1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd July 22, 2012 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory, which will be included by the 74.Va load_rc_config 75function. 76For jail configurations you could use the file 77.Pa /etc/rc.conf.d/jail 78to store jail specific configuration options. 79Also see the 80.Va rc_conf_files 81variable below. 82.Pp 83Options are set with 84.Dq Ar name Ns Li = Ns Ar value 85assignments that use 86.Xr sh 1 87syntax. 88The following list provides a name and short description for each 89variable that can be set in the 90.Nm 91file: 92.Bl -tag -width indent-two 93.It Va rc_debug 94.Pq Vt bool 95If set to 96.Dq Li YES , 97enable output of debug messages from rc scripts. 98This variable can be helpful in diagnosing mistakes when 99editing or integrating new scripts. 100Beware that this produces copious output to the terminal and 101.Xr syslog 3 . 102.It Va rc_info 103.Pq Vt bool 104If set to 105.Dq Li NO , 106disable informational messages from the rc scripts. 107Informational messages are displayed when 108a condition that is not serious enough to warrant a warning or 109an error occurs. 110.It Va rc_startmsgs 111.Pq Vt bool 112If set to 113.Dq Li YES , 114show 115.Dq Starting foo: 116when faststart is used (e.g., at boot time). 117.It Va early_late_divider 118.Pq Vt str 119The name of the script that should be used as the 120delimiter between the 121.Dq early 122and 123.Dq late 124stages of the boot process. 125The early stage should contain all the services needed to 126get the disks (local or remote) mounted so that the late 127stage can include scripts contained in the directories 128listed in the 129.Va local_startup 130variable (see below). 131Thus, the two likely candidates for this value are 132.Pa mountcritlocal 133for the typical system, and 134.Pa mountcritremote 135if the system needs remote file 136systems mounted to get access to the 137.Va local_startup 138directories; for example when 139.Pa /usr/local 140is NFS mounted. 141For 142.Pa rc.conf 143within a 144.Xr jail 8 145.Pa NETWORKING 146is likely to be an appropriate value. 147Extreme care should be taken when changing this value, 148and before changing it one should ensure that there are 149adequate provisions to recover from a failed boot 150(such as physical contact with the machine, 151or reliable remote console access). 152.It Va always_force_depends 153.Pq Vt bool 154Various 155.Pa rc.d 156scripts use the force_depend function to check whether required 157services are already running, and to start them if necessary. 158By default during boot time this check is bypassed if the 159required service is enabled in 160.Pa /etc/rc.conf[.local] . 161Setting this option will bypass that check at boot time and 162always test whether or not the service is actually running. 163Enabling this option is likely to increase your boot time if 164services are enabled that utilize the force_depend check. 165.It Va swapfile 166.Pq Vt str 167If set to 168.Dq Li NO , 169no swapfile is installed, otherwise the value is used as the full 170pathname to a file to use for additional swap space. 171.It Ao Ar name Ac Ns Va _chroot 172.Pq Vt str 173.Xr chroot 174to this directory before running the service. 175.It Ao Ar name Ac Ns Va _user 176.Pq Vt str 177Run the service under this user account. 178.It Ao Ar name Ac Ns Va _group 179.Pq Vt str 180Run the chrooted service under this system group. Unlike the _user 181setting, this setting has no effect if the service is not chrooted. 182.It Ao Ar name Ac Ns Va _nice 183.Pq Vt int 184The 185.Xr nice 1 186value to run the service under. 187.It Va apm_enable 188.Pq Vt bool 189If set to 190.Dq Li YES , 191enable support for Automatic Power Management with 192the 193.Xr apm 8 194command. 195.It Va apmd_enable 196.Pq Vt bool 197Run 198.Xr apmd 8 199to handle APM event from userland. 200This also enables support for APM. 201.It Va apmd_flags 202.Pq Vt str 203If 204.Va apmd_enable 205is set to 206.Dq Li YES , 207these are the flags to pass to the 208.Xr apmd 8 209daemon. 210.It Va devd_enable 211.Pq Vt bool 212Run 213.Xr devd 8 214to handle device added, removed or unknown events from the kernel. 215.It Va ddb_enable 216.Pq Vt bool 217Run 218.Xr ddb 8 219to install 220.Xr ddb 4 221scripts at boot time. 222.It Va ddb_config 223.Pq Vt str 224Configuration file for 225.Xr ddb 8 . 226Default 227.Pa /etc/ddb.conf . 228.It Va kld_list 229.Pq Vt str 230A list of kernel modules to load right after the local 231disks are mounted. 232Loading modules at this point in the boot process is 233much faster than doing it via 234.Pa /boot/loader.conf 235for those modules not necessary for mounting local disk. 236.It Va kldxref_enable 237.Pq Vt bool 238Set to 239.Dq Li NO 240by default. 241Set to 242.Dq Li YES 243to automatically rebuild 244.Pa linker.hints 245files with 246.Xr kldxref 8 247at boot time. 248.It Va kldxref_clobber 249.Pq Vt bool 250Set to 251.Dq Li NO 252by default. 253If 254.Va kldxref_enable 255is true, 256setting to 257.Dq Li YES 258will overwrite existing 259.Pa linker.hints 260files at boot time. 261Otherwise, 262only missing 263.Pa linker.hints 264files are generated. 265.It Va kldxref_module_path 266.Pq Vt str 267Empty by default. 268A semi-colon 269.Pq Ql \&; 270delimited list of paths containing 271.Xr kld 4 272modules. 273If empty, 274the contents of the 275.Va kern.module_path 276.Xr sysctl 8 277are used. 278.It Va powerd_enable 279.Pq Vt bool 280If set to 281.Dq Li YES , 282enable the system power control facility with the 283.Xr powerd 8 284daemon. 285.It Va powerd_flags 286.Pq Vt str 287If 288.Va powerd_enable 289is set to 290.Dq Li YES , 291these are the flags to pass to the 292.Xr powerd 8 293daemon. 294.It Va tmpmfs 295Controls the creation of a 296.Pa /tmp 297memory file system. 298Always happens if set to 299.Dq Li YES 300and never happens if set to 301.Dq Li NO . 302If set to anything else, a memory file system is created if 303.Pa /tmp 304is not writable. 305.It Va tmpsize 306Controls the size of a created 307.Pa /tmp 308memory file system. 309.It Va tmpmfs_flags 310Extra options passed to the 311.Xr mdmfs 8 312utility when the memory file system for 313.Pa /tmp 314is created. 315The default is 316.Dq Li "-S" , 317which inhibits the use of softupdates on 318.Pa /tmp 319so that file system space is freed without delay 320after file truncation or deletion. 321See 322.Xr mdmfs 8 323for other options you can use in 324.Va tmpmfs_flags . 325.It Va varmfs 326Controls the creation of a 327.Pa /var 328memory file system. 329Always happens if set to 330.Dq Li YES 331and never happens if set to 332.Dq Li NO . 333If set to anything else, a memory file system is created if 334.Pa /var 335is not writable. 336.It Va varsize 337Controls the size of a created 338.Pa /var 339memory file system. 340.It Va varmfs_flags 341Extra options passed to the 342.Xr mdmfs 8 343utility when the memory file system for 344.Pa /var 345is created. 346The default is 347.Dq Li "-S" , 348which inhibits the use of softupdates on 349.Pa /var 350so that file system space is freed without delay 351after file truncation or deletion. 352See 353.Xr mdmfs 8 354for other options you can use in 355.Va varmfs_flags . 