1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd June 8, 2020 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _user 196.Pq Vt str 197Run the service under this user account. 198.It Ao Ar name Ac Ns Va _group 199.Pq Vt str 200Run the chrooted service under this system group. 201Unlike the _user 202setting, this setting has no effect if the service is not chrooted. 203.It Ao Ar name Ac Ns Va _fib 204.Pq Vt int 205The 206.Xr setfib 1 207value to run the service under. 208.It Ao Ar name Ac Ns Va _nice 209.Pq Vt int 210The 211.Xr nice 1 212value to run the service under. 213.It Va apm_enable 214.Pq Vt bool 215If set to 216.Dq Li YES , 217enable support for Automatic Power Management with 218the 219.Xr apm 8 220command. 221.It Va apmd_enable 222.Pq Vt bool 223Run 224.Xr apmd 8 225to handle APM event from userland. 226This also enables support for APM. 227.It Va apmd_flags 228.Pq Vt str 229If 230.Va apmd_enable 231is set to 232.Dq Li YES , 233these are the flags to pass to the 234.Xr apmd 8 235daemon. 236.It Va devd_enable 237.Pq Vt bool 238Run 239.Xr devd 8 240to handle device added, removed or unknown events from the kernel. 241.It Va ddb_enable 242.Pq Vt bool 243Run 244.Xr ddb 8 245to install 246.Xr ddb 4 247scripts at boot time. 248.It Va ddb_config 249.Pq Vt str 250Configuration file for 251.Xr ddb 8 . 252Default 253.Pa /etc/ddb.conf . 254.It Va kld_list 255.Pq Vt str 256A whitespace-separated list of kernel modules to load right after 257the local disks are mounted, without any 258.Pa .ko 259extension or path. 260Loading modules at this point in the boot process is 261much faster than doing it via 262.Pa /boot/loader.conf 263for those modules not necessary for mounting local disks. 264.It Va kldxref_enable 265.Pq Vt bool 266Set to 267.Dq Li NO 268by default. 269Set to 270.Dq Li YES 271to automatically rebuild 272.Pa linker.hints 273files with 274.Xr kldxref 8 275at boot time. 276.It Va kldxref_clobber 277.Pq Vt bool 278Set to 279.Dq Li NO 280by default. 281If 282.Va kldxref_enable 283is true, 284setting to 285.Dq Li YES 286will overwrite existing 287.Pa linker.hints 288files at boot time. 289Otherwise, 290only missing 291.Pa linker.hints 292files are generated. 293.It Va kldxref_module_path 294.Pq Vt str 295Empty by default. 296A semi-colon 297.Pq Ql \&; 298delimited list of paths containing 299.Xr kld 4 300modules. 301If empty, 302the contents of the 303.Va kern.module_path 304.Xr sysctl 8 305are used. 306.It Va powerd_enable 307.Pq Vt bool 308If set to 309.Dq Li YES , 310enable the system power control facility with the 311.Xr powerd 8 312daemon. 313.It Va powerd_flags 314.Pq Vt str 315If 316.Va powerd_enable 317is set to 318.Dq Li YES , 319these are the flags to pass to the 320.Xr powerd 8 321daemon. 322.It Va tmpmfs 323Controls the creation of a 324.Pa /tmp 325memory file system. 326Always happens if set to 327.Dq Li YES 328and never happens if set to 329.Dq Li NO . 330If set to anything else, a memory file system is created if 331.Pa /tmp 332is not writable. 333.It Va tmpsize 334Controls the size of a created 335.Pa /tmp 336memory file system. 337.It Va tmpmfs_flags 338Extra options passed to the 339.Xr mdmfs 8 340utility when the memory file system for 341.Pa /tmp 342is created. 343The default is 344.Dq Li "-S" , 345which inhibits the use of softupdates on 346.Pa /tmp 347so that file system space is freed without delay 348after file truncation or deletion. 349See 350.Xr mdmfs 8 351for other options you can use in 352.Va tmpmfs_flags . 353.It Va varmfs 354Controls the creation of a 355.Pa /var 356memory file system. 357Always happens if set to 358.Dq Li YES 359and never happens if set to 360.Dq Li NO . 361If set to anything else, a memory file system is created if 362.Pa /var 363is not writable. 364.It Va varsize 365Controls the size of a created 366.Pa /var 367memory file system. 368.It Va varmfs_flags 369Extra options passed to the 370.Xr mdmfs 8 371utility when the memory file system for 372.Pa /var 373is created. 374The default is 375.Dq Li "-S" , 376which inhibits the use of softupdates on 377.Pa /var 378so that file system space is freed without delay 379after file truncation or deletion. 380See 381.Xr mdmfs 8 382for other options you can use in 383.Va varmfs_flags . 384.It Va populate_var 385Controls the automatic population of the 386.Pa /var 387file system. 388Always happens if set to 389.Dq Li YES 390and never happens if set to 391.Dq Li NO . 392If set to anything else, a memory file system is created if 393.Pa /var 394is not writable. 395Note that this process requires access to certain commands in 396.Pa /usr 397before 398.Pa /usr 399is mounted on normal systems. 400.It Va cleanvar_enable 401.Pq Vt bool 402Clean the 403.Pa /var 404directory. 405.It Va local_startup 406.Pq Vt str 407List of directories to search for startup script files. 408.It Va script_name_sep 409.Pq Vt str 410The field separator to use for breaking down the list of startup script files 411into individual filenames. 412The default is a space. 413It is not necessary to change this unless there are startup scripts with names 414containing spaces. 415.It Va hostapd_enable 416.Pq Vt bool 417Set to 418.Dq Li YES 419to start 420.Xr hostapd 8 421at system boot time. 422.It Va hostname 423.Pq Vt str 424The fully qualified domain name (FQDN) of this host on the network. 425This should almost certainly be set to something meaningful, even if 426there is no network connection. 427If 428.Xr dhclient 8 429is used to set the hostname via DHCP, 430this variable should be set to an empty string. 431Within a 432.Xr jail 8 433the hostname is generally already set and this variable may be absent. 434If this value remains unset when the system is done booting 435your console login will display the default hostname of 436.Dq Amnesiac . 437.It Va nisdomainname 438.Pq Vt str 439The NIS domain name of this host, or 440.Dq Li NO 441if NIS is not used. 442.It Va dhclient_program 443.Pq Vt str 444Path to the DHCP client program 445.Pa ( /sbin/dhclient , 446the 447.Ox 448DHCP client, 449is the default). 450.It Va dhclient_flags 451.Pq Vt str 452Additional flags to pass to the DHCP client program. 453For the 454.Ox 455DHCP client, see the 456.Xr dhclient 8 457manpage for a description of the command line options available. 458.It Va dhclient_flags_ Ns Aq Ar iface 459Additional flags to pass to the DHCP client program running on 460.Ar iface 461only. 462When specified, this variable overrides 463.Va dhclient_flags . 464.It Va background_dhclient 465.Pq Vt bool 466Set to 467.Dq Li YES 468to start the DHCP client in background. 469This can cause trouble with applications depending on 470a working network, but it will provide a faster startup 471in many cases. 472.It Va background_dhclient_ Ns Aq Ar iface 473When specified, this variable overrides the 474.Va background_dhclient 475variable for interface 476.Ar iface 477only. 478.It Va synchronous_dhclient 479.Pq Vt bool 480Set to 481.Dq Li YES 482to start 483.Xr dhclient 8 484synchronously at startup. 485This behavior can be overridden on a per-interface basis by replacing 486the 487.Dq Li DHCP 488keyword in the 489.Va ifconfig_ Ns Aq Ar interface 490variable with 491.Dq Li SYNCDHCP 492or 493.Dq Li NOSYNCDHCP . 494.It Va defaultroute_delay 495.Pq Vt int 496When set to a positive value, wait up to this long after configuring 497DHCP interfaces at startup to give the interfaces time to receive a lease. 498.It Va firewall_enable 499.Pq Vt bool 500Set to 501.Dq Li YES 502to load firewall rules at startup. 503If the kernel was not built with 504.Cd "options IPFIREWALL" , 505the 506.Pa ipfw.ko 507kernel module will be loaded. 508See also 509.Va ipfilter_enable . 510.It Va firewall_script 511.Pq Vt str 512This variable specifies the full path to the firewall script to run. 513The default is 514.Pa /etc/rc.firewall . 515.It Va firewall_type 516.Pq Vt str 517Names the firewall type from the selection in 518.Pa /etc/rc.firewall , 519or the file which contains the local firewall ruleset. 520Valid selections from 521.Pa /etc/rc.firewall 522are: 523.Pp 524.Bl -tag -width ".Li simple" -compact 525.It Li open 526unrestricted IP access 527.It Li closed 528all IP services disabled, except via 529.Dq Li lo0 530.It Li client 531basic protection for a workstation 532.It Li simple 533basic protection for a LAN. 534.El 535.Pp 536If a filename is specified, the full path 537must be given. 538.It Va firewall_quiet 539.Pq Vt bool 540Set to 541.Dq Li YES 542to disable the display of firewall rules on the console during boot. 543.It Va firewall_logging 544.Pq Vt bool 545Set to 546.Dq Li YES 547to enable firewall event logging. 548This is equivalent to the 549.Dv IPFIREWALL_VERBOSE 550kernel option. 551.It Va firewall_logif 552.Pq Vt bool 553Set to 554.Dq Li YES 555to create pseudo interface 556.Li ipfw0 557for logging. 558For more details, see 559.Xr ipfw 8 560manual page. 561.It Va firewall_flags 562.Pq Vt str 563Flags passed to 564.Xr ipfw 8 565if 566.Va firewall_type 567specifies a filename. 568.It Va firewall_coscripts 569.Pq Vt str 570List of executables and/or rc scripts to run after firewall starts/stops. 571Default is empty. 572.\" ----- firewall_nat_enable setting -------------------------------- 573.It Va firewall_nat_enable 574.Pq Vt bool 575The 576.Xr ipfw 8 577equivalent of 578.Va natd_enable . 579Setting this to 580.Dq Li YES 581will automatically load the 582.Xr ipfw 8 583NAT kernel module if 584.Va firewall_enable 585is also set to 586.Dq Li YES . 587.It Va firewall_nat_interface 588.Pq Vt str 589The 590.Xr ipfw 8 591equivalent of 592.Va natd_interface . 593This is the name of the public interface or IP address on which 594kernel NAT should run. 595.It Va firewall_nat_flags 596.Pq Vt str 597Additional configuration parameters for kernel NAT should be placed here. 598.It Va firewall_nat64_enable 599.Pq Vt bool 600Setting this to 601.Dq Li YES 602will automatically load the 603.Xr ipfw 8 604NAT64 kernel module if 605.Va firewall_enable 606is also set to 607.Dq Li YES . 608.It Va firewall_nptv6_enable 609.Pq Vt bool 610Setting this to 611.Dq Li YES 612will automatically load the 613.Xr ipfw 8 614NPTv6 kernel module if 615.Va firewall_enable 616is also set to 617.Dq Li YES . 618.It Va firewall_pmod_enable 619.Pq Vt bool 620Setting this to 621.Dq Li YES 622will automatically load the 623.Xr ipfw 8 624pmod kernel module if 625.Va firewall_enable 626is also set to 627.Dq Li YES . 628.It Va dummynet_enable 629.Pq Vt bool 630Setting this to 631.Dq Li YES 632will automatically load the 633.Xr dummynet 4 634module if 635.Va firewall_enable 636is also set to 637.Dq Li YES . 638.\" ------------------------------------------------------------------- 639.It Va ipfw_netflow_enable 640.Pq Vt bool 641Setting this to 642.Dq Li YES 643will enable netflow logging via 644.Xr ng_netflow 4 645.Pp 646By default a ipfw rule is inserted and all packets are duplicated with 647the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 648port using protocol version 5. 649.It Va ipfw_netflow_hook 650.Pq Vt int 651netflow hook name, must be numerical 652(default 653.Pa 9995 ) . 654.It Va ipfw_netflow_rule 655.Pq Vt int 656ipfw rule number 657(default 658.Pa 1000 ) . 659.It Va ipfw_netflow_ip 660.Pq Vt str 661Destination server ip for receiving netflow data 662(default 663.Pa 127.0.0.1 ) . 664.It Va ipfw_netflow_port 665.Pq Vt int 666Destination server port for receiving netflow data 667(default 668.Pa 9995 ) . 669.It Va ipfw_netflow_version 670.Pq Vt int 671Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 672.It Va ipfw_netflow_fib 673.Pq Vt int 674Only match packet in FIB 675.Pa ipfw_netflow_fib 676(default is undefined meaning all FIBs). 677.It Va natd_program 678.Pq Vt str 679Path to 680.Xr natd 8 . 681.It Va natd_enable 682.Pq Vt bool 683Set to 684.Dq Li YES 685to enable 686.Xr natd 8 . 687.Va firewall_enable 688must also be set to 689.Dq Li YES , 690and 691.Xr divert 4 692sockets must be enabled in the kernel. 693If the kernel was not built with 694.Cd "options IPDIVERT" , 695the 696.Pa ipdivert.ko 697kernel module will be loaded. 698.It Va natd_interface 699.Pq Vt str 700This is the name of the public interface on which 701.Xr natd 8 702should run. 703The interface may be given as an interface name or as an IP address. 704.It Va natd_flags 705.Pq Vt str 706Additional 707.Xr natd 8 708flags should be placed here. 709The 710.Fl n 711or 712.Fl a 713flag is automatically added with the above 714.Va natd_interface 715as an argument. 716.\" ----- ipfilter_enable setting -------------------------------- 717.It Va ipfilter_enable 718.Pq Vt bool 719Set to 720.Dq Li NO 721by default. 722Setting this to 723.Dq Li YES 724enables 725.Xr ipf 8 726packet filtering. 727.Pp 728Typical usage will require putting 729.Bd -literal 730ipfilter_enable="YES" 731ipnat_enable="YES" 732ipmon_enable="YES" 733ipfs_enable="YES" 734.Ed 735.Pp 736into 737.Pa /etc/rc.conf 738and editing 739.Pa /etc/ipf.rules 740and 741.Pa /etc/ipnat.rules 742appropriately. 743.Pp 744Note that 745.Va ipfilter_enable 746and 747.Va ipnat_enable 748can be enabled independently. 749.Va ipmon_enable 750and 751.Va ipfs_enable 752both require at least one of 753.Va ipfilter_enable 754and 755.Va ipnat_enable 756to be enabled. 757.Pp 758Having 759.Bd -literal 760options IPFILTER 761options IPFILTER_LOG 762options IPFILTER_DEFAULT_BLOCK 763.Ed 764.Pp 765in the kernel configuration file is a good idea, too. 766.\" ----- ipfilter_program setting ------------------------------ 767.It Va ipfilter_program 768.Pq Vt str 769Path to 770.Xr ipf 8 771(default 772.Pa /sbin/ipf ) . 773.\" ----- ipfilter_rules setting -------------------------------- 774.It Va ipfilter_rules 775.Pq Vt str 776Set to 777.Pa /etc/ipf.rules 778by default. 779This variable contains the name of the filter rule definition file. 780The file is expected to be readable for the 781.Xr ipf 8 782command to execute. 783.\" ----- ipv6_ipfilter_rules setting --------------------------- 784.It Va ipv6_ipfilter_rules 785.Pq Vt str 786Set to 787.Pa /etc/ipf6.rules 788by default. 