1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd April 6, 2007 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va kldxref_enable 168.Pq Vt bool 169Set to 170.Dq Li NO 171by default. 172Set to 173.Dq Li YES 174to automatically rebuild 175.Pa linker.hints 176files with 177.Xr kldxref 8 178at boot time. 179.It Va kldxref_clobber 180.Pq Vt bool 181Set to 182.Dq Li NO 183by default. 184If 185.Va kldxref_enable 186is true, 187setting to 188.Dq Li YES 189will overwrite existing 190.Pa linker.hints 191files at boot time. 192Otherwise, 193only missing 194.Pa linker.hints 195files are generated. 196.It Va kldxref_module_path 197.Pq Vt str 198Empty by default. 199A semi-colon 200.Pq Ql \&; 201delimited list of paths containing 202.Xr kld 4 203modules. 204If empty, 205the contents of the 206.Va kern.module_path 207.Xr sysctl 8 208are used. 209.It Va powerd_enable 210.Pq Vt bool 211If set to 212.Dq Li YES , 213enable the system power control facility with the 214.Xr powerd 8 215daemon. 216.It Va powerd_flags 217.Pq Vt str 218If 219.Va powerd_enable 220is set to 221.Dq Li YES , 222these are the flags to pass to the 223.Xr powerd 8 224daemon. 225.It Va tmpmfs 226Controls the creation of a 227.Pa /tmp 228memory file system. 229Always happens if set to 230.Dq Li YES 231and never happens if set to 232.Dq Li NO . 233If set to anything else, a memory file system is created if 234.Pa /tmp 235is not writable. 236.It Va tmpsize 237Controls the size of a created 238.Pa /tmp 239memory file system. 240.It Va tmpmfs_flags 241Extra options passed to the 242.Xr mdmfs 8 243utility when the memory file system for 244.Pa /tmp 245is created. 246The default is 247.Dq Li "-S" , 248which inhibits the use of softupdates on 249.Pa /tmp 250so that file system space is freed without delay 251after file truncation or deletion. 252See 253.Xr mdmfs 8 254for other options you can use in 255.Va tmpmfs_flags . 256.It Va varmfs 257Controls the creation of a 258.Pa /var 259memory file system. 260Always happens if set to 261.Dq Li YES 262and never happens if set to 263.Dq Li NO . 264If set to anything else, a memory file system is created if 265.Pa /var 266is not writable. 267.It Va varsize 268Controls the size of a created 269.Pa /var 270memory file system. 271.It Va varmfs_flags 272Extra options passed to the 273.Xr mdmfs 8 274utility when the memory file system for 275.Pa /var 276is created. 277The default is 278.Dq Li "-S" , 279which inhibits the use of softupdates on 280.Pa /var 281so that file system space is freed without delay 282after file truncation or deletion. 283See 284.Xr mdmfs 8 285for other options you can use in 286.Va varmfs_flags . 287.It Va populate_var 288Controls the automatic population of the 289.Pa /var 290file system. 291Always happens if set to 292.Dq Li YES 293and never happens if set to 294.Dq Li NO . 295If set to anything else, a memory file system is created if 296.Pa /var 297is not writable. 298Note that this process requires access to certain commands in 299.Pa /usr 300before 301.Pa /usr 302is mounted on normal systems. 303.It Va cleanvar_enable 304.Pq Vt bool 305Clean the 306.Pa /var 307directory. 308.It Va local_startup 309.Pq Vt str 310List of directories to search for startup script files. 311.It Va script_name_sep 312.Pq Vt str 313The field separator to use for breaking down the list of startup script files 314into individual filenames. 315The default is a space. 316It is not necessary to change this unless there are startup scripts with names 317containing spaces. 318.It Va hostapd_enable 319.Pq Vt bool 320Set to 321.Dq Li YES 322to start 323.Xr hostapd 8 324at system boot time. 325.It Va hostname 326.Pq Vt str 327The fully qualified domain name (FQDN) of this host on the network. 328This should almost certainly be set to something meaningful, even if 329there is no network connection. 330If 331.Xr dhclient 8 332is used to set the hostname via DHCP, 333this variable should be set to an empty string. 334.It Va ipv6_enable 335.Pq Vt bool 336Enable support for IPv6 networking. 337Note that this requires that the kernel has been compiled with 338.Cd "options INET6" . 339.It Va nisdomainname 340.Pq Vt str 341The NIS domain name of this host, or 342.Dq Li NO 343if NIS is not used. 344.It Va dhclient_program 345.Pq Vt str 346Path to the DHCP client program 347.Pa ( /sbin/dhclient , 348the 349.Ox 350DHCP client, 351is the default). 352.It Va dhclient_flags 353.Pq Vt str 354Additional flags to pass to the DHCP client program. 355For the 356.Ox 357DHCP client, see the 358.Xr dhclient 8 359manpage for a description of the command line options available. 360.It Va dhclient_flags_ Ns Aq Ar iface 361Additional flags to pass to the DHCP client program running on 362.Ar iface 363only. 364When specified, this variable overrides 365.Va dhclient_flags . 366.It Va background_dhclient 367.Pq Vt bool 368Set to 369.Dq Li YES 370to start the DHCP client in background. 371This can cause trouble with applications depending on 372a working network, but it will provide a faster startup 373in many cases. 374.It Va background_dhclient_ Ns Aq Ar iface 375When specified, this variable overrides the 376.Va background_dhclient 377variable for interface 378.Ar iface 379only. 380.It Va synchronous_dhclient 381.Pq Bt bool 382Set to 383.Dq Li NO 384to start 385.Xr dhclient 8 386only in response to interface events and not synchronously at startup. 387This behavior can be overridden on a per-interface basis by replacing 388the 389.Dq Li DHCP 390keyword in the 391.Va ifconfig_ Ns Aq Ar interface 392variable with 393.Dq Li SYNCDHCP 394or 395.Dq Li NOSYNCDHCP . 396.It Va firewall_enable 397.Pq Vt bool 398Set to 399.Dq Li YES 400to load firewall rules at startup. 401If the kernel was not built with 402.Cd "options IPFIREWALL" , 403the 404.Pa ipfw.ko 405kernel module will be loaded. 406See also 407.Va ipfilter_enable . 408.It Va ipv6_firewall_enable 409.Pq Vt bool 410The IPv6 equivalent of 411.Va firewall_enable . 412Set to 413.Dq Li YES 414to load IPv6 firewall rules at startup. 415If the kernel was not built with 416.Cd "options IPV6FIREWALL" , 417the 418.Pa ipfw.ko 419kernel module will be loaded. 420.It Va firewall_script 421.Pq Vt str 422This variable specifies the full path to the firewall script to run. 423The default is 424.Pa /etc/rc.firewall . 425.It Va ipv6_firewall_script 426.Pq Vt str 427The IPv6 equivalent of 428.Va firewall_script . 429.It Va firewall_type 430.Pq Vt str 431Names the firewall type from the selection in 432.Pa /etc/rc.firewall , 433or the file which contains the local firewall ruleset. 434Valid selections from 435.Pa /etc/rc.firewall 436are: 437.Pp 438.Bl -tag -width ".Li simple" -compact 439.It Li open 440unrestricted IP access 441.It Li closed 442all IP services disabled, except via 443.Dq Li lo0 444.It Li client 445basic protection for a workstation 446.It Li simple 447basic protection for a LAN. 448.El 449.Pp 450If a filename is specified, the full path 451must be given. 452.It Va ipv6_firewall_type 453.Pq Vt str 454The IPv6 equivalent of 455.Va firewall_type . 456.It Va firewall_quiet 457.Pq Vt bool 458Set to 459.Dq Li YES 460to disable the display of firewall rules on the console during boot. 461.It Va ipv6_firewall_quiet 462.Pq Vt bool 463The IPv6 equivalent of 464.Va firewall_quiet . 465.It Va firewall_logging 466.Pq Vt bool 467Set to 468.Dq Li YES 469to enable firewall event logging. 470This is equivalent to the 471.Dv IPFIREWALL_VERBOSE 472kernel option. 473.It Va ipv6_firewall_logging 474.Pq Vt bool 475The IPv6 equivalent of 476.Va firewall_logging . 477.It Va firewall_flags 478.Pq Vt str 479Flags passed to 480.Xr ipfw 8 481if 482.Va firewall_type 483specifies a filename. 484.It Va ipv6_firewall_flags 485.Pq Vt str 486The IPv6 equivalent of 487.Va firewall_flags . 488.It Va natd_program 489.Pq Vt str 490Path to 491.Xr natd 8 . 492.It Va natd_enable 493.Pq Vt bool 494Set to 495.Dq Li YES 496to enable 497.Xr natd 8 . 498.Va firewall_enable 499must also be set to 500.Dq Li YES , 501and 502.Xr divert 4 503sockets must be enabled in the kernel. 504If the kernel was not built with 505.Cd "options IPDIVERT" , 506the 507.Pa ipdivert.ko 508kernel module will be loaded. 509.It Va natd_interface 510.Pq Vt str 511This is the name of the public interface on which 512.Xr natd 8 513should run. 514The interface may be given as an interface name or as an IP address. 515.It Va natd_flags 516.Pq Vt str 517Additional 518.Xr natd 8 519flags should be placed here. 520The 521.Fl n 522or 523.Fl a 524flag is automatically added with the above 525.Va natd_interface 526as an argument. 527.\" ----- ipfilter_enable setting -------------------------------- 528.It Va ipfilter_enable 529.Pq Vt bool 530Set to 531.Dq Li NO 532by default. 533Setting this to 534.Dq Li YES 535enables 536.Xr ipf 8 537packet filtering. 538.Pp 539Typical usage will require putting 540.Bd -literal 541ipfilter_enable="YES" 542ipnat_enable="YES" 543ipmon_enable="YES" 544ipfs_enable="YES" 545.Ed 546.Pp 547into 548.Pa /etc/rc.conf 549and editing 550.Pa /etc/ipf.rules 551and 552.Pa /etc/ipnat.rules 553appropriately. 554.Pp 555Note that 556.Va ipfilter_enable 557and 558.Va ipnat_enable 559can be enabled independently. 560.Va ipmon_enable 561and 562.Va ipfs_enable 563both require at least one of 564.Va ipfilter_enable 565and 566.Va ipnat_enable 567to be enabled. 568.Pp 569Having 570.Bd -literal 571options IPFILTER 572options IPFILTER_LOG 573options IPFILTER_DEFAULT_BLOCK 574.Ed 575.Pp 576in the kernel configuration file is a good idea, too. 577.\" ----- ipfilter_program setting ------------------------------ 578.It Va ipfilter_program 579.Pq Vt str 580Path to 581.Xr ipf 8 582(default 583.Pa /sbin/ipf ) . 584.\" ----- ipfilter_rules setting -------------------------------- 585.It Va ipfilter_rules 586.Pq Vt str 587Set to 588.Pa /etc/ipf.rules 589by default. 590This variable contains the name of the filter rule definition file. 591The file is expected to be readable for the 592.Xr ipf 8 593command to execute. 594.\" ----- ipv6_ipfilter_rules setting --------------------------- 595.It Va ipv6_ipfilter_rules 596.Pq Vt str 597Set to 598.Pa /etc/ipf6.rules 599by default. 600This variable contains the IPv6 filter rule definition file. 601The file is expected to be readable for the 602.Xr ipf 8 603command to execute. 604.\" ----- ipfilter_flags setting -------------------------------- 605.It Va ipfilter_flags 606.Pq Vt str 607Empty by default. 608This variable contains flags passed to the 609.Xr ipf 8 610program. 611.\" ----- ipnat_enable setting ---------------------------------- 612.It Va ipnat_enable 613.Pq Vt bool 614Set to 615.Dq Li NO 616by default. 617Set it to 618.Dq Li YES 619to enable 620.Xr ipnat 8 621network address translation. 622See 623.Va ipfilter_enable 624for a detailed discussion. 625.\" ----- ipnat_program setting --------------------------------- 626.It Va ipnat_program 627.Pq Vt str 628Path to 629.Xr ipnat 8 630(default 631.Pa /sbin/ipnat ) . 632.\" ----- ipnat_rules setting ----------------------------------- 633.It Va ipnat_rules 634.Pq Vt str 635Set to 636.Pa /etc/ipnat.rules 637by default. 638This variable contains the name of the file 639holding the network address translation definition. 