356.It Va populate_var 357Controls the automatic population of the 358.Pa /var 359file system. 360Always happens if set to 361.Dq Li YES 362and never happens if set to 363.Dq Li NO . 364If set to anything else, a memory file system is created if 365.Pa /var 366is not writable. 367Note that this process requires access to certain commands in 368.Pa /usr 369before 370.Pa /usr 371is mounted on normal systems. 372.It Va cleanvar_enable 373.Pq Vt bool 374Clean the 375.Pa /var 376directory. 377.It Va local_startup 378.Pq Vt str 379List of directories to search for startup script files. 380.It Va script_name_sep 381.Pq Vt str 382The field separator to use for breaking down the list of startup script files 383into individual filenames. 384The default is a space. 385It is not necessary to change this unless there are startup scripts with names 386containing spaces. 387.It Va hostapd_enable 388.Pq Vt bool 389Set to 390.Dq Li YES 391to start 392.Xr hostapd 8 393at system boot time. 394.It Va hostname 395.Pq Vt str 396The fully qualified domain name (FQDN) of this host on the network. 397This should almost certainly be set to something meaningful, even if 398there is no network connection. 399If 400.Xr dhclient 8 401is used to set the hostname via DHCP, 402this variable should be set to an empty string. 403If this value remains unset when the system is done booting 404your console login will display the default hostname of 405.Dq Amnesiac . 406.It Va nisdomainname 407.Pq Vt str 408The NIS domain name of this host, or 409.Dq Li NO 410if NIS is not used. 411.It Va dhclient_program 412.Pq Vt str 413Path to the DHCP client program 414.Pa ( /sbin/dhclient , 415the 416.Ox 417DHCP client, 418is the default). 419.It Va dhclient_flags 420.Pq Vt str 421Additional flags to pass to the DHCP client program. 422For the 423.Ox 424DHCP client, see the 425.Xr dhclient 8 426manpage for a description of the command line options available. 427.It Va dhclient_flags_ Ns Aq Ar iface 428Additional flags to pass to the DHCP client program running on 429.Ar iface 430only. 431When specified, this variable overrides 432.Va dhclient_flags . 433.It Va background_dhclient 434.Pq Vt bool 435Set to 436.Dq Li YES 437to start the DHCP client in background. 438This can cause trouble with applications depending on 439a working network, but it will provide a faster startup 440in many cases. 441.It Va background_dhclient_ Ns Aq Ar iface 442When specified, this variable overrides the 443.Va background_dhclient 444variable for interface 445.Ar iface 446only. 447.It Va synchronous_dhclient 448.Pq Vt bool 449Set to 450.Dq Li YES 451to start 452.Xr dhclient 8 453synchronously at startup. 454This behavior can be overridden on a per-interface basis by replacing 455the 456.Dq Li DHCP 457keyword in the 458.Va ifconfig_ Ns Aq Ar interface 459variable with 460.Dq Li SYNCDHCP 461or 462.Dq Li NOSYNCDHCP . 463.It Va defaultroute_delay 464.Pq Vt int 465When set to a positive value, wait up to this long after configuring 466DHCP interfaces at startup to give the interfaces time to receive a lease. 467.It Va firewall_enable 468.Pq Vt bool 469Set to 470.Dq Li YES 471to load firewall rules at startup. 472If the kernel was not built with 473.Cd "options IPFIREWALL" , 474the 475.Pa ipfw.ko 476kernel module will be loaded. 477See also 478.Va ipfilter_enable . 479.It Va firewall_script 480.Pq Vt str 481This variable specifies the full path to the firewall script to run. 482The default is 483.Pa /etc/rc.firewall . 484.It Va firewall_type 485.Pq Vt str 486Names the firewall type from the selection in 487.Pa /etc/rc.firewall , 488or the file which contains the local firewall ruleset. 489Valid selections from 490.Pa /etc/rc.firewall 491are: 492.Pp 493.Bl -tag -width ".Li simple" -compact 494.It Li open 495unrestricted IP access 496.It Li closed 497all IP services disabled, except via 498.Dq Li lo0 499.It Li client 500basic protection for a workstation 501.It Li simple 502basic protection for a LAN. 503.El 504.Pp 505If a filename is specified, the full path 506must be given. 507.It Va firewall_quiet 508.Pq Vt bool 509Set to 510.Dq Li YES 511to disable the display of firewall rules on the console during boot. 512.It Va firewall_logging 513.Pq Vt bool 514Set to 515.Dq Li YES 516to enable firewall event logging. 517This is equivalent to the 518.Dv IPFIREWALL_VERBOSE 519kernel option. 520.It Va firewall_logif 521.Pq Vt bool 522Set to 523.Dq Li YES 524to create pseudo interface 525.Li ipfw0 526for logging. 527For more details, see 528.Xr ipfw 8 529manual page. 530.It Va firewall_flags 531.Pq Vt str 532Flags passed to 533.Xr ipfw 8 534if 535.Va firewall_type 536specifies a filename. 537.It Va firewall_coscripts 538.Pq Vt str 539List of executables and/or rc scripts to run after firewall starts/stops. 540Default is empty. 541.\" ----- firewall_nat_enable setting -------------------------------- 542.It Va firewall_nat_enable 543.Pq Vt bool 544The 545.Xr ipfw 8 546equivalent of 547.Va natd_enable . 548Setting this to 549.Dq Li YES 550enables kernel NAT. 551.Va firewall_enable 552must also be set to 553.Dq Li YES . 554.It Va firewall_nat_interface 555.Pq Vt str 556The 557.Xr ipfw 8 558equivalent of 559.Va natd_interface . 560This is the name of the public interface or IP address on which 561kernel NAT should run. 562.It Va firewall_nat_flags 563.Pq Vt str 564Additional configuration parameters for kernel NAT should be placed here. 565.It Va dummynet_enable 566.Pq Vt bool 567Setting this to 568.Dq Li YES 569will automatically load the 570.Xr dummynet 4 571module if 572.Va firewall_enable 573is also set to 574.Dq Li YES . 575.\" ------------------------------------------------------------------- 576.It Va natd_program 577.Pq Vt str 578Path to 579.Xr natd 8 . 580.It Va natd_enable 581.Pq Vt bool 582Set to 583.Dq Li YES 584to enable 585.Xr natd 8 . 586.Va firewall_enable 587must also be set to 588.Dq Li YES , 589and 590.Xr divert 4 591sockets must be enabled in the kernel. 592If the kernel was not built with 593.Cd "options IPDIVERT" , 594the 595.Pa ipdivert.ko 596kernel module will be loaded. 597.It Va natd_interface 598.Pq Vt str 599This is the name of the public interface on which 600.Xr natd 8 601should run. 602The interface may be given as an interface name or as an IP address. 603.It Va natd_flags 604.Pq Vt str 605Additional 606.Xr natd 8 607flags should be placed here. 608The 609.Fl n 610or 611.Fl a 612flag is automatically added with the above 613.Va natd_interface 614as an argument. 615.\" ----- ipfilter_enable setting -------------------------------- 616.It Va ipfilter_enable 617.Pq Vt bool 618Set to 619.Dq Li NO 620by default. 621Setting this to 622.Dq Li YES 623enables 624.Xr ipf 8 625packet filtering. 626.Pp 627Typical usage will require putting 628.Bd -literal 629ipfilter_enable="YES" 630ipnat_enable="YES" 631ipmon_enable="YES" 632ipfs_enable="YES" 633.Ed 634.Pp 635into 636.Pa /etc/rc.conf 637and editing 638.Pa /etc/ipf.rules 639and 640.Pa /etc/ipnat.rules 641appropriately. 642.Pp 643Note that 644.Va ipfilter_enable 645and 646.Va ipnat_enable 647can be enabled independently. 648.Va ipmon_enable 649and 650.Va ipfs_enable 651both require at least one of 652.Va ipfilter_enable 653and 654.Va ipnat_enable 655to be enabled. 