1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd December 13, 2011 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory, which will be included by the 74.Va load_rc_config 75function. 76For jail configurations you could use the file 77.Pa /etc/rc.conf.d/jail 78to store jail specific configuration options. 79Also see the 80.Va rc_conf_files 81variable below. 82.Pp 83Options are set with 84.Dq Ar name Ns Li = Ns Ar value 85assignments that use 86.Xr sh 1 87syntax. 88The following list provides a name and short description for each 89variable that can be set in the 90.Nm 91file: 92.Bl -tag -width indent-two 93.It Va rc_debug 94.Pq Vt bool 95If set to 96.Dq Li YES , 97enable output of debug messages from rc scripts. 98This variable can be helpful in diagnosing mistakes when 99editing or integrating new scripts. 100Beware that this produces copious output to the terminal and 101.Xr syslog 3 . 102.It Va rc_info 103.Pq Vt bool 104If set to 105.Dq Li NO , 106disable informational messages from the rc scripts. 107Informational messages are displayed when 108a condition that is not serious enough to warrant a warning or 109an error occurs. 110.It Va rc_startmsgs 111.Pq Vt bool 112If set to 113.Dq Li YES , 114show 115.Dq Starting foo: 116when faststart is used (e.g., at boot time). 117.It Va early_late_divider 118.Pq Vt str 119The name of the script that should be used as the 120delimiter between the 121.Dq early 122and 123.Dq late 124stages of the boot process. 125The early stage should contain all the services needed to 126get the disks (local or remote) mounted so that the late 127stage can include scripts contained in the directories 128listed in the 129.Va local_startup 130variable (see below). 131Thus, the two likely candidates for this value are 132.Pa mountcritlocal 133for the typical system, and 134.Pa mountcritremote 135if the system needs remote file 136systems mounted to get access to the 137.Va local_startup 138directories; for example when 139.Pa /usr/local 140is NFS mounted. 141For 142.Pa rc.conf 143within a 144.Xr jail 8 145.Pa NETWORKING 146is likely to be an appropriate value. 147Extreme care should be taken when changing this value, 148and before changing it one should ensure that there are 149adequate provisions to recover from a failed boot 150(such as physical contact with the machine, 151or reliable remote console access). 152.It Va swapfile 153.Pq Vt str 154If set to 155.Dq Li NO , 156no swapfile is installed, otherwise the value is used as the full 157pathname to a file to use for additional swap space. 158.It Va apm_enable 159.Pq Vt bool 160If set to 161.Dq Li YES , 162enable support for Automatic Power Management with 163the 164.Xr apm 8 165command. 166.It Va apmd_enable 167.Pq Vt bool 168Run 169.Xr apmd 8 170to handle APM event from userland. 171This also enables support for APM. 172.It Va apmd_flags 173.Pq Vt str 174If 175.Va apmd_enable 176is set to 177.Dq Li YES , 178these are the flags to pass to the 179.Xr apmd 8 180daemon. 181.It Va devd_enable 182.Pq Vt bool 183Run 184.Xr devd 8 185to handle device added, removed or unknown events from the kernel. 186.It Va ddb_enable 187.Pq Vt bool 188Run 189.Xr ddb 8 190to install 191.Xr ddb 4 192scripts at boot time. 193.It Va ddb_config 194.Pq Vt str 195Configuration file for 196.Xr ddb 8 . 197Default 198.Pa /etc/ddb.conf . 199.It Va kld_list 200.Pq Vt str 201A list of kernel modules to load right after the local 202disks are mounted. 203Loading modules at this point in the boot process is 204much faster than doing it via 205.Pa /boot/loader.conf 206for those modules not necessary for mounting local disk. 207.It Va kldxref_enable 208.Pq Vt bool 209Set to 210.Dq Li NO 211by default. 212Set to 213.Dq Li YES 214to automatically rebuild 215.Pa linker.hints 216files with 217.Xr kldxref 8 218at boot time. 219.It Va kldxref_clobber 220.Pq Vt bool 221Set to 222.Dq Li NO 223by default. 224If 225.Va kldxref_enable 226is true, 227setting to 228.Dq Li YES 229will overwrite existing 230.Pa linker.hints 231files at boot time. 232Otherwise, 233only missing 234.Pa linker.hints 235files are generated. 236.It Va kldxref_module_path 237.Pq Vt str 238Empty by default. 239A semi-colon 240.Pq Ql \&; 241delimited list of paths containing 242.Xr kld 4 243modules. 244If empty, 245the contents of the 246.Va kern.module_path 247.Xr sysctl 8 248are used. 249.It Va powerd_enable 250.Pq Vt bool 251If set to 252.Dq Li YES , 253enable the system power control facility with the 254.Xr powerd 8 255daemon. 256.It Va powerd_flags 257.Pq Vt str 258If 259.Va powerd_enable 260is set to 261.Dq Li YES , 262these are the flags to pass to the 263.Xr powerd 8 264daemon. 265.It Va tmpmfs 266Controls the creation of a 267.Pa /tmp 268memory file system. 269Always happens if set to 270.Dq Li YES 271and never happens if set to 272.Dq Li NO . 273If set to anything else, a memory file system is created if 274.Pa /tmp 275is not writable. 276.It Va tmpsize 277Controls the size of a created 278.Pa /tmp 279memory file system. 280.It Va tmpmfs_flags 281Extra options passed to the 282.Xr mdmfs 8 283utility when the memory file system for 284.Pa /tmp 285is created. 286The default is 287.Dq Li "-S" , 288which inhibits the use of softupdates on 289.Pa /tmp 290so that file system space is freed without delay 291after file truncation or deletion. 292See 293.Xr mdmfs 8 294for other options you can use in 295.Va tmpmfs_flags . 296.It Va varmfs 297Controls the creation of a 298.Pa /var 299memory file system. 300Always happens if set to 301.Dq Li YES 302and never happens if set to 303.Dq Li NO . 304If set to anything else, a memory file system is created if 305.Pa /var 306is not writable. 307.It Va varsize 308Controls the size of a created 309.Pa /var 310memory file system. 311.It Va varmfs_flags 312Extra options passed to the 313.Xr mdmfs 8 314utility when the memory file system for 315.Pa /var 316is created. 317The default is 318.Dq Li "-S" , 319which inhibits the use of softupdates on 320.Pa /var 321so that file system space is freed without delay 322after file truncation or deletion. 323See 324.Xr mdmfs 8 325for other options you can use in 326.Va varmfs_flags . 327.It Va populate_var 328Controls the automatic population of the 329.Pa /var 330file system. 331Always happens if set to 332.Dq Li YES 333and never happens if set to 334.Dq Li NO . 335If set to anything else, a memory file system is created if 336.Pa /var 337is not writable. 338Note that this process requires access to certain commands in 339.Pa /usr 340before 341.Pa /usr 342is mounted on normal systems. 343.It Va cleanvar_enable 344.Pq Vt bool 345Clean the 346.Pa /var 347directory. 348.It Va local_startup 349.Pq Vt str 350List of directories to search for startup script files. 351.It Va script_name_sep 352.Pq Vt str 353The field separator to use for breaking down the list of startup script files 354into individual filenames. 355The default is a space. 356It is not necessary to change this unless there are startup scripts with names 357containing spaces. 358.It Va hostapd_enable 359.Pq Vt bool 360Set to 361.Dq Li YES 362to start 363.Xr hostapd 8 364at system boot time. 365.It Va hostname 366.Pq Vt str 367The fully qualified domain name (FQDN) of this host on the network. 368This should almost certainly be set to something meaningful, even if 369there is no network connection. 370If 371.Xr dhclient 8 372is used to set the hostname via DHCP, 373this variable should be set to an empty string. 374If this value remains unset when the system is done booting 375your console login will display the default hostname of 376.Dq Amnesiac. 377.It Va nisdomainname 378.Pq Vt str 379The NIS domain name of this host, or 380.Dq Li NO 381if NIS is not used. 382.It Va dhclient_program 383.Pq Vt str 384Path to the DHCP client program 385.Pa ( /sbin/dhclient , 386the 387.Ox 388DHCP client, 389is the default). 390.It Va dhclient_flags 391.Pq Vt str 392Additional flags to pass to the DHCP client program. 393For the 394.Ox 395DHCP client, see the 396.Xr dhclient 8 397manpage for a description of the command line options available. 398.It Va dhclient_flags_ Ns Aq Ar iface 399Additional flags to pass to the DHCP client program running on 400.Ar iface 401only. 402When specified, this variable overrides 403.Va dhclient_flags . 404.It Va background_dhclient 405.Pq Vt bool 406Set to 407.Dq Li YES 408to start the DHCP client in background. 409This can cause trouble with applications depending on 410a working network, but it will provide a faster startup 411in many cases. 412.It Va background_dhclient_ Ns Aq Ar iface 413When specified, this variable overrides the 414.Va background_dhclient 415variable for interface 416.Ar iface 417only. 418.It Va synchronous_dhclient 419.Pq Vt bool 420Set to 421.Dq Li YES 422to start 423.Xr dhclient 8 424synchronously at startup. 425This behavior can be overridden on a per-interface basis by replacing 426the 427.Dq Li DHCP 428keyword in the 429.Va ifconfig_ Ns Aq Ar interface 430variable with 431.Dq Li SYNCDHCP 432or 433.Dq Li NOSYNCDHCP . 434.It Va defaultroute_delay 435.Pq Vt int 436When set to a positive value, wait up to this long after configuring 437DHCP interfaces at startup to give the interfaces time to receive a lease. 438.It Va firewall_enable 439.Pq Vt bool 440Set to 441.Dq Li YES 442to load firewall rules at startup. 443If the kernel was not built with 444.Cd "options IPFIREWALL" , 445the 446.Pa ipfw.ko 447kernel module will be loaded. 448See also 449.Va ipfilter_enable . 450.It Va firewall_script 451.Pq Vt str 452This variable specifies the full path to the firewall script to run. 453The default is 454.Pa /etc/rc.firewall . 455.It Va firewall_type 456.Pq Vt str 457Names the firewall type from the selection in 458.Pa /etc/rc.firewall , 459or the file which contains the local firewall ruleset. 460Valid selections from 461.Pa /etc/rc.firewall 462are: 463.Pp 464.Bl -tag -width ".Li simple" -compact 465.It Li open 466unrestricted IP access 467.It Li closed 468all IP services disabled, except via 469.Dq Li lo0 470.It Li client 471basic protection for a workstation 472.It Li simple 473basic protection for a LAN. 474.El 475.Pp 476If a filename is specified, the full path 477must be given. 478.It Va firewall_quiet 479.Pq Vt bool 480Set to 481.Dq Li YES 482to disable the display of firewall rules on the console during boot. 483.It Va firewall_logging 484.Pq Vt bool 485Set to 486.Dq Li YES 487to enable firewall event logging. 488This is equivalent to the 489.Dv IPFIREWALL_VERBOSE 490kernel option. 491.It Va firewall_flags 492.Pq Vt str 493Flags passed to 494.Xr ipfw 8 495if 496.Va firewall_type 497specifies a filename. 498.It Va firewall_coscripts 499.Pq Vt str 500List of executables and/or rc scripts to run after firewall starts/stops. 501Default is empty. 502.\" ----- firewall_nat_enable setting -------------------------------- 503.It Va firewall_nat_enable 504.Pq Vt bool 505The 506.Xr ipfw 8 507equivalent of 508.Va natd_enable . 509Setting this to 510.Dq Li YES 511enables kernel NAT. 512.Va firewall_enable 513must also be set to 514.Dq Li YES . 515.It Va firewall_nat_interface 516.Pq Vt str 517The 518.Xr ipfw 8 519equivalent of 520.Va natd_interface . 521This is the name of the public interface or IP address on which 522kernel NAT should run. 523.It Va firewall_nat_flags 524.Pq Vt str 525Additional configuration parameters for kernel NAT should be placed here. 526.It Va dummynet_enable 527.Pq Vt bool 528Setting this to 529.Dq Li YES 530will automatically load the 531.Xr dummynet 4 532module if 533.Va firewall_enable 534is also set to 535.Dq Li YES . 536.\" ------------------------------------------------------------------- 537.It Va natd_program 538.Pq Vt str 539Path to 540.Xr natd 8 . 541.It Va natd_enable 542.Pq Vt bool 543Set to 544.Dq Li YES 545to enable 546.Xr natd 8 . 547.Va firewall_enable 548must also be set to 549.Dq Li YES , 550and 551.Xr divert 4 552sockets must be enabled in the kernel. 553If the kernel was not built with 554.Cd "options IPDIVERT" , 555the 556.Pa ipdivert.ko 557kernel module will be loaded. 558.It Va natd_interface 559.Pq Vt str 560This is the name of the public interface on which 561.Xr natd 8 562should run. 563The interface may be given as an interface name or as an IP address. 564.It Va natd_flags 565.Pq Vt str 566Additional 567.Xr natd 8 568flags should be placed here. 569The 570.Fl n 571or 572.Fl a 573flag is automatically added with the above 574.Va natd_interface 575as an argument. 576.\" ----- ipfilter_enable setting -------------------------------- 577.It Va ipfilter_enable 578.Pq Vt bool 579Set to 580.Dq Li NO 581by default. 582Setting this to 583.Dq Li YES 584enables 585.Xr ipf 8 586packet filtering. 587.Pp 588Typical usage will require putting 589.Bd -literal 590ipfilter_enable="YES" 591ipnat_enable="YES" 592ipmon_enable="YES" 593ipfs_enable="YES" 594.Ed 595.Pp 596into 597.Pa /etc/rc.conf 598and editing 599.Pa /etc/ipf.rules 600and 601.Pa /etc/ipnat.rules 602appropriately. 603.Pp 604Note that 605.Va ipfilter_enable 606and 607.Va ipnat_enable 608can be enabled independently. 609.Va ipmon_enable 610and 611.Va ipfs_enable 612both require at least one of 613.Va ipfilter_enable 614and 615.Va ipnat_enable 616to be enabled. 617.Pp 618Having 619.Bd -literal 620options IPFILTER 621options IPFILTER_LOG 622options IPFILTER_DEFAULT_BLOCK 623.Ed 624.Pp 625in the kernel configuration file is a good idea, too. 626.\" ----- ipfilter_program setting ------------------------------ 627.It Va ipfilter_program 628.Pq Vt str 629Path to 630.Xr ipf 8 631(default 632.Pa /sbin/ipf ) . 633.\" ----- ipfilter_rules setting -------------------------------- 634.It Va ipfilter_rules 635.Pq Vt str 636Set to 637.Pa /etc/ipf.rules 638by default. 639This variable contains the name of the filter rule definition file. 640The file is expected to be readable for the 641.Xr ipf 8 642command to execute. 643.\" ----- ipv6_ipfilter_rules setting --------------------------- 644.It Va ipv6_ipfilter_rules 645.Pq Vt str 646Set to 647.Pa /etc/ipf6.rules 648by default. 649This variable contains the IPv6 filter rule definition file. 650The file is expected to be readable for the 651.Xr ipf 8 652command to execute. 653.