640This file is expected to be readable for the 641.Xr ipnat 8 642command to execute. 643.\" ----- ipnat_flags setting ----------------------------------- 644.It Va ipnat_flags 645.Pq Vt str 646Empty by default. 647This variable contains flags passed to the 648.Xr ipnat 8 649program. 650.\" ----- ipmon_enable setting ---------------------------------- 651.It Va ipmon_enable 652.Pq Vt bool 653Set to 654.Dq Li NO 655by default. 656Set it to 657.Dq Li YES 658to enable 659.Xr ipmon 8 660monitoring (logging 661.Xr ipf 8 662and 663.Xr ipnat 8 664events). 665Setting this variable needs setting 666.Va ipfilter_enable 667or 668.Va ipnat_enable 669too. 670See 671.Va ipfilter_enable 672for a detailed discussion. 673.\" ----- ipmon_program setting --------------------------------- 674.It Va ipmon_program 675.Pq Vt str 676Path to 677.Xr ipmon 8 678(default 679.Pa /sbin/ipmon ) . 680.\" ----- ipmon_flags setting ----------------------------------- 681.It Va ipmon_flags 682.Pq Vt str 683Set to 684.Dq Li -Ds 685by default. 686This variable contains flags passed to the 687.Xr ipmon 8 688program. 689Another typical example would be 690.Dq Fl D Pa /var/log/ipflog 691to have 692.Xr ipmon 8 693log directly to a file bypassing 694.Xr syslogd 8 . 695Make sure to adjust 696.Pa /etc/newsyslog.conf 697in such case like this: 698.Bd -literal 699/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 700.Ed 701.\" ----- ipfs_enable setting ----------------------------------- 702.It Va ipfs_enable 703.Pq Vt bool 704Set to 705.Dq Li NO 706by default. 707Set it to 708.Dq Li YES 709to enable 710.Xr ipfs 8 711saving the filter and NAT state tables during shutdown 712and reloading them during startup again. 713Setting this variable needs setting 714.Va ipfilter_enable 715or 716.Va ipnat_enable 717to 718.Dq Li YES 719too. 720See 721.Va ipfilter_enable 722for a detailed discussion. 723Note that if 724.Va kern_securelevel 725is set to 3, 726.Va ipfs_enable 727cannot be used 728because the raised securelevel will prevent 729.Xr ipfs 8 730from saving the state tables at shutdown time. 731.\" ----- ipfs_program setting ---------------------------------- 732.It Va ipfs_program 733.Pq Vt str 734Path to 735.Xr ipfs 8 736(default 737.Pa /sbin/ipfs ) . 738.\" ----- ipfs_flags setting ------------------------------------ 739.It Va ipfs_flags 740.Pq Vt str 741Empty by default. 742This variable contains flags passed to the 743.Xr ipfs 8 744program. 745.\" ----- end of added ipf hook --------------------------------- 746.It Va pf_enable 747.Pq Vt bool 748Set to 749.Dq Li NO 750by default. 751Setting this to 752.Dq Li YES 753enables 754.Xr pf 4 755packet filtering. 756.Pp 757Typical usage will require putting 758.Pp 759.Dl pf_enable="YES" 760.Pp 761into 762.Pa /etc/rc.conf 763and editing 764.Pa /etc/pf.conf 765appropriately. 766.Pp 767.Dl "device pf" 768.Pp 769builds 770.Xr pf 4 771into the kernel. 772Otherwise it is loaded from a module. 773.It Va pf_rules 774.Pq Vt str 775Path to 776.Xr pf 4 777ruleset configuration file 778(default 779.Pa /etc/pf.conf ) . 780.It Va pf_program 781.Pq Vt str 782Path to 783.Xr pfctl 8 784(default 785.Pa /sbin/pfctl ) . 786.It Va pf_flags 787.Pq Vt str 788If 789.Va pf_enable 790is set to 791.Dq Li YES , 792these flags are passed to the 793.Xr pfctl 8 794program when loading the ruleset. 795.It Va pflog_enable 796.Pq Vt bool 797Set to 798.Dq Li NO 799by default. 800Setting this to 801.Dq Li YES 802enables 803.Xr pflogd 8 804which logs packets from the 805.Xr pf 4 806packet filter. 807.It Va pflog_logfile 808.Pq Vt str 809If 810.Va pflog_enable 811is set to 812.Dq Li YES 813this controls where 814.Xr pflogd 8 815stores the logfile 816(default 817.Pa /var/log/pflog ) . 818Check 819.Pa /etc/newsyslog.conf 820to adjust logfile rotation for this. 821.It Va pflog_program 822.Pq Vt str 823Path to 824.Xr pflogd 8 825(default 826.Pa /sbin/pflogd ) . 827.It Va pflog_flags 828.Pq Vt str 829Empty by default. 830This variable contains additional flags passed to the 831.Xr pflogd 8 832program. 833.It Va pfsync_enable 834.Pq Vt bool 835Set to 836.Dq Li NO 837by default. 838Setting this to 839.Dq Li YES 840enables exposing 841.Xr pf 4 842state changes to other hosts over the network by means of 843.Xr pfsync 4 . 844The 845.Va pfsync_syncdev 846variable 847must also be set then. 848.It Va pfsync_syncdev 849.Pq Vt str 850Empty by default. 851This variable specifies the name of the network interface 852.Xr pfsync 4 853should operate through. 854It must be set accordingly if 855.Va pfsync_enable 856is set to 857.Dq Li YES . 858.It Va pfsync_syncpeer 859.Pq Vt str 860Empty by default. 861This variable is optional. 862By default, state change messages are sent out on the synchronisation 863interface using IP multicast packets. 864The protocol is IP protocol 240, PFSYNC, and the multicast group used is 865224.0.0.240. 866When a peer address is specified using the 867.Va pfsync_syncpeer 868option, the peer address is used as a destination for the pfsync 869traffic, and the traffic can then be protected using 870.Xr ipsec 4 . 871See the 872.Xr pfsync 4 873manpage for more details about using 874.Xr ipsec 4 875with 876.Xr pfsync 4 877interfaces. 878.It Va pfsync_ifconfig 879.Pq Vt str 880Empty by default. 881This variable can contain additional options to be passed to the 882.Xr ifconfig 8 883command used to set up 884.Xr pfsync 4 . 885.It Va tcp_extensions 886.Pq Vt bool 887Set to 888.Dq Li YES 889by default. 890Setting this to 891.Dq Li NO 892disables certain TCP options as described by 893.Rs 894.%T "RFC 1323" 895.Re 896Setting this to 897.Dq Li NO 898might help remedy such problems with connections as randomly hanging 899or other weird behavior. 900Some network devices are known 901to be broken with respect to these options. 902.It Va log_in_vain 903.Pq Vt int 904Set to 0 by default. 905The 906.Xr sysctl 8 907variables, 908.Va net.inet.tcp.log_in_vain 909and 910.Va net.inet.udp.log_in_vain , 911as described in 912.Xr tcp 4 913and 914.Xr udp 4 , 915are set to the given value. 916.It Va tcp_keepalive 917.Pq Vt bool 918Set to 919.Dq Li YES 920by default. 921Setting to 922.Dq Li NO 923will disable probing idle TCP connections to verify that the 924peer is still up and reachable. 925.It Va tcp_drop_synfin 926.Pq Vt bool 927Set to 928.Dq Li NO 929by default. 930Setting to 931.Dq Li YES 932will cause the kernel to ignore TCP frames that have both 933the SYN and FIN flags set. 934This prevents OS fingerprinting, but may 935break some legitimate applications. 936This option is only available if the 937kernel was built with the 938.Dv TCP_DROP_SYNFIN 939option. 940.It Va icmp_drop_redirect 941.Pq Vt bool 942Set to 943.Dq Li NO 944by default. 945Setting to 946.Dq Li YES 947will cause the kernel to ignore ICMP REDIRECT packets. 948Refer to 949.Xr icmp 4 950for more information. 951.It Va icmp_log_redirect 952.Pq Vt bool 953Set to 954.Dq Li NO 955by default. 956Setting to 957.Dq Li YES 958will cause the kernel to log ICMP REDIRECT packets. 959Note that 960the log messages are not rate-limited, so this option should only be used 961for troubleshooting networks. 962Refer to 963.Xr icmp 4 964for more information. 965.It Va icmp_bmcastecho 966.Pq Vt bool 967Set to 968.Dq Li YES 969to respond to broadcast or multicast ICMP ping packets. 970Refer to 971.Xr icmp 4 972for more information. 973.It Va ip_portrange_first 974.Pq Vt int 975If not set to 976.Dq Li NO , 977this is the first port in the default portrange. 978Refer to 979.Xr ip 4 980for more information. 981.It Va ip_portrange_last 982.Pq Vt int 983If not set to 984.Dq Li NO , 985this is the last port in the default portrange. 986Refer to 987.Xr ip 4 988for more information. 989.It Va network_interfaces 990.Pq Vt str 991Set to the list of network interfaces to configure on this host or 992.Dq Li AUTO 993(the default) for all current interfaces. 994Setting the 995.Va network_interfaces 996variable to anything other than the default is deprecated. 997Interfaces that the administrator wishes to store configuration for, 998but not start at boot should be configured with the 999.Dq Li NOAUTO 1000keyword in their 1001.Va ifconfig_ Ns Aq Ar interface 1002variables as described below. 1003.Pp 1004An 1005.Va ifconfig_ Ns Aq Ar interface 1006variable is also assumed to exist for each value of 1007.Ar interface . 1008When an interface name contains any of the characters 1009.Dq Li .-/+ 1010they are translated to 1011.Dq Li _ 1012before lookup. 1013The variable can contain arguments to 1014.Xr ifconfig 8 , 1015as well as special case-insensitive keywords described below. 1016Such keywords are removed before passing the value to 1017.Xr ifconfig 8 1018while the order of the other arguments is preserved. 1019.Pp 1020One can configure more than one IPv4 address with the 1021.Va ipv4_addrs_ Ns Aq Ar interface 1022variable. 1023One or more IP addresses must be provided in Classless Inter-Domain 1024Routing (CIDR) address notation, whose last byte can be a range like 1025192.168.0.5-23/24. 1026In this case the address 192.168.0.5 will be configured with the 1027netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with 1028the non-conflicting netmask /32 as explained in the 1029.Xr ifconfig 8 1030alias section. 1031With the interface in question being 1032.Li ed0 , 1033an example could look like: 1034.Bd -literal 1035ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28" 1036.Ed 1037.Pp 1038It is also possible to add IP alias entries using 1039.Xr ifconfig 8 1040syntax. 1041Assuming that the interface in question was 1042.Li ed0 , 1043it might look 1044something like this: 1045.Bd -literal 1046ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1047ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1048.Ed 1049.Pp 1050And so on. 1051For each 1052.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1053entry that is found, 1054its contents are passed to 1055.Xr ifconfig 8 . 1056Execution stops at the first unsuccessful access, so if 1057something like this is present: 1058.Bd -literal 1059ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1060ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1061ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1062ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1063.Ed 1064.Pp 1065Then note that alias4 would 1066.Em not 1067be added since the search would 1068stop with the missing 1069.Dq Li alias3 1070entry. 1071Due to this difficult to manage behavior, the 1072.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1073form is deprecated. 1074.Pp 1075If the 1076.Pa /etc/start_if. Ns Aq Ar interface 1077file is present, it is read and executed by the 1078.Xr sh 1 1079interpreter 1080before configuring the interface as specified in the 1081.Va ifconfig_ Ns Aq Ar interface 1082and 1083.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1084variables. 1085.Pp 1086If the 1087.Va ifconfig_ Ns Aq Ar interface 1088contains the keyword 1089.Dq Li NOAUTO 1090then the interface will not be configured 1091at boot or by 1092.Pa /etc/pccard_ether 1093when 1094.Va network_interfaces 1095is set to 1096.Dq Li AUTO . 1097.Pp 1098It is possible to bring up an interface with DHCP by adding 1099.Dq Li DHCP 1100to the 1101.Va ifconfig_ Ns Aq Ar interface 1102variable. 