keyword, 1655the interface will not be destroyed even when 1656.Pa rc.d/netif 1657script is invoked with 1658.Dq stop 1659argument. 1660This is useful when reconfiguring the interface without destroying it. 1661Entries in 1662.Va cloned_interfaces 1663are automatically appended to 1664.Va network_interfaces 1665for configuration. 1666.It Va cloned_interfaces_sticky 1667.Pq Vt bool 1668This variable is to globally enable functionality of 1669.Dq :sticky 1670keyword in 1671.Va cloned_interfaces 1672for all interfaces. 1673The default value is 1674.Dq NO . 1675Even if this variable is specified to 1676.Dq YES , 1677.Dq :nosticky 1678keyword can be used to override it on per interface basis. 1679.It Va gif_interfaces 1680.Pq Vt str 1681This variable is deprecated in favor of 1682.Va cloned_interfaces . 1683Set to the list of 1684.Xr gif 4 1685tunnel interfaces to configure on this host. 1686A 1687.Va gifconfig_ Ns Aq Ar interface 1688variable is assumed to exist for each value of 1689.Ar interface . 1690The value of this variable is used to configure the link layer of the 1691tunnel according to the syntax of the 1692.Cm tunnel 1693option to 1694.Xr ifconfig 8 . 1695Additionally, this option ensures that each listed interface is created 1696via the 1697.Cm create 1698option to 1699.Xr ifconfig 8 1700before attempting to configure it. 1701.It Va sppp_interfaces 1702.Pq Vt str 1703Set to the list of 1704.Xr sppp 4 1705interfaces to configure on this host. 1706A 1707.Va spppconfig_ Ns Aq Ar interface 1708variable is assumed to exist for each value of 1709.Ar interface . 1710Each interface should also be configured by a general 1711.Va ifconfig_ Ns Aq Ar interface 1712setting. 1713Refer to 1714.Xr spppcontrol 8 1715for more information about available options. 1716.It Va ppp_enable 1717.Pq Vt bool 1718If set to 1719.Dq Li YES , 1720run the 1721.Xr ppp 8 1722daemon. 1723.It Va ppp_profile 1724.Pq Vt str 1725The name of the profile to use from 1726.Pa /etc/ppp/ppp.conf . 1727Also used for per-profile overrides of 1728.Va ppp_mode 1729and 1730.Va ppp_nat , 1731and 1732.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1733When the profile name contains any of the characters 1734.Dq Li .-/+ 1735they are translated to 1736.Dq Li _ 1737for the proposes of the override variable names. 1738.It Va ppp_mode 1739.Pq Vt str 1740Mode in which to run the 1741.Xr ppp 8 1742daemon. 1743.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1744.Pq Vt str 1745Overrides the global 1746.Va ppp_mode 1747for 1748.Ar profile . 1749Accepted modes are 1750.Dq Li auto , 1751.Dq Li ddial , 1752.Dq Li direct 1753and 1754.Dq Li dedicated . 1755See the manual for a full description. 1756.It Va ppp_nat 1757.Pq Vt bool 1758If set to 1759.Dq Li YES , 1760enables network address translation. 1761Used in conjunction with 1762.Va gateway_enable 1763allows hosts on private network addresses access to the Internet using 1764this host as a network address translating router. 1765.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1766.Pq Vt str 1767Overrides the global 1768.Va ppp_nat 1769for 1770.Ar profile . 1771.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1772.Pq Vt int 1773Set the unit number to be used for this profile. 1774See the manual description of 1775.Fl unit Ns Ar N 1776for details. 1777.It Va ppp_user 1778.Pq Vt str 1779The name of the user under which 1780.Xr ppp 8 1781should be started. 1782By 1783default, 1784.Xr ppp 8 1785is started as 1786.Dq Li root . 1787.It Va rc_conf_files 1788.Pq Vt str 1789This option is used to specify a list of files that will override 1790the settings in 1791.Pa /etc/defaults/rc.conf . 1792The files will be read in the order in which they are specified and should 1793include the full path to the file. 1794By default, the files specified are 1795.Pa /etc/rc.conf 1796and 1797.Pa /etc/rc.conf.local 1798.It Va zfs_enable 1799.Pq Vt bool 1800If set to 1801.Dq Li YES , 1802.Pa /etc/rc.d/zfs 1803will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1804(ZVOLs). 1805.It Va gptboot_enable 1806.Pq Vt bool 1807If set to 1808.Dq Li YES , 1809.Pa /etc/rc.d/gptboot 1810will log if the system successfully (or not) booted from a GPT partition, 1811which had the 1812.Ar bootonce 1813attribute set using 1814.Xr gpart 8 1815utility. 1816.It Va gbde_autoattach_all 1817.Pq Vt bool 1818If set to 1819.Dq Li YES , 1820.Pa /etc/rc.d/gbde 1821will attempt to automatically initialize your .bde devices in 1822.Pa /etc/fstab . 1823.It Va gbde_devices 1824.Pq Vt str 1825List the devices that the script should try to attach, 1826or 1827.Dq Li AUTO . 1828.It Va gbde_lockdir 1829.Pq Vt str 1830The directory where the 1831.Xr gbde 4 1832lockfiles are located. 1833The default lockfile directory is 1834.Pa /etc . 1835.Pp 1836The lockfile for each individual 1837.Xr gbde 4 1838device can be overridden by setting the variable 1839.Va gbde_lock_ Ns Aq Ar device , 1840where 1841.Ar device 1842is the encrypted device without the 1843.Dq Pa /dev/ 1844and 1845.Dq Pa .bde 1846parts. 1847.It Va gbde_attach_attempts 1848.Pq Vt int 1849Number of times to attempt attaching to a 1850.Xr gbde 4 1851device, i.e., how many times the user is asked for the pass-phrase. 1852Default is 3. 1853.It Va geli_devices 1854.Pq Vt str 1855List of devices to automatically attach on boot. 1856Note that .eli devices from 1857.Pa /etc/fstab 1858are automatically appended to this list. 1859.It Va geli_tries 1860.Pq Vt int 1861Number of times user is asked for the pass-phrase. 1862If empty, it will be taken from 1863.Va kern.geom.eli.tries 1864sysctl variable. 1865.It Va geli_default_flags 1866.Pq Vt str 1867Default flags to use by 1868.Xr geli 8 1869when configuring disk encryption. 1870Flags can be configured for every device separately by defining 1871.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1872variable. 1873.It Va geli_autodetach 1874.Pq Vt str 1875Specifies if GELI devices should be marked for detach on last close after 1876file systems are mounted. 1877Default is 1878.Dq Li YES . 1879This can be changed for every device separately by defining 1880.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1881variable. 1882.It Va root_rw_mount 1883.Pq Vt bool 1884Set to 1885.Dq Li YES 1886by default. 1887After the file systems are checked at boot time, the root file system 1888is remounted as read-write if this is set to 1889.Dq Li YES . 1890Diskless systems that mount their root file system from a read-only remote 1891NFS share should set this to 1892.Dq Li NO 1893in their 1894.Pa rc.conf . 1895.It Va fsck_y_enable 1896.Pq Vt bool 1897If set to 1898.Dq Li YES , 1899.Xr fsck 8 1900will be run with the 1901.Fl y 1902flag if the initial preen 1903of the file systems fails. 1904.It Va background_fsck 1905.Pq Vt bool 1906If set to 1907.Dq Li YES , 1908the system will attempt to run 1909.Xr fsck 8 1910in the background where possible. 1911.It Va background_fsck_delay 1912.Pq Vt int 1913The amount of time in seconds to sleep before starting a background 1914.Xr fsck 8 . 1915It defaults to sixty seconds to allow large applications such as 1916the X server to start before disk I/O bandwidth is monopolized by 1917.Xr fsck 8 . 1918If set to a negative number, the background file system check will be 1919delayed indefinitely to allow the administrator to run it at a more 1920convenient time. 1921For example it may be run from 1922.Xr cron 8 1923by adding a line like 1924.Pp 1925.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1926.Pp 1927to 1928.Pa /etc/crontab . 1929.It Va netfs_types 1930.Pq Vt str 1931List of file system types that are network-based. 1932This list should generally not be modified by end users. 1933Use 1934.Va extra_netfs_types 1935instead. 1936.It Va extra_netfs_types 1937.Pq Vt str 1938If set to something other than 1939.Dq Li NO 1940(the default), 1941this variable extends the list of file system types 1942for which automatic mounting at startup by 1943.Xr rc 8 1944should be delayed until the network is initialized. 1945It should contain 1946a whitespace-separated list of network file system descriptor pairs, 1947each consisting of a file system type as passed to 1948.Xr mount 8 1949and a human-readable, one-word description, 1950joined with a colon 1951.Pq Ql \&: . 1952Extending the default list in this way is only necessary 1953when third party file system types are used. 1954.It Va syslogd_enable 1955.Pq Vt bool 1956If set to 1957.Dq Li YES , 1958run the 1959.Xr syslogd 8 1960daemon. 1961.It Va syslogd_program 1962.Pq Vt str 1963Path to 1964.Xr syslogd 8 1965(default 1966.Pa /usr/sbin/syslogd ) . 1967.It Va syslogd_flags 1968.Pq Vt str 1969If 1970.Va syslogd_enable 1971is set to 1972.Dq Li YES , 1973these are the flags to pass to 1974.Xr syslogd 8 . 1975.It Va inetd_enable 1976.Pq Vt bool 1977If set to 1978.Dq Li YES , 1979run the 1980.Xr inetd 8 1981daemon. 1982.It Va inetd_program 1983.Pq Vt str 1984Path to 1985.Xr inetd 8 1986(default 1987.Pa /usr/sbin/inetd ) . 1988.It Va inetd_flags 1989.Pq Vt str 1990If 1991.Va inetd_enable 1992is set to 1993.Dq Li YES , 1994these are the flags to pass to 1995.Xr inetd 8 . 