1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd April 30, 2016 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory or 74.Ao Ar dir Ac Ns Pa /rc.conf.d 75directories specified in 76.Va local_startup , 77which will be included by the 78.Va load_rc_config 79function. 80For jail configurations you could use the file 81.Pa /etc/rc.conf.d/jail 82to store jail specific configuration options. 83If 84.Va local_startup 85contains 86.Pa /usr/local/etc/rc.d 87and 88.Pa /opt/conf , 89.Pa /usr/local/rc.conf.d/jail 90and 91.Pa /opt/conf/rc.conf.d/jail 92will be loaded. 93If 94.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 95is a directory, 96all of files in the directory will be loaded. 97Also see the 98.Va rc_conf_files 99variable below. 100.Pp 101Options are set with 102.Dq Ar name Ns Li = Ns Ar value 103assignments that use 104.Xr sh 1 105syntax. 106The following list provides a name and short description for each 107variable that can be set in the 108.Nm 109file: 110.Bl -tag -width indent-two 111.It Va rc_debug 112.Pq Vt bool 113If set to 114.Dq Li YES , 115enable output of debug messages from rc scripts. 116This variable can be helpful in diagnosing mistakes when 117editing or integrating new scripts. 118Beware that this produces copious output to the terminal and 119.Xr syslog 3 . 120.It Va rc_info 121.Pq Vt bool 122If set to 123.Dq Li NO , 124disable informational messages from the rc scripts. 125Informational messages are displayed when 126a condition that is not serious enough to warrant a warning or 127an error occurs. 128.It Va rc_startmsgs 129.Pq Vt bool 130If set to 131.Dq Li YES , 132show 133.Dq Starting foo: 134when faststart is used (e.g., at boot time). 135.It Va early_late_divider 136.Pq Vt str 137The name of the script that should be used as the 138delimiter between the 139.Dq early 140and 141.Dq late 142stages of the boot process. 143The early stage should contain all the services needed to 144get the disks (local or remote) mounted so that the late 145stage can include scripts contained in the directories 146listed in the 147.Va local_startup 148variable (see below). 149Thus, the two likely candidates for this value are 150.Pa mountcritlocal 151for the typical system, and 152.Pa mountcritremote 153if the system needs remote file 154systems mounted to get access to the 155.Va local_startup 156directories; for example when 157.Pa /usr/local 158is NFS mounted. 159For 160.Pa rc.conf 161within a 162.Xr jail 8 163.Pa NETWORKING 164is likely to be an appropriate value. 165Extreme care should be taken when changing this value, 166and before changing it one should ensure that there are 167adequate provisions to recover from a failed boot 168(such as physical contact with the machine, 169or reliable remote console access). 170.It Va always_force_depends 171.Pq Vt bool 172Various 173.Pa rc.d 174scripts use the force_depend function to check whether required 175services are already running, and to start them if necessary. 176By default during boot time this check is bypassed if the 177required service is enabled in 178.Pa /etc/rc.conf[.local] . 179Setting this option will bypass that check at boot time and 180always test whether or not the service is actually running. 181Enabling this option is likely to increase your boot time if 182services are enabled that utilize the force_depend check. 183.It Ao Ar name Ac Ns Va _chroot 184.Pq Vt str 185.Xr chroot 186to this directory before running the service. 187.It Ao Ar name Ac Ns Va _user 188.Pq Vt str 189Run the service under this user account. 190.It Ao Ar name Ac Ns Va _group 191.Pq Vt str 192Run the chrooted service under this system group. Unlike the _user 193setting, this setting has no effect if the service is not chrooted. 194.It Ao Ar name Ac Ns Va _fib 195.Pq Vt int 196The 197.Xr setfib 1 198value to run the service under. 199.It Ao Ar name Ac Ns Va _nice 200.Pq Vt int 201The 202.Xr nice 1 203value to run the service under. 204.It Va apm_enable 205.Pq Vt bool 206If set to 207.Dq Li YES , 208enable support for Automatic Power Management with 209the 210.Xr apm 8 211command. 212.It Va apmd_enable 213.Pq Vt bool 214Run 215.Xr apmd 8 216to handle APM event from userland. 217This also enables support for APM. 218.It Va apmd_flags 219.Pq Vt str 220If 221.Va apmd_enable 222is set to 223.Dq Li YES , 224these are the flags to pass to the 225.Xr apmd 8 226daemon. 227.It Va devd_enable 228.Pq Vt bool 229Run 230.Xr devd 8 231to handle device added, removed or unknown events from the kernel. 232.It Va ddb_enable 233.Pq Vt bool 234Run 235.Xr ddb 8 236to install 237.Xr ddb 4 238scripts at boot time. 239.It Va ddb_config 240.Pq Vt str 241Configuration file for 242.Xr ddb 8 . 243Default 244.Pa /etc/ddb.conf . 245.It Va kld_list 246.Pq Vt str 247A list of kernel modules to load right after the local 248disks are mounted. 249Loading modules at this point in the boot process is 250much faster than doing it via 251.Pa /boot/loader.conf 252for those modules not necessary for mounting local disk. 253.It Va kldxref_enable 254.Pq Vt bool 255Set to 256.Dq Li NO 257by default. 258Set to 259.Dq Li YES 260to automatically rebuild 261.Pa linker.hints 262files with 263.Xr kldxref 8 264at boot time. 265.It Va kldxref_clobber 266.Pq Vt bool 267Set to 268.Dq Li NO 269by default. 270If 271.Va kldxref_enable 272is true, 273setting to 274.Dq Li YES 275will overwrite existing 276.Pa linker.hints 277files at boot time. 278Otherwise, 279only missing 280.Pa linker.hints 281files are generated. 282.It Va kldxref_module_path 283.Pq Vt str 284Empty by default. 285A semi-colon 286.Pq Ql \&; 287delimited list of paths containing 288.Xr kld 4 289modules. 290If empty, 291the contents of the 292.Va kern.module_path 293.Xr sysctl 8 294are used. 295.It Va powerd_enable 296.Pq Vt bool 297If set to 298.Dq Li YES , 299enable the system power control facility with the 300.Xr powerd 8 301daemon. 302.It Va powerd_flags 303.Pq Vt str 304If 305.Va powerd_enable 306is set to 307.Dq Li YES , 308these are the flags to pass to the 309.Xr powerd 8 310daemon. 311.It Va tmpmfs 312Controls the creation of a 313.Pa /tmp 314memory file system. 315Always happens if set to 316.Dq Li YES 317and never happens if set to 318.Dq Li NO . 319If set to anything else, a memory file system is created if 320.Pa /tmp 321is not writable. 322.It Va tmpsize 323Controls the size of a created 324.Pa /tmp 325memory file system. 326.It Va tmpmfs_flags 327Extra options passed to the 328.Xr mdmfs 8 329utility when the memory file system for 330.Pa /tmp 331is created. 332The default is 333.Dq Li "-S" , 334which inhibits the use of softupdates on 335.Pa /tmp 336so that file system space is freed without delay 337after file truncation or deletion. 338See 339.Xr mdmfs 8 340for other options you can use in 341.Va tmpmfs_flags . 342.It Va varmfs 343Controls the creation of a 344.Pa /var 345memory file system. 346Always happens if set to 347.Dq Li YES 348and never happens if set to 349.Dq Li NO . 350If set to anything else, a memory file system is created if 351.Pa /var 352is not writable. 353.It Va varsize 354Controls the size of a created 355.Pa /var 356memory file system. 357.It Va varmfs_flags 358Extra options passed to the 359.Xr mdmfs 8 360utility when the memory file system for 361.Pa /var 362is created. 363The default is 364.Dq Li "-S" , 365which inhibits the use of softupdates on 366.Pa /var 367so that file system space is freed without delay 368after file truncation or deletion. 369See 370.Xr mdmfs 8 371for other options you can use in 372.Va varmfs_flags . 373.It Va populate_var 374Controls the automatic population of the 375.Pa /var 376file system. 377Always happens if set to 378.Dq Li YES 379and never happens if set to 380.Dq Li NO . 381If set to anything else, a memory file system is created if 382.Pa /var 383is not writable. 384Note that this process requires access to certain commands in 385.Pa /usr 386before 387.Pa /usr 388is mounted on normal systems. 389.It Va cleanvar_enable 390.Pq Vt bool 391Clean the 392.Pa /var 393directory. 394.It Va local_startup 395.Pq Vt str 396List of directories to search for startup script files. 397.It Va script_name_sep 398.Pq Vt str 399The field separator to use for breaking down the list of startup script files 400into individual filenames. 401The default is a space. 402It is not necessary to change this unless there are startup scripts with names 403containing spaces. 404.It Va hostapd_enable 405.Pq Vt bool 406Set to 407.Dq Li YES 408to start 409.Xr hostapd 8 410at system boot time. 411.It Va hostname 412.Pq Vt str 413The fully qualified domain name (FQDN) of this host on the network. 414This should almost certainly be set to something meaningful, even if 415there is no network connection. 416If 417.Xr dhclient 8 418is used to set the hostname via DHCP, 419this variable should be set to an empty string. 420If this value remains unset when the system is done booting 421your console login will display the default hostname of 422.Dq Amnesiac . 423.It Va nisdomainname 424.Pq Vt str 425The NIS domain name of this host, or 426.Dq Li NO 427if NIS is not used. 428.It Va dhclient_program 429.Pq Vt str 430Path to the DHCP client program 431.Pa ( /sbin/dhclient , 432the 433.Ox 434DHCP client, 435is the default). 436.It Va dhclient_flags 437.Pq Vt str 438Additional flags to pass to the DHCP client program. 439For the 440.Ox 441DHCP client, see the 442.Xr dhclient 8 443manpage for a description of the command line options available. 444.It Va dhclient_flags_ Ns Aq Ar iface 445Additional flags to pass to the DHCP client program running on 446.Ar iface 447only. 448When specified, this variable overrides 449.Va dhclient_flags . 450.It Va background_dhclient 451.Pq Vt bool 452Set to 453.Dq Li YES 454to start the DHCP client in background. 455This can cause trouble with applications depending on 456a working network, but it will provide a faster startup 457in many cases. 458.It Va background_dhclient_ Ns Aq Ar iface 459When specified, this variable overrides the 460.Va background_dhclient 461variable for interface 462.Ar iface 463only. 464.It Va synchronous_dhclient 465.Pq Vt bool 466Set to 467.Dq Li YES 468to start 469.Xr dhclient 8 470synchronously at startup. 471This behavior can be overridden on a per-interface basis by replacing 472the 473.Dq Li DHCP 474keyword in the 475.Va ifconfig_ Ns Aq Ar interface 476variable with 477.Dq Li SYNCDHCP 478or 479.Dq Li NOSYNCDHCP . 480.It Va defaultroute_delay 481.Pq Vt int 482When set to a positive value, wait up to this long after configuring 483DHCP interfaces at startup to give the interfaces time to receive a lease. 484.It Va firewall_enable 485.Pq Vt bool 486Set to 487.Dq Li YES 488to load firewall rules at startup. 489If the kernel was not built with 490.Cd "options IPFIREWALL" , 491the 492.Pa ipfw.ko 493kernel module will be loaded. 494See also 495.Va ipfilter_enable . 496.It Va firewall_script 497.Pq Vt str 498This variable specifies the full path to the firewall script to run. 499The default is 500.Pa /etc/rc.firewall . 501.It Va firewall_type 502.Pq Vt str 503Names the firewall type from the selection in 504.Pa /etc/rc.firewall , 505or the file which contains the local firewall ruleset. 506Valid selections from 507.Pa /etc/rc.firewall 508are: 509.Pp 510.Bl -tag -width ".Li simple" -compact 511.It Li open 512unrestricted IP access 513.It Li closed 514all IP services disabled, except via 515.Dq Li lo0 516.It Li client 517basic protection for a workstation 518.It Li simple 519basic protection for a LAN. 520.El 521.Pp 522If a filename is specified, the full path 523must be given. 524.It Va firewall_quiet 525.Pq Vt bool 526Set to 527.Dq Li YES 528to disable the display of firewall rules on the console during boot. 529.It Va firewall_logging 530.Pq Vt bool 531Set to 532.Dq Li YES 533to enable firewall event logging. 534This is equivalent to the 535.Dv IPFIREWALL_VERBOSE 536kernel option. 537.It Va firewall_logif 538.Pq Vt bool 539Set to 540.Dq Li YES 541to create pseudo interface 542.Li ipfw0 543for logging. 544For more details, see 545.Xr ipfw 8 546manual page. 547.It Va firewall_flags 548.Pq Vt str 549Flags passed to 550.Xr ipfw 8 551if 552.Va firewall_type 553specifies a filename. 554.It Va firewall_coscripts 555.Pq Vt str 556List of executables and/or rc scripts to run after firewall starts/stops. 557Default is empty. 558.\" ----- firewall_nat_enable setting -------------------------------- 559.It Va firewall_nat_enable 560.Pq Vt bool 561The 562.Xr ipfw 8 563equivalent of 564.Va natd_enable . 565Setting this to 566.Dq Li YES 567enables kernel NAT. 568.Va firewall_enable 569must also be set to 570.Dq Li YES . 571.It Va firewall_nat_interface 572.Pq Vt str 573The 574.Xr ipfw 8 575equivalent of 576.Va natd_interface . 577This is the name of the public interface or IP address on which 578kernel NAT should run. 579.It Va firewall_nat_flags 580.Pq Vt str 581Additional configuration parameters for kernel NAT should be placed here. 582.It Va dummynet_enable 583.Pq Vt bool 584Setting this to 585.Dq Li YES 586will automatically load the 587.Xr dummynet 4 588module if 589.Va firewall_enable 590is also set to 591.Dq Li YES . 592.\" ------------------------------------------------------------------- 593.It Va natd_program 594.Pq Vt str 595Path to 596.Xr natd 8 . 597.It Va natd_enable 598.Pq Vt bool 599Set to 600.Dq Li YES 601to enable 602.Xr natd 8 . 603.Va firewall_enable 604must also be set to 605.Dq Li YES , 606and 607.Xr divert 4 608sockets must be enabled in the kernel. 609If the kernel was not built with 610.Cd "options IPDIVERT" , 611the 612.Pa ipdivert.ko 613kernel module will be loaded. 614.It Va natd_interface 615.Pq Vt str 616This is the name of the public interface on which 617.Xr natd 8 618should run. 619The interface may be given as an interface name or as an IP address. 620.It Va natd_flags 621.Pq Vt str 622Additional 623.Xr natd 8 624flags should be placed here. 625The 626.Fl n 627or 628.Fl a 629flag is automatically added with the above 630.Va natd_interface 631as an argument. 632.\" ----- ipfilter_enable setting -------------------------------- 633.It Va ipfilter_enable 634.Pq Vt bool 635Set to 636.Dq Li NO 637by default. 638Setting this to 639.Dq Li YES 640enables 641.Xr ipf 8 642packet filtering. 643.Pp 644Typical usage will require putting 645.Bd -literal 646ipfilter_enable="YES" 647ipnat_enable="YES" 648ipmon_enable="YES" 649ipfs_enable="YES" 650.Ed 651.Pp 652into 653.Pa /etc/rc.conf 654and editing 655.Pa /etc/ipf.rules 656and 657.Pa /etc/ipnat.rules 658appropriately. 