\" ----- ipfilter_flags setting -------------------------------- 654.It Va ipfilter_flags 655.Pq Vt str 656Empty by default. 657This variable contains flags passed to the 658.Xr ipf 8 659program. 660.\" ----- ipnat_enable setting ---------------------------------- 661.It Va ipnat_enable 662.Pq Vt bool 663Set to 664.Dq Li NO 665by default. 666Set it to 667.Dq Li YES 668to enable 669.Xr ipnat 8 670network address translation. 671See 672.Va ipfilter_enable 673for a detailed discussion. 674.\" ----- ipnat_program setting --------------------------------- 675.It Va ipnat_program 676.Pq Vt str 677Path to 678.Xr ipnat 8 679(default 680.Pa /sbin/ipnat ) . 681.\" ----- ipnat_rules setting ----------------------------------- 682.It Va ipnat_rules 683.Pq Vt str 684Set to 685.Pa /etc/ipnat.rules 686by default. 687This variable contains the name of the file 688holding the network address translation definition. 689This file is expected to be readable for the 690.Xr ipnat 8 691command to execute. 692.\" ----- ipnat_flags setting ----------------------------------- 693.It Va ipnat_flags 694.Pq Vt str 695Empty by default. 696This variable contains flags passed to the 697.Xr ipnat 8 698program. 699.\" ----- ipmon_enable setting ---------------------------------- 700.It Va ipmon_enable 701.Pq Vt bool 702Set to 703.Dq Li NO 704by default. 705Set it to 706.Dq Li YES 707to enable 708.Xr ipmon 8 709monitoring (logging 710.Xr ipf 8 711and 712.Xr ipnat 8 713events). 714Setting this variable needs setting 715.Va ipfilter_enable 716or 717.Va ipnat_enable 718too. 719See 720.Va ipfilter_enable 721for a detailed discussion. 722.\" ----- ipmon_program setting --------------------------------- 723.It Va ipmon_program 724.Pq Vt str 725Path to 726.Xr ipmon 8 727(default 728.Pa /sbin/ipmon ) . 729.\" ----- ipmon_flags setting ----------------------------------- 730.It Va ipmon_flags 731.Pq Vt str 732Set to 733.Dq Li -Ds 734by default. 735This variable contains flags passed to the 736.Xr ipmon 8 737program. 738Another typical example would be 739.Dq Fl D Pa /var/log/ipflog 740to have 741.Xr ipmon 8 742log directly to a file bypassing 743.Xr syslogd 8 . 744Make sure to adjust 745.Pa /etc/newsyslog.conf 746in such case like this: 747.Bd -literal 748/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 749.Ed 750.\" ----- ipfs_enable setting ----------------------------------- 751.It Va ipfs_enable 752.Pq Vt bool 753Set to 754.Dq Li NO 755by default. 756Set it to 757.Dq Li YES 758to enable 759.Xr ipfs 8 760saving the filter and NAT state tables during shutdown 761and reloading them during startup again. 762Setting this variable needs setting 763.Va ipfilter_enable 764or 765.Va ipnat_enable 766to 767.Dq Li YES 768too. 769See 770.Va ipfilter_enable 771for a detailed discussion. 772Note that if 773.Va kern_securelevel 774is set to 3, 775.Va ipfs_enable 776cannot be used 777because the raised securelevel will prevent 778.Xr ipfs 8 779from saving the state tables at shutdown time. 780.\" ----- ipfs_program setting ---------------------------------- 781.It Va ipfs_program 782.Pq Vt str 783Path to 784.Xr ipfs 8 785(default 786.Pa /sbin/ipfs ) . 787.\" ----- ipfs_flags setting ------------------------------------ 788.It Va ipfs_flags 789.Pq Vt str 790Empty by default. 791This variable contains flags passed to the 792.Xr ipfs 8 793program. 794.\" ----- end of added ipf hook --------------------------------- 795.It Va pf_enable 796.Pq Vt bool 797Set to 798.Dq Li NO 799by default. 800Setting this to 801.Dq Li YES 802enables 803.Xr pf 4 804packet filtering. 805.Pp 806Typical usage will require putting 807.Pp 808.Dl pf_enable="YES" 809.Pp 810into 811.Pa /etc/rc.conf 812and editing 813.Pa /etc/pf.conf 814appropriately. 815Adding 816.Pp 817.Dl "device pf" 818.Pp 819builds support for 820.Xr pf 4 821into the kernel, otherwise the 822kernel module will be loaded. 823.It Va pf_rules 824.Pq Vt str 825Path to 826.Xr pf 4 827ruleset configuration file 828(default 829.Pa /etc/pf.conf ) . 830.It Va pf_program 831.Pq Vt str 832Path to 833.Xr pfctl 8 834(default 835.Pa /sbin/pfctl ) . 836.It Va pf_flags 837.Pq Vt str 838If 839.Va pf_enable 840is set to 841.Dq Li YES , 842these flags are passed to the 843.Xr pfctl 8 844program when loading the ruleset. 845.It Va pflog_enable 846.Pq Vt bool 847Set to 848.Dq Li NO 849by default. 850Setting this to 851.Dq Li YES 852enables 853.Xr pflogd 8 854which logs packets from the 855.Xr pf 4 856packet filter. 857.It Va pflog_logfile 858.Pq Vt str 859If 860.Va pflog_enable 861is set to 862.Dq Li YES 863this controls where 864.Xr pflogd 8 865stores the logfile 866(default 867.Pa /var/log/pflog ) . 868Check 869.Pa /etc/newsyslog.conf 870to adjust logfile rotation for this. 871.It Va pflog_program 872.Pq Vt str 873Path to 874.Xr pflogd 8 875(default 876.Pa /sbin/pflogd ) . 877.It Va pflog_flags 878.Pq Vt str 879Empty by default. 880This variable contains additional flags passed to the 881.Xr pflogd 8 882program. 883.It Va ftpproxy_enable 884.Pq Vt bool 885Set to 886.Dq Li NO 887by default. 888Setting this to 889.Dq Li YES 890enables 891.Xr ftp-proxy 8 892which supports the 893.Xr pf 4 894packet filter in translating ftp connections. 895.It Va ftpproxy_flags 896.Pq Vt str 897Empty by default. 898This variable contains additional flags passed to the 899.Xr ftp-proxy 8 900program. 901.It Va pfsync_enable 902.Pq Vt bool 903Set to 904.Dq Li NO 905by default. 906Setting this to 907.Dq Li YES 908enables exposing 909.Xr pf 4 910state changes to other hosts over the network by means of 911.Xr pfsync 4 . 912The 913.Va pfsync_syncdev 914variable 915must also be set then. 916.It Va pfsync_syncdev 917.Pq Vt str 918Empty by default. 919This variable specifies the name of the network interface 920.Xr pfsync 4 921should operate through. 922It must be set accordingly if 923.Va pfsync_enable 924is set to 925.Dq Li YES . 926.It Va pfsync_syncpeer 927.Pq Vt str 928Empty by default. 929This variable is optional. 930By default, state change messages are sent out on the synchronisation 931interface using IP multicast packets. 932The protocol is IP protocol 240, PFSYNC, and the multicast group used is 933224.0.0.240. 934When a peer address is specified using the 935.Va pfsync_syncpeer 936option, the peer address is used as a destination for the pfsync 937traffic, and the traffic can then be protected using 938.Xr ipsec 4 . 939See the 940.Xr pfsync 4 941manpage for more details about using 942.Xr ipsec 4 943with 944.Xr pfsync 4 945interfaces. 946.It Va pfsync_ifconfig 947.Pq Vt str 948Empty by default. 949This variable can contain additional options to be passed to the 950.Xr ifconfig 8 951command used to set up 952.Xr pfsync 4 . 953.It Va tcp_extensions 954.Pq Vt bool 955Set to 956.Dq Li YES 957by default. 958Setting this to 959.Dq Li NO 960disables certain TCP options as described by 961.Rs 962.%T "RFC 1323" 963.Re 964Setting this to 965.Dq Li NO 966might help remedy such problems with connections as randomly hanging 967or other weird behavior. 968Some network devices are known 969to be broken with respect to these options. 970.It Va log_in_vain 971.Pq Vt int 972Set to 0 by default. 973The 974.Xr sysctl 8 975variables, 976.Va net.inet.tcp.log_in_vain 977and 978.Va net.inet.udp.log_in_vain , 979as described in 980.Xr tcp 4 981and 982.Xr udp 4 , 983are set to the given value. 984.It Va tcp_keepalive 985.Pq Vt bool 986Set to 987.Dq Li YES 988by default. 989Setting to 990.Dq Li NO 991will disable probing idle TCP connections to verify that the 992peer is still up and reachable. 993.It Va tcp_drop_synfin 994.Pq Vt bool 995Set to 996.Dq Li NO 997by default. 998Setting to 999.Dq Li YES 1000will cause the kernel to ignore TCP frames that have both 1001the SYN and FIN flags set. 1002This prevents OS fingerprinting, but may 1003break some legitimate applications. 1004.It Va icmp_drop_redirect 1005.Pq Vt bool 1006Set to 1007.Dq Li NO 1008by default. 1009Setting to 1010.Dq Li YES 1011will cause the kernel to ignore ICMP REDIRECT packets. 1012Refer to 1013.Xr icmp 4 1014for more information. 1015.It Va icmp_log_redirect 1016.Pq Vt bool 1017Set to 1018.Dq Li NO 1019by default. 1020Setting to 1021.Dq Li YES 1022will cause the kernel to log ICMP REDIRECT packets. 1023Note that 1024the log messages are not rate-limited, so this option should only be used 1025for troubleshooting networks. 1026Refer to 1027.Xr icmp 4 1028for more information. 1029.It Va icmp_bmcastecho 1030.Pq Vt bool 1031Set to 1032.Dq Li YES 1033to respond to broadcast or multicast ICMP ping packets. 1034Refer to 1035.Xr icmp 4 1036for more information. 1037.It Va ip_portrange_first 1038.Pq Vt int 1039If not set to 1040.Dq Li NO , 1041this is the first port in the default portrange. 1042Refer to 1043.Xr ip 4 1044for more information. 1045.It Va ip_portrange_last 1046.Pq Vt int 1047If not set to 1048.Dq Li NO , 1049this is the last port in the default portrange. 1050Refer to 1051.Xr ip 4 1052for more information. 1053.It Va network_interfaces 1054.Pq Vt str 1055Set to the list of network interfaces to configure on this host or 1056.Dq Li AUTO 1057(the default) for all current interfaces. 1058Setting the 1059.Va network_interfaces 1060variable to anything other than the default is deprecated. 1061Interfaces that the administrator wishes to store configuration for, 1062but not start at boot should be configured with the 1063.Dq Li NOAUTO 1064keyword in their 1065.Va ifconfig_ Ns Aq Ar interface 1066variables as described below. 1067.Pp 1068An 1069.Va ifconfig_ Ns Aq Ar interface 1070variable is also assumed to exist for each value of 1071.Ar interface . 1072When an interface name contains any of the characters 1073.Dq Li .-/+ 1074they are translated to 1075.Dq Li _ 1076before lookup. 1077The variable can contain arguments to 1078.Xr ifconfig 8 , 1079as well as special case-insensitive keywords described below. 1080Such keywords are removed before passing the value to 1081.Xr ifconfig 8 1082while the order of the other arguments is preserved. 1083.Pp 1084One can configure more than one IPv4 address with the 1085.Va ipv4_addrs_ Ns Aq Ar interface 1086variable. 1087One or more IP addresses must be provided in Classless Inter-Domain 1088Routing (CIDR) address notation, whose last byte can be a range like 1089192.0.2.5-23/24. 1090In this case the address 192.0.2.5 will be configured with the 1091netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1092the non-conflicting netmask /32 as explained in the 1093.Xr ifconfig 8 1094alias section. 1095With the interface in question being 1096.Li ed0 , 1097an example could look like: 1098.Bd -literal 1099ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28" 1100.Ed 1101.Pp 1102It is also possible to add IP alias entries using 1103.Xr ifconfig 8 1104syntax with the 1105.Dq Li inet 1106keyword. 1107Assuming that the interface in question was 1108.Li ed0 , 1109it might look 1110something like this: 1111.Bd -literal 1112ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1113ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1114.Ed 1115.Pp 1116And so on. 1117For each 1118.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1119entry with the 1120.Dq Li inet 1121keyword that is found, 1122its contents are passed to 1123.Xr ifconfig 8 . 1124Execution stops at the first unsuccessful access, so if 1125something like this is present: 1126.Bd -literal 1127ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1128ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1129ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1130ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1131.Ed 1132.Pp 1133Then note that alias4 would 1134.Em not 1135be added since the search would 1136stop with the missing 1137.Dq Li alias3 1138entry. 1139Due to this difficult to manage behavior, the 1140.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1141form is deprecated. 1142.Pp 1143If the 1144.Pa /etc/start_if. Ns Aq Ar interface 1145file is present, it is read and executed by the 1146.Xr sh 1 1147interpreter 1148before configuring the interface as specified in the 1149.Va ifconfig_ Ns Aq Ar interface 1150and 1151.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1152variables. 1153.Pp 1154If a 1155.Va vlans_ Ns Aq Ar interface 1156variable is set, 1157a 1158.Xr vlan 4 1159interface will be created for each item in the list with the 1160.Ar vlandev 1161argument set to 1162.Ar interface . 1163If a vlan interface's name is a number, 1164then that number is used as the vlan tag and the new vlan interface is 1165named 1166.Ar interface . Ns Ar tag . 1167Otherwise, 1168the vlan tag must be specified via a 1169.Va vlan 1170parameter in the 1171.Va create_args_ Ns Aq Ar interface 1172variable. 1173.Pp 1174To create a vlan device named 1175.Li em0.101 1176on 1177.Li em0 1178with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1179.Bd -literal 1180vlans_em0="101" 1181ifconfig_em0_101="inet 192.0.2.1/24" 1182.Ed 1183.Pp 1184To create a vlan device named 1185.Li myvlan 1186on 1187.Li em0 1188with the vlan tag 102: 1189.Bd -literal 1190vlans_em0="myvlan" 1191create_args_myvlan="vlan 102" 1192.Ed 1193.Pp 1194If a 1195.Va wlans_ Ns Aq Ar interface 1196variable is set, 1197an 1198.Xr wlan 4 1199interface will be created for each item in the list with the 1200.Ar wlandev 1201argument set to 1202.Ar interface . 1203Further wlan cloning arguments may be passed to the 1204.Xr ifconfig 8 1205.Cm create 1206command by setting the 1207.Va create_args_ Ns Aq Ar interface 1208variable. 1209One or more 1210.Xr wlan 4 1211devices must be created for each wireless devices as of 1212.Fx 8.0 . 1213Debugging flags for 1214.Xr wlan 4 1215devices as set by 1216.Xr wlandebug 8 1217may be specified with an 1218.Va wlandebug_ Ns Aq Ar interface 1219variable. 1220The contents of this variable will be passed directly to 1221.Xr wlandebug 8 . 1222.Pp 1223If the 1224.Va ifconfig_ Ns Aq Ar interface 1225contains the keyword 1226.Dq Li NOAUTO 1227then the interface will not be configured 1228at boot or by 1229.Pa /etc/pccard_ether 1230when 1231.Va network_interfaces 1232is set to 1233.Dq Li AUTO . 1234.Pp 1235It is possible to bring up an interface with DHCP by adding 1236.Dq Li DHCP 1237to the 1238.Va ifconfig_ Ns Aq Ar interface 1239variable. 