1103For instance, to initialize the 1104.Li ed0 1105device via DHCP, 1106it is possible to use something like: 1107.Bd -literal 1108ifconfig_ed0="DHCP" 1109.Ed 1110.Pp 1111Also, if your interface needs WPA authentication, it is possible to add 1112.Dq Li WPA 1113to the 1114.Va ifconfig_ Ns Aq Ar interface 1115variable. 1116.Pp 1117Finally, you can add 1118.Xr ifconfig 8 1119options in this variable, in addition to the 1120.Pa /etc/start_if. Ns Aq Ar interface 1121file. 1122For instance, to initialize the 1123.Li wi0 1124device via DHCP, using WPA authentication and 802.11b mode, it is 1125possible to use something like: 1126.Bd -literal 1127ifconfig_wi0="DHCP WPA mode 11b" 1128.Ed 1129.Pp 1130In addition to the 1131.Va ifconfig_ Ns Aq Ar interface 1132form, a fallback variable 1133.Va ifconfig_DEFAULT 1134may be configured. 1135It will be used for all interfaces with no 1136.Va ifconfig_ Ns Aq Ar interface 1137variable. 1138This is intended to replace the no longer supported 1139.Va pccard_ifconfig 1140variable. 1141.Pp 1142It is also possible to rename interface by doing: 1143.Bd -literal 1144ifconfig_ed0_name="net0" 1145ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000" 1146.Ed 1147.It Va ipv6_network_interfaces 1148.Pq Vt str 1149This is the IPv6 equivalent of 1150.Va network_interfaces . 1151Instead of setting the ifconfig variables as 1152.Va ifconfig_ Ns Aq Ar interface 1153they should be set as 1154.Va ipv6_ifconfig_ Ns Aq Ar interface . 1155Aliases should be set as 1156.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1157.Va ipv6_prefix_ Ns Aq Ar interface 1158does something. 1159Interfaces that do not have a 1160.Va ipv6_ifconfig_ Ns Aq Ar interface 1161setting will be auto configured by 1162.Xr rtsol 8 1163if the 1164.Va ipv6_gateway_enable 1165is set to 1166.Dq Li NO . 1167Note that the IPv6 networking code does not support the 1168.Pa /etc/start_if. Ns Aq Ar interface 1169files. 1170.It Va ipv6_default_interface 1171.Pq Vt str 1172If not set to 1173.Dq Li NO , 1174this is the default output interface for scoped addresses. 1175Now this works only for IPv6 link local multicast addresses. 1176.It Va cloned_interfaces 1177.Pq Vt str 1178Set to the list of clonable network interfaces to create on this host. 1179Entries in 1180.Va cloned_interfaces 1181are automatically appended to 1182.Va network_interfaces 1183for configuration. 1184.It Va fec_interfaces 1185.Pq Vt str 1186Set to the list of 1187.Xr ng_fec 4 1188Fast EtherChannel interfaces to configure on this host. 1189A 1190.Va fecconfig_ Ns Aq Ar interface 1191variable is assumed to exist for each value of 1192.Ar interface . 1193The value of this variable is used to configure link aggregated interfaces 1194according to the syntax of the 1195.Cm NGM_FEC_ADD_IFACE 1196to 1197.Xr ngctl 8 1198msg. 1199Additionally, this option ensures that each listed interface is created 1200via the 1201.Cm mkpeer 1202command to 1203.Xr ngctl 8 1204before attempting to configure it. 1205For example: 1206.Bd -literal 1207fec_interfaces="fec0" 1208fecconfig_fec0="em0 em1" 1209ifconfig_fec0="DHCP" 1210.Ed 1211.It Va gif_interfaces 1212.Pq Vt str 1213Set to the list of 1214.Xr gif 4 1215tunnel interfaces to configure on this host. 1216A 1217.Va gifconfig_ Ns Aq Ar interface 1218variable is assumed to exist for each value of 1219.Ar interface . 1220The value of this variable is used to configure the link layer of the 1221tunnel according to the syntax of the 1222.Cm tunnel 1223option to 1224.Xr ifconfig 8 . 1225Additionally, this option ensures that each listed interface is created 1226via the 1227.Cm create 1228option to 1229.Xr ifconfig 8 1230before attempting to configure it. 1231.It Va sppp_interfaces 1232.Pq Vt str 1233Set to the list of 1234.Xr sppp 4 1235interfaces to configure on this host. 1236A 1237.Va spppconfig_ Ns Aq Ar interface 1238variable is assumed to exist for each value of 1239.Ar interface . 1240Each interface should also be configured by a general 1241.Va ifconfig_ Ns Aq Ar interface 1242setting. 1243Refer to 1244.Xr spppcontrol 8 1245for more information about available options. 1246.It Va ppp_enable 1247.Pq Vt bool 1248If set to 1249.Dq Li YES , 1250run the 1251.Xr ppp 8 1252daemon. 1253.It Va ppp_mode 1254.Pq Vt str 1255Mode in which to run the 1256.Xr ppp 8 1257daemon. 1258Accepted modes are 1259.Dq Li auto , 1260.Dq Li ddial , 1261.Dq Li direct 1262and 1263.Dq Li dedicated . 1264See the manual for a full description. 1265.It Va ppp_nat 1266.Pq Vt bool 1267If set to 1268.Dq Li YES , 1269enables network address translation. 1270Used in conjunction with 1271.Va gateway_enable 1272allows hosts on private network addresses access to the Internet using 1273this host as a network address translating router. 1274.It Va ppp_profile 1275.Pq Vt str 1276The name of the profile to use from 1277.Pa /etc/ppp/ppp.conf . 1278.It Va ppp_user 1279.Pq Vt str 1280The name of the user under which 1281.Xr ppp 8 1282should be started. 1283By 1284default, 1285.Xr ppp 8 1286is started as 1287.Dq Li root . 1288.It Va rc_conf_files 1289.Pq Vt str 1290This option is used to specify a list of files that will override 1291the settings in 1292.Pa /etc/defaults/rc.conf . 1293The files will be read in the order in which they are specified and should 1294include the full path to the file. 1295By default, the files specified are 1296.Pa /etc/rc.conf 1297and 1298.Pa /etc/rc.conf.local 1299.It Va zfs_enable 1300.Pq Vt bool 1301If set to 1302.Dq Li YES , 1303.Pa /etc/rc.d/zfs 1304will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1305(ZVOLs). 1306.It Va gbde_autoattach_all 1307.Pq Vt bool 1308If set to 1309.Dq Li YES , 1310.Pa /etc/rc.d/gbde 1311will attempt to automatically initialize your .bde devices in 1312.Pa /etc/fstab . 1313.It Va gbde_devices 1314.Pq Vt str 1315List the devices that the script should try to attach, 1316or 1317.Dq Li AUTO . 1318.It Va gbde_lockdir 1319.Pq Vt str 1320The directory where the 1321.Xr gbde 4 1322lockfiles are located. 1323The default lockfile directory is 1324.Pa /etc . 1325.Pp 1326The lockfile for each individual 1327.Xr gbde 4 1328device can be overridden by setting the variable 1329.Va gbde_lock_ Ns Aq Ar device , 1330where 1331.Ar device 1332is the encrypted device without the 1333.Dq Pa /dev/ 1334and 1335.Dq Pa .bde 1336parts. 1337.It Va gbde_attach_attempts 1338.Pq Vt int 1339Number of times to attempt attaching to a 1340.Xr gbde 4 1341device, i.e., how many times the user is asked for the pass-phrase. 1342Default is 3. 1343.It Va geli_devices 1344.Pq Vt str 1345List of devices to automatically attach on boot. 1346Note that .eli devices from 1347.Pa /etc/fstab 1348are automatically appended to this list. 1349.It Va geli_tries 1350.Pq Vt int 1351Number of times user is asked for the pass-phrase. 1352If empty, it will be taken from 1353.Va kern.geom.eli.tries 1354sysctl variable. 1355.It Va geli_default_flags 1356.Pq Vt str 1357Default flags to use by 1358.Xr geli 8 1359when configuring disk encryption. 1360Flags can be configured for every device separately by defining 1361.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1362variable. 1363.It Va geli_autodetach 1364.Pq Vt str 1365Specifies if GELI devices should be marked for detach on last close after 1366file systems are mounted. 1367Default is 1368.Dq Li YES . 1369This can be changed for every device separately by defining 1370.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1371variable. 1372.It Va geli_swap_flags 1373Options passed to the 1374.Xr geli 8 1375utility when encrypted GEOM providers for swap partitions are created. 1376The default is 1377.Dq Li "-a aes -l 256 -s 4096 -d" . 1378.It Va root_rw_mount 1379.Pq Vt bool 1380Set to 1381.Dq Li YES 1382by default. 1383After the file systems are checked at boot time, the root file system 1384is remounted as read-write if this is set to 1385.Dq Li YES . 1386Diskless systems that mount their root file system from a read-only remote 1387NFS share should set this to 1388.Dq Li NO 1389in their 1390.Pa rc.conf . 1391.It Va fsck_y_enable 1392.Pq Vt bool 1393If set to 1394.Dq Li YES , 1395.Xr fsck 8 1396will be run with the 1397.Fl y 1398flag if the initial preen 1399of the file systems fails. 1400.It Va background_fsck 1401.Pq Vt bool 1402If set to 1403.Dq Li YES , 1404the system will attempt to run 1405.Xr fsck 8 1406in the background where possible. 1407.It Va background_fsck_delay 1408.Pq Vt int 1409The amount of time in seconds to sleep before starting a background 1410.Xr fsck 8 . 1411It defaults to sixty seconds to allow large applications such as 1412the X server to start before disk I/O bandwidth is monopolized by 1413.Xr fsck 8 . 1414If set to a negative number, the background file system check will be 1415delayed indefinitely to allow the administrator to run it at a more 1416convenient time. 1417For example it may be run from 1418.Xr cron 8 1419by adding a line like 1420.Pp 1421.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1422.Pp 1423to 1424.Pa /etc/crontab . 1425.It Va netfs_types 1426.Pq Vt str 1427List of file system types that are network-based. 1428This list should generally not be modified by end users. 1429Use 1430.Va extra_netfs_types 1431instead. 1432.It Va extra_netfs_types 1433.Pq Vt str 1434If set to something other than 1435.Dq Li NO 1436(the default), 1437this variable extends the list of file system types 1438for which automatic mounting at startup by 1439.Xr rc 8 1440should be delayed until the network is initialized. 1441It should contain 1442a whitespace-separated list of network file system descriptor pairs, 1443each consisting of a file system type as passed to 1444.Xr mount 8 1445and a human-readable, one-word description, 1446joined with a colon 1447.Pq Ql \&: . 1448Extending the default list in this way is only necessary 1449when third party file system types are used. 1450.It Va syslogd_enable 1451.Pq Vt bool 1452If set to 1453.Dq Li YES , 1454run the 1455.Xr syslogd 8 1456daemon. 1457.It Va syslogd_program 1458.Pq Vt str 1459Path to 1460.Xr syslogd 8 1461(default 1462.Pa /usr/sbin/syslogd ) . 1463.It Va syslogd_flags 1464.Pq Vt str 1465If 1466.Va syslogd_enable 1467is set to 1468.Dq Li YES , 1469these are the flags to pass to 1470.Xr syslogd 8 . 1471.It Va inetd_enable 1472.Pq Vt bool 1473If set to 1474.Dq Li YES , 1475run the 1476.Xr inetd 8 1477daemon. 1478.It Va inetd_program 1479.Pq Vt str 1480Path to 1481.Xr inetd 8 1482(default 1483.Pa /usr/sbin/inetd ) . 1484.It Va inetd_flags 1485.Pq Vt str 1486If 1487.Va inetd_enable 1488is set to 1489.Dq Li YES , 1490these are the flags to pass to 1491.Xr inetd 8 . 1492.It Va named_enable 1493.Pq Vt bool 1494If set to 1495.Dq Li YES , 1496run the 1497.Xr named 8 1498daemon. 1499.It Va named_program 1500.Pq Vt str 1501Path to 1502.Xr named 8 1503(default 1504.Pa /usr/sbin/named ) . 1505.It Va named_flags 1506.Pq Vt str 1507If 1508.Va named_enable 1509is set to 1510.Dq Li YES , 1511these are the flags to pass to 1512.Xr named 8 . 1513.It Va named_pidfile 1514.Pq Vt str 1515This is the default path to the 1516.Xr named 8 1517daemon's PID file. 1518This must match the location in 1519.Xr named.conf 5 . 