659.Pp 660Note that 661.Va ipfilter_enable 662and 663.Va ipnat_enable 664can be enabled independently. 665.Va ipmon_enable 666and 667.Va ipfs_enable 668both require at least one of 669.Va ipfilter_enable 670and 671.Va ipnat_enable 672to be enabled. 673.Pp 674Having 675.Bd -literal 676options IPFILTER 677options IPFILTER_LOG 678options IPFILTER_DEFAULT_BLOCK 679.Ed 680.Pp 681in the kernel configuration file is a good idea, too. 682.\" ----- ipfilter_program setting ------------------------------ 683.It Va ipfilter_program 684.Pq Vt str 685Path to 686.Xr ipf 8 687(default 688.Pa /sbin/ipf ) . 689.\" ----- ipfilter_rules setting -------------------------------- 690.It Va ipfilter_rules 691.Pq Vt str 692Set to 693.Pa /etc/ipf.rules 694by default. 695This variable contains the name of the filter rule definition file. 696The file is expected to be readable for the 697.Xr ipf 8 698command to execute. 699.\" ----- ipv6_ipfilter_rules setting --------------------------- 700.It Va ipv6_ipfilter_rules 701.Pq Vt str 702Set to 703.Pa /etc/ipf6.rules 704by default. 705This variable contains the IPv6 filter rule definition file. 706The file is expected to be readable for the 707.Xr ipf 8 708command to execute. 709.\" ----- ipfilter_flags setting -------------------------------- 710.It Va ipfilter_flags 711.Pq Vt str 712Empty by default. 713This variable contains flags passed to the 714.Xr ipf 8 715program. 716.\" ----- ipnat_enable setting ---------------------------------- 717.It Va ipnat_enable 718.Pq Vt bool 719Set to 720.Dq Li NO 721by default. 722Set it to 723.Dq Li YES 724to enable 725.Xr ipnat 8 726network address translation. 727See 728.Va ipfilter_enable 729for a detailed discussion. 730.\" ----- ipnat_program setting --------------------------------- 731.It Va ipnat_program 732.Pq Vt str 733Path to 734.Xr ipnat 8 735(default 736.Pa /sbin/ipnat ) . 737.\" ----- ipnat_rules setting ----------------------------------- 738.It Va ipnat_rules 739.Pq Vt str 740Set to 741.Pa /etc/ipnat.rules 742by default. 743This variable contains the name of the file 744holding the network address translation definition. 745This file is expected to be readable for the 746.Xr ipnat 8 747command to execute. 748.\" ----- ipnat_flags setting ----------------------------------- 749.It Va ipnat_flags 750.Pq Vt str 751Empty by default. 752This variable contains flags passed to the 753.Xr ipnat 8 754program. 755.\" ----- ipmon_enable setting ---------------------------------- 756.It Va ipmon_enable 757.Pq Vt bool 758Set to 759.Dq Li NO 760by default. 761Set it to 762.Dq Li YES 763to enable 764.Xr ipmon 8 765monitoring (logging 766.Xr ipf 8 767and 768.Xr ipnat 8 769events). 770Setting this variable needs setting 771.Va ipfilter_enable 772or 773.Va ipnat_enable 774too. 775See 776.Va ipfilter_enable 777for a detailed discussion. 778.\" ----- ipmon_program setting --------------------------------- 779.It Va ipmon_program 780.Pq Vt str 781Path to 782.Xr ipmon 8 783(default 784.Pa /sbin/ipmon ) . 785.\" ----- ipmon_flags setting ----------------------------------- 786.It Va ipmon_flags 787.Pq Vt str 788Set to 789.Dq Li -Ds 790by default. 791This variable contains flags passed to the 792.Xr ipmon 8 793program. 794Another typical example would be 795.Dq Fl D Pa /var/log/ipflog 796to have 797.Xr ipmon 8 798log directly to a file bypassing 799.Xr syslogd 8 . 800Make sure to adjust 801.Pa /etc/newsyslog.conf 802in such case like this: 803.Bd -literal 804/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 805.Ed 806.\" ----- ipfs_enable setting ----------------------------------- 807.It Va ipfs_enable 808.Pq Vt bool 809Set to 810.Dq Li NO 811by default. 812Set it to 813.Dq Li YES 814to enable 815.Xr ipfs 8 816saving the filter and NAT state tables during shutdown 817and reloading them during startup again. 818Setting this variable needs setting 819.Va ipfilter_enable 820or 821.Va ipnat_enable 822to 823.Dq Li YES 824too. 825See 826.Va ipfilter_enable 827for a detailed discussion. 828Note that if 829.Va kern_securelevel 830is set to 3, 831.Va ipfs_enable 832cannot be used 833because the raised securelevel will prevent 834.Xr ipfs 8 835from saving the state tables at shutdown time. 836.\" ----- ipfs_program setting ---------------------------------- 837.It Va ipfs_program 838.Pq Vt str 839Path to 840.Xr ipfs 8 841(default 842.Pa /sbin/ipfs ) . 843.\" ----- ipfs_flags setting ------------------------------------ 844.It Va ipfs_flags 845.Pq Vt str 846Empty by default. 847This variable contains flags passed to the 848.Xr ipfs 8 849program. 850.\" ----- end of added ipf hook --------------------------------- 851.It Va pf_enable 852.Pq Vt bool 853Set to 854.Dq Li NO 855by default. 856Setting this to 857.Dq Li YES 858enables 859.Xr pf 4 860packet filtering. 861.Pp 862Typical usage will require putting 863.Pp 864.Dl pf_enable="YES" 865.Pp 866into 867.Pa /etc/rc.conf 868and editing 869.Pa /etc/pf.conf 870appropriately. 871Adding 872.Pp 873.Dl "device pf" 874.Pp 875builds support for 876.Xr pf 4 877into the kernel, otherwise the 878kernel module will be loaded. 879.It Va pf_rules 880.Pq Vt str 881Path to 882.Xr pf 4 883ruleset configuration file 884(default 885.Pa /etc/pf.conf ) . 886.It Va pf_program 887.Pq Vt str 888Path to 889.Xr pfctl 8 890(default 891.Pa /sbin/pfctl ) . 892.It Va pf_flags 893.Pq Vt str 894If 895.Va pf_enable 896is set to 897.Dq Li YES , 898these flags are passed to the 899.Xr pfctl 8 900program when loading the ruleset. 901.It Va pflog_enable 902.Pq Vt bool 903Set to 904.Dq Li NO 905by default. 906Setting this to 907.Dq Li YES 908enables 909.Xr pflogd 8 910which logs packets from the 911.Xr pf 4 912packet filter. 913.It Va pflog_logfile 914.Pq Vt str 915If 916.Va pflog_enable 917is set to 918.Dq Li YES 919this controls where 920.Xr pflogd 8 921stores the logfile 922(default 923.Pa /var/log/pflog ) . 924Check 925.Pa /etc/newsyslog.conf 926to adjust logfile rotation for this. 927.It Va pflog_program 928.Pq Vt str 929Path to 930.Xr pflogd 8 931(default 932.Pa /sbin/pflogd ) . 933.It Va pflog_flags 934.Pq Vt str 935Empty by default. 936This variable contains additional flags passed to the 937.Xr pflogd 8 938program. 939.It Va pflog_instances 940.Pq Vt str 941If logging to more than one 942.Xr pflog 4 943interface is desired, 944.Va pflog_instances 945is set to the list of 946.Xr pflogd 8 947instances that should be started at system boot time. If 948.Va pflog_instances 949is set, for each whitespace-seperated 950.Ar element 951in the list, 952.Ao Ar element Ac Ns Va _dev 953and 954.Ao Ar element Ac Ns Va _logfile 955elements are assumed to exist. 956.Ao Ar element Ac Ns Va _dev 957must contain the 958.Xr pflog 4 959interface to be watched by the named 960.Xr pflogd 8 961instance. 962.Ao Ar element Ac Ns Va _logfile 963must contain the name of the logfile that will be used by the 964.Xr pflogd 8 965instance. 966.It Va ftpproxy_enable 967.Pq Vt bool 968Set to 969.Dq Li NO 970by default. 971Setting this to 972.Dq Li YES 973enables 974.Xr ftp-proxy 8 975which supports the 976.Xr pf 4 977packet filter in translating ftp connections. 978.It Va ftpproxy_flags 979.Pq Vt str 980Empty by default. 981This variable contains additional flags passed to the 982.Xr ftp-proxy 8 983program. 984.It Va ftpproxy_instances 985.Pq Vt str 986Empty by default. If multiple instances of 987.Xr ftp-proxy 8 988are desired at boot time, 989.Va ftpproxy_instances 990should contain a whitespace-seperated list of instance names. For each 991.Ar element 992in the list, a variable named 993.Ao Ar element Ac Ns Va _flags 994should be defined, containing the command-line flags to be passed to the 995.Xr ftp-proxy 8 996instance. 997.It Va pfsync_enable 998.Pq Vt bool 999Set to 1000.Dq Li NO 1001by default. 1002Setting this to 1003.Dq Li YES 1004enables exposing 1005.Xr pf 4 1006state changes to other hosts over the network by means of 1007.Xr pfsync 4 . 1008The 1009.Va pfsync_syncdev 1010variable 1011must also be set then. 1012.It Va pfsync_syncdev 1013.Pq Vt str 1014Empty by default. 1015This variable specifies the name of the network interface 1016.Xr pfsync 4 1017should operate through. 1018It must be set accordingly if 1019.Va pfsync_enable 1020is set to 1021.Dq Li YES . 1022.It Va pfsync_syncpeer 1023.Pq Vt str 1024Empty by default. 1025This variable is optional. 1026By default, state change messages are sent out on the synchronisation 1027interface using IP multicast packets. 1028The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1029224.0.0.240. 1030When a peer address is specified using the 1031.Va pfsync_syncpeer 1032option, the peer address is used as a destination for the pfsync 1033traffic, and the traffic can then be protected using 1034.Xr ipsec 4 . 1035See the 1036.Xr pfsync 4 1037manpage for more details about using 1038.Xr ipsec 4 1039with 1040.Xr pfsync 4 1041interfaces. 1042.It Va pfsync_ifconfig 1043.Pq Vt str 1044Empty by default. 1045This variable can contain additional options to be passed to the 1046.Xr ifconfig 8 1047command used to set up 1048.Xr pfsync 4 . 1049.It Va tcp_extensions 1050.Pq Vt bool 1051Set to 1052.Dq Li YES 1053by default. 1054Setting this to 1055.Dq Li NO 1056disables certain TCP options as described by 1057.Rs 1058.%T "RFC 1323" 1059.Re 1060Setting this to 1061.Dq Li NO 1062might help remedy such problems with connections as randomly hanging 1063or other weird behavior. 1064Some network devices are known 1065to be broken with respect to these options. 1066.It Va log_in_vain 1067.Pq Vt int 1068Set to 0 by default. 1069The 1070.Xr sysctl 8 1071variables, 1072.Va net.inet.tcp.log_in_vain 1073and 1074.Va net.inet.udp.log_in_vain , 1075as described in 1076.Xr tcp 4 1077and 1078.Xr udp 4 , 1079are set to the given value. 1080.It Va tcp_keepalive 1081.Pq Vt bool 1082Set to 1083.Dq Li YES 1084by default. 1085Setting to 1086.Dq Li NO 1087will disable probing idle TCP connections to verify that the 1088peer is still up and reachable. 1089.It Va tcp_drop_synfin 1090.Pq Vt bool 1091Set to 1092.Dq Li NO 1093by default. 1094Setting to 1095.Dq Li YES 1096will cause the kernel to ignore TCP frames that have both 1097the SYN and FIN flags set. 1098This prevents OS fingerprinting, but may 1099break some legitimate applications. 1100.It Va icmp_drop_redirect 1101.Pq Vt bool 1102Set to 1103.Dq Li NO 1104by default. 1105Setting to 1106.Dq Li YES 1107will cause the kernel to ignore ICMP REDIRECT packets. 1108Refer to 1109.Xr icmp 4 1110for more information. 1111.It Va icmp_log_redirect 1112.Pq Vt bool 1113Set to 1114.Dq Li NO 1115by default. 1116Setting to 1117.Dq Li YES 1118will cause the kernel to log ICMP REDIRECT packets. 1119Note that 1120the log messages are not rate-limited, so this option should only be used 1121for troubleshooting networks. 1122Refer to 1123.Xr icmp 4 1124for more information. 1125.It Va icmp_bmcastecho 1126.Pq Vt bool 1127Set to 1128.Dq Li YES 1129to respond to broadcast or multicast ICMP ping packets. 1130Refer to 1131.Xr icmp 4 1132for more information. 1133.It Va ip_portrange_first 1134.Pq Vt int 1135If not set to 1136.Dq Li NO , 1137this is the first port in the default portrange. 1138Refer to 1139.Xr ip 4 1140for more information. 1141.It Va ip_portrange_last 1142.Pq Vt int 1143If not set to 1144.Dq Li NO , 1145this is the last port in the default portrange. 1146Refer to 1147.Xr ip 4 1148for more information. 1149.It Va network_interfaces 1150.Pq Vt str 1151Set to the list of network interfaces to configure on this host or 1152.Dq Li AUTO 1153(the default) for all current interfaces. 1154Setting the 1155.Va network_interfaces 1156variable to anything other than the default is deprecated. 1157Interfaces that the administrator wishes to store configuration for, 1158but not start at boot should be configured with the 1159.Dq Li NOAUTO 1160keyword in their 1161.Va ifconfig_ Ns Aq Ar interface 1162variables as described below. 1163.Pp 1164An 1165.Va ifconfig_ Ns Aq Ar interface 1166variable is also assumed to exist for each value of 1167.Ar interface . 1168When an interface name contains any of the characters 1169.Dq Li .-/+ 1170they are translated to 1171.Dq Li _ 1172before lookup. 1173The variable can contain arguments to 1174.Xr ifconfig 8 , 1175as well as special case-insensitive keywords described below. 1176Such keywords are removed before passing the value to 1177.Xr ifconfig 8 1178while the order of the other arguments is preserved. 1179.Pp 1180It is possible to add IP alias entries using 1181.Xr ifconfig 8 1182syntax with the address family keyword such as 1183.Li inet . 1184Assuming that the interface in question was 1185.Li ed0 , 1186it might look something like this: 1187.Bd -literal 1188ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1189ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1190.Ed 1191.Pp 1192It also possible to configure multiple IP addresses in Classless 1193Inter-Domain Routing 1194.Pq CIDR 1195address notation, 1196whose each address component can be a range like 1197.Li inet 192.0.2.5-23/24 1198or 1199.Li inet6 2001:db8:1-f::1/64 . 1200This notation allows address and prefix length part only, 1201not the other address modifiers. 1202Note that the maximum number of the generated addresses from a range 1203specification is limited to an integer value specified in 1204.Va netif_ipexpand_max 1205in 1206.Xr rc.conf 5 1207because a small typo can unexpectedly generate a large number of addresses. 1208The default value is 1209.Li 2048 . 1210It can be increased by adding the following line into 1211.Xr rc.conf 5 : 1212.Bd -literal 1213netif_ipexpand_max="4096" 1214.Ed 1215.Pp 1216In the case of 1217.Li 192.0.2.5-23/24 , 1218the address 192.0.2.5 will be configured with the 1219netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1220the non-conflicting netmask /32 as explained in the 1221.Xr ifconfig 8 1222alias section. 1223Note that this special netmask handling is only for 1224.Li inet , 1225not for the other address families such as 1226.Li inet6 . 1227.Pp 1228With the interface in question being 1229.Li ed0 , 1230an example could look like: 1231.Bd -literal 1232ifconfig_ed0_alias2="inet 192.0.2.129/27" 1233ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1234.Ed 1235.Pp 1236and so on. 1237.Pp 1238Note that 1239.Va ipv4_addrs_ Ns Aq Ar interface 1240variable was supported for IPv4 CIDR address notation. 