656.Pp 657Having 658.Bd -literal 659options IPFILTER 660options IPFILTER_LOG 661options IPFILTER_DEFAULT_BLOCK 662.Ed 663.Pp 664in the kernel configuration file is a good idea, too. 665.\" ----- ipfilter_program setting ------------------------------ 666.It Va ipfilter_program 667.Pq Vt str 668Path to 669.Xr ipf 8 670(default 671.Pa /sbin/ipf ) . 672.\" ----- ipfilter_rules setting -------------------------------- 673.It Va ipfilter_rules 674.Pq Vt str 675Set to 676.Pa /etc/ipf.rules 677by default. 678This variable contains the name of the filter rule definition file. 679The file is expected to be readable for the 680.Xr ipf 8 681command to execute. 682.\" ----- ipv6_ipfilter_rules setting --------------------------- 683.It Va ipv6_ipfilter_rules 684.Pq Vt str 685Set to 686.Pa /etc/ipf6.rules 687by default. 688This variable contains the IPv6 filter rule definition file. 689The file is expected to be readable for the 690.Xr ipf 8 691command to execute. 692.\" ----- ipfilter_flags setting -------------------------------- 693.It Va ipfilter_flags 694.Pq Vt str 695Empty by default. 696This variable contains flags passed to the 697.Xr ipf 8 698program. 699.\" ----- ipnat_enable setting ---------------------------------- 700.It Va ipnat_enable 701.Pq Vt bool 702Set to 703.Dq Li NO 704by default. 705Set it to 706.Dq Li YES 707to enable 708.Xr ipnat 8 709network address translation. 710See 711.Va ipfilter_enable 712for a detailed discussion. 713.\" ----- ipnat_program setting --------------------------------- 714.It Va ipnat_program 715.Pq Vt str 716Path to 717.Xr ipnat 8 718(default 719.Pa /sbin/ipnat ) . 720.\" ----- ipnat_rules setting ----------------------------------- 721.It Va ipnat_rules 722.Pq Vt str 723Set to 724.Pa /etc/ipnat.rules 725by default. 726This variable contains the name of the file 727holding the network address translation definition. 728This file is expected to be readable for the 729.Xr ipnat 8 730command to execute. 731.\" ----- ipnat_flags setting ----------------------------------- 732.It Va ipnat_flags 733.Pq Vt str 734Empty by default. 735This variable contains flags passed to the 736.Xr ipnat 8 737program. 738.\" ----- ipmon_enable setting ---------------------------------- 739.It Va ipmon_enable 740.Pq Vt bool 741Set to 742.Dq Li NO 743by default. 744Set it to 745.Dq Li YES 746to enable 747.Xr ipmon 8 748monitoring (logging 749.Xr ipf 8 750and 751.Xr ipnat 8 752events). 753Setting this variable needs setting 754.Va ipfilter_enable 755or 756.Va ipnat_enable 757too. 758See 759.Va ipfilter_enable 760for a detailed discussion. 761.\" ----- ipmon_program setting --------------------------------- 762.It Va ipmon_program 763.Pq Vt str 764Path to 765.Xr ipmon 8 766(default 767.Pa /sbin/ipmon ) . 768.\" ----- ipmon_flags setting ----------------------------------- 769.It Va ipmon_flags 770.Pq Vt str 771Set to 772.Dq Li -Ds 773by default. 774This variable contains flags passed to the 775.Xr ipmon 8 776program. 777Another typical example would be 778.Dq Fl D Pa /var/log/ipflog 779to have 780.Xr ipmon 8 781log directly to a file bypassing 782.Xr syslogd 8 . 783Make sure to adjust 784.Pa /etc/newsyslog.conf 785in such case like this: 786.Bd -literal 787/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 788.Ed 789.\" ----- ipfs_enable setting ----------------------------------- 790.It Va ipfs_enable 791.Pq Vt bool 792Set to 793.Dq Li NO 794by default. 795Set it to 796.Dq Li YES 797to enable 798.Xr ipfs 8 799saving the filter and NAT state tables during shutdown 800and reloading them during startup again. 801Setting this variable needs setting 802.Va ipfilter_enable 803or 804.Va ipnat_enable 805to 806.Dq Li YES 807too. 808See 809.Va ipfilter_enable 810for a detailed discussion. 811Note that if 812.Va kern_securelevel 813is set to 3, 814.Va ipfs_enable 815cannot be used 816because the raised securelevel will prevent 817.Xr ipfs 8 818from saving the state tables at shutdown time. 819.\" ----- ipfs_program setting ---------------------------------- 820.It Va ipfs_program 821.Pq Vt str 822Path to 823.Xr ipfs 8 824(default 825.Pa /sbin/ipfs ) . 826.\" ----- ipfs_flags setting ------------------------------------ 827.It Va ipfs_flags 828.Pq Vt str 829Empty by default. 830This variable contains flags passed to the 831.Xr ipfs 8 832program. 833.\" ----- end of added ipf hook --------------------------------- 834.It Va pf_enable 835.Pq Vt bool 836Set to 837.Dq Li NO 838by default. 839Setting this to 840.Dq Li YES 841enables 842.Xr pf 4 843packet filtering. 844.Pp 845Typical usage will require putting 846.Pp 847.Dl pf_enable="YES" 848.Pp 849into 850.Pa /etc/rc.conf 851and editing 852.Pa /etc/pf.conf 853appropriately. 854Adding 855.Pp 856.Dl "device pf" 857.Pp 858builds support for 859.Xr pf 4 860into the kernel, otherwise the 861kernel module will be loaded. 862.It Va pf_rules 863.Pq Vt str 864Path to 865.Xr pf 4 866ruleset configuration file 867(default 868.Pa /etc/pf.conf ) . 869.It Va pf_program 870.Pq Vt str 871Path to 872.Xr pfctl 8 873(default 874.Pa /sbin/pfctl ) . 875.It Va pf_flags 876.Pq Vt str 877If 878.Va pf_enable 879is set to 880.Dq Li YES , 881these flags are passed to the 882.Xr pfctl 8 883program when loading the ruleset. 884.It Va pflog_enable 885.Pq Vt bool 886Set to 887.Dq Li NO 888by default. 889Setting this to 890.Dq Li YES 891enables 892.Xr pflogd 8 893which logs packets from the 894.Xr pf 4 895packet filter. 896.It Va pflog_logfile 897.Pq Vt str 898If 899.Va pflog_enable 900is set to 901.Dq Li YES 902this controls where 903.Xr pflogd 8 904stores the logfile 905(default 906.Pa /var/log/pflog ) . 907Check 908.Pa /etc/newsyslog.conf 909to adjust logfile rotation for this. 910.It Va pflog_program 911.Pq Vt str 912Path to 913.Xr pflogd 8 914(default 915.Pa /sbin/pflogd ) . 916.It Va pflog_flags 917.Pq Vt str 918Empty by default. 919This variable contains additional flags passed to the 920.Xr pflogd 8 921program. 922.It Va ftpproxy_enable 923.Pq Vt bool 924Set to 925.Dq Li NO 926by default. 927Setting this to 928.Dq Li YES 929enables 930.Xr ftp-proxy 8 931which supports the 932.Xr pf 4 933packet filter in translating ftp connections. 934.It Va ftpproxy_flags 935.Pq Vt str 936Empty by default. 937This variable contains additional flags passed to the 938.Xr ftp-proxy 8 939program. 940.It Va pfsync_enable 941.Pq Vt bool 942Set to 943.Dq Li NO 944by default. 945Setting this to 946.Dq Li YES 947enables exposing 948.Xr pf 4 949state changes to other hosts over the network by means of 950.Xr pfsync 4 . 951The 952.Va pfsync_syncdev 953variable 954must also be set then. 955.It Va pfsync_syncdev 956.Pq Vt str 957Empty by default. 958This variable specifies the name of the network interface 959.Xr pfsync 4 960should operate through. 961It must be set accordingly if 962.Va pfsync_enable 963is set to 964.Dq Li YES . 965.It Va pfsync_syncpeer 966.Pq Vt str 967Empty by default. 968This variable is optional. 969By default, state change messages are sent out on the synchronisation 970interface using IP multicast packets. 971The protocol is IP protocol 240, PFSYNC, and the multicast group used is 972224.0.0.240. 973When a peer address is specified using the 974.Va pfsync_syncpeer 975option, the peer address is used as a destination for the pfsync 976traffic, and the traffic can then be protected using 977.Xr ipsec 4 . 