789This variable contains the IPv6 filter rule definition file. 790The file is expected to be readable for the 791.Xr ipf 8 792command to execute. 793.\" ----- ipfilter_flags setting -------------------------------- 794.It Va ipfilter_flags 795.Pq Vt str 796Empty by default. 797This variable contains flags passed to the 798.Xr ipf 8 799program. 800.\" ----- ipnat_enable setting ---------------------------------- 801.It Va ipnat_enable 802.Pq Vt bool 803Set to 804.Dq Li NO 805by default. 806Set it to 807.Dq Li YES 808to enable 809.Xr ipnat 8 810network address translation. 811See 812.Va ipfilter_enable 813for a detailed discussion. 814.\" ----- ipnat_program setting --------------------------------- 815.It Va ipnat_program 816.Pq Vt str 817Path to 818.Xr ipnat 8 819(default 820.Pa /sbin/ipnat ) . 821.\" ----- ipnat_rules setting ----------------------------------- 822.It Va ipnat_rules 823.Pq Vt str 824Set to 825.Pa /etc/ipnat.rules 826by default. 827This variable contains the name of the file 828holding the network address translation definition. 829This file is expected to be readable for the 830.Xr ipnat 8 831command to execute. 832.\" ----- ipnat_flags setting ----------------------------------- 833.It Va ipnat_flags 834.Pq Vt str 835Empty by default. 836This variable contains flags passed to the 837.Xr ipnat 8 838program. 839.\" ----- ipmon_enable setting ---------------------------------- 840.It Va ipmon_enable 841.Pq Vt bool 842Set to 843.Dq Li NO 844by default. 845Set it to 846.Dq Li YES 847to enable 848.Xr ipmon 8 849monitoring (logging 850.Xr ipf 8 851and 852.Xr ipnat 8 853events). 854Setting this variable needs setting 855.Va ipfilter_enable 856or 857.Va ipnat_enable 858too. 859See 860.Va ipfilter_enable 861for a detailed discussion. 862.\" ----- ipmon_program setting --------------------------------- 863.It Va ipmon_program 864.Pq Vt str 865Path to 866.Xr ipmon 8 867(default 868.Pa /sbin/ipmon ) . 869.\" ----- ipmon_flags setting ----------------------------------- 870.It Va ipmon_flags 871.Pq Vt str 872Set to 873.Dq Li -Ds 874by default. 875This variable contains flags passed to the 876.Xr ipmon 8 877program. 878Another typical example would be 879.Dq Fl D Pa /var/log/ipflog 880to have 881.Xr ipmon 8 882log directly to a file bypassing 883.Xr syslogd 8 . 884Make sure to adjust 885.Pa /etc/newsyslog.conf 886in such case like this: 887.Bd -literal 888/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 889.Ed 890.\" ----- ipfs_enable setting ----------------------------------- 891.It Va ipfs_enable 892.Pq Vt bool 893Set to 894.Dq Li NO 895by default. 896Set it to 897.Dq Li YES 898to enable 899.Xr ipfs 8 900saving the filter and NAT state tables during shutdown 901and reloading them during startup again. 902Setting this variable needs setting 903.Va ipfilter_enable 904or 905.Va ipnat_enable 906to 907.Dq Li YES 908too. 909See 910.Va ipfilter_enable 911for a detailed discussion. 912Note that if 913.Va kern_securelevel 914is set to 3, 915.Va ipfs_enable 916cannot be used 917because the raised securelevel will prevent 918.Xr ipfs 8 919from saving the state tables at shutdown time. 920.\" ----- ipfs_program setting ---------------------------------- 921.It Va ipfs_program 922.Pq Vt str 923Path to 924.Xr ipfs 8 925(default 926.Pa /sbin/ipfs ) . 927.\" ----- ipfs_flags setting ------------------------------------ 928.It Va ipfs_flags 929.Pq Vt str 930Empty by default. 931This variable contains flags passed to the 932.Xr ipfs 8 933program. 934.\" ----- end of added ipf hook --------------------------------- 935.It Va pf_enable 936.Pq Vt bool 937Set to 938.Dq Li NO 939by default. 940Setting this to 941.Dq Li YES 942enables 943.Xr pf 4 944packet filtering. 945.Pp 946Typical usage will require putting 947.Pp 948.Dl pf_enable="YES" 949.Pp 950into 951.Pa /etc/rc.conf 952and editing 953.Pa /etc/pf.conf 954appropriately. 955Adding 956.Pp 957.Dl "device pf" 958.Pp 959builds support for 960.Xr pf 4 961into the kernel, otherwise the 962kernel module will be loaded. 963.It Va pf_rules 964.Pq Vt str 965Path to 966.Xr pf 4 967ruleset configuration file 968(default 969.Pa /etc/pf.conf ) . 970.It Va pf_program 971.Pq Vt str 972Path to 973.Xr pfctl 8 974(default 975.Pa /sbin/pfctl ) . 976.It Va pf_flags 977.Pq Vt str 978If 979.Va pf_enable 980is set to 981.Dq Li YES , 982these flags are passed to the 983.Xr pfctl 8 984program when loading the ruleset. 985.It Va pflog_enable 986.Pq Vt bool 987Set to 988.Dq Li NO 989by default. 990Setting this to 991.Dq Li YES 992enables 993.Xr pflogd 8 994which logs packets from the 995.Xr pf 4 996packet filter. 997.It Va pflog_logfile 998.Pq Vt str 999If 1000.Va pflog_enable 1001is set to 1002.Dq Li YES 1003this controls where 1004.Xr pflogd 8 1005stores the logfile 1006(default 1007.Pa /var/log/pflog ) . 1008Check 1009.Pa /etc/newsyslog.conf 1010to adjust logfile rotation for this. 1011.It Va pflog_program 1012.Pq Vt str 1013Path to 1014.Xr pflogd 8 1015(default 1016.Pa /sbin/pflogd ) . 1017.It Va pflog_flags 1018.Pq Vt str 1019Empty by default. 1020This variable contains additional flags passed to the 1021.Xr pflogd 8 1022program. 1023.It Va pflog_instances 1024.Pq Vt str 1025If logging to more than one 1026.Xr pflog 4 1027interface is desired, 1028.Va pflog_instances 1029is set to the list of 1030.Xr pflogd 8 1031instances that should be started at system boot time. 1032If 1033.Va pflog_instances 1034is set, for each whitespace-separated 1035.Ar element 1036in the list, 1037.Ao Ar element Ac Ns Va _dev 1038and 1039.Ao Ar element Ac Ns Va _logfile 1040elements are assumed to exist. 1041.Ao Ar element Ac Ns Va _dev 1042must contain the 1043.Xr pflog 4 1044interface to be watched by the named 1045.Xr pflogd 8 1046instance. 1047.Ao Ar element Ac Ns Va _logfile 1048must contain the name of the logfile that will be used by the 1049.Xr pflogd 8 1050instance. 1051.It Va ftpproxy_enable 1052.Pq Vt bool 1053Set to 1054.Dq Li NO 1055by default. 1056Setting this to 1057.Dq Li YES 1058enables 1059.Xr ftp-proxy 8 1060which supports the 1061.Xr pf 4 1062packet filter in translating ftp connections. 1063.It Va ftpproxy_flags 1064.Pq Vt str 1065Empty by default. 1066This variable contains additional flags passed to the 1067.Xr ftp-proxy 8 1068program. 1069.It Va ftpproxy_instances 1070.Pq Vt str 1071Empty by default. 1072If multiple instances of 1073.Xr ftp-proxy 8 1074are desired at boot time, 1075.Va ftpproxy_instances 1076should contain a whitespace-separated list of instance names. 1077For each 1078.Ar element 1079in the list, a variable named 1080.Ao Ar element Ac Ns Va _flags 1081should be defined, containing the command-line flags to be passed to the 1082.Xr ftp-proxy 8 1083instance. 1084.It Va pfsync_enable 1085.Pq Vt bool 1086Set to 1087.Dq Li NO 1088by default. 1089Setting this to 1090.Dq Li YES 1091enables exposing 1092.Xr pf 4 1093state changes to other hosts over the network by means of 1094.Xr pfsync 4 . 1095The 1096.Va pfsync_syncdev 1097variable 1098must also be set then. 1099.It Va pfsync_syncdev 1100.Pq Vt str 1101Empty by default. 1102This variable specifies the name of the network interface 1103.Xr pfsync 4 1104should operate through. 1105It must be set accordingly if 1106.Va pfsync_enable 1107is set to 1108.Dq Li YES . 1109.It Va pfsync_syncpeer 1110.Pq Vt str 1111Empty by default. 1112This variable is optional. 1113By default, state change messages are sent out on the synchronisation 1114interface using IP multicast packets. 1115The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1116224.0.0.240. 1117When a peer address is specified using the 1118.Va pfsync_syncpeer 1119option, the peer address is used as a destination for the pfsync 1120traffic, and the traffic can then be protected using 1121.Xr ipsec 4 . 1122See the 1123.Xr pfsync 4 1124manpage for more details about using 1125.Xr ipsec 4 1126with 1127.Xr pfsync 4 1128interfaces. 1129.It Va pfsync_ifconfig 1130.Pq Vt str 1131Empty by default. 1132This variable can contain additional options to be passed to the 1133.Xr ifconfig 8 1134command used to set up 1135.Xr pfsync 4 . 1136.It Va tcp_extensions 1137.Pq Vt bool 1138Set to 1139.Dq Li YES 1140by default. 1141Setting this to 1142.Dq Li NO 1143disables certain TCP options as described by 1144.Rs 1145.%T "RFC 1323" 1146.Re 1147Setting this to 1148.Dq Li NO 1149might help remedy such problems with connections as randomly hanging 1150or other weird behavior. 1151Some network devices are known 1152to be broken with respect to these options. 1153.It Va log_in_vain 1154.Pq Vt int 1155Set to 0 by default. 1156The 1157.Xr sysctl 8 1158variables, 1159.Va net.inet.tcp.log_in_vain 1160and 1161.Va net.inet.udp.log_in_vain , 1162as described in 1163.Xr tcp 4 1164and 1165.Xr udp 4 , 1166are set to the given value. 1167.It Va tcp_keepalive 1168.Pq Vt bool 1169Set to 1170.Dq Li YES 1171by default. 1172Setting to 1173.Dq Li NO 1174will disable probing idle TCP connections to verify that the 1175peer is still up and reachable. 1176.It Va tcp_drop_synfin 1177.Pq Vt bool 1178Set to 1179.Dq Li NO 1180by default. 1181Setting to 1182.Dq Li YES 1183will cause the kernel to ignore TCP frames that have both 1184the SYN and FIN flags set. 1185This prevents OS fingerprinting, but may 1186break some legitimate applications. 1187.It Va icmp_drop_redirect 1188.Pq Vt bool 1189Set to 1190.Dq Li AUTO 1191by default. 1192This setting will be identical to 1193.Dq Li YES , 1194if a dynamicrouting daemon is enabled, because redirect processing may 1195cause performance issues for large routing tables. 1196If no such service is enabled, this setting behaves like a 1197.Dq Li NO . 1198Setting to 1199.Dq Li YES 1200will cause the kernel to ignore ICMP REDIRECT packets. 1201Setting to 1202.Dq Li NO 1203will cause the kernel to process ICMP REDIRECT packets. 1204Refer to 1205.Xr icmp 4 1206for more information. 1207.It Va icmp_log_redirect 1208.Pq Vt bool 1209Set to 1210.Dq Li NO 1211by default. 1212Setting to 1213.Dq Li YES 1214will cause the kernel to log ICMP REDIRECT packets. 1215Note that 1216the log messages are not rate-limited, so this option should only be used 1217for troubleshooting networks. 1218Refer to 1219.Xr icmp 4 1220for more information. 1221.It Va icmp_bmcastecho 1222.Pq Vt bool 1223Set to 1224.Dq Li YES 1225to respond to broadcast or multicast ICMP ping packets. 1226Refer to 1227.Xr icmp 4 1228for more information. 1229.It Va ip_portrange_first 1230.Pq Vt int 1231If not set to 1232.Dq Li NO , 1233this is the first port in the default portrange. 1234Refer to 1235.Xr ip 4 1236for more information. 1237.It Va ip_portrange_last 1238.Pq Vt int 1239If not set to 1240.Dq Li NO , 1241this is the last port in the default portrange. 1242Refer to 1243.Xr ip 4 1244for more information. 1245.It Va network_interfaces 1246.Pq Vt str 1247Set to the list of network interfaces to configure on this host or 1248.Dq Li AUTO 1249(the default) for all current interfaces. 1250Setting the 1251.Va network_interfaces 1252variable to anything other than the default is deprecated. 1253Interfaces that the administrator wishes to store configuration for, 1254but not start at boot should be configured with the 1255.Dq Li NOAUTO 1256keyword in their 1257.Va ifconfig_ Ns Aq Ar interface 1258variables as described below. 1259.Pp 1260An 1261.Va ifconfig_ Ns Aq Ar interface 1262variable is also assumed to exist for each value of 1263.Ar interface . 1264When an interface name contains any of the characters 1265.Dq Li .-/+ 1266they are translated to 1267.Dq Li _ 1268before lookup. 1269The variable can contain arguments to 1270.Xr ifconfig 8 , 1271as well as special case-insensitive keywords described below. 1272Such keywords are removed before passing the value to 1273.Xr ifconfig 8 1274while the order of the other arguments is preserved. 1275.Pp 1276It is possible to add IP alias entries using 1277.Xr ifconfig 8 1278syntax with the address family keyword such as 1279.Li inet . 1280Assuming that the interface in question was 1281.Li em0 , 1282it might look something like this: 1283.Bd -literal 1284ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1285ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1286.Ed 1287.Pp 1288It also possible to configure multiple IP addresses in Classless 1289Inter-Domain Routing 1290.Pq CIDR 1291address notation, 1292whose each address component can be a range like 1293.Li inet 192.0.2.5-23/24 1294or 1295.Li inet6 2001:db8:1-f::1/64 . 1296This notation allows address and prefix length part only, 1297not the other address modifiers. 1298Note that the maximum number of the generated addresses from a range 1299specification is limited to an integer value specified in 1300.Va netif_ipexpand_max 1301in 1302.Nm 1303because a small typo can unexpectedly generate a large number of addresses. 1304The default value is 1305.Li 2048 . 1306It can be increased by adding the following line into 1307.Nm : 1308.Bd -literal 1309netif_ipexpand_max="4096" 1310.Ed 1311.Pp 1312In the case of 1313.Li 192.0.2.5-23/24 , 1314the address 192.0.2.5 will be configured with the 1315netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1316the non-conflicting netmask /32 as explained in the 1317.Xr ifconfig 8 1318alias section. 1319Note that this special netmask handling is only for 1320.Li inet , 1321not for the other address families such as 1322.Li inet6 . 1323.Pp 1324With the interface in question being 1325.Li em0 , 1326an example could look like: 1327.Bd -literal 1328ifconfig_em0_alias2="inet 192.0.2.129/27" 1329ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1330.Ed 1331.Pp 1332and so on. 1333.Pp 1334Note that deprecated 1335.Va ipv4_addrs_ Ns Aq Ar interface 1336variable was supported for IPv4 CIDR address notation. 1337The 1338.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1339variable replaces it, though 1340.Va ipv4_addrs_ Ns Aq Ar interface 1341is still supported for backward compatibility. 1342.Pp 1343For each 1344.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1345entry with an address family keyword, 1346its contents are passed to 1347.Xr ifconfig 8 . 