1241It is now deprecated because the functionality was integrated into 1242.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1243though 1244.Va ipv4_addrs_ Ns Aq Ar interface 1245is still supported for backward compatibility. 1246.Pp 1247For each 1248.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1249entry with an address family keyword, 1250its contents are passed to 1251.Xr ifconfig 8 . 1252Execution stops at the first unsuccessful access, so if 1253something like this is present: 1254.Bd -literal 1255ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1256ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1257ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1258ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1259.Ed 1260.Pp 1261Then note that alias4 would 1262.Em not 1263be added since the search would 1264stop with the missing 1265.Dq Li alias3 1266entry. 1267Because of this difficult to manage behavior, 1268there is 1269.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1270variable, which has the same functionality as 1271.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1272and can have all of entries in a variable like the following: 1273.Bd -literal 1274ifconfig_ed0_aliases="\\ 1275 inet 127.0.0.251 netmask 0xffffffff \\ 1276 inet 127.0.0.252 netmask 0xffffffff \\ 1277 inet 127.0.0.253 netmask 0xffffffff \\ 1278 inet 127.0.0.254 netmask 0xffffffff" 1279.Ed 1280.Pp 1281It also supports CIDR notation. 1282.Pp 1283If the 1284.Pa /etc/start_if. Ns Aq Ar interface 1285file is present, it is read and executed by the 1286.Xr sh 1 1287interpreter 1288before configuring the interface as specified in the 1289.Va ifconfig_ Ns Aq Ar interface 1290and 1291.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1292variables. 1293.Pp 1294If a 1295.Va vlans_ Ns Aq Ar interface 1296variable is set, 1297a 1298.Xr vlan 4 1299interface will be created for each item in the list with the 1300.Ar vlandev 1301argument set to 1302.Ar interface . 1303If a vlan interface's name is a number, 1304then that number is used as the vlan tag and the new vlan interface is 1305named 1306.Ar interface . Ns Ar tag . 1307Otherwise, 1308the vlan tag must be specified via a 1309.Va vlan 1310parameter in the 1311.Va create_args_ Ns Aq Ar interface 1312variable. 1313.Pp 1314To create a vlan device named 1315.Li em0.101 1316on 1317.Li em0 1318with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1319.Bd -literal 1320vlans_em0="101" 1321ifconfig_em0_101="inet 192.0.2.1/24" 1322.Ed 1323.Pp 1324To create a vlan device named 1325.Li myvlan 1326on 1327.Li em0 1328with the vlan tag 102: 1329.Bd -literal 1330vlans_em0="myvlan" 1331create_args_myvlan="vlan 102" 1332.Ed 1333.Pp 1334If a 1335.Va wlans_ Ns Aq Ar interface 1336variable is set, 1337an 1338.Xr wlan 4 1339interface will be created for each item in the list with the 1340.Ar wlandev 1341argument set to 1342.Ar interface . 1343Further wlan cloning arguments may be passed to the 1344.Xr ifconfig 8 1345.Cm create 1346command by setting the 1347.Va create_args_ Ns Aq Ar interface 1348variable. 1349One or more 1350.Xr wlan 4 1351devices must be created for each wireless devices as of 1352.Fx 8.0 . 1353Debugging flags for 1354.Xr wlan 4 1355devices as set by 1356.Xr wlandebug 8 1357may be specified with an 1358.Va wlandebug_ Ns Aq Ar interface 1359variable. 1360The contents of this variable will be passed directly to 1361.Xr wlandebug 8 . 1362.Pp 1363If the 1364.Va ifconfig_ Ns Aq Ar interface 1365contains the keyword 1366.Dq Li NOAUTO 1367then the interface will not be configured 1368at boot or by 1369.Pa /etc/pccard_ether 1370when 1371.Va network_interfaces 1372is set to 1373.Dq Li AUTO . 1374.Pp 1375It is possible to bring up an interface with DHCP by adding 1376.Dq Li DHCP 1377to the 1378.Va ifconfig_ Ns Aq Ar interface 1379variable. 1380For instance, to initialize the 1381.Li ed0 1382device via DHCP, 1383it is possible to use something like: 1384.Bd -literal 1385ifconfig_ed0="DHCP" 1386.Ed 1387.Pp 1388If you want to configure your wireless interface with 1389.Xr wpa_supplicant 8 1390for use with WPA, EAP/LEAP or WEP, you need to add 1391.Dq Li WPA 1392to the 1393.Va ifconfig_ Ns Aq Ar interface 1394variable. 1395.Pp 1396On the other hand, if you want to configure your wireless interface with 1397.Xr hostapd 8 , 1398you need to add 1399.Dq Li HOSTAP 1400to the 1401.Va ifconfig_ Ns Aq Ar interface 1402variable. 1403.Xr hostapd 8 1404will use the settings from 1405.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1406.Pp 1407Finally, you can add 1408.Xr ifconfig 8 1409options in this variable, in addition to the 1410.Pa /etc/start_if. Ns Aq Ar interface 1411file. 1412For instance, to configure an 1413.Xr ath 4 1414wireless device in station mode with an address obtained 1415via DHCP, using WPA authentication and 802.11b mode, it is 1416possible to use something like: 1417.Bd -literal 1418wlans_ath0="wlan0" 1419ifconfig_wlan0="DHCP WPA mode 11b" 1420.Ed 1421.Pp 1422In addition to the 1423.Va ifconfig_ Ns Aq Ar interface 1424form, a fallback variable 1425.Va ifconfig_DEFAULT 1426may be configured. 1427It will be used for all interfaces with no 1428.Va ifconfig_ Ns Aq Ar interface 1429variable. 1430This is intended to replace the no longer supported 1431.Va pccard_ifconfig 1432variable. 1433.Pp 1434It is also possible to rename an interface by doing: 1435.Bd -literal 1436ifconfig_ed0_name="net0" 1437ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1438.Ed 1439.It Va ipv6_enable 1440.Pq Vt bool 1441This variable is deprecated. 1442Use 1443.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1444and 1445.Va ipv6_activate_all_interfaces 1446if necessary. 1447.Pp 1448If the variable is 1449.Dq Li YES , 1450.Dq Li inet6 accept_rtadv 1451is added to all of 1452.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1453and the 1454.Va ipv6_activate_all_interfaces 1455is defined as 1456.Dq Li YES . 1457.It Va ipv6_prefer 1458.Pq Vt bool 1459This variable is deprecated. 1460Use 1461.Va ip6addrctl_policy 1462instead. 1463.Pp 1464If the variable is 1465.Dq Li YES , 1466the default address selection policy table set by 1467.Xr ip6addrctl 8 1468will be IPv6-preferred. 1469.Pp 1470If the variable is 1471.Dq Li NO , 1472the default address selection policy table set by 1473.Xr ip6addrctl 8 1474will be IPv4-preferred. 1475.It Va ipv6_activate_all_interfaces 1476.Pq Vt bool 1477This controls initial configuration on IPv6-capable 1478interfaces with no corresponding 1479.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1480variable. 1481Note that it is not always necessary to set this variable to 1482.Dq YES 1483to use IPv6 functionality on 1484.Fx . 1485In most cases, just configuring 1486.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1487variables works. 1488.Pp 1489If the variable is 1490.Dq Li NO , 1491all interfaces which do not have a corresponding 1492.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1493variable will be marked as 1494.Dq Li IFDISABLED 1495at creation. 1496This means that all of IPv6 functionality on that interface 1497is completely disabled to enforce a security policy. 1498If the variable is set to 1499.Dq YES , 1500the flag will be cleared on all of the interfaces. 1501.Pp 1502In most cases, just defining an 1503.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1504for an IPv6-capable interface should be sufficient. 1505However, if an interface is added dynamically 1506.Pq by some tunneling protocols such as PPP, for example , 1507it is often difficult to define the variable in advance. 1508In such a case, configuring the 1509.Dq Li IFDISABLED 1510flag can be disabled by setting this variable to 1511.Dq YES . 1512.Pp 1513For more details of the 1514.Dq Li IFDISABLED 1515flag and keywords 1516.Dq Li inet6 ifdisabled , 1517see 1518.Xr ifconfig 8 . 1519.Pp 1520Default is 1521.Dq Li NO . 1522.It Va ipv6_privacy 1523.Pq Vt bool 1524If the variable is 1525.Dq Li YES 1526privacy addresses will be generated for each IPv6 1527interface as described in RFC 4941. 1528.It Va ipv6_network_interfaces 1529.Pq Vt str 1530This is the IPv6 equivalent of 1531.Va network_interfaces . 1532Normally manual configuration of this variable is not needed. 1533.It Va ipv6_cpe_wanif 1534.Pq Vt str 1535If the variable is set to an interface name, 1536the 1537.Xr ifconfig 8 1538options 1539.Dq inet6 -no_radr accept_rtadv 1540will be added to the specified interface automatically before evaluating 1541.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1542and two 1543.Xr sysctl 8 1544variables 1545.Va net.inet6.ip6.rfc6204w3 1546and 1547.Va net.inet6.ip6.no_radr 1548will be set to 1. 1549.Pp 1550This means the specified interface will accept ICMPv6 Router 1551Advertisement messages on that link and add the discovered 1552routers into the Default Router List. 1553While the other interfaces can still accept RA messages if the 1554.Dq inet6 accept_rtadv 1555option is specified, adding 1556routes into the Default Router List will be disabled by 1557.Dq inet6 no_radr 1558option by default. 1559See 1560.Xr ifconfig 8 1561for more details. 1562.Pp 1563Note that ICMPv6 Router Advertisement messages will be 1564accepted even when 1565.Va net.inet6.ip6.forwarding 1566is 1 1567.Pq packet forwarding is enabled 1568when 1569.Va net.inet6.ip6.rfc6204w3 1570is set to 1. 1571.Pp 1572Default is 1573.Dq Li NO . 1574.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1575.Pq Vt str 1576IPv6 functionality on an interface should be configured by 1577.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1578instead of setting ifconfig parameters in 1579.Va ifconfig_ Ns Aq Ar interface . 1580If this variable is empty, all of IPv6 configurations on the 1581specified interface by other variables such as 1582.Va ipv6_prefix_ Ns Ao Ar interface Ac 1583will be ignored. 1584.Pp 1585Aliases should be set by 1586.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1587with 1588.Dq Li inet6 1589keyword. 1590For example: 1591.Bd -literal 1592ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1593ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1594.Ed 1595.Pp 1596Interfaces that have an 1597.Dq Li inet6 accept_rtadv 1598keyword in 1599.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1600setting will be automatically configured by SLAAC 1601.Pq StateLess Address AutoConfiguration 1602described in 1603.Rs 1604.%T "RFC 4862" 1605.Re 1606.Pp 1607Note that a link-local address will be automatically configured in 1608addition to the configured global-scope addresses because the IPv6 1609specifications require it on each link. 1610The address is calculated from the MAC address by using an algorithm 1611defined in 1612.Rs 1613.%T "RFC 4862" 1614.%O "Section 5.3" 1615.Re 1616.Pp 1617If only a link-local address is needed on the interface, 1618the following configuration can be used: 1619.Bd -literal 1620ifconfig_ed0_ipv6="inet6 auto_linklocal" 1621.Ed 1622.Pp 1623A link-local address can also be configured manually. 1624This is useful for the default router address of an IPv6 router 1625so that it does not change when the network interface 1626card is replaced. 1627For example: 1628.Bd -literal 1629ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1630.Ed 1631.It Va ipv6_prefix_ Ns Aq Ar interface 1632.Pq Vt str 1633If one or more prefixes are defined in 1634.Va ipv6_prefix_ Ns Aq Ar interface 1635addresses based on each prefix and the EUI-64 interface index will be 1636configured on that interface. 1637Note that this variable will be ignored when 1638.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1639is empty. 1640.Pp 1641For example, the following configuration 1642.Bd -literal 1643ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1644.Ed 1645.Pp 1646is equivalent to the following: 1647.Bd -literal 1648ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1649ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1650ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1651ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1652.Ed 1653.Pp 1654These Subnet-Router anycast addresses will be added only when 1655.Va ipv6_gateway_enable 1656is YES. 1657.It Va ipv6_default_interface 1658.Pq Vt str 1659If not set to 1660.Dq Li NO , 1661this is the default output interface for scoped addresses. 1662This works only with ipv6_gateway_enable="NO". 1663.It Va ip6addrctl_enable 1664.Pq Vt bool 1665This variable is to enable configuring default address selection policy table 1666.Pq RFC 3484 . 1667The table can be specified in another variable 1668.Va ip6addrctl_policy . 1669For 1670.Va ip6addrctl_policy 1671the following keywords can be specified: 1672.Dq Li ipv4_prefer , 1673.Dq Li ipv6_prefer , 1674or 1675.Dq Li AUTO . 1676.Pp 1677If 1678.Dq Li ipv4_prefer 1679or 1680.Dq Li ipv6_prefer 1681is specified, 1682.Xr ip6addrctl 8 1683installs a pre-defined policy table described in Section 2.1 1684.Pq IPv6-preferred 1685or 10.3 1686.Pq IPv4-preferred 1687of RFC 3484. 1688.Pp 1689If 1690.Dq Li AUTO 1691is specified, it attempts to read a file 1692.Pa /etc/ip6addrctl.conf 1693first. 1694If this file is found, 1695.Xr ip6addrctl 8 1696reads and installs it. 1697If not found, a policy is automatically set 1698according to 1699.Va ipv6_activate_all_interfaces 1700variable; if the variable is set to 1701.Dq Li YES 1702the IPv6-preferred one is used. 1703Otherwise IPv4-preferred. 1704.Pp 1705The default value of 1706.Va ip6addrctl_enable 1707and 1708.Va ip6addrctl_policy 1709are 1710.Dq Li YES 1711and 1712.Dq Li AUTO , 1713respectively. 1714.It Va cloned_interfaces 1715.Pq Vt str 1716Set to the list of clonable network interfaces to create on this host. 1717Further cloning arguments may be passed to the 1718.Xr ifconfig 8 1719.Cm create 1720command for each interface by setting the 1721.Va create_args_ Ns Aq Ar interface 1722variable. 1723If an interface name is specified with 1724.Dq :sticky 1725keyword, 1726the interface will not be destroyed even when 1727.Pa rc.d/netif 1728script is invoked with 1729.Dq stop 1730argument. 1731This is useful when reconfiguring the interface without destroying it. 1732Entries in 1733.Va cloned_interfaces 1734are automatically appended to 1735.Va network_interfaces 1736for configuration. 1737.It Va cloned_interfaces_sticky 1738.Pq Vt bool 1739This variable is to globally enable functionality of 1740.Dq :sticky 1741keyword in 1742.Va cloned_interfaces 1743for all interfaces. 