978See the 979.Xr pfsync 4 980manpage for more details about using 981.Xr ipsec 4 982with 983.Xr pfsync 4 984interfaces. 985.It Va pfsync_ifconfig 986.Pq Vt str 987Empty by default. 988This variable can contain additional options to be passed to the 989.Xr ifconfig 8 990command used to set up 991.Xr pfsync 4 . 992.It Va tcp_extensions 993.Pq Vt bool 994Set to 995.Dq Li YES 996by default. 997Setting this to 998.Dq Li NO 999disables certain TCP options as described by 1000.Rs 1001.%T "RFC 1323" 1002.Re 1003Setting this to 1004.Dq Li NO 1005might help remedy such problems with connections as randomly hanging 1006or other weird behavior. 1007Some network devices are known 1008to be broken with respect to these options. 1009.It Va log_in_vain 1010.Pq Vt int 1011Set to 0 by default. 1012The 1013.Xr sysctl 8 1014variables, 1015.Va net.inet.tcp.log_in_vain 1016and 1017.Va net.inet.udp.log_in_vain , 1018as described in 1019.Xr tcp 4 1020and 1021.Xr udp 4 , 1022are set to the given value. 1023.It Va tcp_keepalive 1024.Pq Vt bool 1025Set to 1026.Dq Li YES 1027by default. 1028Setting to 1029.Dq Li NO 1030will disable probing idle TCP connections to verify that the 1031peer is still up and reachable. 1032.It Va tcp_drop_synfin 1033.Pq Vt bool 1034Set to 1035.Dq Li NO 1036by default. 1037Setting to 1038.Dq Li YES 1039will cause the kernel to ignore TCP frames that have both 1040the SYN and FIN flags set. 1041This prevents OS fingerprinting, but may 1042break some legitimate applications. 1043.It Va icmp_drop_redirect 1044.Pq Vt bool 1045Set to 1046.Dq Li NO 1047by default. 1048Setting to 1049.Dq Li YES 1050will cause the kernel to ignore ICMP REDIRECT packets. 1051Refer to 1052.Xr icmp 4 1053for more information. 1054.It Va icmp_log_redirect 1055.Pq Vt bool 1056Set to 1057.Dq Li NO 1058by default. 1059Setting to 1060.Dq Li YES 1061will cause the kernel to log ICMP REDIRECT packets. 1062Note that 1063the log messages are not rate-limited, so this option should only be used 1064for troubleshooting networks. 1065Refer to 1066.Xr icmp 4 1067for more information. 1068.It Va icmp_bmcastecho 1069.Pq Vt bool 1070Set to 1071.Dq Li YES 1072to respond to broadcast or multicast ICMP ping packets. 1073Refer to 1074.Xr icmp 4 1075for more information. 1076.It Va ip_portrange_first 1077.Pq Vt int 1078If not set to 1079.Dq Li NO , 1080this is the first port in the default portrange. 1081Refer to 1082.Xr ip 4 1083for more information. 1084.It Va ip_portrange_last 1085.Pq Vt int 1086If not set to 1087.Dq Li NO , 1088this is the last port in the default portrange. 1089Refer to 1090.Xr ip 4 1091for more information. 1092.It Va network_interfaces 1093.Pq Vt str 1094Set to the list of network interfaces to configure on this host or 1095.Dq Li AUTO 1096(the default) for all current interfaces. 1097Setting the 1098.Va network_interfaces 1099variable to anything other than the default is deprecated. 1100Interfaces that the administrator wishes to store configuration for, 1101but not start at boot should be configured with the 1102.Dq Li NOAUTO 1103keyword in their 1104.Va ifconfig_ Ns Aq Ar interface 1105variables as described below. 1106.Pp 1107An 1108.Va ifconfig_ Ns Aq Ar interface 1109variable is also assumed to exist for each value of 1110.Ar interface . 1111When an interface name contains any of the characters 1112.Dq Li .-/+ 1113they are translated to 1114.Dq Li _ 1115before lookup. 1116The variable can contain arguments to 1117.Xr ifconfig 8 , 1118as well as special case-insensitive keywords described below. 1119Such keywords are removed before passing the value to 1120.Xr ifconfig 8 1121while the order of the other arguments is preserved. 1122.Pp 1123One can configure more than one IPv4 address with the 1124.Va ipv4_addrs_ Ns Aq Ar interface 1125variable. 1126One or more IP addresses must be provided in Classless Inter-Domain 1127Routing (CIDR) address notation, whose last byte can be a range like 1128192.0.2.5-23/24. 1129In this case the address 192.0.2.5 will be configured with the 1130netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1131the non-conflicting netmask /32 as explained in the 1132.Xr ifconfig 8 1133alias section. 1134With the interface in question being 1135.Li ed0 , 1136an example could look like: 1137.Bd -literal 1138ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28" 1139.Ed 1140.Pp 1141It is also possible to add IP alias entries using 1142.Xr ifconfig 8 1143syntax with the 1144.Dq Li inet 1145keyword. 1146Assuming that the interface in question was 1147.Li ed0 , 1148it might look 1149something like this: 1150.Bd -literal 1151ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1152ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1153.Ed 1154.Pp 1155And so on. 1156For each 1157.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1158entry with the 1159.Dq Li inet 1160keyword that is found, 1161its contents are passed to 1162.Xr ifconfig 8 . 1163Execution stops at the first unsuccessful access, so if 1164something like this is present: 1165.Bd -literal 1166ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1167ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1168ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1169ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1170.Ed 1171.Pp 1172Then note that alias4 would 1173.Em not 1174be added since the search would 1175stop with the missing 1176.Dq Li alias3 1177entry. 1178Due to this difficult to manage behavior, the 1179.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1180form is deprecated. 1181.Pp 1182If the 1183.Pa /etc/start_if. Ns Aq Ar interface 1184file is present, it is read and executed by the 1185.Xr sh 1 1186interpreter 1187before configuring the interface as specified in the 1188.Va ifconfig_ Ns Aq Ar interface 1189and 1190.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1191variables. 1192.Pp 1193If a 1194.Va vlans_ Ns Aq Ar interface 1195variable is set, 1196a 1197.Xr vlan 4 1198interface will be created for each item in the list with the 1199.Ar vlandev 1200argument set to 1201.Ar interface . 1202If a vlan interface's name is a number, 1203then that number is used as the vlan tag and the new vlan interface is 1204named 1205.Ar interface . Ns Ar tag . 1206Otherwise, 1207the vlan tag must be specified via a 1208.Va vlan 1209parameter in the 1210.Va create_args_ Ns Aq Ar interface 1211variable. 1212.Pp 1213To create a vlan device named 1214.Li em0.101 1215on 1216.Li em0 1217with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1218.Bd -literal 1219vlans_em0="101" 1220ifconfig_em0_101="inet 192.0.2.1/24" 1221.Ed 1222.Pp 1223To create a vlan device named 1224.Li myvlan 1225on 1226.Li em0 1227with the vlan tag 102: 1228.Bd -literal 1229vlans_em0="myvlan" 1230create_args_myvlan="vlan 102" 1231.Ed 1232.Pp 1233If a 1234.Va wlans_ Ns Aq Ar interface 1235variable is set, 1236an 1237.Xr wlan 4 1238interface will be created for each item in the list with the 1239.Ar wlandev 1240argument set to 1241.Ar interface . 1242Further wlan cloning arguments may be passed to the 1243.Xr ifconfig 8 1244.Cm create 1245command by setting the 1246.Va create_args_ Ns Aq Ar interface 1247variable. 