1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd October 27, 2007 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va kldxref_enable 168.Pq Vt bool 169Set to 170.Dq Li NO 171by default. 172Set to 173.Dq Li YES 174to automatically rebuild 175.Pa linker.hints 176files with 177.Xr kldxref 8 178at boot time. 179.It Va kldxref_clobber 180.Pq Vt bool 181Set to 182.Dq Li NO 183by default. 184If 185.Va kldxref_enable 186is true, 187setting to 188.Dq Li YES 189will overwrite existing 190.Pa linker.hints 191files at boot time. 192Otherwise, 193only missing 194.Pa linker.hints 195files are generated. 196.It Va kldxref_module_path 197.Pq Vt str 198Empty by default. 199A semi-colon 200.Pq Ql \&; 201delimited list of paths containing 202.Xr kld 4 203modules. 204If empty, 205the contents of the 206.Va kern.module_path 207.Xr sysctl 8 208are used. 209.It Va powerd_enable 210.Pq Vt bool 211If set to 212.Dq Li YES , 213enable the system power control facility with the 214.Xr powerd 8 215daemon. 216.It Va powerd_flags 217.Pq Vt str 218If 219.Va powerd_enable 220is set to 221.Dq Li YES , 222these are the flags to pass to the 223.Xr powerd 8 224daemon. 225.It Va tmpmfs 226Controls the creation of a 227.Pa /tmp 228memory file system. 229Always happens if set to 230.Dq Li YES 231and never happens if set to 232.Dq Li NO . 233If set to anything else, a memory file system is created if 234.Pa /tmp 235is not writable. 236.It Va tmpsize 237Controls the size of a created 238.Pa /tmp 239memory file system. 240.It Va tmpmfs_flags 241Extra options passed to the 242.Xr mdmfs 8 243utility when the memory file system for 244.Pa /tmp 245is created. 246The default is 247.Dq Li "-S" , 248which inhibits the use of softupdates on 249.Pa /tmp 250so that file system space is freed without delay 251after file truncation or deletion. 252See 253.Xr mdmfs 8 254for other options you can use in 255.Va tmpmfs_flags . 256.It Va varmfs 257Controls the creation of a 258.Pa /var 259memory file system. 260Always happens if set to 261.Dq Li YES 262and never happens if set to 263.Dq Li NO . 264If set to anything else, a memory file system is created if 265.Pa /var 266is not writable. 267.It Va varsize 268Controls the size of a created 269.Pa /var 270memory file system. 271.It Va varmfs_flags 272Extra options passed to the 273.Xr mdmfs 8 274utility when the memory file system for 275.Pa /var 276is created. 277The default is 278.Dq Li "-S" , 279which inhibits the use of softupdates on 280.Pa /var 281so that file system space is freed without delay 282after file truncation or deletion. 283See 284.Xr mdmfs 8 285for other options you can use in 286.Va varmfs_flags . 287.It Va populate_var 288Controls the automatic population of the 289.Pa /var 290file system. 291Always happens if set to 292.Dq Li YES 293and never happens if set to 294.Dq Li NO . 295If set to anything else, a memory file system is created if 296.Pa /var 297is not writable. 298Note that this process requires access to certain commands in 299.Pa /usr 300before 301.Pa /usr 302is mounted on normal systems. 303.It Va cleanvar_enable 304.Pq Vt bool 305Clean the 306.Pa /var 307directory. 308.It Va local_startup 309.Pq Vt str 310List of directories to search for startup script files. 311.It Va script_name_sep 312.Pq Vt str 313The field separator to use for breaking down the list of startup script files 314into individual filenames. 315The default is a space. 316It is not necessary to change this unless there are startup scripts with names 317containing spaces. 318.It Va hostapd_enable 319.Pq Vt bool 320Set to 321.Dq Li YES 322to start 323.Xr hostapd 8 324at system boot time. 325.It Va hostname 326.Pq Vt str 327The fully qualified domain name (FQDN) of this host on the network. 328This should almost certainly be set to something meaningful, even if 329there is no network connection. 330If 331.Xr dhclient 8 332is used to set the hostname via DHCP, 333this variable should be set to an empty string. 334.It Va ipv6_enable 335.Pq Vt bool 336Enable support for IPv6 networking. 337Note that this requires that the kernel has been compiled with 338.Cd "options INET6" . 339.It Va nisdomainname 340.Pq Vt str 341The NIS domain name of this host, or 342.Dq Li NO 343if NIS is not used. 344.It Va dhclient_program 345.Pq Vt str 346Path to the DHCP client program 347.Pa ( /sbin/dhclient , 348the 349.Ox 350DHCP client, 351is the default). 352.It Va dhclient_flags 353.Pq Vt str 354Additional flags to pass to the DHCP client program. 355For the 356.Ox 357DHCP client, see the 358.Xr dhclient 8 359manpage for a description of the command line options available. 360.It Va dhclient_flags_ Ns Aq Ar iface 361Additional flags to pass to the DHCP client program running on 362.Ar iface 363only. 364When specified, this variable overrides 365.Va dhclient_flags . 366.It Va background_dhclient 367.Pq Vt bool 368Set to 369.Dq Li YES 370to start the DHCP client in background. 371This can cause trouble with applications depending on 372a working network, but it will provide a faster startup 373in many cases. 374.It Va background_dhclient_ Ns Aq Ar iface 375When specified, this variable overrides the 376.Va background_dhclient 377variable for interface 378.Ar iface 379only. 380.It Va synchronous_dhclient 381.Pq Bt bool 382Set to 383.Dq Li NO 384to start 385.Xr dhclient 8 386only in response to interface events and not synchronously at startup. 387This behavior can be overridden on a per-interface basis by replacing 388the 389.Dq Li DHCP 390keyword in the 391.Va ifconfig_ Ns Aq Ar interface 392variable with 393.Dq Li SYNCDHCP 394or 395.Dq Li NOSYNCDHCP . 396.It Va firewall_enable 397.Pq Vt bool 398Set to 399.Dq Li YES 400to load firewall rules at startup. 401If the kernel was not built with 402.Cd "options IPFIREWALL" , 403the 404.Pa ipfw.ko 405kernel module will be loaded. 406See also 407.Va ipfilter_enable . 408.It Va ipv6_firewall_enable 409.Pq Vt bool 410The IPv6 equivalent of 411.Va firewall_enable . 412Set to 413.Dq Li YES 414to load IPv6 firewall rules at startup. 415If the kernel was not built with 416.Cd "options IPV6FIREWALL" , 417the 418.Pa ipfw.ko 419kernel module will be loaded. 420.It Va firewall_script 421.Pq Vt str 422This variable specifies the full path to the firewall script to run. 423The default is 424.Pa /etc/rc.firewall . 425.It Va ipv6_firewall_script 426.Pq Vt str 427The IPv6 equivalent of 428.Va firewall_script . 429.It Va firewall_type 430.Pq Vt str 431Names the firewall type from the selection in 432.Pa /etc/rc.firewall , 433or the file which contains the local firewall ruleset. 434Valid selections from 435.Pa /etc/rc.firewall 436are: 437.Pp 438.Bl -tag -width ".Li simple" -compact 439.It Li open 440unrestricted IP access 441.It Li closed 442all IP services disabled, except via 443.Dq Li lo0 444.It Li client 445basic protection for a workstation 446.It Li simple 447basic protection for a LAN. 448.El 449.Pp 450If a filename is specified, the full path 451must be given. 452.It Va ipv6_firewall_type 453.Pq Vt str 454The IPv6 equivalent of 455.Va firewall_type . 456.It Va firewall_quiet 457.Pq Vt bool 458Set to 459.Dq Li YES 460to disable the display of firewall rules on the console during boot. 461.It Va ipv6_firewall_quiet 462.Pq Vt bool 463The IPv6 equivalent of 464.Va firewall_quiet . 465.It Va firewall_logging 466.Pq Vt bool 467Set to 468.Dq Li YES 469to enable firewall event logging. 470This is equivalent to the 471.Dv IPFIREWALL_VERBOSE 472kernel option. 473.It Va ipv6_firewall_logging 474.Pq Vt bool 475The IPv6 equivalent of 476.Va firewall_logging . 477.It Va firewall_flags 478.Pq Vt str 479Flags passed to 480.Xr ipfw 8 481if 482.Va firewall_type 483specifies a filename. 484.It Va ipv6_firewall_flags 485.Pq Vt str 486The IPv6 equivalent of 487.Va firewall_flags . 488.It Va natd_program 489.Pq Vt str 490Path to 491.Xr natd 8 . 492.It Va natd_enable 493.Pq Vt bool 494Set to 495.Dq Li YES 496to enable 497.Xr natd 8 . 498.Va firewall_enable 499must also be set to 500.Dq Li YES , 501and 502.Xr divert 4 503sockets must be enabled in the kernel. 504If the kernel was not built with 505.Cd "options IPDIVERT" , 506the 507.Pa ipdivert.ko 508kernel module will be loaded. 509.It Va natd_interface 510.Pq Vt str 511This is the name of the public interface on which 512.Xr natd 8 513should run. 514The interface may be given as an interface name or as an IP address. 515.It Va natd_flags 516.Pq Vt str 517Additional 518.Xr natd 8 519flags should be placed here. 520The 521.Fl n 522or 523.Fl a 524flag is automatically added with the above 525.Va natd_interface 526as an argument. 527.\" ----- ipfilter_enable setting -------------------------------- 528.It Va ipfilter_enable 529.Pq Vt bool 530Set to 531.Dq Li NO 532by default. 533Setting this to 534.Dq Li YES 535enables 536.Xr ipf 8 537packet filtering. 538.Pp 539Typical usage will require putting 540.Bd -literal 541ipfilter_enable="YES" 542ipnat_enable="YES" 543ipmon_enable="YES" 544ipfs_enable="YES" 545.Ed 546.Pp 547into 548.Pa /etc/rc.conf 549and editing 550.Pa /etc/ipf.rules 551and 552.Pa /etc/ipnat.rules 553appropriately. 554.Pp 555Note that 556.Va ipfilter_enable 557and 558.Va ipnat_enable 559can be enabled independently. 560.Va ipmon_enable 561and 562.Va ipfs_enable 563both require at least one of 564.Va ipfilter_enable 565and 566.Va ipnat_enable 567to be enabled. 568.Pp 569Having 570.Bd -literal 571options IPFILTER 572options IPFILTER_LOG 573options IPFILTER_DEFAULT_BLOCK 574.Ed 575.Pp 576in the kernel configuration file is a good idea, too. 577.\" ----- ipfilter_program setting ------------------------------ 578.It Va ipfilter_program 579.Pq Vt str 580Path to 581.Xr ipf 8 582(default 583.Pa /sbin/ipf ) . 584.\" ----- ipfilter_rules setting -------------------------------- 585.It Va ipfilter_rules 586.Pq Vt str 587Set to 588.Pa /etc/ipf.rules 589by default. 590This variable contains the name of the filter rule definition file. 591The file is expected to be readable for the 592.Xr ipf 8 593command to execute. 594.\" ----- ipv6_ipfilter_rules setting --------------------------- 595.It Va ipv6_ipfilter_rules 596.Pq Vt str 597Set to 598.Pa /etc/ipf6.rules 599by default. 600This variable contains the IPv6 filter rule definition file. 601The file is expected to be readable for the 602.Xr ipf 8 603command to execute. 604.\" ----- ipfilter_flags setting -------------------------------- 605.It Va ipfilter_flags 606.Pq Vt str 607Empty by default. 608This variable contains flags passed to the 609.Xr ipf 8 610program. 611.\" ----- ipnat_enable setting ---------------------------------- 612.It Va ipnat_enable 613.Pq Vt bool 614Set to 615.Dq Li NO 616by default. 617Set it to 618.Dq Li YES 619to enable 620.Xr ipnat 8 621network address translation. 622See 623.Va ipfilter_enable 624for a detailed discussion. 625.\" ----- ipnat_program setting --------------------------------- 626.It Va ipnat_program 627.Pq Vt str 628Path to 629.Xr ipnat 8 630(default 631.Pa /sbin/ipnat ) . 632.\" ----- ipnat_rules setting ----------------------------------- 633.It Va ipnat_rules 634.Pq Vt str 635Set to 636.Pa /etc/ipnat.rules 637by default. 638This variable contains the name of the file 639holding the network address translation definition. 640This file is expected to be readable for the 641.Xr ipnat 8 642command to execute. 643.\" ----- ipnat_flags setting ----------------------------------- 644.It Va ipnat_flags 645.Pq Vt str 646Empty by default. 