1744The default value is 1745.Dq NO . 1746Even if this variable is specified to 1747.Dq YES , 1748.Dq :nosticky 1749keyword can be used to override it on per interface basis. 1750.It Va gif_interfaces 1751.Pq Vt str 1752This variable is deprecated in favor of 1753.Va cloned_interfaces . 1754Set to the list of 1755.Xr gif 4 1756tunnel interfaces to configure on this host. 1757A 1758.Va gifconfig_ Ns Aq Ar interface 1759variable is assumed to exist for each value of 1760.Ar interface . 1761The value of this variable is used to configure the link layer of the 1762tunnel according to the syntax of the 1763.Cm tunnel 1764option to 1765.Xr ifconfig 8 . 1766Additionally, this option ensures that each listed interface is created 1767via the 1768.Cm create 1769option to 1770.Xr ifconfig 8 1771before attempting to configure it. 1772.It Va sppp_interfaces 1773.Pq Vt str 1774Set to the list of 1775.Xr sppp 4 1776interfaces to configure on this host. 1777A 1778.Va spppconfig_ Ns Aq Ar interface 1779variable is assumed to exist for each value of 1780.Ar interface . 1781Each interface should also be configured by a general 1782.Va ifconfig_ Ns Aq Ar interface 1783setting. 1784Refer to 1785.Xr spppcontrol 8 1786for more information about available options. 1787.It Va ppp_enable 1788.Pq Vt bool 1789If set to 1790.Dq Li YES , 1791run the 1792.Xr ppp 8 1793daemon. 1794.It Va ppp_profile 1795.Pq Vt str 1796The name of the profile to use from 1797.Pa /etc/ppp/ppp.conf . 1798Also used for per-profile overrides of 1799.Va ppp_mode 1800and 1801.Va ppp_nat , 1802and 1803.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1804When the profile name contains any of the characters 1805.Dq Li .-/+ 1806they are translated to 1807.Dq Li _ 1808for the proposes of the override variable names. 1809.It Va ppp_mode 1810.Pq Vt str 1811Mode in which to run the 1812.Xr ppp 8 1813daemon. 1814.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1815.Pq Vt str 1816Overrides the global 1817.Va ppp_mode 1818for 1819.Ar profile . 1820Accepted modes are 1821.Dq Li auto , 1822.Dq Li ddial , 1823.Dq Li direct 1824and 1825.Dq Li dedicated . 1826See the manual for a full description. 1827.It Va ppp_nat 1828.Pq Vt bool 1829If set to 1830.Dq Li YES , 1831enables network address translation. 1832Used in conjunction with 1833.Va gateway_enable 1834allows hosts on private network addresses access to the Internet using 1835this host as a network address translating router. 1836.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1837.Pq Vt str 1838Overrides the global 1839.Va ppp_nat 1840for 1841.Ar profile . 1842.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1843.Pq Vt int 1844Set the unit number to be used for this profile. 1845See the manual description of 1846.Fl unit Ns Ar N 1847for details. 1848.It Va ppp_user 1849.Pq Vt str 1850The name of the user under which 1851.Xr ppp 8 1852should be started. 1853By 1854default, 1855.Xr ppp 8 1856is started as 1857.Dq Li root . 1858.It Va rc_conf_files 1859.Pq Vt str 1860This option is used to specify a list of files that will override 1861the settings in 1862.Pa /etc/defaults/rc.conf . 1863The files will be read in the order in which they are specified and should 1864include the full path to the file. 1865By default, the files specified are 1866.Pa /etc/rc.conf 1867and 1868.Pa /etc/rc.conf.local 1869.It Va zfs_enable 1870.Pq Vt bool 1871If set to 1872.Dq Li YES , 1873.Pa /etc/rc.d/zfs 1874will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1875(ZVOLs). 1876.It Va gptboot_enable 1877.Pq Vt bool 1878If set to 1879.Dq Li YES , 1880.Pa /etc/rc.d/gptboot 1881will log if the system successfully (or not) booted from a GPT partition, 1882which had the 1883.Ar bootonce 1884attribute set using 1885.Xr gpart 8 1886utility. 1887.It Va gbde_autoattach_all 1888.Pq Vt bool 1889If set to 1890.Dq Li YES , 1891.Pa /etc/rc.d/gbde 1892will attempt to automatically initialize your .bde devices in 1893.Pa /etc/fstab . 1894.It Va gbde_devices 1895.Pq Vt str 1896List the devices that the script should try to attach, 1897or 1898.Dq Li AUTO . 1899.It Va gbde_lockdir 1900.Pq Vt str 1901The directory where the 1902.Xr gbde 4 1903lockfiles are located. 1904The default lockfile directory is 1905.Pa /etc . 1906.Pp 1907The lockfile for each individual 1908.Xr gbde 4 1909device can be overridden by setting the variable 1910.Va gbde_lock_ Ns Aq Ar device , 1911where 1912.Ar device 1913is the encrypted device without the 1914.Dq Pa /dev/ 1915and 1916.Dq Pa .bde 1917parts. 1918.It Va gbde_attach_attempts 1919.Pq Vt int 1920Number of times to attempt attaching to a 1921.Xr gbde 4 1922device, i.e., how many times the user is asked for the pass-phrase. 1923Default is 3. 1924.It Va geli_devices 1925.Pq Vt str 1926List of devices to automatically attach on boot. 1927Note that .eli devices from 1928.Pa /etc/fstab 1929are automatically appended to this list. 1930.It Va geli_tries 1931.Pq Vt int 1932Number of times user is asked for the pass-phrase. 1933If empty, it will be taken from 1934.Va kern.geom.eli.tries 1935sysctl variable. 1936.It Va geli_default_flags 1937.Pq Vt str 1938Default flags to use by 1939.Xr geli 8 1940when configuring disk encryption. 1941Flags can be configured for every device separately by defining 1942.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1943variable. 1944.It Va geli_autodetach 1945.Pq Vt str 1946Specifies if GELI devices should be marked for detach on last close after 1947file systems are mounted. 1948Default is 1949.Dq Li YES . 1950This can be changed for every device separately by defining 1951.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1952variable. 1953.It Va root_rw_mount 1954.Pq Vt bool 1955Set to 1956.Dq Li YES 1957by default. 1958After the file systems are checked at boot time, the root file system 1959is remounted as read-write if this is set to 1960.Dq Li YES . 1961Diskless systems that mount their root file system from a read-only remote 1962NFS share should set this to 1963.Dq Li NO 1964in their 1965.Pa rc.conf . 1966.It Va fsck_y_enable 1967.Pq Vt bool 1968If set to 1969.Dq Li YES , 1970.Xr fsck 8 1971will be run with the 1972.Fl y 1973flag if the initial preen 1974of the file systems fails. 1975.It Va background_fsck 1976.Pq Vt bool 1977If set to 1978.Dq Li YES , 1979the system will attempt to run 1980.Xr fsck 8 1981in the background where possible. 1982.It Va background_fsck_delay 1983.Pq Vt int 1984The amount of time in seconds to sleep before starting a background 1985.Xr fsck 8 . 1986It defaults to sixty seconds to allow large applications such as 1987the X server to start before disk I/O bandwidth is monopolized by 1988.Xr fsck 8 . 1989If set to a negative number, the background file system check will be 1990delayed indefinitely to allow the administrator to run it at a more 1991convenient time. 1992For example it may be run from 1993.Xr cron 8 1994by adding a line like 1995.Pp 1996.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1997.Pp 1998to 1999.Pa /etc/crontab . 2000.It Va netfs_types 2001.Pq Vt str 2002List of file system types that are network-based. 2003This list should generally not be modified by end users. 2004Use 2005.Va extra_netfs_types 2006instead. 2007.It Va extra_netfs_types 2008.Pq Vt str 2009If set to something other than 2010.Dq Li NO 2011(the default), 2012this variable extends the list of file system types 2013for which automatic mounting at startup by 2014.Xr rc 8 2015should be delayed until the network is initialized. 2016It should contain 2017a whitespace-separated list of network file system descriptor pairs, 2018each consisting of a file system type as passed to 2019.Xr mount 8 2020and a human-readable, one-word description, 2021joined with a colon 2022.Pq Ql \&: . 2023Extending the default list in this way is only necessary 2024when third party file system types are used. 2025.It Va syslogd_enable 2026.Pq Vt bool 2027If set to 2028.Dq Li YES , 2029run the 2030.Xr syslogd 8 2031daemon. 2032.It Va syslogd_program 2033.Pq Vt str 2034Path to 2035.Xr syslogd 8 2036(default 2037.Pa /usr/sbin/syslogd ) . 2038.It Va syslogd_flags 2039.Pq Vt str 2040If 2041.Va syslogd_enable 2042is set to 2043.Dq Li YES , 2044these are the flags to pass to 2045.Xr syslogd 8 . 2046.It Va inetd_enable 2047.Pq Vt bool 2048If set to 2049.Dq Li YES , 2050run the 2051.Xr inetd 8 2052daemon. 2053.It Va inetd_program 2054.Pq Vt str 2055Path to 2056.Xr inetd 8 2057(default 2058.Pa /usr/sbin/inetd ) . 2059.It Va inetd_flags 2060.Pq Vt str 2061If 2062.Va inetd_enable 2063is set to 2064.Dq Li YES , 2065these are the flags to pass to 2066.Xr inetd 8 . 2067.It Va hastd_enable 2068.Pq Vt bool 2069If set to 2070.Dq Li YES , 2071run the 2072.Xr hastd 8 2073daemon. 2074.It Va hastd_program 2075.Pq Vt str 2076Path to 2077.Xr hastd 8 2078(default 2079.Pa /sbin/hastd ) . 2080.It Va hastd_flags 2081.Pq Vt str 2082If 2083.Va hastd_enable 2084is set to 2085.Dq Li YES , 2086these are the flags to pass to 2087.Xr hastd 8 . 2088.It Va local_unbound_enable 2089.Pq Vt bool 2090If set to 2091.Dq Li YES , 2092run the 2093.Xr unbound 8 2094daemon as a local caching resolver. 2095.It Va kdc_enable 2096.Pq Vt bool 2097Set to 2098.Dq Li YES 2099to start a Kerberos 5 authentication server 2100at boot time. 2101.It Va kdc_program 2102.Pq Vt str 2103If 2104.Va kdc_enable 2105is set to 2106.Dq Li YES 2107this is the path to Kerberos 5 Authentication Server. 2108.It Va kdc_flags 2109.Pq Vt str 2110Empty by default. 2111This variable contains additional flags to be passed to the Kerberos 5 2112authentication server. 2113.It Va kadmind_enable 2114.Pq Vt bool 2115Set to 2116.Dq Li YES 2117to start 2118.Xr kadmind 8 , 2119the Kerberos 5 Administration Daemon; set to 2120.Dq Li NO 2121on a slave server. 2122.It Va kadmind_program 2123.Pq Vt str 2124If 2125.Va kadmind_enable 2126is set to 2127.Dq Li YES 2128this is the path to Kerberos 5 Administration Daemon. 2129.It Va kpasswdd_enable 2130.Pq Vt bool 2131Set to 2132.Dq Li YES 2133to start 2134.Xr kpasswdd 8 , 2135the Kerberos 5 Password-Changing Daemon; set to 2136.Dq Li NO 2137on a slave server. 2138.It Va kpasswdd_program 2139.Pq Vt str 2140If 2141.Va kpasswdd_enable 2142is set to 2143.Dq Li YES 2144this is the path to Kerberos 5 Password-Changing Daemon. 2145.It Va kfd_enable 2146.Pq Vt bool 2147Set to 2148.Dq Li YES 2149to start 2150.Xr kfd 8 , 2151the Kerberos 5 ticket forwarding daemon, at the boot time. 2152.It Va kfd_program 2153.Pq Vt str 2154Path to 2155.Xr kfd 8 2156(default 2157.Pa /usr/libexec/kfd ) . 2158.It Va rwhod_enable 2159.Pq Vt bool 2160If set to 2161.Dq Li YES , 2162run the 2163.Xr rwhod 8 2164daemon at boot time. 2165.It Va rwhod_flags 2166.Pq Vt str 2167If 2168.Va rwhod_enable 2169is set to 2170.Dq Li YES , 2171these are the flags to pass to it. 2172.It Va amd_enable 2173.Pq Vt bool 2174If set to 2175.Dq Li YES , 2176run the 2177.Xr amd 8 2178daemon at boot time. 2179.It Va amd_flags 2180.Pq Vt str 2181If 2182.Va amd_enable 2183is set to 2184.Dq Li YES , 2185these are the flags to pass to it. 2186See the 2187.Xr amd 8 2188manpage for more information. 2189.It Va amd_map_program 2190.Pq Vt str 2191If set, 2192the specified program is run to get the list of 2193.Xr amd 8 2194maps. 2195For example, if the 2196.Xr amd 8 2197maps are stored in NIS, one can set this to 2198run 2199.Xr ypcat 1 2200to get a list of 2201.Xr amd 8 2202maps from the 2203.Pa amd.master 2204NIS map. 2205.It Va update_motd 2206.Pq Vt bool 2207If set to 2208.Dq Li YES , 2209.Pa /etc/motd 2210will be updated at boot time to reflect the kernel release 2211being run. 2212If set to 2213.Dq Li NO , 2214.Pa /etc/motd 2215will not be updated. 2216.It Va nfs_client_enable 2217.Pq Vt bool 2218If set to 2219.Dq Li YES , 2220run the NFS client daemons at boot time. 2221.It Va nfs_access_cache 2222.Pq Vt int 2223If 2224.Va nfs_client_enable 2225is set to 2226.Dq Li YES , 2227this can be set to 2228.Dq Li 0 2229to disable NFS ACCESS RPC caching, or to the number of seconds for which 2230NFS ACCESS 2231results should be cached. 2232A value of 2-10 seconds will substantially reduce network 2233traffic for many NFS operations. 2234.It Va nfs_server_enable 2235.Pq Vt bool 2236If set to 2237.Dq Li YES , 2238run the NFS server daemons at boot time. 2239.It Va nfs_server_flags 2240.Pq Vt str 2241If 2242.Va nfs_server_enable 2243is set to 2244.Dq Li YES , 2245these are the flags to pass to the 2246.Xr nfsd 8 2247daemon. 2248.It Va nfsv4_server_enable 2249.Pq Vt bool 2250If 2251.Va nfs_server_enable 2252is set to 2253.Dq Li YES 2254and 2255.Va nfsv4_server_enable 2256are set to 2257.Dq Li YES , 2258enable the server for NFSv4 as well as NFSv2 and NFSv3. 2259.It Va nfsuserd_enable 2260.Pq Vt bool 2261If 2262.Va nfsuserd_enable 2263is set to 2264.Dq Li YES , 2265run the nfsuserd daemon, which is needed for NFSv4 in order 2266to map between user/group names vs uid/gid numbers. 2267If 2268.Va nfsv4_server_enable 2269is set to 2270.Dq Li YES , 2271this will be forced enabled. 2272.It Va nfsuserd_flags 2273.Pq Vt str 2274If 2275.Va nfsuserd_enable 2276is set to 2277.Dq Li YES , 2278these are the flags to pass to the 2279.Xr nfsuserd 8 2280daemon. 2281.It Va nfscbd_enable 2282.Pq Vt bool 2283If 2284.Va nfscbd_enable 2285is set to 2286.Dq Li YES , 2287run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2288.It Va nfscbd_flags 2289.Pq Vt str 2290If 2291.Va nfscbd_enable 2292is set to 2293.Dq Li YES , 2294these are the flags to pass to the 2295.Xr nfscbd 8 2296daemon. 2297.It Va mountd_enable 2298.Pq Vt bool 2299If set to 2300.Dq Li YES , 2301and no 2302.Va nfs_server_enable 2303is set, start 2304.Xr mountd 8 , 2305but not 2306.Xr nfsd 8 2307daemon. 2308It is commonly needed to run CFS without real NFS used. 2309.It Va mountd_flags 2310.Pq Vt str 2311If 2312.Va mountd_enable 2313is set to 2314.Dq Li YES , 2315these are the flags to pass to the 2316.Xr mountd 8 2317daemon. 2318.It Va weak_mountd_authentication 2319.Pq Vt bool 2320If set to 2321.Dq Li YES , 2322allow services like PCNFSD to make non-privileged mount 2323requests. 2324.It Va nfs_reserved_port_only 2325.Pq Vt bool 2326If set to 2327.Dq Li YES , 2328provide NFS services only on a secure port. 2329.It Va nfs_bufpackets 2330.Pq Vt int 2331If set to a number, indicates the number of packets worth of 2332socket buffer space to reserve on an NFS client. 2333The kernel default is typically 4. 2334Using a higher number may be 2335useful on gigabit networks to improve performance. 