1996.It Va hastd_enable 1997.Pq Vt bool 1998If set to 1999.Dq Li YES , 2000run the 2001.Xr hastd 8 2002daemon. 2003.It Va hastd_program 2004.Pq Vt str 2005Path to 2006.Xr hastd 8 2007(default 2008.Pa /sbin/hastd ) . 2009.It Va hastd_flags 2010.Pq Vt str 2011If 2012.Va hastd_enable 2013is set to 2014.Dq Li YES , 2015these are the flags to pass to 2016.Xr hastd 8 . 2017.It Va local_unbound_enable 2018.Pq Vt bool 2019If set to 2020.Dq Li YES , 2021run the 2022.Xr unbound 8 2023daemon as a local caching resolver. 2024.It Va named_enable 2025.Pq Vt bool 2026If set to 2027.Dq Li YES , 2028run the 2029.Xr named 8 2030daemon. 2031.It Va named_program 2032.Pq Vt str 2033Path to 2034.Xr named 8 2035(default 2036.Pa /usr/sbin/named ) . 2037.It Va named_conf 2038.Pq Vt str 2039Path to 2040.Xr named 8 2041configuration file, (default 2042.Pa /etc/namedb/named.conf ) . 2043.It Va named_flags 2044.Pq Vt str 2045If 2046.Va named_enable 2047is set to 2048.Dq Li YES , 2049these are the flags to pass to 2050.Xr named 8 . 2051.It Va named_uid 2052.Pq Vt str 2053The user that the 2054.Xr named 8 2055process should be run as. 2056.It Va named_chrootdir 2057.Pq Vt str 2058The root directory for a name server run in a 2059.Xr chroot 8 2060environment (default 2061.Pa /var/named ) . 2062If left empty 2063.Xr named 8 2064will not be run in a 2065.Xr chroot 8 2066environment. 2067.It Va named_chroot_autoupdate 2068.Pq Vt bool 2069Set to 2070.Dq Li NO 2071to disable automatic update of the 2072.Xr chroot 8 2073environment. 2074.It Va named_symlink_enable 2075.Pq Vt bool 2076Set to 2077.Dq Li NO 2078to disable symlinking of 2079daemon's PID file 2080into the 2081.Xr chroot 8 2082environment. 2083.It Va named_wait 2084.Pq Vt bool 2085Set to have 2086.Pa /etc/rc.d/named 2087loop until working name service is established. 2088.It Va named_wait_host 2089.Pq Vt str 2090Name of host to lookup for the named_wait option. 2091(Default localhost) 2092.It Va named_auto_forward 2093.Pq Vt bool 2094Set to enable automatic creation of a forwarder 2095configuration file derived from 2096.Pa /etc/resolv.conf . 2097.It Va named_auto_forward_only 2098.Pq Vt bool 2099Set to change the default forwarder configuration from 2100.Dq forward first 2101to 2102.Dq forward only . 2103.It Va kerberos5_server_enable 2104.Pq Vt bool 2105Set to 2106.Dq Li YES 2107to start a Kerberos 5 authentication server 2108at boot time. 2109.It Va kerberos5_server 2110.Pq Vt str 2111If 2112.Va kerberos5_server_enable 2113is set to 2114.Dq Li YES 2115this is the path to Kerberos 5 Authentication Server. 2116.It Va kerberos5_server_flags 2117.Pq Vt str 2118Empty by default. 2119This variable contains additional flags to be passed to the Kerberos 5 2120authentication server. 2121.It Va kadmind5_server_enable 2122.Pq Vt bool 2123Set to 2124.Dq Li YES 2125to start 2126.Xr kadmind 8 , 2127the Kerberos 5 Administration Daemon; set to 2128.Dq Li NO 2129on a slave server. 2130.It Va kadmind5_server 2131.Pq Vt str 2132If 2133.Va kadmind5_server_enable 2134is set to 2135.Dq Li YES 2136this is the path to Kerberos 5 Administration Daemon. 2137.It Va kpasswdd_server_enable 2138.Pq Vt bool 2139Set to 2140.Dq Li YES 2141to start 2142.Xr kpasswdd 8 , 2143the Kerberos 5 Password-Changing Daemon; set to 2144.Dq Li NO 2145on a slave server. 2146.It Va kpasswdd_server 2147.Pq Vt str 2148If 2149.Va kpasswdd_server_enable 2150is set to 2151.Dq Li YES 2152this is the path to Kerberos 5 Password-Changing Daemon. 2153.It Va kfd_enable 2154.Pq Vt bool 2155Set to 2156.Dq Li YES 2157to start 2158.Xr kfd 8 , 2159the Kerberos 5 ticket forwarding daemon, at the boot time. 2160.It Va kfd_program 2161.Pq Vt str 2162Path to 2163.Xr kfd 8 2164(default 2165.Pa /usr/libexec/kfd ) . 2166.It Va rwhod_enable 2167.Pq Vt bool 2168If set to 2169.Dq Li YES , 2170run the 2171.Xr rwhod 8 2172daemon at boot time. 2173.It Va rwhod_flags 2174.Pq Vt str 2175If 2176.Va rwhod_enable 2177is set to 2178.Dq Li YES , 2179these are the flags to pass to it. 2180.It Va amd_enable 2181.Pq Vt bool 2182If set to 2183.Dq Li YES , 2184run the 2185.Xr amd 8 2186daemon at boot time. 2187.It Va amd_flags 2188.Pq Vt str 2189If 2190.Va amd_enable 2191is set to 2192.Dq Li YES , 2193these are the flags to pass to it. 2194See the 2195.Xr amd 8 2196manpage for more information. 2197.It Va amd_map_program 2198.Pq Vt str 2199If set, 2200the specified program is run to get the list of 2201.Xr amd 8 2202maps. 2203For example, if the 2204.Xr amd 8 2205maps are stored in NIS, one can set this to 2206run 2207.Xr ypcat 1 2208to get a list of 2209.Xr amd 8 2210maps from the 2211.Pa amd.master 2212NIS map. 2213.It Va update_motd 2214.Pq Vt bool 2215If set to 2216.Dq Li YES , 2217.Pa /etc/motd 2218will be updated at boot time to reflect the kernel release 2219being run. 2220If set to 2221.Dq Li NO , 2222.Pa /etc/motd 2223will not be updated. 2224.It Va nfs_client_enable 2225.Pq Vt bool 2226If set to 2227.Dq Li YES , 2228run the NFS client daemons at boot time. 2229.It Va nfs_access_cache 2230.Pq Vt int 2231If 2232.Va nfs_client_enable 2233is set to 2234.Dq Li YES , 2235this can be set to 2236.Dq Li 0 2237to disable NFS ACCESS RPC caching, or to the number of seconds for which 2238NFS ACCESS 2239results should be cached. 2240A value of 2-10 seconds will substantially reduce network 2241traffic for many NFS operations. 2242.It Va nfs_server_enable 2243.Pq Vt bool 2244If set to 2245.Dq Li YES , 2246run the NFS server daemons at boot time. 2247.It Va nfs_server_flags 2248.Pq Vt str 2249If 2250.Va nfs_server_enable 2251is set to 2252.Dq Li YES , 2253these are the flags to pass to the 2254.Xr nfsd 8 2255daemon. 2256.It Va nfsv4_server_enable 2257.Pq Vt bool 2258If 2259.Va nfs_server_enable 2260is set to 2261.Dq Li YES 2262and 2263.Va nfsv4_server_enable 2264are set to 2265.Dq Li YES , 2266enable the server for NFSv4 as well as NFSv2 and NFSv3. 2267.It Va nfsuserd_enable 2268.Pq Vt bool 2269If 2270.Va nfsuserd_enable 2271is set to 2272.Dq Li YES , 2273run the nfsuserd daemon, which is needed for NFSv4 in order 2274to map between user/group names vs uid/gid numbers. 2275If 2276.Va nfsv4_server_enable 2277is set to 2278.Dq Li YES , 2279this will be forced enabled. 2280.It Va nfsuserd_flags 2281.Pq Vt str 2282If 2283.Va nfsuserd_enable 2284is set to 2285.Dq Li YES , 2286these are the flags to pass to the 2287.Xr nfsuserd 8 2288daemon. 2289.It Va nfscbd_enable 2290.Pq Vt bool 2291If 2292.Va nfscbd_enable 2293is set to 2294.Dq Li YES , 2295run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2296.It Va nfscbd_flags 2297.Pq Vt str 2298If 2299.Va nfscbd_enable 2300is set to 2301.Dq Li YES , 2302these are the flags to pass to the 2303.Xr nfscbd 8 2304daemon. 2305.It Va oldnfs_server_enable 2306.Pq Vt bool 2307If 2308.Va oldnfs_server_enable 2309is set to 2310.Dq Li YES , 2311force the NFS server daemons to run the old NFS server code 2312that does not support NFSv4. 2313.It Va mountd_enable 2314.Pq Vt bool 2315If set to 2316.Dq Li YES , 2317and no 2318.Va nfs_server_enable 2319is set, start 2320.Xr mountd 8 , 2321but not 2322.Xr nfsd 8 2323daemon. 2324It is commonly needed to run CFS without real NFS used. 2325.It Va mountd_flags 2326.Pq Vt str 2327If 2328.Va mountd_enable 2329is set to 2330.Dq Li YES , 2331these are the flags to pass to the 2332.Xr mountd 8 2333daemon. 2334.It Va weak_mountd_authentication 2335.Pq Vt bool 2336If set to 2337.Dq Li YES , 2338allow services like PCNFSD to make non-privileged mount 2339requests. 2340.It Va nfs_reserved_port_only 2341.Pq Vt bool 2342If set to 2343.Dq Li YES , 2344provide NFS services only on a secure port. 2345.It Va nfs_bufpackets 2346.Pq Vt int 2347If set to a number, indicates the number of packets worth of 2348socket buffer space to reserve on an NFS client. 2349The kernel default is typically 4. 2350Using a higher number may be 2351useful on gigabit networks to improve performance. 2352The minimum value is 23532 and the maximum is 64. 2354.It Va rpc_lockd_enable 2355.Pq Vt bool 2356If set to 2357.Dq Li YES 2358and also an NFS server or client, run 2359.Xr rpc.lockd 8 2360at boot time. 2361.It Va rpc_lockd_flags 2362.Pq Vt str 2363If 2364.Va rpc_lockd_enable 2365is set to 2366.Dq Li YES , 2367these are the flags to pass to the 2368.Xr rpc.lockd 8 2369daemon. 2370.It Va rpc_statd_enable 2371.Pq Vt bool 2372If set to 2373.Dq Li YES 2374and also an NFS server or client, run 2375.Xr rpc.statd 8 2376at boot time. 2377.It Va rpc_statd_flags 2378.Pq Vt str 2379If 2380.Va rpc_statd_enable 2381is set to 2382.Dq Li YES , 2383these are the flags to pass to the 2384.Xr rpc.statd 8 2385daemon. 2386.It Va rpcbind_program 2387.Pq Vt str 2388Path to 2389.Xr rpcbind 8 2390(default 2391.Pa /usr/sbin/rpcbind ) . 2392.It Va rpcbind_enable 2393.Pq Vt bool 2394If set to 2395.Dq Li YES , 2396run the 2397.Xr rpcbind 8 2398service at boot time. 2399.It Va rpcbind_flags 2400.Pq Vt str 2401If 2402.Va rpcbind_enable 2403is set to 2404.Dq Li YES , 2405these are the flags to pass to the 2406.Xr rpcbind 8 2407daemon. 