647This variable contains flags passed to the 648.Xr ipnat 8 649program. 650.\" ----- ipmon_enable setting ---------------------------------- 651.It Va ipmon_enable 652.Pq Vt bool 653Set to 654.Dq Li NO 655by default. 656Set it to 657.Dq Li YES 658to enable 659.Xr ipmon 8 660monitoring (logging 661.Xr ipf 8 662and 663.Xr ipnat 8 664events). 665Setting this variable needs setting 666.Va ipfilter_enable 667or 668.Va ipnat_enable 669too. 670See 671.Va ipfilter_enable 672for a detailed discussion. 673.\" ----- ipmon_program setting --------------------------------- 674.It Va ipmon_program 675.Pq Vt str 676Path to 677.Xr ipmon 8 678(default 679.Pa /sbin/ipmon ) . 680.\" ----- ipmon_flags setting ----------------------------------- 681.It Va ipmon_flags 682.Pq Vt str 683Set to 684.Dq Li -Ds 685by default. 686This variable contains flags passed to the 687.Xr ipmon 8 688program. 689Another typical example would be 690.Dq Fl D Pa /var/log/ipflog 691to have 692.Xr ipmon 8 693log directly to a file bypassing 694.Xr syslogd 8 . 695Make sure to adjust 696.Pa /etc/newsyslog.conf 697in such case like this: 698.Bd -literal 699/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 700.Ed 701.\" ----- ipfs_enable setting ----------------------------------- 702.It Va ipfs_enable 703.Pq Vt bool 704Set to 705.Dq Li NO 706by default. 707Set it to 708.Dq Li YES 709to enable 710.Xr ipfs 8 711saving the filter and NAT state tables during shutdown 712and reloading them during startup again. 713Setting this variable needs setting 714.Va ipfilter_enable 715or 716.Va ipnat_enable 717to 718.Dq Li YES 719too. 720See 721.Va ipfilter_enable 722for a detailed discussion. 723Note that if 724.Va kern_securelevel 725is set to 3, 726.Va ipfs_enable 727cannot be used 728because the raised securelevel will prevent 729.Xr ipfs 8 730from saving the state tables at shutdown time. 731.\" ----- ipfs_program setting ---------------------------------- 732.It Va ipfs_program 733.Pq Vt str 734Path to 735.Xr ipfs 8 736(default 737.Pa /sbin/ipfs ) . 738.\" ----- ipfs_flags setting ------------------------------------ 739.It Va ipfs_flags 740.Pq Vt str 741Empty by default. 742This variable contains flags passed to the 743.Xr ipfs 8 744program. 745.\" ----- end of added ipf hook --------------------------------- 746.It Va pf_enable 747.Pq Vt bool 748Set to 749.Dq Li NO 750by default. 751Setting this to 752.Dq Li YES 753enables 754.Xr pf 4 755packet filtering. 756.Pp 757Typical usage will require putting 758.Pp 759.Dl pf_enable="YES" 760.Pp 761into 762.Pa /etc/rc.conf 763and editing 764.Pa /etc/pf.conf 765appropriately. 766Adding 767.Pp 768.Dl "device pf" 769.Pp 770builds support for 771.Xr pf 4 772into the kernel, otherwise the 773kernel module will be loaded. 774.It Va pf_rules 775.Pq Vt str 776Path to 777.Xr pf 4 778ruleset configuration file 779(default 780.Pa /etc/pf.conf ) . 781.It Va pf_program 782.Pq Vt str 783Path to 784.Xr pfctl 8 785(default 786.Pa /sbin/pfctl ) . 787.It Va pf_flags 788.Pq Vt str 789If 790.Va pf_enable 791is set to 792.Dq Li YES , 793these flags are passed to the 794.Xr pfctl 8 795program when loading the ruleset. 796.It Va pflog_enable 797.Pq Vt bool 798Set to 799.Dq Li NO 800by default. 801Setting this to 802.Dq Li YES 803enables 804.Xr pflogd 8 805which logs packets from the 806.Xr pf 4 807packet filter. 808.It Va pflog_logfile 809.Pq Vt str 810If 811.Va pflog_enable 812is set to 813.Dq Li YES 814this controls where 815.Xr pflogd 8 816stores the logfile 817(default 818.Pa /var/log/pflog ) . 819Check 820.Pa /etc/newsyslog.conf 821to adjust logfile rotation for this. 822.It Va pflog_program 823.Pq Vt str 824Path to 825.Xr pflogd 8 826(default 827.Pa /sbin/pflogd ) . 828.It Va pflog_flags 829.Pq Vt str 830Empty by default. 831This variable contains additional flags passed to the 832.Xr pflogd 8 833program. 834.It Va ftpproxy_enable 835.Pq Vt bool 836Set to 837.Dq Li NO 838by default. 839Setting this to 840.Dq Li YES 841enables 842.Xr ftp-proxy 8 843which supports the 844.Xr pf 4 845packet filter in translating ftp connections. 846.It Va ftpproxy_flags 847.Pq Vt str 848Empty by default. 849This variable contains additional flags passed to the 850.Xr ftp-proxy 8 851program. 852.It Va pfsync_enable 853.Pq Vt bool 854Set to 855.Dq Li NO 856by default. 857Setting this to 858.Dq Li YES 859enables exposing 860.Xr pf 4 861state changes to other hosts over the network by means of 862.Xr pfsync 4 . 863The 864.Va pfsync_syncdev 865variable 866must also be set then. 867.It Va pfsync_syncdev 868.Pq Vt str 869Empty by default. 870This variable specifies the name of the network interface 871.Xr pfsync 4 872should operate through. 873It must be set accordingly if 874.Va pfsync_enable 875is set to 876.Dq Li YES . 877.It Va pfsync_syncpeer 878.Pq Vt str 879Empty by default. 880This variable is optional. 881By default, state change messages are sent out on the synchronisation 882interface using IP multicast packets. 883The protocol is IP protocol 240, PFSYNC, and the multicast group used is 884224.0.0.240. 885When a peer address is specified using the 886.Va pfsync_syncpeer 887option, the peer address is used as a destination for the pfsync 888traffic, and the traffic can then be protected using 889.Xr ipsec 4 . 890See the 891.Xr pfsync 4 892manpage for more details about using 893.Xr ipsec 4 894with 895.Xr pfsync 4 896interfaces. 897.It Va pfsync_ifconfig 898.Pq Vt str 899Empty by default. 900This variable can contain additional options to be passed to the 901.Xr ifconfig 8 902command used to set up 903.Xr pfsync 4 . 904.It Va tcp_extensions 905.Pq Vt bool 906Set to 907.Dq Li YES 908by default. 909Setting this to 910.Dq Li NO 911disables certain TCP options as described by 912.Rs 913.%T "RFC 1323" 914.Re 915Setting this to 916.Dq Li NO 917might help remedy such problems with connections as randomly hanging 918or other weird behavior. 919Some network devices are known 920to be broken with respect to these options. 921.It Va log_in_vain 922.Pq Vt int 923Set to 0 by default. 924The 925.Xr sysctl 8 926variables, 927.Va net.inet.tcp.log_in_vain 928and 929.Va net.inet.udp.log_in_vain , 930as described in 931.Xr tcp 4 932and 933.Xr udp 4 , 934are set to the given value. 935.It Va tcp_keepalive 936.Pq Vt bool 937Set to 938.Dq Li YES 939by default. 940Setting to 941.Dq Li NO 942will disable probing idle TCP connections to verify that the 943peer is still up and reachable. 944.It Va tcp_drop_synfin 945.Pq Vt bool 946Set to 947.Dq Li NO 948by default. 949Setting to 950.Dq Li YES 951will cause the kernel to ignore TCP frames that have both 952the SYN and FIN flags set. 953This prevents OS fingerprinting, but may 954break some legitimate applications. 955This option is only available if the 956kernel was built with the 957.Dv TCP_DROP_SYNFIN 958option. 959.It Va icmp_drop_redirect 960.Pq Vt bool 961Set to 962.Dq Li NO 963by default. 964Setting to 965.Dq Li YES 966will cause the kernel to ignore ICMP REDIRECT packets. 967Refer to 968.Xr icmp 4 969for more information. 970.It Va icmp_log_redirect 971.Pq Vt bool 972Set to 973.Dq Li NO 974by default. 975Setting to 976.Dq Li YES 977will cause the kernel to log ICMP REDIRECT packets. 978Note that 979the log messages are not rate-limited, so this option should only be used 980for troubleshooting networks. 981Refer to 982.Xr icmp 4 983for more information. 984.It Va icmp_bmcastecho 985.Pq Vt bool 986Set to 987.Dq Li YES 988to respond to broadcast or multicast ICMP ping packets. 989Refer to 990.Xr icmp 4 991for more information. 992.It Va ip_portrange_first 993.Pq Vt int 994If not set to 995.Dq Li NO , 996this is the first port in the default portrange. 997Refer to 998.Xr ip 4 999for more information. 1000.It Va ip_portrange_last 1001.Pq Vt int 1002If not set to 1003.Dq Li NO , 1004this is the last port in the default portrange. 1005Refer to 1006.Xr ip 4 1007for more information. 1008.It Va network_interfaces 1009.Pq Vt str 1010Set to the list of network interfaces to configure on this host or 1011.Dq Li AUTO 1012(the default) for all current interfaces. 1013Setting the 1014.Va network_interfaces 1015variable to anything other than the default is deprecated. 1016Interfaces that the administrator wishes to store configuration for, 1017but not start at boot should be configured with the 1018.Dq Li NOAUTO 1019keyword in their 1020.Va ifconfig_ Ns Aq Ar interface 1021variables as described below. 1022.Pp 1023An 1024.Va ifconfig_ Ns Aq Ar interface 1025variable is also assumed to exist for each value of 1026.Ar interface . 1027When an interface name contains any of the characters 1028.Dq Li .-/+ 1029they are translated to 1030.Dq Li _ 1031before lookup. 1032The variable can contain arguments to 1033.Xr ifconfig 8 , 1034as well as special case-insensitive keywords described below. 1035Such keywords are removed before passing the value to 1036.Xr ifconfig 8 1037while the order of the other arguments is preserved. 1038.Pp 1039One can configure more than one IPv4 address with the 1040.Va ipv4_addrs_ Ns Aq Ar interface 1041variable. 1042One or more IP addresses must be provided in Classless Inter-Domain 1043Routing (CIDR) address notation, whose last byte can be a range like 1044192.168.0.5-23/24. 1045In this case the address 192.168.0.5 will be configured with the 1046netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with 1047the non-conflicting netmask /32 as explained in the 1048.Xr ifconfig 8 1049alias section. 1050With the interface in question being 1051.Li ed0 , 1052an example could look like: 1053.Bd -literal 1054ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28" 1055.Ed 1056.Pp 1057It is also possible to add IP alias entries using 1058.Xr ifconfig 8 1059syntax. 1060Assuming that the interface in question was 1061.Li ed0 , 1062it might look 1063something like this: 1064.Bd -literal 1065ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1066ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1067.Ed 1068.Pp 1069And so on. 1070For each 1071.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1072entry that is found, 1073its contents are passed to 1074.Xr ifconfig 8 . 1075Execution stops at the first unsuccessful access, so if 1076something like this is present: 1077.Bd -literal 1078ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1079ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1080ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1081ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1082.Ed 1083.Pp 1084Then note that alias4 would 1085.Em not 1086be added since the search would 1087stop with the missing 1088.Dq Li alias3 1089entry. 1090Due to this difficult to manage behavior, the 1091.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1092form is deprecated. 1093.Pp 1094If the 1095.Pa /etc/start_if. Ns Aq Ar interface 1096file is present, it is read and executed by the 1097.Xr sh 1 1098interpreter 1099before configuring the interface as specified in the 1100.Va ifconfig_ Ns Aq Ar interface 1101and 1102.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1103variables. 1104.Pp 1105If the 1106.Va ifconfig_ Ns Aq Ar interface 1107contains the keyword 1108.Dq Li NOAUTO 1109then the interface will not be configured 1110at boot or by 1111.Pa /etc/pccard_ether 1112when 1113.Va network_interfaces 1114is set to 1115.Dq Li AUTO . 