1248One or more 1249.Xr wlan 4 1250devices must be created for each wireless devices as of 1251.Fx 8.0 . 1252Debugging flags for 1253.Xr wlan 4 1254devices as set by 1255.Xr wlandebug 8 1256may be specified with an 1257.Va wlandebug_ Ns Aq Ar interface 1258variable. 1259The contents of this variable will be passed directly to 1260.Xr wlandebug 8 . 1261.Pp 1262If the 1263.Va ifconfig_ Ns Aq Ar interface 1264contains the keyword 1265.Dq Li NOAUTO 1266then the interface will not be configured 1267at boot or by 1268.Pa /etc/pccard_ether 1269when 1270.Va network_interfaces 1271is set to 1272.Dq Li AUTO . 1273.Pp 1274It is possible to bring up an interface with DHCP by adding 1275.Dq Li DHCP 1276to the 1277.Va ifconfig_ Ns Aq Ar interface 1278variable. 1279For instance, to initialize the 1280.Li ed0 1281device via DHCP, 1282it is possible to use something like: 1283.Bd -literal 1284ifconfig_ed0="DHCP" 1285.Ed 1286.Pp 1287Also, if you want to configure your wireless interface with 1288.Xr wpa_supplicant 8 1289for use with WPA, EAP/LEAP or WEP, you need to add 1290.Dq Li WPA 1291to the 1292.Va ifconfig_ Ns Aq Ar interface 1293variable. 1294.Pp 1295Finally, you can add 1296.Xr ifconfig 8 1297options in this variable, in addition to the 1298.Pa /etc/start_if. Ns Aq Ar interface 1299file. 1300For instance, to configure an 1301.Xr ath 4 1302wireless device in station mode with an address obtained 1303via DHCP, using WPA authentication and 802.11b mode, it is 1304possible to use something like: 1305.Bd -literal 1306wlans_ath0="wlan0" 1307ifconfig_wlan0="DHCP WPA mode 11b" 1308.Ed 1309.Pp 1310In addition to the 1311.Va ifconfig_ Ns Aq Ar interface 1312form, a fallback variable 1313.Va ifconfig_DEFAULT 1314may be configured. 1315It will be used for all interfaces with no 1316.Va ifconfig_ Ns Aq Ar interface 1317variable. 1318This is intended to replace the no longer supported 1319.Va pccard_ifconfig 1320variable. 1321.Pp 1322It is also possible to rename an interface by doing: 1323.Bd -literal 1324ifconfig_ed0_name="net0" 1325ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1326.Ed 1327.It Va ipv6_enable 1328.Pq Vt bool 1329This variable is deprecated. 1330Use 1331.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1332and 1333.Va ipv6_activate_all_interfaces 1334if necessary. 1335.Pp 1336If the variable is 1337.Dq Li YES , 1338.Dq Li inet6 accept_rtadv 1339is added to all of 1340.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1341and the 1342.Va ipv6_activate_all_interfaces 1343is defined as 1344.Dq Li YES . 1345.It Va ipv6_prefer 1346.Pq Vt bool 1347This variable is deprecated. 1348Use 1349.Va ip6addrctl_policy 1350instead. 1351.Pp 1352If the variable is 1353.Dq Li YES , 1354the default address selection policy table set by 1355.Xr ip6addrctl 8 1356will be IPv6-preferred. 1357.Pp 1358If the variable is 1359.Dq Li NO , 1360the default address selection policy table set by 1361.Xr ip6addrctl 8 1362will be IPv4-preferred. 1363.It Va ipv6_activate_all_interfaces 1364.Pq Vt bool 1365This controls initial configuration on IPv6-capable 1366interfaces with no corresponding 1367.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1368variable. 1369Note that it is not always necessary to set this variable to 1370.Dq YES 1371to use IPv6 functionality on 1372.Fx . 1373In most cases, just configuring 1374.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1375variables works. 1376.Pp 1377If the variable is 1378.Dq Li NO , 1379all interfaces which do not have a corresponding 1380.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1381variable will be marked as 1382.Dq Li IFDISABLED 1383at creation. 1384This means that all of IPv6 functionality on that interface 1385is completely disabled to enforce a security policy. 1386If the variable is set to 1387.Dq YES , 1388the flag will be cleared on all of the interfaces. 1389.Pp 1390In most cases, just defining an 1391.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1392for an IPv6-capable interface should be sufficient. 1393However, if an interface is added dynamically 1394.Pq by some tunneling protocols such as PPP, for example , 1395it is often difficult to define the variable in advance. 1396In such a case, configuring the 1397.Dq Li IFDISABLED 1398flag can be disabled by setting this variable to 1399.Dq YES . 1400.Pp 1401For more details of the 1402.Dq Li IFDISABLED 1403flag and keywords 1404.Dq Li inet6 ifdisabled , 1405see 1406.Xr ifconfig 8 . 1407.Pp 1408Default is 1409.Dq Li NO . 1410.It Va ipv6_privacy 1411.Pq Vt bool 1412If the variable is 1413.Dq Li YES 1414privacy addresses will be generated for each IPv6 1415interface as described in RFC 4941. 1416.It Va ipv6_network_interfaces 1417.Pq Vt str 1418This is the IPv6 equivalent of 1419.Va network_interfaces . 1420Normally manual configuration of this variable is not needed. 1421.Pp 1422.It Va ipv6_cpe_wanif 1423.Pq Vt str 1424If the variable is set to an interface name, 1425the 1426.Xr ifconfig 8 1427options 1428.Dq inet6 -no_radr accept_rtadv 1429will be added to the specified interface automatically before evaluating 1430.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1431and two 1432.Xr sysctl 8 1433variables 1434.Va net.inet6.ip6.rfc6204w3 1435and 1436.Va net.inet6.ip6.no_radr 1437will be set to 1. 1438.Pp 1439This means the specified interface will accept ICMPv6 Router 1440Advertisement messages on that link and add the discovered 1441routers into the Default Router List. 1442While the other interfaces can still accept RA messages if the 1443.Dq inet6 accept_rtadv 1444option is specified, adding 1445routes into the Default Router List will be disabled by 1446.Dq inet6 no_radr 1447option by default. 1448See 1449.Xr ifconfig 8 1450for more details. 1451.Pp 1452Note that ICMPv6 Router Advertisement messages will be 1453accepted even when 1454.Va net.inet6.ip6.forwarding 1455is 1 1456.Pq packet forwarding is enabled 1457when 1458.Va net.inet6.ip6.rfc6204w3 1459is set to 1. 1460.Pp 1461Default is 1462.Dq Li NO . 1463.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1464.Pq Vt str 1465IPv6 functionality on an interface should be configured by 1466.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1467instead of setting ifconfig parameters in 1468.Va ifconfig_ Ns Aq Ar interface . 1469If this variable is empty, all of IPv6 configurations on the 1470specified interface by other variables such as 1471.Va ipv6_prefix_ Ns Ao Ar interface Ac 1472will be ignored. 1473.Pp 1474Aliases should be set by 1475.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1476with 1477.Dq Li inet6 1478keyword. 1479For example: 1480.Bd -literal 1481ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1482ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1483.Ed 1484.Pp 1485Interfaces that have an 1486.Dq Li inet6 accept_rtadv 1487keyword in 1488.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1489setting will be automatically configured by SLAAC 1490.Pq StateLess Address AutoConfiguration 1491described in 1492.Rs 1493.%T "RFC 4862" 1494.Re 1495.Pp 1496Note that a link-local address will be automatically configured in 1497addition to the configured global-scope addresses because the IPv6 1498specifications require it on each link. 1499The address is calculated from the MAC address by using an algorithm 1500defined in 1501.Rs 1502.