1520.It Va named_uid 1521.Pq Vt str 1522The user that the 1523.Xr named 8 1524process should be run as. 1525.It Va named_chrootdir 1526.Pq Vt str 1527The root directory for a name server run in a 1528.Xr chroot 8 1529environment (default 1530.Pa /var/named ) . 1531If left empty 1532.Xr named 8 1533will not be run in a 1534.Xr chroot 8 1535environment. 1536.It Va named_chroot_autoupdate 1537.Pq Vt bool 1538Set to 1539.Dq Li NO 1540to disable automatic update of the 1541.Xr chroot 8 1542environment. 1543.It Va named_symlink_enable 1544.Pq Vt bool 1545Set to 1546.Dq Li NO 1547to disable symlinking of 1548daemon's PID file 1549into the 1550.Xr chroot 8 1551environment. 1552.It Va kerberos5_server_enable 1553.Pq Vt bool 1554Set to 1555.Dq Li YES 1556to start a Kerberos 5 authentication server 1557at boot time. 1558.It Va kerberos5_server 1559.Pq Vt str 1560If 1561.Va kerberos5_server_enable 1562is set to 1563.Dq Li YES 1564this is the path to Kerberos 5 Authentication Server. 1565.It Va kerberos5_server_flags 1566.Pq Vt str 1567Empty by default. 1568This variable contains additional flags to be passed to the Kerberos 5 1569authentication server. 1570.It Va kadmind5_server_enable 1571.Pq Vt bool 1572Set to 1573.Dq Li YES 1574to start 1575.Xr kadmind 8 , 1576the Kerberos 5 Administration Daemon; set to 1577.Dq Li NO 1578on a slave server. 1579.It Va kadmind5_server 1580.Pq Vt str 1581If 1582.Va kadmind5_server_enable 1583is set to 1584.Dq Li YES 1585this is the path to Kerberos 5 Administration Daemon. 1586.It Va kpasswdd_server_enable 1587.Pq Vt bool 1588Set to 1589.Dq Li YES 1590to start 1591.Xr kpasswdd 8 , 1592the Kerberos 5 Password-Changing Daemon; set to 1593.Dq Li NO 1594on a slave server. 1595.It Va kpasswdd_server 1596.Pq Vt str 1597If 1598.Va kpasswdd_server_enable 1599is set to 1600.Dq Li YES 1601this is the path to Kerberos 5 Password-Changing Daemon. 1602.It Va rwhod_enable 1603.Pq Vt bool 1604If set to 1605.Dq Li YES , 1606run the 1607.Xr rwhod 8 1608daemon at boot time. 1609.It Va rwhod_flags 1610.Pq Vt str 1611If 1612.Va rwhod_enable 1613is set to 1614.Dq Li YES , 1615these are the flags to pass to it. 1616.It Va amd_enable 1617.Pq Vt bool 1618If set to 1619.Dq Li YES , 1620run the 1621.Xr amd 8 1622daemon at boot time. 1623.It Va amd_flags 1624.Pq Vt str 1625If 1626.Va amd_enable 1627is set to 1628.Dq Li YES , 1629these are the flags to pass to it. 1630See the 1631.Xr amd 8 1632manpage for more information. 1633.It Va amd_map_program 1634.Pq Vt str 1635If set, 1636the specified program is run to get the list of 1637.Xr amd 8 1638maps. 1639For example, if the 1640.Xr amd 8 1641maps are stored in NIS, one can set this to 1642run 1643.Xr ypcat 1 1644to get a list of 1645.Xr amd 8 1646maps from the 1647.Pa amd.master 1648NIS map. 1649.It Va update_motd 1650.Pq Vt bool 1651If set to 1652.Dq Li YES , 1653.Pa /etc/motd 1654will be updated at boot time to reflect the kernel release 1655being run. 1656If set to 1657.Dq Li NO , 1658.Pa /etc/motd 1659will not be updated. 1660.It Va nfs_client_enable 1661.Pq Vt bool 1662If set to 1663.Dq Li YES , 1664run the NFS client daemons at boot time. 1665.It Va nfs_access_cache 1666.Pq Vt int 1667If 1668.Va nfs_client_enable 1669is set to 1670.Dq Li YES , 1671this can be set to 1672.Dq Li 0 1673to disable NFS ACCESS RPC caching, or to the number of seconds for which 1674NFS ACCESS 1675results should be cached. 1676A value of 2-10 seconds will substantially reduce network 1677traffic for many NFS operations. 1678.It Va nfs_server_enable 1679.Pq Vt bool 1680If set to 1681.Dq Li YES , 1682run the NFS server daemons at boot time. 1683.It Va nfs_server_flags 1684.Pq Vt str 1685If 1686.Va nfs_server_enable 1687is set to 1688.Dq Li YES , 1689these are the flags to pass to the 1690.Xr nfsd 8 1691daemon. 1692.It Va idmapd_enable 1693.Pq Vt bool 1694If set to 1695.Dq Li YES , 1696run the ID mapping daemon for NFS version 4. 1697.It Va idmapd_flags 1698.Pq Vt str 1699If 1700.Va idmapd_enable 1701is set to 1702.Dq Li YES , 1703these are the flags to pass to the 1704.Xr idmapd 8 1705daemon. 1706.It Va mountd_enable 1707.Pq Vt bool 1708If set to 1709.Dq Li YES , 1710and no 1711.Va nfs_server_enable 1712is set, start 1713.Xr mountd 8 , 1714but not 1715.Xr nfsd 8 1716daemon. 1717It is commonly needed to run CFS without real NFS used. 1718.It Va mountd_flags 1719.Pq Vt str 1720If 1721.Va mountd_enable 1722is set to 1723.Dq Li YES , 1724these are the flags to pass to the 1725.Xr mountd 8 1726daemon. 1727.It Va weak_mountd_authentication 1728.Pq Vt bool 1729If set to 1730.Dq Li YES , 1731allow services like PCNFSD to make non-privileged mount 1732requests. 1733.It Va nfs_reserved_port_only 1734.Pq Vt bool 1735If set to 1736.Dq Li YES , 1737provide NFS services only on a secure port. 1738.It Va nfs_bufpackets 1739.Pq Vt int 1740If set to a number, indicates the number of packets worth of 1741socket buffer space to reserve on an NFS client. 1742The kernel default is typically 4. 1743Using a higher number may be 1744useful on gigabit networks to improve performance. 1745The minimum value is 17462 and the maximum is 64. 1747.It Va rpc_lockd_enable 1748.Pq Vt bool 1749If set to 1750.Dq Li YES 1751and also an NFS server or client, run 1752.Xr rpc.lockd 8 1753at boot time. 1754.It Va rpc_lockd_flags 1755.Pq Vt str 1756If 1757.Va rpc_lockd_enable 1758is set to 1759.Dq Li YES , 1760these are the flags to pass to the 1761.Xr rpc.lockd 8 1762daemon. 1763.It Va rpc_statd_enable 1764.Pq Vt bool 1765If set to 1766.Dq Li YES 1767and also an NFS server or client, run 1768.Xr rpc.statd 8 1769at boot time. 1770.It Va rpc_statd_flags 1771.Pq Vt str 1772If 1773.Va rpc_statd_enable 1774is set to 1775.Dq Li YES , 1776these are the flags to pass to the 1777.Xr rpc.statd 8 1778daemon. 1779.It Va rpcbind_program 1780.Pq Vt str 1781Path to 1782.Xr rpcbind 8 1783(default 1784.Pa /usr/sbin/rpcbind ) . 1785.It Va rpcbind_enable 1786.Pq Vt bool 1787If set to 1788.Dq Li YES , 1789run the 1790.Xr rpcbind 8 1791service at boot time. 1792.It Va rpcbind_flags 1793.Pq Vt str 1794If 1795.Va rpcbind_enable 1796is set to 1797.Dq Li YES , 1798these are the flags to pass to the 1799.Xr rpcbind 8 1800daemon. 1801.It Va keyserv_enable 1802.Pq Vt bool 1803If set to 1804.Dq Li YES , 1805run the 1806.Xr keyserv 8 1807daemon on boot for running Secure RPC. 1808.It Va keyserv_flags 1809.Pq Vt str 1810If 1811.Va keyserv_enable 1812is set to 1813.Dq Li YES , 1814these are the flags to pass to 1815.Xr keyserv 8 1816daemon. 1817.It Va pppoed_enable 1818.Pq Vt bool 1819If set to 1820.Dq Li YES , 1821run the 1822.Xr pppoed 8 1823daemon at boot time to provide PPP over Ethernet services. 1824.It Va pppoed_ Ns Aq Ar provider 1825.Pq Vt str 1826.Xr pppoed 8 1827listens to requests to this 1828.Ar provider 1829and ultimately runs 1830.Xr ppp 8 1831with a 1832.Ar system 1833argument of the same name. 1834.It Va pppoed_flags 1835.Pq Vt str 1836Additional flags to pass to 1837.Xr pppoed 8 . 1838.It Va pppoed_interface 1839.Pq Vt str 1840The network interface to run 1841.Xr pppoed 8 1842on. 1843This is mandatory when 1844.Va pppoed_enable 1845is set to 1846.Dq Li YES . 1847.It Va timed_enable 1848.Pq Vt bool 1849If set to 1850.Dq Li YES , 1851run the 1852.Xr timed 8 1853service at boot time. 1854This command is intended for networks of 1855machines where a consistent 1856.Dq "network time" 1857for all hosts must be established. 1858This is often useful in large NFS 1859environments where time stamps on files are expected to be consistent 1860network-wide. 1861.It Va timed_flags 1862.Pq Vt str 1863If 1864.Va timed_enable 1865is set to 1866.Dq Li YES , 1867these are the flags to pass to the 1868.Xr timed 8 1869service. 1870.It Va ntpdate_enable 1871.Pq Vt bool 1872If set to 1873.Dq Li YES , 1874run 1875.Xr ntpdate 8 1876at system startup. 1877This command is intended to 1878synchronize the system clock only 1879.Em once 1880from some standard reference. 1881An option to set this up initially 1882(from a list of known servers) is also provided by the 1883.Xr sysinstall 8 1884program when the system is first installed. 1885.It Va ntpdate_config 1886.Pq Vt str 1887Configuration file for 1888.Xr ntpdate 8 . 1889Default 1890.Pa /etc/ntp.conf . 1891.It Va ntpdate_hosts 1892.Pq Vt str 1893A whitespace-separated list of NTP servers to synchronize with at startup. 1894The default is to use the servers listed in 1895.Va ntpdate_config , 1896if that file exists. 1897.It Va ntpdate_program 1898.Pq Vt str 1899Path to 1900.Xr ntpdate 8 1901(default 1902.Pa /usr/sbin/ntpdate ) . 1903.It Va ntpdate_flags 1904.Pq Vt str 1905If 1906.Va ntpdate_enable 1907is set to 1908.Dq Li YES , 1909these are the flags to pass to the 1910.Xr ntpdate 8 1911command (typically a hostname). 1912.It Va ntpd_enable 1913.Pq Vt bool 1914If set to 1915.Dq Li YES , 1916run the 1917.Xr ntpd 8 1918command at boot time. 1919.It Va ntpd_program 1920.Pq Vt str 1921Path to 1922.Xr ntpd 8 1923(default 1924.Pa /usr/sbin/ntpd ) . 1925.It Va ntpd_config 1926.Pq Vt str 1927Path to 1928.Xr ntpd 8 1929configuration file. 1930Default 1931.Pa /etc/ntp.conf . 1932.It Va ntpd_flags 1933.Pq Vt str 1934If 1935.Va ntpd_enable 1936is set to 1937.Dq Li YES , 1938these are the flags to pass to the 1939.Xr ntpd 8 1940daemon. 1941.It Va ntpd_sync_on_start 1942.Pq Vt bool 1943If set to 1944.Dq Li YES , 1945.Xr ntpd 8 1946is run with the 1947.Fl g 1948flag, which syncs the system's clock on startup. 1949See 1950.Xr ntpd 8 1951for more information regarding the 1952.Fl g 1953option. 1954This is a preferred alternative to using 1955.Xr ntpdate 8 1956or specifying the 1957.Va ntpdate_enable 1958variable. 1959.It Va nis_client_enable 1960.Pq Vt bool 1961If set to 1962.Dq Li YES , 1963run the 1964.Xr ypbind 8 1965service at system boot time. 1966.It Va nis_client_flags 1967.Pq Vt str 1968If 1969.Va nis_client_enable 1970is set to 1971.Dq Li YES , 1972these are the flags to pass to the 1973.Xr ypbind 8 1974service. 1975.It Va nis_ypset_enable 1976.Pq Vt bool 1977If set to 1978.Dq Li YES , 1979run the 1980.Xr ypset 8 1981daemon at system boot time. 1982.It Va nis_ypset_flags 1983.Pq Vt str 1984If 1985.Va nis_ypset_enable 1986is set to 1987.Dq Li YES , 1988these are the flags to pass to the 1989.Xr ypset 8 1990daemon. 1991.It Va nis_server_enable 1992.Pq Vt bool 1993If set to 1994.Dq Li YES , 1995run the 1996.Xr ypserv 8 1997daemon at system boot time. 1998.It Va nis_server_flags 1999.Pq Vt str 2000If 2001.Va nis_server_enable 2002is set to 2003.Dq Li YES , 2004these are the flags to pass to the 2005.Xr ypserv 8 2006daemon. 2007.It Va nis_ypxfrd_enable 2008.Pq Vt bool 2009If set to 2010.Dq Li YES , 2011run the 2012.Xr rpc.ypxfrd 8 2013daemon at system boot time. 2014.It Va nis_ypxfrd_flags 2015.Pq Vt str 2016If 2017.Va nis_ypxfrd_enable 2018is set to 2019.Dq Li YES , 2020these are the flags to pass to the 2021.Xr rpc.ypxfrd 8 2022daemon. 2023.It Va nis_yppasswdd_enable 2024.Pq Vt bool 2025If set to 2026.Dq Li YES , 2027run the 2028.Xr rpc.yppasswdd 8 2029daemon at system boot time. 2030.It Va nis_yppasswdd_flags 2031.Pq Vt str 2032If 2033.Va nis_yppasswdd_enable 2034is set to 2035.Dq Li YES , 2036these are the flags to pass to the 2037.Xr rpc.yppasswdd 8 2038daemon. 