1116.Pp 1117It is possible to bring up an interface with DHCP by adding 1118.Dq Li DHCP 1119to the 1120.Va ifconfig_ Ns Aq Ar interface 1121variable. 1122For instance, to initialize the 1123.Li ed0 1124device via DHCP, 1125it is possible to use something like: 1126.Bd -literal 1127ifconfig_ed0="DHCP" 1128.Ed 1129.Pp 1130Also, if you want to configure your wireless interface with 1131.Xr wpa_supplicant 8 1132for use with WPA, EAP/LEAP or WEP, you need to add 1133.Dq Li WPA 1134to the 1135.Va ifconfig_ Ns Aq Ar interface 1136variable. 1137.Pp 1138Finally, you can add 1139.Xr ifconfig 8 1140options in this variable, in addition to the 1141.Pa /etc/start_if. Ns Aq Ar interface 1142file. 1143For instance, to initialize the 1144.Li wi0 1145device via DHCP, using WPA authentication and 802.11b mode, it is 1146possible to use something like: 1147.Bd -literal 1148ifconfig_wi0="DHCP WPA mode 11b" 1149.Ed 1150.Pp 1151In addition to the 1152.Va ifconfig_ Ns Aq Ar interface 1153form, a fallback variable 1154.Va ifconfig_DEFAULT 1155may be configured. 1156It will be used for all interfaces with no 1157.Va ifconfig_ Ns Aq Ar interface 1158variable. 1159This is intended to replace the no longer supported 1160.Va pccard_ifconfig 1161variable. 1162.Pp 1163It is also possible to rename interface by doing: 1164.Bd -literal 1165ifconfig_ed0_name="net0" 1166ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000" 1167.Ed 1168.It Va ipv6_network_interfaces 1169.Pq Vt str 1170This is the IPv6 equivalent of 1171.Va network_interfaces . 1172Instead of setting the ifconfig variables as 1173.Va ifconfig_ Ns Aq Ar interface 1174they should be set as 1175.Va ipv6_ifconfig_ Ns Aq Ar interface . 1176Aliases should be set as 1177.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1178.Va ipv6_prefix_ Ns Aq Ar interface 1179does something. 1180Interfaces that do not have a 1181.Va ipv6_ifconfig_ Ns Aq Ar interface 1182setting will be auto configured by 1183.Xr rtsol 8 1184if the 1185.Va ipv6_gateway_enable 1186is set to 1187.Dq Li NO . 1188Note that the IPv6 networking code does not support the 1189.Pa /etc/start_if. Ns Aq Ar interface 1190files. 1191.It Va ipv6_default_interface 1192.Pq Vt str 1193If not set to 1194.Dq Li NO , 1195this is the default output interface for scoped addresses. 1196Now this works only for IPv6 link local multicast addresses. 1197.It Va cloned_interfaces 1198.Pq Vt str 1199Set to the list of clonable network interfaces to create on this host. 1200Entries in 1201.Va cloned_interfaces 1202are automatically appended to 1203.Va network_interfaces 1204for configuration. 1205.It Va fec_interfaces 1206.Pq Vt str 1207Set to the list of 1208.Xr ng_fec 4 1209Fast EtherChannel interfaces to configure on this host. 1210A 1211.Va fecconfig_ Ns Aq Ar interface 1212variable is assumed to exist for each value of 1213.Ar interface . 1214The value of this variable is used to configure link aggregated interfaces 1215according to the syntax of the 1216.Cm NGM_FEC_ADD_IFACE 1217to 1218.Xr ngctl 8 1219msg. 1220Additionally, this option ensures that each listed interface is created 1221via the 1222.Cm mkpeer 1223command to 1224.Xr ngctl 8 1225before attempting to configure it. 1226For example: 1227.Bd -literal 1228fec_interfaces="fec0" 1229fecconfig_fec0="em0 em1" 1230ifconfig_fec0="DHCP" 1231.Ed 1232.It Va gif_interfaces 1233.Pq Vt str 1234Set to the list of 1235.Xr gif 4 1236tunnel interfaces to configure on this host. 1237A 1238.Va gifconfig_ Ns Aq Ar interface 1239variable is assumed to exist for each value of 1240.Ar interface . 1241The value of this variable is used to configure the link layer of the 1242tunnel according to the syntax of the 1243.Cm tunnel 1244option to 1245.Xr ifconfig 8 . 1246Additionally, this option ensures that each listed interface is created 1247via the 1248.Cm create 1249option to 1250.Xr ifconfig 8 1251before attempting to configure it. 1252.It Va sppp_interfaces 1253.Pq Vt str 1254Set to the list of 1255.Xr sppp 4 1256interfaces to configure on this host. 1257A 1258.Va spppconfig_ Ns Aq Ar interface 1259variable is assumed to exist for each value of 1260.Ar interface . 1261Each interface should also be configured by a general 1262.Va ifconfig_ Ns Aq Ar interface 1263setting. 1264Refer to 1265.Xr spppcontrol 8 1266for more information about available options. 1267.It Va ppp_enable 1268.Pq Vt bool 1269If set to 1270.Dq Li YES , 1271run the 1272.Xr ppp 8 1273daemon. 1274.It Va ppp_mode 1275.Pq Vt str 1276Mode in which to run the 1277.Xr ppp 8 1278daemon. 1279Accepted modes are 1280.Dq Li auto , 1281.Dq Li ddial , 1282.Dq Li direct 1283and 1284.Dq Li dedicated . 1285See the manual for a full description. 1286.It Va ppp_nat 1287.Pq Vt bool 1288If set to 1289.Dq Li YES , 1290enables network address translation. 1291Used in conjunction with 1292.Va gateway_enable 1293allows hosts on private network addresses access to the Internet using 1294this host as a network address translating router. 1295.It Va ppp_profile 1296.Pq Vt str 1297The name of the profile to use from 1298.Pa /etc/ppp/ppp.conf . 1299.It Va ppp_user 1300.Pq Vt str 1301The name of the user under which 1302.Xr ppp 8 1303should be started. 1304By 1305default, 1306.Xr ppp 8 1307is started as 1308.Dq Li root . 1309.It Va rc_conf_files 1310.Pq Vt str 1311This option is used to specify a list of files that will override 1312the settings in 1313.Pa /etc/defaults/rc.conf . 1314The files will be read in the order in which they are specified and should 1315include the full path to the file. 1316By default, the files specified are 1317.Pa /etc/rc.conf 1318and 1319.Pa /etc/rc.conf.local 1320.It Va zfs_enable 1321.Pq Vt bool 1322If set to 1323.Dq Li YES , 1324.Pa /etc/rc.d/zfs 1325will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1326(ZVOLs). 1327.It Va gbde_autoattach_all 1328.Pq Vt bool 1329If set to 1330.Dq Li YES , 1331.Pa /etc/rc.d/gbde 1332will attempt to automatically initialize your .bde devices in 1333.Pa /etc/fstab . 1334.It Va gbde_devices 1335.Pq Vt str 1336List the devices that the script should try to attach, 1337or 1338.Dq Li AUTO . 1339.It Va gbde_lockdir 1340.Pq Vt str 1341The directory where the 1342.Xr gbde 4 1343lockfiles are located. 1344The default lockfile directory is 1345.Pa /etc . 1346.Pp 1347The lockfile for each individual 1348.Xr gbde 4 1349device can be overridden by setting the variable 1350.Va gbde_lock_ Ns Aq Ar device , 1351where 1352.Ar device 1353is the encrypted device without the 1354.Dq Pa /dev/ 1355and 1356.Dq Pa .bde 1357parts. 1358.It Va gbde_attach_attempts 1359.Pq Vt int 1360Number of times to attempt attaching to a 1361.Xr gbde 4 1362device, i.e., how many times the user is asked for the pass-phrase. 1363Default is 3. 1364.It Va geli_devices 1365.Pq Vt str 1366List of devices to automatically attach on boot. 1367Note that .eli devices from 1368.Pa /etc/fstab 1369are automatically appended to this list. 1370.It Va geli_tries 1371.Pq Vt int 1372Number of times user is asked for the pass-phrase. 1373If empty, it will be taken from 1374.Va kern.geom.eli.tries 1375sysctl variable. 1376.It Va geli_default_flags 1377.Pq Vt str 1378Default flags to use by 1379.Xr geli 8 1380when configuring disk encryption. 1381Flags can be configured for every device separately by defining 1382.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1383variable. 1384.It Va geli_autodetach 1385.Pq Vt str 1386Specifies if GELI devices should be marked for detach on last close after 1387file systems are mounted. 1388Default is 1389.Dq Li YES . 1390This can be changed for every device separately by defining 1391.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1392variable. 1393.It Va geli_swap_flags 1394Options passed to the 1395.Xr geli 8 1396utility when encrypted GEOM providers for swap partitions are created. 1397The default is 1398.Dq Li "-a aes -l 256 -s 4096 -d" . 1399.It Va root_rw_mount 1400.Pq Vt bool 1401Set to 1402.Dq Li YES 1403by default. 1404After the file systems are checked at boot time, the root file system 1405is remounted as read-write if this is set to 1406.Dq Li YES . 1407Diskless systems that mount their root file system from a read-only remote 1408NFS share should set this to 1409.Dq Li NO 1410in their 1411.Pa rc.conf . 1412.It Va fsck_y_enable 1413.Pq Vt bool 1414If set to 1415.Dq Li YES , 1416.Xr fsck 8 1417will be run with the 1418.Fl y 1419flag if the initial preen 1420of the file systems fails. 1421.It Va background_fsck 1422.Pq Vt bool 1423If set to 1424.Dq Li YES , 1425the system will attempt to run 1426.Xr fsck 8 1427in the background where possible. 1428.It Va background_fsck_delay 1429.Pq Vt int 1430The amount of time in seconds to sleep before starting a background 1431.Xr fsck 8 . 1432It defaults to sixty seconds to allow large applications such as 1433the X server to start before disk I/O bandwidth is monopolized by 1434.Xr fsck 8 . 1435If set to a negative number, the background file system check will be 1436delayed indefinitely to allow the administrator to run it at a more 1437convenient time. 1438For example it may be run from 1439.Xr cron 8 1440by adding a line like 1441.Pp 1442.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1443.Pp 1444to 1445.Pa /etc/crontab . 1446.It Va netfs_types 1447.Pq Vt str 1448List of file system types that are network-based. 1449This list should generally not be modified by end users. 1450Use 1451.Va extra_netfs_types 1452instead. 1453.It Va extra_netfs_types 1454.Pq Vt str 1455If set to something other than 1456.Dq Li NO 1457(the default), 1458this variable extends the list of file system types 1459for which automatic mounting at startup by 1460.Xr rc 8 1461should be delayed until the network is initialized. 1462It should contain 1463a whitespace-separated list of network file system descriptor pairs, 1464each consisting of a file system type as passed to 1465.Xr mount 8 1466and a human-readable, one-word description, 1467joined with a colon 1468.Pq Ql \&: . 1469Extending the default list in this way is only necessary 1470when third party file system types are used. 1471.It Va syslogd_enable 1472.Pq Vt bool 1473If set to 1474.Dq Li YES , 1475run the 1476.Xr syslogd 8 1477daemon. 1478.It Va syslogd_program 1479.Pq Vt str 1480Path to 1481.Xr syslogd 8 1482(default 1483.Pa /usr/sbin/syslogd ) . 1484.It Va syslogd_flags 1485.Pq Vt str 1486If 1487.Va syslogd_enable 1488is set to 1489.Dq Li YES , 1490these are the flags to pass to 1491.Xr syslogd 8 . 1492.It Va inetd_enable 1493.Pq Vt bool 1494If set to 1495.Dq Li YES , 1496run the 1497.Xr inetd 8 1498daemon. 1499.It Va inetd_program 1500.Pq Vt str 1501Path to 1502.Xr inetd 8 1503(default 1504.Pa /usr/sbin/inetd ) . 1505.It Va inetd_flags 1506.Pq Vt str 1507If 1508.Va inetd_enable 1509is set to 1510.Dq Li YES , 1511these are the flags to pass to 1512.Xr inetd 8 . 1513.It Va named_enable 1514.Pq Vt bool 1515If set to 1516.Dq Li YES , 1517run the 1518.Xr named 8 1519daemon. 1520.It Va named_program 1521.Pq Vt str 1522Path to 1523.Xr named 8 1524(default 1525.Pa /usr/sbin/named ) . 1526.It Va named_flags 1527.Pq Vt str 1528If 1529.Va named_enable 1530is set to 1531.Dq Li YES , 1532these are the flags to pass to 1533.Xr named 8 . 1534.It Va named_pidfile 1535.Pq Vt str 1536This is the default path to the 1537.Xr named 8 1538daemon's PID file. 1539This must match the location in 1540.Xr named.conf 5 . 