1240For instance, to initialize the 1241.Li ed0 1242device via DHCP, 1243it is possible to use something like: 1244.Bd -literal 1245ifconfig_ed0="DHCP" 1246.Ed 1247.Pp 1248Also, if you want to configure your wireless interface with 1249.Xr wpa_supplicant 8 1250for use with WPA, EAP/LEAP or WEP, you need to add 1251.Dq Li WPA 1252to the 1253.Va ifconfig_ Ns Aq Ar interface 1254variable. 1255.Pp 1256Finally, you can add 1257.Xr ifconfig 8 1258options in this variable, in addition to the 1259.Pa /etc/start_if. Ns Aq Ar interface 1260file. 1261For instance, to configure an 1262.Xr ath 4 1263wireless device in station mode with an address obtained 1264via DHCP, using WPA authentication and 802.11b mode, it is 1265possible to use something like: 1266.Bd -literal 1267wlans_ath0="wlan0" 1268ifconfig_wlan0="DHCP WPA mode 11b" 1269.Ed 1270.Pp 1271In addition to the 1272.Va ifconfig_ Ns Aq Ar interface 1273form, a fallback variable 1274.Va ifconfig_DEFAULT 1275may be configured. 1276It will be used for all interfaces with no 1277.Va ifconfig_ Ns Aq Ar interface 1278variable. 1279This is intended to replace the no longer supported 1280.Va pccard_ifconfig 1281variable. 1282.Pp 1283It is also possible to rename an interface by doing: 1284.Bd -literal 1285ifconfig_ed0_name="net0" 1286ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1287.Ed 1288.It Va ipv6_enable 1289This variable is deprecated. 1290Use 1291.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1292and 1293.Va ipv6_activate_all_interfaces 1294if necessary. 1295.Pp 1296.Pq Vt bool 1297If the variable is 1298.Dq Li YES , 1299.Dq Li inet6 accept_rtadv 1300is added to all of 1301.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1302and the 1303.Va ipv6_activate_all_interfaces 1304is defined as 1305.Dq Li YES . 1306.It Va ipv6_prefer 1307This variable is deprecated. 1308Use 1309.Va ip6addrctl_policy 1310instead. 1311.Pp 1312.Pq Vt bool 1313If the variable is 1314.Dq Li YES , 1315the default address selection policy table set by 1316.Xr ip6addrctl 8 1317will be IPv6-preferred. 1318.Pp 1319If the variable is 1320.Dq Li NO , 1321the default address selection policy table set by 1322.Xr ip6addrctl 8 1323will be IPv4-preferred. 1324.It Va ipv6_activate_all_interfaces 1325.Pq Vt bool 1326This controls initial configuration on IPv6-capable 1327interfaces with no corresponding 1328.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1329variable. 1330Note that it is not always necessary to set this variable to 1331.Dq YES 1332to use IPv6 functionality on 1333.Fx . 1334In most cases, just configuring 1335.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1336variables works. 1337.Pp 1338If the variable is 1339.Dq Li NO , 1340all interfaces which do not have a corresponding 1341.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1342variable will be marked as 1343.Dq Li IFDISABLED 1344at creation. 1345This means that all of IPv6 functionality on that interface 1346is completely disabled to enforce a security policy. 1347If the variable is set to 1348.Dq YES , 1349the flag will be cleared on all of the interfaces. 1350.Pp 1351In most cases, just defining an 1352.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1353for an IPv6-capable interface should be sufficient. 1354However, if an interface is added dynamically 1355.Pq by some tunneling protocols such as PPP, for example , 1356it is often difficult to define the variable in advance. 1357In such a case, configuring the 1358.Dq Li IFDISABLED 1359flag can be disabled by setting this variable to 1360.Dq YES . 1361.Pp 1362For more details of the 1363.Dq Li IFDISABLED 1364flag and keywords 1365.Dq Li inet6 ifdisabled , 1366see 1367.Xr ifconfig 8 . 1368.Pp 1369Default is 1370.Dq Li NO . 1371.It Va ipv6_privacy 1372.Pq Vt bool 1373If the variable is 1374.Dq Li YES 1375privacy addresses will be generated for each IPv6 1376interface as described in RFC 4941. 1377.It Va ipv6_network_interfaces 1378.Pq Vt str 1379This is the IPv6 equivalent of 1380.Va network_interfaces . 1381Normally manual configuration of this variable is not needed. 1382.Pp 1383.It Va ipv6_cpe_wanif 1384.Pq Vt str 1385If the variable is set to an interface name, 1386the 1387.Xr ifconfig 8 1388options 1389.Dq inet6 -no_radr accept_rtadv 1390will be added to the specified interface automatically before evaluating 1391.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1392and two 1393.Xr sysctl 8 1394variables 1395.Va net.inet6.ip6.rfc6204w3 1396and 1397.Va net.inet6.ip6.no_radr 1398will be set to 1. 1399.Pp 1400This means the specified interface will accept ICMPv6 Router 1401Advertisement messages on that link and add the discovered 1402routers into the Default Router List. 1403While the other interfaces can still accept RA messages if the 1404.Dq inet6 accept_rtadv 1405option is specified, adding 1406routes into the Default Router List will be disabled by 1407.Dq inet6 no_radr 1408option by default. 1409See 1410.Xr ifconfig 8 1411for more details. 1412.Pp 1413Note that ICMPv6 Router Advertisement messages will be 1414accepted even when 1415.Va net.inet6.ip6.forwarding 1416is 1 1417.Pq packet fowarding is enabled 1418when 1419.Va net.inet6.ip6.rfc6204w3 1420is set to 1. 1421.Pp 1422Default is 1423.Dq Li NO . 1424.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1425.Pq Vt str 1426IPv6 functionality on an interface should be configured by 1427.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1428instead of setting ifconfig parameters in 1429.Va ifconfig_ Ns Aq Ar interface . 1430If this variable is empty, all of IPv6 configurations on the 1431specified interface by other variables such as 1432.Va ipv6_prefix_ Ns Ao Ar interface Ac 1433will be ignored. 1434.Pp 1435Aliases should be set by 1436.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1437with 1438.Dq Li inet6 1439keyword. For example: 1440.Bd -literal 1441ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1442ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1443.Ed 1444.Pp 1445Interfaces that have an 1446.Dq Li inet6 accept_rtadv 1447keyword in 1448.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1449setting will be automatically configured by SLAAC 1450.Pq StateLess Address AutoConfiguration 1451described in 1452.Rs 1453.%T "RFC 4862" 1454.Re 1455.Pp 1456Note that a link-local address will be automatically configured in 1457addition to the configured global-scope addresses because the IPv6 1458specifications require it on each link. 1459The address is calculated from the MAC address by using an algorithm 1460defined in 1461.Rs 1462.%T "RFC 4862" 1463.%O "Section 5.3" 1464.Re 1465.Pp 1466If only a link-local address is needed on the interface, 1467the following configuration can be used: 1468.Bd -literal 1469ifconfig_ed0_ipv6="inet6 auto_linklocal" 1470.Ed 1471.Pp 1472A link-local address can also be configured manually. 1473This is useful for the default router address of an IPv6 router 1474so that it does not change when the network interface 1475card is replaced. 1476For example: 1477.Bd -literal 1478ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1479.Ed 1480.It Va ipv6_prefix_ Ns Aq Ar interface 1481.Pq Vt str 1482If one or more prefixes are defined in 1483.Va ipv6_prefix_ Ns Aq Ar interface 1484addresses based on each prefix and the EUI-64 interface index will be 1485configured on that interface. 1486Note that this variable will be ignored when 1487.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1488is empty. 1489.Pp 1490For example, the following configuration 1491.Bd -literal 1492ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1493.Ed 1494.Pp 1495is equivalent to the following: 1496.Bd -literal 1497ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1498ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1499ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1500ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1501.Ed 1502.Pp 1503These Subnet-Router anycast addresses will be added only when 1504.Va ipv6_gateway_enable 1505is YES. 1506.It Va ipv6_default_interface 1507.Pq Vt str 1508If not set to 1509.Dq Li NO , 1510this is the default output interface for scoped addresses. 1511This works only with ipv6_gateway_enable="NO". 1512.It Va ip6addrctl_enable 1513.Pq Vt bool 1514This variable is to enable configuring default address selection policy table 1515.Pq RFC 3484 . 1516The table can be specified in another variable 1517.Va ip6addrctl_policy . 1518For 1519.Va ip6addrctl_policy 1520the following keywords can be specified: 1521.Dq Li ipv4_prefer , 1522.Dq Li ipv6_prefer , 1523or 1524.Dq Li AUTO . 1525.Pp 1526If 1527.Dq Li ipv4_prefer 1528or 1529.Dq Li ipv6_prefer 1530is specified, 1531.Xr ip6addrctl 8 1532installs a pre-defined policy table described in Section 2.1 1533.Pq IPv6-preferred 1534or 10.3 1535.Pq IPv4-preferred 1536of RFC 3484. 1537.Pp 1538If 1539.Dq Li AUTO 1540is specified, it attempts to read a file 1541.Pa /etc/ip6addrctl.conf 1542first. If this file is found, 1543.Xr ip6addrctl 8 1544reads and installs it. If not found, a policy is automatically set 1545according to 1546.Va ipv6_activate_all_interfaces 1547variable; if the variable is set to 1548.Dq Li YES 1549the IPv6-preferred one is used. Otherwise IPv4-preferred. 1550.Pp 1551The default value of 1552.Va ip6addrctl_enable 1553and 1554.Va ip6addrctl_policy 1555are 1556.Dq Li YES 1557and 1558.Dq Li AUTO , 1559respectively. 1560.It Va cloned_interfaces 1561.Pq Vt str 1562Set to the list of clonable network interfaces to create on this host. 1563Further cloning arguments may be passed to the 1564.Xr ifconfig 8 1565.Cm create 1566command for each interface by setting the 1567.Va create_args_ Ns Aq Ar interface 1568variable. 1569Entries in 1570.Va cloned_interfaces 1571are automatically appended to 1572.Va network_interfaces 1573for configuration. 1574.It Va fec_interfaces 1575.Pq Vt str 1576Set to the list of 1577.Xr ng_fec 4 1578Fast EtherChannel interfaces to configure on this host. 1579A 1580.Va fecconfig_ Ns Aq Ar interface 1581variable is assumed to exist for each value of 1582.Ar interface . 1583The value of this variable is used to configure link aggregated interfaces 1584according to the syntax of the 1585.Cm NGM_FEC_ADD_IFACE 1586to 1587.Xr ngctl 8 1588msg. 1589Additionally, this option ensures that each listed interface is created 1590via the 1591.Cm mkpeer 1592command to 1593.Xr ngctl 8 1594before attempting to configure it. 1595For example: 1596.Bd -literal 1597fec_interfaces="fec0" 1598fecconfig_fec0="em0 em1" 1599ifconfig_fec0="DHCP" 1600.Ed 1601.It Va gif_interfaces 1602.Pq Vt str 1603Set to the list of 1604.Xr gif 4 1605tunnel interfaces to configure on this host. 1606A 1607.Va gifconfig_ Ns Aq Ar interface 1608variable is assumed to exist for each value of 1609.Ar interface . 1610The value of this variable is used to configure the link layer of the 1611tunnel according to the syntax of the 1612.Cm tunnel 1613option to 1614.Xr ifconfig 8 . 1615Additionally, this option ensures that each listed interface is created 1616via the 1617.Cm create 1618option to 1619.Xr ifconfig 8 1620before attempting to configure it. 1621.It Va sppp_interfaces 1622.Pq Vt str 1623Set to the list of 1624.Xr sppp 4 1625interfaces to configure on this host. 1626A 1627.Va spppconfig_ Ns Aq Ar interface 1628variable is assumed to exist for each value of 1629.Ar interface . 1630Each interface should also be configured by a general 1631.Va ifconfig_ Ns Aq Ar interface 1632setting. 1633Refer to 1634.Xr spppcontrol 8 1635for more information about available options. 1636.It Va ppp_enable 1637.Pq Vt bool 1638If set to 1639.Dq Li YES , 1640run the 1641.Xr ppp 8 1642daemon. 1643.It Va ppp_profile 1644.Pq Vt str 1645The name of the profile to use from 1646.Pa /etc/ppp/ppp.conf . 1647Also used for per-profile overrides of 1648.Va ppp_mode 1649and 1650.Va ppp_nat , 1651and 1652.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1653When the profile name contains any of the characters 1654.Dq Li .-/+ 1655they are translated to 1656.Dq Li _ 1657for the proposes of the override variable names. 1658.It Va ppp_mode 1659.Pq Vt str 1660Mode in which to run the 1661.Xr ppp 8 1662daemon. 1663.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1664.Pq Vt str 1665Overrides the global 1666.Va ppp_mode 1667for 1668.Ar profile . 1669Accepted modes are 1670.Dq Li auto , 1671.Dq Li ddial , 1672.Dq Li direct 1673and 1674.Dq Li dedicated . 1675See the manual for a full description. 1676.It Va ppp_nat 1677.Pq Vt bool 1678If set to 1679.Dq Li YES , 1680enables network address translation. 1681Used in conjunction with 1682.Va gateway_enable 1683allows hosts on private network addresses access to the Internet using 1684this host as a network address translating router. 1685.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1686.Pq Vt str 1687Overrides the global 1688.Va ppp_nat 1689for 1690.Ar profile . 1691.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1692.Pq Vt int 1693Set the unit number to be used for this profile. 1694See the manual description of 1695.Fl unit Ns Ar N 1696for details. 1697.It Va ppp_user 1698.Pq Vt str 1699The name of the user under which 1700.Xr ppp 8 1701should be started. 1702By 1703default, 1704.Xr ppp 8 1705is started as 1706.Dq Li root . 1707.It Va rc_conf_files 1708.Pq Vt str 1709This option is used to specify a list of files that will override 1710the settings in 1711.Pa /etc/defaults/rc.conf . 1712The files will be read in the order in which they are specified and should 1713include the full path to the file. 1714By default, the files specified are 1715.Pa /etc/rc.conf 1716and 1717.Pa /etc/rc.conf.local 1718.It Va zfs_enable 1719.Pq Vt bool 1720If set to 1721.Dq Li YES , 1722.Pa /etc/rc.d/zfs 1723will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1724(ZVOLs). 1725.It Va gptboot_enable 1726.Pq Vt bool 1727If set to 1728.Dq Li YES , 1729.Pa /etc/rc.d/gptboot 1730will log if the system successfully (or not) booted from a GPT partition, 1731which had the 1732.Ar bootonce 1733attribute set using 1734.Xr gpart 8 1735utility. 