2039.It Va rpc_ypupdated_enable 2040.Pq Vt bool 2041If set to 2042.Dq Li YES , 2043run the 2044.Nm rpc.ypupdated 2045daemon at system boot time. 2046.It Va bsnmpd_enable 2047.Pq Vt bool 2048If set to 2049.Dq Li YES , 2050run the 2051.Xr bsnmpd 1 2052daemon at system boot time. 2053Be sure to understand the security implications of running SNMP daemon 2054on your host. 2055.It Va bsnmpd_flags 2056.Pq Vt str 2057If 2058.Va bsnmpd_enable 2059is set to 2060.Dq Li YES , 2061these are the flags to pass to the 2062.Xr bsnmpd 1 2063daemon. 2064.It Va defaultrouter 2065.Pq Vt str 2066If not set to 2067.Dq Li NO , 2068create a default route to this host name or IP address 2069(use an IP address if this router is also required to get to the 2070name server!). 2071.It Va ipv6_defaultrouter 2072.Pq Vt str 2073The IPv6 equivalent of 2074.Va defaultrouter . 2075.It Va static_routes 2076.Pq Vt str 2077Set to the list of static routes that are to be added at system 2078boot time. 2079If not set to 2080.Dq Li NO 2081then for each whitespace separated 2082.Ar element 2083in the value, a 2084.Va route_ Ns Aq Ar element 2085variable is assumed to exist 2086whose contents will later be passed to a 2087.Dq Nm route Cm add 2088operation. 2089For example: 2090.Bd -literal 2091static_routes="mcast gif0local" 2092route_mcast="-net 224.0.0.0/4 -iface gif0" 2093route_gif0local="-host 169.254.1.1 -iface lo0" 2094.Ed 2095.It Va ipv6_static_routes 2096.Pq Vt str 2097The IPv6 equivalent of 2098.Va static_routes . 2099If not set to 2100.Dq Li NO 2101then for each whitespace separated 2102.Ar element 2103in the value, a 2104.Va ipv6_route_ Ns Aq Ar element 2105variable is assumed to exist 2106whose contents will later be passed to a 2107.Dq Nm route Cm add Fl inet6 2108operation. 2109.It Va natm_static_routes 2110.Pq Vt str 2111The 2112.Xr natmip 4 2113equivalent of 2114.Va static_routes . 2115If not empty then for each whitespace separated 2116.Ar element 2117in the value, a 2118.Va route_ Ns Aq Ar element 2119variable is assumed to exist whose contents will later be passed to a 2120.Dq Nm atmconfig Cm natm Cm add 2121operation. 2122.It Va gateway_enable 2123.Pq Vt bool 2124If set to 2125.Dq Li YES , 2126configure host to act as an IP router, e.g.\& to forward packets 2127between interfaces. 2128.It Va ipv6_gateway_enable 2129.Pq Vt bool 2130The IPv6 equivalent of 2131.Va gateway_enable . 2132.It Va router_enable 2133.Pq Vt bool 2134If set to 2135.Dq Li YES , 2136run a routing daemon of some sort, based on the 2137settings of 2138.Va router 2139and 2140.Va router_flags . 2141.It Va ipv6_router_enable 2142.Pq Vt bool 2143The IPv6 equivalent of 2144.Va router_enable . 2145If set to 2146.Dq Li YES , 2147run a routing daemon of some sort, based on the 2148settings of 2149.Va ipv6_router 2150and 2151.Va ipv6_router_flags . 2152.It Va router 2153.Pq Vt str 2154If 2155.Va router_enable 2156is set to 2157.Dq Li YES , 2158this is the name of the routing daemon to use. 2159.It Va ipv6_router 2160.Pq Vt str 2161The IPv6 equivalent of 2162.Va router . 2163.It Va router_flags 2164.Pq Vt str 2165If 2166.Va router_enable 2167is set to 2168.Dq Li YES , 2169these are the flags to pass to the routing daemon. 2170.It Va ipv6_router_flags 2171.Pq Vt str 2172The IPv6 equivalent of 2173.Va router_flags . 2174.It Va mrouted_enable 2175.Pq Vt bool 2176If set to 2177.Dq Li YES , 2178run the multicast routing daemon, 2179.Xr mrouted 8 . 2180.It Va mroute6d_enable 2181.Pq Vt bool 2182The IPv6 equivalent of 2183.Va mrouted_enable . 2184If set to 2185.Dq Li YES , 2186run the IPv6 multicast routing daemon. 2187.Pp 2188Note that multicast routing daemons are no longer included in the 2189.Fx 2190base system, however, both 2191.Xr mrouted 8 2192and 2193.Xr pim6dd 8 2194may be installed from the 2195.Fx 2196Ports Collection. 2197.It Va mrouted_flags 2198.Pq Vt str 2199If 2200.Va mrouted_enable 2201is set to 2202.Dq Li YES , 2203these are the flags to pass to the 2204.Xr mrouted 8 2205daemon. 2206.It Va mroute6d_flags 2207.Pq Vt str 2208The IPv6 equivalent of 2209.Va mrouted_flags . 2210If 2211.Va mroute6d_enable 2212is set to 2213.Dq Li YES , 2214these are the flags passed to the IPv6 multicast routing daemon. 2215.It Va mroute6d_program 2216.Pq Vt str 2217If 2218.Va mroute6d_enable 2219is set to 2220.Dq Li YES , 2221this is the path to the IPv6 multicast routing daemon. 2222.It Va rtadvd_enable 2223.Pq Vt bool 2224If set to 2225.Dq Li YES , 2226run the 2227.Xr rtadvd 8 2228daemon at boot time. 2229.Xr rtadvd 8 2230will only run if 2231.Va ipv6_gateway_enable 2232is also set to 2233.Dq Li YES . 2234The 2235.Xr rtadvd 8 2236utility sends router advertisement packets to the interfaces specified in 2237.Va rtadvd_interfaces 2238and should only be enabled with great care. 2239You may want to fine-tune 2240.Xr rtadvd.conf 5 . 2241.It Va rtadvd_interfaces 2242.Pq Vt str 2243If 2244.Va rtadvd_enable 2245is set to 2246.Dq Li YES 2247this is the list of interfaces to use. 2248.It Va ipxgateway_enable 2249.Pq Vt bool 2250If set to 2251.Dq Li YES , 2252enable the routing of IPX traffic. 2253.It Va ipxrouted_enable 2254.Pq Vt bool 2255If set to 2256.Dq Li YES , 2257run the 2258.Xr IPXrouted 8 2259daemon at system boot time. 2260.It Va ipxrouted_flags 2261.Pq Vt str 2262If 2263.Va ipxrouted_enable 2264is set to 2265.Dq Li YES , 2266these are the flags to pass to the 2267.Xr IPXrouted 8 2268daemon. 2269.It Va arpproxy_all 2270.Pq Vt bool 2271If set to 2272.Dq Li YES , 2273enable global proxy ARP. 2274.It Va forward_sourceroute 2275.Pq Vt bool 2276If set to 2277.Dq Li YES 2278and 2279.Va gateway_enable 2280is also set to 2281.Dq Li YES , 2282source-routed packets are forwarded. 2283.It Va accept_sourceroute 2284.Pq Vt bool 2285If set to 2286.Dq Li YES , 2287the system will accept source-routed packets directed at it. 2288.It Va rarpd_enable 2289.Pq Vt bool 2290If set to 2291.Dq Li YES , 2292run the 2293.Xr rarpd 8 2294daemon at system boot time. 2295.It Va rarpd_flags 2296.Pq Vt str 2297If 2298.Va rarpd_enable 2299is set to 2300.Dq Li YES , 2301these are the flags to pass to the 2302.Xr rarpd 8 2303daemon. 2304.It Va bootparamd_enable 2305.Pq Vt bool 2306If set to 2307.Dq Li YES , 2308run the 2309.Xr bootparamd 8 2310daemon at system boot time. 2311.It Va bootparamd_flags 2312.Pq Vt str 2313If 2314.Va bootparamd_enable 2315is set to 2316.Dq Li YES , 2317these are the flags to pass to the 2318.Xr bootparamd 8 2319daemon. 2320.It Va stf_interface_ipv4addr 2321.Pq Vt str 2322If not set to 2323.Dq Li NO , 2324this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2325interface). 2326Specify this entry to enable the 6to4 interface. 2327.It Va stf_interface_ipv4plen 2328.Pq Vt int 2329Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2330An effective value is 0-31. 2331.It Va stf_interface_ipv6_ifid 2332.Pq Vt str 2333IPv6 interface ID for 2334.Xr stf 4 . 2335This can be set to 2336.Dq Li AUTO . 2337.It Va stf_interface_ipv6_slaid 2338.Pq Vt str 2339IPv6 Site Level Aggregator for 2340.Xr stf 4 . 2341.It Va ipv6_faith_prefix 2342.Pq Vt str 2343If not set to 2344.Dq Li NO , 2345this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2346translator. 2347You also need 2348.Xr faithd 8 2349setup. 2350.It Va ipv6_ipv4mapping 2351.Pq Vt bool 2352If set to 2353.Dq Li YES 2354this enables IPv4 mapped IPv6 address communication (like 2355.Li ::ffff:a.b.c.d ) . 2356.It Va atm_enable 2357.Pq Vt bool 2358Set to 2359.Dq Li YES 2360to enable the configuration of ATM interfaces at system boot time. 2361For all of the ATM variables described below, please refer to the 2362.Xr atm 8 2363manual page for further details on the available command parameters. 2364Also refer to the files in 2365.Pa /usr/share/examples/atm 2366for more detailed configuration information. 2367.It Va atm_load 2368.Pq Vt str 2369This is a list of physical ATM interface drivers to load. 2370Typical values are 2371.Dq Li hfa_pci 2372and/or 2373.Dq Li hea_pci . 2374.It Va atm_netif_ Ns Aq Ar intf 2375.Pq Vt str 2376For the ATM physical interface 2377.Ar intf , 2378this variable defines the name prefix and count for the ATM network 2379interfaces to be created. 2380The value will be passed as the parameters of an 2381.Dq Nm atm Cm "set netif" Ar intf 2382command. 2383.It Va atm_sigmgr_ Ns Aq Ar intf 2384.Pq Vt str 2385For the ATM physical interface 2386.Ar intf , 2387this variable defines the ATM signalling manager to be used. 2388The value will be passed as the parameters of an 2389.Dq Nm atm Cm attach Ar intf 2390command. 2391.It Va atm_prefix_ Ns Aq Ar intf 2392.Pq Vt str 2393For the ATM physical interface 2394.Ar intf , 2395this variable defines the NSAP prefix for interfaces using a UNI signalling 2396manager. 2397If set to 2398.Dq Li ILMI , 2399the prefix will automatically be set via the 2400.Xr ilmid 8 2401daemon. 2402Otherwise, the value will be passed as the parameters of an 2403.Dq Nm atm Cm "set prefix" Ar intf 2404command. 2405.It Va atm_macaddr_ Ns Aq Ar intf 2406.Pq Vt str 2407For the ATM physical interface 2408.Ar intf , 2409this variable defines the MAC address for interfaces using a UNI signalling 2410manager. 2411If set to 2412.Dq Li NO , 2413the hardware MAC address contained in the ATM interface card will be used. 2414Otherwise, the value will be passed as the parameters of an 2415.Dq Nm atm Cm "set mac" Ar intf 2416command. 2417.It Va atm_arpserver_ Ns Aq Ar netif 2418.Pq Vt str 2419For the ATM network interface 2420.Ar netif , 2421this variable defines the ATM address for a host which is to provide ATMARP 2422service. 2423This variable is only applicable to interfaces using a UNI signalling 2424manager. 2425If set to 2426.Dq Li local , 2427this host will become an ATMARP server. 2428The value will be passed as the parameters of an 2429.Dq Nm atm Cm "set arpserver" Ar netif 2430command. 2431.It Va atm_scsparp_ Ns Aq Ar netif 2432.Pq Vt bool 2433If set to 2434.Dq Li YES , 2435SCSP/ATMARP service for the network interface 2436.Ar netif 2437will be initiated using the 2438.Xr scspd 8 2439and 2440.Xr atmarpd 8 2441daemons. 2442This variable is only applicable if 2443.Va atm_arpserver_ Ns Aq Ar netif 2444is set to 2445.Dq Li local . 2446.It Va atm_pvcs 2447.Pq Vt str 2448Set to the list of ATM PVCs to be added at system 2449boot time. 2450For each whitespace separated 2451.Ar element 2452in the value, an 2453.Va atm_pvc_ Ns Aq Ar element 2454variable is assumed to exist. 2455The value of each of these variables 2456will be passed as the parameters of an 2457.Dq Nm atm Cm "add pvc" 2458command. 2459.It Va atm_arps 2460.Pq Vt str 2461Set to the list of permanent ATM ARP entries to be added 2462at system boot time. 2463For each whitespace separated 2464.Ar element 2465in the value, an 2466.Va atm_arp_ Ns Aq Ar element 2467variable is assumed to exist. 2468The value of each of these variables 2469will be passed as the parameters of an 2470.Dq Nm atm Cm "add arp" 2471command. 2472.It Va natm_interfaces 2473.Pq Vt str 2474Set to the list of 2475.Xr natm 4 2476interfaces that will also be used for HARP through 2477.Xr harp 4 . 2478If this list is not empty all interfaces in the list will be brought up 2479with 2480.Xr ifconfig 8 2481and 2482.Xr harp 4 2483will be loaded. 