2336The minimum value is 23372 and the maximum is 64. 2338.It Va rpc_lockd_enable 2339.Pq Vt bool 2340If set to 2341.Dq Li YES 2342and also an NFS server or client, run 2343.Xr rpc.lockd 8 2344at boot time. 2345.It Va rpc_lockd_flags 2346.Pq Vt str 2347If 2348.Va rpc_lockd_enable 2349is set to 2350.Dq Li YES , 2351these are the flags to pass to the 2352.Xr rpc.lockd 8 2353daemon. 2354.It Va rpc_statd_enable 2355.Pq Vt bool 2356If set to 2357.Dq Li YES 2358and also an NFS server or client, run 2359.Xr rpc.statd 8 2360at boot time. 2361.It Va rpc_statd_flags 2362.Pq Vt str 2363If 2364.Va rpc_statd_enable 2365is set to 2366.Dq Li YES , 2367these are the flags to pass to the 2368.Xr rpc.statd 8 2369daemon. 2370.It Va rpcbind_program 2371.Pq Vt str 2372Path to 2373.Xr rpcbind 8 2374(default 2375.Pa /usr/sbin/rpcbind ) . 2376.It Va rpcbind_enable 2377.Pq Vt bool 2378If set to 2379.Dq Li YES , 2380run the 2381.Xr rpcbind 8 2382service at boot time. 2383.It Va rpcbind_flags 2384.Pq Vt str 2385If 2386.Va rpcbind_enable 2387is set to 2388.Dq Li YES , 2389these are the flags to pass to the 2390.Xr rpcbind 8 2391daemon. 2392.It Va keyserv_enable 2393.Pq Vt bool 2394If set to 2395.Dq Li YES , 2396run the 2397.Xr keyserv 8 2398daemon on boot for running Secure RPC. 2399.It Va keyserv_flags 2400.Pq Vt str 2401If 2402.Va keyserv_enable 2403is set to 2404.Dq Li YES , 2405these are the flags to pass to 2406.Xr keyserv 8 2407daemon. 2408.It Va pppoed_enable 2409.Pq Vt bool 2410If set to 2411.Dq Li YES , 2412run the 2413.Xr pppoed 8 2414daemon at boot time to provide PPP over Ethernet services. 2415.It Va pppoed_ Ns Aq Ar provider 2416.Pq Vt str 2417.Xr pppoed 8 2418listens to requests to this 2419.Ar provider 2420and ultimately runs 2421.Xr ppp 8 2422with a 2423.Ar system 2424argument of the same name. 2425.It Va pppoed_flags 2426.Pq Vt str 2427Additional flags to pass to 2428.Xr pppoed 8 . 2429.It Va pppoed_interface 2430.Pq Vt str 2431The network interface to run 2432.Xr pppoed 8 2433on. 2434This is mandatory when 2435.Va pppoed_enable 2436is set to 2437.Dq Li YES . 2438.It Va timed_enable 2439.Pq Vt bool 2440If set to 2441.Dq Li YES , 2442run the 2443.Xr timed 8 2444service at boot time. 2445This command is intended for networks of 2446machines where a consistent 2447.Dq "network time" 2448for all hosts must be established. 2449This is often useful in large NFS 2450environments where time stamps on files are expected to be consistent 2451network-wide. 2452.It Va timed_flags 2453.Pq Vt str 2454If 2455.Va timed_enable 2456is set to 2457.Dq Li YES , 2458these are the flags to pass to the 2459.Xr timed 8 2460service. 2461.It Va ntpdate_enable 2462.Pq Vt bool 2463If set to 2464.Dq Li YES , 2465run 2466.Xr ntpdate 8 2467at system startup. 2468This command is intended to 2469synchronize the system clock only 2470.Em once 2471from some standard reference. 2472.It Va ntpdate_config 2473.Pq Vt str 2474Configuration file for 2475.Xr ntpdate 8 . 2476Default 2477.Pa /etc/ntp.conf . 2478.It Va ntpdate_hosts 2479.Pq Vt str 2480A whitespace-separated list of NTP servers to synchronize with at startup. 2481The default is to use the servers listed in 2482.Va ntpdate_config , 2483if that file exists. 2484.It Va ntpdate_program 2485.Pq Vt str 2486Path to 2487.Xr ntpdate 8 2488(default 2489.Pa /usr/sbin/ntpdate ) . 2490.It Va ntpdate_flags 2491.Pq Vt str 2492If 2493.Va ntpdate_enable 2494is set to 2495.Dq Li YES , 2496these are the flags to pass to the 2497.Xr ntpdate 8 2498command (typically a hostname). 2499.It Va ntpd_enable 2500.Pq Vt bool 2501If set to 2502.Dq Li YES , 2503run the 2504.Xr ntpd 8 2505command at boot time. 2506.It Va ntpd_program 2507.Pq Vt str 2508Path to 2509.Xr ntpd 8 2510(default 2511.Pa /usr/sbin/ntpd ) . 2512.It Va ntpd_config 2513.Pq Vt str 2514Path to 2515.Xr ntpd 8 2516configuration file. 2517Default 2518.Pa /etc/ntp.conf . 2519.It Va ntpd_flags 2520.Pq Vt str 2521If 2522.Va ntpd_enable 2523is set to 2524.Dq Li YES , 2525these are the flags to pass to the 2526.Xr ntpd 8 2527daemon. 2528.It Va ntpd_sync_on_start 2529.Pq Vt bool 2530If set to 2531.Dq Li YES , 2532.Xr ntpd 8 2533is run with the 2534.Fl g 2535flag, which syncs the system's clock on startup. 2536See 2537.Xr ntpd 8 2538for more information regarding the 2539.Fl g 2540option. 2541This is a preferred alternative to using 2542.Xr ntpdate 8 2543or specifying the 2544.Va ntpdate_enable 2545variable. 2546.It Va nis_client_enable 2547.Pq Vt bool 2548If set to 2549.Dq Li YES , 2550run the 2551.Xr ypbind 8 2552service at system boot time. 2553.It Va nis_client_flags 2554.Pq Vt str 2555If 2556.Va nis_client_enable 2557is set to 2558.Dq Li YES , 2559these are the flags to pass to the 2560.Xr ypbind 8 2561service. 2562.It Va nis_ypset_enable 2563.Pq Vt bool 2564If set to 2565.Dq Li YES , 2566run the 2567.Xr ypset 8 2568daemon at system boot time. 2569.It Va nis_ypset_flags 2570.Pq Vt str 2571If 2572.Va nis_ypset_enable 2573is set to 2574.Dq Li YES , 2575these are the flags to pass to the 2576.Xr ypset 8 2577daemon. 2578.It Va nis_server_enable 2579.Pq Vt bool 2580If set to 2581.Dq Li YES , 2582run the 2583.Xr ypserv 8 2584daemon at system boot time. 2585.It Va nis_server_flags 2586.Pq Vt str 2587If 2588.Va nis_server_enable 2589is set to 2590.Dq Li YES , 2591these are the flags to pass to the 2592.Xr ypserv 8 2593daemon. 2594.It Va nis_ypxfrd_enable 2595.Pq Vt bool 2596If set to 2597.Dq Li YES , 2598run the 2599.Xr rpc.ypxfrd 8 2600daemon at system boot time. 2601.It Va nis_ypxfrd_flags 2602.Pq Vt str 2603If 2604.Va nis_ypxfrd_enable 2605is set to 2606.Dq Li YES , 2607these are the flags to pass to the 2608.Xr rpc.ypxfrd 8 2609daemon. 2610.It Va nis_yppasswdd_enable 2611.Pq Vt bool 2612If set to 2613.Dq Li YES , 2614run the 2615.Xr rpc.yppasswdd 8 2616daemon at system boot time. 2617.It Va nis_yppasswdd_flags 2618.Pq Vt str 2619If 2620.Va nis_yppasswdd_enable 2621is set to 2622.Dq Li YES , 2623these are the flags to pass to the 2624.Xr rpc.yppasswdd 8 2625daemon. 2626.It Va rpc_ypupdated_enable 2627.Pq Vt bool 2628If set to 2629.Dq Li YES , 2630run the 2631.Nm rpc.ypupdated 2632daemon at system boot time. 2633.It Va bsnmpd_enable 2634.Pq Vt bool 2635If set to 2636.Dq Li YES , 2637run the 2638.Xr bsnmpd 1 2639daemon at system boot time. 2640Be sure to understand the security implications of running SNMP daemon 2641on your host. 2642.It Va bsnmpd_flags 2643.Pq Vt str 2644If 2645.Va bsnmpd_enable 2646is set to 2647.Dq Li YES , 2648these are the flags to pass to the 2649.Xr bsnmpd 1 2650daemon. 2651.It Va defaultrouter 2652.Pq Vt str 2653If not set to 2654.Dq Li NO , 2655create a default route to this host name or IP address 2656(use an IP address if this router is also required to get to the 2657name server!). 2658.It Va ipv6_defaultrouter 2659.Pq Vt str 2660The IPv6 equivalent of 2661.Va defaultrouter . 2662.It Va static_arp_pairs 2663.Pq Vt str 2664Set to the list of static ARP pairs that are to be added at system 2665boot time. 2666For each whitespace separated 2667.Ar element 2668in the value, a 2669.Va static_arp_ Ns Aq Ar element 2670variable is assumed to exist whose contents will later be passed to a 2671.Dq Nm arp Cm -S 2672operation. 2673For example 2674.Bd -literal 2675static_arp_pairs="gw" 2676static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2677.Ed 2678.It Va static_ndp_pairs 2679.Pq Vt str 2680Set to the list of static NDP pairs that are to be added at system 2681boot time. 2682For each whitespace separated 2683.Ar element 2684in the value, a 2685.Va static_ndp_ Ns Aq Ar element 2686variable is assumed to exist whose contents will later be passed to a 2687.Dq Nm ndp Cm -s 2688operation. 2689For example 2690.Bd -literal 2691static_ndp_pairs="gw" 2692static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2693.Ed 2694.It Va static_routes 2695.Pq Vt str 2696Set to the list of static routes that are to be added at system 2697boot time. 2698If not set to 2699.Dq Li NO 2700then for each whitespace separated 2701.Ar element 2702in the value, a 2703.Va route_ Ns Aq Ar element 2704variable is assumed to exist 2705whose contents will later be passed to a 2706.Dq Nm route Cm add 2707operation. 2708For example: 2709.Bd -literal 2710static_routes="ext mcast:gif0 gif0local:gif0" 2711route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2712route_mcast="-net 224.0.0.0/4 -iface gif0" 2713route_gif0local="-host 169.254.1.1 -iface lo0" 2714.Ed 2715.Pp 2716When an 2717.Ar element 2718is in the form of 2719.Li name:ifname , 2720the route is specific to the interface 2721.Li ifname . 2722.It Va ipv6_static_routes 2723.Pq Vt str 2724The IPv6 equivalent of 2725.Va static_routes . 2726If not set to 2727.Dq Li NO 2728then for each whitespace separated 2729.Ar element 2730in the value, a 2731.Va ipv6_route_ Ns Aq Ar element 2732variable is assumed to exist 2733whose contents will later be passed to a 2734.Dq Nm route Cm add Fl inet6 2735operation. 2736.It Va natm_static_routes 2737.Pq Vt str 2738The 2739.Xr natmip 4 2740equivalent of 2741.Va static_routes . 2742If not empty then for each whitespace separated 2743.Ar element 2744in the value, a 2745.Va route_ Ns Aq Ar element 2746variable is assumed to exist whose contents will later be passed to a 2747.Dq Nm atmconfig Cm natm Cm add 2748operation. 2749.It Va gateway_enable 2750.Pq Vt bool 2751If set to 2752.Dq Li YES , 2753configure host to act as an IP router, e.g.\& to forward packets 2754between interfaces. 2755.It Va ipv6_gateway_enable 2756.Pq Vt bool 2757The IPv6 equivalent of 2758.Va gateway_enable . 2759.It Va routed_enable 2760.Pq Vt bool 2761If set to 2762.Dq Li YES , 2763run a routing daemon of some sort, based on the 2764settings of 2765.Va routed_program 2766and 2767.Va routed_flags . 2768.It Va route6d_enable 2769.Pq Vt bool 2770The IPv6 equivalent of 2771.Va routed_enable . 2772If set to 2773.Dq Li YES , 2774run a routing daemon of some sort, based on the 2775settings of 2776.Va route6d_program 2777and 2778.Va route6d_flags . 2779.It Va routed_program 2780.Pq Vt str 2781If 2782.Va routed_enable 2783is set to 2784.Dq Li YES , 2785this is the name of the routing daemon to use. 2786.It Va route6d_program 2787.Pq Vt str 2788The IPv6 equivalent of 2789.Va routed_program . 2790.It Va routed_flags 2791.Pq Vt str 2792If 2793.Va routed_enable 2794is set to 2795.Dq Li YES , 2796these are the flags to pass to the routing daemon. 2797.It Va route6d_flags 2798.Pq Vt str 2799The IPv6 equivalent of 2800.Va routed_flags . 2801.It Va mroute6d_enable 2802.Pq Vt bool 2803If set to 2804.Dq Li YES , 2805run the IPv6 multicast routing daemon. 2806.Pp 2807Note that multicast routing daemons are no longer included in the 2808.Fx 2809base system, however, both 2810.Xr mrouted 8 2811and 2812.Xr pim6dd 8 2813may be installed from the 2814.Fx 2815Ports Collection. 2816.It Va mroute6d_flags 2817.Pq Vt str 2818If 2819.Va mroute6d_enable 2820is set to 2821.Dq Li YES , 2822these are the flags passed to the IPv6 multicast routing daemon. 2823.It Va mroute6d_program 2824.Pq Vt str 2825If 2826.Va mroute6d_enable 2827is set to 2828.Dq Li YES , 2829this is the path to the IPv6 multicast routing daemon. 2830.It Va rtadvd_enable 2831.Pq Vt bool 2832If set to 2833.Dq Li YES , 2834run the 2835.Xr rtadvd 8 2836daemon at boot time. 2837The 2838.Xr rtadvd 8 2839utility sends ICMPv6 Router Advertisement messages to 2840the interfaces specified in 2841.Va rtadvd_interfaces . 2842This should only be enabled with great care. 2843You may want to fine-tune 2844.Xr rtadvd.conf 5 . 2845.It Va rtadvd_interfaces 2846.Pq Vt str 2847If 2848.Va rtadvd_enable 2849is set to 2850.Dq Li YES 2851this is the list of interfaces to use. 2852.It Va arpproxy_all 2853.Pq Vt bool 2854If set to 2855.Dq Li YES , 2856enable global proxy ARP. 2857.It Va forward_sourceroute 2858.Pq Vt bool 2859If set to 2860.Dq Li YES 2861and 2862.Va gateway_enable 2863is also set to 2864.Dq Li YES , 2865source-routed packets are forwarded. 2866.It Va accept_sourceroute 2867.Pq Vt bool 2868If set to 2869.Dq Li YES , 2870the system will accept source-routed packets directed at it. 2871.It Va rarpd_enable 2872.Pq Vt bool 2873If set to 2874.Dq Li YES , 2875run the 2876.Xr rarpd 8 2877daemon at system boot time. 2878.It Va rarpd_flags 2879.Pq Vt str 2880If 2881.Va rarpd_enable 2882is set to 2883.Dq Li YES , 2884these are the flags to pass to the 2885.Xr rarpd 8 2886daemon. 2887.It Va bootparamd_enable 2888.Pq Vt bool 2889If set to 2890.Dq Li YES , 2891run the 2892.Xr bootparamd 8 2893daemon at system boot time. 2894.It Va bootparamd_flags 2895.Pq Vt str 2896If 2897.Va bootparamd_enable 2898is set to 2899.Dq Li YES , 2900these are the flags to pass to the 2901.Xr bootparamd 8 2902daemon. 2903.It Va stf_interface_ipv4addr 2904.Pq Vt str 2905If not set to 2906.Dq Li NO , 2907this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2908interface). 2909Specify this entry to enable the 6to4 interface. 2910.It Va stf_interface_ipv4plen 2911.Pq Vt int 2912Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2913An effective value is 0-31. 2914.It Va stf_interface_ipv6_ifid 2915.Pq Vt str 2916IPv6 interface ID for 2917.Xr stf 4 . 2918This can be set to 2919.Dq Li AUTO . 2920.It Va stf_interface_ipv6_slaid 2921.Pq Vt str 2922IPv6 Site Level Aggregator for 2923.Xr stf 4 . 2924.It Va ipv6_ipv4mapping 2925.Pq Vt bool 2926If set to 2927.Dq Li YES 2928this enables IPv4 mapped IPv6 address communication (like 2929.Li ::ffff:a.b.c.d ) . 2930.It Va rtsold_enable 2931.Pq Vt bool 2932Set to 2933.Dq Li YES 2934to enable the 2935.Xr rtsold 8 2936daemon to send ICMPv6 Router Solicitation messages. 2937.It Va rtsold_flags 2938.Pq Vt str 2939If 2940.Va rtsold_enable 2941is set to 2942.Dq Li YES , 2943these are the flags to pass to 2944.Xr rtsold 8 . 2945.It Va rtsol_flags 2946.Pq Vt str 2947For interfaces configured with the 2948.Dq Li inet6 accept_rtadv 2949keyword, these are the flags to pass to 2950.Xr rtsol 8 . 2951.Pp 2952Note that 2953.Va rtsold_enable 2954is mutually exclusive to 2955.Va rtsol_flags ; 2956.Va rtsold_enable 2957takes precedence. 2958.It Va atm_enable 2959.Pq Vt bool 2960Set to 2961.Dq Li YES 2962to enable the configuration of ATM interfaces at system boot time. 2963For all of the ATM variables described below, please refer to the 2964.Xr atm 8 2965manual page for further details on the available command parameters. 2966Also refer to the files in 2967.Pa /usr/share/examples/atm 2968for more detailed configuration information. 