2408.It Va keyserv_enable 2409.Pq Vt bool 2410If set to 2411.Dq Li YES , 2412run the 2413.Xr keyserv 8 2414daemon on boot for running Secure RPC. 2415.It Va keyserv_flags 2416.Pq Vt str 2417If 2418.Va keyserv_enable 2419is set to 2420.Dq Li YES , 2421these are the flags to pass to 2422.Xr keyserv 8 2423daemon. 2424.It Va pppoed_enable 2425.Pq Vt bool 2426If set to 2427.Dq Li YES , 2428run the 2429.Xr pppoed 8 2430daemon at boot time to provide PPP over Ethernet services. 2431.It Va pppoed_ Ns Aq Ar provider 2432.Pq Vt str 2433.Xr pppoed 8 2434listens to requests to this 2435.Ar provider 2436and ultimately runs 2437.Xr ppp 8 2438with a 2439.Ar system 2440argument of the same name. 2441.It Va pppoed_flags 2442.Pq Vt str 2443Additional flags to pass to 2444.Xr pppoed 8 . 2445.It Va pppoed_interface 2446.Pq Vt str 2447The network interface to run 2448.Xr pppoed 8 2449on. 2450This is mandatory when 2451.Va pppoed_enable 2452is set to 2453.Dq Li YES . 2454.It Va timed_enable 2455.Pq Vt bool 2456If set to 2457.Dq Li YES , 2458run the 2459.Xr timed 8 2460service at boot time. 2461This command is intended for networks of 2462machines where a consistent 2463.Dq "network time" 2464for all hosts must be established. 2465This is often useful in large NFS 2466environments where time stamps on files are expected to be consistent 2467network-wide. 2468.It Va timed_flags 2469.Pq Vt str 2470If 2471.Va timed_enable 2472is set to 2473.Dq Li YES , 2474these are the flags to pass to the 2475.Xr timed 8 2476service. 2477.It Va ntpdate_enable 2478.Pq Vt bool 2479If set to 2480.Dq Li YES , 2481run 2482.Xr ntpdate 8 2483at system startup. 2484This command is intended to 2485synchronize the system clock only 2486.Em once 2487from some standard reference. 2488.It Va ntpdate_config 2489.Pq Vt str 2490Configuration file for 2491.Xr ntpdate 8 . 2492Default 2493.Pa /etc/ntp.conf . 2494.It Va ntpdate_hosts 2495.Pq Vt str 2496A whitespace-separated list of NTP servers to synchronize with at startup. 2497The default is to use the servers listed in 2498.Va ntpdate_config , 2499if that file exists. 2500.It Va ntpdate_program 2501.Pq Vt str 2502Path to 2503.Xr ntpdate 8 2504(default 2505.Pa /usr/sbin/ntpdate ) . 2506.It Va ntpdate_flags 2507.Pq Vt str 2508If 2509.Va ntpdate_enable 2510is set to 2511.Dq Li YES , 2512these are the flags to pass to the 2513.Xr ntpdate 8 2514command (typically a hostname). 2515.It Va ntpd_enable 2516.Pq Vt bool 2517If set to 2518.Dq Li YES , 2519run the 2520.Xr ntpd 8 2521command at boot time. 2522.It Va ntpd_program 2523.Pq Vt str 2524Path to 2525.Xr ntpd 8 2526(default 2527.Pa /usr/sbin/ntpd ) . 2528.It Va ntpd_config 2529.Pq Vt str 2530Path to 2531.Xr ntpd 8 2532configuration file. 2533Default 2534.Pa /etc/ntp.conf . 2535.It Va ntpd_flags 2536.Pq Vt str 2537If 2538.Va ntpd_enable 2539is set to 2540.Dq Li YES , 2541these are the flags to pass to the 2542.Xr ntpd 8 2543daemon. 2544.It Va ntpd_sync_on_start 2545.Pq Vt bool 2546If set to 2547.Dq Li YES , 2548.Xr ntpd 8 2549is run with the 2550.Fl g 2551flag, which syncs the system's clock on startup. 2552See 2553.Xr ntpd 8 2554for more information regarding the 2555.Fl g 2556option. 2557This is a preferred alternative to using 2558.Xr ntpdate 8 2559or specifying the 2560.Va ntpdate_enable 2561variable. 2562.It Va nis_client_enable 2563.Pq Vt bool 2564If set to 2565.Dq Li YES , 2566run the 2567.Xr ypbind 8 2568service at system boot time. 2569.It Va nis_client_flags 2570.Pq Vt str 2571If 2572.Va nis_client_enable 2573is set to 2574.Dq Li YES , 2575these are the flags to pass to the 2576.Xr ypbind 8 2577service. 2578.It Va nis_ypset_enable 2579.Pq Vt bool 2580If set to 2581.Dq Li YES , 2582run the 2583.Xr ypset 8 2584daemon at system boot time. 2585.It Va nis_ypset_flags 2586.Pq Vt str 2587If 2588.Va nis_ypset_enable 2589is set to 2590.Dq Li YES , 2591these are the flags to pass to the 2592.Xr ypset 8 2593daemon. 2594.It Va nis_server_enable 2595.Pq Vt bool 2596If set to 2597.Dq Li YES , 2598run the 2599.Xr ypserv 8 2600daemon at system boot time. 2601.It Va nis_server_flags 2602.Pq Vt str 2603If 2604.Va nis_server_enable 2605is set to 2606.Dq Li YES , 2607these are the flags to pass to the 2608.Xr ypserv 8 2609daemon. 2610.It Va nis_ypxfrd_enable 2611.Pq Vt bool 2612If set to 2613.Dq Li YES , 2614run the 2615.Xr rpc.ypxfrd 8 2616daemon at system boot time. 2617.It Va nis_ypxfrd_flags 2618.Pq Vt str 2619If 2620.Va nis_ypxfrd_enable 2621is set to 2622.Dq Li YES , 2623these are the flags to pass to the 2624.Xr rpc.ypxfrd 8 2625daemon. 2626.It Va nis_yppasswdd_enable 2627.Pq Vt bool 2628If set to 2629.Dq Li YES , 2630run the 2631.Xr rpc.yppasswdd 8 2632daemon at system boot time. 2633.It Va nis_yppasswdd_flags 2634.Pq Vt str 2635If 2636.Va nis_yppasswdd_enable 2637is set to 2638.Dq Li YES , 2639these are the flags to pass to the 2640.Xr rpc.yppasswdd 8 2641daemon. 2642.It Va rpc_ypupdated_enable 2643.Pq Vt bool 2644If set to 2645.Dq Li YES , 2646run the 2647.Nm rpc.ypupdated 2648daemon at system boot time. 2649.It Va bsnmpd_enable 2650.Pq Vt bool 2651If set to 2652.Dq Li YES , 2653run the 2654.Xr bsnmpd 1 2655daemon at system boot time. 2656Be sure to understand the security implications of running SNMP daemon 2657on your host. 2658.It Va bsnmpd_flags 2659.Pq Vt str 2660If 2661.Va bsnmpd_enable 2662is set to 2663.Dq Li YES , 2664these are the flags to pass to the 2665.Xr bsnmpd 1 2666daemon. 2667.It Va defaultrouter 2668.Pq Vt str 2669If not set to 2670.Dq Li NO , 2671create a default route to this host name or IP address 2672(use an IP address if this router is also required to get to the 2673name server!). 2674.It Va ipv6_defaultrouter 2675.Pq Vt str 2676The IPv6 equivalent of 2677.Va defaultrouter . 2678.It Va static_arp_pairs 2679.Pq Vt str 2680Set to the list of static ARP pairs that are to be added at system 2681boot time. 2682For each whitespace separated 2683.Ar element 2684in the value, a 2685.Va static_arp_ Ns Aq Ar element 2686variable is assumed to exist whose contents will later be passed to a 2687.Dq Nm arp Cm -S 2688operation. 2689For example 2690.Bd -literal 2691static_arp_pairs="gw" 2692static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2693.Ed 2694.It Va static_ndp_pairs 2695.Pq Vt str 2696Set to the list of static NDP pairs that are to be added at system 2697boot time. 2698For each whitespace separated 2699.Ar element 2700in the value, a 2701.Va static_ndp_ Ns Aq Ar element 2702variable is assumed to exist whose contents will later be passed to a 2703.Dq Nm ndp Cm -s 2704operation. 2705For example 2706.Bd -literal 2707static_ndp_pairs="gw" 2708static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2709.Ed 2710.It Va static_routes 2711.Pq Vt str 2712Set to the list of static routes that are to be added at system 2713boot time. 2714If not set to 2715.Dq Li NO 2716then for each whitespace separated 2717.Ar element 2718in the value, a 2719.Va route_ Ns Aq Ar element 2720variable is assumed to exist 2721whose contents will later be passed to a 2722.Dq Nm route Cm add 2723operation. 2724For example: 2725.Bd -literal 2726static_routes="ext mcast:gif0 gif0local:gif0" 2727route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2728route_mcast="-net 224.0.0.0/4 -iface gif0" 2729route_gif0local="-host 169.254.1.1 -iface lo0" 2730.Ed 2731.Pp 2732When an 2733.Ar element 2734is in the form of 2735.Li name:ifname , 2736the route is specific to the interface 2737.Li ifname . 2738.It Va ipv6_static_routes 2739.Pq Vt str 2740The IPv6 equivalent of 2741.Va static_routes . 2742If not set to 2743.Dq Li NO 2744then for each whitespace separated 2745.Ar element 2746in the value, a 2747.Va ipv6_route_ Ns Aq Ar element 2748variable is assumed to exist 2749whose contents will later be passed to a 2750.Dq Nm route Cm add Fl inet6 2751operation. 2752.It Va natm_static_routes 2753.Pq Vt str 2754The 2755.Xr natmip 4 2756equivalent of 2757.Va static_routes . 2758If not empty then for each whitespace separated 2759.Ar element 2760in the value, a 2761.Va route_ Ns Aq Ar element 2762variable is assumed to exist whose contents will later be passed to a 2763.Dq Nm atmconfig Cm natm Cm add 2764operation. 2765.It Va gateway_enable 2766.Pq Vt bool 2767If set to 2768.Dq Li YES , 2769configure host to act as an IP router, e.g.\& to forward packets 2770between interfaces. 2771.It Va ipv6_gateway_enable 2772.Pq Vt bool 2773The IPv6 equivalent of 2774.Va gateway_enable . 2775.It Va routed_enable 2776.Pq Vt bool 2777If set to 2778.Dq Li YES , 2779run a routing daemon of some sort, based on the 2780settings of 2781.Va routed_program 2782and 2783.Va routed_flags . 2784.It Va route6d_enable 2785.Pq Vt bool 2786The IPv6 equivalent of 2787.Va routed_enable . 2788If set to 2789.Dq Li YES , 2790run a routing daemon of some sort, based on the 2791settings of 2792.Va route6d_program 2793and 2794.Va route6d_flags . 2795.It Va routed_program 2796.Pq Vt str 2797If 2798.Va routed_enable 2799is set to 2800.Dq Li YES , 2801this is the name of the routing daemon to use. 2802.It Va route6d_program 2803.Pq Vt str 2804The IPv6 equivalent of 2805.Va routed_program . 