2484For this to work the interface drivers must be either compiled into the 2485kernel or must reside on the root partition. 2486.It Va keybell 2487.Pq Vt str 2488The keyboard bell sound. 2489Set to 2490.Dq Li normal , 2491.Dq Li visual , 2492.Dq Li off , 2493or 2494.Dq Li NO 2495if the default behavior is desired. 2496For details, refer to the 2497.Xr kbdcontrol 1 2498manpage. 2499.It Va keyboard 2500.Pq Vt str 2501If set to a non-null string, the virtual console's keyboard input is 2502set to this device. 2503.It Va keymap 2504.Pq Vt str 2505If set to 2506.Dq Li NO , 2507no keymap is installed, otherwise the value is used to install 2508the keymap file in 2509.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2510.It Va keyrate 2511.Pq Vt str 2512The keyboard repeat speed. 2513Set to 2514.Dq Li slow , 2515.Dq Li normal , 2516.Dq Li fast , 2517or 2518.Dq Li NO 2519if the default behavior is desired. 2520.It Va keychange 2521.Pq Vt str 2522If not set to 2523.Dq Li NO , 2524attempt to program the function keys with the value. 2525The value should 2526be a single string of the form: 2527.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2528.It Va cursor 2529.Pq Vt str 2530Can be set to the value of 2531.Dq Li normal , 2532.Dq Li blink , 2533.Dq Li destructive , 2534or 2535.Dq Li NO 2536to set the cursor behavior explicitly or choose the default behavior. 2537.It Va scrnmap 2538.Pq Vt str 2539If set to 2540.Dq Li NO , 2541no screen map is installed, otherwise the value is used to install 2542the screen map file in 2543.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2544.It Va font8x16 2545.Pq Vt str 2546If set to 2547.Dq Li NO , 2548the default 8x16 font value is used for screen size requests, otherwise 2549the value in 2550.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2551is used. 2552.It Va font8x14 2553.Pq Vt str 2554If set to 2555.Dq Li NO , 2556the default 8x14 font value is used for screen size requests, otherwise 2557the value in 2558.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2559is used. 2560.It Va font8x8 2561.Pq Vt str 2562If set to 2563.Dq Li NO , 2564the default 8x8 font value is used for screen size requests, otherwise 2565the value in 2566.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2567is used. 2568.It Va blanktime 2569.Pq Vt int 2570If set to 2571.Dq Li NO , 2572the default screen blanking interval is used, otherwise it is set 2573to 2574.Ar value 2575seconds. 2576.It Va saver 2577.Pq Vt str 2578If not set to 2579.Dq Li NO , 2580this is the actual screen saver to use 2581.Li ( blank , snake , daemon , 2582etc). 2583.It Va moused_nondefault_enable 2584.Pq Vt str 2585If set to 2586.Dq Li NO , 2587the mouse device specified on 2588the command line is not automatically treated as enabled by the 2589.Pa /etc/rc.d/moused 2590script. 2591Having this variable set to 2592.Dq Li YES 2593allows a 2594.Xr usb 4 2595mouse, 2596for example, 2597to be enabled as soon as it is plugged in. 2598.It Va moused_enable 2599.Pq Vt str 2600If set to 2601.Dq Li YES , 2602the 2603.Xr moused 8 2604daemon is started for doing cut/paste selection on the console. 2605.It Va moused_type 2606.Pq Vt str 2607This is the protocol type of the mouse connected to this host. 2608This variable must be set if 2609.Va moused_enable 2610is set to 2611.Dq Li YES . 2612The 2613.Xr moused 8 2614daemon 2615is able to detect the appropriate mouse type automatically in many cases. 2616Set this variable to 2617.Dq Li auto 2618to let the daemon detect it, or 2619select one from the following list if the automatic detection fails. 2620.Pp 2621If the mouse is attached to the PS/2 mouse port, choose 2622.Dq Li auto 2623or 2624.Dq Li ps/2 , 2625regardless of the brand and model of the mouse. 2626Likewise, if the 2627mouse is attached to the bus mouse port, choose 2628.Dq Li auto 2629or 2630.Dq Li busmouse . 2631All other protocols are for serial mice and will not work with 2632the PS/2 and bus mice. 2633If this is a USB mouse, 2634.Dq Li auto 2635is the only protocol type which will work. 2636.Pp 2637.Bl -tag -width ".Li x10mouseremote" -compact 2638.It Li microsoft 2639Microsoft mouse (serial) 2640.It Li intellimouse 2641Microsoft IntelliMouse (serial) 2642.It Li mousesystems 2643Mouse systems Corp.\& mouse (serial) 2644.It Li mmseries 2645MM Series mouse (serial) 2646.It Li logitech 2647Logitech mouse (serial) 2648.It Li busmouse 2649A bus mouse 2650.It Li mouseman 2651Logitech MouseMan and TrackMan (serial) 2652.It Li glidepoint 2653ALPS GlidePoint (serial) 2654.It Li thinkingmouse 2655Kensington ThinkingMouse (serial) 2656.It Li ps/2 2657PS/2 mouse 2658.It Li mmhittab 2659MM HitTablet (serial) 2660.It Li x10mouseremote 2661X10 MouseRemote (serial) 2662.It Li versapad 2663Interlink VersaPad (serial) 2664.El 2665.Pp 2666Even if the mouse is not in the above list, it may be compatible 2667with one in the list. 2668Refer to the manual page for 2669.Xr moused 8 2670for compatibility information. 2671.Pp 2672It should also be noted that while this is enabled, any 2673other client of the mouse (such as an X server) should access 2674the mouse through the virtual mouse device, 2675.Pa /dev/sysmouse , 2676and configure it as a 2677.Dq Li sysmouse 2678type mouse, since all 2679mouse data is converted to this single canonical format when 2680using 2681.Xr moused 8 . 2682If the client program does not support the 2683.Dq Li sysmouse 2684type, 2685specify the 2686.Dq Li mousesystems 2687type. 2688It is the second preferred type. 2689.It Va moused_port 2690.Pq Vt str 2691If 2692.Va moused_enable 2693is set to 2694.Dq Li YES , 2695this is the actual port the mouse is on. 2696It might be 2697.Pa /dev/cuad0 2698for a COM1 serial mouse, 2699.Pa /dev/psm0 2700for a PS/2 mouse or 2701.Pa /dev/mse0 2702for a bus mouse, for example. 2703.It Va moused_flags 2704.Pq Vt str 2705If 2706.Va moused_type 2707is set, these are the additional flags to pass to the 2708.Xr moused 8 2709daemon. 2710.It Va mousechar_start 2711.Pq Vt int 2712If set to 2713.Dq Li NO , 2714the default mouse cursor character range 2715.Li 0xd0 Ns - Ns Li 0xd3 2716is used, 2717otherwise the range start is set 2718to 2719.Ar value 2720character, see 2721.Xr vidcontrol 1 . 2722Use if the default range is occupied in the language code table. 2723.It Va allscreens_flags 2724.Pq Vt str 2725If set, 2726.Xr vidcontrol 1 2727is run with these options for each of the virtual terminals 2728.Pq Pa /dev/ttyv* . 2729For example, 2730.Dq Fl m Cm on 2731will enable the mouse pointer on all virtual terminals 2732if 2733.Va moused_enable 2734is set to 2735.Dq Li YES . 2736.It Va allscreens_kbdflags 2737.Pq Vt str 2738If set, 2739.Xr kbdcontrol 1 2740is run with these options for each of the virtual terminals 2741.Pq Pa /dev/ttyv* . 2742For example, 2743.Dq Fl h Li 200 2744will set the 2745.Xr syscons 4 2746scrollback (history) buffer to 200 lines. 2747.It Va cron_enable 2748.Pq Vt bool 2749If set to 2750.Dq Li YES , 2751run the 2752.Xr cron 8 2753daemon at system boot time. 2754.It Va cron_program 2755.Pq Vt str 2756Path to 2757.Xr cron 8 2758(default 2759.Pa /usr/sbin/cron ) . 2760.It Va cron_flags 2761.Pq Vt str 2762If 2763.Va cron_enable 2764is set to 2765.Dq Li YES , 2766these are the flags to pass to 2767.Xr cron 8 . 2768.It Va cron_dst 2769.Pq Vt bool 2770If set to 2771.Dq Li YES , 2772enable the special handling of transitions to and from the 2773Daylight Saving Time in 2774.Xr cron 8 2775(equivalent to using the flag 2776.Fl s ) . 2777.It Va lpd_program 2778.Pq Vt str 2779Path to 2780.Xr lpd 8 2781(default 2782.Pa /usr/sbin/lpd ) . 2783.It Va lpd_enable 2784.Pq Vt bool 2785If set to 2786.Dq Li YES , 2787run the 2788.Xr lpd 8 2789daemon at system boot time. 2790.It Va lpd_flags 2791.Pq Vt str 2792If 2793.Va lpd_enable 2794is set to 2795.Dq Li YES , 2796these are the flags to pass to the 2797.Xr lpd 8 2798daemon. 2799.It Va chkprintcap_enable 2800.Pq Vt bool 2801If set to 2802.Dq Li YES , 2803run the 2804.Xr chkprintcap 8 2805command before starting the 2806.Xr lpd 8 2807daemon. 2808.It Va chkprintcap_flags 2809.Pq Vt str 2810If 2811.Va lpd_enable 2812and 2813.Va chkprintcap_enable 2814are set to 2815.Dq Li YES , 2816these are the flags to pass to the 2817.Xr chkprintcap 8 2818program. 2819The default is 2820.Dq Li -d , 2821which causes missing directories to be created. 2822.It Va mta_start_script 2823.Pq Vt str 2824This variable specifies the full path to the script to run to start 2825a mail transfer agent. 2826The default is 2827.Pa /etc/rc.sendmail . 2828The 2829.Va sendmail_* 2830variables which 2831.Pa /etc/rc.sendmail 2832uses are documented in the 2833.Xr rc.sendmail 8 2834manual page. 2835.It Va dumpdev 2836.Pq Vt str 2837Indicates the device (usually a swap partition) to which a crash dump 2838should be written in the event of a system crash. 2839If the value of this variable is 2840.Dq Li AUTO , 2841the first suitable swap device listed in 2842.Pa /etc/fstab 2843will be used as dump device. 2844Otherwise, the value of this variable is passed as the argument to 2845.Xr dumpon 8 . 2846To disable crash dumps, set this variable to 2847.Dq Li NO . 2848.It Va dumpdir 2849.Pq Vt str 2850When the system reboots after a crash and a crash dump is found on the 2851device specified by the 2852.Va dumpdev 2853variable, 2854.Xr savecore 8 2855will save that crash dump and a copy of the kernel to the directory 2856specified by the 2857.Va dumpdir 2858variable. 2859The default value is 2860.Pa /var/crash . 2861Set to 2862.Dq Li NO 2863to not run 2864.Xr savecore 8 2865at boot time when 2866.Va dumpdir 2867is set. 2868.It Va savecore_flags 2869.Pq Vt str 2870If crash dumps are enabled, these are the flags to pass to the 2871.Xr savecore 8 2872utility. 2873.It Va enable_quotas 2874.Pq Vt bool 2875Set to 2876.Dq Li YES 2877to turn on user and group disk quotas on system startup via the 2878.Xr quotaon 8 2879command for all file systems marked as having quotas enabled in 2880.Pa /etc/fstab . 2881The kernel must be built with 2882.Cd "options QUOTA" 2883for disk quotas to function. 2884.It Va check_quotas 2885.Pq Vt bool 2886Set to 2887.Dq Li YES 2888to enable user and group disk quota checking via the 2889.Xr quotacheck 8 2890command. 2891.It Va quotacheck_flags 2892.Pq Vt str 2893If 2894.Va enable_quotas 2895is set to 2896.Dq Li YES , 2897and 2898.Va check_quotas 2899is set to 2900.Dq Li YES , 2901these are the flags to pass to the 2902.Xr quotacheck 8 2903utility. 2904The default is 2905.Dq Li "-a" , 2906which checks quotas for all file systems with quotas enabled in 2907.Pa /etc/fstab . 2908.It Va quotaon_flags 2909.Pq Vt str 2910If 2911.Va enable_quotas 2912is set to 2913.Dq Li YES , 2914these are the flags to pass to the 2915.Xr quotaon 8 2916utility. 2917The default is 2918.Dq Li "-a" , 2919which enables quotas for all file systems with quotas enabled in 2920.Pa /etc/fstab . 2921.It Va quotaoff_flags 2922.Pq Vt str 2923If 2924.Va enable_quotas 2925is set to 2926.Dq Li YES , 2927these are the flags to pass to the 2928.Xr quotaoff 8 2929utility when shutting down the quota system. 2930The default is 2931.Dq Li "-a" , 2932which disables quotas for all file systems with quotas enabled in 2933.Pa /etc/fstab . 