2969.It Va atm_load 2970.Pq Vt str 2971This is a list of physical ATM interface drivers to load. 2972Typical values are 2973.Dq Li hfa_pci 2974and/or 2975.Dq Li hea_pci . 2976.It Va atm_netif_ Ns Aq Ar intf 2977.Pq Vt str 2978For the ATM physical interface 2979.Ar intf , 2980this variable defines the name prefix and count for the ATM network 2981interfaces to be created. 2982The value will be passed as the parameters of an 2983.Dq Nm atm Cm "set netif" Ar intf 2984command. 2985.It Va atm_sigmgr_ Ns Aq Ar intf 2986.Pq Vt str 2987For the ATM physical interface 2988.Ar intf , 2989this variable defines the ATM signalling manager to be used. 2990The value will be passed as the parameters of an 2991.Dq Nm atm Cm attach Ar intf 2992command. 2993.It Va atm_prefix_ Ns Aq Ar intf 2994.Pq Vt str 2995For the ATM physical interface 2996.Ar intf , 2997this variable defines the NSAP prefix for interfaces using a UNI signalling 2998manager. 2999If set to 3000.Dq Li ILMI , 3001the prefix will automatically be set via the 3002.Xr ilmid 8 3003daemon. 3004Otherwise, the value will be passed as the parameters of an 3005.Dq Nm atm Cm "set prefix" Ar intf 3006command. 3007.It Va atm_macaddr_ Ns Aq Ar intf 3008.Pq Vt str 3009For the ATM physical interface 3010.Ar intf , 3011this variable defines the MAC address for interfaces using a UNI signalling 3012manager. 3013If set to 3014.Dq Li NO , 3015the hardware MAC address contained in the ATM interface card will be used. 3016Otherwise, the value will be passed as the parameters of an 3017.Dq Nm atm Cm "set mac" Ar intf 3018command. 3019.It Va atm_arpserver_ Ns Aq Ar netif 3020.Pq Vt str 3021For the ATM network interface 3022.Ar netif , 3023this variable defines the ATM address for a host which is to provide ATMARP 3024service. 3025This variable is only applicable to interfaces using a UNI signalling 3026manager. 3027If set to 3028.Dq Li local , 3029this host will become an ATMARP server. 3030The value will be passed as the parameters of an 3031.Dq Nm atm Cm "set arpserver" Ar netif 3032command. 3033.It Va atm_scsparp_ Ns Aq Ar netif 3034.Pq Vt bool 3035If set to 3036.Dq Li YES , 3037SCSP/ATMARP service for the network interface 3038.Ar netif 3039will be initiated using the 3040.Xr scspd 8 3041and 3042.Xr atmarpd 8 3043daemons. 3044This variable is only applicable if 3045.Va atm_arpserver_ Ns Aq Ar netif 3046is set to 3047.Dq Li local . 3048.It Va atm_pvcs 3049.Pq Vt str 3050Set to the list of ATM PVCs to be added at system 3051boot time. 3052For each whitespace separated 3053.Ar element 3054in the value, an 3055.Va atm_pvc_ Ns Aq Ar element 3056variable is assumed to exist. 3057The value of each of these variables 3058will be passed as the parameters of an 3059.Dq Nm atm Cm "add pvc" 3060command. 3061.It Va atm_arps 3062.Pq Vt str 3063Set to the list of permanent ATM ARP entries to be added 3064at system boot time. 3065For each whitespace separated 3066.Ar element 3067in the value, an 3068.Va atm_arp_ Ns Aq Ar element 3069variable is assumed to exist. 3070The value of each of these variables 3071will be passed as the parameters of an 3072.Dq Nm atm Cm "add arp" 3073command. 3074.It Va natm_interfaces 3075.Pq Vt str 3076Set to the list of 3077.Xr natm 4 3078interfaces that will also be used for HARP through 3079.Xr harp 4 . 3080If this list is not empty all interfaces in the list will be brought up 3081with 3082.Xr ifconfig 8 3083and 3084.Xr harp 4 3085will be loaded. 3086For this to work the interface drivers must be either compiled into the 3087kernel or must reside on the root partition. 3088.It Va keybell 3089.Pq Vt str 3090The keyboard bell sound. 3091Set to 3092.Dq Li normal , 3093.Dq Li visual , 3094.Dq Li off , 3095or 3096.Dq Li NO 3097if the default behavior is desired. 3098For details, refer to the 3099.Xr kbdcontrol 1 3100manpage. 3101.It Va keyboard 3102.Pq Vt str 3103If set to a non-null string, the virtual console's keyboard input is 3104set to this device. 3105.It Va keymap 3106.Pq Vt str 3107If set to 3108.Dq Li NO , 3109no keymap is installed, otherwise the value is used to install 3110the keymap file found in 3111.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3112(if using 3113.Xr syscons 4 ) or 3114.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3115(if using 3116.Xr vt 4 ) . 3117.It Va keyrate 3118.Pq Vt str 3119The keyboard repeat speed. 3120Set to 3121.Dq Li slow , 3122.Dq Li normal , 3123.Dq Li fast , 3124or 3125.Dq Li NO 3126if the default behavior is desired. 3127.It Va keychange 3128.Pq Vt str 3129If not set to 3130.Dq Li NO , 3131attempt to program the function keys with the value. 3132The value should 3133be a single string of the form: 3134.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3135.It Va cursor 3136.Pq Vt str 3137Can be set to the value of 3138.Dq Li normal , 3139.Dq Li blink , 3140.Dq Li destructive , 3141or 3142.Dq Li NO 3143to set the cursor behavior explicitly or choose the default behavior. 3144.It Va scrnmap 3145.Pq Vt str 3146If set to 3147.Dq Li NO , 3148no screen map is installed, otherwise the value is used to install 3149the screen map file in 3150.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3151This parameter is ignored when using 3152.Xr vt 4 3153as the console driver. 3154.It Va font8x16 3155.Pq Vt str 3156If set to 3157.Dq Li NO , 3158the default 8x16 font value is used for screen size requests, otherwise 3159the value in 3160.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3161or 3162.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3163is used (depending on the console driver being used). 3164.It Va font8x14 3165.Pq Vt str 3166If set to 3167.Dq Li NO , 3168the default 8x14 font value is used for screen size requests, otherwise 3169the value in 3170.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3171or 3172.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3173is used (depending on the console driver being used). 3174.It Va font8x8 3175.Pq Vt str 3176If set to 3177.Dq Li NO , 3178the default 8x8 font value is used for screen size requests, otherwise 3179the value in 3180.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3181or 3182.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3183is used (depending on the console driver being used). 3184.It Va blanktime 3185.Pq Vt int 3186If set to 3187.Dq Li NO , 3188the default screen blanking interval is used, otherwise it is set 3189to 3190.Ar value 3191seconds. 3192.It Va saver 3193.Pq Vt str 3194If not set to 3195.Dq Li NO , 3196this is the actual screen saver to use 3197.Li ( blank , snake , daemon , 3198etc). 3199.It Va moused_nondefault_enable 3200.Pq Vt str 3201If set to 3202.Dq Li NO , 3203the mouse device specified on 3204the command line is not automatically treated as enabled by the 3205.Pa /etc/rc.d/moused 3206script. 3207Having this variable set to 3208.Dq Li YES 3209allows a 3210.Xr usb 4 3211mouse, 3212for example, 3213to be enabled as soon as it is plugged in. 3214.It Va moused_enable 3215.Pq Vt str 3216If set to 3217.Dq Li YES , 3218the 3219.Xr moused 8 3220daemon is started for doing cut/paste selection on the console. 3221.It Va moused_type 3222.Pq Vt str 3223This is the protocol type of the mouse connected to this host. 3224This variable must be set if 3225.Va moused_enable 3226is set to 3227.Dq Li YES . 3228The 3229.Xr moused 8 3230daemon 3231is able to detect the appropriate mouse type automatically in many cases. 3232Set this variable to 3233.Dq Li auto 3234to let the daemon detect it, or 3235select one from the following list if the automatic detection fails. 3236.Pp 3237If the mouse is attached to the PS/2 mouse port, choose 3238.Dq Li auto 3239or 3240.Dq Li ps/2 , 3241regardless of the brand and model of the mouse. 3242Likewise, if the 3243mouse is attached to the bus mouse port, choose 3244.Dq Li auto 3245or 3246.Dq Li busmouse . 3247All other protocols are for serial mice and will not work with 3248the PS/2 and bus mice. 3249If this is a USB mouse, 3250.Dq Li auto 3251is the only protocol type which will work. 3252.Pp 3253.Bl -tag -width ".Li x10mouseremote" -compact 3254.It Li microsoft 3255Microsoft mouse (serial) 3256.It Li intellimouse 3257Microsoft IntelliMouse (serial) 3258.It Li mousesystems 3259Mouse systems Corp.\& mouse (serial) 3260.It Li mmseries 3261MM Series mouse (serial) 3262.It Li logitech 3263Logitech mouse (serial) 3264.It Li busmouse 3265A bus mouse 3266.It Li mouseman 3267Logitech MouseMan and TrackMan (serial) 3268.It Li glidepoint 3269ALPS GlidePoint (serial) 3270.It Li thinkingmouse 3271Kensington ThinkingMouse (serial) 3272.It Li ps/2 3273PS/2 mouse 3274.It Li mmhittab 3275MM HitTablet (serial) 3276.It Li x10mouseremote 3277X10 MouseRemote (serial) 3278.It Li versapad 3279Interlink VersaPad (serial) 3280.El 3281.Pp 3282Even if the mouse is not in the above list, it may be compatible 3283with one in the list. 3284Refer to the manual page for 3285.Xr moused 8 3286for compatibility information. 3287.Pp 3288It should also be noted that while this is enabled, any 3289other client of the mouse (such as an X server) should access 3290the mouse through the virtual mouse device, 3291.Pa /dev/sysmouse , 3292and configure it as a 3293.Dq Li sysmouse 3294type mouse, since all 3295mouse data is converted to this single canonical format when 3296using 3297.Xr moused 8 . 3298If the client program does not support the 3299.Dq Li sysmouse 3300type, 3301specify the 3302.Dq Li mousesystems 3303type. 3304It is the second preferred type. 3305.It Va moused_port 3306.Pq Vt str 3307If 3308.Va moused_enable 3309is set to 3310.Dq Li YES , 3311this is the actual port the mouse is on. 3312It might be 3313.Pa /dev/cuau0 3314for a COM1 serial mouse, 3315.Pa /dev/psm0 3316for a PS/2 mouse or 3317.Pa /dev/mse0 3318for a bus mouse, for example. 3319.It Va moused_flags 3320.Pq Vt str 3321If 3322.Va moused_flags 3323is set, its value is used as an additional set of flags to pass to the 3324.Xr moused 8 3325daemon. 3326.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3327When 3328.Va moused_nondefault_enable 3329is enabled, and a 3330.Xr moused 8 3331daemon is started for a non-default port, the 3332.Va "moused_" Ns Ar XXX Ns Va "_flags" 3333set of options has precedence over and replaces the default 3334.Va moused_flags 3335(where 3336.Ar XXX 3337is the name of the non-default port, i.e.,\& 3338.Ar ums0 ) . 3339By setting 3340.Va "moused_" Ns Ar XXX Ns Va "_flags" 3341it is possible to set up a different set of default flags for each 3342.Xr moused 8 3343instance. 3344For example, you can use 3345.Dq Li "-3" 3346for the default 3347.Va moused_flags 3348to make your laptop's touchpad more comfortable to use, 3349but an empty set of options for 3350.Va moused_ums0_flags 3351when your 3352.Xr usb 4 3353mouse has three or more buttons. 3354.It Va mousechar_start 3355.Pq Vt int 3356If set to 3357.Dq Li NO , 3358the default mouse cursor character range 3359.Li 0xd0 Ns - Ns Li 0xd3 3360is used, 3361otherwise the range start is set 3362to 3363.Ar value 3364character, see 3365.Xr vidcontrol 1 . 3366Use if the default range is occupied in the language code table. 3367.It Va allscreens_flags 3368.Pq Vt str 3369If set, 3370.Xr vidcontrol 1 3371is run with these options for each of the virtual terminals 3372.Pq Pa /dev/ttyv* . 3373For example, 3374.Dq Fl m Cm on 3375will enable the mouse pointer on all virtual terminals 3376if 3377.Va moused_enable 3378is set to 3379.Dq Li YES . 3380.It Va allscreens_kbdflags 3381.Pq Vt str 3382If set, 3383.Xr kbdcontrol 1 3384is run with these options for each of the virtual terminals 3385.Pq Pa /dev/ttyv* . 3386For example, 3387.Dq Fl h Li 200 3388will set the 3389.Xr syscons 4 3390or 3391.Xr vt 4 3392scrollback (history) buffer to 200 lines. 3393.It Va cron_enable 3394.Pq Vt bool 3395If set to 3396.Dq Li YES , 3397run the 3398.Xr cron 8 3399daemon at system boot time. 3400.It Va cron_program 3401.Pq Vt str 3402Path to 3403.Xr cron 8 3404(default 3405.Pa /usr/sbin/cron ) . 3406.It Va cron_flags 3407.Pq Vt str 3408If 3409.Va cron_enable 3410is set to 3411.Dq Li YES , 3412these are the flags to pass to 3413.Xr cron 8 . 3414.It Va cron_dst 3415.Pq Vt bool 3416If set to 3417.Dq Li YES , 3418enable the special handling of transitions to and from the 3419Daylight Saving Time in 3420.Xr cron 8 3421(equivalent to using the flag 3422.Fl s ) . 3423.It Va lpd_program 3424.Pq Vt str 3425Path to 3426.Xr lpd 8 3427(default 3428.Pa /usr/sbin/lpd ) . 3429.It Va lpd_enable 3430.Pq Vt bool 3431If set to 3432.Dq Li YES , 3433run the 3434.Xr lpd 8 3435daemon at system boot time. 3436.It Va lpd_flags 3437.Pq Vt str 3438If 3439.Va lpd_enable 3440is set to 3441.Dq Li YES , 3442these are the flags to pass to the 3443.Xr lpd 8 3444daemon. 3445.It Va chkprintcap_enable 3446.Pq Vt bool 3447If set to 3448.Dq Li YES , 3449run the 3450.Xr chkprintcap 8 3451command before starting the 3452.Xr lpd 8 3453daemon. 3454.It Va chkprintcap_flags 3455.Pq Vt str 3456If 3457.Va lpd_enable 3458and 3459.Va chkprintcap_enable 3460are set to 3461.Dq Li YES , 3462these are the flags to pass to the 3463.Xr chkprintcap 8 3464program. 3465The default is 3466.Dq Li -d , 3467which causes missing directories to be created. 3468.It Va mta_start_script 3469.Pq Vt str 3470This variable specifies the full path to the script to run to start 3471a mail transfer agent. 3472The default is 3473.Pa /etc/rc.sendmail . 3474The 3475.Va sendmail_* 3476variables which 3477.Pa /etc/rc.sendmail 3478uses are documented in the 3479.Xr rc.sendmail 8 3480manual page. 3481.It Va dumpdev 3482.Pq Vt str 3483Indicates the device (usually a swap partition) to which a crash dump 3484should be written in the event of a system crash. 3485If the value of this variable is 3486.Dq Li AUTO , 3487the first suitable swap device listed in 3488.Pa /etc/fstab 3489will be used as dump device. 3490Otherwise, the value of this variable is passed as the argument to 3491.Xr dumpon 8 . 3492To disable crash dumps, set this variable to 3493.Dq Li NO . 3494.It Va dumpdir 3495.Pq Vt str 3496When the system reboots after a crash and a crash dump is found on the 3497device specified by the 3498.Va dumpdev 3499variable, 3500.Xr savecore 8 3501will save that crash dump and a copy of the kernel to the directory 3502specified by the 3503.Va dumpdir 3504variable. 3505The default value is 3506.Pa /var/crash . 