1541.It Va named_uid 1542.Pq Vt str 1543The user that the 1544.Xr named 8 1545process should be run as. 1546.It Va named_chrootdir 1547.Pq Vt str 1548The root directory for a name server run in a 1549.Xr chroot 8 1550environment (default 1551.Pa /var/named ) . 1552If left empty 1553.Xr named 8 1554will not be run in a 1555.Xr chroot 8 1556environment. 1557.It Va named_chroot_autoupdate 1558.Pq Vt bool 1559Set to 1560.Dq Li NO 1561to disable automatic update of the 1562.Xr chroot 8 1563environment. 1564.It Va named_symlink_enable 1565.Pq Vt bool 1566Set to 1567.Dq Li NO 1568to disable symlinking of 1569daemon's PID file 1570into the 1571.Xr chroot 8 1572environment. 1573.It Va kerberos5_server_enable 1574.Pq Vt bool 1575Set to 1576.Dq Li YES 1577to start a Kerberos 5 authentication server 1578at boot time. 1579.It Va kerberos5_server 1580.Pq Vt str 1581If 1582.Va kerberos5_server_enable 1583is set to 1584.Dq Li YES 1585this is the path to Kerberos 5 Authentication Server. 1586.It Va kerberos5_server_flags 1587.Pq Vt str 1588Empty by default. 1589This variable contains additional flags to be passed to the Kerberos 5 1590authentication server. 1591.It Va kadmind5_server_enable 1592.Pq Vt bool 1593Set to 1594.Dq Li YES 1595to start 1596.Xr kadmind 8 , 1597the Kerberos 5 Administration Daemon; set to 1598.Dq Li NO 1599on a slave server. 1600.It Va kadmind5_server 1601.Pq Vt str 1602If 1603.Va kadmind5_server_enable 1604is set to 1605.Dq Li YES 1606this is the path to Kerberos 5 Administration Daemon. 1607.It Va kpasswdd_server_enable 1608.Pq Vt bool 1609Set to 1610.Dq Li YES 1611to start 1612.Xr kpasswdd 8 , 1613the Kerberos 5 Password-Changing Daemon; set to 1614.Dq Li NO 1615on a slave server. 1616.It Va kpasswdd_server 1617.Pq Vt str 1618If 1619.Va kpasswdd_server_enable 1620is set to 1621.Dq Li YES 1622this is the path to Kerberos 5 Password-Changing Daemon. 1623.It Va rwhod_enable 1624.Pq Vt bool 1625If set to 1626.Dq Li YES , 1627run the 1628.Xr rwhod 8 1629daemon at boot time. 1630.It Va rwhod_flags 1631.Pq Vt str 1632If 1633.Va rwhod_enable 1634is set to 1635.Dq Li YES , 1636these are the flags to pass to it. 1637.It Va amd_enable 1638.Pq Vt bool 1639If set to 1640.Dq Li YES , 1641run the 1642.Xr amd 8 1643daemon at boot time. 1644.It Va amd_flags 1645.Pq Vt str 1646If 1647.Va amd_enable 1648is set to 1649.Dq Li YES , 1650these are the flags to pass to it. 1651See the 1652.Xr amd 8 1653manpage for more information. 1654.It Va amd_map_program 1655.Pq Vt str 1656If set, 1657the specified program is run to get the list of 1658.Xr amd 8 1659maps. 1660For example, if the 1661.Xr amd 8 1662maps are stored in NIS, one can set this to 1663run 1664.Xr ypcat 1 1665to get a list of 1666.Xr amd 8 1667maps from the 1668.Pa amd.master 1669NIS map. 1670.It Va update_motd 1671.Pq Vt bool 1672If set to 1673.Dq Li YES , 1674.Pa /etc/motd 1675will be updated at boot time to reflect the kernel release 1676being run. 1677If set to 1678.Dq Li NO , 1679.Pa /etc/motd 1680will not be updated. 1681.It Va nfs_client_enable 1682.Pq Vt bool 1683If set to 1684.Dq Li YES , 1685run the NFS client daemons at boot time. 1686.It Va nfs_access_cache 1687.Pq Vt int 1688If 1689.Va nfs_client_enable 1690is set to 1691.Dq Li YES , 1692this can be set to 1693.Dq Li 0 1694to disable NFS ACCESS RPC caching, or to the number of seconds for which 1695NFS ACCESS 1696results should be cached. 1697A value of 2-10 seconds will substantially reduce network 1698traffic for many NFS operations. 1699.It Va nfs_server_enable 1700.Pq Vt bool 1701If set to 1702.Dq Li YES , 1703run the NFS server daemons at boot time. 1704.It Va nfs_server_flags 1705.Pq Vt str 1706If 1707.Va nfs_server_enable 1708is set to 1709.Dq Li YES , 1710these are the flags to pass to the 1711.Xr nfsd 8 1712daemon. 1713.It Va idmapd_enable 1714.Pq Vt bool 1715If set to 1716.Dq Li YES , 1717run the ID mapping daemon for NFS version 4. 1718.It Va idmapd_flags 1719.Pq Vt str 1720If 1721.Va idmapd_enable 1722is set to 1723.Dq Li YES , 1724these are the flags to pass to the 1725.Xr idmapd 8 1726daemon. 1727.It Va mountd_enable 1728.Pq Vt bool 1729If set to 1730.Dq Li YES , 1731and no 1732.Va nfs_server_enable 1733is set, start 1734.Xr mountd 8 , 1735but not 1736.Xr nfsd 8 1737daemon. 1738It is commonly needed to run CFS without real NFS used. 1739.It Va mountd_flags 1740.Pq Vt str 1741If 1742.Va mountd_enable 1743is set to 1744.Dq Li YES , 1745these are the flags to pass to the 1746.Xr mountd 8 1747daemon. 1748.It Va weak_mountd_authentication 1749.Pq Vt bool 1750If set to 1751.Dq Li YES , 1752allow services like PCNFSD to make non-privileged mount 1753requests. 1754.It Va nfs_reserved_port_only 1755.Pq Vt bool 1756If set to 1757.Dq Li YES , 1758provide NFS services only on a secure port. 1759.It Va nfs_bufpackets 1760.Pq Vt int 1761If set to a number, indicates the number of packets worth of 1762socket buffer space to reserve on an NFS client. 1763The kernel default is typically 4. 1764Using a higher number may be 1765useful on gigabit networks to improve performance. 1766The minimum value is 17672 and the maximum is 64. 1768.It Va rpc_lockd_enable 1769.Pq Vt bool 1770If set to 1771.Dq Li YES 1772and also an NFS server or client, run 1773.Xr rpc.lockd 8 1774at boot time. 1775.It Va rpc_lockd_flags 1776.Pq Vt str 1777If 1778.Va rpc_lockd_enable 1779is set to 1780.Dq Li YES , 1781these are the flags to pass to the 1782.Xr rpc.lockd 8 1783daemon. 1784.It Va rpc_statd_enable 1785.Pq Vt bool 1786If set to 1787.Dq Li YES 1788and also an NFS server or client, run 1789.Xr rpc.statd 8 1790at boot time. 1791.It Va rpc_statd_flags 1792.Pq Vt str 1793If 1794.Va rpc_statd_enable 1795is set to 1796.Dq Li YES , 1797these are the flags to pass to the 1798.Xr rpc.statd 8 1799daemon. 1800.It Va rpcbind_program 1801.Pq Vt str 1802Path to 1803.Xr rpcbind 8 1804(default 1805.Pa /usr/sbin/rpcbind ) . 1806.It Va rpcbind_enable 1807.Pq Vt bool 1808If set to 1809.Dq Li YES , 1810run the 1811.Xr rpcbind 8 1812service at boot time. 1813.It Va rpcbind_flags 1814.Pq Vt str 1815If 1816.Va rpcbind_enable 1817is set to 1818.Dq Li YES , 1819these are the flags to pass to the 1820.Xr rpcbind 8 1821daemon. 1822.It Va keyserv_enable 1823.Pq Vt bool 1824If set to 1825.Dq Li YES , 1826run the 1827.Xr keyserv 8 1828daemon on boot for running Secure RPC. 1829.It Va keyserv_flags 1830.Pq Vt str 1831If 1832.Va keyserv_enable 1833is set to 1834.Dq Li YES , 1835these are the flags to pass to 1836.Xr keyserv 8 1837daemon. 1838.It Va pppoed_enable 1839.Pq Vt bool 1840If set to 1841.Dq Li YES , 1842run the 1843.Xr pppoed 8 1844daemon at boot time to provide PPP over Ethernet services. 1845.It Va pppoed_ Ns Aq Ar provider 1846.Pq Vt str 1847.Xr pppoed 8 1848listens to requests to this 1849.Ar provider 1850and ultimately runs 1851.Xr ppp 8 1852with a 1853.Ar system 1854argument of the same name. 1855.It Va pppoed_flags 1856.Pq Vt str 1857Additional flags to pass to 1858.Xr pppoed 8 . 1859.It Va pppoed_interface 1860.Pq Vt str 1861The network interface to run 1862.Xr pppoed 8 1863on. 1864This is mandatory when 1865.Va pppoed_enable 1866is set to 1867.Dq Li YES . 1868.It Va timed_enable 1869.Pq Vt bool 1870If set to 1871.Dq Li YES , 1872run the 1873.Xr timed 8 1874service at boot time. 1875This command is intended for networks of 1876machines where a consistent 1877.Dq "network time" 1878for all hosts must be established. 1879This is often useful in large NFS 1880environments where time stamps on files are expected to be consistent 1881network-wide. 1882.It Va timed_flags 1883.Pq Vt str 1884If 1885.Va timed_enable 1886is set to 1887.Dq Li YES , 1888these are the flags to pass to the 1889.Xr timed 8 1890service. 1891.It Va ntpdate_enable 1892.Pq Vt bool 1893If set to 1894.Dq Li YES , 1895run 1896.Xr ntpdate 8 1897at system startup. 1898This command is intended to 1899synchronize the system clock only 1900.Em once 1901from some standard reference. 1902An option to set this up initially 1903(from a list of known servers) is also provided by the 1904.Xr sysinstall 8 1905program when the system is first installed. 1906.It Va ntpdate_config 1907.Pq Vt str 1908Configuration file for 1909.Xr ntpdate 8 . 1910Default 1911.Pa /etc/ntp.conf . 1912.It Va ntpdate_hosts 1913.Pq Vt str 1914A whitespace-separated list of NTP servers to synchronize with at startup. 1915The default is to use the servers listed in 1916.Va ntpdate_config , 1917if that file exists. 1918.It Va ntpdate_program 1919.Pq Vt str 1920Path to 1921.Xr ntpdate 8 1922(default 1923.Pa /usr/sbin/ntpdate ) . 1924.It Va ntpdate_flags 1925.Pq Vt str 1926If 1927.Va ntpdate_enable 1928is set to 1929.Dq Li YES , 1930these are the flags to pass to the 1931.Xr ntpdate 8 1932command (typically a hostname). 1933.It Va ntpd_enable 1934.Pq Vt bool 1935If set to 1936.Dq Li YES , 1937run the 1938.Xr ntpd 8 1939command at boot time. 1940.It Va ntpd_program 1941.Pq Vt str 1942Path to 1943.Xr ntpd 8 1944(default 1945.Pa /usr/sbin/ntpd ) . 1946.It Va ntpd_config 1947.Pq Vt str 1948Path to 1949.Xr ntpd 8 1950configuration file. 1951Default 1952.Pa /etc/ntp.conf . 1953.It Va ntpd_flags 1954.Pq Vt str 1955If 1956.Va ntpd_enable 1957is set to 1958.Dq Li YES , 1959these are the flags to pass to the 1960.Xr ntpd 8 1961daemon. 1962.It Va ntpd_sync_on_start 1963.Pq Vt bool 1964If set to 1965.Dq Li YES , 1966.Xr ntpd 8 1967is run with the 1968.Fl g 1969flag, which syncs the system's clock on startup. 1970See 1971.Xr ntpd 8 1972for more information regarding the 1973.Fl g 1974option. 1975This is a preferred alternative to using 1976.Xr ntpdate 8 1977or specifying the 1978.Va ntpdate_enable 1979variable. 1980.It Va nis_client_enable 1981.Pq Vt bool 1982If set to 1983.Dq Li YES , 1984run the 1985.Xr ypbind 8 1986service at system boot time. 1987.It Va nis_client_flags 1988.Pq Vt str 1989If 1990.Va nis_client_enable 1991is set to 1992.Dq Li YES , 1993these are the flags to pass to the 1994.Xr ypbind 8 1995service. 1996.It Va nis_ypset_enable 1997.Pq Vt bool 1998If set to 1999.Dq Li YES , 2000run the 2001.Xr ypset 8 2002daemon at system boot time. 2003.It Va nis_ypset_flags 2004.Pq Vt str 2005If 2006.Va nis_ypset_enable 2007is set to 2008.Dq Li YES , 2009these are the flags to pass to the 2010.Xr ypset 8 2011daemon. 2012.It Va nis_server_enable 2013.Pq Vt bool 2014If set to 2015.Dq Li YES , 2016run the 2017.Xr ypserv 8 2018daemon at system boot time. 2019.It Va nis_server_flags 2020.Pq Vt str 2021If 2022.Va nis_server_enable 2023is set to 2024.Dq Li YES , 2025these are the flags to pass to the 2026.Xr ypserv 8 2027daemon. 2028.It Va nis_ypxfrd_enable 2029.Pq Vt bool 2030If set to 2031.Dq Li YES , 2032run the 2033.Xr rpc.ypxfrd 8 2034daemon at system boot time. 2035.It Va nis_ypxfrd_flags 2036.Pq Vt str 2037If 2038.Va nis_ypxfrd_enable 2039is set to 2040.Dq Li YES , 2041these are the flags to pass to the 2042.Xr rpc.ypxfrd 8 2043daemon. 2044.It Va nis_yppasswdd_enable 2045.Pq Vt bool 2046If set to 2047.Dq Li YES , 2048run the 2049.Xr rpc.yppasswdd 8 2050daemon at system boot time. 2051.It Va nis_yppasswdd_flags 2052.Pq Vt str 2053If 2054.Va nis_yppasswdd_enable 2055is set to 2056.Dq Li YES , 2057these are the flags to pass to the 2058.Xr rpc.yppasswdd 8 2059daemon. 