2934.It Va accounting_enable 2935.Pq Vt bool 2936Set to 2937.Dq Li YES 2938to enable system accounting through the 2939.Xr accton 8 2940facility. 2941.It Va ibcs2_enable 2942.Pq Vt bool 2943Set to 2944.Dq Li YES 2945to enable iBCS2 (SCO) binary emulation at system initial boot 2946time. 2947.It Va ibcs2_loaders 2948.Pq Vt str 2949If not set to 2950.Dq Li NO 2951and if 2952.Va ibcs2_enable 2953is set to 2954.Dq Li YES , 2955this specifies a list of additional iBCS2 loaders to enable. 2956.It Va linux_enable 2957.Pq Vt bool 2958Set to 2959.Dq Li YES 2960to enable Linux/ELF binary emulation at system initial 2961boot time. 2962.It Va svr4_enable 2963.Pq Vt bool 2964If set to 2965.Dq Li YES , 2966enable SysVR4 emulation at boot time. 2967.It Va sysvipc_enable 2968.Pq Vt bool 2969If set to 2970.Dq Li YES , 2971load System V IPC primitives at boot time. 2972.It Va clear_tmp_enable 2973.Pq Vt bool 2974Set to 2975.Dq Li YES 2976to have 2977.Pa /tmp 2978cleaned at startup. 2979.It Va clear_tmp_X 2980.Pq Vt bool 2981Set to 2982.Dq Li NO 2983to disable removing of X11 lock files, 2984and the removal and (secure) recreation 2985of the various socket directories for X11 2986related programs. 2987.It Va ldconfig_paths 2988.Pq Vt str 2989Set to the list of shared library paths to use with 2990.Xr ldconfig 8 . 2991NOTE: 2992.Pa /usr/lib 2993will always be added first, so it need not appear in this list. 2994.It Va ldconfig32_paths 2995.Pq Vt str 2996Set to the list of 32-bit compatibility shared library paths to 2997use with 2998.Xr ldconfig 8 . 2999.It Va ldconfig_paths_aout 3000.Pq Vt str 3001Set to the list of shared library paths to use with 3002.Xr ldconfig 8 3003legacy 3004.Xr a.out 5 3005support. 3006.It Va ldconfig_insecure 3007.Pq Vt bool 3008The 3009.Xr ldconfig 8 3010utility normally refuses to use directories 3011which are writable by anyone except root. 3012Set this variable to 3013.Dq Li YES 3014to disable that security check during system startup. 3015.It Va ldconfig_local_dirs 3016.Pq Vt str 3017Set to the list of local 3018.Xr ldconfig 8 3019directories. 3020The names of all files in the directories listed will be 3021passed as arguments to 3022.Xr ldconfig 8 . 3023.It Va ldconfig_local32_dirs 3024.Pq Vt str 3025Set to the list of local 32-bit compatibility 3026.Xr ldconfig 8 3027directories. 3028The names of all files in the directories listed will be 3029passed as arguments to 3030.Dq Nm ldconfig Fl 32 . 3031.It Va kern_securelevel_enable 3032.Pq Vt bool 3033Set to 3034.Dq Li YES 3035to set the kernel security level at system startup. 3036.It Va kern_securelevel 3037.Pq Vt int 3038The kernel security level to set at startup. 3039The allowed range of 3040.Ar value 3041ranges from \-1 (the compile time default) to 3 (the 3042most secure). 3043See 3044.Xr init 8 3045for the list of possible security levels and their effect 3046on system operation. 3047.It Va sshd_program 3048.Pq Vt str 3049Path to the SSH server program 3050.Pa ( /usr/sbin/sshd 3051is the default). 3052.It Va sshd_enable 3053.Pq Vt bool 3054Set to 3055.Dq Li YES 3056to start 3057.Xr sshd 8 3058at system boot time. 3059.It Va sshd_flags 3060.Pq Vt str 3061If 3062.Va sshd_enable 3063is set to 3064.Dq Li YES , 3065these are the flags to pass to the 3066.Xr sshd 8 3067daemon. 3068.It Va ftpd_program 3069.Pq Vt str 3070Path to the FTP server program 3071.Pa ( /usr/libexec/ftpd 3072is the default). 3073.It Va ftpd_enable 3074.Pq Vt bool 3075Set to 3076.Dq Li YES 3077to start 3078.Xr ftpd 8 3079as a stand-alone daemon at system boot time. 3080.It Va ftpd_flags 3081.Pq Vt str 3082If 3083.Va ftpd_enable 3084is set to 3085.Dq Li YES , 3086these are the additional flags to pass to the 3087.Xr ftpd 8 3088daemon. 3089.It Va watchdogd_enable 3090.Pq Vt bool 3091If set to 3092.Dq Li YES , 3093start the 3094.Xr watchdogd 8 3095daemon at boot time. 3096This requires that the kernel have been compiled with a 3097.Xr watchdog 4 3098compatible device. 3099.It Va watchdogd_flags 3100.Pq Vt str 3101If 3102.Va watchdogd_enable 3103is set to 3104.Dq Li YES , 3105these are the flags passed to the 3106.Xr watchdogd 8 3107daemon. 3108.It Va performance_cx_lowest 3109.Pq Vt str 3110CPU idle state to use while on AC power. 3111The string 3112.Dq Li LOW 3113indicates that 3114.Xr acpi 4 3115should use the lowest power state available while 3116.Dq Li HIGH 3117indicates that the lowest latency state (less power savings) should be used. 3118.It Va performance_cpu_freq 3119.Pq Vt str 3120CPU clock frequency to use while on AC power. 3121The string 3122.Dq Li LOW 3123indicates that 3124.Xr cpufreq 4 3125should use the lowest frequency available while 3126.Dq Li HIGH 3127indicates that the highest frequency (less power savings) should be used. 3128.It Va economy_cx_lowest 3129.Pq Vt str 3130CPU idle state to use when off AC power. 3131The string 3132.Dq Li LOW 3133indicates that 3134.Xr acpi 4 3135should use the lowest power state available while 3136.Dq Li HIGH 3137indicates that the lowest latency state (less power savings) should be used. 3138.It Va economy_cpu_freq 3139.Pq Vt str 3140CPU clock frequency to use when off AC power. 3141The string 3142.Dq Li LOW 3143indicates that 3144.Xr cpufreq 4 3145should use the lowest frequency available while 3146.Dq Li HIGH 3147indicates that the highest frequency (less power savings) should be used. 3148.It Va jail_enable 3149.Pq Vt bool 3150If set to 3151.Dq Li NO , 3152any configured jails will not be started. 3153.It Va jail_list 3154.Pq Vt str 3155A space separated list of names for jails. 3156This is purely a configuration aid to help identify and 3157configure multiple jails. 3158The names specified in this list will be used to 3159identify settings common to an instance of a jail. 3160Assuming that the jail in question was named 3161.Li vjail , 3162you would have the following dependent variables: 3163.Bd -literal 3164jail_vjail_hostname="jail.example.com" 3165jail_vjail_ip="192.168.1.100" 3166jail_vjail_rootdir="/var/jails/vjail/root" 3167.Ed 3168.Pp 3169.It Va jail_flags 3170.Pq Vt str 3171Unset by default. 3172When set, use as default value for 3173.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3174for every jail in 3175.Va jail_list . 3176.It Va jail_interface 3177.Pq Vt str 3178Unset by default. 3179When set, use as default value for 3180.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3181for every jail in 3182.Va jail_list . 3183.It Va jail_fstab 3184.Pq Vt str 3185Unset by default. 3186When set, use as default value for 3187.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3188for every jail in 3189.Va jail_list . 3190.It Va jail_mount_enable 3191.Pq Vt bool 3192Set to 3193.Dq Li NO 3194by default. 3195When set to 3196.Dq Li YES , 3197sets 3198.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3199to 3200.Dq Li YES 3201by default for every jail in 3202.Va jail_list . 3203.It Va jail_devfs_ruleset 3204.Pq Vt str 3205Unset by default. 3206When set, sets 3207.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3208to given value for every jail in 3209.Va jail_list . 3210.It Va jail_devfs_enable 3211.Pq Vt bool 3212Set to 3213.Dq Li NO 3214by default. 3215When set to 3216.Dq Li YES , 3217sets 3218.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3219to 3220.Dq Li YES 3221by default for every jail in 3222.Va jail_list . 3223.It Va jail_fdescfs_enable 3224.Pq Vt bool 3225Set to 3226.Dq Li NO 3227by default. 3228When set to 3229.Dq Li YES , 3230sets 3231.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3232to 3233.Dq Li YES 3234by default for every jail in 3235.Va jail_list . 3236.It Va jail_procfs_enable 3237.Pq Vt bool 3238Set to 3239.Dq Li NO 3240by default. 3241When set to 3242.Dq Li YES , 3243sets 3244.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3245to 3246.Dq Li YES 3247by default for every jail in 3248.Va jail_list . 3249.It Va jail_exec_start 3250.Pq Vt str 3251Unset by default. 3252When set, use as default value for 3253.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3254for every jail in 3255.Va jail_list . 3256.It Va jail_exec_afterstart Ns Aq Ar N 3257.Pq Vt str 3258Unset by default. 3259When set, use as default value for 3260.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3261for every jail in 3262.Va jail_list . 3263.It Va jail_exec_stop 3264Unset by default. 3265When set, use as default value for 3266.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3267for every jail in 3268.Va jail_list . 3269.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3270.Pq Vt str 3271Unset by default. 3272Set to the root directory used by jail 3273.Va jname . 3274.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3275.Pq Vt str 3276Unset by default. 3277Set to the fully qualified domain name (FQDN) assigned to jail 3278.Va jname . 3279.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3280.Pq Vt str 3281Unset by default. 3282Set to the IP address assigned to jail 3283.Va jname . 3284.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3285.Pq Vt str 3286Set to 3287.Dq Li -l -U root 3288by default. 3289These are flags to pass to 3290.Xr jail . 3291.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3292.Pq Vt str 3293Unset by default. 3294When set, sets the interface to use when setting IP address alias. 3295Note that the alias is created at jail startup and removed at jail shutdown. 3296.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3297.Pq Vt str 3298Set to 3299.Pa /etc/fstab. Ns Aq Ar jname 3300by default. 3301This is the file system information file to use for jail 3302.Va jname . 3303.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3304.Pq Vt bool 3305Set to 3306.Dq Li NO 3307by default. 3308When set to 3309.Dq Li YES , 3310mount all file systems from 3311.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3312at jail startup. 3313.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3314.Pq Vt str 3315Unset by default. 3316When set, defines the device file system ruleset file to use for jail 3317.Va jname . 3318.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3319.Pq Vt bool 3320Set to 3321.Dq Li NO 3322by default. 3323When set to 3324.Dq Li YES , 3325mount the device file system inside jail 3326.Ar jname 3327at jail startup. 3328.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3329.Pq Vt bool 3330Set to 3331.Dq Li NO 3332by default. 3333When set to 3334.Dq Li YES , 3335mount the file-descriptor file system inside jail 3336.Ar jname 3337at jail startup. 3338.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3339.Pq Vt bool 3340Set to 3341.Dq Li NO 3342by default. 3343When set to 3344.Dq Li YES , 3345mount the process file system inside jail 3346.Ar jname 3347at jail startup. 3348.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3349.Pq Vt str 3350Set to 3351.Dq Li /bin/sh /etc/rc 3352by default. 3353This is the command executed at jail startup. 3354.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3355.Pq Vt str 3356Unset by default. 3357This is the command run as 3358.Ar N Ns 3359th command 3360after jail startup, where 3361.Ar N 3362is 1, 2, and so on. 3363.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3364.Pq Vt str 3365Set to 3366.Dq Li /bin/sh /etc/rc.shutdown 3367by default. 