2806.It Va routed_flags 2807.Pq Vt str 2808If 2809.Va routed_enable 2810is set to 2811.Dq Li YES , 2812these are the flags to pass to the routing daemon. 2813.It Va route6d_flags 2814.Pq Vt str 2815The IPv6 equivalent of 2816.Va routed_flags . 2817.It Va mrouted_enable 2818.Pq Vt bool 2819If set to 2820.Dq Li YES , 2821run the multicast routing daemon, 2822.Xr mrouted 8 . 2823.It Va mroute6d_enable 2824.Pq Vt bool 2825The IPv6 equivalent of 2826.Va mrouted_enable . 2827If set to 2828.Dq Li YES , 2829run the IPv6 multicast routing daemon. 2830.Pp 2831Note that multicast routing daemons are no longer included in the 2832.Fx 2833base system, however, both 2834.Xr mrouted 8 2835and 2836.Xr pim6dd 8 2837may be installed from the 2838.Fx 2839Ports Collection. 2840.It Va mrouted_flags 2841.Pq Vt str 2842If 2843.Va mrouted_enable 2844is set to 2845.Dq Li YES , 2846these are the flags to pass to the 2847.Xr mrouted 8 2848daemon. 2849.It Va mroute6d_flags 2850.Pq Vt str 2851The IPv6 equivalent of 2852.Va mrouted_flags . 2853If 2854.Va mroute6d_enable 2855is set to 2856.Dq Li YES , 2857these are the flags passed to the IPv6 multicast routing daemon. 2858.It Va mroute6d_program 2859.Pq Vt str 2860If 2861.Va mroute6d_enable 2862is set to 2863.Dq Li YES , 2864this is the path to the IPv6 multicast routing daemon. 2865.It Va rtadvd_enable 2866.Pq Vt bool 2867If set to 2868.Dq Li YES , 2869run the 2870.Xr rtadvd 8 2871daemon at boot time. 2872The 2873.Xr rtadvd 8 2874utility sends ICMPv6 Router Advertisement messages to 2875the interfaces specified in 2876.Va rtadvd_interfaces . 2877This should only be enabled with great care. 2878You may want to fine-tune 2879.Xr rtadvd.conf 5 . 2880.It Va rtadvd_interfaces 2881.Pq Vt str 2882If 2883.Va rtadvd_enable 2884is set to 2885.Dq Li YES 2886this is the list of interfaces to use. 2887.It Va ipxgateway_enable 2888.Pq Vt bool 2889If set to 2890.Dq Li YES , 2891enable the routing of IPX traffic. 2892.It Va ipxrouted_enable 2893.Pq Vt bool 2894If set to 2895.Dq Li YES , 2896run the 2897.Xr IPXrouted 8 2898daemon at system boot time. 2899.It Va ipxrouted_flags 2900.Pq Vt str 2901If 2902.Va ipxrouted_enable 2903is set to 2904.Dq Li YES , 2905these are the flags to pass to the 2906.Xr IPXrouted 8 2907daemon. 2908.It Va arpproxy_all 2909.Pq Vt bool 2910If set to 2911.Dq Li YES , 2912enable global proxy ARP. 2913.It Va forward_sourceroute 2914.Pq Vt bool 2915If set to 2916.Dq Li YES 2917and 2918.Va gateway_enable 2919is also set to 2920.Dq Li YES , 2921source-routed packets are forwarded. 2922.It Va accept_sourceroute 2923.Pq Vt bool 2924If set to 2925.Dq Li YES , 2926the system will accept source-routed packets directed at it. 2927.It Va rarpd_enable 2928.Pq Vt bool 2929If set to 2930.Dq Li YES , 2931run the 2932.Xr rarpd 8 2933daemon at system boot time. 2934.It Va rarpd_flags 2935.Pq Vt str 2936If 2937.Va rarpd_enable 2938is set to 2939.Dq Li YES , 2940these are the flags to pass to the 2941.Xr rarpd 8 2942daemon. 2943.It Va bootparamd_enable 2944.Pq Vt bool 2945If set to 2946.Dq Li YES , 2947run the 2948.Xr bootparamd 8 2949daemon at system boot time. 2950.It Va bootparamd_flags 2951.Pq Vt str 2952If 2953.Va bootparamd_enable 2954is set to 2955.Dq Li YES , 2956these are the flags to pass to the 2957.Xr bootparamd 8 2958daemon. 2959.It Va stf_interface_ipv4addr 2960.Pq Vt str 2961If not set to 2962.Dq Li NO , 2963this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2964interface). 2965Specify this entry to enable the 6to4 interface. 2966.It Va stf_interface_ipv4plen 2967.Pq Vt int 2968Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2969An effective value is 0-31. 2970.It Va stf_interface_ipv6_ifid 2971.Pq Vt str 2972IPv6 interface ID for 2973.Xr stf 4 . 2974This can be set to 2975.Dq Li AUTO . 2976.It Va stf_interface_ipv6_slaid 2977.Pq Vt str 2978IPv6 Site Level Aggregator for 2979.Xr stf 4 . 2980.It Va ipv6_faith_prefix 2981.Pq Vt str 2982If not set to 2983.Dq Li NO , 2984this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2985translator. 2986You also need 2987.Xr faithd 8 2988setup. 2989.It Va ipv6_ipv4mapping 2990.Pq Vt bool 2991If set to 2992.Dq Li YES 2993this enables IPv4 mapped IPv6 address communication (like 2994.Li ::ffff:a.b.c.d ) . 2995.It Va rtsold_enable 2996.Pq Vt bool 2997Set to 2998.Dq Li YES 2999to enable the 3000.Xr rtsold 8 3001daemon to send ICMPv6 Router Solicitation messages. 3002.It Va rtsold_flags 3003.Pq Vt str 3004If 3005.Va rtsold_enable 3006is set to 3007.Dq Li YES , 3008these are the flags to pass to 3009.Xr rtsold 8 . 3010.It Va rtsol_flags 3011.Pq Vt str 3012For interfaces configured with the 3013.Dq Li inet6 accept_rtadv 3014keyword, these are the flags to pass to 3015.Xr rtsol 8 . 3016.Pp 3017Note that 3018.Va rtsold_enable 3019is mutually exclusive to 3020.Va rtsol_flags ; 3021.Va rtsold_enable 3022takes precedence. 3023.It Va atm_enable 3024.Pq Vt bool 3025Set to 3026.Dq Li YES 3027to enable the configuration of ATM interfaces at system boot time. 3028For all of the ATM variables described below, please refer to the 3029.Xr atm 8 3030manual page for further details on the available command parameters. 3031Also refer to the files in 3032.Pa /usr/share/examples/atm 3033for more detailed configuration information. 3034.It Va atm_load 3035.Pq Vt str 3036This is a list of physical ATM interface drivers to load. 3037Typical values are 3038.Dq Li hfa_pci 3039and/or 3040.Dq Li hea_pci . 3041.It Va atm_netif_ Ns Aq Ar intf 3042.Pq Vt str 3043For the ATM physical interface 3044.Ar intf , 3045this variable defines the name prefix and count for the ATM network 3046interfaces to be created. 3047The value will be passed as the parameters of an 3048.Dq Nm atm Cm "set netif" Ar intf 3049command. 3050.It Va atm_sigmgr_ Ns Aq Ar intf 3051.Pq Vt str 3052For the ATM physical interface 3053.Ar intf , 3054this variable defines the ATM signalling manager to be used. 3055The value will be passed as the parameters of an 3056.Dq Nm atm Cm attach Ar intf 3057command. 3058.It Va atm_prefix_ Ns Aq Ar intf 3059.Pq Vt str 3060For the ATM physical interface 3061.Ar intf , 3062this variable defines the NSAP prefix for interfaces using a UNI signalling 3063manager. 3064If set to 3065.Dq Li ILMI , 3066the prefix will automatically be set via the 3067.Xr ilmid 8 3068daemon. 3069Otherwise, the value will be passed as the parameters of an 3070.Dq Nm atm Cm "set prefix" Ar intf 3071command. 3072.It Va atm_macaddr_ Ns Aq Ar intf 3073.Pq Vt str 3074For the ATM physical interface 3075.Ar intf , 3076this variable defines the MAC address for interfaces using a UNI signalling 3077manager. 3078If set to 3079.Dq Li NO , 3080the hardware MAC address contained in the ATM interface card will be used. 3081Otherwise, the value will be passed as the parameters of an 3082.Dq Nm atm Cm "set mac" Ar intf 3083command. 3084.It Va atm_arpserver_ Ns Aq Ar netif 3085.Pq Vt str 3086For the ATM network interface 3087.Ar netif , 3088this variable defines the ATM address for a host which is to provide ATMARP 3089service. 3090This variable is only applicable to interfaces using a UNI signalling 3091manager. 3092If set to 3093.Dq Li local , 3094this host will become an ATMARP server. 3095The value will be passed as the parameters of an 3096.Dq Nm atm Cm "set arpserver" Ar netif 3097command. 3098.It Va atm_scsparp_ Ns Aq Ar netif 3099.Pq Vt bool 3100If set to 3101.Dq Li YES , 3102SCSP/ATMARP service for the network interface 3103.Ar netif 3104will be initiated using the 3105.Xr scspd 8 3106and 3107.Xr atmarpd 8 3108daemons. 3109This variable is only applicable if 3110.Va atm_arpserver_ Ns Aq Ar netif 3111is set to 3112.Dq Li local . 3113.It Va atm_pvcs 3114.Pq Vt str 3115Set to the list of ATM PVCs to be added at system 3116boot time. 3117For each whitespace separated 3118.Ar element 3119in the value, an 3120.Va atm_pvc_ Ns Aq Ar element 3121variable is assumed to exist. 3122The value of each of these variables 3123will be passed as the parameters of an 3124.Dq Nm atm Cm "add pvc" 3125command. 3126.It Va atm_arps 3127.Pq Vt str 3128Set to the list of permanent ATM ARP entries to be added 3129at system boot time. 3130For each whitespace separated 3131.Ar element 3132in the value, an 3133.Va atm_arp_ Ns Aq Ar element 3134variable is assumed to exist. 3135The value of each of these variables 3136will be passed as the parameters of an 3137.Dq Nm atm Cm "add arp" 3138command. 3139.It Va natm_interfaces 3140.Pq Vt str 3141Set to the list of 3142.Xr natm 4 3143interfaces that will also be used for HARP through 3144.Xr harp 4 . 3145If this list is not empty all interfaces in the list will be brought up 3146with 3147.Xr ifconfig 8 3148and 3149.Xr harp 4 3150will be loaded. 3151For this to work the interface drivers must be either compiled into the 3152kernel or must reside on the root partition. 3153.It Va keybell 3154.Pq Vt str 3155The keyboard bell sound. 3156Set to 3157.Dq Li normal , 3158.Dq Li visual , 3159.Dq Li off , 3160or 3161.Dq Li NO 3162if the default behavior is desired. 