1348Execution stops at the first unsuccessful access, so if 1349something like this is present: 1350.Bd -literal 1351ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1352ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1353ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1354ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1355.Ed 1356.Pp 1357Then note that alias4 would 1358.Em not 1359be added since the search would 1360stop with the missing 1361.Dq Li alias3 1362entry. 1363Because of this difficult to manage behavior, 1364there is 1365.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1366variable, which has the same functionality as 1367.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1368and can have all of entries in a variable like the following: 1369.Bd -literal 1370ifconfig_em0_aliases="\\ 1371 inet 127.0.0.251 netmask 0xffffffff \\ 1372 inet 127.0.0.252 netmask 0xffffffff \\ 1373 inet 127.0.0.253 netmask 0xffffffff \\ 1374 inet 127.0.0.254 netmask 0xffffffff" 1375.Ed 1376.Pp 1377It also supports CIDR notation. 1378.Pp 1379If the 1380.Pa /etc/start_if. Ns Aq Ar interface 1381file is present, it is read and executed by the 1382.Xr sh 1 1383interpreter 1384before configuring the interface as specified in the 1385.Va ifconfig_ Ns Aq Ar interface 1386and 1387.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1388variables. 1389.Pp 1390If a 1391.Va vlans_ Ns Aq Ar interface 1392variable is set, 1393a 1394.Xr vlan 4 1395interface will be created for each item in the list with the 1396.Ar vlandev 1397argument set to 1398.Ar interface . 1399If a vlan interface's name is a number, 1400then that number is used as the vlan tag and the new vlan interface is 1401named 1402.Ar interface . Ns Ar tag . 1403Otherwise, 1404the vlan tag must be specified via a 1405.Va vlan 1406parameter in the 1407.Va create_args_ Ns Aq Ar interface 1408variable. 1409.Pp 1410To create a vlan device named 1411.Li em0.101 1412on 1413.Li em0 1414with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1415.Bd -literal 1416vlans_em0="101" 1417ifconfig_em0_101="inet 192.0.2.1/24" 1418.Ed 1419.Pp 1420To create a vlan device named 1421.Li myvlan 1422on 1423.Li em0 1424with the vlan tag 102: 1425.Bd -literal 1426vlans_em0="myvlan" 1427create_args_myvlan="vlan 102" 1428.Ed 1429.Pp 1430If a 1431.Va wlans_ Ns Aq Ar interface 1432variable is set, 1433an 1434.Xr wlan 4 1435interface will be created for each item in the list with the 1436.Ar wlandev 1437argument set to 1438.Ar interface . 1439Further wlan cloning arguments may be passed to the 1440.Xr ifconfig 8 1441.Cm create 1442command by setting the 1443.Va create_args_ Ns Aq Ar interface 1444variable. 1445One or more 1446.Xr wlan 4 1447devices must be created for each wireless devices as of 1448.Fx 8.0 . 1449Debugging flags for 1450.Xr wlan 4 1451devices as set by 1452.Xr wlandebug 8 1453may be specified with an 1454.Va wlandebug_ Ns Aq Ar interface 1455variable. 1456The contents of this variable will be passed directly to 1457.Xr wlandebug 8 . 1458.Pp 1459If the 1460.Va ifconfig_ Ns Aq Ar interface 1461contains the keyword 1462.Dq Li NOAUTO 1463then the interface will not be configured 1464at boot or by 1465.Pa /etc/pccard_ether 1466when 1467.Va network_interfaces 1468is set to 1469.Dq Li AUTO . 1470.Pp 1471It is possible to bring up an interface with DHCP by adding 1472.Dq Li DHCP 1473to the 1474.Va ifconfig_ Ns Aq Ar interface 1475variable. 1476For instance, to initialize the 1477.Li em0 1478device via DHCP, 1479it is possible to use something like: 1480.Bd -literal 1481ifconfig_em0="DHCP" 1482.Ed 1483.Pp 1484If you want to configure your wireless interface with 1485.Xr wpa_supplicant 8 1486for use with WPA, EAP/LEAP or WEP, you need to add 1487.Dq Li WPA 1488to the 1489.Va ifconfig_ Ns Aq Ar interface 1490variable. 1491.Pp 1492On the other hand, if you want to configure your wireless interface with 1493.Xr hostapd 8 , 1494you need to add 1495.Dq Li HOSTAP 1496to the 1497.Va ifconfig_ Ns Aq Ar interface 1498variable. 1499.Xr hostapd 8 1500will use the settings from 1501.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1502.Pp 1503Finally, you can add 1504.Xr ifconfig 8 1505options in this variable, in addition to the 1506.Pa /etc/start_if. Ns Aq Ar interface 1507file. 1508For instance, to configure an 1509.Xr ath 4 1510wireless device in station mode with an address obtained 1511via DHCP, using WPA authentication and 802.11b mode, it is 1512possible to use something like: 1513.Bd -literal 1514wlans_ath0="wlan0" 1515ifconfig_wlan0="DHCP WPA mode 11b" 1516.Ed 1517.Pp 1518In addition to the 1519.Va ifconfig_ Ns Aq Ar interface 1520form, a fallback variable 1521.Va ifconfig_DEFAULT 1522may be configured. 1523It will be used for all interfaces with no 1524.Va ifconfig_ Ns Aq Ar interface 1525variable. 1526This is intended to replace the no longer supported 1527.Va pccard_ifconfig 1528variable. 1529.Pp 1530It is also possible to rename an interface by doing: 1531.Bd -literal 1532ifconfig_em0_name="net0" 1533ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1534.Ed 1535.It Va ipv6_enable 1536.Pq Vt bool 1537This variable is deprecated. 1538Use 1539.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1540and 1541.Va ipv6_activate_all_interfaces 1542if necessary. 1543.Pp 1544If the variable is 1545.Dq Li YES , 1546.Dq Li inet6 accept_rtadv 1547is added to all of 1548.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1549and the 1550.Va ipv6_activate_all_interfaces 1551is defined as 1552.Dq Li YES . 1553.It Va ipv6_prefer 1554.Pq Vt bool 1555This variable is deprecated. 1556Use 1557.Va ip6addrctl_policy 1558instead. 1559.Pp 1560If the variable is 1561.Dq Li YES , 1562the default address selection policy table set by 1563.Xr ip6addrctl 8 1564will be IPv6-preferred. 1565.Pp 1566If the variable is 1567.Dq Li NO , 1568the default address selection policy table set by 1569.Xr ip6addrctl 8 1570will be IPv4-preferred. 1571.It Va ipv6_activate_all_interfaces 1572.Pq Vt bool 1573This controls initial configuration on IPv6-capable 1574interfaces with no corresponding 1575.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1576variable. 1577Note that it is not always necessary to set this variable to 1578.Dq YES 1579to use IPv6 functionality on 1580.Fx . 1581In most cases, just configuring 1582.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1583variables works. 1584.Pp 1585If the variable is 1586.Dq Li NO , 1587all interfaces which do not have a corresponding 1588.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1589variable will be marked as 1590.Dq Li IFDISABLED 1591at creation. 1592This means that all of IPv6 functionality on that interface 1593is completely disabled to enforce a security policy. 1594If the variable is set to 1595.Dq YES , 1596the flag will be cleared on all of the interfaces. 1597.Pp 1598In most cases, just defining an 1599.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1600for an IPv6-capable interface should be sufficient. 1601However, if an interface is added dynamically 1602.Pq by some tunneling protocols such as PPP, for example , 1603it is often difficult to define the variable in advance. 1604In such a case, configuring the 1605.Dq Li IFDISABLED 1606flag can be disabled by setting this variable to 1607.Dq YES . 1608.Pp 1609For more details of the 1610.Dq Li IFDISABLED 1611flag and keywords 1612.Dq Li inet6 ifdisabled , 1613see 1614.Xr ifconfig 8 . 1615.Pp 1616Default is 1617.Dq Li NO . 1618.It Va ipv6_privacy 1619.Pq Vt bool 1620If the variable is 1621.Dq Li YES 1622privacy addresses will be generated for each IPv6 1623interface as described in RFC 4941. 1624.It Va ipv6_network_interfaces 1625.Pq Vt str 1626This is the IPv6 equivalent of 1627.Va network_interfaces . 1628Normally manual configuration of this variable is not needed. 1629.It Va ipv6_cpe_wanif 1630.Pq Vt str 1631If the variable is set to an interface name, 1632the 1633.Xr ifconfig 8 1634options 1635.Dq inet6 -no_radr accept_rtadv 1636will be added to the specified interface automatically before evaluating 1637.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1638and two 1639.Xr sysctl 8 1640variables 1641.Va net.inet6.ip6.rfc6204w3 1642and 1643.Va net.inet6.ip6.no_radr 1644will be set to 1. 1645.Pp 1646This means the specified interface will accept ICMPv6 Router 1647Advertisement messages on that link and add the discovered 1648routers into the Default Router List. 1649While the other interfaces can still accept RA messages if the 1650.Dq inet6 accept_rtadv 1651option is specified, adding 1652routes into the Default Router List will be disabled by 1653.Dq inet6 no_radr 1654option by default. 1655See 1656.Xr ifconfig 8 1657for more details. 1658.Pp 1659Note that ICMPv6 Router Advertisement messages will be 1660accepted even when 1661.Va net.inet6.ip6.forwarding 1662is 1 1663.Pq packet forwarding is enabled 1664when 1665.Va net.inet6.ip6.rfc6204w3 1666is set to 1. 1667.Pp 1668Default is 1669.Dq Li NO . 1670.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1671.Pq Vt str 1672This assigns arbitrary description to an interface. 1673The 1674.Xr sysctl 8 1675variable 1676.Va net.ifdescr_maxlen 1677limits its length. 1678This static setting may be overridden by commands 1679started with dynamic interface configuration utilities 1680like 1681.Xr dhclient 8 1682hooks. 1683The description can be seen with 1684.Xr ifconfig 8 1685command and it may be exported with 1686.Xr bsnmpd 1 1687daemon using its MIB-2 module. 1688.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1689.Pq Vt str 1690IPv6 functionality on an interface should be configured by 1691.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1692instead of setting ifconfig parameters in 1693.Va ifconfig_ Ns Aq Ar interface . 1694If this variable is empty, all of IPv6 configurations on the 1695specified interface by other variables such as 1696.Va ipv6_prefix_ Ns Ao Ar interface Ac 1697will be ignored. 1698.Pp 1699Aliases should be set by 1700.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1701with 1702.Dq Li inet6 1703keyword. 1704For example: 1705.Bd -literal 1706ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1707ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1708.Ed 1709.Pp 1710Interfaces that have an 1711.Dq Li inet6 accept_rtadv 1712keyword in 1713.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1714setting will be automatically configured by SLAAC 1715.Pq StateLess Address AutoConfiguration 1716described in 1717.Rs 1718.%T "RFC 4862" 1719.Re 1720.Pp 1721Note that a link-local address will be automatically configured in 1722addition to the configured global-scope addresses because the IPv6 1723specifications require it on each link. 1724The address is calculated from the MAC address by using an algorithm 1725defined in 1726.Rs 1727.%T "RFC 4862" 1728.%O "Section 5.3" 1729.Re 1730.Pp 1731If only a link-local address is needed on the interface, 1732the following configuration can be used: 1733.Bd -literal 1734ifconfig_em0_ipv6="inet6 auto_linklocal" 1735.Ed 1736.Pp 1737A link-local address can also be configured manually. 1738This is useful for the default router address of an IPv6 router 1739so that it does not change when the network interface 1740card is replaced. 1741For example: 1742.Bd -literal 1743ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1744.Ed 1745.It Va ipv6_prefix_ Ns Aq Ar interface 1746.Pq Vt str 1747If one or more prefixes are defined in 1748.Va ipv6_prefix_ Ns Aq Ar interface 1749addresses based on each prefix and the EUI-64 interface index will be 1750configured on that interface. 1751Note that this variable will be ignored when 1752.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1753is empty. 1754.Pp 1755For example, the following configuration 1756.Bd -literal 1757ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1758.Ed 1759.Pp 1760is equivalent to the following: 1761.Bd -literal 1762ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1763ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1764ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1765ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1766.Ed 1767.Pp 1768These Subnet-Router anycast addresses will be added only when 1769.Va ipv6_gateway_enable 1770is YES. 1771.It Va ipv6_default_interface 1772.Pq Vt str 1773If not set to 1774.Dq Li NO , 1775this is the default output interface for scoped addresses. 1776This works only with ipv6_gateway_enable="NO". 1777.It Va ip6addrctl_enable 1778.Pq Vt bool 1779This variable is to enable configuring default address selection policy table 1780.Pq RFC 3484 . 1781The table can be specified in another variable 1782.Va ip6addrctl_policy . 1783For 1784.Va ip6addrctl_policy 1785the following keywords can be specified: 1786.Dq Li ipv4_prefer , 1787.Dq Li ipv6_prefer , 1788or 1789.Dq Li AUTO . 1790.Pp 1791If 1792.Dq Li ipv4_prefer 1793or 1794.Dq Li ipv6_prefer 1795is specified, 1796.Xr ip6addrctl 8 1797installs a pre-defined policy table described in Section 10.3 1798.Pq IPv4-preferred 1799or 2.1 1800.Pq IPv6-preferred 1801of RFC 3484. 1802.Pp 1803If 1804.Dq Li AUTO 1805is specified, it attempts to read a file 1806.Pa /etc/ip6addrctl.conf 1807first. 1808If this file is found, 1809.Xr ip6addrctl 8 1810reads and installs it. 1811If not found, a policy is automatically set 1812according to 1813.Va ipv6_activate_all_interfaces 1814variable; if the variable is set to 1815.Dq Li YES 1816the IPv6-preferred one is used. 1817Otherwise IPv4-preferred. 1818.Pp 1819The default value of 1820.Va ip6addrctl_enable 1821and 1822.Va ip6addrctl_policy 1823are 1824.Dq Li YES 1825and 1826.Dq Li AUTO , 1827respectively. 1828.It Va cloned_interfaces 1829.Pq Vt str 1830Set to the list of clonable network interfaces to create on this host. 1831Further cloning arguments may be passed to the 1832.Xr ifconfig 8 1833.Cm create 1834command for each interface by setting the 1835.Va create_args_ Ns Aq Ar interface 1836variable. 