3368This is the command executed at jail shutdown. 3369.It Va jail_set_hostname_allow 3370.Pq Vt bool 3371If set to 3372.Dq Li NO , 3373do not allow the root user in a jail to set its hostname. 3374.It Va jail_socket_unixiproute_only 3375.Pq Vt bool 3376If set to 3377.Dq Li YES , 3378do not allow any sockets, 3379besides UNIX/IP/route sockets, 3380to be used within a jail. 3381.It Va jail_sysvipc_allow 3382.Pq Vt bool 3383If set to 3384.Dq Li YES , 3385allow applications within a jail to use System V IPC. 3386.\" ----- ISDN settings --------------------------------- 3387.It Va isdn_enable 3388.Pq Vt bool 3389Set to 3390.Dq Li NO 3391by default. 3392When set to 3393.Dq Li YES , 3394starts the 3395.Xr isdnd 8 3396daemon 3397at system boot time. 3398.It Va isdn_flags 3399.Pq Vt str 3400Set to 3401.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9 3402by default. 3403Additional flags to pass to 3404.Xr isdnd 8 3405(but see 3406.Va isdn_fsdev 3407and 3408.Va isdn_ttype 3409for certain tunable parameters). 3410.It Va isdn_ttype 3411.Pq Vt str 3412Set to 3413.Dq Li cons25 3414by default. 3415The terminal type of the output device when 3416.Xr isdnd 8 3417operates in full-screen mode. 3418.It Va isdn_screenflags 3419.Pq Vt str 3420Set to 3421.Dq Li NO 3422by default. 3423The video mode for full-screen mode (only for 3424.Xr syscons 4 3425console driver, see 3426.Xr vidcontrol 1 3427for valid modes). 3428.It Va isdn_fsdev 3429.Pq Vt str 3430Set to 3431.Dq Li NO 3432by default. 3433The output device for 3434.Xr isdnd 8 3435in full-screen mode (or 3436.Dq Li NO 3437for daemon mode). 3438.It Va isdn_trace 3439.Pq Vt bool 3440Set to 3441.Dq Li NO 3442by default. 3443When set to 3444.Dq Li YES , 3445enables the ISDN protocol trace utility 3446.Xr isdntrace 8 3447at system boot time. 3448.It Va isdn_traceflags 3449.Pq Vt str 3450Set to 3451.Dq Fl f Pa /var/tmp/isdntrace0 3452by default. 3453Flags for 3454.Xr isdntrace 8 . 3455.\" ----------------------------------------------------- 3456.It Va harvest_interrupt 3457.Pq Vt bool 3458Set to 3459.Dq Li YES 3460to use hardware interrupts as an entropy source. 3461Refer to 3462.Xr random 4 3463for more information. 3464.It Va harvest_ethernet 3465.Pq Vt bool 3466Set to 3467.Dq Li YES 3468to use LAN traffic as an entropy source. 3469Refer to 3470.Xr random 4 3471for more information. 3472.It Va harvest_p_to_p 3473.Pq Vt bool 3474Set to 3475.Dq Li YES 3476to use serial line traffic as an entropy source. 3477Refer to 3478.Xr random 4 3479for more information. 3480.It Va entropy_dir 3481.Pq Vt str 3482Set to 3483.Dq Li NO 3484to disable caching entropy via 3485.Xr cron 8 . 3486Otherwise set to the directory used to store entropy files in. 3487.It Va entropy_file 3488.Pq Vt str 3489Set to 3490.Dq Li NO 3491to disable caching entropy through reboots. 3492Otherwise set to the filename used to store cached entropy through 3493reboots. 3494This file should be located on the root file system to seed the 3495.Xr random 4 3496device as early as possible in the boot process. 3497.It Va entropy_save_sz 3498.Pq Vt int 3499Size of the entropy cache files saved by 3500.Nm save-entropy 3501periodically. 3502.It Va entropy_save_num 3503.Pq Vt int 3504Number of entropy cache files to save by 3505.Nm save-entropy 3506periodically. 3507.It Va ipsec_enable 3508.Pq Vt bool 3509Set to 3510.Dq Li YES 3511to run 3512.Xr setkey 8 3513on 3514.Va ipsec_file 3515at boot time. 3516.It Va ipsec_file 3517.Pq Vt str 3518Configuration file for 3519.Xr setkey 8 . 3520.It Va dmesg_enable 3521.Pq Vt bool 3522Set to 3523.Dq Li YES 3524to save 3525.Xr dmesg 8 3526to 3527.Pa /var/run/dmesg.boot 3528on boot. 3529.It Va rcshutdown_timeout 3530.Pq Vt int 3531If set, start a watchdog timer in the background which will terminate 3532.Pa rc.shutdown 3533if 3534.Xr shutdown 8 3535has not completed within the specified time (in seconds). 3536Notice that in addition to this soft timeout, 3537.Xr init 8 3538also applies a hard timeout for the execution of 3539.Pa rc.shutdown . 3540This is configured via 3541.Xr sysctl 8 3542variable 3543.Va kern.init_shutdown_timeout 3544and defaults to 120 seconds. 3545Setting the value of 3546.Va rcshutdown_timeout 3547to more than 120 seconds will have no effect until the 3548.Xr sysctl 8 3549variable 3550.Va kern.init_shutdown_timeout 3551is also increased. 3552.It Va virecover_enable 3553.Pq Vt bool 3554Set to 3555.Dq Li NO 3556to prevent the system from trying to 3557recover pre-maturely terminated 3558.Xr vi 1 3559sessions. 3560.It Va ugidfw_enable 3561.Pq Vt bool 3562Set to 3563.Dq Li YES 3564to load the 3565.Xr mac_bsdextended 4 3566module upon system initialization and load a default 3567ruleset file. 3568.It Va bsdextended_script 3569.Pq Vt str 3570The default 3571.Xr mac_bsdextended 4 3572ruleset file to load. 3573The default value of this variable is 3574.Pa /etc/rc.bsdextended . 3575.It Va newsyslog_enable 3576.Pq Vt bool 3577If set to 3578.Dq Li YES , 3579run 3580.Xr newsyslog 8 3581command at startup. 3582.It Va newsyslog_flags 3583.Pq Vt str 3584If 3585.Va newsyslog_enable 3586is set to 3587.Dq Li YES , 3588these are the flags to pass to the 3589.Xr newsyslog 8 3590program. 3591The default is 3592.Dq Li -CN , 3593which causes log files flagged with a 3594.Cm C 3595to be created. 3596.It Va mdconfig_md Ns Aq Ar X 3597.Pq Vt str 3598Arguments to 3599.Xr mdconfig 8 3600for 3601.Xr md 4 3602device 3603.Ar X . 3604At minimum a 3605.Fl t Ar type 3606must be specified and either a 3607.Fl s Ar size 3608for malloc or swap backed 3609.Xr md 4 3610devices or a 3611.Fl f Ar file 3612for vnode backed 3613.Xr md 4 3614devices. 3615Note that 3616.Va mdconfig_md Ns Aq Ar X 3617variables are evaluated until one variable is unset or null. 3618.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3619.Pq Vt str 3620Optional arguments passed to 3621.Xr newfs 8 3622to initialize 3623.Xr md 4 3624device 3625.Ar X . 3626.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3627.Pq Vt str 3628An ownership specification passed to 3629.Xr chown 8 3630after the specified 3631.Xr md 4 3632device 3633.Ar X 3634has been mounted. 3635Both the 3636.Xr md 4 3637device and the mount point will be changed. 3638.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3639.Pq Vt str 3640A mode string passed to 3641.Xr chmod 1 3642after the specified 3643.Xr md 4 3644device 3645.Ar X 3646has been mounted. 3647Both the 3648.Xr md 4 3649device and the mount point will be changed. 3650.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3651.Pq Vt str 3652Files to be copied to the mount point of the 3653.Xr md 4 3654device 3655.Ar X 3656after it has been mounted. 3657.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3658.Pq Vt str 3659Command to execute after the specified 3660.Xr md 4 3661device 3662.Ar X 3663has been mounted. 3664Note that the command is passed to 3665.Ic eval 3666and that both 3667.Va _dev 3668and 3669.Va _mp 3670variables can be used to reference respectively the 3671.Xr md 4 3672device and the mount point. 3673Assuming that the 3674.Xr md 4 3675device is 3676.Li md0 , 3677one could set the following: 3678.Bd -literal 3679mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3680.Ed 3681.It Va ramdisk_units 3682.Pq Vt str 3683A list of one or more ramdisk units to configure with 3684.Xr mdconfig 8 3685and 3686.Xr newfs 8 3687in time to be mounted from 3688.Xr fstab 5 . 3689Each listed unit 3690.Ar X 3691must specify at least a 3692.Ar type 3693in a 3694.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3695variable. 3696Note that this way to configure ramdisks has been deprecated 3697in favor of new 3698.Va mdconfig_md* 3699variables (see above). 3700.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3701.Pq Vt str 3702Arguments to 3703.Xr mdconfig 8 3704for ramdisk 3705.Ar X . 3706At minimum a 3707.Fl t Ar type 3708must be specified, where 3709.Ar type 3710must be one of 3711.Cm malloc 3712or 3713.Cm swap . 3714.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3715.Pq Vt str 3716Optional arguments passed to 3717.Xr newfs 8 3718to initialize ramdisk 3719.Ar X . 3720.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3721.Pq Vt str 3722An ownership specification passed to 3723.Xr chown 8 3724after the specified ramdisk unit 3725.Ar X 3726has been mounted. 3727Both the 3728.Xr md 4 3729device and the mount point will be changed. 3730.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3731.Pq Vt str 3732A mode string passed to 3733.Xr chmod 1 3734after the specified ramdisk unit 3735.Ar X 3736has been mounted. 3737Both the 3738.Xr md 4 3739device and the mount point will be changed. 3740.It Va autobridge_interfaces 3741.Pq Vt str 3742Set to the list of bridge interfaces that will have newly arriving interfaces 3743checked against to be automatically added. 3744If not set to 3745.Dq Li NO 3746then for each whitespace separated 3747.Ar element 3748in the value, a 3749.Va autobridge_ Ns Aq Ar element 3750variable is assumed to exist which has a whitespace separated list of interface 3751names to match, these names can use wildcards. 3752For example: 3753.Bd -literal 3754autobridge_interfaces="bridge0" 3755autobridge_bridge0="tap* dc0 vlan[345]" 3756.Ed 3757.It Va mixer_enable 3758.Pq Vt bool 3759If set to 3760.Dq Li YES , 3761enable support for sound mixer. 3762.El 3763.Sh FILES 3764.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 3765.It Pa /etc/defaults/rc.conf 3766.It Pa /etc/rc.conf 3767.It Pa /etc/rc.conf.local 3768.El 3769.Sh SEE ALSO 3770.Xr catman 1 , 3771.Xr chmod 1 , 3772.Xr gdb 1 , 3773.Xr info 1 , 3774.Xr kbdcontrol 1 , 3775.Xr makewhatis 1 , 3776.Xr sh 1 , 3777.Xr vi 1 , 3778.Xr vidcontrol 1 , 3779.Xr bridge 4 , 3780.Xr ip 4 , 3781.Xr ipf 4 , 3782.Xr ipfw 4 , 3783.Xr ipnat 4 , 3784.Xr kld 4 , 3785.Xr pf 4 , 3786.Xr pflog 4 , 3787.Xr pfsync 4 , 3788.Xr tcp 4 , 3789.Xr udp 4 , 3790.Xr exports 5 , 3791.Xr fstab 5 , 3792.Xr ipf 5 , 3793.Xr ipnat 5 , 3794.Xr motd 5 , 3795.Xr newsyslog.conf 5 , 3796.Xr pf.conf 5 , 3797.Xr accton 8 , 3798.Xr amd 8 , 3799.Xr apm 8 , 3800.Xr atm 8 , 3801.Xr chkprintcap 8 , 3802.Xr chown 8 , 3803.Xr cron 8 , 3804.Xr dhclient 8 , 3805.Xr ftpd 8 , 3806.Xr geli 8 , 3807.Xr ifconfig 8 , 3808.Xr inetd 8 , 3809.Xr ipf 8 , 3810.Xr ipfw 8 , 3811.Xr ipnat 8 , 3812.Xr isdnd 8 , 3813.Xr isdntrace 8 , 3814.Xr jail 8 , 3815.Xr kldxref 8 , 3816.Xr lpd 8 , 3817.Xr mdconfig 8 , 3818.Xr mdmfs 8 , 3819.Xr mixer 8 , 3820.Xr mountd 8 , 3821.Xr moused 8 , 3822.Xr mrouted 8 , 3823.Xr named 8 , 3824.Xr newfs 8 , 3825.Xr newsyslog 8 , 3826.Xr nfsd 8 , 3827.Xr ntpd 8 , 3828.Xr ntpdate 8 , 3829.Xr pfctl 8 , 3830.Xr pflogd 8 , 3831.Xr powerd 8 , 3832.Xr quotacheck 8 , 3833.Xr quotaon 8 , 3834.Xr rc 8 , 3835.Xr rc.sendmail 8 , 3836.Xr route 8 , 3837.Xr routed 8 , 3838.Xr rpcbind 8 , 3839.Xr rpc.lockd 8 , 3840.Xr rpc.statd 8 , 3841.Xr rwhod 8 , 3842.Xr savecore 8 , 3843.Xr sshd 8 , 3844.Xr swapon 8 , 3845.Xr sysctl 8 , 3846.Xr syslogd 8 , 3847.Xr timed 8 , 3848.Xr yp 8 , 3849.Xr ypbind 8 , 3850.Xr ypserv 8 , 3851.Xr ypset 8 3852.Sh HISTORY 3853The 3854.Nm 3855file appeared in 3856.Fx 2.2.2 . 3857.Sh AUTHORS 3858.An Jordan K. Hubbard . 3859