3163For details, refer to the 3164.Xr kbdcontrol 1 3165manpage. 3166.It Va keyboard 3167.Pq Vt str 3168If set to a non-null string, the virtual console's keyboard input is 3169set to this device. 3170.It Va keymap 3171.Pq Vt str 3172If set to 3173.Dq Li NO , 3174no keymap is installed, otherwise the value is used to install 3175the keymap file in 3176.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3177.It Va keyrate 3178.Pq Vt str 3179The keyboard repeat speed. 3180Set to 3181.Dq Li slow , 3182.Dq Li normal , 3183.Dq Li fast , 3184or 3185.Dq Li NO 3186if the default behavior is desired. 3187.It Va keychange 3188.Pq Vt str 3189If not set to 3190.Dq Li NO , 3191attempt to program the function keys with the value. 3192The value should 3193be a single string of the form: 3194.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3195.It Va cursor 3196.Pq Vt str 3197Can be set to the value of 3198.Dq Li normal , 3199.Dq Li blink , 3200.Dq Li destructive , 3201or 3202.Dq Li NO 3203to set the cursor behavior explicitly or choose the default behavior. 3204.It Va scrnmap 3205.Pq Vt str 3206If set to 3207.Dq Li NO , 3208no screen map is installed, otherwise the value is used to install 3209the screen map file in 3210.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3211.It Va font8x16 3212.Pq Vt str 3213If set to 3214.Dq Li NO , 3215the default 8x16 font value is used for screen size requests, otherwise 3216the value in 3217.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3218is used. 3219.It Va font8x14 3220.Pq Vt str 3221If set to 3222.Dq Li NO , 3223the default 8x14 font value is used for screen size requests, otherwise 3224the value in 3225.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3226is used. 3227.It Va font8x8 3228.Pq Vt str 3229If set to 3230.Dq Li NO , 3231the default 8x8 font value is used for screen size requests, otherwise 3232the value in 3233.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3234is used. 3235.It Va blanktime 3236.Pq Vt int 3237If set to 3238.Dq Li NO , 3239the default screen blanking interval is used, otherwise it is set 3240to 3241.Ar value 3242seconds. 3243.It Va saver 3244.Pq Vt str 3245If not set to 3246.Dq Li NO , 3247this is the actual screen saver to use 3248.Li ( blank , snake , daemon , 3249etc). 3250.It Va moused_nondefault_enable 3251.Pq Vt str 3252If set to 3253.Dq Li NO , 3254the mouse device specified on 3255the command line is not automatically treated as enabled by the 3256.Pa /etc/rc.d/moused 3257script. 3258Having this variable set to 3259.Dq Li YES 3260allows a 3261.Xr usb 4 3262mouse, 3263for example, 3264to be enabled as soon as it is plugged in. 3265.It Va moused_enable 3266.Pq Vt str 3267If set to 3268.Dq Li YES , 3269the 3270.Xr moused 8 3271daemon is started for doing cut/paste selection on the console. 3272.It Va moused_type 3273.Pq Vt str 3274This is the protocol type of the mouse connected to this host. 3275This variable must be set if 3276.Va moused_enable 3277is set to 3278.Dq Li YES . 3279The 3280.Xr moused 8 3281daemon 3282is able to detect the appropriate mouse type automatically in many cases. 3283Set this variable to 3284.Dq Li auto 3285to let the daemon detect it, or 3286select one from the following list if the automatic detection fails. 3287.Pp 3288If the mouse is attached to the PS/2 mouse port, choose 3289.Dq Li auto 3290or 3291.Dq Li ps/2 , 3292regardless of the brand and model of the mouse. 3293Likewise, if the 3294mouse is attached to the bus mouse port, choose 3295.Dq Li auto 3296or 3297.Dq Li busmouse . 3298All other protocols are for serial mice and will not work with 3299the PS/2 and bus mice. 3300If this is a USB mouse, 3301.Dq Li auto 3302is the only protocol type which will work. 3303.Pp 3304.Bl -tag -width ".Li x10mouseremote" -compact 3305.It Li microsoft 3306Microsoft mouse (serial) 3307.It Li intellimouse 3308Microsoft IntelliMouse (serial) 3309.It Li mousesystems 3310Mouse systems Corp.\& mouse (serial) 3311.It Li mmseries 3312MM Series mouse (serial) 3313.It Li logitech 3314Logitech mouse (serial) 3315.It Li busmouse 3316A bus mouse 3317.It Li mouseman 3318Logitech MouseMan and TrackMan (serial) 3319.It Li glidepoint 3320ALPS GlidePoint (serial) 3321.It Li thinkingmouse 3322Kensington ThinkingMouse (serial) 3323.It Li ps/2 3324PS/2 mouse 3325.It Li mmhittab 3326MM HitTablet (serial) 3327.It Li x10mouseremote 3328X10 MouseRemote (serial) 3329.It Li versapad 3330Interlink VersaPad (serial) 3331.El 3332.Pp 3333Even if the mouse is not in the above list, it may be compatible 3334with one in the list. 3335Refer to the manual page for 3336.Xr moused 8 3337for compatibility information. 3338.Pp 3339It should also be noted that while this is enabled, any 3340other client of the mouse (such as an X server) should access 3341the mouse through the virtual mouse device, 3342.Pa /dev/sysmouse , 3343and configure it as a 3344.Dq Li sysmouse 3345type mouse, since all 3346mouse data is converted to this single canonical format when 3347using 3348.Xr moused 8 . 3349If the client program does not support the 3350.Dq Li sysmouse 3351type, 3352specify the 3353.Dq Li mousesystems 3354type. 3355It is the second preferred type. 3356.It Va moused_port 3357.Pq Vt str 3358If 3359.Va moused_enable 3360is set to 3361.Dq Li YES , 3362this is the actual port the mouse is on. 3363It might be 3364.Pa /dev/cuau0 3365for a COM1 serial mouse, 3366.Pa /dev/psm0 3367for a PS/2 mouse or 3368.Pa /dev/mse0 3369for a bus mouse, for example. 3370.It Va moused_flags 3371.Pq Vt str 3372If 3373.Va moused_flags 3374is set, its value is used as an additional set of flags to pass to the 3375.Xr moused 8 3376daemon. 3377.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3378When 3379.Va moused_nondefault_enable 3380is enabled, and a 3381.Xr moused 8 3382daemon is started for a non-default port, the 3383.Va "moused_" Ns Ar XXX Ns Va "_flags" 3384set of options has precedence over and replaces the default 3385.Va moused_flags 3386(where 3387.Ar XXX 3388is the name of the non-default port, i.e.,\& 3389.Ar ums0 ) . 3390By setting 3391.Va "moused_" Ns Ar XXX Ns Va "_flags" 3392it is possible to set up a different set of default flags for each 3393.Xr moused 8 3394instance. 3395For example, you can use 3396.Dq Li "-3" 3397for the default 3398.Va moused_flags 3399to make your laptop's touchpad more comfortable to use, 3400but an empty set of options for 3401.Va moused_ums0_flags 3402when your 3403.Xr usb 4 3404mouse has three or more buttons. 3405.It Va mousechar_start 3406.Pq Vt int 3407If set to 3408.Dq Li NO , 3409the default mouse cursor character range 3410.Li 0xd0 Ns - Ns Li 0xd3 3411is used, 3412otherwise the range start is set 3413to 3414.Ar value 3415character, see 3416.Xr vidcontrol 1 . 3417Use if the default range is occupied in the language code table. 3418.It Va allscreens_flags 3419.Pq Vt str 3420If set, 3421.Xr vidcontrol 1 3422is run with these options for each of the virtual terminals 3423.Pq Pa /dev/ttyv* . 3424For example, 3425.Dq Fl m Cm on 3426will enable the mouse pointer on all virtual terminals 3427if 3428.Va moused_enable 3429is set to 3430.Dq Li YES . 3431.It Va allscreens_kbdflags 3432.Pq Vt str 3433If set, 3434.Xr kbdcontrol 1 3435is run with these options for each of the virtual terminals 3436.Pq Pa /dev/ttyv* . 3437For example, 3438.Dq Fl h Li 200 3439will set the 3440.Xr syscons 4 3441scrollback (history) buffer to 200 lines. 3442.It Va cron_enable 3443.Pq Vt bool 3444If set to 3445.Dq Li YES , 3446run the 3447.Xr cron 8 3448daemon at system boot time. 3449.It Va cron_program 3450.Pq Vt str 3451Path to 3452.Xr cron 8 3453(default 3454.Pa /usr/sbin/cron ) . 3455.It Va cron_flags 3456.Pq Vt str 3457If 3458.Va cron_enable 3459is set to 3460.Dq Li YES , 3461these are the flags to pass to 3462.Xr cron 8 . 3463.It Va cron_dst 3464.Pq Vt bool 3465If set to 3466.Dq Li YES , 3467enable the special handling of transitions to and from the 3468Daylight Saving Time in 3469.Xr cron 8 3470(equivalent to using the flag 3471.Fl s ) . 3472.It Va lpd_program 3473.Pq Vt str 3474Path to 3475.Xr lpd 8 3476(default 3477.Pa /usr/sbin/lpd ) . 3478.It Va lpd_enable 3479.Pq Vt bool 3480If set to 3481.Dq Li YES , 3482run the 3483.Xr lpd 8 3484daemon at system boot time. 3485.It Va lpd_flags 3486.Pq Vt str 3487If 3488.Va lpd_enable 3489is set to 3490.Dq Li YES , 3491these are the flags to pass to the 3492.Xr lpd 8 3493daemon. 3494.It Va chkprintcap_enable 3495.Pq Vt bool 3496If set to 3497.Dq Li YES , 3498run the 3499.Xr chkprintcap 8 3500command before starting the 3501.Xr lpd 8 3502daemon. 3503.It Va chkprintcap_flags 3504.Pq Vt str 3505If 3506.Va lpd_enable 3507and 3508.Va chkprintcap_enable 3509are set to 3510.Dq Li YES , 3511these are the flags to pass to the 3512.Xr chkprintcap 8 3513program. 3514The default is 3515.Dq Li -d , 3516which causes missing directories to be created. 3517.It Va mta_start_script 3518.Pq Vt str 3519This variable specifies the full path to the script to run to start 3520a mail transfer agent. 