1736.It Va gbde_autoattach_all 1737.Pq Vt bool 1738If set to 1739.Dq Li YES , 1740.Pa /etc/rc.d/gbde 1741will attempt to automatically initialize your .bde devices in 1742.Pa /etc/fstab . 1743.It Va gbde_devices 1744.Pq Vt str 1745List the devices that the script should try to attach, 1746or 1747.Dq Li AUTO . 1748.It Va gbde_lockdir 1749.Pq Vt str 1750The directory where the 1751.Xr gbde 4 1752lockfiles are located. 1753The default lockfile directory is 1754.Pa /etc . 1755.Pp 1756The lockfile for each individual 1757.Xr gbde 4 1758device can be overridden by setting the variable 1759.Va gbde_lock_ Ns Aq Ar device , 1760where 1761.Ar device 1762is the encrypted device without the 1763.Dq Pa /dev/ 1764and 1765.Dq Pa .bde 1766parts. 1767.It Va gbde_attach_attempts 1768.Pq Vt int 1769Number of times to attempt attaching to a 1770.Xr gbde 4 1771device, i.e., how many times the user is asked for the pass-phrase. 1772Default is 3. 1773.It Va geli_devices 1774.Pq Vt str 1775List of devices to automatically attach on boot. 1776Note that .eli devices from 1777.Pa /etc/fstab 1778are automatically appended to this list. 1779.It Va geli_tries 1780.Pq Vt int 1781Number of times user is asked for the pass-phrase. 1782If empty, it will be taken from 1783.Va kern.geom.eli.tries 1784sysctl variable. 1785.It Va geli_default_flags 1786.Pq Vt str 1787Default flags to use by 1788.Xr geli 8 1789when configuring disk encryption. 1790Flags can be configured for every device separately by defining 1791.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1792variable. 1793.It Va geli_autodetach 1794.Pq Vt str 1795Specifies if GELI devices should be marked for detach on last close after 1796file systems are mounted. 1797Default is 1798.Dq Li YES . 1799This can be changed for every device separately by defining 1800.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1801variable. 1802.It Va geli_swap_flags 1803Options passed to the 1804.Xr geli 8 1805utility when encrypted GEOM providers for swap partitions are created. 1806The default is 1807.Dq Li "-e aes -l 256 -s 4096 -d" . 1808.It Va root_rw_mount 1809.Pq Vt bool 1810Set to 1811.Dq Li YES 1812by default. 1813After the file systems are checked at boot time, the root file system 1814is remounted as read-write if this is set to 1815.Dq Li YES . 1816Diskless systems that mount their root file system from a read-only remote 1817NFS share should set this to 1818.Dq Li NO 1819in their 1820.Pa rc.conf . 1821.It Va fsck_y_enable 1822.Pq Vt bool 1823If set to 1824.Dq Li YES , 1825.Xr fsck 8 1826will be run with the 1827.Fl y 1828flag if the initial preen 1829of the file systems fails. 1830.It Va background_fsck 1831.Pq Vt bool 1832If set to 1833.Dq Li YES , 1834the system will attempt to run 1835.Xr fsck 8 1836in the background where possible. 1837.It Va background_fsck_delay 1838.Pq Vt int 1839The amount of time in seconds to sleep before starting a background 1840.Xr fsck 8 . 1841It defaults to sixty seconds to allow large applications such as 1842the X server to start before disk I/O bandwidth is monopolized by 1843.Xr fsck 8 . 1844If set to a negative number, the background file system check will be 1845delayed indefinitely to allow the administrator to run it at a more 1846convenient time. 1847For example it may be run from 1848.Xr cron 8 1849by adding a line like 1850.Pp 1851.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1852.Pp 1853to 1854.Pa /etc/crontab . 1855.It Va netfs_types 1856.Pq Vt str 1857List of file system types that are network-based. 1858This list should generally not be modified by end users. 1859Use 1860.Va extra_netfs_types 1861instead. 1862.It Va extra_netfs_types 1863.Pq Vt str 1864If set to something other than 1865.Dq Li NO 1866(the default), 1867this variable extends the list of file system types 1868for which automatic mounting at startup by 1869.Xr rc 8 1870should be delayed until the network is initialized. 1871It should contain 1872a whitespace-separated list of network file system descriptor pairs, 1873each consisting of a file system type as passed to 1874.Xr mount 8 1875and a human-readable, one-word description, 1876joined with a colon 1877.Pq Ql \&: . 1878Extending the default list in this way is only necessary 1879when third party file system types are used. 1880.It Va syslogd_enable 1881.Pq Vt bool 1882If set to 1883.Dq Li YES , 1884run the 1885.Xr syslogd 8 1886daemon. 1887.It Va syslogd_program 1888.Pq Vt str 1889Path to 1890.Xr syslogd 8 1891(default 1892.Pa /usr/sbin/syslogd ) . 1893.It Va syslogd_flags 1894.Pq Vt str 1895If 1896.Va syslogd_enable 1897is set to 1898.Dq Li YES , 1899these are the flags to pass to 1900.Xr syslogd 8 . 1901.It Va inetd_enable 1902.Pq Vt bool 1903If set to 1904.Dq Li YES , 1905run the 1906.Xr inetd 8 1907daemon. 1908.It Va inetd_program 1909.Pq Vt str 1910Path to 1911.Xr inetd 8 1912(default 1913.Pa /usr/sbin/inetd ) . 1914.It Va inetd_flags 1915.Pq Vt str 1916If 1917.Va inetd_enable 1918is set to 1919.Dq Li YES , 1920these are the flags to pass to 1921.Xr inetd 8 . 1922.It Va hastd_enable 1923.Pq Vt bool 1924If set to 1925.Dq Li YES , 1926run the 1927.Xr hastd 8 1928daemon. 1929.It Va hastd_program 1930.Pq Vt str 1931Path to 1932.Xr hastd 8 1933(default 1934.Pa /sbin/hastd ) . 1935.It Va hastd_flags 1936.Pq Vt str 1937If 1938.Va hastd_enable 1939is set to 1940.Dq Li YES , 1941these are the flags to pass to 1942.Xr hastd 8 . 1943.It Va named_enable 1944.Pq Vt bool 1945If set to 1946.Dq Li YES , 1947run the 1948.Xr named 8 1949daemon. 1950.It Va named_program 1951.Pq Vt str 1952Path to 1953.Xr named 8 1954(default 1955.Pa /usr/sbin/named ) . 1956.It Va named_conf 1957.Pq Vt str 1958Path to 1959.Xr named 8 1960configuration file, (default 1961.Pa /etc/namedb/named.conf ) . 1962.It Va named_flags 1963.Pq Vt str 1964If 1965.Va named_enable 1966is set to 1967.Dq Li YES , 1968these are the flags to pass to 1969.Xr named 8 . 1970.It Va named_uid 1971.Pq Vt str 1972The user that the 1973.Xr named 8 1974process should be run as. 1975.It Va named_chrootdir 1976.Pq Vt str 1977The root directory for a name server run in a 1978.Xr chroot 8 1979environment (default 1980.Pa /var/named ) . 1981If left empty 1982.Xr named 8 1983will not be run in a 1984.Xr chroot 8 1985environment. 1986.It Va named_chroot_autoupdate 1987.Pq Vt bool 1988Set to 1989.Dq Li NO 1990to disable automatic update of the 1991.Xr chroot 8 1992environment. 1993.It Va named_symlink_enable 1994.Pq Vt bool 1995Set to 1996.Dq Li NO 1997to disable symlinking of 1998daemon's PID file 1999into the 2000.Xr chroot 8 2001environment. 2002.It Va named_wait 2003.Pq Vt bool 2004Set to have 2005.Pa /etc/rc.d/named 2006loop until working name service is established. 2007.It Va named_wait_host 2008.Pq Vt str 2009Name of host to lookup for the named_wait option. 2010(Default localhost) 2011.It Va named_auto_forward 2012.Pq Vt bool 2013Set to enable automatic creation of a forwarder 2014configuration file derived from 2015.Pa /etc/resolv.conf . 2016.It Va named_auto_forward_only 2017.Pq Vt bool 2018Set to change the default forwarder configuration from 2019.Dq forward first 2020to 2021.Dq forward only . 2022.It Va kerberos5_server_enable 2023.Pq Vt bool 2024Set to 2025.Dq Li YES 2026to start a Kerberos 5 authentication server 2027at boot time. 2028.It Va kerberos5_server 2029.Pq Vt str 2030If 2031.Va kerberos5_server_enable 2032is set to 2033.Dq Li YES 2034this is the path to Kerberos 5 Authentication Server. 2035.It Va kerberos5_server_flags 2036.Pq Vt str 2037Empty by default. 2038This variable contains additional flags to be passed to the Kerberos 5 2039authentication server. 2040.It Va kadmind5_server_enable 2041.Pq Vt bool 2042Set to 2043.Dq Li YES 2044to start 2045.Xr kadmind 8 , 2046the Kerberos 5 Administration Daemon; set to 2047.Dq Li NO 2048on a slave server. 2049.It Va kadmind5_server 2050.Pq Vt str 2051If 2052.Va kadmind5_server_enable 2053is set to 2054.Dq Li YES 2055this is the path to Kerberos 5 Administration Daemon. 2056.It Va kpasswdd_server_enable 2057.Pq Vt bool 2058Set to 2059.Dq Li YES 2060to start 2061.Xr kpasswdd 8 , 2062the Kerberos 5 Password-Changing Daemon; set to 2063.Dq Li NO 2064on a slave server. 2065.It Va kpasswdd_server 2066.Pq Vt str 2067If 2068.Va kpasswdd_server_enable 2069is set to 2070.Dq Li YES 2071this is the path to Kerberos 5 Password-Changing Daemon. 2072.It Va rwhod_enable 2073.Pq Vt bool 2074If set to 2075.Dq Li YES , 2076run the 2077.Xr rwhod 8 2078daemon at boot time. 2079.It Va rwhod_flags 2080.Pq Vt str 2081If 2082.Va rwhod_enable 2083is set to 2084.Dq Li YES , 2085these are the flags to pass to it. 2086.It Va amd_enable 2087.Pq Vt bool 2088If set to 2089.Dq Li YES , 2090run the 2091.Xr amd 8 2092daemon at boot time. 2093.It Va amd_flags 2094.Pq Vt str 2095If 2096.Va amd_enable 2097is set to 2098.Dq Li YES , 2099these are the flags to pass to it. 2100See the 2101.Xr amd 8 2102manpage for more information. 2103.It Va amd_map_program 2104.Pq Vt str 2105If set, 2106the specified program is run to get the list of 2107.Xr amd 8 2108maps. 2109For example, if the 2110.Xr amd 8 2111maps are stored in NIS, one can set this to 2112run 2113.Xr ypcat 1 2114to get a list of 2115.Xr amd 8 2116maps from the 2117.Pa amd.master 2118NIS map. 2119.It Va update_motd 2120.Pq Vt bool 2121If set to 2122.Dq Li YES , 2123.Pa /etc/motd 2124will be updated at boot time to reflect the kernel release 2125being run. 2126If set to 2127.Dq Li NO , 2128.Pa /etc/motd 2129will not be updated. 2130.It Va nfs_client_enable 2131.Pq Vt bool 2132If set to 2133.Dq Li YES , 2134run the NFS client daemons at boot time. 2135.It Va nfs_access_cache 2136.Pq Vt int 2137If 2138.Va nfs_client_enable 2139is set to 2140.Dq Li YES , 2141this can be set to 2142.Dq Li 0 2143to disable NFS ACCESS RPC caching, or to the number of seconds for which 2144NFS ACCESS 2145results should be cached. 2146A value of 2-10 seconds will substantially reduce network 2147traffic for many NFS operations. 2148.It Va nfs_server_enable 2149.Pq Vt bool 2150If set to 2151.Dq Li YES , 2152run the NFS server daemons at boot time. 2153.It Va nfs_server_flags 2154.Pq Vt str 2155If 2156.Va nfs_server_enable 2157is set to 2158.Dq Li YES , 2159these are the flags to pass to the 2160.Xr nfsd 8 2161daemon. 2162.It Va nfsv4_server_enable 2163.Pq Vt bool 2164If 2165.Va nfs_server_enable 2166is set to 2167.Dq Li YES 2168and 2169.Va nfsv4_server_enable 2170are set to 2171.Dq Li YES , 2172enable the server for NFSv4 as well as NFSv2 and NFSv3. 2173.It Va nfsuserd_enable 2174.Pq Vt bool 2175If 2176.Va nfsuserd_enable 2177is set to 2178.Dq Li YES , 2179run the nfsuserd daemon, which is needed for NFSv4 in order 2180to map between user/group names vs uid/gid numbers. 2181If 2182.Va nfsv4_server_enable 2183is set to 2184.Dq Li YES , 2185this will be forced enabled. 2186.It Va nfsuserd_flags 2187.Pq Vt str 2188If 2189.Va nfsuserd_enable 2190is set to 2191.Dq Li YES , 2192these are the flags to pass to the 2193.Xr nfsuserd 8 2194daemon. 2195.It Va nfscbd_enable 2196.Pq Vt bool 2197If 2198.Va nfscbd_enable 2199is set to 2200.Dq Li YES , 2201run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2202.It Va nfscbd_flags 2203.Pq Vt str 2204If 2205.Va nfscbd_enable 2206is set to 2207.Dq Li YES , 2208these are the flags to pass to the 2209.Xr nfscbd 8 2210daemon. 2211.It Va oldnfs_server_enable 2212.Pq Vt bool 2213If 2214.Va oldnfs_server_enable 2215is set to 2216.Dq Li YES , 2217force the NFS server daemons to run the old NFS server code 2218that does not support NFSv4. 2219.It Va mountd_enable 2220.Pq Vt bool 2221If set to 2222.Dq Li YES , 2223and no 2224.Va nfs_server_enable 2225is set, start 2226.Xr mountd 8 , 2227but not 2228.Xr nfsd 8 2229daemon. 2230It is commonly needed to run CFS without real NFS used. 2231.It Va mountd_flags 2232.Pq Vt str 2233If 2234.Va mountd_enable 2235is set to 2236.Dq Li YES , 2237these are the flags to pass to the 2238.Xr mountd 8 2239daemon. 2240.It Va weak_mountd_authentication 2241.Pq Vt bool 2242If set to 2243.Dq Li YES , 2244allow services like PCNFSD to make non-privileged mount 2245requests. 2246.It Va nfs_reserved_port_only 2247.Pq Vt bool 2248If set to 2249.Dq Li YES , 2250provide NFS services only on a secure port. 2251.It Va nfs_bufpackets 2252.Pq Vt int 2253If set to a number, indicates the number of packets worth of 2254socket buffer space to reserve on an NFS client. 2255The kernel default is typically 4. 2256Using a higher number may be 2257useful on gigabit networks to improve performance. 2258The minimum value is 22592 and the maximum is 64. 2260.It Va rpc_lockd_enable 2261.Pq Vt bool 2262If set to 2263.Dq Li YES 2264and also an NFS server or client, run 2265.Xr rpc.lockd 8 2266at boot time. 2267.It Va rpc_lockd_flags 2268.Pq Vt str 2269If 2270.Va rpc_lockd_enable 2271is set to 2272.Dq Li YES , 2273these are the flags to pass to the 2274.Xr rpc.lockd 8 2275daemon. 2276.It Va rpc_statd_enable 2277.Pq Vt bool 2278If set to 2279.Dq Li YES 2280and also an NFS server or client, run 2281.Xr rpc.statd 8 2282at boot time. 2283.It Va rpc_statd_flags 2284.Pq Vt str 2285If 2286.Va rpc_statd_enable 2287is set to 2288.Dq Li YES , 2289these are the flags to pass to the 2290.Xr rpc.statd 8 2291daemon. 2292.It Va rpcbind_program 2293.Pq Vt str 2294Path to 2295.Xr rpcbind 8 2296(default 2297.Pa /usr/sbin/rpcbind ) . 2298.It Va rpcbind_enable 2299.Pq Vt bool 2300If set to 2301.Dq Li YES , 2302run the 2303.Xr rpcbind 8 2304service at boot time. 2305.It Va rpcbind_flags 2306.Pq Vt str 2307If 2308.Va rpcbind_enable 2309is set to 2310.Dq Li YES , 2311these are the flags to pass to the 2312.Xr rpcbind 8 2313daemon. 2314.It Va keyserv_enable 2315.Pq Vt bool 2316If set to 2317.Dq Li YES , 2318run the 2319.Xr keyserv 8 2320daemon on boot for running Secure RPC. 2321.It Va keyserv_flags 2322.Pq Vt str 2323If 2324.Va keyserv_enable 2325is set to 2326.Dq Li YES , 2327these are the flags to pass to 2328.Xr keyserv 8 2329daemon. 2330.It Va pppoed_enable 2331.Pq Vt bool 2332If set to 2333.Dq Li YES , 2334run the 2335.Xr pppoed 8 2336daemon at boot time to provide PPP over Ethernet services. 2337.It Va pppoed_ Ns Aq Ar provider 2338.Pq Vt str 2339.Xr pppoed 8 2340listens to requests to this 2341.Ar provider 2342and ultimately runs 2343.Xr ppp 8 2344with a 2345.Ar system 2346argument of the same name. 2347.It Va pppoed_flags 2348.Pq Vt str 2349Additional flags to pass to 2350.Xr pppoed 8 . 