1837If an interface name is specified with 1838.Dq :sticky 1839keyword, 1840the interface will not be destroyed even when 1841.Pa rc.d/netif 1842script is invoked with 1843.Dq stop 1844argument. 1845This is useful when reconfiguring the interface without destroying it. 1846Entries in 1847.Va cloned_interfaces 1848are automatically appended to 1849.Va network_interfaces 1850for configuration. 1851.It Va cloned_interfaces_sticky 1852.Pq Vt bool 1853This variable is to globally enable functionality of 1854.Dq :sticky 1855keyword in 1856.Va cloned_interfaces 1857for all interfaces. 1858The default value is 1859.Dq NO . 1860Even if this variable is specified to 1861.Dq YES , 1862.Dq :nosticky 1863keyword can be used to override it on per interface basis. 1864.It Va gif_interfaces 1865.Pq Vt str 1866This variable is deprecated in favor of 1867.Va cloned_interfaces . 1868Set to the list of 1869.Xr gif 4 1870tunnel interfaces to configure on this host. 1871For each 1872.Xr gif 1873tunnel interface, set a variable named 1874.Va ifconfig_ Ns Aq Ar interface 1875with the parameters for the 1876.Xr ifconfig 8 1877command to configure the link level for 1878.Ar interface 1879with the 1880.Cm tunnel 1881option. 1882The value of this variable is used to configure the link layer of the 1883tunnel using the 1884.Cm tunnel 1885option to 1886.Xr ifconfig . 1887For example, configure two 1888.Xr gif 1889interfaces with: 1890.Bd -literal -offset indent 1891gif_interfaces="gif0 gif1" 1892ifconfig_gif0="tunnel src_addr0 dst_addr0" 1893ifconfig_gif1="tunnel src_addr1 dst_addr1" 1894.Ed 1895.Pp 1896Additionally, this option ensures that each listed interface is created 1897via the 1898.Cm create 1899option to 1900.Xr ifconfig . 1901This example also works with 1902.Va cloned_interfaces 1903instead of 1904.Va gif_interfaces . 1905.It Va sppp_interfaces 1906.Pq Vt str 1907Set to the list of 1908.Xr sppp 4 1909interfaces to configure on this host. 1910A 1911.Va spppconfig_ Ns Aq Ar interface 1912variable is assumed to exist for each value of 1913.Ar interface . 1914Each interface should also be configured by a general 1915.Va ifconfig_ Ns Aq Ar interface 1916setting. 1917Refer to 1918.Xr spppcontrol 8 1919for more information about available options. 1920.It Va ppp_enable 1921.Pq Vt bool 1922If set to 1923.Dq Li YES , 1924run the 1925.Xr ppp 8 1926daemon. 1927.It Va ppp_profile 1928.Pq Vt str 1929The name of the profile to use from 1930.Pa /etc/ppp/ppp.conf . 1931Also used for per-profile overrides of 1932.Va ppp_mode 1933and 1934.Va ppp_nat , 1935and 1936.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1937When the profile name contains any of the characters 1938.Dq Li .-/+ 1939they are translated to 1940.Dq Li _ 1941for the proposes of the override variable names. 1942.It Va ppp_mode 1943.Pq Vt str 1944Mode in which to run the 1945.Xr ppp 8 1946daemon. 1947.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1948.Pq Vt str 1949Overrides the global 1950.Va ppp_mode 1951for 1952.Ar profile . 1953Accepted modes are 1954.Dq Li auto , 1955.Dq Li ddial , 1956.Dq Li direct 1957and 1958.Dq Li dedicated . 1959See the manual for a full description. 1960.It Va ppp_nat 1961.Pq Vt bool 1962If set to 1963.Dq Li YES , 1964enables network address translation. 1965Used in conjunction with 1966.Va gateway_enable 1967allows hosts on private network addresses access to the Internet using 1968this host as a network address translating router. 1969.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1970.Pq Vt str 1971Overrides the global 1972.Va ppp_nat 1973for 1974.Ar profile . 1975.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1976.Pq Vt int 1977Set the unit number to be used for this profile. 1978See the manual description of 1979.Fl unit Ns Ar N 1980for details. 1981.It Va ppp_user 1982.Pq Vt str 1983The name of the user under which 1984.Xr ppp 8 1985should be started. 1986By 1987default, 1988.Xr ppp 8 1989is started as 1990.Dq Li root . 1991.It Va rc_conf_files 1992.Pq Vt str 1993This option is used to specify a list of files that will override 1994the settings in 1995.Pa /etc/defaults/rc.conf . 1996The files will be read in the order in which they are specified and should 1997include the full path to the file. 1998By default, the files specified are 1999.Pa /etc/rc.conf 2000and 2001.Pa /etc/rc.conf.local 2002.It Va zfs_enable 2003.Pq Vt bool 2004If set to 2005.Dq Li YES , 2006.Pa /etc/rc.d/zfs 2007will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2008(ZVOLs). 2009.It Va gptboot_enable 2010.Pq Vt bool 2011If set to 2012.Dq Li YES , 2013.Pa /etc/rc.d/gptboot 2014will log if the system successfully (or not) booted from a GPT partition, 2015which had the 2016.Ar bootonce 2017attribute set using 2018.Xr gpart 8 2019utility. 2020.It Va gbde_autoattach_all 2021.Pq Vt bool 2022If set to 2023.Dq Li YES , 2024.Pa /etc/rc.d/gbde 2025will attempt to automatically initialize your .bde devices in 2026.Pa /etc/fstab . 2027.It Va gbde_devices 2028.Pq Vt str 2029List the devices that the script should try to attach, 2030or 2031.Dq Li AUTO . 2032.It Va gbde_lockdir 2033.Pq Vt str 2034The directory where the 2035.Xr gbde 4 2036lockfiles are located. 2037The default lockfile directory is 2038.Pa /etc . 2039.Pp 2040The lockfile for each individual 2041.Xr gbde 4 2042device can be overridden by setting the variable 2043.Va gbde_lock_ Ns Aq Ar device , 2044where 2045.Ar device 2046is the encrypted device without the 2047.Dq Pa /dev/ 2048and 2049.Dq Pa .bde 2050parts. 2051.It Va gbde_attach_attempts 2052.Pq Vt int 2053Number of times to attempt attaching to a 2054.Xr gbde 4 2055device, i.e., how many times the user is asked for the pass-phrase. 2056Default is 3. 2057.It Va geli_devices 2058.Pq Vt str 2059List of devices to automatically attach on boot. 2060Note that .eli devices from 2061.Pa /etc/fstab 2062are automatically appended to this list. 2063.It Va geli_groups 2064.Pq Vt str 2065List of groups containing devices to automatically attach on boot with the same 2066keyfiles and passphrase. 2067This must be accompanied with a corresponding 2068.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2069variable. 2070.It Va geli_tries 2071.Pq Vt int 2072Number of times user is asked for the pass-phrase. 2073If empty, it will be taken from 2074.Va kern.geom.eli.tries 2075sysctl variable. 2076.It Va geli_default_flags 2077.Pq Vt str 2078Default flags to use by 2079.Xr geli 8 2080when configuring disk encryption. 2081Flags can be configured for every device separately by defining the 2082.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2083variable, and for every group separately by defining the 2084.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2085variable. 2086.It Va geli_autodetach 2087.Pq Vt str 2088Specifies if GELI devices should be marked for detach on last close after 2089file systems are mounted. 2090Default is 2091.Dq Li YES . 2092This can be changed for every device separately by defining the 2093.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2094variable. 2095.It Va root_rw_mount 2096.Pq Vt bool 2097Set to 2098.Dq Li YES 2099by default. 2100After the file systems are checked at boot time, the root file system 2101is remounted as read-write if this is set to 2102.Dq Li YES . 2103Diskless systems that mount their root file system from a read-only remote 2104NFS share should set this to 2105.Dq Li NO 2106in their 2107.Pa rc.conf . 2108.It Va fsck_y_enable 2109.Pq Vt bool 2110If set to 2111.Dq Li YES , 2112.Xr fsck 8 2113will be run with the 2114.Fl y 2115flag if the initial preen 2116of the file systems fails. 2117.It Va background_fsck 2118.Pq Vt bool 2119If set to 2120.Dq Li NO , 2121the system will not attempt to run 2122.Xr fsck 8 2123in the background where possible. 2124.It Va background_fsck_delay 2125.Pq Vt int 2126The amount of time in seconds to sleep before starting a background 2127.Xr fsck 8 . 2128It defaults to sixty seconds to allow large applications such as 2129the X server to start before disk I/O bandwidth is monopolized by 2130.Xr fsck 8 . 2131If set to a negative number, the background file system check will be 2132delayed indefinitely to allow the administrator to run it at a more 2133convenient time. 2134For example it may be run from 2135.Xr cron 8 2136by adding a line like 2137.Pp 2138.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2139.Pp 2140to 2141.Pa /etc/crontab . 2142.It Va netfs_types 2143.Pq Vt str 2144List of file system types that are network-based. 2145This list should generally not be modified by end users. 2146Use 2147.Va extra_netfs_types 2148instead. 2149.It Va extra_netfs_types 2150.Pq Vt str 2151If set to something other than 2152.Dq Li NO 2153(the default), 2154this variable extends the list of file system types 2155for which automatic mounting at startup by 2156.Xr rc 8 2157should be delayed until the network is initialized. 2158It should contain 2159a whitespace-separated list of network file system descriptor pairs, 2160each consisting of a file system type as passed to 2161.Xr mount 8 2162and a human-readable, one-word description, 2163joined with a colon 2164.Pq Ql \&: . 2165Extending the default list in this way is only necessary 2166when third party file system types are used. 2167.It Va syslogd_enable 2168.Pq Vt bool 2169If set to 2170.Dq Li YES , 2171run the 2172.Xr syslogd 8 2173daemon. 2174.It Va syslogd_program 2175.Pq Vt str 2176Path to 2177.Xr syslogd 8 2178(default 2179.Pa /usr/sbin/syslogd ) . 2180.It Va syslogd_flags 2181.Pq Vt str 2182If 2183.Va syslogd_enable 2184is set to 2185.Dq Li YES , 2186these are the flags to pass to 2187.Xr syslogd 8 . 2188.It Va inetd_enable 2189.Pq Vt bool 2190If set to 2191.Dq Li YES , 2192run the 2193.Xr inetd 8 2194daemon. 2195.It Va inetd_program 2196.Pq Vt str 2197Path to 2198.Xr inetd 8 2199(default 2200.Pa /usr/sbin/inetd ) . 2201.It Va inetd_flags 2202.Pq Vt str 2203If 2204.Va inetd_enable 2205is set to 2206.Dq Li YES , 2207these are the flags to pass to 2208.Xr inetd 8 . 2209.It Va hastd_enable 2210.Pq Vt bool 2211If set to 2212.Dq Li YES , 2213run the 2214.Xr hastd 8 2215daemon. 2216.It Va hastd_program 2217.Pq Vt str 2218Path to 2219.Xr hastd 8 2220(default 2221.Pa /sbin/hastd ) . 2222.It Va hastd_flags 2223.Pq Vt str 2224If 2225.Va hastd_enable 2226is set to 2227.Dq Li YES , 2228these are the flags to pass to 2229.Xr hastd 8 . 2230.It Va local_unbound_enable 2231.Pq Vt bool 2232If set to 2233.Dq Li YES , 2234run the 2235.Xr unbound 8 2236daemon as a local caching resolver. 2237.It Va kdc_enable 2238.Pq Vt bool 2239Set to 2240.Dq Li YES 2241to start a Kerberos 5 authentication server 2242at boot time. 2243.It Va kdc_program 2244.Pq Vt str 2245If 2246.Va kdc_enable 2247is set to 2248.Dq Li YES 2249this is the path to Kerberos 5 Authentication Server. 2250.It Va kdc_flags 2251.Pq Vt str 2252Empty by default. 2253This variable contains additional flags to be passed to the Kerberos 5 2254authentication server. 2255.It Va kadmind_enable 2256.Pq Vt bool 2257Set to 2258.Dq Li YES 2259to start 2260.Xr kadmind 8 , 2261the Kerberos 5 Administration Daemon; set to 2262.Dq Li NO 2263on a slave server. 2264.It Va kadmind_program 2265.Pq Vt str 2266If 2267.Va kadmind_enable 2268is set to 2269.Dq Li YES 2270this is the path to Kerberos 5 Administration Daemon. 2271.It Va kpasswdd_enable 2272.Pq Vt bool 2273Set to 2274.Dq Li YES 2275to start 2276.Xr kpasswdd 8 , 2277the Kerberos 5 Password-Changing Daemon; set to 2278.Dq Li NO 2279on a slave server. 2280.It Va kpasswdd_program 2281.Pq Vt str 2282If 2283.Va kpasswdd_enable 2284is set to 2285.Dq Li YES 2286this is the path to Kerberos 5 Password-Changing Daemon. 2287.It Va kfd_enable 2288.Pq Vt bool 2289Set to 2290.Dq Li YES 2291to start 2292.Xr kfd 8 , 2293the Kerberos 5 ticket forwarding daemon, at the boot time. 2294.It Va kfd_program 2295.Pq Vt str 2296Path to 2297.Xr kfd 8 2298(default 2299.Pa /usr/libexec/kfd ) . 2300.It Va rwhod_enable 2301.Pq Vt bool 2302If set to 2303.Dq Li YES , 2304run the 2305.Xr rwhod 8 2306daemon at boot time. 2307.It Va rwhod_flags 2308.Pq Vt str 2309If 2310.Va rwhod_enable 2311is set to 2312.Dq Li YES , 2313these are the flags to pass to it. 2314.It Va amd_enable 2315.Pq Vt bool 2316If set to 2317.Dq Li YES , 2318run the 2319.Xr amd 8 2320daemon at boot time. 2321.It Va amd_flags 2322.Pq Vt str 2323If 2324.Va amd_enable 2325is set to 2326.Dq Li YES , 2327these are the flags to pass to it. 2328See the 2329.Xr amd 8 2330manpage for more information. 2331.It Va amd_map_program 2332.Pq Vt str 2333If set, 2334the specified program is run to get the list of 2335.Xr amd 8 2336maps. 2337For example, if the 2338.Xr amd 8 2339maps are stored in NIS, one can set this to 2340run 2341.Xr ypcat 1 2342to get a list of 2343.Xr amd 8 2344maps from the 2345.Pa amd.master 2346NIS map. 2347.It Va update_motd 2348.Pq Vt bool 2349If set to 2350.Dq Li YES , 2351.Pa /etc/motd 2352will be updated at boot time to reflect the kernel release 2353being run. 2354If set to 2355.Dq Li NO , 2356.Pa /etc/motd 2357will not be updated. 2358.It Va nfs_client_enable 2359.Pq Vt bool 2360If set to 2361.Dq Li YES , 2362run the NFS client daemons at boot time. 2363.It Va nfs_access_cache 2364.Pq Vt int 2365If 2366.Va nfs_client_enable 2367is set to 2368.Dq Li YES , 2369this can be set to 2370.Dq Li 0 2371to disable NFS ACCESS RPC caching, or to the number of seconds for which 2372NFS ACCESS 2373results should be cached. 2374A value of 2-10 seconds will substantially reduce network 2375traffic for many NFS operations. 2376.It Va nfs_server_enable 2377.Pq Vt bool 2378If set to 2379.Dq Li YES , 2380run the NFS server daemons at boot time. 2381.It Va nfs_server_flags 2382.Pq Vt str 2383If 2384.Va nfs_server_enable 2385is set to 2386.Dq Li YES , 2387these are the flags to pass to the 2388.Xr nfsd 8 2389daemon. 2390.It Va nfsv4_server_enable 2391.Pq Vt bool 2392If 2393.Va nfs_server_enable 2394is set to 2395.Dq Li YES 2396and 2397.Va nfsv4_server_enable 2398are set to 2399.Dq Li YES , 2400enable the server for NFSv4 as well as NFSv2 and NFSv3. 