2060.It Va rpc_ypupdated_enable 2061.Pq Vt bool 2062If set to 2063.Dq Li YES , 2064run the 2065.Nm rpc.ypupdated 2066daemon at system boot time. 2067.It Va bsnmpd_enable 2068.Pq Vt bool 2069If set to 2070.Dq Li YES , 2071run the 2072.Xr bsnmpd 1 2073daemon at system boot time. 2074Be sure to understand the security implications of running SNMP daemon 2075on your host. 2076.It Va bsnmpd_flags 2077.Pq Vt str 2078If 2079.Va bsnmpd_enable 2080is set to 2081.Dq Li YES , 2082these are the flags to pass to the 2083.Xr bsnmpd 1 2084daemon. 2085.It Va defaultrouter 2086.Pq Vt str 2087If not set to 2088.Dq Li NO , 2089create a default route to this host name or IP address 2090(use an IP address if this router is also required to get to the 2091name server!). 2092.It Va ipv6_defaultrouter 2093.Pq Vt str 2094The IPv6 equivalent of 2095.Va defaultrouter . 2096.It Va static_routes 2097.Pq Vt str 2098Set to the list of static routes that are to be added at system 2099boot time. 2100If not set to 2101.Dq Li NO 2102then for each whitespace separated 2103.Ar element 2104in the value, a 2105.Va route_ Ns Aq Ar element 2106variable is assumed to exist 2107whose contents will later be passed to a 2108.Dq Nm route Cm add 2109operation. 2110For example: 2111.Bd -literal 2112static_routes="mcast gif0local" 2113route_mcast="-net 224.0.0.0/4 -iface gif0" 2114route_gif0local="-host 169.254.1.1 -iface lo0" 2115.Ed 2116.It Va ipv6_static_routes 2117.Pq Vt str 2118The IPv6 equivalent of 2119.Va static_routes . 2120If not set to 2121.Dq Li NO 2122then for each whitespace separated 2123.Ar element 2124in the value, a 2125.Va ipv6_route_ Ns Aq Ar element 2126variable is assumed to exist 2127whose contents will later be passed to a 2128.Dq Nm route Cm add Fl inet6 2129operation. 2130.It Va natm_static_routes 2131.Pq Vt str 2132The 2133.Xr natmip 4 2134equivalent of 2135.Va static_routes . 2136If not empty then for each whitespace separated 2137.Ar element 2138in the value, a 2139.Va route_ Ns Aq Ar element 2140variable is assumed to exist whose contents will later be passed to a 2141.Dq Nm atmconfig Cm natm Cm add 2142operation. 2143.It Va gateway_enable 2144.Pq Vt bool 2145If set to 2146.Dq Li YES , 2147configure host to act as an IP router, e.g.\& to forward packets 2148between interfaces. 2149.It Va ipv6_gateway_enable 2150.Pq Vt bool 2151The IPv6 equivalent of 2152.Va gateway_enable . 2153.It Va router_enable 2154.Pq Vt bool 2155If set to 2156.Dq Li YES , 2157run a routing daemon of some sort, based on the 2158settings of 2159.Va router 2160and 2161.Va router_flags . 2162.It Va ipv6_router_enable 2163.Pq Vt bool 2164The IPv6 equivalent of 2165.Va router_enable . 2166If set to 2167.Dq Li YES , 2168run a routing daemon of some sort, based on the 2169settings of 2170.Va ipv6_router 2171and 2172.Va ipv6_router_flags . 2173.It Va router 2174.Pq Vt str 2175If 2176.Va router_enable 2177is set to 2178.Dq Li YES , 2179this is the name of the routing daemon to use. 2180.It Va ipv6_router 2181.Pq Vt str 2182The IPv6 equivalent of 2183.Va router . 2184.It Va router_flags 2185.Pq Vt str 2186If 2187.Va router_enable 2188is set to 2189.Dq Li YES , 2190these are the flags to pass to the routing daemon. 2191.It Va ipv6_router_flags 2192.Pq Vt str 2193The IPv6 equivalent of 2194.Va router_flags . 2195.It Va mrouted_enable 2196.Pq Vt bool 2197If set to 2198.Dq Li YES , 2199run the multicast routing daemon, 2200.Xr mrouted 8 . 2201.It Va mroute6d_enable 2202.Pq Vt bool 2203The IPv6 equivalent of 2204.Va mrouted_enable . 2205If set to 2206.Dq Li YES , 2207run the IPv6 multicast routing daemon. 2208.Pp 2209Note that multicast routing daemons are no longer included in the 2210.Fx 2211base system, however, both 2212.Xr mrouted 8 2213and 2214.Xr pim6dd 8 2215may be installed from the 2216.Fx 2217Ports Collection. 2218.It Va mrouted_flags 2219.Pq Vt str 2220If 2221.Va mrouted_enable 2222is set to 2223.Dq Li YES , 2224these are the flags to pass to the 2225.Xr mrouted 8 2226daemon. 2227.It Va mroute6d_flags 2228.Pq Vt str 2229The IPv6 equivalent of 2230.Va mrouted_flags . 2231If 2232.Va mroute6d_enable 2233is set to 2234.Dq Li YES , 2235these are the flags passed to the IPv6 multicast routing daemon. 2236.It Va mroute6d_program 2237.Pq Vt str 2238If 2239.Va mroute6d_enable 2240is set to 2241.Dq Li YES , 2242this is the path to the IPv6 multicast routing daemon. 2243.It Va rtadvd_enable 2244.Pq Vt bool 2245If set to 2246.Dq Li YES , 2247run the 2248.Xr rtadvd 8 2249daemon at boot time. 2250.Xr rtadvd 8 2251will only run if 2252.Va ipv6_gateway_enable 2253is also set to 2254.Dq Li YES . 2255The 2256.Xr rtadvd 8 2257utility sends router advertisement packets to the interfaces specified in 2258.Va rtadvd_interfaces 2259and should only be enabled with great care. 2260You may want to fine-tune 2261.Xr rtadvd.conf 5 . 2262.It Va rtadvd_interfaces 2263.Pq Vt str 2264If 2265.Va rtadvd_enable 2266is set to 2267.Dq Li YES 2268this is the list of interfaces to use. 2269.It Va ipxgateway_enable 2270.Pq Vt bool 2271If set to 2272.Dq Li YES , 2273enable the routing of IPX traffic. 2274.It Va ipxrouted_enable 2275.Pq Vt bool 2276If set to 2277.Dq Li YES , 2278run the 2279.Xr IPXrouted 8 2280daemon at system boot time. 2281.It Va ipxrouted_flags 2282.Pq Vt str 2283If 2284.Va ipxrouted_enable 2285is set to 2286.Dq Li YES , 2287these are the flags to pass to the 2288.Xr IPXrouted 8 2289daemon. 2290.It Va arpproxy_all 2291.Pq Vt bool 2292If set to 2293.Dq Li YES , 2294enable global proxy ARP. 2295.It Va forward_sourceroute 2296.Pq Vt bool 2297If set to 2298.Dq Li YES 2299and 2300.Va gateway_enable 2301is also set to 2302.Dq Li YES , 2303source-routed packets are forwarded. 2304.It Va accept_sourceroute 2305.Pq Vt bool 2306If set to 2307.Dq Li YES , 2308the system will accept source-routed packets directed at it. 2309.It Va rarpd_enable 2310.Pq Vt bool 2311If set to 2312.Dq Li YES , 2313run the 2314.Xr rarpd 8 2315daemon at system boot time. 2316.It Va rarpd_flags 2317.Pq Vt str 2318If 2319.Va rarpd_enable 2320is set to 2321.Dq Li YES , 2322these are the flags to pass to the 2323.Xr rarpd 8 2324daemon. 2325.It Va bootparamd_enable 2326.Pq Vt bool 2327If set to 2328.Dq Li YES , 2329run the 2330.Xr bootparamd 8 2331daemon at system boot time. 2332.It Va bootparamd_flags 2333.Pq Vt str 2334If 2335.Va bootparamd_enable 2336is set to 2337.Dq Li YES , 2338these are the flags to pass to the 2339.Xr bootparamd 8 2340daemon. 2341.It Va stf_interface_ipv4addr 2342.Pq Vt str 2343If not set to 2344.Dq Li NO , 2345this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2346interface). 2347Specify this entry to enable the 6to4 interface. 2348.It Va stf_interface_ipv4plen 2349.Pq Vt int 2350Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2351An effective value is 0-31. 2352.It Va stf_interface_ipv6_ifid 2353.Pq Vt str 2354IPv6 interface ID for 2355.Xr stf 4 . 2356This can be set to 2357.Dq Li AUTO . 2358.It Va stf_interface_ipv6_slaid 2359.Pq Vt str 2360IPv6 Site Level Aggregator for 2361.Xr stf 4 . 2362.It Va ipv6_faith_prefix 2363.Pq Vt str 2364If not set to 2365.Dq Li NO , 2366this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2367translator. 2368You also need 2369.Xr faithd 8 2370setup. 2371.It Va ipv6_ipv4mapping 2372.Pq Vt bool 2373If set to 2374.Dq Li YES 2375this enables IPv4 mapped IPv6 address communication (like 2376.Li ::ffff:a.b.c.d ) . 2377.It Va atm_enable 2378.Pq Vt bool 2379Set to 2380.Dq Li YES 2381to enable the configuration of ATM interfaces at system boot time. 2382For all of the ATM variables described below, please refer to the 2383.Xr atm 8 2384manual page for further details on the available command parameters. 2385Also refer to the files in 2386.Pa /usr/share/examples/atm 2387for more detailed configuration information. 2388.It Va atm_load 2389.Pq Vt str 2390This is a list of physical ATM interface drivers to load. 2391Typical values are 2392.Dq Li hfa_pci 2393and/or 2394.Dq Li hea_pci . 2395.It Va atm_netif_ Ns Aq Ar intf 2396.Pq Vt str 2397For the ATM physical interface 2398.Ar intf , 2399this variable defines the name prefix and count for the ATM network 2400interfaces to be created. 2401The value will be passed as the parameters of an 2402.Dq Nm atm Cm "set netif" Ar intf 2403command. 2404.It Va atm_sigmgr_ Ns Aq Ar intf 2405.Pq Vt str 2406For the ATM physical interface 2407.Ar intf , 2408this variable defines the ATM signalling manager to be used. 2409The value will be passed as the parameters of an 2410.Dq Nm atm Cm attach Ar intf 2411command. 2412.It Va atm_prefix_ Ns Aq Ar intf 2413.Pq Vt str 2414For the ATM physical interface 2415.Ar intf , 2416this variable defines the NSAP prefix for interfaces using a UNI signalling 2417manager. 2418If set to 2419.Dq Li ILMI , 2420the prefix will automatically be set via the 2421.Xr ilmid 8 2422daemon. 2423Otherwise, the value will be passed as the parameters of an 2424.Dq Nm atm Cm "set prefix" Ar intf 2425command. 2426.It Va atm_macaddr_ Ns Aq Ar intf 2427.Pq Vt str 2428For the ATM physical interface 2429.Ar intf , 2430this variable defines the MAC address for interfaces using a UNI signalling 2431manager. 2432If set to 2433.Dq Li NO , 2434the hardware MAC address contained in the ATM interface card will be used. 2435Otherwise, the value will be passed as the parameters of an 2436.Dq Nm atm Cm "set mac" Ar intf 2437command. 2438.It Va atm_arpserver_ Ns Aq Ar netif 2439.Pq Vt str 2440For the ATM network interface 2441.Ar netif , 2442this variable defines the ATM address for a host which is to provide ATMARP 2443service. 2444This variable is only applicable to interfaces using a UNI signalling 2445manager. 2446If set to 2447.Dq Li local , 2448this host will become an ATMARP server. 2449The value will be passed as the parameters of an 2450.Dq Nm atm Cm "set arpserver" Ar netif 2451command. 2452.It Va atm_scsparp_ Ns Aq Ar netif 2453.Pq Vt bool 2454If set to 2455.Dq Li YES , 2456SCSP/ATMARP service for the network interface 2457.Ar netif 2458will be initiated using the 2459.Xr scspd 8 2460and 2461.Xr atmarpd 8 2462daemons. 2463This variable is only applicable if 2464.Va atm_arpserver_ Ns Aq Ar netif 2465is set to 2466.Dq Li local . 2467.It Va atm_pvcs 2468.Pq Vt str 2469Set to the list of ATM PVCs to be added at system 2470boot time. 2471For each whitespace separated 2472.Ar element 2473in the value, an 2474.Va atm_pvc_ Ns Aq Ar element 2475variable is assumed to exist. 2476The value of each of these variables 2477will be passed as the parameters of an 2478.Dq Nm atm Cm "add pvc" 2479command. 2480.It Va atm_arps 2481.Pq Vt str 2482Set to the list of permanent ATM ARP entries to be added 2483at system boot time. 2484For each whitespace separated 2485.Ar element 2486in the value, an 2487.Va atm_arp_ Ns Aq Ar element 2488variable is assumed to exist. 2489The value of each of these variables 2490will be passed as the parameters of an 2491.Dq Nm atm Cm "add arp" 2492command. 2493.It Va natm_interfaces 2494.Pq Vt str 2495Set to the list of 2496.Xr natm 4 2497interfaces that will also be used for HARP through 2498.Xr harp 4 . 2499If this list is not empty all interfaces in the list will be brought up 2500with 2501.Xr ifconfig 8 2502and 2503.Xr harp 4 2504will be loaded. 2505For this to work the interface drivers must be either compiled into the 2506kernel or must reside on the root partition. 2507.It Va keybell 2508.Pq Vt str 2509The keyboard bell sound. 2510Set to 2511.Dq Li normal , 2512.Dq Li visual , 2513.Dq Li off , 2514or 2515.Dq Li NO 2516if the default behavior is desired. 