2351.It Va pppoed_interface 2352.Pq Vt str 2353The network interface to run 2354.Xr pppoed 8 2355on. 2356This is mandatory when 2357.Va pppoed_enable 2358is set to 2359.Dq Li YES . 2360.It Va timed_enable 2361.Pq Vt bool 2362If set to 2363.Dq Li YES , 2364run the 2365.Xr timed 8 2366service at boot time. 2367This command is intended for networks of 2368machines where a consistent 2369.Dq "network time" 2370for all hosts must be established. 2371This is often useful in large NFS 2372environments where time stamps on files are expected to be consistent 2373network-wide. 2374.It Va timed_flags 2375.Pq Vt str 2376If 2377.Va timed_enable 2378is set to 2379.Dq Li YES , 2380these are the flags to pass to the 2381.Xr timed 8 2382service. 2383.It Va ntpdate_enable 2384.Pq Vt bool 2385If set to 2386.Dq Li YES , 2387run 2388.Xr ntpdate 8 2389at system startup. 2390This command is intended to 2391synchronize the system clock only 2392.Em once 2393from some standard reference. 2394An option to set this up initially 2395(from a list of known servers) is also provided by the 2396.Xr sysinstall 8 2397program when the system is first installed. 2398.It Va ntpdate_config 2399.Pq Vt str 2400Configuration file for 2401.Xr ntpdate 8 . 2402Default 2403.Pa /etc/ntp.conf . 2404.It Va ntpdate_hosts 2405.Pq Vt str 2406A whitespace-separated list of NTP servers to synchronize with at startup. 2407The default is to use the servers listed in 2408.Va ntpdate_config , 2409if that file exists. 2410.It Va ntpdate_program 2411.Pq Vt str 2412Path to 2413.Xr ntpdate 8 2414(default 2415.Pa /usr/sbin/ntpdate ) . 2416.It Va ntpdate_flags 2417.Pq Vt str 2418If 2419.Va ntpdate_enable 2420is set to 2421.Dq Li YES , 2422these are the flags to pass to the 2423.Xr ntpdate 8 2424command (typically a hostname). 2425.It Va ntpd_enable 2426.Pq Vt bool 2427If set to 2428.Dq Li YES , 2429run the 2430.Xr ntpd 8 2431command at boot time. 2432.It Va ntpd_program 2433.Pq Vt str 2434Path to 2435.Xr ntpd 8 2436(default 2437.Pa /usr/sbin/ntpd ) . 2438.It Va ntpd_config 2439.Pq Vt str 2440Path to 2441.Xr ntpd 8 2442configuration file. 2443Default 2444.Pa /etc/ntp.conf . 2445.It Va ntpd_flags 2446.Pq Vt str 2447If 2448.Va ntpd_enable 2449is set to 2450.Dq Li YES , 2451these are the flags to pass to the 2452.Xr ntpd 8 2453daemon. 2454.It Va ntpd_sync_on_start 2455.Pq Vt bool 2456If set to 2457.Dq Li YES , 2458.Xr ntpd 8 2459is run with the 2460.Fl g 2461flag, which syncs the system's clock on startup. 2462See 2463.Xr ntpd 8 2464for more information regarding the 2465.Fl g 2466option. 2467This is a preferred alternative to using 2468.Xr ntpdate 8 2469or specifying the 2470.Va ntpdate_enable 2471variable. 2472.It Va nis_client_enable 2473.Pq Vt bool 2474If set to 2475.Dq Li YES , 2476run the 2477.Xr ypbind 8 2478service at system boot time. 2479.It Va nis_client_flags 2480.Pq Vt str 2481If 2482.Va nis_client_enable 2483is set to 2484.Dq Li YES , 2485these are the flags to pass to the 2486.Xr ypbind 8 2487service. 2488.It Va nis_ypset_enable 2489.Pq Vt bool 2490If set to 2491.Dq Li YES , 2492run the 2493.Xr ypset 8 2494daemon at system boot time. 2495.It Va nis_ypset_flags 2496.Pq Vt str 2497If 2498.Va nis_ypset_enable 2499is set to 2500.Dq Li YES , 2501these are the flags to pass to the 2502.Xr ypset 8 2503daemon. 2504.It Va nis_server_enable 2505.Pq Vt bool 2506If set to 2507.Dq Li YES , 2508run the 2509.Xr ypserv 8 2510daemon at system boot time. 2511.It Va nis_server_flags 2512.Pq Vt str 2513If 2514.Va nis_server_enable 2515is set to 2516.Dq Li YES , 2517these are the flags to pass to the 2518.Xr ypserv 8 2519daemon. 2520.It Va nis_ypxfrd_enable 2521.Pq Vt bool 2522If set to 2523.Dq Li YES , 2524run the 2525.Xr rpc.ypxfrd 8 2526daemon at system boot time. 2527.It Va nis_ypxfrd_flags 2528.Pq Vt str 2529If 2530.Va nis_ypxfrd_enable 2531is set to 2532.Dq Li YES , 2533these are the flags to pass to the 2534.Xr rpc.ypxfrd 8 2535daemon. 2536.It Va nis_yppasswdd_enable 2537.Pq Vt bool 2538If set to 2539.Dq Li YES , 2540run the 2541.Xr rpc.yppasswdd 8 2542daemon at system boot time. 2543.It Va nis_yppasswdd_flags 2544.Pq Vt str 2545If 2546.Va nis_yppasswdd_enable 2547is set to 2548.Dq Li YES , 2549these are the flags to pass to the 2550.Xr rpc.yppasswdd 8 2551daemon. 2552.It Va rpc_ypupdated_enable 2553.Pq Vt bool 2554If set to 2555.Dq Li YES , 2556run the 2557.Nm rpc.ypupdated 2558daemon at system boot time. 2559.It Va bsnmpd_enable 2560.Pq Vt bool 2561If set to 2562.Dq Li YES , 2563run the 2564.Xr bsnmpd 1 2565daemon at system boot time. 2566Be sure to understand the security implications of running SNMP daemon 2567on your host. 2568.It Va bsnmpd_flags 2569.Pq Vt str 2570If 2571.Va bsnmpd_enable 2572is set to 2573.Dq Li YES , 2574these are the flags to pass to the 2575.Xr bsnmpd 1 2576daemon. 2577.It Va defaultrouter 2578.Pq Vt str 2579If not set to 2580.Dq Li NO , 2581create a default route to this host name or IP address 2582(use an IP address if this router is also required to get to the 2583name server!). 2584.It Va ipv6_defaultrouter 2585.Pq Vt str 2586The IPv6 equivalent of 2587.Va defaultrouter . 2588.It Va static_arp_pairs 2589.Pq Vt str 2590Set to the list of static ARP pairs that are to be added at system 2591boot time. 2592For each whitespace separated 2593.Ar element 2594in the value, a 2595.Va static_arp_ Ns Aq Ar element 2596variable is assumed to exist whose contents will later be passed to a 2597.Dq Nm arp Cm -S 2598operation. 2599For example 2600.Bd -literal 2601static_arp_pairs="gw" 2602static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2603.Ed 2604.It Va static_ndp_pairs 2605.Pq Vt str 2606Set to the list of static NDP pairs that are to be added at system 2607boot time. 2608For each whitespace separated 2609.Ar element 2610in the value, a 2611.Va static_ndp_ Ns Aq Ar element 2612variable is assumed to exist whose contents will later be passed to a 2613.Dq Nm ndp Cm -s 2614operation. 2615For example 2616.Bd -literal 2617static_ndp_pairs="gw" 2618static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2619.Ed 2620.It Va static_routes 2621.Pq Vt str 2622Set to the list of static routes that are to be added at system 2623boot time. 2624If not set to 2625.Dq Li NO 2626then for each whitespace separated 2627.Ar element 2628in the value, a 2629.Va route_ Ns Aq Ar element 2630variable is assumed to exist 2631whose contents will later be passed to a 2632.Dq Nm route Cm add 2633operation. 2634For example: 2635.Bd -literal 2636static_routes="mcast gif0local" 2637route_mcast="-net 224.0.0.0/4 -iface gif0" 2638route_gif0local="-host 169.254.1.1 -iface lo0" 2639.Ed 2640.It Va ipv6_static_routes 2641.Pq Vt str 2642The IPv6 equivalent of 2643.Va static_routes . 2644If not set to 2645.Dq Li NO 2646then for each whitespace separated 2647.Ar element 2648in the value, a 2649.Va ipv6_route_ Ns Aq Ar element 2650variable is assumed to exist 2651whose contents will later be passed to a 2652.Dq Nm route Cm add Fl inet6 2653operation. 2654.It Va natm_static_routes 2655.Pq Vt str 2656The 2657.Xr natmip 4 2658equivalent of 2659.Va static_routes . 2660If not empty then for each whitespace separated 2661.Ar element 2662in the value, a 2663.Va route_ Ns Aq Ar element 2664variable is assumed to exist whose contents will later be passed to a 2665.Dq Nm atmconfig Cm natm Cm add 2666operation. 2667.It Va gateway_enable 2668.Pq Vt bool 2669If set to 2670.Dq Li YES , 2671configure host to act as an IP router, e.g.\& to forward packets 2672between interfaces. 2673.It Va ipv6_gateway_enable 2674.Pq Vt bool 2675The IPv6 equivalent of 2676.Va gateway_enable . 2677.It Va routed_enable 2678.Pq Vt bool 2679If set to 2680.Dq Li YES , 2681run a routing daemon of some sort, based on the 2682settings of 2683.Va routed_program 2684and 2685.Va routed_flags . 2686.It Va route6d_enable 2687.Pq Vt bool 2688The IPv6 equivalent of 2689.Va routed_enable . 2690If set to 2691.Dq Li YES , 2692run a routing daemon of some sort, based on the 2693settings of 2694.Va route6d_program 2695and 2696.Va route6d_flags . 2697.It Va routed_program 2698.Pq Vt str 2699If 2700.Va routed_enable 2701is set to 2702.Dq Li YES , 2703this is the name of the routing daemon to use. 2704.It Va route6d_program 2705.Pq Vt str 2706The IPv6 equivalent of 2707.Va routed_program . 2708.It Va routed_flags 2709.Pq Vt str 2710If 2711.Va routed_enable 2712is set to 2713.Dq Li YES , 2714these are the flags to pass to the routing daemon. 2715.It Va route6d_flags 2716.Pq Vt str 2717The IPv6 equivalent of 2718.Va routed_flags . 2719.It Va mrouted_enable 2720.Pq Vt bool 2721If set to 2722.Dq Li YES , 2723run the multicast routing daemon, 2724.Xr mrouted 8 . 2725.It Va mroute6d_enable 2726.Pq Vt bool 2727The IPv6 equivalent of 2728.Va mrouted_enable . 2729If set to 2730.Dq Li YES , 2731run the IPv6 multicast routing daemon. 2732.Pp 2733Note that multicast routing daemons are no longer included in the 2734.Fx 2735base system, however, both 2736.Xr mrouted 8 2737and 2738.Xr pim6dd 8 2739may be installed from the 2740.Fx 2741Ports Collection. 2742.It Va mrouted_flags 2743.Pq Vt str 2744If 2745.Va mrouted_enable 2746is set to 2747.Dq Li YES , 2748these are the flags to pass to the 2749.Xr mrouted 8 2750daemon. 2751.It Va mroute6d_flags 2752.Pq Vt str 2753The IPv6 equivalent of 2754.Va mrouted_flags . 2755If 2756.Va mroute6d_enable 2757is set to 2758.Dq Li YES , 2759these are the flags passed to the IPv6 multicast routing daemon. 2760.It Va mroute6d_program 2761.Pq Vt str 2762If 2763.Va mroute6d_enable 2764is set to 2765.Dq Li YES , 2766this is the path to the IPv6 multicast routing daemon. 2767.It Va rtadvd_enable 2768.Pq Vt bool 2769If set to 2770.Dq Li YES , 2771run the 2772.Xr rtadvd 8 2773daemon at boot time. 2774The 2775.Xr rtadvd 8 2776utility sends ICMPv6 Router Advertisement messages to 2777the interfaces specified in 2778.Va rtadvd_interfaces . 2779This should only be enabled with great care. 2780You may want to fine-tune 2781.Xr rtadvd.conf 5 . 2782.It Va rtadvd_interfaces 2783.Pq Vt str 2784If 2785.Va rtadvd_enable 2786is set to 2787.Dq Li YES 2788this is the list of interfaces to use. 2789.It Va ipxgateway_enable 2790.Pq Vt bool 2791If set to 2792.Dq Li YES , 2793enable the routing of IPX traffic. 2794.It Va ipxrouted_enable 2795.Pq Vt bool 2796If set to 2797.Dq Li YES , 2798run the 2799.Xr IPXrouted 8 2800daemon at system boot time. 2801.It Va ipxrouted_flags 2802.Pq Vt str 2803If 2804.Va ipxrouted_enable 2805is set to 2806.Dq Li YES , 2807these are the flags to pass to the 2808.Xr IPXrouted 8 2809daemon. 2810.It Va arpproxy_all 2811.Pq Vt bool 2812If set to 2813.Dq Li YES , 2814enable global proxy ARP. 2815.It Va forward_sourceroute 2816.Pq Vt bool 2817If set to 2818.Dq Li YES 2819and 2820.Va gateway_enable 2821is also set to 2822.Dq Li YES , 2823source-routed packets are forwarded. 2824.It Va accept_sourceroute 2825.Pq Vt bool 2826If set to 2827.Dq Li YES , 2828the system will accept source-routed packets directed at it. 2829.It Va rarpd_enable 2830.Pq Vt bool 2831If set to 2832.Dq Li YES , 2833run the 2834.Xr rarpd 8 2835daemon at system boot time. 2836.It Va rarpd_flags 2837.Pq Vt str 2838If 2839.Va rarpd_enable 2840is set to 2841.Dq Li YES , 2842these are the flags to pass to the 2843.Xr rarpd 8 2844daemon. 2845.It Va bootparamd_enable 2846.Pq Vt bool 2847If set to 2848.Dq Li YES , 2849run the 2850.Xr bootparamd 8 2851daemon at system boot time. 2852.It Va bootparamd_flags 2853.Pq Vt str 2854If 2855.Va bootparamd_enable 2856is set to 2857.Dq Li YES , 2858these are the flags to pass to the 2859.Xr bootparamd 8 2860daemon. 2861.It Va stf_interface_ipv4addr 2862.Pq Vt str 2863If not set to 2864.Dq Li NO , 2865this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2866interface). 2867Specify this entry to enable the 6to4 interface. 2868.It Va stf_interface_ipv4plen 2869.Pq Vt int 2870Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2871An effective value is 0-31. 2872.It Va stf_interface_ipv6_ifid 2873.Pq Vt str 2874IPv6 interface ID for 2875.Xr stf 4 . 2876This can be set to 2877.Dq Li AUTO . 2878.It Va stf_interface_ipv6_slaid 2879.Pq Vt str 2880IPv6 Site Level Aggregator for 2881.Xr stf 4 . 2882.It Va ipv6_faith_prefix 2883.Pq Vt str 2884If not set to 2885.Dq Li NO , 2886this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2887translator. 2888You also need 2889.Xr faithd 8 2890setup. 2891.It Va ipv6_ipv4mapping 2892.Pq Vt bool 2893If set to 2894.Dq Li YES 2895this enables IPv4 mapped IPv6 address communication (like 2896.Li ::ffff:a.b.c.d ) . 2897.It Va atm_enable 2898.Pq Vt bool 2899Set to 2900.Dq Li YES 2901to enable the configuration of ATM interfaces at system boot time. 2902For all of the ATM variables described below, please refer to the 2903.Xr atm 8 2904manual page for further details on the available command parameters. 2905Also refer to the files in 2906.Pa /usr/share/examples/atm 2907for more detailed configuration information. 2908.It Va atm_load 2909.Pq Vt str 2910This is a list of physical ATM interface drivers to load. 2911Typical values are 2912.Dq Li hfa_pci 2913and/or 2914.Dq Li hea_pci . 2915.It Va atm_netif_ Ns Aq Ar intf 2916.Pq Vt str 2917For the ATM physical interface 2918.Ar intf , 2919this variable defines the name prefix and count for the ATM network 2920interfaces to be created. 2921The value will be passed as the parameters of an 2922.Dq Nm atm Cm "set netif" Ar intf 2923command. 2924.It Va atm_sigmgr_ Ns Aq Ar intf 2925.Pq Vt str 2926For the ATM physical interface 2927.Ar intf , 2928this variable defines the ATM signalling manager to be used. 2929The value will be passed as the parameters of an 2930.Dq Nm atm Cm attach Ar intf 2931command. 2932.It Va atm_prefix_ Ns Aq Ar intf 2933.Pq Vt str 2934For the ATM physical interface 2935.Ar intf , 2936this variable defines the NSAP prefix for interfaces using a UNI signalling 2937manager. 2938If set to 2939.Dq Li ILMI , 2940the prefix will automatically be set via the 2941.Xr ilmid 8 2942daemon. 2943Otherwise, the value will be passed as the parameters of an 2944.Dq Nm atm Cm "set prefix" Ar intf 2945command. 