%T "RFC 4862" 1503.%O "Section 5.3" 1504.Re 1505.Pp 1506If only a link-local address is needed on the interface, 1507the following configuration can be used: 1508.Bd -literal 1509ifconfig_ed0_ipv6="inet6 auto_linklocal" 1510.Ed 1511.Pp 1512A link-local address can also be configured manually. 1513This is useful for the default router address of an IPv6 router 1514so that it does not change when the network interface 1515card is replaced. 1516For example: 1517.Bd -literal 1518ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1519.Ed 1520.It Va ipv6_prefix_ Ns Aq Ar interface 1521.Pq Vt str 1522If one or more prefixes are defined in 1523.Va ipv6_prefix_ Ns Aq Ar interface 1524addresses based on each prefix and the EUI-64 interface index will be 1525configured on that interface. 1526Note that this variable will be ignored when 1527.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1528is empty. 1529.Pp 1530For example, the following configuration 1531.Bd -literal 1532ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1533.Ed 1534.Pp 1535is equivalent to the following: 1536.Bd -literal 1537ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1538ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1539ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1540ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1541.Ed 1542.Pp 1543These Subnet-Router anycast addresses will be added only when 1544.Va ipv6_gateway_enable 1545is YES. 1546.It Va ipv6_default_interface 1547.Pq Vt str 1548If not set to 1549.Dq Li NO , 1550this is the default output interface for scoped addresses. 1551This works only with ipv6_gateway_enable="NO". 1552.It Va ip6addrctl_enable 1553.Pq Vt bool 1554This variable is to enable configuring default address selection policy table 1555.Pq RFC 3484 . 1556The table can be specified in another variable 1557.Va ip6addrctl_policy . 1558For 1559.Va ip6addrctl_policy 1560the following keywords can be specified: 1561.Dq Li ipv4_prefer , 1562.Dq Li ipv6_prefer , 1563or 1564.Dq Li AUTO . 1565.Pp 1566If 1567.Dq Li ipv4_prefer 1568or 1569.Dq Li ipv6_prefer 1570is specified, 1571.Xr ip6addrctl 8 1572installs a pre-defined policy table described in Section 2.1 1573.Pq IPv6-preferred 1574or 10.3 1575.Pq IPv4-preferred 1576of RFC 3484. 1577.Pp 1578If 1579.Dq Li AUTO 1580is specified, it attempts to read a file 1581.Pa /etc/ip6addrctl.conf 1582first. 1583If this file is found, 1584.Xr ip6addrctl 8 1585reads and installs it. 1586If not found, a policy is automatically set 1587according to 1588.Va ipv6_activate_all_interfaces 1589variable; if the variable is set to 1590.Dq Li YES 1591the IPv6-preferred one is used. 1592Otherwise IPv4-preferred. 1593.Pp 1594The default value of 1595.Va ip6addrctl_enable 1596and 1597.Va ip6addrctl_policy 1598are 1599.Dq Li YES 1600and 1601.Dq Li AUTO , 1602respectively. 1603.It Va cloned_interfaces 1604.Pq Vt str 1605Set to the list of clonable network interfaces to create on this host. 1606Further cloning arguments may be passed to the 1607.Xr ifconfig 8 1608.Cm create 1609command for each interface by setting the 1610.Va create_args_ Ns Aq Ar interface 1611variable. 1612Entries in 1613.Va cloned_interfaces 1614are automatically appended to 1615.Va network_interfaces 1616for configuration. 1617.It Va fec_interfaces 1618.Pq Vt str 1619Set to the list of 1620.Xr ng_fec 4 1621Fast EtherChannel interfaces to configure on this host. 1622A 1623.Va fecconfig_ Ns Aq Ar interface 1624variable is assumed to exist for each value of 1625.Ar interface . 1626The value of this variable is used to configure link aggregated interfaces 1627according to the syntax of the 1628.Cm NGM_FEC_ADD_IFACE 1629to 1630.Xr ngctl 8 1631msg. 1632Additionally, this option ensures that each listed interface is created 1633via the 1634.Cm mkpeer 1635command to 1636.Xr ngctl 8 1637before attempting to configure it. 1638For example: 1639.Bd -literal 1640fec_interfaces="fec0" 1641fecconfig_fec0="em0 em1" 1642ifconfig_fec0="DHCP" 1643.Ed 1644.It Va gif_interfaces 1645.Pq Vt str 1646Set to the list of 1647.Xr gif 4 1648tunnel interfaces to configure on this host. 1649A 1650.Va gifconfig_ Ns Aq Ar interface 1651variable is assumed to exist for each value of 1652.Ar interface . 1653The value of this variable is used to configure the link layer of the 1654tunnel according to the syntax of the 1655.Cm tunnel 1656option to 1657.Xr ifconfig 8 . 1658Additionally, this option ensures that each listed interface is created 1659via the 1660.Cm create 1661option to 1662.Xr ifconfig 8 1663before attempting to configure it. 1664.It Va sppp_interfaces 1665.Pq Vt str 1666Set to the list of 1667.Xr sppp 4 1668interfaces to configure on this host. 1669A 1670.Va spppconfig_ Ns Aq Ar interface 1671variable is assumed to exist for each value of 1672.Ar interface . 1673Each interface should also be configured by a general 1674.Va ifconfig_ Ns Aq Ar interface 1675setting. 1676Refer to 1677.Xr spppcontrol 8 1678for more information about available options. 1679.It Va ppp_enable 1680.Pq Vt bool 1681If set to 1682.Dq Li YES , 1683run the 1684.Xr ppp 8 1685daemon. 1686.It Va ppp_profile 1687.Pq Vt str 1688The name of the profile to use from 1689.Pa /etc/ppp/ppp.conf . 1690Also used for per-profile overrides of 1691.Va ppp_mode 1692and 1693.Va ppp_nat , 1694and 1695.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1696When the profile name contains any of the characters 1697.Dq Li .-/+ 1698they are translated to 1699.Dq Li _ 1700for the proposes of the override variable names. 1701.It Va ppp_mode 1702.Pq Vt str 1703Mode in which to run the 1704.Xr ppp 8 1705daemon. 1706.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1707.Pq Vt str 1708Overrides the global 1709.Va ppp_mode 1710for 1711.Ar profile . 1712Accepted modes are 1713.Dq Li auto , 1714.Dq Li ddial , 1715.Dq Li direct 1716and 1717.Dq Li dedicated . 1718See the manual for a full description. 1719.It Va ppp_nat 1720.Pq Vt bool 1721If set to 1722.Dq Li YES , 1723enables network address translation. 1724Used in conjunction with 1725.Va gateway_enable 1726allows hosts on private network addresses access to the Internet using 1727this host as a network address translating router. 1728.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1729.Pq Vt str 1730Overrides the global 1731.Va ppp_nat 1732for 1733.Ar profile . 1734.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1735.Pq Vt int 1736Set the unit number to be used for this profile. 1737See the manual description of 1738.Fl unit Ns Ar N 1739for details. 1740.It Va ppp_user 1741.Pq Vt str 1742The name of the user under which 1743.Xr ppp 8 1744should be started. 1745By 1746default, 1747.Xr ppp 8 1748is started as 1749.Dq Li root . 1750.It Va rc_conf_files 1751.Pq Vt str 1752This option is used to specify a list of files that will override 1753the settings in 1754.Pa /etc/defaults/rc.conf . 1755The files will be read in the order in which they are specified and should 1756include the full path to the file. 1757By default, the files specified are 1758.Pa /etc/rc.conf 1759and 1760.Pa /etc/rc.conf.local 1761.It Va zfs_enable 1762.Pq Vt bool 1763If set to 1764.Dq Li YES , 1765.Pa /etc/rc.d/zfs 1766will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1767(ZVOLs). 