2401.It Va nfsuserd_enable 2402.Pq Vt bool 2403If 2404.Va nfsuserd_enable 2405is set to 2406.Dq Li YES , 2407run the nfsuserd daemon, which is needed for NFSv4 in order 2408to map between user/group names vs uid/gid numbers. 2409If 2410.Va nfsv4_server_enable 2411is set to 2412.Dq Li YES , 2413this will be forced enabled. 2414.It Va nfsuserd_flags 2415.Pq Vt str 2416If 2417.Va nfsuserd_enable 2418is set to 2419.Dq Li YES , 2420these are the flags to pass to the 2421.Xr nfsuserd 8 2422daemon. 2423.It Va nfscbd_enable 2424.Pq Vt bool 2425If 2426.Va nfscbd_enable 2427is set to 2428.Dq Li YES , 2429run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2430.It Va nfscbd_flags 2431.Pq Vt str 2432If 2433.Va nfscbd_enable 2434is set to 2435.Dq Li YES , 2436these are the flags to pass to the 2437.Xr nfscbd 8 2438daemon. 2439.It Va mountd_enable 2440.Pq Vt bool 2441If set to 2442.Dq Li YES , 2443and no 2444.Va nfs_server_enable 2445is set, start 2446.Xr mountd 8 , 2447but not 2448.Xr nfsd 8 2449daemon. 2450It is commonly needed to run CFS without real NFS used. 2451.It Va mountd_flags 2452.Pq Vt str 2453If 2454.Va mountd_enable 2455is set to 2456.Dq Li YES , 2457these are the flags to pass to the 2458.Xr mountd 8 2459daemon. 2460.It Va weak_mountd_authentication 2461.Pq Vt bool 2462If set to 2463.Dq Li YES , 2464allow services like PCNFSD to make non-privileged mount 2465requests. 2466.It Va nfs_reserved_port_only 2467.Pq Vt bool 2468If set to 2469.Dq Li YES , 2470provide NFS services only on a secure port. 2471.It Va nfs_bufpackets 2472.Pq Vt int 2473If set to a number, indicates the number of packets worth of 2474socket buffer space to reserve on an NFS client. 2475The kernel default is typically 4. 2476Using a higher number may be 2477useful on gigabit networks to improve performance. 2478The minimum value is 24792 and the maximum is 64. 2480.It Va rpc_lockd_enable 2481.Pq Vt bool 2482If set to 2483.Dq Li YES 2484and also an NFS server or client, run 2485.Xr rpc.lockd 8 2486at boot time. 2487.It Va rpc_lockd_flags 2488.Pq Vt str 2489If 2490.Va rpc_lockd_enable 2491is set to 2492.Dq Li YES , 2493these are the flags to pass to the 2494.Xr rpc.lockd 8 2495daemon. 2496.It Va rpc_statd_enable 2497.Pq Vt bool 2498If set to 2499.Dq Li YES 2500and also an NFS server or client, run 2501.Xr rpc.statd 8 2502at boot time. 2503.It Va rpc_statd_flags 2504.Pq Vt str 2505If 2506.Va rpc_statd_enable 2507is set to 2508.Dq Li YES , 2509these are the flags to pass to the 2510.Xr rpc.statd 8 2511daemon. 2512.It Va rpcbind_program 2513.Pq Vt str 2514Path to 2515.Xr rpcbind 8 2516(default 2517.Pa /usr/sbin/rpcbind ) . 2518.It Va rpcbind_enable 2519.Pq Vt bool 2520If set to 2521.Dq Li YES , 2522run the 2523.Xr rpcbind 8 2524service at boot time. 2525.It Va rpcbind_flags 2526.Pq Vt str 2527If 2528.Va rpcbind_enable 2529is set to 2530.Dq Li YES , 2531these are the flags to pass to the 2532.Xr rpcbind 8 2533daemon. 2534.It Va keyserv_enable 2535.Pq Vt bool 2536If set to 2537.Dq Li YES , 2538run the 2539.Xr keyserv 8 2540daemon on boot for running Secure RPC. 2541.It Va keyserv_flags 2542.Pq Vt str 2543If 2544.Va keyserv_enable 2545is set to 2546.Dq Li YES , 2547these are the flags to pass to 2548.Xr keyserv 8 2549daemon. 2550.It Va pppoed_enable 2551.Pq Vt bool 2552If set to 2553.Dq Li YES , 2554run the 2555.Xr pppoed 8 2556daemon at boot time to provide PPP over Ethernet services. 2557.It Va pppoed_ Ns Aq Ar provider 2558.Pq Vt str 2559.Xr pppoed 8 2560listens to requests to this 2561.Ar provider 2562and ultimately runs 2563.Xr ppp 8 2564with a 2565.Ar system 2566argument of the same name. 2567.It Va pppoed_flags 2568.Pq Vt str 2569Additional flags to pass to 2570.Xr pppoed 8 . 2571.It Va pppoed_interface 2572.Pq Vt str 2573The network interface to run 2574.Xr pppoed 8 2575on. 2576This is mandatory when 2577.Va pppoed_enable 2578is set to 2579.Dq Li YES . 2580.It Va timed_enable 2581.Pq Vt bool 2582If set to 2583.Dq Li YES , 2584run the 2585.Xr timed 8 2586service at boot time. 2587This command is intended for networks of 2588machines where a consistent 2589.Dq "network time" 2590for all hosts must be established. 2591This is often useful in large NFS 2592environments where time stamps on files are expected to be consistent 2593network-wide. 2594.It Va timed_flags 2595.Pq Vt str 2596If 2597.Va timed_enable 2598is set to 2599.Dq Li YES , 2600these are the flags to pass to the 2601.Xr timed 8 2602service. 2603.It Va ntpdate_enable 2604.Pq Vt bool 2605If set to 2606.Dq Li YES , 2607run 2608.Xr ntpdate 8 2609at system startup. 2610This command is intended to 2611synchronize the system clock only 2612.Em once 2613from some standard reference. 2614.Pp 2615Note that the use of the 2616.Va ntpd_sync_on_start 2617variable is a preferred alternative to the 2618.Xr ntpdate 8 2619utility as 2620.Xr ntpdate 8 2621is to be retired from the NTP distribution. 2622.It Va ntpdate_config 2623.Pq Vt str 2624Configuration file for 2625.Xr ntpdate 8 . 2626Default 2627.Pa /etc/ntp.conf . 2628.It Va ntpdate_hosts 2629.Pq Vt str 2630A whitespace-separated list of NTP servers to synchronize with at startup. 2631The default is to use the servers listed in 2632.Va ntpdate_config , 2633if that file exists. 2634.It Va ntpdate_program 2635.Pq Vt str 2636Path to 2637.Xr ntpdate 8 2638(default 2639.Pa /usr/sbin/ntpdate ) . 2640.It Va ntpdate_flags 2641.Pq Vt str 2642If 2643.Va ntpdate_enable 2644is set to 2645.Dq Li YES , 2646these are the flags to pass to the 2647.Xr ntpdate 8 2648command (typically a hostname). 2649.It Va ntpd_enable 2650.Pq Vt bool 2651If set to 2652.Dq Li YES , 2653run the 2654.Xr ntpd 8 2655command at boot time. 2656.It Va ntpd_program 2657.Pq Vt str 2658Path to 2659.Xr ntpd 8 2660(default 2661.Pa /usr/sbin/ntpd ) . 2662.It Va ntpd_config 2663.Pq Vt str 2664Path to 2665.Xr ntpd 8 2666configuration file. 2667Default 2668.Pa /etc/ntp.conf . 2669.It Va ntpd_flags 2670.Pq Vt str 2671If 2672.Va ntpd_enable 2673is set to 2674.Dq Li YES , 2675these are the flags to pass to the 2676.Xr ntpd 8 2677daemon. 2678.It Va ntpd_sync_on_start 2679.Pq Vt bool 2680If set to 2681.Dq Li YES , 2682.Xr ntpd 8 2683is run with the 2684.Fl g 2685flag, which syncs the system's clock on startup. 2686See 2687.Xr ntpd 8 2688for more information regarding the 2689.Fl g 2690option. 2691This is a preferred alternative to using 2692.Xr ntpdate 8 2693or specifying the 2694.Va ntpdate_enable 2695variable. 2696.It Va nis_client_enable 2697.Pq Vt bool 2698If set to 2699.Dq Li YES , 2700run the 2701.Xr ypbind 8 2702service at system boot time. 2703.It Va nis_client_flags 2704.Pq Vt str 2705If 2706.Va nis_client_enable 2707is set to 2708.Dq Li YES , 2709these are the flags to pass to the 2710.Xr ypbind 8 2711service. 2712.It Va nis_ypldap_enable 2713.Pq Vt bool 2714If set to 2715.Dq Li YES , 2716run the 2717.Xr ypldap 8 2718daemon at system boot time. 2719.It Va nis_ypldap_flags 2720.Pq Vt str 2721If 2722.Va nis.ypldap_enable 2723is set to 2724.Dq Li YES , 2725these are the flags to pass to the 2726.Xr ypldap 8 2727daemon. 2728.It Va nis_ypset_enable 2729.Pq Vt bool 2730If set to 2731.Dq Li YES , 2732run the 2733.Xr ypset 8 2734daemon at system boot time. 2735.It Va nis_ypset_flags 2736.Pq Vt str 2737If 2738.Va nis_ypset_enable 2739is set to 2740.Dq Li YES , 2741these are the flags to pass to the 2742.Xr ypset 8 2743daemon. 2744.It Va nis_server_enable 2745.Pq Vt bool 2746If set to 2747.Dq Li YES , 2748run the 2749.Xr ypserv 8 2750daemon at system boot time. 2751.It Va nis_server_flags 2752.Pq Vt str 2753If 2754.Va nis_server_enable 2755is set to 2756.Dq Li YES , 2757these are the flags to pass to the 2758.Xr ypserv 8 2759daemon. 2760.It Va nis_ypxfrd_enable 2761.Pq Vt bool 2762If set to 2763.Dq Li YES , 2764run the 2765.Xr rpc.ypxfrd 8 2766daemon at system boot time. 2767.It Va nis_ypxfrd_flags 2768.Pq Vt str 2769If 2770.Va nis_ypxfrd_enable 2771is set to 2772.Dq Li YES , 2773these are the flags to pass to the 2774.Xr rpc.ypxfrd 8 2775daemon. 2776.It Va nis_yppasswdd_enable 2777.Pq Vt bool 2778If set to 2779.Dq Li YES , 2780run the 2781.Xr rpc.yppasswdd 8 2782daemon at system boot time. 2783.It Va nis_yppasswdd_flags 2784.Pq Vt str 2785If 2786.Va nis_yppasswdd_enable 2787is set to 2788.Dq Li YES , 2789these are the flags to pass to the 2790.Xr rpc.yppasswdd 8 2791daemon. 2792.It Va rpc_ypupdated_enable 2793.Pq Vt bool 2794If set to 2795.Dq Li YES , 2796run the 2797.Nm rpc.ypupdated 2798daemon at system boot time. 2799.It Va bsnmpd_enable 2800.Pq Vt bool 2801If set to 2802.Dq Li YES , 2803run the 2804.Xr bsnmpd 1 2805daemon at system boot time. 2806Be sure to understand the security implications of running SNMP daemon 2807on your host. 2808.It Va bsnmpd_flags 2809.Pq Vt str 2810If 2811.Va bsnmpd_enable 2812is set to 2813.Dq Li YES , 2814these are the flags to pass to the 2815.Xr bsnmpd 1 2816daemon. 2817.It Va defaultrouter 2818.Pq Vt str 2819If not set to 2820.Dq Li NO , 2821create a default route to this host name or IP address 2822(use an IP address if this router is also required to get to the 2823name server!). 2824.It Va ipv6_defaultrouter 2825.Pq Vt str 2826The IPv6 equivalent of 2827.Va defaultrouter . 2828.It Va static_arp_pairs 2829.Pq Vt str 2830Set to the list of static ARP pairs that are to be added at system 2831boot time. 2832For each whitespace separated 2833.Ar element 2834in the value, a 2835.Va static_arp_ Ns Aq Ar element 2836variable is assumed to exist whose contents will later be passed to a 2837.Dq Nm arp Cm -S 2838operation. 2839For example 2840.Bd -literal 2841static_arp_pairs="gw" 2842static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2843.Ed 2844.It Va static_ndp_pairs 2845.Pq Vt str 2846Set to the list of static NDP pairs that are to be added at system 2847boot time. 2848For each whitespace separated 2849.Ar element 2850in the value, a 2851.Va static_ndp_ Ns Aq Ar element 2852variable is assumed to exist whose contents will later be passed to a 2853.Dq Nm ndp Cm -s 2854operation. 2855For example 2856.Bd -literal 2857static_ndp_pairs="gw" 2858static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2859.Ed 2860.It Va static_routes 2861.Pq Vt str 2862Set to the list of static routes that are to be added at system 2863boot time. 2864If not set to 2865.Dq Li NO 2866then for each whitespace separated 2867.Ar element 2868in the value, a 2869.Va route_ Ns Aq Ar element 2870variable is assumed to exist 2871whose contents will later be passed to a 2872.Dq Nm route Cm add 2873operation. 2874For example: 2875.Bd -literal 2876static_routes="ext mcast:gif0 gif0local:gif0" 2877route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2878route_mcast="-net 224.0.0.0/4 -iface gif0" 2879route_gif0local="-host 169.254.1.1 -iface lo0" 2880.Ed 2881.Pp 2882When an 2883.Ar element 2884is in the form of 2885.Li name:ifname , 2886the route is specific to the interface 2887.Li ifname . 2888.It Va ipv6_static_routes 2889.Pq Vt str 2890The IPv6 equivalent of 2891.Va static_routes . 2892If not set to 2893.Dq Li NO 2894then for each whitespace separated 2895.Ar element 2896in the value, a 2897.Va ipv6_route_ Ns Aq Ar element 2898variable is assumed to exist 2899whose contents will later be passed to a 2900.Dq Nm route Cm add Fl inet6 2901operation. 2902.It Va gateway_enable 2903.Pq Vt bool 2904If set to 2905.Dq Li YES , 2906configure host to act as an IP router, e.g.\& to forward packets 2907between interfaces. 2908.It Va ipv6_gateway_enable 2909.Pq Vt bool 2910The IPv6 equivalent of 2911.Va gateway_enable . 2912.It Va routed_enable 2913.Pq Vt bool 2914If set to 2915.Dq Li YES , 2916run a routing daemon of some sort, based on the 2917settings of 2918.Va routed_program 2919and 2920.Va routed_flags . 2921.It Va route6d_enable 2922.Pq Vt bool 2923The IPv6 equivalent of 2924.Va routed_enable . 2925If set to 2926.Dq Li YES , 2927run a routing daemon of some sort, based on the 2928settings of 2929.Va route6d_program 2930and 2931.Va route6d_flags . 2932.It Va routed_program 2933.Pq Vt str 2934If 2935.Va routed_enable 2936is set to 2937.Dq Li YES , 2938this is the name of the routing daemon to use. 2939.It Va route6d_program 2940.Pq Vt str 2941The IPv6 equivalent of 2942.Va routed_program . 2943.It Va routed_flags 2944.Pq Vt str 2945If 2946.Va routed_enable 2947is set to 2948.Dq Li YES , 2949these are the flags to pass to the routing daemon. 2950.It Va route6d_flags 2951.Pq Vt str 2952The IPv6 equivalent of 2953.Va routed_flags . 2954.It Va rtadvd_enable 2955.Pq Vt bool 2956If set to 2957.Dq Li YES , 2958run the 2959.Xr rtadvd 8 2960daemon at boot time. 2961The 2962.Xr rtadvd 8 2963utility sends ICMPv6 Router Advertisement messages to 2964the interfaces specified in 2965.Va rtadvd_interfaces . 2966This should only be enabled with great care. 2967You may want to fine-tune 2968.Xr rtadvd.conf 5 . 2969.It Va rtadvd_interfaces 2970.Pq Vt str 2971If 2972.Va rtadvd_enable 2973is set to 2974.Dq Li YES 2975this is the list of interfaces to use. 2976.It Va arpproxy_all 2977.Pq Vt bool 2978If set to 2979.Dq Li YES , 2980enable global proxy ARP. 2981.It Va forward_sourceroute 2982.Pq Vt bool 2983If set to 2984.Dq Li YES 2985and 2986.Va gateway_enable 2987is also set to 2988.Dq Li YES , 2989source-routed packets are forwarded. 2990.It Va accept_sourceroute 2991.Pq Vt bool 2992If set to 2993.Dq Li YES , 2994the system will accept source-routed packets directed at it. 2995.It Va rarpd_enable 2996.Pq Vt bool 2997If set to 2998.Dq Li YES , 2999run the 3000.Xr rarpd 8 3001daemon at system boot time. 3002.It Va rarpd_flags 3003.Pq Vt str 3004If 3005.Va rarpd_enable 3006is set to 3007.Dq Li YES , 3008these are the flags to pass to the 3009.Xr rarpd 8 3010daemon. 3011.It Va bootparamd_enable 3012.Pq Vt bool 3013If set to 3014.Dq Li YES , 3015run the 3016.Xr bootparamd 8 3017daemon at system boot time. 3018.It Va bootparamd_flags 3019.Pq Vt str 3020If 3021.Va bootparamd_enable 3022is set to 3023.Dq Li YES , 3024these are the flags to pass to the 3025.Xr bootparamd 8 3026daemon. 