2517For details, refer to the 2518.Xr kbdcontrol 1 2519manpage. 2520.It Va keyboard 2521.Pq Vt str 2522If set to a non-null string, the virtual console's keyboard input is 2523set to this device. 2524.It Va keymap 2525.Pq Vt str 2526If set to 2527.Dq Li NO , 2528no keymap is installed, otherwise the value is used to install 2529the keymap file in 2530.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2531.It Va keyrate 2532.Pq Vt str 2533The keyboard repeat speed. 2534Set to 2535.Dq Li slow , 2536.Dq Li normal , 2537.Dq Li fast , 2538or 2539.Dq Li NO 2540if the default behavior is desired. 2541.It Va keychange 2542.Pq Vt str 2543If not set to 2544.Dq Li NO , 2545attempt to program the function keys with the value. 2546The value should 2547be a single string of the form: 2548.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2549.It Va cursor 2550.Pq Vt str 2551Can be set to the value of 2552.Dq Li normal , 2553.Dq Li blink , 2554.Dq Li destructive , 2555or 2556.Dq Li NO 2557to set the cursor behavior explicitly or choose the default behavior. 2558.It Va scrnmap 2559.Pq Vt str 2560If set to 2561.Dq Li NO , 2562no screen map is installed, otherwise the value is used to install 2563the screen map file in 2564.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2565.It Va font8x16 2566.Pq Vt str 2567If set to 2568.Dq Li NO , 2569the default 8x16 font value is used for screen size requests, otherwise 2570the value in 2571.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2572is used. 2573.It Va font8x14 2574.Pq Vt str 2575If set to 2576.Dq Li NO , 2577the default 8x14 font value is used for screen size requests, otherwise 2578the value in 2579.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2580is used. 2581.It Va font8x8 2582.Pq Vt str 2583If set to 2584.Dq Li NO , 2585the default 8x8 font value is used for screen size requests, otherwise 2586the value in 2587.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2588is used. 2589.It Va blanktime 2590.Pq Vt int 2591If set to 2592.Dq Li NO , 2593the default screen blanking interval is used, otherwise it is set 2594to 2595.Ar value 2596seconds. 2597.It Va saver 2598.Pq Vt str 2599If not set to 2600.Dq Li NO , 2601this is the actual screen saver to use 2602.Li ( blank , snake , daemon , 2603etc). 2604.It Va moused_nondefault_enable 2605.Pq Vt str 2606If set to 2607.Dq Li NO , 2608the mouse device specified on 2609the command line is not automatically treated as enabled by the 2610.Pa /etc/rc.d/moused 2611script. 2612Having this variable set to 2613.Dq Li YES 2614allows a 2615.Xr usb 4 2616mouse, 2617for example, 2618to be enabled as soon as it is plugged in. 2619.It Va moused_enable 2620.Pq Vt str 2621If set to 2622.Dq Li YES , 2623the 2624.Xr moused 8 2625daemon is started for doing cut/paste selection on the console. 2626.It Va moused_type 2627.Pq Vt str 2628This is the protocol type of the mouse connected to this host. 2629This variable must be set if 2630.Va moused_enable 2631is set to 2632.Dq Li YES . 2633The 2634.Xr moused 8 2635daemon 2636is able to detect the appropriate mouse type automatically in many cases. 2637Set this variable to 2638.Dq Li auto 2639to let the daemon detect it, or 2640select one from the following list if the automatic detection fails. 2641.Pp 2642If the mouse is attached to the PS/2 mouse port, choose 2643.Dq Li auto 2644or 2645.Dq Li ps/2 , 2646regardless of the brand and model of the mouse. 2647Likewise, if the 2648mouse is attached to the bus mouse port, choose 2649.Dq Li auto 2650or 2651.Dq Li busmouse . 2652All other protocols are for serial mice and will not work with 2653the PS/2 and bus mice. 2654If this is a USB mouse, 2655.Dq Li auto 2656is the only protocol type which will work. 2657.Pp 2658.Bl -tag -width ".Li x10mouseremote" -compact 2659.It Li microsoft 2660Microsoft mouse (serial) 2661.It Li intellimouse 2662Microsoft IntelliMouse (serial) 2663.It Li mousesystems 2664Mouse systems Corp.\& mouse (serial) 2665.It Li mmseries 2666MM Series mouse (serial) 2667.It Li logitech 2668Logitech mouse (serial) 2669.It Li busmouse 2670A bus mouse 2671.It Li mouseman 2672Logitech MouseMan and TrackMan (serial) 2673.It Li glidepoint 2674ALPS GlidePoint (serial) 2675.It Li thinkingmouse 2676Kensington ThinkingMouse (serial) 2677.It Li ps/2 2678PS/2 mouse 2679.It Li mmhittab 2680MM HitTablet (serial) 2681.It Li x10mouseremote 2682X10 MouseRemote (serial) 2683.It Li versapad 2684Interlink VersaPad (serial) 2685.El 2686.Pp 2687Even if the mouse is not in the above list, it may be compatible 2688with one in the list. 2689Refer to the manual page for 2690.Xr moused 8 2691for compatibility information. 2692.Pp 2693It should also be noted that while this is enabled, any 2694other client of the mouse (such as an X server) should access 2695the mouse through the virtual mouse device, 2696.Pa /dev/sysmouse , 2697and configure it as a 2698.Dq Li sysmouse 2699type mouse, since all 2700mouse data is converted to this single canonical format when 2701using 2702.Xr moused 8 . 2703If the client program does not support the 2704.Dq Li sysmouse 2705type, 2706specify the 2707.Dq Li mousesystems 2708type. 2709It is the second preferred type. 2710.It Va moused_port 2711.Pq Vt str 2712If 2713.Va moused_enable 2714is set to 2715.Dq Li YES , 2716this is the actual port the mouse is on. 2717It might be 2718.Pa /dev/cuad0 2719for a COM1 serial mouse, 2720.Pa /dev/psm0 2721for a PS/2 mouse or 2722.Pa /dev/mse0 2723for a bus mouse, for example. 2724.It Va moused_flags 2725.Pq Vt str 2726If 2727.Va moused_flags 2728is set, its value is used as an additional set of flags to pass to the 2729.Xr moused 8 2730daemon. 2731.It Va "moused_" Ns Ar XXX Ns Va "_flags" 2732When 2733.Va moused_nondefault_enable 2734is enabled, and a 2735.Xr moused 8 2736daemon is started for a non-default port, the 2737.Va "moused_" Ns Ar XXX Ns Va "_flags" 2738set of options has precedence over and replaces the default 2739.Va moused_flags (where 2740.Ar XXX 2741is the name of the non-default port, i.e.\& 2742.Ar ums0 ) . 2743By setting 2744.Va "moused_" Ns Ar XXX Ns Va "_flags" 2745it is possible to set up a different set of default flags for each 2746.Xr moused 8 2747instance. 2748For example, you can use 2749.Dq Li "-3" 2750for the default 2751.Va moused_flags 2752to make your laptop's touchpad more comfortable to use, 2753but an empty set of options for 2754.Va moused_ums0_flags 2755when your 2756.Xr usb 4 2757mouse has three or more buttons. 2758.It Va mousechar_start 2759.Pq Vt int 2760If set to 2761.Dq Li NO , 2762the default mouse cursor character range 2763.Li 0xd0 Ns - Ns Li 0xd3 2764is used, 2765otherwise the range start is set 2766to 2767.Ar value 2768character, see 2769.Xr vidcontrol 1 . 2770Use if the default range is occupied in the language code table. 2771.It Va allscreens_flags 2772.Pq Vt str 2773If set, 2774.Xr vidcontrol 1 2775is run with these options for each of the virtual terminals 2776.Pq Pa /dev/ttyv* . 2777For example, 2778.Dq Fl m Cm on 2779will enable the mouse pointer on all virtual terminals 2780if 2781.Va moused_enable 2782is set to 2783.Dq Li YES . 2784.It Va allscreens_kbdflags 2785.Pq Vt str 2786If set, 2787.Xr kbdcontrol 1 2788is run with these options for each of the virtual terminals 2789.Pq Pa /dev/ttyv* . 2790For example, 2791.Dq Fl h Li 200 2792will set the 2793.Xr syscons 4 2794scrollback (history) buffer to 200 lines. 2795.It Va cron_enable 2796.Pq Vt bool 2797If set to 2798.Dq Li YES , 2799run the 2800.Xr cron 8 2801daemon at system boot time. 2802.It Va cron_program 2803.Pq Vt str 2804Path to 2805.Xr cron 8 2806(default 2807.Pa /usr/sbin/cron ) . 2808.It Va cron_flags 2809.Pq Vt str 2810If 2811.Va cron_enable 2812is set to 2813.Dq Li YES , 2814these are the flags to pass to 2815.Xr cron 8 . 2816.It Va cron_dst 2817.Pq Vt bool 2818If set to 2819.Dq Li YES , 2820enable the special handling of transitions to and from the 2821Daylight Saving Time in 2822.Xr cron 8 2823(equivalent to using the flag 2824.Fl s ) . 2825.It Va lpd_program 2826.Pq Vt str 2827Path to 2828.Xr lpd 8 2829(default 2830.Pa /usr/sbin/lpd ) . 2831.It Va lpd_enable 2832.Pq Vt bool 2833If set to 2834.Dq Li YES , 2835run the 2836.Xr lpd 8 2837daemon at system boot time. 2838.It Va lpd_flags 2839.Pq Vt str 2840If 2841.Va lpd_enable 2842is set to 2843.Dq Li YES , 2844these are the flags to pass to the 2845.Xr lpd 8 2846daemon. 2847.It Va chkprintcap_enable 2848.Pq Vt bool 2849If set to 2850.Dq Li YES , 2851run the 2852.Xr chkprintcap 8 2853command before starting the 2854.Xr lpd 8 2855daemon. 2856.It Va chkprintcap_flags 2857.Pq Vt str 2858If 2859.Va lpd_enable 2860and 2861.Va chkprintcap_enable 2862are set to 2863.Dq Li YES , 2864these are the flags to pass to the 2865.Xr chkprintcap 8 2866program. 2867The default is 2868.Dq Li -d , 2869which causes missing directories to be created. 2870.It Va mta_start_script 2871.Pq Vt str 2872This variable specifies the full path to the script to run to start 2873a mail transfer agent. 2874The default is 2875.Pa /etc/rc.sendmail . 2876The 2877.Va sendmail_* 2878variables which 2879.Pa /etc/rc.sendmail 2880uses are documented in the 2881.Xr rc.sendmail 8 2882manual page. 2883.It Va dumpdev 2884.Pq Vt str 2885Indicates the device (usually a swap partition) to which a crash dump 2886should be written in the event of a system crash. 2887If the value of this variable is 2888.Dq Li AUTO , 2889the first suitable swap device listed in 2890.Pa /etc/fstab 2891will be used as dump device. 2892Otherwise, the value of this variable is passed as the argument to 2893.Xr dumpon 8 . 2894To disable crash dumps, set this variable to 2895.Dq Li NO . 2896.It Va dumpdir 2897.Pq Vt str 2898When the system reboots after a crash and a crash dump is found on the 2899device specified by the 2900.Va dumpdev 2901variable, 2902.Xr savecore 8 2903will save that crash dump and a copy of the kernel to the directory 2904specified by the 2905.Va dumpdir 2906variable. 2907The default value is 2908.Pa /var/crash . 2909Set to 2910.Dq Li NO 2911to not run 2912.Xr savecore 8 2913at boot time when 2914.Va dumpdir 2915is set. 2916.It Va savecore_flags 2917.Pq Vt str 2918If crash dumps are enabled, these are the flags to pass to the 2919.Xr savecore 8 2920utility. 2921.It Va enable_quotas 2922.Pq Vt bool 2923Set to 2924.Dq Li YES 2925to turn on user and group disk quotas on system startup via the 2926.Xr quotaon 8 2927command for all file systems marked as having quotas enabled in 2928.Pa /etc/fstab . 2929The kernel must be built with 2930.Cd "options QUOTA" 2931for disk quotas to function. 2932.It Va check_quotas 2933.Pq Vt bool 2934Set to 2935.Dq Li YES 2936to enable user and group disk quota checking via the 2937.Xr quotacheck 8 2938command. 2939.It Va quotacheck_flags 2940.Pq Vt str 2941If 2942.Va enable_quotas 2943is set to 2944.Dq Li YES , 2945and 2946.Va check_quotas 2947is set to 2948.Dq Li YES , 2949these are the flags to pass to the 2950.Xr quotacheck 8 2951utility. 2952The default is 2953.Dq Li "-a" , 2954which checks quotas for all file systems with quotas enabled in 2955.Pa /etc/fstab . 2956.It Va quotaon_flags 2957.Pq Vt str 2958If 2959.Va enable_quotas 2960is set to 2961.Dq Li YES , 2962these are the flags to pass to the 2963.Xr quotaon 8 2964utility. 2965The default is 2966.Dq Li "-a" , 2967which enables quotas for all file systems with quotas enabled in 2968.Pa /etc/fstab . 