3521The default is 3522.Pa /etc/rc.sendmail . 3523The 3524.Va sendmail_* 3525variables which 3526.Pa /etc/rc.sendmail 3527uses are documented in the 3528.Xr rc.sendmail 8 3529manual page. 3530.It Va dumpdev 3531.Pq Vt str 3532Indicates the device (usually a swap partition) to which a crash dump 3533should be written in the event of a system crash. 3534If the value of this variable is 3535.Dq Li AUTO , 3536the first suitable swap device listed in 3537.Pa /etc/fstab 3538will be used as dump device. 3539Otherwise, the value of this variable is passed as the argument to 3540.Xr dumpon 8 . 3541To disable crash dumps, set this variable to 3542.Dq Li NO . 3543.It Va dumpdir 3544.Pq Vt str 3545When the system reboots after a crash and a crash dump is found on the 3546device specified by the 3547.Va dumpdev 3548variable, 3549.Xr savecore 8 3550will save that crash dump and a copy of the kernel to the directory 3551specified by the 3552.Va dumpdir 3553variable. 3554The default value is 3555.Pa /var/crash . 3556Set to 3557.Dq Li NO 3558to not run 3559.Xr savecore 8 3560at boot time when 3561.Va dumpdir 3562is set. 3563.It Va savecore_flags 3564.Pq Vt str 3565If crash dumps are enabled, these are the flags to pass to the 3566.Xr savecore 8 3567utility. 3568.It Va quota_enable 3569.Pq Vt bool 3570Set to 3571.Dq Li YES 3572to turn on user and group disk quotas on system startup via the 3573.Xr quotaon 8 3574command for all file systems marked as having quotas enabled in 3575.Pa /etc/fstab . 3576The kernel must be built with 3577.Cd "options QUOTA" 3578for disk quotas to function. 3579.It Va check_quotas 3580.Pq Vt bool 3581Set to 3582.Dq Li YES 3583to enable user and group disk quota checking via the 3584.Xr quotacheck 8 3585command. 3586.It Va quotacheck_flags 3587.Pq Vt str 3588If 3589.Va quota_enable 3590is set to 3591.Dq Li YES , 3592and 3593.Va check_quotas 3594is set to 3595.Dq Li YES , 3596these are the flags to pass to the 3597.Xr quotacheck 8 3598utility. 3599The default is 3600.Dq Li "-a" , 3601which checks quotas for all file systems with quotas enabled in 3602.Pa /etc/fstab . 3603.It Va quotaon_flags 3604.Pq Vt str 3605If 3606.Va quota_enable 3607is set to 3608.Dq Li YES , 3609these are the flags to pass to the 3610.Xr quotaon 8 3611utility. 3612The default is 3613.Dq Li "-a" , 3614which enables quotas for all file systems with quotas enabled in 3615.Pa /etc/fstab . 3616.It Va quotaoff_flags 3617.Pq Vt str 3618If 3619.Va quota_enable 3620is set to 3621.Dq Li YES , 3622these are the flags to pass to the 3623.Xr quotaoff 8 3624utility when shutting down the quota system. 3625The default is 3626.Dq Li "-a" , 3627which disables quotas for all file systems with quotas enabled in 3628.Pa /etc/fstab . 3629.It Va accounting_enable 3630.Pq Vt bool 3631Set to 3632.Dq Li YES 3633to enable system accounting through the 3634.Xr accton 8 3635facility. 3636.It Va ibcs2_enable 3637.Pq Vt bool 3638Set to 3639.Dq Li YES 3640to enable iBCS2 (SCO) binary emulation at system initial boot 3641time. 3642.It Va ibcs2_loaders 3643.Pq Vt str 3644If not set to 3645.Dq Li NO 3646and if 3647.Va ibcs2_enable 3648is set to 3649.Dq Li YES , 3650this specifies a list of additional iBCS2 loaders to enable. 3651.It Va firstboot_sentinel 3652.Pq Vt str 3653This variable specifies the full path to a 3654.Dq first boot 3655sentinel file. 3656If a file exists with this path, 3657.Pa rc.d 3658scripts with the 3659.Dq firstboot 3660keyword will be run on startup and the sentinel file will be deleted 3661after the boot process completes. 3662The sentinel file must be located on a writable file system which is 3663mounted no later than 3664.Va early_late_divider 3665to function properly. 3666The default is 3667.Pa /firstboot . 3668.It Va linux_enable 3669.Pq Vt bool 3670Set to 3671.Dq Li YES 3672to enable Linux/ELF binary emulation at system initial 3673boot time. 3674.It Va svr4_enable 3675.Pq Vt bool 3676If set to 3677.Dq Li YES , 3678enable SysVR4 emulation at boot time. 3679.It Va sysvipc_enable 3680.Pq Vt bool 3681If set to 3682.Dq Li YES , 3683load System V IPC primitives at boot time. 3684.It Va clear_tmp_enable 3685.Pq Vt bool 3686Set to 3687.Dq Li YES 3688to have 3689.Pa /tmp 3690cleaned at startup. 3691.It Va clear_tmp_X 3692.Pq Vt bool 3693Set to 3694.Dq Li NO 3695to disable removing of X11 lock files, 3696and the removal and (secure) recreation 3697of the various socket directories for X11 3698related programs. 3699.It Va ldconfig_paths 3700.Pq Vt str 3701Set to the list of shared library paths to use with 3702.Xr ldconfig 8 . 3703NOTE: 3704.Pa /usr/lib 3705will always be added first, so it need not appear in this list. 3706.It Va ldconfig32_paths 3707.Pq Vt str 3708Set to the list of 32-bit compatibility shared library paths to 3709use with 3710.Xr ldconfig 8 . 3711.It Va ldconfig_paths_aout 3712.Pq Vt str 3713Set to the list of shared library paths to use with 3714.Xr ldconfig 8 3715legacy 3716.Xr a.out 5 3717support. 3718.It Va ldconfig_insecure 3719.Pq Vt bool 3720The 3721.Xr ldconfig 8 3722utility normally refuses to use directories 3723which are writable by anyone except root. 3724Set this variable to 3725.Dq Li YES 3726to disable that security check during system startup. 3727.It Va ldconfig_local_dirs 3728.Pq Vt str 3729Set to the list of local 3730.Xr ldconfig 8 3731directories. 3732The names of all files in the directories listed will be 3733passed as arguments to 3734.Xr ldconfig 8 . 3735.It Va ldconfig_local32_dirs 3736.Pq Vt str 3737Set to the list of local 32-bit compatibility 3738.Xr ldconfig 8 3739directories. 3740The names of all files in the directories listed will be 3741passed as arguments to 3742.Dq Nm ldconfig Fl 32 . 3743.It Va kern_securelevel_enable 3744.Pq Vt bool 3745Set to 3746.Dq Li YES 3747to set the kernel security level at system startup. 3748.It Va kern_securelevel 3749.Pq Vt int 3750The kernel security level to set at startup. 3751The allowed range of 3752.Ar value 3753ranges from \-1 (the compile time default) to 3 (the 3754most secure). 3755See 3756.Xr security 7 3757for the list of possible security levels and their effect 3758on system operation. 3759.It Va sshd_program 3760.Pq Vt str 3761Path to the SSH server program 3762.Pa ( /usr/sbin/sshd 3763is the default). 3764.It Va sshd_enable 3765.Pq Vt bool 3766Set to 3767.Dq Li YES 3768to start 3769.Xr sshd 8 3770at system boot time. 3771.It Va sshd_flags 3772.Pq Vt str 3773If 3774.Va sshd_enable 3775is set to 3776.Dq Li YES , 3777these are the flags to pass to the 3778.Xr sshd 8 3779daemon. 3780.It Va ftpd_program 3781.Pq Vt str 3782Path to the FTP server program 3783.Pa ( /usr/libexec/ftpd 3784is the default). 3785.It Va ftpd_enable 3786.Pq Vt bool 3787Set to 3788.Dq Li YES 3789to start 3790.Xr ftpd 8 3791as a stand-alone daemon at system boot time. 3792.It Va ftpd_flags 3793.Pq Vt str 3794If 3795.Va ftpd_enable 3796is set to 3797.Dq Li YES , 3798these are the additional flags to pass to the 3799.Xr ftpd 8 3800daemon. 3801.It Va watchdogd_enable 3802.Pq Vt bool 3803If set to 3804.Dq Li YES , 3805start the 3806.Xr watchdogd 8 3807daemon at boot time. 3808This requires that the kernel have been compiled with a 3809.Xr watchdog 4 3810compatible device. 3811.It Va watchdogd_flags 3812.Pq Vt str 3813If 3814.Va watchdogd_enable 3815is set to 3816.Dq Li YES , 3817these are the flags passed to the 3818.Xr watchdogd 8 3819daemon. 3820.It Va devfs_rulesets 3821.Pq Vt str 3822List of files containing sets of rules for 3823.Xr devfs 8 . 3824.It Va devfs_system_ruleset 3825.Pq Vt str 3826Rule name(s) to apply to the system 3827.Pa /dev 3828itself. 3829.It Va devfs_set_rulesets 3830.Pq Vt str 3831Pairs of already-mounted 3832.Pa dev 3833directories and rulesets that should be applied to them. 3834For example: /mount/dev=ruleset_name 3835.It Va devfs_load_rulesets 3836.Pq Vt bool 3837If set, always load the default rulesets listed in 3838.Va devfs_rulesets . 3839.It Va performance_cx_lowest 3840.Pq Vt str 3841CPU idle state to use while on AC power. 3842The string 3843.Dq Li LOW 3844indicates that 3845.Xr acpi 4 3846should use the lowest power state available while 3847.Dq Li HIGH 3848indicates that the lowest latency state (less power savings) should be used. 3849.It Va performance_cpu_freq 3850.Pq Vt str 3851CPU clock frequency to use while on AC power. 3852The string 3853.Dq Li LOW 3854indicates that 3855.Xr cpufreq 4 3856should use the lowest frequency available while 3857.Dq Li HIGH 3858indicates that the highest frequency (less power savings) should be used. 3859.It Va economy_cx_lowest 3860.Pq Vt str 3861CPU idle state to use when off AC power. 3862The string 3863.Dq Li LOW 3864indicates that 3865.Xr acpi 4 3866should use the lowest power state available while 3867.Dq Li HIGH 3868indicates that the lowest latency state (less power savings) should be used. 3869.It Va economy_cpu_freq 3870.Pq Vt str 3871CPU clock frequency to use when off AC power. 