1768.It Va gptboot_enable 1769.Pq Vt bool 1770If set to 1771.Dq Li YES , 1772.Pa /etc/rc.d/gptboot 1773will log if the system successfully (or not) booted from a GPT partition, 1774which had the 1775.Ar bootonce 1776attribute set using 1777.Xr gpart 8 1778utility. 1779.It Va gbde_autoattach_all 1780.Pq Vt bool 1781If set to 1782.Dq Li YES , 1783.Pa /etc/rc.d/gbde 1784will attempt to automatically initialize your .bde devices in 1785.Pa /etc/fstab . 1786.It Va gbde_devices 1787.Pq Vt str 1788List the devices that the script should try to attach, 1789or 1790.Dq Li AUTO . 1791.It Va gbde_lockdir 1792.Pq Vt str 1793The directory where the 1794.Xr gbde 4 1795lockfiles are located. 1796The default lockfile directory is 1797.Pa /etc . 1798.Pp 1799The lockfile for each individual 1800.Xr gbde 4 1801device can be overridden by setting the variable 1802.Va gbde_lock_ Ns Aq Ar device , 1803where 1804.Ar device 1805is the encrypted device without the 1806.Dq Pa /dev/ 1807and 1808.Dq Pa .bde 1809parts. 1810.It Va gbde_attach_attempts 1811.Pq Vt int 1812Number of times to attempt attaching to a 1813.Xr gbde 4 1814device, i.e., how many times the user is asked for the pass-phrase. 1815Default is 3. 1816.It Va geli_devices 1817.Pq Vt str 1818List of devices to automatically attach on boot. 1819Note that .eli devices from 1820.Pa /etc/fstab 1821are automatically appended to this list. 1822.It Va geli_tries 1823.Pq Vt int 1824Number of times user is asked for the pass-phrase. 1825If empty, it will be taken from 1826.Va kern.geom.eli.tries 1827sysctl variable. 1828.It Va geli_default_flags 1829.Pq Vt str 1830Default flags to use by 1831.Xr geli 8 1832when configuring disk encryption. 1833Flags can be configured for every device separately by defining 1834.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1835variable. 1836.It Va geli_autodetach 1837.Pq Vt str 1838Specifies if GELI devices should be marked for detach on last close after 1839file systems are mounted. 1840Default is 1841.Dq Li YES . 1842This can be changed for every device separately by defining 1843.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1844variable. 1845.It Va geli_swap_flags 1846Options passed to the 1847.Xr geli 8 1848utility when encrypted GEOM providers for swap partitions are created. 1849The default is 1850.Dq Li "-e aes -l 256 -s 4096 -d" . 1851.It Va root_rw_mount 1852.Pq Vt bool 1853Set to 1854.Dq Li YES 1855by default. 1856After the file systems are checked at boot time, the root file system 1857is remounted as read-write if this is set to 1858.Dq Li YES . 1859Diskless systems that mount their root file system from a read-only remote 1860NFS share should set this to 1861.Dq Li NO 1862in their 1863.Pa rc.conf . 1864.It Va fsck_y_enable 1865.Pq Vt bool 1866If set to 1867.Dq Li YES , 1868.Xr fsck 8 1869will be run with the 1870.Fl y 1871flag if the initial preen 1872of the file systems fails. 1873.It Va background_fsck 1874.Pq Vt bool 1875If set to 1876.Dq Li YES , 1877the system will attempt to run 1878.Xr fsck 8 1879in the background where possible. 1880.It Va background_fsck_delay 1881.Pq Vt int 1882The amount of time in seconds to sleep before starting a background 1883.Xr fsck 8 . 1884It defaults to sixty seconds to allow large applications such as 1885the X server to start before disk I/O bandwidth is monopolized by 1886.Xr fsck 8 . 1887If set to a negative number, the background file system check will be 1888delayed indefinitely to allow the administrator to run it at a more 1889convenient time. 1890For example it may be run from 1891.Xr cron 8 1892by adding a line like 1893.Pp 1894.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1895.Pp 1896to 1897.Pa /etc/crontab . 1898.It Va netfs_types 1899.Pq Vt str 1900List of file system types that are network-based. 1901This list should generally not be modified by end users. 1902Use 1903.Va extra_netfs_types 1904instead. 1905.It Va extra_netfs_types 1906.Pq Vt str 1907If set to something other than 1908.Dq Li NO 1909(the default), 1910this variable extends the list of file system types 1911for which automatic mounting at startup by 1912.Xr rc 8 1913should be delayed until the network is initialized. 1914It should contain 1915a whitespace-separated list of network file system descriptor pairs, 1916each consisting of a file system type as passed to 1917.Xr mount 8 1918and a human-readable, one-word description, 1919joined with a colon 1920.Pq Ql \&: . 1921Extending the default list in this way is only necessary 1922when third party file system types are used. 1923.It Va syslogd_enable 1924.Pq Vt bool 1925If set to 1926.Dq Li YES , 1927run the 1928.Xr syslogd 8 1929daemon. 1930.It Va syslogd_program 1931.Pq Vt str 1932Path to 1933.Xr syslogd 8 1934(default 1935.Pa /usr/sbin/syslogd ) . 1936.It Va syslogd_flags 1937.Pq Vt str 1938If 1939.Va syslogd_enable 1940is set to 1941.Dq Li YES , 1942these are the flags to pass to 1943.Xr syslogd 8 . 1944.It Va inetd_enable 1945.Pq Vt bool 1946If set to 1947.Dq Li YES , 1948run the 1949.Xr inetd 8 1950daemon. 1951.It Va inetd_program 1952.Pq Vt str 1953Path to 1954.Xr inetd 8 1955(default 1956.Pa /usr/sbin/inetd ) . 1957.It Va inetd_flags 1958.Pq Vt str 1959If 1960.Va inetd_enable 1961is set to 1962.Dq Li YES , 1963these are the flags to pass to 1964.Xr inetd 8 . 1965.It Va hastd_enable 1966.Pq Vt bool 1967If set to 1968.Dq Li YES , 1969run the 1970.Xr hastd 8 1971daemon. 1972.It Va hastd_program 1973.Pq Vt str 1974Path to 1975.Xr hastd 8 1976(default 1977.Pa /sbin/hastd ) . 1978.It Va hastd_flags 1979.Pq Vt str 1980If 1981.Va hastd_enable 1982is set to 1983.Dq Li YES , 1984these are the flags to pass to 1985.Xr hastd 8 . 1986.It Va named_enable 1987.Pq Vt bool 1988If set to 1989.Dq Li YES , 1990run the 1991.Xr named 8 1992daemon. 1993.It Va named_program 1994.Pq Vt str 1995Path to 1996.Xr named 8 1997(default 1998.Pa /usr/sbin/named ) . 1999.It Va named_conf 2000.Pq Vt str 2001Path to 2002.Xr named 8 2003configuration file, (default 2004.Pa /etc/namedb/named.conf ) . 2005.It Va named_flags 2006.Pq Vt str 2007If 2008.Va named_enable 2009is set to 2010.Dq Li YES , 2011these are the flags to pass to 2012.Xr named 8 . 2013.It Va named_uid 2014.Pq Vt str 2015The user that the 2016.Xr named 8 2017process should be run as. 2018.It Va named_chrootdir 2019.Pq Vt str 2020The root directory for a name server run in a 2021.Xr chroot 8 2022environment (default 2023.Pa /var/named ) . 2024If left empty 2025.Xr named 8 2026will not be run in a 2027.Xr chroot 8 2028environment. 2029.It Va named_chroot_autoupdate 2030.Pq Vt bool 2031Set to 2032.Dq Li NO 2033to disable automatic update of the 2034.Xr chroot 8 2035environment. 2036.It Va named_symlink_enable 2037.Pq Vt bool 2038Set to 2039.Dq Li NO 2040to disable symlinking of 2041daemon's PID file 2042into the 2043.Xr chroot 8 2044environment. 2045.It Va named_wait 2046.Pq Vt bool 2047Set to have 2048.Pa /etc/rc.d/named 2049loop until working name service is established. 2050.It Va named_wait_host 2051.Pq Vt str 2052Name of host to lookup for the named_wait option. 2053(Default localhost) 2054.It Va named_auto_forward 2055.Pq Vt bool 2056Set to enable automatic creation of a forwarder 2057configuration file derived from 2058.Pa /etc/resolv.conf . 