2946.It Va atm_macaddr_ Ns Aq Ar intf 2947.Pq Vt str 2948For the ATM physical interface 2949.Ar intf , 2950this variable defines the MAC address for interfaces using a UNI signalling 2951manager. 2952If set to 2953.Dq Li NO , 2954the hardware MAC address contained in the ATM interface card will be used. 2955Otherwise, the value will be passed as the parameters of an 2956.Dq Nm atm Cm "set mac" Ar intf 2957command. 2958.It Va atm_arpserver_ Ns Aq Ar netif 2959.Pq Vt str 2960For the ATM network interface 2961.Ar netif , 2962this variable defines the ATM address for a host which is to provide ATMARP 2963service. 2964This variable is only applicable to interfaces using a UNI signalling 2965manager. 2966If set to 2967.Dq Li local , 2968this host will become an ATMARP server. 2969The value will be passed as the parameters of an 2970.Dq Nm atm Cm "set arpserver" Ar netif 2971command. 2972.It Va atm_scsparp_ Ns Aq Ar netif 2973.Pq Vt bool 2974If set to 2975.Dq Li YES , 2976SCSP/ATMARP service for the network interface 2977.Ar netif 2978will be initiated using the 2979.Xr scspd 8 2980and 2981.Xr atmarpd 8 2982daemons. 2983This variable is only applicable if 2984.Va atm_arpserver_ Ns Aq Ar netif 2985is set to 2986.Dq Li local . 2987.It Va atm_pvcs 2988.Pq Vt str 2989Set to the list of ATM PVCs to be added at system 2990boot time. 2991For each whitespace separated 2992.Ar element 2993in the value, an 2994.Va atm_pvc_ Ns Aq Ar element 2995variable is assumed to exist. 2996The value of each of these variables 2997will be passed as the parameters of an 2998.Dq Nm atm Cm "add pvc" 2999command. 3000.It Va atm_arps 3001.Pq Vt str 3002Set to the list of permanent ATM ARP entries to be added 3003at system boot time. 3004For each whitespace separated 3005.Ar element 3006in the value, an 3007.Va atm_arp_ Ns Aq Ar element 3008variable is assumed to exist. 3009The value of each of these variables 3010will be passed as the parameters of an 3011.Dq Nm atm Cm "add arp" 3012command. 3013.It Va natm_interfaces 3014.Pq Vt str 3015Set to the list of 3016.Xr natm 4 3017interfaces that will also be used for HARP through 3018.Xr harp 4 . 3019If this list is not empty all interfaces in the list will be brought up 3020with 3021.Xr ifconfig 8 3022and 3023.Xr harp 4 3024will be loaded. 3025For this to work the interface drivers must be either compiled into the 3026kernel or must reside on the root partition. 3027.It Va keybell 3028.Pq Vt str 3029The keyboard bell sound. 3030Set to 3031.Dq Li normal , 3032.Dq Li visual , 3033.Dq Li off , 3034or 3035.Dq Li NO 3036if the default behavior is desired. 3037For details, refer to the 3038.Xr kbdcontrol 1 3039manpage. 3040.It Va keyboard 3041.Pq Vt str 3042If set to a non-null string, the virtual console's keyboard input is 3043set to this device. 3044.It Va keymap 3045.Pq Vt str 3046If set to 3047.Dq Li NO , 3048no keymap is installed, otherwise the value is used to install 3049the keymap file in 3050.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3051.It Va keyrate 3052.Pq Vt str 3053The keyboard repeat speed. 3054Set to 3055.Dq Li slow , 3056.Dq Li normal , 3057.Dq Li fast , 3058or 3059.Dq Li NO 3060if the default behavior is desired. 3061.It Va keychange 3062.Pq Vt str 3063If not set to 3064.Dq Li NO , 3065attempt to program the function keys with the value. 3066The value should 3067be a single string of the form: 3068.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3069.It Va cursor 3070.Pq Vt str 3071Can be set to the value of 3072.Dq Li normal , 3073.Dq Li blink , 3074.Dq Li destructive , 3075or 3076.Dq Li NO 3077to set the cursor behavior explicitly or choose the default behavior. 3078.It Va scrnmap 3079.Pq Vt str 3080If set to 3081.Dq Li NO , 3082no screen map is installed, otherwise the value is used to install 3083the screen map file in 3084.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3085.It Va font8x16 3086.Pq Vt str 3087If set to 3088.Dq Li NO , 3089the default 8x16 font value is used for screen size requests, otherwise 3090the value in 3091.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3092is used. 3093.It Va font8x14 3094.Pq Vt str 3095If set to 3096.Dq Li NO , 3097the default 8x14 font value is used for screen size requests, otherwise 3098the value in 3099.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3100is used. 3101.It Va font8x8 3102.Pq Vt str 3103If set to 3104.Dq Li NO , 3105the default 8x8 font value is used for screen size requests, otherwise 3106the value in 3107.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3108is used. 3109.It Va blanktime 3110.Pq Vt int 3111If set to 3112.Dq Li NO , 3113the default screen blanking interval is used, otherwise it is set 3114to 3115.Ar value 3116seconds. 3117.It Va saver 3118.Pq Vt str 3119If not set to 3120.Dq Li NO , 3121this is the actual screen saver to use 3122.Li ( blank , snake , daemon , 3123etc). 3124.It Va moused_nondefault_enable 3125.Pq Vt str 3126If set to 3127.Dq Li NO , 3128the mouse device specified on 3129the command line is not automatically treated as enabled by the 3130.Pa /etc/rc.d/moused 3131script. 3132Having this variable set to 3133.Dq Li YES 3134allows a 3135.Xr usb 4 3136mouse, 3137for example, 3138to be enabled as soon as it is plugged in. 3139.It Va moused_enable 3140.Pq Vt str 3141If set to 3142.Dq Li YES , 3143the 3144.Xr moused 8 3145daemon is started for doing cut/paste selection on the console. 3146.It Va moused_type 3147.Pq Vt str 3148This is the protocol type of the mouse connected to this host. 3149This variable must be set if 3150.Va moused_enable 3151is set to 3152.Dq Li YES . 3153The 3154.Xr moused 8 3155daemon 3156is able to detect the appropriate mouse type automatically in many cases. 3157Set this variable to 3158.Dq Li auto 3159to let the daemon detect it, or 3160select one from the following list if the automatic detection fails. 3161.Pp 3162If the mouse is attached to the PS/2 mouse port, choose 3163.Dq Li auto 3164or 3165.Dq Li ps/2 , 3166regardless of the brand and model of the mouse. 3167Likewise, if the 3168mouse is attached to the bus mouse port, choose 3169.Dq Li auto 3170or 3171.Dq Li busmouse . 3172All other protocols are for serial mice and will not work with 3173the PS/2 and bus mice. 3174If this is a USB mouse, 3175.Dq Li auto 3176is the only protocol type which will work. 3177.Pp 3178.Bl -tag -width ".Li x10mouseremote" -compact 3179.It Li microsoft 3180Microsoft mouse (serial) 3181.It Li intellimouse 3182Microsoft IntelliMouse (serial) 3183.It Li mousesystems 3184Mouse systems Corp.\& mouse (serial) 3185.It Li mmseries 3186MM Series mouse (serial) 3187.It Li logitech 3188Logitech mouse (serial) 3189.It Li busmouse 3190A bus mouse 3191.It Li mouseman 3192Logitech MouseMan and TrackMan (serial) 3193.It Li glidepoint 3194ALPS GlidePoint (serial) 3195.It Li thinkingmouse 3196Kensington ThinkingMouse (serial) 3197.It Li ps/2 3198PS/2 mouse 3199.It Li mmhittab 3200MM HitTablet (serial) 3201.It Li x10mouseremote 3202X10 MouseRemote (serial) 3203.It Li versapad 3204Interlink VersaPad (serial) 3205.El 3206.Pp 3207Even if the mouse is not in the above list, it may be compatible 3208with one in the list. 3209Refer to the manual page for 3210.Xr moused 8 3211for compatibility information. 3212.Pp 3213It should also be noted that while this is enabled, any 3214other client of the mouse (such as an X server) should access 3215the mouse through the virtual mouse device, 3216.Pa /dev/sysmouse , 3217and configure it as a 3218.Dq Li sysmouse 3219type mouse, since all 3220mouse data is converted to this single canonical format when 3221using 3222.Xr moused 8 . 3223If the client program does not support the 3224.Dq Li sysmouse 3225type, 3226specify the 3227.Dq Li mousesystems 3228type. 3229It is the second preferred type. 3230.It Va moused_port 3231.Pq Vt str 3232If 3233.Va moused_enable 3234is set to 3235.Dq Li YES , 3236this is the actual port the mouse is on. 3237It might be 3238.Pa /dev/cuad0 3239for a COM1 serial mouse, 3240.Pa /dev/psm0 3241for a PS/2 mouse or 3242.Pa /dev/mse0 3243for a bus mouse, for example. 3244.It Va moused_flags 3245.Pq Vt str 3246If 3247.Va moused_flags 3248is set, its value is used as an additional set of flags to pass to the 3249.Xr moused 8 3250daemon. 3251.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3252When 3253.Va moused_nondefault_enable 3254is enabled, and a 3255.Xr moused 8 3256daemon is started for a non-default port, the 3257.Va "moused_" Ns Ar XXX Ns Va "_flags" 3258set of options has precedence over and replaces the default 3259.Va moused_flags (where 3260.Ar XXX 3261is the name of the non-default port, i.e.\& 3262.Ar ums0 ) . 3263By setting 3264.Va "moused_" Ns Ar XXX Ns Va "_flags" 3265it is possible to set up a different set of default flags for each 3266.Xr moused 8 3267instance. 3268For example, you can use 3269.Dq Li "-3" 3270for the default 3271.Va moused_flags 3272to make your laptop's touchpad more comfortable to use, 3273but an empty set of options for 3274.Va moused_ums0_flags 3275when your 3276.Xr usb 4 3277mouse has three or more buttons. 3278.It Va mousechar_start 3279.Pq Vt int 3280If set to 3281.Dq Li NO , 3282the default mouse cursor character range 3283.Li 0xd0 Ns - Ns Li 0xd3 3284is used, 3285otherwise the range start is set 3286to 3287.Ar value 3288character, see 3289.Xr vidcontrol 1 . 3290Use if the default range is occupied in the language code table. 3291.It Va allscreens_flags 3292.Pq Vt str 3293If set, 3294.Xr vidcontrol 1 3295is run with these options for each of the virtual terminals 3296.Pq Pa /dev/ttyv* . 3297For example, 3298.Dq Fl m Cm on 3299will enable the mouse pointer on all virtual terminals 3300if 3301.Va moused_enable 3302is set to 3303.Dq Li YES . 3304.It Va allscreens_kbdflags 3305.Pq Vt str 3306If set, 3307.Xr kbdcontrol 1 3308is run with these options for each of the virtual terminals 3309.Pq Pa /dev/ttyv* . 3310For example, 3311.Dq Fl h Li 200 3312will set the 3313.Xr syscons 4 3314scrollback (history) buffer to 200 lines. 3315.It Va cron_enable 3316.Pq Vt bool 3317If set to 3318.Dq Li YES , 3319run the 3320.Xr cron 8 3321daemon at system boot time. 3322.It Va cron_program 3323.Pq Vt str 3324Path to 3325.Xr cron 8 3326(default 3327.Pa /usr/sbin/cron ) . 3328.It Va cron_flags 3329.Pq Vt str 3330If 3331.Va cron_enable 3332is set to 3333.Dq Li YES , 3334these are the flags to pass to 3335.Xr cron 8 . 3336.It Va cron_dst 3337.Pq Vt bool 3338If set to 3339.Dq Li YES , 3340enable the special handling of transitions to and from the 3341Daylight Saving Time in 3342.Xr cron 8 3343(equivalent to using the flag 3344.Fl s ) . 3345.It Va lpd_program 3346.Pq Vt str 3347Path to 3348.Xr lpd 8 3349(default 3350.Pa /usr/sbin/lpd ) . 3351.It Va lpd_enable 3352.Pq Vt bool 3353If set to 3354.Dq Li YES , 3355run the 3356.Xr lpd 8 3357daemon at system boot time. 3358.It Va lpd_flags 3359.Pq Vt str 3360If 3361.Va lpd_enable 3362is set to 3363.Dq Li YES , 3364these are the flags to pass to the 3365.Xr lpd 8 3366daemon. 3367.It Va chkprintcap_enable 3368.Pq Vt bool 3369If set to 3370.Dq Li YES , 3371run the 3372.Xr chkprintcap 8 3373command before starting the 3374.Xr lpd 8 3375daemon. 3376.It Va chkprintcap_flags 3377.Pq Vt str 3378If 3379.Va lpd_enable 3380and 3381.Va chkprintcap_enable 3382are set to 3383.Dq Li YES , 3384these are the flags to pass to the 3385.Xr chkprintcap 8 3386program. 3387The default is 3388.Dq Li -d , 3389which causes missing directories to be created. 3390.It Va mta_start_script 3391.Pq Vt str 3392This variable specifies the full path to the script to run to start 3393a mail transfer agent. 3394The default is 3395.Pa /etc/rc.sendmail . 3396The 3397.Va sendmail_* 3398variables which 3399.Pa /etc/rc.sendmail 3400uses are documented in the 3401.Xr rc.sendmail 8 3402manual page. 3403.It Va dumpdev 3404.Pq Vt str 3405Indicates the device (usually a swap partition) to which a crash dump 3406should be written in the event of a system crash. 3407If the value of this variable is 3408.Dq Li AUTO , 3409the first suitable swap device listed in 3410.Pa /etc/fstab 3411will be used as dump device. 3412Otherwise, the value of this variable is passed as the argument to 3413.Xr dumpon 8 . 3414To disable crash dumps, set this variable to 3415.Dq Li NO . 3416.It Va dumpdir 3417.Pq Vt str 3418When the system reboots after a crash and a crash dump is found on the 3419device specified by the 3420.Va dumpdev 3421variable, 3422.Xr savecore 8 3423will save that crash dump and a copy of the kernel to the directory 3424specified by the 3425.Va dumpdir 3426variable. 3427The default value is 3428.Pa /var/crash . 3429Set to 3430.Dq Li NO 3431to not run 3432.Xr savecore 8 3433at boot time when 3434.Va dumpdir 3435is set. 3436.It Va savecore_flags 3437.Pq Vt str 3438If crash dumps are enabled, these are the flags to pass to the 3439.Xr savecore 8 3440utility. 3441.It Va quota_enable 3442.Pq Vt bool 3443Set to 3444.Dq Li YES 3445to turn on user and group disk quotas on system startup via the 3446.Xr quotaon 8 3447command for all file systems marked as having quotas enabled in 3448.Pa /etc/fstab . 3449The kernel must be built with 3450.Cd "options QUOTA" 3451for disk quotas to function. 3452.It Va check_quotas 3453.Pq Vt bool 3454Set to 3455.Dq Li YES 3456to enable user and group disk quota checking via the 3457.Xr quotacheck 8 3458command. 3459.It Va quotacheck_flags 3460.Pq Vt str 3461If 3462.Va quota_enable 3463is set to 3464.Dq Li YES , 3465and 3466.Va check_quotas 3467is set to 3468.Dq Li YES , 3469these are the flags to pass to the 3470.Xr quotacheck 8 3471utility. 3472The default is 3473.Dq Li "-a" , 3474which checks quotas for all file systems with quotas enabled in 3475.Pa /etc/fstab . 3476.It Va quotaon_flags 3477.Pq Vt str 3478If 3479.Va quota_enable 3480is set to 3481.Dq Li YES , 3482these are the flags to pass to the 3483.Xr quotaon 8 3484utility. 3485The default is 3486.Dq Li "-a" , 3487which enables quotas for all file systems with quotas enabled in 3488.Pa /etc/fstab . 3489.It Va quotaoff_flags 3490.Pq Vt str 3491If 3492.Va quota_enable 3493is set to 3494.Dq Li YES , 3495these are the flags to pass to the 3496.Xr quotaoff 8 3497utility when shutting down the quota system. 