3507Set to 3508.Dq Li NO 3509to not run 3510.Xr savecore 8 3511at boot time when 3512.Va dumpdir 3513is set. 3514.It Va savecore_enable 3515.Pq Vt bool 3516If set to 3517.Dq Li NO , 3518disable automatic extraction of the crash dump from the 3519.Va dumpdev . 3520.It Va savecore_flags 3521.Pq Vt str 3522If crash dumps are enabled, these are the flags to pass to the 3523.Xr savecore 8 3524utility. 3525.It Va quota_enable 3526.Pq Vt bool 3527Set to 3528.Dq Li YES 3529to turn on user and group disk quotas on system startup via the 3530.Xr quotaon 8 3531command for all file systems marked as having quotas enabled in 3532.Pa /etc/fstab . 3533The kernel must be built with 3534.Cd "options QUOTA" 3535for disk quotas to function. 3536.It Va check_quotas 3537.Pq Vt bool 3538Set to 3539.Dq Li YES 3540to enable user and group disk quota checking via the 3541.Xr quotacheck 8 3542command. 3543.It Va quotacheck_flags 3544.Pq Vt str 3545If 3546.Va quota_enable 3547is set to 3548.Dq Li YES , 3549and 3550.Va check_quotas 3551is set to 3552.Dq Li YES , 3553these are the flags to pass to the 3554.Xr quotacheck 8 3555utility. 3556The default is 3557.Dq Li "-a" , 3558which checks quotas for all file systems with quotas enabled in 3559.Pa /etc/fstab . 3560.It Va quotaon_flags 3561.Pq Vt str 3562If 3563.Va quota_enable 3564is set to 3565.Dq Li YES , 3566these are the flags to pass to the 3567.Xr quotaon 8 3568utility. 3569The default is 3570.Dq Li "-a" , 3571which enables quotas for all file systems with quotas enabled in 3572.Pa /etc/fstab . 3573.It Va quotaoff_flags 3574.Pq Vt str 3575If 3576.Va quota_enable 3577is set to 3578.Dq Li YES , 3579these are the flags to pass to the 3580.Xr quotaoff 8 3581utility when shutting down the quota system. 3582The default is 3583.Dq Li "-a" , 3584which disables quotas for all file systems with quotas enabled in 3585.Pa /etc/fstab . 3586.It Va accounting_enable 3587.Pq Vt bool 3588Set to 3589.Dq Li YES 3590to enable system accounting through the 3591.Xr accton 8 3592facility. 3593.It Va ibcs2_enable 3594.Pq Vt bool 3595Set to 3596.Dq Li YES 3597to enable iBCS2 (SCO) binary emulation at system initial boot 3598time. 3599.It Va ibcs2_loaders 3600.Pq Vt str 3601If not set to 3602.Dq Li NO 3603and if 3604.Va ibcs2_enable 3605is set to 3606.Dq Li YES , 3607this specifies a list of additional iBCS2 loaders to enable. 3608.It Va firstboot_sentinel 3609.Pq Vt str 3610This variable specifies the full path to a 3611.Dq first boot 3612sentinel file. 3613If a file exists with this path, 3614.Pa rc.d 3615scripts with the 3616.Dq firstboot 3617keyword will be run on startup and the sentinel file will be deleted 3618after the boot process completes. 3619The sentinel file must be located on a writable file system which is 3620mounted no later than 3621.Va early_late_divider 3622to function properly. 3623The default is 3624.Pa /firstboot . 3625.It Va linux_enable 3626.Pq Vt bool 3627Set to 3628.Dq Li YES 3629to enable Linux/ELF binary emulation at system initial 3630boot time. 3631.It Va svr4_enable 3632.Pq Vt bool 3633If set to 3634.Dq Li YES , 3635enable SysVR4 emulation at boot time. 3636.It Va sysvipc_enable 3637.Pq Vt bool 3638If set to 3639.Dq Li YES , 3640load System V IPC primitives at boot time. 3641.It Va clear_tmp_enable 3642.Pq Vt bool 3643Set to 3644.Dq Li YES 3645to have 3646.Pa /tmp 3647cleaned at startup. 3648.It Va clear_tmp_X 3649.Pq Vt bool 3650Set to 3651.Dq Li NO 3652to disable removing of X11 lock files, 3653and the removal and (secure) recreation 3654of the various socket directories for X11 3655related programs. 3656.It Va ldconfig_paths 3657.Pq Vt str 3658Set to the list of shared library paths to use with 3659.Xr ldconfig 8 . 3660NOTE: 3661.Pa /usr/lib 3662will always be added first, so it need not appear in this list. 3663.It Va ldconfig32_paths 3664.Pq Vt str 3665Set to the list of 32-bit compatibility shared library paths to 3666use with 3667.Xr ldconfig 8 . 3668.It Va ldconfig_paths_aout 3669.Pq Vt str 3670Set to the list of shared library paths to use with 3671.Xr ldconfig 8 3672legacy 3673.Xr a.out 5 3674support. 3675.It Va ldconfig_insecure 3676.Pq Vt bool 3677The 3678.Xr ldconfig 8 3679utility normally refuses to use directories 3680which are writable by anyone except root. 3681Set this variable to 3682.Dq Li YES 3683to disable that security check during system startup. 3684.It Va ldconfig_local_dirs 3685.Pq Vt str 3686Set to the list of local 3687.Xr ldconfig 8 3688directories. 3689The names of all files in the directories listed will be 3690passed as arguments to 3691.Xr ldconfig 8 . 3692.It Va ldconfig_local32_dirs 3693.Pq Vt str 3694Set to the list of local 32-bit compatibility 3695.Xr ldconfig 8 3696directories. 3697The names of all files in the directories listed will be 3698passed as arguments to 3699.Dq Nm ldconfig Fl 32 . 3700.It Va kern_securelevel_enable 3701.Pq Vt bool 3702Set to 3703.Dq Li YES 3704to set the kernel security level at system startup. 3705.It Va kern_securelevel 3706.Pq Vt int 3707The kernel security level to set at startup. 3708The allowed range of 3709.Ar value 3710ranges from \-1 (the compile time default) to 3 (the 3711most secure). 3712See 3713.Xr security 7 3714for the list of possible security levels and their effect 3715on system operation. 3716.It Va sshd_program 3717.Pq Vt str 3718Path to the SSH server program 3719.Pa ( /usr/sbin/sshd 3720is the default). 3721.It Va sshd_enable 3722.Pq Vt bool 3723Set to 3724.Dq Li YES 3725to start 3726.Xr sshd 8 3727at system boot time. 3728.It Va sshd_flags 3729.Pq Vt str 3730If 3731.Va sshd_enable 3732is set to 3733.Dq Li YES , 3734these are the flags to pass to the 3735.Xr sshd 8 3736daemon. 3737.It Va ftpd_program 3738.Pq Vt str 3739Path to the FTP server program 3740.Pa ( /usr/libexec/ftpd 3741is the default). 3742.It Va ftpd_enable 3743.Pq Vt bool 3744Set to 3745.Dq Li YES 3746to start 3747.Xr ftpd 8 3748as a stand-alone daemon at system boot time. 3749.It Va ftpd_flags 3750.Pq Vt str 3751If 3752.Va ftpd_enable 3753is set to 3754.Dq Li YES , 3755these are the additional flags to pass to the 3756.Xr ftpd 8 3757daemon. 3758.It Va watchdogd_enable 3759.Pq Vt bool 3760If set to 3761.Dq Li YES , 3762start the 3763.Xr watchdogd 8 3764daemon at boot time. 3765This requires that the kernel have been compiled with a 3766.Xr watchdog 4 3767compatible device. 3768.It Va watchdogd_flags 3769.Pq Vt str 3770If 3771.Va watchdogd_enable 3772is set to 3773.Dq Li YES , 3774these are the flags passed to the 3775.Xr watchdogd 8 3776daemon. 3777.It Va devfs_rulesets 3778.Pq Vt str 3779List of files containing sets of rules for 3780.Xr devfs 8 . 3781.It Va devfs_system_ruleset 3782.Pq Vt str 3783Rule name(s) to apply to the system 3784.Pa /dev 3785itself. 3786.It Va devfs_set_rulesets 3787.Pq Vt str 3788Pairs of already-mounted 3789.Pa dev 3790directories and rulesets that should be applied to them. 3791For example: /mount/dev=ruleset_name 3792.It Va devfs_load_rulesets 3793.Pq Vt bool 3794If set, always load the default rulesets listed in 3795.Va devfs_rulesets . 3796.It Va performance_cx_lowest 3797.Pq Vt str 3798CPU idle state to use while on AC power. 3799The string 3800.Dq Li LOW 3801indicates that 3802.Xr acpi 4 3803should use the lowest power state available while 3804.Dq Li HIGH 3805indicates that the lowest latency state (less power savings) should be used. 3806.It Va performance_cpu_freq 3807.Pq Vt str 3808CPU clock frequency to use while on AC power. 3809The string 3810.Dq Li LOW 3811indicates that 3812.Xr cpufreq 4 3813should use the lowest frequency available while 3814.Dq Li HIGH 3815indicates that the highest frequency (less power savings) should be used. 3816.It Va economy_cx_lowest 3817.Pq Vt str 3818CPU idle state to use when off AC power. 3819The string 3820.Dq Li LOW 3821indicates that 3822.Xr acpi 4 3823should use the lowest power state available while 3824.Dq Li HIGH 3825indicates that the lowest latency state (less power savings) should be used. 3826.It Va economy_cpu_freq 3827.Pq Vt str 3828CPU clock frequency to use when off AC power. 3829The string 3830.Dq Li LOW 3831indicates that 3832.Xr cpufreq 4 3833should use the lowest frequency available while 3834.Dq Li HIGH 3835indicates that the highest frequency (less power savings) should be used. 3836.It Va jail_enable 3837.Pq Vt bool 3838If set to 3839.Dq Li NO , 3840any configured jails will not be started. 3841.It Va jail_conf 3842.Pq Vt str 3843The configuration filename used by 3844.Xr jail 8 3845utility. 3846The default value is 3847.Pa /etc/jail.conf . 3848.It Va jail_parallel_start 3849.Pq Vt bool 3850If set to 3851.Dq Li YES , 3852all configured jails will be started in the background (in parallel). 3853.It Va jail_flags 3854.Pq Vt str 3855Unset by default. 3856When set, use as default value for 3857.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3858for every jail in 3859.Va jail_list . 3860.It Va jail_list 3861.Pq Vt str 3862A space-delimited list of jail names. 3863When left empty, all of the 3864.Xr jail 8 3865instances defined in the configuration file are started. 3866The names specified in this list control the jail startup order. 3867.Xr jail 8 3868instances missing from 3869.Va jail_list 3870must be started manually. 3871Note that a jail's 3872.Va depend 3873parameter in the configuration file may override this list. 3874.It Va jail_reverse_stop 3875.Pq Vt bool 3876When set to 3877.Dq Li YES , 3878all configured jails in 3879.Va jail_list 3880are stopped in reverse order. 3881.It Va jail_* variables 3882Note that older releases supported per-jail configuration via 3883.Xr rc.conf 5 3884variables. 3885For example, 3886hostname of a jail named 3887.Li vjail 3888was able to be set by 3889.Li jail_vjail_hostname . 3890These per-jail configuration variables are now obsolete in favor of 3891.Xr jail 8 3892configuration file. 3893For backward compatibility, 3894when per-jail configuration variables are defined, 3895.Xr jail 8 3896configuration files are created as 3897.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3898and used. 3899.Pp 3900The following per-jail parameters are handled by 3901.Pa rc.d/jail 3902script out of their corresponding 3903.Nm 3904variables. 3905In addition to them, parameters in 3906.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3907will be added to the configuration file. 3908They must be a semi-colon 3909.Pq Ql \&; 3910delimited list of 3911.Dq key=value . 3912For more details, 3913see 3914.Xr jail 8 3915manual page. 3916.Bl -tag -width "host.hostname" -offset indent 3917.It Li path 3918set from 3919.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3920.It Li host.hostname 3921set from 3922.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3923.It Li exec.consolelog 3924set from 3925.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3926The default value is 3927.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3928.It Li interface 3929set from 3930.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3931.It Li vnet.interface 3932set from 3933.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3934This implies 3935.Li vnet 3936parameter will be enabled and cannot be specified with 3937.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3938.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3939and/or 3940.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3941at the same time. 3942.It Li fstab 3943set from 3944.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3945.It Li mount 3946set from 3947.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3948.It Li exec.fib 3949set from 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3951.It Li exec.start 3952set from 3953.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3954The parameter name was 3955.Li command 3956in some older releases. 3957.It Li exec.prestart 3958set from 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3960.It Li exec.poststart 3961set from 3962.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3963.It Li exec.stop 3964set from 3965.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3966.It Li exec.prestop 3967set from 3968.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3969.It Li exec.poststop 3970set from 3971.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3972.It Li ip4.addr 3973set if 3974.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3975or 3976.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3977contain IPv4 addresses 3978.It Li ip6.addr 3979set if 3980.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3981or 3982.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3983contain IPv6 addresses 3984.It Li allow.mount 3985set from 3986.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3987.It Li mount.devfs 3988set from 3989.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3990.It Li devfs_ruleset 3991set from 3992.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3993This must be an integer, 3994not a string. 3995.It Li mount.fdescfs 3996set from 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3998.It Li allow.set_hostname 3999set from 4000.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4001.It Li allow.rawsocket 4002set from 4003.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4004.It Li allow.sysvipc 4005set from 4006.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4007.El 4008.\" ----------------------------------------------------- 4009.It Va harvest_mask 4010.Pq Vt int 4011Set to a bit-mask 4012representing the entropy sources 4013you wish to harvest. 4014Refer to 4015.Xr random 4 4016for more information. 4017.It Va entropy_dir 4018.Pq Vt str 4019Set to 4020.Dq Li NO 4021to disable caching entropy via 4022.Xr cron 8 . 4023Otherwise set to the directory 4024in which the entropy files are stored. 4025To be useful, 4026there must be 4027a system cron job 4028that regularly writes and rotates 4029files here. 4030All files found 4031will be used at boot time. 4032The default is 4033.Pa /var/db/entropy . 4034.It Va entropy_file 4035.Pq Vt str 4036Set to 4037.Dq Li NO 4038to disable caching entropy through reboots. 4039Otherwise set to the name 4040of a file used to store cached entropy. 4041This file should be located 4042on a file system that is readable 4043before all the volumes specified in 4044.Xr fstab 5 4045are mounted. 4046By default, 4047.Pa /entropy 4048is used, 4049but if 4050.Pa /var/db/entropy-file 4051is found it will also be used. 4052This will be of some use to 4053.Xr bsdinstall 8 . 