2969.It Va quotaoff_flags 2970.Pq Vt str 2971If 2972.Va enable_quotas 2973is set to 2974.Dq Li YES , 2975these are the flags to pass to the 2976.Xr quotaoff 8 2977utility when shutting down the quota system. 2978The default is 2979.Dq Li "-a" , 2980which disables quotas for all file systems with quotas enabled in 2981.Pa /etc/fstab . 2982.It Va accounting_enable 2983.Pq Vt bool 2984Set to 2985.Dq Li YES 2986to enable system accounting through the 2987.Xr accton 8 2988facility. 2989.It Va ibcs2_enable 2990.Pq Vt bool 2991Set to 2992.Dq Li YES 2993to enable iBCS2 (SCO) binary emulation at system initial boot 2994time. 2995.It Va ibcs2_loaders 2996.Pq Vt str 2997If not set to 2998.Dq Li NO 2999and if 3000.Va ibcs2_enable 3001is set to 3002.Dq Li YES , 3003this specifies a list of additional iBCS2 loaders to enable. 3004.It Va linux_enable 3005.Pq Vt bool 3006Set to 3007.Dq Li YES 3008to enable Linux/ELF binary emulation at system initial 3009boot time. 3010.It Va svr4_enable 3011.Pq Vt bool 3012If set to 3013.Dq Li YES , 3014enable SysVR4 emulation at boot time. 3015.It Va sysvipc_enable 3016.Pq Vt bool 3017If set to 3018.Dq Li YES , 3019load System V IPC primitives at boot time. 3020.It Va clear_tmp_enable 3021.Pq Vt bool 3022Set to 3023.Dq Li YES 3024to have 3025.Pa /tmp 3026cleaned at startup. 3027.It Va clear_tmp_X 3028.Pq Vt bool 3029Set to 3030.Dq Li NO 3031to disable removing of X11 lock files, 3032and the removal and (secure) recreation 3033of the various socket directories for X11 3034related programs. 3035.It Va ldconfig_paths 3036.Pq Vt str 3037Set to the list of shared library paths to use with 3038.Xr ldconfig 8 . 3039NOTE: 3040.Pa /usr/lib 3041will always be added first, so it need not appear in this list. 3042.It Va ldconfig32_paths 3043.Pq Vt str 3044Set to the list of 32-bit compatibility shared library paths to 3045use with 3046.Xr ldconfig 8 . 3047.It Va ldconfig_paths_aout 3048.Pq Vt str 3049Set to the list of shared library paths to use with 3050.Xr ldconfig 8 3051legacy 3052.Xr a.out 5 3053support. 3054.It Va ldconfig_insecure 3055.Pq Vt bool 3056The 3057.Xr ldconfig 8 3058utility normally refuses to use directories 3059which are writable by anyone except root. 3060Set this variable to 3061.Dq Li YES 3062to disable that security check during system startup. 3063.It Va ldconfig_local_dirs 3064.Pq Vt str 3065Set to the list of local 3066.Xr ldconfig 8 3067directories. 3068The names of all files in the directories listed will be 3069passed as arguments to 3070.Xr ldconfig 8 . 3071.It Va ldconfig_local32_dirs 3072.Pq Vt str 3073Set to the list of local 32-bit compatibility 3074.Xr ldconfig 8 3075directories. 3076The names of all files in the directories listed will be 3077passed as arguments to 3078.Dq Nm ldconfig Fl 32 . 3079.It Va kern_securelevel_enable 3080.Pq Vt bool 3081Set to 3082.Dq Li YES 3083to set the kernel security level at system startup. 3084.It Va kern_securelevel 3085.Pq Vt int 3086The kernel security level to set at startup. 3087The allowed range of 3088.Ar value 3089ranges from \-1 (the compile time default) to 3 (the 3090most secure). 3091See 3092.Xr init 8 3093for the list of possible security levels and their effect 3094on system operation. 3095.It Va sshd_program 3096.Pq Vt str 3097Path to the SSH server program 3098.Pa ( /usr/sbin/sshd 3099is the default). 3100.It Va sshd_enable 3101.Pq Vt bool 3102Set to 3103.Dq Li YES 3104to start 3105.Xr sshd 8 3106at system boot time. 3107.It Va sshd_flags 3108.Pq Vt str 3109If 3110.Va sshd_enable 3111is set to 3112.Dq Li YES , 3113these are the flags to pass to the 3114.Xr sshd 8 3115daemon. 3116.It Va ftpd_program 3117.Pq Vt str 3118Path to the FTP server program 3119.Pa ( /usr/libexec/ftpd 3120is the default). 3121.It Va ftpd_enable 3122.Pq Vt bool 3123Set to 3124.Dq Li YES 3125to start 3126.Xr ftpd 8 3127as a stand-alone daemon at system boot time. 3128.It Va ftpd_flags 3129.Pq Vt str 3130If 3131.Va ftpd_enable 3132is set to 3133.Dq Li YES , 3134these are the additional flags to pass to the 3135.Xr ftpd 8 3136daemon. 3137.It Va watchdogd_enable 3138.Pq Vt bool 3139If set to 3140.Dq Li YES , 3141start the 3142.Xr watchdogd 8 3143daemon at boot time. 3144This requires that the kernel have been compiled with a 3145.Xr watchdog 4 3146compatible device. 3147.It Va watchdogd_flags 3148.Pq Vt str 3149If 3150.Va watchdogd_enable 3151is set to 3152.Dq Li YES , 3153these are the flags passed to the 3154.Xr watchdogd 8 3155daemon. 3156.It Va performance_cx_lowest 3157.Pq Vt str 3158CPU idle state to use while on AC power. 3159The string 3160.Dq Li LOW 3161indicates that 3162.Xr acpi 4 3163should use the lowest power state available while 3164.Dq Li HIGH 3165indicates that the lowest latency state (less power savings) should be used. 3166.It Va performance_cpu_freq 3167.Pq Vt str 3168CPU clock frequency to use while on AC power. 3169The string 3170.Dq Li LOW 3171indicates that 3172.Xr cpufreq 4 3173should use the lowest frequency available while 3174.Dq Li HIGH 3175indicates that the highest frequency (less power savings) should be used. 3176.It Va economy_cx_lowest 3177.Pq Vt str 3178CPU idle state to use when off AC power. 3179The string 3180.Dq Li LOW 3181indicates that 3182.Xr acpi 4 3183should use the lowest power state available while 3184.Dq Li HIGH 3185indicates that the lowest latency state (less power savings) should be used. 3186.It Va economy_cpu_freq 3187.Pq Vt str 3188CPU clock frequency to use when off AC power. 3189The string 3190.Dq Li LOW 3191indicates that 3192.Xr cpufreq 4 3193should use the lowest frequency available while 3194.Dq Li HIGH 3195indicates that the highest frequency (less power savings) should be used. 3196.It Va jail_enable 3197.Pq Vt bool 3198If set to 3199.Dq Li NO , 3200any configured jails will not be started. 3201.It Va jail_list 3202.Pq Vt str 3203A space separated list of names for jails. 3204This is purely a configuration aid to help identify and 3205configure multiple jails. 3206The names specified in this list will be used to 3207identify settings common to an instance of a jail. 3208Assuming that the jail in question was named 3209.Li vjail , 3210you would have the following dependent variables: 3211.Bd -literal 3212jail_vjail_hostname="jail.example.com" 3213jail_vjail_ip="192.168.1.100" 3214jail_vjail_rootdir="/var/jails/vjail/root" 3215.Ed 3216.Pp 3217.It Va jail_flags 3218.Pq Vt str 3219Unset by default. 3220When set, use as default value for 3221.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3222for every jail in 3223.Va jail_list . 3224.It Va jail_interface 3225.Pq Vt str 3226Unset by default. 3227When set, use as default value for 3228.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3229for every jail in 3230.Va jail_list . 3231.It Va jail_fstab 3232.Pq Vt str 3233Unset by default. 3234When set, use as default value for 3235.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3236for every jail in 3237.Va jail_list . 3238.It Va jail_mount_enable 3239.Pq Vt bool 3240Set to 3241.Dq Li NO 3242by default. 3243When set to 3244.Dq Li YES , 3245sets 3246.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3247to 3248.Dq Li YES 3249by default for every jail in 3250.Va jail_list . 3251.It Va jail_devfs_ruleset 3252.Pq Vt str 3253Unset by default. 3254When set, sets 3255.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3256to given value for every jail in 3257.Va jail_list . 3258.It Va jail_devfs_enable 3259.Pq Vt bool 3260Set to 3261.Dq Li NO 3262by default. 3263When set to 3264.Dq Li YES , 3265sets 3266.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3267to 3268.Dq Li YES 3269by default for every jail in 3270.Va jail_list . 3271.It Va jail_fdescfs_enable 3272.Pq Vt bool 3273Set to 3274.Dq Li NO 3275by default. 3276When set to 3277.Dq Li YES , 3278sets 3279.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3280to 3281.Dq Li YES 3282by default for every jail in 3283.Va jail_list . 3284.It Va jail_procfs_enable 3285.Pq Vt bool 3286Set to 3287.Dq Li NO 3288by default. 3289When set to 3290.Dq Li YES , 3291sets 3292.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3293to 3294.Dq Li YES 3295by default for every jail in 3296.Va jail_list . 3297.It Va jail_exec_start 3298.Pq Vt str 3299Unset by default. 3300When set, use as default value for 3301.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3302for every jail in 3303.Va jail_list . 3304.It Va jail_exec_afterstart Ns Aq Ar N 3305.Pq Vt str 3306Unset by default. 3307When set, use as default value for 3308.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3309for every jail in 3310.Va jail_list . 3311.It Va jail_exec_stop 3312Unset by default. 3313When set, use as default value for 3314.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3315for every jail in 3316.Va jail_list . 3317.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3318.Pq Vt str 3319Unset by default. 3320Set to the root directory used by jail 3321.Va jname . 3322.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3323.Pq Vt str 3324Unset by default. 3325Set to the fully qualified domain name (FQDN) assigned to jail 3326.Va jname . 3327.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3328.Pq Vt str 3329Unset by default. 3330Set to the IP address assigned to jail 3331.Va jname . 3332.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3333.Pq Vt str 3334Set to 3335.Dq Li -l -U root 3336by default. 3337These are flags to pass to 3338.Xr jail . 3339.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3340.Pq Vt str 3341Unset by default. 3342When set, sets the interface to use when setting IP address alias. 3343Note that the alias is created at jail startup and removed at jail shutdown. 3344.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3345.Pq Vt str 3346Set to 3347.Pa /etc/fstab. Ns Aq Ar jname 3348by default. 3349This is the file system information file to use for jail 3350.Va jname . 3351.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3352.Pq Vt bool 3353Set to 3354.Dq Li NO 3355by default. 3356When set to 3357.Dq Li YES , 3358mount all file systems from 3359.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3360at jail startup. 3361.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3362.Pq Vt str 3363Unset by default. 3364When set, defines the device file system ruleset file to use for jail 3365.Va jname . 3366.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3367.Pq Vt bool 3368Set to 3369.Dq Li NO 3370by default. 3371When set to 3372.Dq Li YES , 3373mount the device file system inside jail 3374.Ar jname 3375at jail startup. 3376.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3377.Pq Vt bool 3378Set to 3379.Dq Li NO 3380by default. 3381When set to 3382.Dq Li YES , 3383mount the file-descriptor file system inside jail 3384.Ar jname 3385at jail startup. 3386.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3387.Pq Vt bool 3388Set to 3389.Dq Li NO 3390by default. 3391When set to 3392.Dq Li YES , 3393mount the process file system inside jail 3394.Ar jname 3395at jail startup. 3396.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3397.Pq Vt str 3398Set to 3399.Dq Li /bin/sh /etc/rc 3400by default. 3401This is the command executed at jail startup. 3402.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3403.Pq Vt str 3404Unset by default. 