3498The default is 3499.Dq Li "-a" , 3500which disables quotas for all file systems with quotas enabled in 3501.Pa /etc/fstab . 3502.It Va accounting_enable 3503.Pq Vt bool 3504Set to 3505.Dq Li YES 3506to enable system accounting through the 3507.Xr accton 8 3508facility. 3509.It Va ibcs2_enable 3510.Pq Vt bool 3511Set to 3512.Dq Li YES 3513to enable iBCS2 (SCO) binary emulation at system initial boot 3514time. 3515.It Va ibcs2_loaders 3516.Pq Vt str 3517If not set to 3518.Dq Li NO 3519and if 3520.Va ibcs2_enable 3521is set to 3522.Dq Li YES , 3523this specifies a list of additional iBCS2 loaders to enable. 3524.It Va linux_enable 3525.Pq Vt bool 3526Set to 3527.Dq Li YES 3528to enable Linux/ELF binary emulation at system initial 3529boot time. 3530.It Va svr4_enable 3531.Pq Vt bool 3532If set to 3533.Dq Li YES , 3534enable SysVR4 emulation at boot time. 3535.It Va sysvipc_enable 3536.Pq Vt bool 3537If set to 3538.Dq Li YES , 3539load System V IPC primitives at boot time. 3540.It Va clear_tmp_enable 3541.Pq Vt bool 3542Set to 3543.Dq Li YES 3544to have 3545.Pa /tmp 3546cleaned at startup. 3547.It Va clear_tmp_X 3548.Pq Vt bool 3549Set to 3550.Dq Li NO 3551to disable removing of X11 lock files, 3552and the removal and (secure) recreation 3553of the various socket directories for X11 3554related programs. 3555.It Va ldconfig_paths 3556.Pq Vt str 3557Set to the list of shared library paths to use with 3558.Xr ldconfig 8 . 3559NOTE: 3560.Pa /usr/lib 3561will always be added first, so it need not appear in this list. 3562.It Va ldconfig32_paths 3563.Pq Vt str 3564Set to the list of 32-bit compatibility shared library paths to 3565use with 3566.Xr ldconfig 8 . 3567.It Va ldconfig_paths_aout 3568.Pq Vt str 3569Set to the list of shared library paths to use with 3570.Xr ldconfig 8 3571legacy 3572.Xr a.out 5 3573support. 3574.It Va ldconfig_insecure 3575.Pq Vt bool 3576The 3577.Xr ldconfig 8 3578utility normally refuses to use directories 3579which are writable by anyone except root. 3580Set this variable to 3581.Dq Li YES 3582to disable that security check during system startup. 3583.It Va ldconfig_local_dirs 3584.Pq Vt str 3585Set to the list of local 3586.Xr ldconfig 8 3587directories. 3588The names of all files in the directories listed will be 3589passed as arguments to 3590.Xr ldconfig 8 . 3591.It Va ldconfig_local32_dirs 3592.Pq Vt str 3593Set to the list of local 32-bit compatibility 3594.Xr ldconfig 8 3595directories. 3596The names of all files in the directories listed will be 3597passed as arguments to 3598.Dq Nm ldconfig Fl 32 . 3599.It Va kern_securelevel_enable 3600.Pq Vt bool 3601Set to 3602.Dq Li YES 3603to set the kernel security level at system startup. 3604.It Va kern_securelevel 3605.Pq Vt int 3606The kernel security level to set at startup. 3607The allowed range of 3608.Ar value 3609ranges from \-1 (the compile time default) to 3 (the 3610most secure). 3611See 3612.Xr security 7 3613for the list of possible security levels and their effect 3614on system operation. 3615.It Va sshd_program 3616.Pq Vt str 3617Path to the SSH server program 3618.Pa ( /usr/sbin/sshd 3619is the default). 3620.It Va sshd_enable 3621.Pq Vt bool 3622Set to 3623.Dq Li YES 3624to start 3625.Xr sshd 8 3626at system boot time. 3627.It Va sshd_flags 3628.Pq Vt str 3629If 3630.Va sshd_enable 3631is set to 3632.Dq Li YES , 3633these are the flags to pass to the 3634.Xr sshd 8 3635daemon. 3636.It Va ftpd_program 3637.Pq Vt str 3638Path to the FTP server program 3639.Pa ( /usr/libexec/ftpd 3640is the default). 3641.It Va ftpd_enable 3642.Pq Vt bool 3643Set to 3644.Dq Li YES 3645to start 3646.Xr ftpd 8 3647as a stand-alone daemon at system boot time. 3648.It Va ftpd_flags 3649.Pq Vt str 3650If 3651.Va ftpd_enable 3652is set to 3653.Dq Li YES , 3654these are the additional flags to pass to the 3655.Xr ftpd 8 3656daemon. 3657.It Va watchdogd_enable 3658.Pq Vt bool 3659If set to 3660.Dq Li YES , 3661start the 3662.Xr watchdogd 8 3663daemon at boot time. 3664This requires that the kernel have been compiled with a 3665.Xr watchdog 4 3666compatible device. 3667.It Va watchdogd_flags 3668.Pq Vt str 3669If 3670.Va watchdogd_enable 3671is set to 3672.Dq Li YES , 3673these are the flags passed to the 3674.Xr watchdogd 8 3675daemon. 3676.It Va performance_cx_lowest 3677.Pq Vt str 3678CPU idle state to use while on AC power. 3679The string 3680.Dq Li LOW 3681indicates that 3682.Xr acpi 4 3683should use the lowest power state available while 3684.Dq Li HIGH 3685indicates that the lowest latency state (less power savings) should be used. 3686.It Va performance_cpu_freq 3687.Pq Vt str 3688CPU clock frequency to use while on AC power. 3689The string 3690.Dq Li LOW 3691indicates that 3692.Xr cpufreq 4 3693should use the lowest frequency available while 3694.Dq Li HIGH 3695indicates that the highest frequency (less power savings) should be used. 3696.It Va economy_cx_lowest 3697.Pq Vt str 3698CPU idle state to use when off AC power. 3699The string 3700.Dq Li LOW 3701indicates that 3702.Xr acpi 4 3703should use the lowest power state available while 3704.Dq Li HIGH 3705indicates that the lowest latency state (less power savings) should be used. 3706.It Va economy_cpu_freq 3707.Pq Vt str 3708CPU clock frequency to use when off AC power. 3709The string 3710.Dq Li LOW 3711indicates that 3712.Xr cpufreq 4 3713should use the lowest frequency available while 3714.Dq Li HIGH 3715indicates that the highest frequency (less power savings) should be used. 3716.It Va jail_enable 3717.Pq Vt bool 3718If set to 3719.Dq Li NO , 3720any configured jails will not be started. 3721.It jail_parallel_start 3722.Pq Vt bool 3723If set to 3724.Dq Li YES 3725all configured jails will be started in the background (= in parallel). 3726.It Va jail_list 3727.Pq Vt str 3728A space separated list of names for jails. 3729This is purely a configuration aid to help identify and 3730configure multiple jails. 3731The names specified in this list will be used to 3732identify settings common to an instance of a jail, 3733and should contain alphanumeric characters only. 3734Assuming that the jail in question was named 3735.Li vjail , 3736you would have the following dependent variables: 3737.Bd -literal 3738jail_vjail_hostname="jail.example.com" 3739jail_vjail_ip="192.0.2.100" 3740jail_vjail_rootdir="/var/jails/vjail/root" 3741.Ed 3742.Pp 3743.It Va jail_flags 3744.Pq Vt str 3745Unset by default. 3746When set, use as default value for 3747.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3748for every jail in 3749.Va jail_list . 3750.It Va jail_interface 3751.Pq Vt str 3752Unset by default. 3753When set, use as default value for 3754.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3755for every jail in 3756.Va jail_list . 3757.It Va jail_fstab 3758.Pq Vt str 3759Unset by default. 3760When set, use as default value for 3761.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3762for every jail in 3763.Va jail_list . 3764.It Va jail_mount_enable 3765.Pq Vt bool 3766Set to 3767.Dq Li NO 3768by default. 3769When set to 3770.Dq Li YES , 3771sets 3772.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3773to 3774.Dq Li YES 3775by default for every jail in 3776.Va jail_list . 3777.It Va jail_devfs_ruleset 3778.Pq Vt str 3779Unset by default. 3780When set, sets 3781.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3782to given value for every jail in 3783.Va jail_list . 3784.It Va jail_devfs_enable 3785.Pq Vt bool 3786Set to 3787.Dq Li NO 3788by default. 3789When set to 3790.Dq Li YES , 3791sets 3792.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3793to 3794.Dq Li YES 3795by default for every jail in 3796.Va jail_list . 3797.It Va jail_fdescfs_enable 3798.Pq Vt bool 3799Set to 3800.Dq Li NO 3801by default. 3802When set to 3803.Dq Li YES , 3804sets 3805.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3806to 3807.Dq Li YES 3808by default for every jail in 3809.Va jail_list . 3810.It Va jail_procfs_enable 3811.Pq Vt bool 3812Set to 3813.Dq Li NO 3814by default. 3815When set to 3816.Dq Li YES , 3817sets 3818.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3819to 3820.Dq Li YES 3821by default for every jail in 3822.Va jail_list . 3823.It Va jail_exec_prestart Ns Aq Ar N 3824.Pq Vt str 3825Unset by default. 3826When set, use as default value for 3827.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3828for every jail in 3829.Va jail_list . 3830.It Va jail_exec_start 3831.Pq Vt str 3832Unset by default. 3833When set, use as default value for 3834.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3835for every jail in 3836.Va jail_list . 3837.It Va jail_exec_afterstart Ns Aq Ar N 3838.Pq Vt str 3839Unset by default. 3840When set, use as default value for 3841.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3842for every jail in 3843.Va jail_list . 3844.It Va jail_exec_poststart Ns Aq Ar N 3845.Pq Vt str 3846Unset by default. 3847When set, use as default value for 3848.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 3849for every jail in 3850.Va jail_list . 3851.It Va jail_exec_prestop Ns Aq Ar N 3852.Pq Vt str 3853Unset by default. 3854When set, use as default value for 3855.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 3856for every jail in 3857.Va jail_list . 3858.It Va jail_exec_stop 3859Unset by default. 3860When set, use as default value for 3861.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3862for every jail in 3863.Va jail_list . 3864.It Va jail_exec_poststop Ns Aq Ar N 3865.Pq Vt str 3866Unset by default. 3867When set, use as default value for 3868.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 3869for every jail in 3870.Va jail_list . 3871.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3872.Pq Vt str 3873Unset by default. 3874Set to the root directory used by jail 3875.Va jname . 3876.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3877.Pq Vt str 3878Unset by default. 3879Set to the fully qualified domain name (FQDN) assigned to jail 3880.Va jname . 3881.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3882.Pq Vt str 3883Unset by default. 3884Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 3885The argument can be a sole address or a comma separated list of addresses. 3886Additionally each address can be prefixed by the name of an interface 3887followed by a pipe to overwrite 3888.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3889or 3890.Va jail_interface 3891and/or suffixed by a netmask, prefixlen or prefix. 3892In case no netmask, prefixlen or prefix is given, 3893.Sq /32 3894will be used for IPv4 and 3895.Sq /128 3896will be used for an IPv6 address. 3897If no address is given for the jail then the jail will be started with 3898no networking support. 3899.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3900.Pq Vt str 3901Unset by default. 3902Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 3903The sequence starts with 3904.Dq Li _multi0 3905and the numbers have to be strictly ascending. 3906These entries follow the same syntax as their primary 3907.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3908entry. 3909The order of the entries can be important as the first address for 3910each address family found will be the primary address of the jail. 3911See 3912.Va ip-addresses 3913option in 3914.Xr jail 8 3915for more details. 3916.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3917.Pq Vt str 3918Set to 3919.Dq Li -l -U root 3920by default. 3921These are flags to pass to 3922.Xr jail 8 . 3923.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3924.Pq Vt str 3925Unset by default. 3926When set, sets the interface to use when setting IP address alias. 3927Note that the alias is created at jail startup and removed at jail shutdown. 3928.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3929.Pq Vt str 3930Unset by default. 3931When set, the jail is started with the specified forwarding table (sometimes 3932referred to as a routing table) via 3933.Xr setfib 1 . 3934.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3935.Pq Vt str 3936Set to 3937.Pa /etc/fstab. Ns Aq Ar jname 3938by default. 3939This is the file system information file to use for jail 3940.Va jname . 3941.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3942.Pq Vt bool 3943Set to 3944.Dq Li NO 3945by default. 3946When set to 3947.Dq Li YES , 3948mount all file systems from 3949.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3950at jail startup. 3951.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3952.Pq Vt str 3953Unset by default. 3954When set, defines the device file system ruleset file to use for jail 3955.Va jname . 3956.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3957.Pq Vt bool 3958Set to 3959.Dq Li NO 3960by default. 3961When set to 3962.Dq Li YES , 3963mount the device file system inside jail 3964.Ar jname 3965at jail startup. 3966.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3967.Pq Vt bool 3968Set to 3969.Dq Li NO 3970by default. 3971When set to 3972.Dq Li YES , 3973mount the file-descriptor file system inside jail 3974.Ar jname 3975at jail startup. 3976.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3977.Pq Vt bool 3978Set to 3979.Dq Li NO 3980by default. 3981When set to 3982.Dq Li YES , 3983mount the process file system inside jail 3984.Ar jname 3985at jail startup. 3986.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3987.Pq Vt str 3988Unset by default. 3989This is the command run as 3990.Ar N Ns 3991th command 3992before jail startup, where 3993.Ar N 3994is 0, 1, and so on. 3995It is run outside the jail. 3996.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3997.Pq Vt str 3998Set to 3999.Dq Li /bin/sh /etc/rc 4000by default. 4001This is the command executed in a jail at jail startup. 4002.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4003.Pq Vt str 4004Unset by default. 4005This is the command run as 4006.Ar N Ns 4007th command 4008in a jail 4009after jail startup, where 4010.Ar N 4011is 1, 2, and so on. 4012.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4013.Pq Vt str 4014Unset by default. 4015This is the command run as 4016.Ar N Ns 4017th command 4018after jail startup, where 4019.Ar N 4020is 0, 1, and so on. 4021It is run outside the jail. 4022.