4054.It Va entropy_boot_file 4055.Pq Vt str 4056Set to 4057.Dq Li NO 4058to disable 4059very early caching entropy 4060through reboots. 4061Otherwise set to the filename 4062used to read 4063very early reboot cached entropy. 4064This file should be located where 4065.Xr loader 8 4066can read it. 4067See also 4068.Xr loader.conf 5 . 4069The default location is 4070.Pa /boot/entropy . 4071.It Va entropy_save_sz 4072.Pq Vt int 4073Size of the entropy cache files saved by 4074.Nm save-entropy 4075periodically. 4076.It Va entropy_save_num 4077.Pq Vt int 4078Number of entropy cache files to save by 4079.Nm save-entropy 4080periodically. 4081.It Va ipsec_enable 4082.Pq Vt bool 4083Set to 4084.Dq Li YES 4085to run 4086.Xr setkey 8 4087on 4088.Va ipsec_file 4089at boot time. 4090.It Va ipsec_file 4091.Pq Vt str 4092Configuration file for 4093.Xr setkey 8 . 4094.It Va dmesg_enable 4095.Pq Vt bool 4096Set to 4097.Dq Li YES 4098to save 4099.Xr dmesg 8 4100to 4101.Pa /var/run/dmesg.boot 4102on boot. 4103.It Va rcshutdown_timeout 4104.Pq Vt int 4105If set, start a watchdog timer in the background which will terminate 4106.Pa rc.shutdown 4107if 4108.Xr shutdown 8 4109has not completed within the specified time (in seconds). 4110Notice that in addition to this soft timeout, 4111.Xr init 8 4112also applies a hard timeout for the execution of 4113.Pa rc.shutdown . 4114This is configured via 4115.Xr sysctl 8 4116variable 4117.Va kern.init_shutdown_timeout 4118and defaults to 120 seconds. 4119Setting the value of 4120.Va rcshutdown_timeout 4121to more than 120 seconds will have no effect until the 4122.Xr sysctl 8 4123variable 4124.Va kern.init_shutdown_timeout 4125is also increased. 4126.It Va virecover_enable 4127.Pq Vt bool 4128Set to 4129.Dq Li NO 4130to prevent the system from trying to 4131recover pre-maturely terminated 4132.Xr vi 1 4133sessions. 4134.It Va ugidfw_enable 4135.Pq Vt bool 4136Set to 4137.Dq Li YES 4138to load the 4139.Xr mac_bsdextended 4 4140module upon system initialization and load a default 4141ruleset file. 4142.It Va bsdextended_script 4143.Pq Vt str 4144The default 4145.Xr mac_bsdextended 4 4146ruleset file to load. 4147The default value of this variable is 4148.Pa /etc/rc.bsdextended . 4149.It Va newsyslog_enable 4150.Pq Vt bool 4151If set to 4152.Dq Li YES , 4153run 4154.Xr newsyslog 8 4155command at startup. 4156.It Va newsyslog_flags 4157.Pq Vt str 4158If 4159.Va newsyslog_enable 4160is set to 4161.Dq Li YES , 4162these are the flags to pass to the 4163.Xr newsyslog 8 4164program. 4165The default is 4166.Dq Li -CN , 4167which causes log files flagged with a 4168.Cm C 4169to be created. 4170.It Va mdconfig_md Ns Aq Ar X 4171.Pq Vt str 4172Arguments to 4173.Xr mdconfig 8 4174for 4175.Xr md 4 4176device 4177.Ar X . 4178At minimum a 4179.Fl t Ar type 4180must be specified and either a 4181.Fl s Ar size 4182for malloc or swap backed 4183.Xr md 4 4184devices or a 4185.Fl f Ar file 4186for vnode backed 4187.Xr md 4 4188devices. 4189Note that 4190.Va mdconfig_md Ns Aq Ar X 4191variables are evaluated until one variable is unset or null. 4192.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4193.Pq Vt str 4194Optional arguments passed to 4195.Xr newfs 8 4196to initialize 4197.Xr md 4 4198device 4199.Ar X . 4200.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4201.Pq Vt str 4202An ownership specification passed to 4203.Xr chown 8 4204after the specified 4205.Xr md 4 4206device 4207.Ar X 4208has been mounted. 4209Both the 4210.Xr md 4 4211device and the mount point will be changed. 4212.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4213.Pq Vt str 4214A mode string passed to 4215.Xr chmod 1 4216after the specified 4217.Xr md 4 4218device 4219.Ar X 4220has been mounted. 4221Both the 4222.Xr md 4 4223device and the mount point will be changed. 4224.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4225.Pq Vt str 4226Files to be copied to the mount point of the 4227.Xr md 4 4228device 4229.Ar X 4230after it has been mounted. 4231.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4232.Pq Vt str 4233Command to execute after the specified 4234.Xr md 4 4235device 4236.Ar X 4237has been mounted. 4238Note that the command is passed to 4239.Ic eval 4240and that both 4241.Va _dev 4242and 4243.Va _mp 4244variables can be used to reference respectively the 4245.Xr md 4 4246device and the mount point. 4247Assuming that the 4248.Xr md 4 4249device is 4250.Li md0 , 4251one could set the following: 4252.Bd -literal 4253mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4254.Ed 4255.It Va autobridge_interfaces 4256.Pq Vt str 4257Set to the list of bridge interfaces that will have newly arriving interfaces 4258checked against to be automatically added. 4259If not set to 4260.Dq Li NO 4261then for each whitespace separated 4262.Ar element 4263in the value, a 4264.Va autobridge_ Ns Aq Ar element 4265variable is assumed to exist which has a whitespace separated list of interface 4266names to match, these names can use wildcards. 4267For example: 4268.Bd -literal 4269autobridge_interfaces="bridge0" 4270autobridge_bridge0="tap* dc0 vlan[345]" 4271.Ed 4272.It Va mixer_enable 4273.Pq Vt bool 4274If set to 4275.Dq Li YES , 4276enable support for sound mixer. 4277.It Va hcsecd_enable 4278.Pq Vt bool 4279If set to 4280.Dq Li YES , 4281enable Bluetooth security daemon. 4282.It Va hcsecd_config 4283.Pq Vt str 4284Configuration file for 4285.Xr hcsecd 8 . 4286Default 4287.Pa /etc/bluetooth/hcsecd.conf . 4288.It Va sdpd_enable 4289.Pq Vt bool 4290If set to 4291.Dq Li YES , 4292enable Bluetooth Service Discovery Protocol daemon. 4293.It Va sdpd_control 4294.Pq Vt str 4295Path to 4296.Xr sdpd 8 4297control socket. 4298Default 4299.Pa /var/run/sdp . 4300.It Va sdpd_groupname 4301.Pq Vt str 4302Sets 4303.Xr sdpd 8 4304group to run as after it initializes. 4305Default 4306.Dq Li nobody . 4307.It Va sdpd_username 4308.Pq Vt str 4309Sets 4310.Xr sdpd 8 4311user to run as after it initializes. 4312Default 4313.Dq Li nobody . 4314.It Va bthidd_enable 4315.Pq Vt bool 4316If set to 4317.Dq Li YES , 4318enable Bluetooth Human Interface Device daemon. 4319.It Va bthidd_config 4320.Pq Vt str 4321Configuration file for 4322.Xr bthidd 8 . 4323Default 4324.Pa /etc/bluetooth/bthidd.conf . 4325.It Va bthidd_hids 4326.Pq Vt str 4327Path to a file, where 4328.Xr bthidd 8 4329will store information about known HID devices. 4330Default 4331.Pa /var/db/bthidd.hids . 4332.It Va rfcomm_pppd_server_enable 4333.Pq Vt bool 4334If set to 4335.Dq Li YES , 4336enable Bluetooth RFCOMM PPP wrapper daemon. 4337.It Va rfcomm_pppd_server_profile 4338.Pq Vt str 4339The name of the profile to use from 4340.Pa /etc/ppp/ppp.conf . 4341Multiple profiles can be specified here. 4342Also used to specify per-profile overrides. 4343When the profile name contains any of the characters 4344.Dq Li .-/+ 4345they are translated to 4346.Dq Li _ 4347for the proposes of the override variable names. 4348.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4349.Pq Vt str 4350Overrides local address to listen on. 4351By default 4352.Xr rfcomm_pppd 8 4353will listen on 4354.Dq Li ANY 4355address. 4356The address can be specified as BD_ADDR or name. 4357.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4358.Pq Vt str 4359Overrides local RFCOMM channel to listen on. 4360By default 4361.Xr rfcomm_pppd 8 4362will listen on RFCOMM channel 1. 4363Must set properly if multiple profiles used in the same time. 4364.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4365.Pq Vt bool 4366Tells 4367.Xr rfcomm_pppd 8 4368if it should register Serial Port service on the specified RFCOMM channel. 4369Default 4370.Dq Li NO . 4371.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4372.Pq Vt bool 4373Tells 4374.Xr rfcomm_pppd 8 4375if it should register Dial-Up Networking service on the specified 4376RFCOMM channel. 4377Default 4378.Dq Li NO . 4379.It Va ubthidhci_enable 4380.Pq Vt bool 4381If set to 4382.Dq Li YES , 4383change the USB Bluetooth controller from HID mode to HCI mode. 4384You also need to specify the location of USB Bluetooth controller with the 4385.Va ubthidhci_busnum 4386and 4387.Va ubthidhci_addr 4388variables. 4389.It Va ubthidhci_busnum 4390Bus number where the USB Bluetooth controller is located. 4391Check the output of 4392.Xr usbconfig 8 4393on your system to find this information. 4394.It Va ubthidhci_addr 4395Bus address of the USB Bluetooth controller. 4396Check the output of 4397.Xr usbconfig 8 4398on your system to find this information. 4399.It Va netwait_enable 4400.Pq Vt bool 4401If set to 4402.Dq Li YES , 4403delays the start of network-reliant services until 4404.Va netwait_if 4405is up and ICMP packets to a destination defined in 4406.Va netwait_ip 4407are flowing. 4408Link state is examined first, followed by 4409.Dq Li pinging 4410an IP address to verify network usability. 4411If no destination can be reached or timeouts are exceeded, 4412network services are started anyway with no guarantee that 4413the network is usable. 4414Use of this variable requires both 4415.Va netwait_ip 4416and 4417.Va netwait_if 4418to be set. 4419.It Va netwait_ip 4420.Pq Vt str 4421Empty by default. 4422This variable contains a space-delimited list of IP addresses to 4423.Xr ping 8 . 4424DNS hostnames should not be used as resolution is not guaranteed 4425to be functional at this point. 4426If multiple IP addresses are specified, 4427each will be tried until one is successful or the list is exhausted. 4428.It Va netwait_timeout 4429.Pq Vt int 4430Indicates the total number of seconds to perform a 4431.Dq Li ping 4432against each IP address in 4433.Va netwait_ip , 4434at a rate of one ping per second. 4435If any of the pings are successful, 4436full network connectivity is considered reliable. 4437The default is 60. 4438.It Va netwait_if 4439.Pq Vt str 4440Empty by default. 4441Defines the name of the network interface on which watch for link. 4442.Xr ifconfig 8 4443is used to monitor the interface, looking for 4444.Dq Li status: no carrier . 4445Once gone, the link is considered up. 4446This can be a 4447.Xr vlan 4 4448interface if desired. 4449.It Va netwait_if_timeout 4450.Pq Vt int 4451Defines the total number of seconds to wait for link to become usable, 4452polled at a 1-second interval. 4453The default is 30. 4454.It Va rctl_enable 4455.Pq Vt bool 4456If set to 4457.Dq Li YES , 4458load 4459.Xr rctl 8 4460rules from the defined ruleset. 4461The kernel must be built with 4462.Cd "options RACCT" 4463and 4464.Cd "options RCTL" . 4465.It Va rctl_rules 4466.Pq Vt str 4467Set to 4468.Pa /etc/rctl.conf 4469by default. 4470This variables contains the 4471.Xr rctl.conf 5 4472ruleset to load for 4473.Xr rctl 8 . 4474.It Va iovctl_files 4475.Pq Vt str 4476A space-separated list of configuration files used by 4477.Xr iovctl 8 . 4478The default value is an empty string. 4479.It Va autofs_enable 4480.Pq Vt bool 4481If set to 4482.Dq Li YES , 4483start the 4484.Xr automount 8 4485utility and the 4486.Xr automountd 8 4487and 4488.Xr autounmountd 8 4489daemons at boot time. 4490.It Va automount_flags 4491.Pq Vt str 4492If 4493.Va autofs_enable 4494is set to 4495.Dq Li YES , 4496these are the flags to pass to the 4497.Xr automount 8 4498program. 4499By default no flags are passed. 4500.It Va automountd_flags 4501.Pq Vt str 4502If 4503.Va autofs_enable 4504is set to 4505.Dq Li YES , 4506these are the flags to pass to the 4507.Xr automountd 8 4508daemon. 4509By default no flags are passed. 4510.It Va autounmountd_flags 4511.Pq Vt str 4512If 4513.Va autofs_enable 4514is set to 4515.Dq Li YES , 4516these are the flags to pass to the 4517.Xr autounmountd 8 4518daemon. 4519By default no flags are passed. 4520.It Va ctld_enable 4521.Pq Vt bool 4522If set to 4523.Dq Li YES , 4524start the 4525.Xr ctld 8 4526daemon at boot time. 4527.It Va iscsid_enable 4528.Pq Vt bool 4529If set to 4530.Dq Li YES , 4531start the 4532.Xr iscsid 8 4533daemon at boot time. 4534.It Va iscsictl_enable 4535.Pq Vt bool 4536If set to 4537.Dq Li YES , 4538start the 4539.Xr iscsictl 8 4540utility at boot time. 4541.It Va iscsictl_flags 4542.Pq Vt str 4543If 4544.Va iscsictl_enable 4545is set to 4546.Dq Li YES , 4547these are the flags to pass to the 4548.Xr iscsictl 8 4549program. 4550The default is 4551.Dq Li -Aa , 4552which configures sessions based on the 4553.Pa /etc/iscsi.conf 4554configuration file. 4555.El 4556.Sh FILES 4557.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4558.It Pa /etc/defaults/rc.conf 4559.It Pa /etc/rc.conf 4560.It Pa /etc/rc.conf.local 4561.El 4562.Sh SEE ALSO 4563.Xr catman 1 , 4564.Xr chmod 1 , 4565.Xr gdb 1 , 4566.Xr info 1 , 4567.Xr kbdcontrol 1 , 4568.Xr makewhatis 1 , 4569.Xr sh 1 , 4570.Xr vi 1 , 4571.Xr vidcontrol 1 , 4572.Xr bridge 4 , 4573.Xr dummynet 4 , 4574.Xr ip 4 , 4575.Xr ipf 4 , 4576.Xr ipfw 4 , 4577.Xr ipnat 4 , 4578.Xr kld 4 , 4579.Xr pf 4 , 4580.Xr pflog 4 , 4581.Xr pfsync 4 , 4582.Xr tcp 4 , 4583.Xr udp 4 , 4584.Xr exports 5 , 4585.Xr fstab 5 , 4586.Xr ipf 5 , 4587.Xr ipnat 5 , 4588.Xr jail.conf 5 , 4589.Xr loader.conf 5 , 4590.Xr motd 5 , 4591.Xr newsyslog.conf 5 , 4592.Xr pf.conf 5 , 4593.Xr security 7 , 4594.Xr accton 8 , 4595.Xr amd 8 , 4596.Xr apm 8 , 4597.Xr atm 8 , 4598.Xr bsdinstall 8 , 4599.Xr bthidd 8 , 4600.Xr chkprintcap 8 , 4601.Xr chown 8 , 4602.Xr cron 8 , 4603.Xr devfs 8 , 4604.Xr dhclient 8 , 4605.Xr ftpd 8 , 4606.Xr geli 8 , 4607.Xr hcsecd 8 , 4608.Xr ifconfig 8 , 4609.Xr inetd 8 , 4610.Xr iovctl 8 , 4611.Xr ipf 8 , 4612.Xr ipfw 8 , 4613.Xr ipnat 8 , 4614.Xr jail 8 , 4615.Xr kldxref 8 , 4616.Xr loader 8 , 4617.Xr lpd 8 , 4618.Xr mdconfig 8 , 4619.Xr mdmfs 8 , 4620.Xr mixer 8 , 4621.Xr mountd 8 , 4622.Xr moused 8 , 4623.Xr newfs 8 , 4624.Xr newsyslog 8 , 4625.Xr nfsd 8 , 4626.Xr ntpd 8 , 4627.Xr ntpdate 8 , 4628.Xr pfctl 8 , 4629.Xr pflogd 8 , 4630.Xr ping 8 , 4631.Xr powerd 8 , 4632.Xr quotacheck 8 , 4633.Xr quotaon 8 , 4634.Xr rc 8 , 4635.Xr rc.sendmail 8 , 4636.Xr rfcomm_pppd 8 , 4637.Xr route 8 , 4638.Xr routed 8 , 4639.Xr rpc.lockd 8 , 4640.Xr rpc.statd 8 , 4641.Xr rpcbind 8 , 4642.Xr rwhod 8 , 4643.Xr savecore 8 , 4644.Xr sdpd 8 , 4645.Xr sshd 8 , 4646.Xr swapon 8 , 4647.Xr sysctl 8 , 4648.Xr syslogd 8 , 4649.Xr timed 8 , 4650.Xr unbound 8 , 4651.Xr usbconfig 8 , 4652.Xr wlandebug 8 , 4653.Xr yp 8 , 4654.Xr ypbind 8 , 4655.Xr ypserv 8 , 4656.Xr ypset 8 4657.Sh HISTORY 4658The 4659.Nm 4660file appeared in 4661.Fx 2.2.2 . 4662.Sh AUTHORS 4663.An Jordan K. Hubbard . 4664