3405This is the command run as 3406.Ar N Ns 3407th command 3408after jail startup, where 3409.Ar N 3410is 1, 2, and so on. 3411.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3412.Pq Vt str 3413Set to 3414.Dq Li /bin/sh /etc/rc.shutdown 3415by default. 3416This is the command executed at jail shutdown. 3417.It Va jail_set_hostname_allow 3418.Pq Vt bool 3419If set to 3420.Dq Li NO , 3421do not allow the root user in a jail to set its hostname. 3422.It Va jail_socket_unixiproute_only 3423.Pq Vt bool 3424If set to 3425.Dq Li YES , 3426do not allow any sockets, 3427besides UNIX/IP/route sockets, 3428to be used within a jail. 3429.It Va jail_sysvipc_allow 3430.Pq Vt bool 3431If set to 3432.Dq Li YES , 3433allow applications within a jail to use System V IPC. 3434.\" ----- ISDN settings --------------------------------- 3435.It Va isdn_enable 3436.Pq Vt bool 3437Set to 3438.Dq Li NO 3439by default. 3440When set to 3441.Dq Li YES , 3442starts the 3443.Xr isdnd 8 3444daemon 3445at system boot time. 3446.It Va isdn_flags 3447.Pq Vt str 3448Set to 3449.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9 3450by default. 3451Additional flags to pass to 3452.Xr isdnd 8 3453(but see 3454.Va isdn_fsdev 3455and 3456.Va isdn_ttype 3457for certain tunable parameters). 3458.It Va isdn_ttype 3459.Pq Vt str 3460Set to 3461.Dq Li cons25 3462by default. 3463The terminal type of the output device when 3464.Xr isdnd 8 3465operates in full-screen mode. 3466.It Va isdn_screenflags 3467.Pq Vt str 3468Set to 3469.Dq Li NO 3470by default. 3471The video mode for full-screen mode (only for 3472.Xr syscons 4 3473console driver, see 3474.Xr vidcontrol 1 3475for valid modes). 3476.It Va isdn_fsdev 3477.Pq Vt str 3478Set to 3479.Dq Li NO 3480by default. 3481The output device for 3482.Xr isdnd 8 3483in full-screen mode (or 3484.Dq Li NO 3485for daemon mode). 3486.It Va isdn_trace 3487.Pq Vt bool 3488Set to 3489.Dq Li NO 3490by default. 3491When set to 3492.Dq Li YES , 3493enables the ISDN protocol trace utility 3494.Xr isdntrace 8 3495at system boot time. 3496.It Va isdn_traceflags 3497.Pq Vt str 3498Set to 3499.Dq Fl f Pa /var/tmp/isdntrace0 3500by default. 3501Flags for 3502.Xr isdntrace 8 . 3503.\" ----------------------------------------------------- 3504.It Va harvest_interrupt 3505.Pq Vt bool 3506Set to 3507.Dq Li YES 3508to use hardware interrupts as an entropy source. 3509Refer to 3510.Xr random 4 3511for more information. 3512.It Va harvest_ethernet 3513.Pq Vt bool 3514Set to 3515.Dq Li YES 3516to use LAN traffic as an entropy source. 3517Refer to 3518.Xr random 4 3519for more information. 3520.It Va harvest_p_to_p 3521.Pq Vt bool 3522Set to 3523.Dq Li YES 3524to use serial line traffic as an entropy source. 3525Refer to 3526.Xr random 4 3527for more information. 3528.It Va entropy_dir 3529.Pq Vt str 3530Set to 3531.Dq Li NO 3532to disable caching entropy via 3533.Xr cron 8 . 3534Otherwise set to the directory used to store entropy files in. 3535.It Va entropy_file 3536.Pq Vt str 3537Set to 3538.Dq Li NO 3539to disable caching entropy through reboots. 3540Otherwise set to the filename used to store cached entropy through 3541reboots. 3542This file should be located on the root file system to seed the 3543.Xr random 4 3544device as early as possible in the boot process. 3545.It Va entropy_save_sz 3546.Pq Vt int 3547Size of the entropy cache files saved by 3548.Nm save-entropy 3549periodically. 3550.It Va entropy_save_num 3551.Pq Vt int 3552Number of entropy cache files to save by 3553.Nm save-entropy 3554periodically. 3555.It Va ipsec_enable 3556.Pq Vt bool 3557Set to 3558.Dq Li YES 3559to run 3560.Xr setkey 8 3561on 3562.Va ipsec_file 3563at boot time. 3564.It Va ipsec_file 3565.Pq Vt str 3566Configuration file for 3567.Xr setkey 8 . 3568.It Va dmesg_enable 3569.Pq Vt bool 3570Set to 3571.Dq Li YES 3572to save 3573.Xr dmesg 8 3574to 3575.Pa /var/run/dmesg.boot 3576on boot. 3577.It Va rcshutdown_timeout 3578.Pq Vt int 3579If set, start a watchdog timer in the background which will terminate 3580.Pa rc.shutdown 3581if 3582.Xr shutdown 8 3583has not completed within the specified time (in seconds). 3584Notice that in addition to this soft timeout, 3585.Xr init 8 3586also applies a hard timeout for the execution of 3587.Pa rc.shutdown . 3588This is configured via 3589.Xr sysctl 8 3590variable 3591.Va kern.init_shutdown_timeout 3592and defaults to 120 seconds. 3593Setting the value of 3594.Va rcshutdown_timeout 3595to more than 120 seconds will have no effect until the 3596.Xr sysctl 8 3597variable 3598.Va kern.init_shutdown_timeout 3599is also increased. 3600.It Va virecover_enable 3601.Pq Vt bool 3602Set to 3603.Dq Li NO 3604to prevent the system from trying to 3605recover pre-maturely terminated 3606.Xr vi 1 3607sessions. 3608.It Va ugidfw_enable 3609.Pq Vt bool 3610Set to 3611.Dq Li YES 3612to load the 3613.Xr mac_bsdextended 4 3614module upon system initialization and load a default 3615ruleset file. 3616.It Va bsdextended_script 3617.Pq Vt str 3618The default 3619.Xr mac_bsdextended 4 3620ruleset file to load. 3621The default value of this variable is 3622.Pa /etc/rc.bsdextended . 3623.It Va newsyslog_enable 3624.Pq Vt bool 3625If set to 3626.Dq Li YES , 3627run 3628.Xr newsyslog 8 3629command at startup. 3630.It Va newsyslog_flags 3631.Pq Vt str 3632If 3633.Va newsyslog_enable 3634is set to 3635.Dq Li YES , 3636these are the flags to pass to the 3637.Xr newsyslog 8 3638program. 3639The default is 3640.Dq Li -CN , 3641which causes log files flagged with a 3642.Cm C 3643to be created. 3644.It Va mdconfig_md Ns Aq Ar X 3645.Pq Vt str 3646Arguments to 3647.Xr mdconfig 8 3648for 3649.Xr md 4 3650device 3651.Ar X . 3652At minimum a 3653.Fl t Ar type 3654must be specified and either a 3655.Fl s Ar size 3656for malloc or swap backed 3657.Xr md 4 3658devices or a 3659.Fl f Ar file 3660for vnode backed 3661.Xr md 4 3662devices. 3663Note that 3664.Va mdconfig_md Ns Aq Ar X 3665variables are evaluated until one variable is unset or null. 3666.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3667.Pq Vt str 3668Optional arguments passed to 3669.Xr newfs 8 3670to initialize 3671.Xr md 4 3672device 3673.Ar X . 3674.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3675.Pq Vt str 3676An ownership specification passed to 3677.Xr chown 8 3678after the specified 3679.Xr md 4 3680device 3681.Ar X 3682has been mounted. 3683Both the 3684.Xr md 4 3685device and the mount point will be changed. 3686.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3687.Pq Vt str 3688A mode string passed to 3689.Xr chmod 1 3690after the specified 3691.Xr md 4 3692device 3693.Ar X 3694has been mounted. 3695Both the 3696.Xr md 4 3697device and the mount point will be changed. 3698.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3699.Pq Vt str 3700Files to be copied to the mount point of the 3701.Xr md 4 3702device 3703.Ar X 3704after it has been mounted. 3705.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3706.Pq Vt str 3707Command to execute after the specified 3708.Xr md 4 3709device 3710.Ar X 3711has been mounted. 3712Note that the command is passed to 3713.Ic eval 3714and that both 3715.Va _dev 3716and 3717.Va _mp 3718variables can be used to reference respectively the 3719.Xr md 4 3720device and the mount point. 3721Assuming that the 3722.Xr md 4 3723device is 3724.Li md0 , 3725one could set the following: 3726.Bd -literal 3727mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3728.Ed 3729.It Va ramdisk_units 3730.Pq Vt str 3731A list of one or more ramdisk units to configure with 3732.Xr mdconfig 8 3733and 3734.Xr newfs 8 3735in time to be mounted from 3736.Xr fstab 5 . 3737Each listed unit 3738.Ar X 3739must specify at least a 3740.Ar type 3741in a 3742.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3743variable. 3744Note that this way to configure ramdisks has been deprecated 3745in favor of new 3746.Va mdconfig_md* 3747variables (see above). 3748.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3749.Pq Vt str 3750Arguments to 3751.Xr mdconfig 8 3752for ramdisk 3753.Ar X . 3754At minimum a 3755.Fl t Ar type 3756must be specified, where 3757.Ar type 3758must be one of 3759.Cm malloc 3760or 3761.Cm swap . 3762.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3763.Pq Vt str 3764Optional arguments passed to 3765.Xr newfs 8 3766to initialize ramdisk 3767.Ar X . 3768.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3769.Pq Vt str 3770An ownership specification passed to 3771.Xr chown 8 3772after the specified ramdisk unit 3773.Ar X 3774has been mounted. 3775Both the 3776.Xr md 4 3777device and the mount point will be changed. 3778.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3779.Pq Vt str 3780A mode string passed to 3781.Xr chmod 1 3782after the specified ramdisk unit 3783.Ar X 3784has been mounted. 3785Both the 3786.Xr md 4 3787device and the mount point will be changed. 3788.It Va autobridge_interfaces 3789.Pq Vt str 3790Set to the list of bridge interfaces that will have newly arriving interfaces 3791checked against to be automatically added. 3792If not set to 3793.Dq Li NO 3794then for each whitespace separated 3795.Ar element 3796in the value, a 3797.Va autobridge_ Ns Aq Ar element 3798variable is assumed to exist which has a whitespace separated list of interface 3799names to match, these names can use wildcards. 3800For example: 3801.Bd -literal 3802autobridge_interfaces="bridge0" 3803autobridge_bridge0="tap* dc0 vlan[345]" 3804.Ed 3805.It Va mixer_enable 3806.Pq Vt bool 3807If set to 3808.Dq Li YES , 3809enable support for sound mixer. 3810.El 3811.Sh FILES 3812.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 3813.It Pa /etc/defaults/rc.conf 3814.It Pa /etc/rc.conf 3815.It Pa /etc/rc.conf.local 3816.El 3817.Sh SEE ALSO 3818.Xr catman 1 , 3819.Xr chmod 1 , 3820.Xr gdb 1 , 3821.Xr info 1 , 3822.Xr kbdcontrol 1 , 3823.Xr makewhatis 1 , 3824.Xr sh 1 , 3825.Xr vi 1 , 3826.Xr vidcontrol 1 , 3827.Xr bridge 4 , 3828.Xr ip 4 , 3829.Xr ipf 4 , 3830.Xr ipfw 4 , 3831.Xr ipnat 4 , 3832.Xr kld 4 , 3833.Xr pf 4 , 3834.Xr pflog 4 , 3835.Xr pfsync 4 , 3836.Xr tcp 4 , 3837.Xr udp 4 , 3838.Xr exports 5 , 3839.Xr fstab 5 , 3840.Xr ipf 5 , 3841.Xr ipnat 5 , 3842.Xr motd 5 , 3843.Xr newsyslog.conf 5 , 3844.Xr pf.conf 5 , 3845.Xr accton 8 , 3846.Xr amd 8 , 3847.Xr apm 8 , 3848.Xr atm 8 , 3849.Xr chkprintcap 8 , 3850.Xr chown 8 , 3851.Xr cron 8 , 3852.Xr dhclient 8 , 3853.Xr ftpd 8 , 3854.Xr geli 8 , 3855.Xr ifconfig 8 , 3856.Xr inetd 8 , 3857.Xr ipf 8 , 3858.Xr ipfw 8 , 3859.Xr ipnat 8 , 3860.Xr isdnd 8 , 3861.Xr isdntrace 8 , 3862.Xr jail 8 , 3863.Xr kldxref 8 , 3864.Xr lpd 8 , 3865.Xr mdconfig 8 , 3866.Xr mdmfs 8 , 3867.Xr mixer 8 , 3868.Xr mountd 8 , 3869.Xr moused 8 , 3870.Xr mrouted 8 , 3871.Xr named 8 , 3872.Xr newfs 8 , 3873.Xr newsyslog 8 , 3874.Xr nfsd 8 , 3875.Xr ntpd 8 , 3876.Xr ntpdate 8 , 3877.Xr pfctl 8 , 3878.Xr pflogd 8 , 3879.Xr powerd 8 , 3880.Xr quotacheck 8 , 3881.Xr quotaon 8 , 3882.Xr rc 8 , 3883.Xr rc.sendmail 8 , 3884.Xr route 8 , 3885.Xr routed 8 , 3886.Xr rpcbind 8 , 3887.Xr rpc.lockd 8 , 3888.Xr rpc.statd 8 , 3889.Xr rwhod 8 , 3890.Xr savecore 8 , 3891.Xr sshd 8 , 3892.Xr swapon 8 , 3893.Xr sysctl 8 , 3894.Xr syslogd 8 , 3895.Xr timed 8 , 3896.Xr yp 8 , 3897.Xr ypbind 8 , 3898.Xr ypserv 8 , 3899.Xr ypset 8 3900.Sh HISTORY 3901The 3902.Nm 3903file appeared in 3904.Fx 2.2.2 . 3905.Sh AUTHORS 3906.An Jordan K. Hubbard . 3907