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4023.Pq Vt str 4024Unset by default. 4025This is the command run as 4026.Ar N Ns 4027th command 4028before jail shutdown, where 4029.Ar N 4030is 0, 1, and so on. 4031It is run outside the jail. 4032.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4033.Pq Vt str 4034Set to 4035.Dq Li /bin/sh /etc/rc.shutdown 4036by default. 4037This is the command executed in a jail at jail shutdown. 4038.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4039.Pq Vt str 4040Unset by default. 4041This is the command run as 4042.Ar N Ns 4043th command 4044after jail shutdown, where 4045.Ar N 4046is 0, 1, and so on. 4047It is run outside the jail. 4048.It Va jail_set_hostname_allow 4049.Pq Vt bool 4050If set to 4051.Dq Li NO , 4052do not allow the root user in a jail to set its hostname. 4053.It Va jail_socket_unixiproute_only 4054.Pq Vt bool 4055If set to 4056.Dq Li YES , 4057do not allow any sockets, 4058besides UNIX/IP/route sockets, 4059to be used within a jail. 4060.It Va jail_sysvipc_allow 4061.Pq Vt bool 4062If set to 4063.Dq Li YES , 4064allow applications within a jail to use System V IPC. 4065.\" ----------------------------------------------------- 4066.It Va harvest_interrupt 4067.Pq Vt bool 4068Set to 4069.Dq Li YES 4070to use hardware interrupts as an entropy source. 4071Refer to 4072.Xr random 4 4073for more information. 4074.It Va harvest_ethernet 4075.Pq Vt bool 4076Set to 4077.Dq Li YES 4078to use LAN traffic as an entropy source. 4079Refer to 4080.Xr random 4 4081for more information. 4082.It Va harvest_p_to_p 4083.Pq Vt bool 4084Set to 4085.Dq Li YES 4086to use serial line traffic as an entropy source. 4087Refer to 4088.Xr random 4 4089for more information. 4090.It Va entropy_dir 4091.Pq Vt str 4092Set to 4093.Dq Li NO 4094to disable caching entropy via 4095.Xr cron 8 . 4096Otherwise set to the directory used to store entropy files in. 4097.It Va entropy_file 4098.Pq Vt str 4099Set to 4100.Dq Li NO 4101to disable caching entropy through reboots. 4102Otherwise set to the filename used to store cached entropy through 4103reboots. 4104This file should be located on the root file system to seed the 4105.Xr random 4 4106device as early as possible in the boot process. 4107.It Va entropy_save_sz 4108.Pq Vt int 4109Size of the entropy cache files saved by 4110.Nm save-entropy 4111periodically. 4112.It Va entropy_save_num 4113.Pq Vt int 4114Number of entropy cache files to save by 4115.Nm save-entropy 4116periodically. 4117.It Va ipsec_enable 4118.Pq Vt bool 4119Set to 4120.Dq Li YES 4121to run 4122.Xr setkey 8 4123on 4124.Va ipsec_file 4125at boot time. 4126.It Va ipsec_file 4127.Pq Vt str 4128Configuration file for 4129.Xr setkey 8 . 4130.It Va dmesg_enable 4131.Pq Vt bool 4132Set to 4133.Dq Li YES 4134to save 4135.Xr dmesg 8 4136to 4137.Pa /var/run/dmesg.boot 4138on boot. 4139.It Va rcshutdown_timeout 4140.Pq Vt int 4141If set, start a watchdog timer in the background which will terminate 4142.Pa rc.shutdown 4143if 4144.Xr shutdown 8 4145has not completed within the specified time (in seconds). 4146Notice that in addition to this soft timeout, 4147.Xr init 8 4148also applies a hard timeout for the execution of 4149.Pa rc.shutdown . 4150This is configured via 4151.Xr sysctl 8 4152variable 4153.Va kern.init_shutdown_timeout 4154and defaults to 120 seconds. 4155Setting the value of 4156.Va rcshutdown_timeout 4157to more than 120 seconds will have no effect until the 4158.Xr sysctl 8 4159variable 4160.Va kern.init_shutdown_timeout 4161is also increased. 4162.It Va virecover_enable 4163.Pq Vt bool 4164Set to 4165.Dq Li NO 4166to prevent the system from trying to 4167recover pre-maturely terminated 4168.Xr vi 1 4169sessions. 4170.It Va ugidfw_enable 4171.Pq Vt bool 4172Set to 4173.Dq Li YES 4174to load the 4175.Xr mac_bsdextended 4 4176module upon system initialization and load a default 4177ruleset file. 4178.It Va bsdextended_script 4179.Pq Vt str 4180The default 4181.Xr mac_bsdextended 4 4182ruleset file to load. 4183The default value of this variable is 4184.Pa /etc/rc.bsdextended . 4185.It Va newsyslog_enable 4186.Pq Vt bool 4187If set to 4188.Dq Li YES , 4189run 4190.Xr newsyslog 8 4191command at startup. 4192.It Va newsyslog_flags 4193.Pq Vt str 4194If 4195.Va newsyslog_enable 4196is set to 4197.Dq Li YES , 4198these are the flags to pass to the 4199.Xr newsyslog 8 4200program. 4201The default is 4202.Dq Li -CN , 4203which causes log files flagged with a 4204.Cm C 4205to be created. 4206.It Va mdconfig_md Ns Aq Ar X 4207.Pq Vt str 4208Arguments to 4209.Xr mdconfig 8 4210for 4211.Xr md 4 4212device 4213.Ar X . 4214At minimum a 4215.Fl t Ar type 4216must be specified and either a 4217.Fl s Ar size 4218for malloc or swap backed 4219.Xr md 4 4220devices or a 4221.Fl f Ar file 4222for vnode backed 4223.Xr md 4 4224devices. 4225Note that 4226.Va mdconfig_md Ns Aq Ar X 4227variables are evaluated until one variable is unset or null. 4228.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4229.Pq Vt str 4230Optional arguments passed to 4231.Xr newfs 8 4232to initialize 4233.Xr md 4 4234device 4235.Ar X . 4236.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4237.Pq Vt str 4238An ownership specification passed to 4239.Xr chown 8 4240after the specified 4241.Xr md 4 4242device 4243.Ar X 4244has been mounted. 4245Both the 4246.Xr md 4 4247device and the mount point will be changed. 4248.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4249.Pq Vt str 4250A mode string passed to 4251.Xr chmod 1 4252after the specified 4253.Xr md 4 4254device 4255.Ar X 4256has been mounted. 4257Both the 4258.Xr md 4 4259device and the mount point will be changed. 4260.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4261.Pq Vt str 4262Files to be copied to the mount point of the 4263.Xr md 4 4264device 4265.Ar X 4266after it has been mounted. 4267.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4268.Pq Vt str 4269Command to execute after the specified 4270.Xr md 4 4271device 4272.Ar X 4273has been mounted. 4274Note that the command is passed to 4275.Ic eval 4276and that both 4277.Va _dev 4278and 4279.Va _mp 4280variables can be used to reference respectively the 4281.Xr md 4 4282device and the mount point. 4283Assuming that the 4284.Xr md 4 4285device is 4286.Li md0 , 4287one could set the following: 4288.Bd -literal 4289mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4290.Ed 4291.It Va autobridge_interfaces 4292.Pq Vt str 4293Set to the list of bridge interfaces that will have newly arriving interfaces 4294checked against to be automatically added. 4295If not set to 4296.Dq Li NO 4297then for each whitespace separated 4298.Ar element 4299in the value, a 4300.Va autobridge_ Ns Aq Ar element 4301variable is assumed to exist which has a whitespace separated list of interface 4302names to match, these names can use wildcards. 4303For example: 4304.Bd -literal 4305autobridge_interfaces="bridge0" 4306autobridge_bridge0="tap* dc0 vlan[345]" 4307.Ed 4308.It Va mixer_enable 4309.Pq Vt bool 4310If set to 4311.Dq Li YES , 4312enable support for sound mixer. 4313.It Va hcsecd_enable 4314.Pq Vt bool 4315If set to 4316.Dq Li YES , 4317enable Bluetooth security daemon. 4318.It Va hcsecd_config 4319.Pq Vt str 4320Configuration file for 4321.Xr hcsecd 8 . 4322Default 4323.Pa /etc/bluetooth/hcsecd.conf . 4324.It Va sdpd_enable 4325.Pq Vt bool 4326If set to 4327.Dq Li YES , 4328enable Bluetooth Service Discovery Protocol daemon. 4329.It Va sdpd_control 4330.Pq Vt str 4331Path to 4332.Xr sdpd 8 4333control socket. 4334Default 4335.Pa /var/run/sdp . 4336.It Va sdpd_groupname 4337.Pq Vt str 4338Sets 4339.Xr sdpd 8 4340group to run as after it initializes. 4341Default 4342.Dq Li nobody . 4343.It Va sdpd_username 4344.Pq Vt str 4345Sets 4346.Xr sdpd 8 4347user to run as after it initializes. 4348Default 4349.Dq Li nobody . 4350.It Va bthidd_enable 4351.Pq Vt bool 4352If set to 4353.Dq Li YES , 4354enable Bluetooth Human Interface Device daemon. 4355.It Va bthidd_config 4356.Pq Vt str 4357Configuration file for 4358.Xr bthidd 8 . 4359Default 4360.Pa /etc/bluetooth/bthidd.conf . 4361.It Va bthidd_hids 4362.Pq Vt str 4363Path to a file, where 4364.Xr bthidd 8 4365will store information about known HID devices. 4366Default 4367.Pa /var/db/bthidd.hids . 4368.It Va rfcomm_pppd_server_enable 4369.Pq Vt bool 4370If set to 4371.Dq Li YES , 4372enable Bluetooth RFCOMM PPP wrapper daemon. 4373.It Va rfcomm_pppd_server_profile 4374.Pq Vt str 4375The name of the profile to use from 4376.Pa /etc/ppp/ppp.conf . 4377Multiple profiles can be specified here. 4378Also used to specify per-profile overrides. 4379When the profile name contains any of the characters 4380.Dq Li .-/+ 4381they are translated to 4382.Dq Li _ 4383for the proposes of the override variable names. 4384.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4385.Pq Vt str 4386Overrides local address to listen on. 4387By default 4388.Xr rfcomm_pppd 8 4389will listen on 4390.Dq Li ANY 4391address. 4392The address can be specified as BD_ADDR or name. 4393.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4394.Pq Vt str 4395Overrides local RFCOMM channel to listen on. 4396By default 4397.Xr rfcomm_pppd 8 4398will listen on RFCOMM channel 1. 4399Must set properly if multiple profiles used in the same time. 4400.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4401.Pq Vt bool 4402Tells 4403.Xr rfcomm_pppd 8 4404if it should register Serial Port service on the specified RFCOMM channel. 4405Default 4406.Dq Li NO . 4407.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4408.Pq Vt bool 4409Tells 4410.Xr rfcomm_pppd 8 4411if it should register Dial-Up Networking service on the specified 4412RFCOMM channel. 4413Default 4414.Dq Li NO . 4415.It Va ubthidhci_enable 4416.Pq Vt bool 4417If set to 4418.Dq Li YES , 4419change the USB Bluetooth controller from HID mode to HCI mode. 4420You also need to specify the location of USB Bluetooth controller with the 4421.Va ubthidhci_busnum 4422and 4423.Va ubthidhci_addr 4424variables. 4425.It Va ubthidhci_busnum 4426Bus number where the USB Bluetooth controller is located. 4427Check the output of 4428.Xr usbconfig 8 4429on your system to find this information. 4430.It Va ubthidhci_addr 4431Bus address of the USB Bluetooth controller. 4432Check the output of 4433.Xr usbconfig 8 4434on your system to find this information. 4435.It Va netwait_enable 4436.Pq Vt bool 4437If set to 4438.Dq Li YES , 4439delays the start of network-reliant services until 4440.Va netwait_if 4441is up and ICMP packets to a destination defined in 4442.Va netwait_ip 4443are flowing. 4444Link state is examined first, followed by 4445.Dq Li pinging 4446an IP address to verify network usability. 4447If no destination can be reached or timeouts are exceeded, 4448network services are started anyway with no guarantee that 4449the network is usable. 4450Use of this variable requires both 4451.Va netwait_ip 4452and 4453.Va netwait_if 4454to be set. 4455.It Va netwait_ip 4456.Pq Vt str 4457Empty by default. 4458This variable contains a space-delimited list of IP addresses to 4459.Xr ping 8 . 4460DNS hostnames should not be used as resolution is not guaranteed 4461to be functional at this point. 4462If multiple IP addresses are specified, 4463each will be tried until one is successful or the list is exhausted. 4464.It Va netwait_timeout 4465.Pq Vt int 4466Indicates the total number of seconds to perform a 4467.Dq Li ping 4468against each IP address in 4469.Va netwait_ip , 4470at a rate of one ping per second. 4471If any of the pings are successful, 4472full network connectivity is considered reliable. 4473The default is 60. 4474.It Va netwait_if 4475.Pq Vt str 4476Empty by default. 4477Defines the name of the network interface on which watch for link. 4478.Xr ifconfig 8 4479is used to monitor the interface, looking for 4480.Dq Li status: no carrier . 4481Once gone, the link is considered up. 4482This can be a 4483.Xr vlan 4 4484interface if desired. 4485.It Va netwait_if_timeout 4486.Pq Vt int 4487Defines the total number of seconds to wait for link to become usable, 4488polled at a 1-second interval. 4489The default is 30. 4490.El 4491.Sh FILES 4492.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4493.It Pa /etc/defaults/rc.conf 4494.It Pa /etc/rc.conf 4495.It Pa /etc/rc.conf.local 4496.El 4497.Sh SEE ALSO 4498.Xr catman 1 , 4499.Xr chmod 1 , 4500.Xr gdb 1 , 4501.Xr info 1 , 4502.Xr kbdcontrol 1 , 4503.Xr makewhatis 1 , 4504.Xr sh 1 , 4505.Xr vi 1 , 4506.Xr vidcontrol 1 , 4507.Xr bridge 4 , 4508.Xr dummynet 4 , 4509.Xr ip 4 , 4510.Xr ipf 4 , 4511.Xr ipfw 4 , 4512.Xr ipnat 4 , 4513.Xr kld 4 , 4514.Xr pf 4 , 4515.Xr pflog 4 , 4516.Xr pfsync 4 , 4517.Xr tcp 4 , 4518.Xr udp 4 , 4519.Xr exports 5 , 4520.Xr fstab 5 , 4521.Xr ipf 5 , 4522.Xr ipnat 5 , 4523.Xr motd 5 , 4524.Xr newsyslog.conf 5 , 4525.Xr pf.conf 5 , 4526.Xr security 7 , 4527.Xr accton 8 , 4528.Xr amd 8 , 4529.Xr apm 8 , 4530.Xr atm 8 , 4531.Xr bthidd 8 , 4532.Xr chkprintcap 8 , 4533.Xr chown 8 , 4534.Xr cron 8 , 4535.Xr dhclient 8 , 4536.Xr ftpd 8 , 4537.Xr geli 8 , 4538.Xr hcsecd 8 , 4539.Xr ifconfig 8 , 4540.Xr inetd 8 , 4541.Xr ipf 8 , 4542.Xr ipfw 8 , 4543.Xr ipnat 8 , 4544.Xr jail 8 , 4545.Xr kldxref 8 , 4546.Xr lpd 8 , 4547.Xr mdconfig 8 , 4548.Xr mdmfs 8 , 4549.Xr mixer 8 , 4550.Xr mountd 8 , 4551.Xr moused 8 , 4552.Xr mrouted 8 , 4553.Xr named 8 , 4554.Xr newfs 8 , 4555.Xr newsyslog 8 , 4556.Xr nfsd 8 , 4557.Xr ntpd 8 , 4558.Xr ntpdate 8 , 4559.Xr pfctl 8 , 4560.Xr pflogd 8 , 4561.Xr ping 8 , 4562.Xr powerd 8 , 4563.Xr quotacheck 8 , 4564.Xr quotaon 8 , 4565.Xr rc 8 , 4566.Xr rc.sendmail 8 , 4567.Xr rfcomm_pppd 8 , 4568.Xr route 8 , 4569.Xr routed 8 , 4570.Xr rpcbind 8 , 4571.Xr rpc.lockd 8 , 4572.Xr rpc.statd 8 , 4573.Xr rwhod 8 , 4574.Xr savecore 8 , 4575.Xr sdpd 8 , 4576.Xr sshd 8 , 4577.Xr swapon 8 , 4578.Xr sysctl 8 , 4579.Xr syslogd 8 , 4580.Xr timed 8 , 4581.Xr usbconfig 8 , 4582.Xr wlandebug 8 , 4583.Xr yp 8 , 4584.Xr ypbind 8 , 4585.Xr ypserv 8 , 4586.Xr ypset 8 4587.Sh HISTORY 4588The 4589.Nm 4590file appeared in 4591.Fx 2.2.2 . 4592.Sh AUTHORS 4593.An Jordan K. Hubbard . 4594