3027.It Va stf_interface_ipv4addr 3028.Pq Vt str 3029If not set to 3030.Dq Li NO , 3031this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3032interface). 3033Specify this entry to enable the 6to4 interface. 3034.It Va stf_interface_ipv4plen 3035.Pq Vt int 3036Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3037An effective value is 0-31. 3038.It Va stf_interface_ipv6_ifid 3039.Pq Vt str 3040IPv6 interface ID for 3041.Xr stf 4 . 3042This can be set to 3043.Dq Li AUTO . 3044.It Va stf_interface_ipv6_slaid 3045.Pq Vt str 3046IPv6 Site Level Aggregator for 3047.Xr stf 4 . 3048.It Va ipv6_ipv4mapping 3049.Pq Vt bool 3050If set to 3051.Dq Li YES 3052this enables IPv4 mapped IPv6 address communication (like 3053.Li ::ffff:a.b.c.d ) . 3054.It Va rtsold_enable 3055.Pq Vt bool 3056Set to 3057.Dq Li YES 3058to enable the 3059.Xr rtsold 8 3060daemon to send ICMPv6 Router Solicitation messages. 3061.It Va rtsold_flags 3062.Pq Vt str 3063If 3064.Va rtsold_enable 3065is set to 3066.Dq Li YES , 3067these are the flags to pass to 3068.Xr rtsold 8 . 3069.It Va rtsol_flags 3070.Pq Vt str 3071For interfaces configured with the 3072.Dq Li inet6 accept_rtadv 3073keyword, these are the flags to pass to 3074.Xr rtsol 8 . 3075.Pp 3076Note that 3077.Va rtsold_enable 3078is mutually exclusive to 3079.Va rtsol_flags ; 3080.Va rtsold_enable 3081takes precedence. 3082.It Va keybell 3083.Pq Vt str 3084The keyboard bell sound. 3085Set to 3086.Dq Li normal , 3087.Dq Li visual , 3088.Dq Li off , 3089or 3090.Dq Li NO 3091if the default behavior is desired. 3092For details, refer to the 3093.Xr kbdcontrol 1 3094manpage. 3095.It Va keyboard 3096.Pq Vt str 3097If set to a non-null string, the virtual console's keyboard input is 3098set to this device. 3099.It Va keymap 3100.Pq Vt str 3101If set to 3102.Dq Li NO , 3103no keymap is installed, otherwise the value is used to install 3104the keymap file found in 3105.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3106(if using 3107.Xr syscons 4 ) or 3108.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3109(if using 3110.Xr vt 4 ) . 3111.It Va keyrate 3112.Pq Vt str 3113The keyboard repeat speed. 3114Set to 3115.Dq Li slow , 3116.Dq Li normal , 3117.Dq Li fast , 3118or 3119.Dq Li NO 3120if the default behavior is desired. 3121.It Va keychange 3122.Pq Vt str 3123If not set to 3124.Dq Li NO , 3125attempt to program the function keys with the value. 3126The value should 3127be a single string of the form: 3128.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3129.It Va cursor 3130.Pq Vt str 3131Can be set to the value of 3132.Dq Li normal , 3133.Dq Li blink , 3134.Dq Li destructive , 3135or 3136.Dq Li NO 3137to set the cursor behavior explicitly or choose the default behavior. 3138.It Va scrnmap 3139.Pq Vt str 3140If set to 3141.Dq Li NO , 3142no screen map is installed, otherwise the value is used to install 3143the screen map file in 3144.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3145This parameter is ignored when using 3146.Xr vt 4 3147as the console driver. 3148.It Va font8x16 3149.Pq Vt str 3150If set to 3151.Dq Li NO , 3152the default 8x16 font value is used for screen size requests, otherwise 3153the value in 3154.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3155or 3156.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3157is used (depending on the console driver being used). 3158.It Va font8x14 3159.Pq Vt str 3160If set to 3161.Dq Li NO , 3162the default 8x14 font value is used for screen size requests, otherwise 3163the value in 3164.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3165or 3166.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3167is used (depending on the console driver being used). 3168.It Va font8x8 3169.Pq Vt str 3170If set to 3171.Dq Li NO , 3172the default 8x8 font value is used for screen size requests, otherwise 3173the value in 3174.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3175or 3176.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3177is used (depending on the console driver being used). 3178.It Va blanktime 3179.Pq Vt int 3180If set to 3181.Dq Li NO , 3182the default screen blanking interval is used, otherwise it is set 3183to 3184.Ar value 3185seconds. 3186.It Va saver 3187.Pq Vt str 3188If not set to 3189.Dq Li NO , 3190this is the actual screen saver to use 3191.Li ( blank , snake , daemon , 3192etc). 3193.It Va moused_nondefault_enable 3194.Pq Vt str 3195If set to 3196.Dq Li NO , 3197the mouse device specified on 3198the command line is not automatically treated as enabled by the 3199.Pa /etc/rc.d/moused 3200script. 3201Having this variable set to 3202.Dq Li YES 3203allows a 3204.Xr usb 4 3205mouse, 3206for example, 3207to be enabled as soon as it is plugged in. 3208.It Va moused_enable 3209.Pq Vt str 3210If set to 3211.Dq Li YES , 3212the 3213.Xr moused 8 3214daemon is started for doing cut/paste selection on the console. 3215.It Va moused_type 3216.Pq Vt str 3217This is the protocol type of the mouse connected to this host. 3218This variable must be set if 3219.Va moused_enable 3220is set to 3221.Dq Li YES . 3222The 3223.Xr moused 8 3224daemon 3225is able to detect the appropriate mouse type automatically in many cases. 3226Set this variable to 3227.Dq Li auto 3228to let the daemon detect it, or 3229select one from the following list if the automatic detection fails. 3230.Pp 3231If the mouse is attached to the PS/2 mouse port, choose 3232.Dq Li auto 3233or 3234.Dq Li ps/2 , 3235regardless of the brand and model of the mouse. 3236Likewise, if the 3237mouse is attached to the bus mouse port, choose 3238.Dq Li auto 3239or 3240.Dq Li busmouse . 3241All other protocols are for serial mice and will not work with 3242the PS/2 and bus mice. 3243If this is a USB mouse, 3244.Dq Li auto 3245is the only protocol type which will work. 3246.Pp 3247.Bl -tag -width ".Li x10mouseremote" -compact 3248.It Li microsoft 3249Microsoft mouse (serial) 3250.It Li intellimouse 3251Microsoft IntelliMouse (serial) 3252.It Li mousesystems 3253Mouse systems Corp.\& mouse (serial) 3254.It Li mmseries 3255MM Series mouse (serial) 3256.It Li logitech 3257Logitech mouse (serial) 3258.It Li busmouse 3259A bus mouse 3260.It Li mouseman 3261Logitech MouseMan and TrackMan (serial) 3262.It Li glidepoint 3263ALPS GlidePoint (serial) 3264.It Li thinkingmouse 3265Kensington ThinkingMouse (serial) 3266.It Li ps/2 3267PS/2 mouse 3268.It Li mmhittab 3269MM HitTablet (serial) 3270.It Li x10mouseremote 3271X10 MouseRemote (serial) 3272.It Li versapad 3273Interlink VersaPad (serial) 3274.El 3275.Pp 3276Even if the mouse is not in the above list, it may be compatible 3277with one in the list. 3278Refer to the manual page for 3279.Xr moused 8 3280for compatibility information. 3281.Pp 3282It should also be noted that while this is enabled, any 3283other client of the mouse (such as an X server) should access 3284the mouse through the virtual mouse device, 3285.Pa /dev/sysmouse , 3286and configure it as a 3287.Dq Li sysmouse 3288type mouse, since all 3289mouse data is converted to this single canonical format when 3290using 3291.Xr moused 8 . 3292If the client program does not support the 3293.Dq Li sysmouse 3294type, 3295specify the 3296.Dq Li mousesystems 3297type. 3298It is the second preferred type. 3299.It Va moused_port 3300.Pq Vt str 3301If 3302.Va moused_enable 3303is set to 3304.Dq Li YES , 3305this is the actual port the mouse is on. 3306It might be 3307.Pa /dev/cuau0 3308for a COM1 serial mouse, or 3309.Pa /dev/psm0 3310for a PS/2 mouse, for example. 3311.It Va moused_flags 3312.Pq Vt str 3313If 3314.Va moused_flags 3315is set, its value is used as an additional set of flags to pass to the 3316.Xr moused 8 3317daemon. 3318.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3319When 3320.Va moused_nondefault_enable 3321is enabled, and a 3322.Xr moused 8 3323daemon is started for a non-default port, the 3324.Va "moused_" Ns Ar XXX Ns Va "_flags" 3325set of options has precedence over and replaces the default 3326.Va moused_flags 3327(where 3328.Ar XXX 3329is the name of the non-default port, i.e.,\& 3330.Ar ums0 ) . 3331By setting 3332.Va "moused_" Ns Ar XXX Ns Va "_flags" 3333it is possible to set up a different set of default flags for each 3334.Xr moused 8 3335instance. 3336For example, you can use 3337.Dq Li "-3" 3338for the default 3339.Va moused_flags 3340to make your laptop's touchpad more comfortable to use, 3341but an empty set of options for 3342.Va moused_ums0_flags 3343when your 3344.Xr usb 4 3345mouse has three or more buttons. 3346.It Va mousechar_start 3347.Pq Vt int 3348If set to 3349.Dq Li NO , 3350the default mouse cursor character range 3351.Li 0xd0 Ns - Ns Li 0xd3 3352is used, 3353otherwise the range start is set 3354to 3355.Ar value 3356character, see 3357.Xr vidcontrol 1 . 3358Use if the default range is occupied in the language code table. 3359.It Va allscreens_flags 3360.Pq Vt str 3361If set, 3362.Xr vidcontrol 1 3363is run with these options for each of the virtual terminals 3364.Pq Pa /dev/ttyv* . 3365For example, 3366.Dq Fl m Cm on 3367will enable the mouse pointer on all virtual terminals 3368if 3369.Va moused_enable 3370is set to 3371.Dq Li YES . 3372.It Va allscreens_kbdflags 3373.Pq Vt str 3374If set, 3375.Xr kbdcontrol 1 3376is run with these options for each of the virtual terminals 3377.Pq Pa /dev/ttyv* . 3378For example, 3379.Dq Fl h Li 200 3380will set the 3381.Xr syscons 4 3382or 3383.Xr vt 4 3384scrollback (history) buffer to 200 lines. 3385.It Va cron_enable 3386.Pq Vt bool 3387If set to 3388.Dq Li YES , 3389run the 3390.Xr cron 8 3391daemon at system boot time. 3392.It Va cron_program 3393.Pq Vt str 3394Path to 3395.Xr cron 8 3396(default 3397.Pa /usr/sbin/cron ) . 3398.It Va cron_flags 3399.Pq Vt str 3400If 3401.Va cron_enable 3402is set to 3403.Dq Li YES , 3404these are the flags to pass to 3405.Xr cron 8 . 3406.It Va cron_dst 3407.Pq Vt bool 3408If set to 3409.Dq Li YES , 3410enable the special handling of transitions to and from the 3411Daylight Saving Time in 3412.Xr cron 8 3413(equivalent to using the flag 3414.Fl s ) . 3415.It Va lpd_program 3416.Pq Vt str 3417Path to 3418.Xr lpd 8 3419(default 3420.Pa /usr/sbin/lpd ) . 3421.It Va lpd_enable 3422.Pq Vt bool 3423If set to 3424.Dq Li YES , 3425run the 3426.Xr lpd 8 3427daemon at system boot time. 3428.It Va lpd_flags 3429.Pq Vt str 3430If 3431.Va lpd_enable 3432is set to 3433.Dq Li YES , 3434these are the flags to pass to the 3435.Xr lpd 8 3436daemon. 3437.It Va chkprintcap_enable 3438.Pq Vt bool 3439If set to 3440.Dq Li YES , 3441run the 3442.Xr chkprintcap 8 3443command before starting the 3444.Xr lpd 8 3445daemon. 3446.It Va chkprintcap_flags 3447.Pq Vt str 3448If 3449.Va lpd_enable 3450and 3451.Va chkprintcap_enable 3452are set to 3453.Dq Li YES , 3454these are the flags to pass to the 3455.Xr chkprintcap 8 3456program. 3457The default is 3458.Dq Li -d , 3459which causes missing directories to be created. 3460.It Va mta_start_script 3461.Pq Vt str 3462This variable specifies the full path to the script to run to start 3463a mail transfer agent. 3464The default is 3465.Pa /etc/rc.sendmail . 3466The 3467.Va sendmail_* 3468variables which 3469.Pa /etc/rc.sendmail 3470uses are documented in the 3471.Xr rc.sendmail 8 3472manual page. 3473.It Va dumpdev 3474.Pq Vt str 3475Indicates the device (usually a swap partition) to which a crash dump 3476should be written in the event of a system crash. 3477If the value of this variable is 3478.Dq Li AUTO , 3479the first suitable swap device listed in 3480.Pa /etc/fstab 3481will be used as dump device. 3482Otherwise, the value of this variable is passed as the argument to 3483.Xr dumpon 8 . 3484To disable crash dumps, set this variable to 3485.Dq Li NO . 3486.It Va dumpon_flags 3487.Pq Vt str 3488Flags to pass to 3489.Xr dumpon 8 3490when configuring 3491.Va dumpdev 3492as the system dump device. 3493.It Va dumpdir 3494.Pq Vt str 3495When the system reboots after a crash and a crash dump is found on the 3496device specified by the 3497.Va dumpdev 3498variable, 3499.Xr savecore 8 3500will save that crash dump and a copy of the kernel to the directory 3501specified by the 3502.Va dumpdir 3503variable. 3504The default value is 3505.Pa /var/crash . 3506Set to 3507.Dq Li NO 3508to not run 3509.Xr savecore 8 3510at boot time when 3511.Va dumpdir 3512is set. 3513.It Va savecore_enable 3514.Pq Vt bool 3515If set to 3516.Dq Li NO , 3517disable automatic extraction of the crash dump from the 3518.Va dumpdev . 3519.It Va savecore_flags 3520.Pq Vt str 3521If crash dumps are enabled, these are the flags to pass to the 3522.Xr savecore 8 3523utility. 3524.It Va quota_enable 3525.Pq Vt bool 3526Set to 3527.Dq Li YES 3528to turn on user and group disk quotas on system startup via the 3529.Xr quotaon 8 3530command for all file systems marked as having quotas enabled in 3531.Pa /etc/fstab . 3532The kernel must be built with 3533.Cd "options QUOTA" 3534for disk quotas to function. 3535.It Va check_quotas 3536.Pq Vt bool 3537Set to 3538.Dq Li YES 3539to enable user and group disk quota checking via the 3540.Xr quotacheck 8 3541command. 3542.It Va quotacheck_flags 3543.Pq Vt str 3544If 3545.Va quota_enable 3546is set to 3547.Dq Li YES , 3548and 3549.Va check_quotas 3550is set to 3551.Dq Li YES , 3552these are the flags to pass to the 3553.Xr quotacheck 8 3554utility. 3555The default is 3556.Dq Li "-a" , 3557which checks quotas for all file systems with quotas enabled in 3558.Pa /etc/fstab . 3559.It Va quotaon_flags 3560.Pq Vt str 3561If 3562.Va quota_enable 3563is set to 3564.Dq Li YES , 3565these are the flags to pass to the 3566.Xr quotaon 8 3567utility. 3568The default is 3569.Dq Li "-a" , 3570which enables quotas for all file systems with quotas enabled in 3571.Pa /etc/fstab . 3572.It Va quotaoff_flags 3573.Pq Vt str 3574If 3575.Va quota_enable 3576is set to 3577.Dq Li YES , 3578these are the flags to pass to the 3579.Xr quotaoff 8 3580utility when shutting down the quota system. 3581The default is 3582.Dq Li "-a" , 3583which disables quotas for all file systems with quotas enabled in 3584.Pa /etc/fstab . 