3872The string 3873.Dq Li LOW 3874indicates that 3875.Xr cpufreq 4 3876should use the lowest frequency available while 3877.Dq Li HIGH 3878indicates that the highest frequency (less power savings) should be used. 3879.It Va jail_enable 3880.Pq Vt bool 3881If set to 3882.Dq Li NO , 3883any configured jails will not be started. 3884.It Va jail_conf 3885.Pq Vt str 3886The configuration filename used by 3887.Xr jail 8 3888utility. 3889The default value is 3890.Pa /etc/jail.conf . 3891.It Va jail_parallel_start 3892.Pq Vt bool 3893If set to 3894.Dq Li YES , 3895all configured jails will be started in the background (in parallel). 3896.It Va jail_flags 3897.Pq Vt str 3898Unset by default. 3899When set, use as default value for 3900.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3901for every jail in 3902.Va jail_list . 3903.It Va jail_list 3904.Pq Vt str 3905A space separated list of names for jails. 3906If this variable is empty, 3907all of 3908.Xr jail 8 3909instances in the configuration file will be configured. 3910This is purely a configuration aid to help identify and 3911configure multiple jails. 3912The names specified in this list will be used to 3913identify settings common to an instance of a jail, 3914and should contain alphanumeric characters only. 3915The literal jail name of 3916.Dq Li 0 3917.Pq zero 3918is not allowed. 3919.It Va jail_* variables 3920Note that older releases supported per-jail configuration via 3921.Xr rc.conf 5 3922variables. 3923For example, 3924hostname of a jail named 3925.Li vjail 3926was able to be set by 3927.Li jail_vjail_hostname . 3928These per-jail configuration variables are now obsolete in favor of 3929.Xr jail 8 3930configuration file. 3931For backward compatibility, 3932when per-jail configuration variables are defined, 3933.Xr jail 8 3934configuration files are created as 3935.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3936and used. 3937.Pp 3938The following per-jail parameters are handled by 3939.Pa rc.d/jail 3940script out of their corresponding 3941.Nm 3942variables. 3943In addition to them, parameters in 3944.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3945will be added to the configuration file. 3946They must be a semi-colon 3947.Pq Ql \&; 3948delimited list of 3949.Dq key=value . 3950For more details, 3951see 3952.Xr jail 8 3953manual page. 3954.Bl -tag -width "host.hostname" -offset indent 3955.It Li path 3956set from 3957.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3958.It Li host.hostname 3959set from 3960.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3961.It Li exec.consolelog 3962set from 3963.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3964The default value is 3965.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3966.It Li interface 3967set from 3968.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3969.It Li vnet.interface 3970set from 3971.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3972This implies 3973.Li vnet 3974parameter will be enabled and cannot be specified with 3975.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3976.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3977and/or 3978.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3979at the same time. 3980.It Li fstab 3981set from 3982.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3983.It Li mount 3984set from 3985.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3986.It Li exec.fib 3987set from 3988.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3989.It Li exec.start 3990set from 3991.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3992The parameter name was 3993.Li command 3994in some older releases. 3995.It Li exec.prestart 3996set from 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3998.It Li exec.poststart 3999set from 4000.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4001.It Li exec.stop 4002set from 4003.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4004.It Li exec.prestop 4005set from 4006.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4007.It Li exec.poststop 4008set from 4009.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4010.It Li ip4.addr 4011set if 4012.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4013or 4014.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4015contain IPv4 addresses 4016.It Li ip6.addr 4017set if 4018.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4019or 4020.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4021contain IPv6 addresses 4022.It Li allow.mount 4023set from 4024.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4025.It Li mount.devfs 4026set from 4027.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4028.It Li devfs_ruleset 4029set from 4030.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4031This must be an integer, 4032not a string. 4033.It Li mount.fdescfs 4034set from 4035.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4036.It Li allow.set_hostname 4037set from 4038.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4039.It Li allow.rawsocket 4040set from 4041.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4042.It Li allow.sysvipc 4043set from 4044.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4045.El 4046.\" ----------------------------------------------------- 4047.It Va harvest_interrupt 4048.Pq Vt bool 4049Set to 4050.Dq Li YES 4051to use hardware interrupts as an entropy source. 4052Refer to 4053.Xr random 4 4054for more information. 4055.It Va harvest_ethernet 4056.Pq Vt bool 4057Set to 4058.Dq Li YES 4059to use LAN traffic as an entropy source. 4060Refer to 4061.Xr random 4 4062for more information. 4063.It Va harvest_p_to_p 4064.Pq Vt bool 4065Set to 4066.Dq Li YES 4067to use serial line traffic as an entropy source. 4068Refer to 4069.Xr random 4 4070for more information. 4071.It Va entropy_dir 4072.Pq Vt str 4073Set to 4074.Dq Li NO 4075to disable caching entropy via 4076.Xr cron 8 . 4077Otherwise set to the directory used to store entropy files in. 4078.It Va entropy_file 4079.Pq Vt str 4080Set to 4081.Dq Li NO 4082to disable caching entropy through reboots. 4083Otherwise set to the filename used to store cached entropy through 4084reboots. 4085This file should be located on the root file system to seed the 4086.Xr random 4 4087device as early as possible in the boot process. 4088.It Va entropy_save_sz 4089.Pq Vt int 4090Size of the entropy cache files saved by 4091.Nm save-entropy 4092periodically. 4093.It Va entropy_save_num 4094.Pq Vt int 4095Number of entropy cache files to save by 4096.Nm save-entropy 4097periodically. 4098.It Va ipsec_enable 4099.Pq Vt bool 4100Set to 4101.Dq Li YES 4102to run 4103.Xr setkey 8 4104on 4105.Va ipsec_file 4106at boot time. 4107.It Va ipsec_file 4108.Pq Vt str 4109Configuration file for 4110.Xr setkey 8 . 4111.It Va dmesg_enable 4112.Pq Vt bool 4113Set to 4114.Dq Li YES 4115to save 4116.Xr dmesg 8 4117to 4118.Pa /var/run/dmesg.boot 4119on boot. 4120.It Va rcshutdown_timeout 4121.Pq Vt int 4122If set, start a watchdog timer in the background which will terminate 4123.Pa rc.shutdown 4124if 4125.Xr shutdown 8 4126has not completed within the specified time (in seconds). 4127Notice that in addition to this soft timeout, 4128.Xr init 8 4129also applies a hard timeout for the execution of 4130.Pa rc.shutdown . 4131This is configured via 4132.Xr sysctl 8 4133variable 4134.Va kern.init_shutdown_timeout 4135and defaults to 120 seconds. 4136Setting the value of 4137.Va rcshutdown_timeout 4138to more than 120 seconds will have no effect until the 4139.Xr sysctl 8 4140variable 4141.Va kern.init_shutdown_timeout 4142is also increased. 4143.It Va virecover_enable 4144.Pq Vt bool 4145Set to 4146.Dq Li NO 4147to prevent the system from trying to 4148recover pre-maturely terminated 4149.Xr vi 1 4150sessions. 4151.It Va ugidfw_enable 4152.Pq Vt bool 4153Set to 4154.Dq Li YES 4155to load the 4156.Xr mac_bsdextended 4 4157module upon system initialization and load a default 4158ruleset file. 4159.It Va bsdextended_script 4160.Pq Vt str 4161The default 4162.Xr mac_bsdextended 4 4163ruleset file to load. 4164The default value of this variable is 4165.Pa /etc/rc.bsdextended . 4166.It Va newsyslog_enable 4167.Pq Vt bool 4168If set to 4169.Dq Li YES , 4170run 4171.Xr newsyslog 8 4172command at startup. 4173.It Va newsyslog_flags 4174.Pq Vt str 4175If 4176.Va newsyslog_enable 4177is set to 4178.Dq Li YES , 4179these are the flags to pass to the 4180.Xr newsyslog 8 4181program. 4182The default is 4183.Dq Li -CN , 4184which causes log files flagged with a 4185.Cm C 4186to be created. 4187.It Va mdconfig_md Ns Aq Ar X 4188.Pq Vt str 4189Arguments to 4190.Xr mdconfig 8 4191for 4192.Xr md 4 4193device 4194.Ar X . 4195At minimum a 4196.Fl t Ar type 4197must be specified and either a 4198.Fl s Ar size 4199for malloc or swap backed 4200.Xr md 4 4201devices or a 4202.Fl f Ar file 4203for vnode backed 4204.Xr md 4 4205devices. 4206Note that 4207.Va mdconfig_md Ns Aq Ar X 4208variables are evaluated until one variable is unset or null. 4209.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4210.Pq Vt str 4211Optional arguments passed to 4212.Xr newfs 8 4213to initialize 4214.Xr md 4 4215device 4216.Ar X . 