3585.It Va accounting_enable 3586.Pq Vt bool 3587Set to 3588.Dq Li YES 3589to enable system accounting through the 3590.Xr accton 8 3591facility. 3592.It Va firstboot_sentinel 3593.Pq Vt str 3594This variable specifies the full path to a 3595.Dq first boot 3596sentinel file. 3597If a file exists with this path, 3598.Pa rc.d 3599scripts with the 3600.Dq firstboot 3601keyword will be run on startup and the sentinel file will be deleted 3602after the boot process completes. 3603The sentinel file must be located on a writable file system which is 3604mounted no later than 3605.Va early_late_divider 3606to function properly. 3607The default is 3608.Pa /firstboot . 3609.It Va linux_enable 3610.Pq Vt bool 3611Set to 3612.Dq Li YES 3613to enable Linux/ELF binary emulation at system initial 3614boot time. 3615.It Va sysvipc_enable 3616.Pq Vt bool 3617If set to 3618.Dq Li YES , 3619load System V IPC primitives at boot time. 3620.It Va clear_tmp_enable 3621.Pq Vt bool 3622Set to 3623.Dq Li YES 3624to have 3625.Pa /tmp 3626cleaned at startup. 3627.It Va clear_tmp_X 3628.Pq Vt bool 3629Set to 3630.Dq Li NO 3631to disable removing of X11 lock files, 3632and the removal and (secure) recreation 3633of the various socket directories for X11 3634related programs. 3635.It Va ldconfig_paths 3636.Pq Vt str 3637Set to the list of shared library paths to use with 3638.Xr ldconfig 8 . 3639NOTE: 3640.Pa /lib 3641and 3642.Pa /usr/lib 3643will always be added first, so they need not appear in this list. 3644.It Va ldconfig32_paths 3645.Pq Vt str 3646Set to the list of 32-bit compatibility shared library paths to 3647use with 3648.Xr ldconfig 8 . 3649.It Va ldconfig_paths_aout 3650.Pq Vt str 3651Set to the list of shared library paths to use with 3652.Xr ldconfig 8 3653legacy 3654.Xr a.out 5 3655support. 3656.It Va ldconfig_insecure 3657.Pq Vt bool 3658The 3659.Xr ldconfig 8 3660utility normally refuses to use directories 3661which are writable by anyone except root. 3662Set this variable to 3663.Dq Li YES 3664to disable that security check during system startup. 3665.It Va ldconfig_local_dirs 3666.Pq Vt str 3667Set to the list of local 3668.Xr ldconfig 8 3669directories. 3670The names of all files in the directories listed will be 3671passed as arguments to 3672.Xr ldconfig 8 . 3673.It Va ldconfig_local32_dirs 3674.Pq Vt str 3675Set to the list of local 32-bit compatibility 3676.Xr ldconfig 8 3677directories. 3678The names of all files in the directories listed will be 3679passed as arguments to 3680.Dq Nm ldconfig Fl 32 . 3681.It Va kern_securelevel_enable 3682.Pq Vt bool 3683Set to 3684.Dq Li YES 3685to set the kernel security level at system startup. 3686.It Va kern_securelevel 3687.Pq Vt int 3688The kernel security level to set at startup. 3689The allowed range of 3690.Ar value 3691ranges from \-1 (the compile time default) to 3 (the 3692most secure). 3693See 3694.Xr security 7 3695for the list of possible security levels and their effect 3696on system operation. 3697.It Va sshd_program 3698.Pq Vt str 3699Path to the SSH server program 3700.Pa ( /usr/sbin/sshd 3701is the default). 3702.It Va sshd_enable 3703.Pq Vt bool 3704Set to 3705.Dq Li YES 3706to start 3707.Xr sshd 8 3708at system boot time. 3709.It Va sshd_flags 3710.Pq Vt str 3711If 3712.Va sshd_enable 3713is set to 3714.Dq Li YES , 3715these are the flags to pass to the 3716.Xr sshd 8 3717daemon. 3718.It Va ftpd_program 3719.Pq Vt str 3720Path to the FTP server program 3721.Pa ( /usr/libexec/ftpd 3722is the default). 3723.It Va ftpd_enable 3724.Pq Vt bool 3725Set to 3726.Dq Li YES 3727to start 3728.Xr ftpd 8 3729as a stand-alone daemon at system boot time. 3730.It Va ftpd_flags 3731.Pq Vt str 3732If 3733.Va ftpd_enable 3734is set to 3735.Dq Li YES , 3736these are the additional flags to pass to the 3737.Xr ftpd 8 3738daemon. 3739.It Va watchdogd_enable 3740.Pq Vt bool 3741If set to 3742.Dq Li YES , 3743start the 3744.Xr watchdogd 8 3745daemon at boot time. 3746This requires that the kernel have been compiled with a 3747.Xr watchdog 4 3748compatible device. 3749.It Va watchdogd_flags 3750.Pq Vt str 3751If 3752.Va watchdogd_enable 3753is set to 3754.Dq Li YES , 3755these are the flags passed to the 3756.Xr watchdogd 8 3757daemon. 3758.It Va watchdogd_timeout 3759.Pq Vt int 3760If 3761.Va watchdogd_enable 3762is set to 3763.Dq Li YES , 3764this is a timeout that will be used by the 3765.Xr watchdogd 8 3766daemon. 3767If this option is set, it overrides 3768.Fl t 3769in 3770.Va watchdogd_flags . 3771.It Va watchdogd_shutdown_timeout 3772.Pq Vt int 3773If 3774.Va watchdogd_enable 3775is set to 3776.Dq Li YES , 3777this is a timeout that will be set by the 3778.Xr watchdogd 8 3779daemon when it exits during the system shutdown. 3780This timeout will not be set when returning to the single-user mode 3781or when the watchdogd service is stopped individually using the 3782.Xr service 8 3783command or the rc.d script. 3784Note that the timeout will be applied if 3785.Xr watchdogd 8 3786is stopped outside of 3787.Xr rc 8 3788framework. 3789If this option is set, it overrides 3790.Fl x 3791in 3792.Va watchdogd_flags . 3793.It Va devfs_rulesets 3794.Pq Vt str 3795List of files containing sets of rules for 3796.Xr devfs 8 . 3797.It Va devfs_system_ruleset 3798.Pq Vt str 3799Rule name(s) to apply to the system 3800.Pa /dev 3801itself. 3802.It Va devfs_set_rulesets 3803.Pq Vt str 3804Pairs of already-mounted 3805.Pa dev 3806directories and rulesets that should be applied to them. 3807For example: /mount/dev=ruleset_name 3808.It Va devfs_load_rulesets 3809.Pq Vt bool 3810If set, always load the default rulesets listed in 3811.Va devfs_rulesets . 3812.It Va performance_cx_lowest 3813.Pq Vt str 3814CPU idle state to use while on AC power. 3815The string 3816.Dq Li LOW 3817indicates that 3818.Xr acpi 4 3819should use the lowest power state available while 3820.Dq Li HIGH 3821indicates that the lowest latency state (less power savings) should be used. 3822.It Va performance_cpu_freq 3823.Pq Vt str 3824CPU clock frequency to use while on AC power. 3825The string 3826.Dq Li LOW 3827indicates that 3828.Xr cpufreq 4 3829should use the lowest frequency available while 3830.Dq Li HIGH 3831indicates that the highest frequency (less power savings) should be used. 3832.It Va economy_cx_lowest 3833.Pq Vt str 3834CPU idle state to use when off AC power. 3835The string 3836.Dq Li LOW 3837indicates that 3838.Xr acpi 4 3839should use the lowest power state available while 3840.Dq Li HIGH 3841indicates that the lowest latency state (less power savings) should be used. 3842.It Va economy_cpu_freq 3843.Pq Vt str 3844CPU clock frequency to use when off AC power. 3845The string 3846.Dq Li LOW 3847indicates that 3848.Xr cpufreq 4 3849should use the lowest frequency available while 3850.Dq Li HIGH 3851indicates that the highest frequency (less power savings) should be used. 3852.It Va jail_enable 3853.Pq Vt bool 3854If set to 3855.Dq Li NO , 3856any configured jails will not be started. 3857.It Va jail_conf 3858.Pq Vt str 3859The configuration filename used by 3860.Xr jail 8 3861utility. 3862The default value is 3863.Pa /etc/jail.conf . 3864.It Va jail_parallel_start 3865.Pq Vt bool 3866If set to 3867.Dq Li YES , 3868all configured jails will be started in the background (in parallel). 3869.It Va jail_flags 3870.Pq Vt str 3871Unset by default. 3872When set, use as default value for 3873.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3874for every jail in 3875.Va jail_list . 3876.It Va jail_list 3877.Pq Vt str 3878A space-delimited list of jail names. 3879When left empty, all of the 3880.Xr jail 8 3881instances defined in the configuration file are started. 3882The names specified in this list control the jail startup order. 3883.Xr jail 8 3884instances missing from 3885.Va jail_list 3886must be started manually. 3887Note that a jail's 3888.Va depend 3889parameter in the configuration file may override this list. 3890.It Va jail_reverse_stop 3891.Pq Vt bool 3892When set to 3893.Dq Li YES , 3894all configured jails in 3895.Va jail_list 3896are stopped in reverse order. 3897.It Va jail_ Ns * variables 3898Note that older releases supported per-jail configuration via 3899.Nm 3900variables. 3901For example, 3902hostname of a jail named 3903.Li vjail 3904was able to be set by 3905.Li jail_vjail_hostname . 3906These per-jail configuration variables are now obsolete in favor of 3907.Xr jail 8 3908configuration file. 3909For backward compatibility, 3910when per-jail configuration variables are defined, 3911.Xr jail 8 3912configuration files are created as 3913.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3914and used. 3915.Pp 3916The following per-jail parameters are handled by 3917.Pa rc.d/jail 3918script out of their corresponding 3919.Nm 3920variables. 3921In addition to them, parameters in 3922.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3923will be added to the configuration file. 3924They must be a semi-colon 3925.Pq Ql \&; 3926delimited list of 3927.Dq key=value . 3928For more details, 3929see 3930.Xr jail 8 3931manual page. 3932.Bl -tag -width "host.hostname" -offset indent 3933.It Li path 3934set from 3935.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3936.It Li host.hostname 3937set from 3938.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3939.It Li exec.consolelog 3940set from 3941.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3942The default value is 3943.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3944.It Li interface 3945set from 3946.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3947.It Li vnet.interface 3948set from 3949.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3950This implies 3951.Li vnet 3952parameter will be enabled and cannot be specified with 3953.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3954.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3955and/or 3956.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3957at the same time. 3958.It Li fstab 3959set from 3960.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3961.It Li mount 3962set from 3963.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3964.It Li exec.fib 3965set from 3966.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3967.It Li exec.start 3968set from 3969.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3970The parameter name was 3971.Li command 3972in some older releases. 3973.It Li exec.prestart 3974set from 3975.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3976.It Li exec.poststart 3977set from 3978.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3979.It Li exec.stop 3980set from 3981.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3982.It Li exec.prestop 3983set from 3984.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3985.It Li exec.poststop 3986set from 3987.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3988.It Li ip4.addr 3989set if 3990.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3991or 3992.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3993contain IPv4 addresses 3994.It Li ip6.addr 3995set if 3996.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3997or 3998.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3999contain IPv6 addresses 4000.It Li allow.mount 4001set from 4002.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4003.It Li mount.devfs 4004set from 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4006.It Li devfs_ruleset 4007set from 4008.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4009This must be an integer, 4010not a string. 4011.It Li mount.fdescfs 4012set from 4013.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4014.It Li allow.set_hostname 4015set from 4016.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4017.It Li allow.rawsocket 4018set from 4019.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4020.It Li allow.sysvipc 4021set from 4022.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4023.El 4024.\" ----------------------------------------------------- 4025.It Va harvest_mask 4026.Pq Vt int 4027Set to a bit-mask 4028representing the entropy sources 4029you wish to harvest. 4030Refer to 4031.Xr random 4 4032for more information. 4033.It Va entropy_dir 4034.Pq Vt str 4035Set to 4036.Dq Li NO 4037to disable caching entropy via 4038.Xr cron 8 . 4039Otherwise set to the directory 4040in which the entropy files are stored. 4041To be useful, 4042there must be 4043a system cron job 4044that regularly writes and rotates 4045files here. 4046All files found 4047will be used at boot time. 4048The default is 4049.Pa /var/db/entropy . 4050.It Va entropy_file 4051.Pq Vt str 4052Set to 4053.Dq Li NO 4054to disable caching entropy through reboots. 4055Otherwise set to the name 4056of a file used to store cached entropy. 4057This file should be located 4058on a file system that is readable 4059before all the volumes specified in 4060.Xr fstab 5 4061are mounted. 4062By default, 4063.Pa /entropy 4064is used, 4065but if 4066.Pa /var/db/entropy-file 4067is found it will also be used. 4068This will be of some use to 4069.Xr bsdinstall 8 . 4070.It Va entropy_boot_file 4071.Pq Vt str 4072Set to 4073.Dq Li NO 4074to disable 4075very early caching entropy 4076through reboots. 4077Otherwise set to the filename 4078used to read 4079very early reboot cached entropy. 4080This file should be located where 4081.Xr loader 8 4082can read it. 4083See also 4084.Xr loader.conf 5 . 4085The default location is 4086.Pa /boot/entropy . 4087.It Va entropy_save_sz 4088.Pq Vt int 4089Size of the entropy cache files saved by 4090.Nm save-entropy 4091periodically. 4092.It Va entropy_save_num 4093.Pq Vt int 4094Number of entropy cache files to save by 4095.Nm save-entropy 4096periodically. 4097.It Va ipsec_enable 4098.Pq Vt bool 4099Set to 4100.Dq Li YES 4101to run 4102.Xr setkey 8 4103on 4104.Va ipsec_file 4105at boot time. 4106.It Va ipsec_file 4107.Pq Vt str 4108Configuration file for 4109.Xr setkey 8 . 4110.It Va dmesg_enable 4111.Pq Vt bool 4112Set to 4113.Dq Li YES 4114to save 4115.Xr dmesg 8 4116to 4117.Pa /var/run/dmesg.boot 4118on boot. 4119.It Va rcshutdown_timeout 4120.Pq Vt int 4121If set, start a watchdog timer in the background which will terminate 4122.Pa rc.shutdown 4123if 4124.Xr shutdown 8 4125has not completed within the specified time (in seconds). 4126Notice that in addition to this soft timeout, 4127.Xr init 8 4128also applies a hard timeout for the execution of 4129.Pa rc.shutdown . 4130This is configured via 4131.Xr sysctl 8 4132variable 4133.Va kern.init_shutdown_timeout 4134and defaults to 120 seconds. 4135Setting the value of 4136.Va rcshutdown_timeout 4137to more than 120 seconds will have no effect until the 4138.Xr sysctl 8 4139variable 4140.Va kern.init_shutdown_timeout 4141is also increased. 4142.It Va virecover_enable 4143.Pq Vt bool 4144Set to 4145.Dq Li NO 4146to prevent the system from trying to 4147recover pre-maturely terminated 4148.Xr vi 1 4149sessions. 4150.It Va ugidfw_enable 4151.Pq Vt bool 4152Set to 4153.Dq Li YES 4154to load the 4155.Xr mac_bsdextended 4 4156module upon system initialization and load a default 4157ruleset file. 4158.It Va bsdextended_script 4159.Pq Vt str 4160The default 4161.Xr mac_bsdextended 4 4162ruleset file to load. 4163The default value of this variable is 4164.Pa /etc/rc.bsdextended . 4165.It Va newsyslog_enable 4166.Pq Vt bool 4167If set to 4168.Dq Li YES , 4169run 4170.Xr newsyslog 8 4171command at startup. 4172.It Va newsyslog_flags 4173.Pq Vt str 4174If 4175.Va newsyslog_enable 4176is set to 4177.Dq Li YES , 4178these are the flags to pass to the 4179.Xr newsyslog 8 4180program. 4181The default is 4182.Dq Li -CN , 4183which causes log files flagged with a 4184.Cm C 4185to be created. 4186.It Va mdconfig_md Ns Aq Ar X 4187.Pq Vt str 4188Arguments to 4189.Xr mdconfig 8 4190for 4191.Xr md 4 4192device 4193.Ar X . 4194At minimum a 4195.Fl t Ar type 4196must be specified and either a 4197.Fl s Ar size 4198for malloc or swap backed 4199.Xr md 4 4200devices or a 4201.Fl f Ar file 4202for vnode backed 4203.Xr md 4 4204devices. 4205Note that 4206.Va mdconfig_md Ns Aq Ar X 4207variables are evaluated until one variable is unset or null. 4208.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4209.Pq Vt str 4210Optional arguments passed to 4211.Xr newfs 8 4212to initialize 4213.Xr md 4 4214device 4215.Ar X . 4216.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4217.Pq Vt str 4218An ownership specification passed to 4219.Xr chown 8 4220after the specified 4221.Xr md 4 4222device 4223.Ar X 4224has been mounted. 4225Both the 4226.Xr md 4 4227device and the mount point will be changed. 4228.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4229.Pq Vt str 4230A mode string passed to 4231.Xr chmod 1 4232after the specified 4233.Xr md 4 4234device 4235.Ar X 4236has been mounted. 4237Both the 4238.Xr md 4 4239device and the mount point will be changed. 4240.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4241.Pq Vt str 4242Files to be copied to the mount point of the 4243.Xr md 4 4244device 4245.Ar X 4246after it has been mounted. 4247.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4248.Pq Vt str 4249Command to execute after the specified 4250.Xr md 4 4251device 4252.Ar X 4253has been mounted. 4254Note that the command is passed to 4255.Ic eval 4256and that both 4257.Va _dev 4258and 4259.Va _mp 4260variables can be used to reference respectively the 4261.Xr md 4 4262device and the mount point. 4263Assuming that the 4264.Xr md 4 4265device is 4266.Li md0 , 4267one could set the following: 4268.Bd -literal 4269mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4270.Ed 4271.It Va autobridge_interfaces 4272.Pq Vt str 4273Set to the list of bridge interfaces that will have newly arriving interfaces 4274checked against to be automatically added. 4275If not set to 4276.Dq Li NO 4277then for each whitespace separated 4278.Ar element 4279in the value, a 4280.Va autobridge_ Ns Aq Ar element 4281variable is assumed to exist which has a whitespace separated list of interface 4282names to match, these names can use wildcards. 4283For example: 4284.Bd -literal 4285autobridge_interfaces="bridge0" 4286autobridge_bridge0="tap* dc0 vlan[345]" 4287.Ed 4288.It Va mixer_enable 4289.Pq Vt bool 4290If set to 4291.Dq Li YES , 4292enable support for sound mixer. 4293.It Va hcsecd_enable 4294.Pq Vt bool 4295If set to 4296.Dq Li YES , 4297enable Bluetooth security daemon. 4298.It Va hcsecd_config 4299.Pq Vt str 4300Configuration file for 4301.Xr hcsecd 8 . 4302Default 4303.Pa /etc/bluetooth/hcsecd.conf . 4304.It Va sdpd_enable 4305.Pq Vt bool 4306If set to 4307.Dq Li YES , 4308enable Bluetooth Service Discovery Protocol daemon. 4309.It Va sdpd_control 4310.Pq Vt str 4311Path to 4312.Xr sdpd 8 4313control socket. 4314Default 4315.Pa /var/run/sdp . 4316.It Va sdpd_groupname 4317.Pq Vt str 4318Sets 4319.Xr sdpd 8 4320group to run as after it initializes. 4321Default 4322.Dq Li nobody . 4323.It Va sdpd_username 4324.Pq Vt str 4325Sets 4326.Xr sdpd 8 4327user to run as after it initializes. 4328Default 4329.Dq Li nobody . 4330.It Va bthidd_enable 4331.Pq Vt bool 4332If set to 4333.Dq Li YES , 4334enable Bluetooth Human Interface Device daemon. 4335.It Va bthidd_config 4336.Pq Vt str 4337Configuration file for 4338.Xr bthidd 8 . 4339Default 4340.Pa /etc/bluetooth/bthidd.conf . 4341.It Va bthidd_hids 4342.Pq Vt str 4343Path to a file, where 4344.Xr bthidd 8 4345will store information about known HID devices. 4346Default 4347.Pa /var/db/bthidd.hids . 4348.It Va rfcomm_pppd_server_enable 4349.Pq Vt bool 4350If set to 4351.Dq Li YES , 4352enable Bluetooth RFCOMM PPP wrapper daemon. 4353.It Va rfcomm_pppd_server_profile 4354.Pq Vt str 4355The name of the profile to use from 4356.Pa /etc/ppp/ppp.conf . 4357Multiple profiles can be specified here. 4358Also used to specify per-profile overrides. 4359When the profile name contains any of the characters 4360.Dq Li .-/+ 4361they are translated to 4362.Dq Li _ 4363for the proposes of the override variable names. 4364.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4365.Pq Vt str 4366Overrides local address to listen on. 4367By default 4368.Xr rfcomm_pppd 8 4369will listen on 4370.Dq Li ANY 4371address. 4372The address can be specified as BD_ADDR or name. 4373.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4374.Pq Vt str 4375Overrides local RFCOMM channel to listen on. 4376By default 4377.Xr rfcomm_pppd 8 4378will listen on RFCOMM channel 1. 4379Must set properly if multiple profiles used in the same time. 4380.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4381.Pq Vt bool 4382Tells 4383.Xr rfcomm_pppd 8 4384if it should register Serial Port service on the specified RFCOMM channel. 4385Default 4386.Dq Li NO . 4387.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4388.Pq Vt bool 4389Tells 4390.Xr rfcomm_pppd 8 4391if it should register Dial-Up Networking service on the specified 4392RFCOMM channel. 4393Default 4394.Dq Li NO . 4395.It Va ubthidhci_enable 4396.Pq Vt bool 4397If set to 4398.Dq Li YES , 4399change the USB Bluetooth controller from HID mode to HCI mode. 4400You also need to specify the location of USB Bluetooth controller with the 4401.Va ubthidhci_busnum 4402and 4403.Va ubthidhci_addr 4404variables. 4405.It Va ubthidhci_busnum 4406Bus number where the USB Bluetooth controller is located. 4407Check the output of 4408.Xr usbconfig 8 4409on your system to find this information. 4410.It Va ubthidhci_addr 4411Bus address of the USB Bluetooth controller. 4412Check the output of 4413.Xr usbconfig 8 4414on your system to find this information. 4415.It Va netwait_enable 4416.Pq Vt bool 4417If set to 4418.Dq Li YES , 4419delays the start of network-reliant services until 4420.Va netwait_if 4421is up and ICMP packets to a destination defined in 4422.Va netwait_ip 4423are flowing. 4424Link state is examined first, followed by 4425.Dq Li pinging 4426an IP address to verify network usability. 4427If no destination can be reached or timeouts are exceeded, 4428network services are started anyway with no guarantee that 4429the network is usable. 4430Use of this variable requires both 4431.Va netwait_ip 4432and 4433.Va netwait_if 4434to be set. 4435.It Va netwait_ip 4436.Pq Vt str 4437Empty by default. 4438This variable contains a space-delimited list of IP addresses to 4439.Xr ping 8 . 4440DNS hostnames should not be used as resolution is not guaranteed 4441to be functional at this point. 4442If multiple IP addresses are specified, 4443each will be tried until one is successful or the list is exhausted. 4444.It Va netwait_timeout 4445.Pq Vt int 4446Indicates the total number of seconds to perform a 4447.Dq Li ping 4448against each IP address in 4449.Va netwait_ip , 4450at a rate of one ping per second. 4451If any of the pings are successful, 4452full network connectivity is considered reliable. 4453The default is 60. 4454.It Va netwait_if 4455.Pq Vt str 4456Empty by default. 4457Defines the name of the network interface on which watch for link. 4458.Xr ifconfig 8 4459is used to monitor the interface, looking for 4460.Dq Li status: no carrier . 4461Once gone, the link is considered up. 4462This can be a 4463.Xr vlan 4 4464interface if desired. 4465.It Va netwait_if_timeout 4466.Pq Vt int 4467Defines the total number of seconds to wait for link to become usable, 4468polled at a 1-second interval. 4469The default is 30. 4470.It Va rctl_enable 4471.Pq Vt bool 4472If set to 4473.Dq Li YES , 4474load 4475.Xr rctl 8 4476rules from the defined ruleset. 4477The kernel must be built with 4478.Cd "options RACCT" 4479and 4480.Cd "options RCTL" . 4481.It Va rctl_rules 4482.Pq Vt str 4483Set to 4484.Pa /etc/rctl.conf 4485by default. 4486This variables contains the 4487.Xr rctl.conf 5 4488ruleset to load for 4489.Xr rctl 8 . 4490.It Va iovctl_files 4491.Pq Vt str 4492A space-separated list of configuration files used by 4493.Xr iovctl 8 . 4494The default value is an empty string. 4495.It Va autofs_enable 4496.Pq Vt bool 4497If set to 4498.Dq Li YES , 4499start the 4500.Xr automount 8 4501utility and the 4502.Xr automountd 8 4503and 4504.Xr autounmountd 8 4505daemons at boot time. 4506.It Va automount_flags 4507.Pq Vt str 4508If 4509.Va autofs_enable 4510is set to 4511.Dq Li YES , 4512these are the flags to pass to the 4513.Xr automount 8 4514program. 4515By default no flags are passed. 4516.It Va automountd_flags 4517.Pq Vt str 4518If 4519.Va autofs_enable 4520is set to 4521.Dq Li YES , 4522these are the flags to pass to the 4523.Xr automountd 8 4524daemon. 4525By default no flags are passed. 4526.It Va autounmountd_flags 4527.Pq Vt str 4528If 4529.Va autofs_enable 4530is set to 4531.Dq Li YES , 4532these are the flags to pass to the 4533.Xr autounmountd 8 4534daemon. 4535By default no flags are passed. 4536.It Va ctld_enable 4537.Pq Vt bool 4538If set to 4539.Dq Li YES , 4540start the 4541.Xr ctld 8 4542daemon at boot time. 4543.It Va iscsid_enable 4544.Pq Vt bool 4545If set to 4546.Dq Li YES , 4547start the 4548.Xr iscsid 8 4549daemon at boot time. 4550.It Va iscsictl_enable 4551.Pq Vt bool 4552If set to 4553.Dq Li YES , 4554start the 4555.Xr iscsictl 8 4556utility at boot time. 4557.It Va iscsictl_flags 4558.Pq Vt str 4559If 4560.Va iscsictl_enable 4561is set to 4562.Dq Li YES , 4563these are the flags to pass to the 4564.Xr iscsictl 8 4565program. 4566The default is 4567.Dq Li -Aa , 4568which configures sessions based on the 4569.Pa /etc/iscsi.conf 4570configuration file. 4571.It Va cfumass_enable 4572.Pq Vt bool 4573If set to 4574.Dq Li YES , 4575create and export an USB LUN using 4576.Xr cfumass 4 4577at boot time. 4578.It Va cfumass_dir 4579.Pq Vt str 4580The directory where the files exported by USB LUN are located. 4581The default directory is 4582.Pa /var/cfumass . 4583.It Va service_delete_empty 4584.Pq Vt bool 4585If set to 4586.Dq Li YES , 4587.Ql Li service delete 4588removes empty 4589.Dq Li rc.conf.d 4590files. 4591.El 4592.Sh FILES 4593.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4594.It Pa /etc/defaults/rc.conf 4595.It Pa /etc/defaults/vendor.conf 4596.It Pa /etc/rc.conf 4597.It Pa /etc/rc.conf.local 4598.El 4599.Sh SEE ALSO 4600.Xr chmod 1 , 4601.Xr gdb 1 , 4602.Xr info 1 , 4603.Xr kbdcontrol 1 , 4604.Xr makewhatis 1 , 4605.Xr sh 1 , 4606.Xr vi 1 , 4607.Xr vidcontrol 1 , 4608.Xr bridge 4 , 4609.Xr dummynet 4 , 4610.Xr ip 4 , 4611.Xr ipf 4 , 4612.Xr ipfw 4 , 4613.Xr ipnat 4 , 4614.Xr kld 4 , 4615.Xr pf 4 , 4616.Xr pflog 4 , 4617.Xr pfsync 4 , 4618.Xr tcp 4 , 4619.Xr udp 4 , 4620.Xr exports 5 , 4621.Xr fstab 5 , 4622.Xr ipf 5 , 4623.Xr ipnat 5 , 4624.Xr jail.conf 5 , 4625.Xr loader.conf 5 , 4626.Xr motd 5 , 4627.Xr newsyslog.conf 5 , 4628.Xr pf.conf 5 , 4629.Xr security 7 , 4630.Xr accton 8 , 4631.Xr amd 8 , 4632.Xr apm 8 , 4633.Xr bsdinstall 8 , 4634.Xr bthidd 8 , 4635.Xr chkprintcap 8 , 4636.Xr chown 8 , 4637.Xr cron 8 , 4638.Xr devfs 8 , 4639.Xr dhclient 8 , 4640.Xr ftpd 8 , 4641.Xr geli 8 , 4642.Xr hcsecd 8 , 4643.Xr ifconfig 8 , 4644.Xr inetd 8 , 4645.Xr iovctl 8 , 4646.Xr ipf 8 , 4647.Xr ipfw 8 , 4648.Xr ipnat 8 , 4649.Xr jail 8 , 4650.Xr kldxref 8 , 4651.Xr loader 8 , 4652.Xr lpd 8 , 4653.Xr mdconfig 8 , 4654.Xr mdmfs 8 , 4655.Xr mixer 8 , 4656.Xr mountd 8 , 4657.Xr moused 8 , 4658.Xr newfs 8 , 4659.Xr newsyslog 8 , 4660.Xr nfsd 8 , 4661.Xr ntpd 8 , 4662.Xr ntpdate 8 , 4663.Xr pfctl 8 , 4664.Xr pflogd 8 , 4665.Xr ping 8 , 4666.Xr powerd 8 , 4667.Xr quotacheck 8 , 4668.Xr quotaon 8 , 4669.Xr rc 8 , 4670.Xr rc.sendmail 8 , 4671.Xr rfcomm_pppd 8 , 4672.Xr route 8 , 4673.Xr routed 8 , 4674.Xr rpc.lockd 8 , 4675.Xr rpc.statd 8 , 4676.Xr rpcbind 8 , 4677.Xr rwhod 8 , 4678.Xr savecore 8 , 4679.Xr sdpd 8 , 4680.Xr service 8 , 4681.Xr sshd 8 , 4682.Xr swapon 8 , 4683.Xr sysctl 8 , 4684.Xr syslogd 8 , 4685.Xr sysrc 8 , 4686.Xr timed 8 , 4687.Xr unbound 8 , 4688.Xr usbconfig 8 , 4689.Xr wlandebug 8 , 4690.Xr yp 8 , 4691.Xr ypbind 8 , 4692.Xr ypserv 8 , 4693.Xr ypset 8 4694.Sh HISTORY 4695The 4696.Nm 4697file appeared in 4698.Fx 2.2.2 . 4699.Sh AUTHORS 4700.An Jordan K. Hubbard . 4701