4217.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4218.Pq Vt str 4219An ownership specification passed to 4220.Xr chown 8 4221after the specified 4222.Xr md 4 4223device 4224.Ar X 4225has been mounted. 4226Both the 4227.Xr md 4 4228device and the mount point will be changed. 4229.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4230.Pq Vt str 4231A mode string passed to 4232.Xr chmod 1 4233after the specified 4234.Xr md 4 4235device 4236.Ar X 4237has been mounted. 4238Both the 4239.Xr md 4 4240device and the mount point will be changed. 4241.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4242.Pq Vt str 4243Files to be copied to the mount point of the 4244.Xr md 4 4245device 4246.Ar X 4247after it has been mounted. 4248.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4249.Pq Vt str 4250Command to execute after the specified 4251.Xr md 4 4252device 4253.Ar X 4254has been mounted. 4255Note that the command is passed to 4256.Ic eval 4257and that both 4258.Va _dev 4259and 4260.Va _mp 4261variables can be used to reference respectively the 4262.Xr md 4 4263device and the mount point. 4264Assuming that the 4265.Xr md 4 4266device is 4267.Li md0 , 4268one could set the following: 4269.Bd -literal 4270mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4271.Ed 4272.It Va autobridge_interfaces 4273.Pq Vt str 4274Set to the list of bridge interfaces that will have newly arriving interfaces 4275checked against to be automatically added. 4276If not set to 4277.Dq Li NO 4278then for each whitespace separated 4279.Ar element 4280in the value, a 4281.Va autobridge_ Ns Aq Ar element 4282variable is assumed to exist which has a whitespace separated list of interface 4283names to match, these names can use wildcards. 4284For example: 4285.Bd -literal 4286autobridge_interfaces="bridge0" 4287autobridge_bridge0="tap* dc0 vlan[345]" 4288.Ed 4289.It Va mixer_enable 4290.Pq Vt bool 4291If set to 4292.Dq Li YES , 4293enable support for sound mixer. 4294.It Va hcsecd_enable 4295.Pq Vt bool 4296If set to 4297.Dq Li YES , 4298enable Bluetooth security daemon. 4299.It Va hcsecd_config 4300.Pq Vt str 4301Configuration file for 4302.Xr hcsecd 8 . 4303Default 4304.Pa /etc/bluetooth/hcsecd.conf . 4305.It Va sdpd_enable 4306.Pq Vt bool 4307If set to 4308.Dq Li YES , 4309enable Bluetooth Service Discovery Protocol daemon. 4310.It Va sdpd_control 4311.Pq Vt str 4312Path to 4313.Xr sdpd 8 4314control socket. 4315Default 4316.Pa /var/run/sdp . 4317.It Va sdpd_groupname 4318.Pq Vt str 4319Sets 4320.Xr sdpd 8 4321group to run as after it initializes. 4322Default 4323.Dq Li nobody . 4324.It Va sdpd_username 4325.Pq Vt str 4326Sets 4327.Xr sdpd 8 4328user to run as after it initializes. 4329Default 4330.Dq Li nobody . 4331.It Va bthidd_enable 4332.Pq Vt bool 4333If set to 4334.Dq Li YES , 4335enable Bluetooth Human Interface Device daemon. 4336.It Va bthidd_config 4337.Pq Vt str 4338Configuration file for 4339.Xr bthidd 8 . 4340Default 4341.Pa /etc/bluetooth/bthidd.conf . 4342.It Va bthidd_hids 4343.Pq Vt str 4344Path to a file, where 4345.Xr bthidd 8 4346will store information about known HID devices. 4347Default 4348.Pa /var/db/bthidd.hids . 4349.It Va rfcomm_pppd_server_enable 4350.Pq Vt bool 4351If set to 4352.Dq Li YES , 4353enable Bluetooth RFCOMM PPP wrapper daemon. 4354.It Va rfcomm_pppd_server_profile 4355.Pq Vt str 4356The name of the profile to use from 4357.Pa /etc/ppp/ppp.conf . 4358Multiple profiles can be specified here. 4359Also used to specify per-profile overrides. 4360When the profile name contains any of the characters 4361.Dq Li .-/+ 4362they are translated to 4363.Dq Li _ 4364for the proposes of the override variable names. 4365.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4366.Pq Vt str 4367Overrides local address to listen on. 4368By default 4369.Xr rfcomm_pppd 8 4370will listen on 4371.Dq Li ANY 4372address. 4373The address can be specified as BD_ADDR or name. 4374.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4375.Pq Vt str 4376Overrides local RFCOMM channel to listen on. 4377By default 4378.Xr rfcomm_pppd 8 4379will listen on RFCOMM channel 1. 4380Must set properly if multiple profiles used in the same time. 4381.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4382.Pq Vt bool 4383Tells 4384.Xr rfcomm_pppd 8 4385if it should register Serial Port service on the specified RFCOMM channel. 4386Default 4387.Dq Li NO . 4388.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4389.Pq Vt bool 4390Tells 4391.Xr rfcomm_pppd 8 4392if it should register Dial-Up Networking service on the specified 4393RFCOMM channel. 4394Default 4395.Dq Li NO . 4396.It Va ubthidhci_enable 4397.Pq Vt bool 4398If set to 4399.Dq Li YES , 4400change the USB Bluetooth controller from HID mode to HCI mode. 4401You also need to specify the location of USB Bluetooth controller with the 4402.Va ubthidhci_busnum 4403and 4404.Va ubthidhci_addr 4405variables. 4406.It Va ubthidhci_busnum 4407Bus number where the USB Bluetooth controller is located. 4408Check the output of 4409.Xr usbconfig 8 4410on your system to find this information. 4411.It Va ubthidhci_addr 4412Bus address of the USB Bluetooth controller. 4413Check the output of 4414.Xr usbconfig 8 4415on your system to find this information. 4416.It Va netwait_enable 4417.Pq Vt bool 4418If set to 4419.Dq Li YES , 4420delays the start of network-reliant services until 4421.Va netwait_if 4422is up and ICMP packets to a destination defined in 4423.Va netwait_ip 4424are flowing. 4425Link state is examined first, followed by 4426.Dq Li pinging 4427an IP address to verify network usability. 4428If no destination can be reached or timeouts are exceeded, 4429network services are started anyway with no guarantee that 4430the network is usable. 4431Use of this variable requires both 4432.Va netwait_ip 4433and 4434.Va netwait_if 4435to be set. 4436.It Va netwait_ip 4437.Pq Vt str 4438Empty by default. 4439This variable contains a space-delimited list of IP addresses to 4440.Xr ping 8 . 4441DNS hostnames should not be used as resolution is not guaranteed 4442to be functional at this point. 4443If multiple IP addresses are specified, 4444each will be tried until one is successful or the list is exhausted. 4445.It Va netwait_timeout 4446.Pq Vt int 4447Indicates the total number of seconds to perform a 4448.Dq Li ping 4449against each IP address in 4450.Va netwait_ip , 4451at a rate of one ping per second. 4452If any of the pings are successful, 4453full network connectivity is considered reliable. 4454The default is 60. 4455.It Va netwait_if 4456.Pq Vt str 4457Empty by default. 4458Defines the name of the network interface on which watch for link. 4459.Xr ifconfig 8 4460is used to monitor the interface, looking for 4461.Dq Li status: no carrier . 4462Once gone, the link is considered up. 4463This can be a 4464.Xr vlan 4 4465interface if desired. 4466.It Va netwait_if_timeout 4467.Pq Vt int 4468Defines the total number of seconds to wait for link to become usable, 4469polled at a 1-second interval. 4470The default is 30. 4471.El 4472.Sh FILES 4473.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4474.It Pa /etc/defaults/rc.conf 4475.It Pa /etc/rc.conf 4476.It Pa /etc/rc.conf.local 4477.El 4478.Sh SEE ALSO 4479.Xr catman 1 , 4480.Xr chmod 1 , 4481.Xr gdb 1 , 4482.Xr info 1 , 4483.Xr kbdcontrol 1 , 4484.Xr makewhatis 1 , 4485.Xr sh 1 , 4486.Xr vi 1 , 4487.Xr vidcontrol 1 , 4488.Xr bridge 4 , 4489.Xr dummynet 4 , 4490.Xr ip 4 , 4491.Xr ipf 4 , 4492.Xr ipfw 4 , 4493.Xr ipnat 4 , 4494.Xr kld 4 , 4495.Xr pf 4 , 4496.Xr pflog 4 , 4497.Xr pfsync 4 , 4498.Xr tcp 4 , 4499.Xr udp 4 , 4500.Xr exports 5 , 4501.Xr fstab 5 , 4502.Xr ipf 5 , 4503.Xr ipnat 5 , 4504.Xr motd 5 , 4505.Xr newsyslog.conf 5 , 4506.Xr pf.conf 5 , 4507.Xr security 7 , 4508.Xr accton 8 , 4509.Xr amd 8 , 4510.Xr apm 8 , 4511.Xr atm 8 , 4512.Xr bthidd 8 , 4513.Xr chkprintcap 8 , 4514.Xr chown 8 , 4515.Xr cron 8 , 4516.Xr devfs 8 , 4517.Xr dhclient 8 , 4518.Xr ftpd 8 , 4519.Xr geli 8 , 4520.Xr hcsecd 8 , 4521.Xr ifconfig 8 , 4522.Xr inetd 8 , 4523.Xr ipf 8 , 4524.Xr ipfw 8 , 4525.Xr ipnat 8 , 4526.Xr jail 8 , 4527.Xr kldxref 8 , 4528.Xr lpd 8 , 4529.Xr mdconfig 8 , 4530.Xr mdmfs 8 , 4531.Xr mixer 8 , 4532.Xr mountd 8 , 4533.Xr moused 8 , 4534.Xr mrouted 8 , 4535.Xr named 8 , 4536.Xr newfs 8 , 4537.Xr newsyslog 8 , 4538.Xr nfsd 8 , 4539.Xr ntpd 8 , 4540.Xr ntpdate 8 , 4541.Xr pfctl 8 , 4542.Xr pflogd 8 , 4543.Xr ping 8 , 4544.Xr powerd 8 , 4545.Xr quotacheck 8 , 4546.Xr quotaon 8 , 4547.Xr rc 8 , 4548.Xr rc.sendmail 8 , 4549.Xr rfcomm_pppd 8 , 4550.Xr route 8 , 4551.Xr routed 8 , 4552.Xr rpcbind 8 , 4553.Xr rpc.lockd 8 , 4554.Xr rpc.statd 8 , 4555.Xr rwhod 8 , 4556.Xr savecore 8 , 4557.Xr sdpd 8 , 4558.Xr sshd 8 , 4559.Xr swapon 8 , 4560.Xr sysctl 8 , 4561.Xr syslogd 8 , 4562.Xr timed 8 , 4563.Xr unbound 8 , 4564.Xr usbconfig 8 , 4565.Xr wlandebug 8 , 4566.Xr yp 8 , 4567.Xr ypbind 8 , 4568.Xr ypserv 8 , 4569.Xr ypset 8 4570.Sh HISTORY 4571The 4572.Nm 4573file appeared in 4574.Fx 2.2.2 . 4575.Sh AUTHORS 4576.An Jordan K. Hubbard . 4577