2059.It Va named_auto_forward_only 2060.Pq Vt bool 2061Set to change the default forwarder configuration from 2062.Dq forward first 2063to 2064.Dq forward only . 2065.It Va kerberos5_server_enable 2066.Pq Vt bool 2067Set to 2068.Dq Li YES 2069to start a Kerberos 5 authentication server 2070at boot time. 2071.It Va kerberos5_server 2072.Pq Vt str 2073If 2074.Va kerberos5_server_enable 2075is set to 2076.Dq Li YES 2077this is the path to Kerberos 5 Authentication Server. 2078.It Va kerberos5_server_flags 2079.Pq Vt str 2080Empty by default. 2081This variable contains additional flags to be passed to the Kerberos 5 2082authentication server. 2083.It Va kadmind5_server_enable 2084.Pq Vt bool 2085Set to 2086.Dq Li YES 2087to start 2088.Xr kadmind 8 , 2089the Kerberos 5 Administration Daemon; set to 2090.Dq Li NO 2091on a slave server. 2092.It Va kadmind5_server 2093.Pq Vt str 2094If 2095.Va kadmind5_server_enable 2096is set to 2097.Dq Li YES 2098this is the path to Kerberos 5 Administration Daemon. 2099.It Va kpasswdd_server_enable 2100.Pq Vt bool 2101Set to 2102.Dq Li YES 2103to start 2104.Xr kpasswdd 8 , 2105the Kerberos 5 Password-Changing Daemon; set to 2106.Dq Li NO 2107on a slave server. 2108.It Va kpasswdd_server 2109.Pq Vt str 2110If 2111.Va kpasswdd_server_enable 2112is set to 2113.Dq Li YES 2114this is the path to Kerberos 5 Password-Changing Daemon. 2115.It Va kfd_enable 2116.Pq Vt bool 2117Set to 2118.Dq Li YES 2119to start 2120.Xr kfd 8 , 2121the Kerberos 5 ticket forwarding daemon, at the boot time. 2122.It Va kfd_program 2123.Pq Vt str 2124Path to 2125.Xr kfd 8 2126(default 2127.Pa /usr/libexec/kfd ) . 2128.It Va rwhod_enable 2129.Pq Vt bool 2130If set to 2131.Dq Li YES , 2132run the 2133.Xr rwhod 8 2134daemon at boot time. 2135.It Va rwhod_flags 2136.Pq Vt str 2137If 2138.Va rwhod_enable 2139is set to 2140.Dq Li YES , 2141these are the flags to pass to it. 2142.It Va amd_enable 2143.Pq Vt bool 2144If set to 2145.Dq Li YES , 2146run the 2147.Xr amd 8 2148daemon at boot time. 2149.It Va amd_flags 2150.Pq Vt str 2151If 2152.Va amd_enable 2153is set to 2154.Dq Li YES , 2155these are the flags to pass to it. 2156See the 2157.Xr amd 8 2158manpage for more information. 2159.It Va amd_map_program 2160.Pq Vt str 2161If set, 2162the specified program is run to get the list of 2163.Xr amd 8 2164maps. 2165For example, if the 2166.Xr amd 8 2167maps are stored in NIS, one can set this to 2168run 2169.Xr ypcat 1 2170to get a list of 2171.Xr amd 8 2172maps from the 2173.Pa amd.master 2174NIS map. 2175.It Va update_motd 2176.Pq Vt bool 2177If set to 2178.Dq Li YES , 2179.Pa /etc/motd 2180will be updated at boot time to reflect the kernel release 2181being run. 2182If set to 2183.Dq Li NO , 2184.Pa /etc/motd 2185will not be updated. 2186.It Va nfs_client_enable 2187.Pq Vt bool 2188If set to 2189.Dq Li YES , 2190run the NFS client daemons at boot time. 2191.It Va nfs_access_cache 2192.Pq Vt int 2193If 2194.Va nfs_client_enable 2195is set to 2196.Dq Li YES , 2197this can be set to 2198.Dq Li 0 2199to disable NFS ACCESS RPC caching, or to the number of seconds for which 2200NFS ACCESS 2201results should be cached. 2202A value of 2-10 seconds will substantially reduce network 2203traffic for many NFS operations. 2204.It Va nfs_server_enable 2205.Pq Vt bool 2206If set to 2207.Dq Li YES , 2208run the NFS server daemons at boot time. 2209.It Va nfs_server_flags 2210.Pq Vt str 2211If 2212.Va nfs_server_enable 2213is set to 2214.Dq Li YES , 2215these are the flags to pass to the 2216.Xr nfsd 8 2217daemon. 2218.It Va nfsv4_server_enable 2219.Pq Vt bool 2220If 2221.Va nfs_server_enable 2222is set to 2223.Dq Li YES 2224and 2225.Va nfsv4_server_enable 2226are set to 2227.Dq Li YES , 2228enable the server for NFSv4 as well as NFSv2 and NFSv3. 2229.It Va nfsuserd_enable 2230.Pq Vt bool 2231If 2232.Va nfsuserd_enable 2233is set to 2234.Dq Li YES , 2235run the nfsuserd daemon, which is needed for NFSv4 in order 2236to map between user/group names vs uid/gid numbers. 2237If 2238.Va nfsv4_server_enable 2239is set to 2240.Dq Li YES , 2241this will be forced enabled. 2242.It Va nfsuserd_flags 2243.Pq Vt str 2244If 2245.Va nfsuserd_enable 2246is set to 2247.Dq Li YES , 2248these are the flags to pass to the 2249.Xr nfsuserd 8 2250daemon. 2251.It Va nfscbd_enable 2252.Pq Vt bool 2253If 2254.Va nfscbd_enable 2255is set to 2256.Dq Li YES , 2257run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2258.It Va nfscbd_flags 2259.Pq Vt str 2260If 2261.Va nfscbd_enable 2262is set to 2263.Dq Li YES , 2264these are the flags to pass to the 2265.Xr nfscbd 8 2266daemon. 2267.It Va oldnfs_server_enable 2268.Pq Vt bool 2269If 2270.Va oldnfs_server_enable 2271is set to 2272.Dq Li YES , 2273force the NFS server daemons to run the old NFS server code 2274that does not support NFSv4. 2275.It Va mountd_enable 2276.Pq Vt bool 2277If set to 2278.Dq Li YES , 2279and no 2280.Va nfs_server_enable 2281is set, start 2282.Xr mountd 8 , 2283but not 2284.Xr nfsd 8 2285daemon. 2286It is commonly needed to run CFS without real NFS used. 2287.It Va mountd_flags 2288.Pq Vt str 2289If 2290.Va mountd_enable 2291is set to 2292.Dq Li YES , 2293these are the flags to pass to the 2294.Xr mountd 8 2295daemon. 2296.It Va weak_mountd_authentication 2297.Pq Vt bool 2298If set to 2299.Dq Li YES , 2300allow services like PCNFSD to make non-privileged mount 2301requests. 2302.It Va nfs_reserved_port_only 2303.Pq Vt bool 2304If set to 2305.Dq Li YES , 2306provide NFS services only on a secure port. 2307.It Va nfs_bufpackets 2308.Pq Vt int 2309If set to a number, indicates the number of packets worth of 2310socket buffer space to reserve on an NFS client. 2311The kernel default is typically 4. 2312Using a higher number may be 2313useful on gigabit networks to improve performance. 2314The minimum value is 23152 and the maximum is 64. 2316.It Va rpc_lockd_enable 2317.Pq Vt bool 2318If set to 2319.Dq Li YES 2320and also an NFS server or client, run 2321.Xr rpc.lockd 8 2322at boot time. 2323.It Va rpc_lockd_flags 2324.Pq Vt str 2325If 2326.Va rpc_lockd_enable 2327is set to 2328.Dq Li YES , 2329these are the flags to pass to the 2330.Xr rpc.lockd 8 2331daemon. 2332.It Va rpc_statd_enable 2333.Pq Vt bool 2334If set to 2335.Dq Li YES 2336and also an NFS server or client, run 2337.Xr rpc.statd 8 2338at boot time. 2339.It Va rpc_statd_flags 2340.Pq Vt str 2341If 2342.Va rpc_statd_enable 2343is set to 2344.Dq Li YES , 2345these are the flags to pass to the 2346.Xr rpc.statd 8 2347daemon. 2348.It Va rpcbind_program 2349.Pq Vt str 2350Path to 2351.Xr rpcbind 8 2352(default 2353.Pa /usr/sbin/rpcbind ) . 2354.It Va rpcbind_enable 2355.Pq Vt bool 2356If set to 2357.Dq Li YES , 2358run the 2359.Xr rpcbind 8 2360service at boot time. 2361.It Va rpcbind_flags 2362.Pq Vt str 2363If 2364.Va rpcbind_enable 2365is set to 2366.Dq Li YES , 2367these are the flags to pass to the 2368.Xr rpcbind 8 2369daemon. 2370.It Va keyserv_enable 2371.Pq Vt bool 2372If set to 2373.Dq Li YES , 2374run the 2375.Xr keyserv 8 2376daemon on boot for running Secure RPC. 2377.It Va keyserv_flags 2378.Pq Vt str 2379If 2380.Va keyserv_enable 2381is set to 2382.Dq Li YES , 2383these are the flags to pass to 2384.Xr keyserv 8 2385daemon. 2386.It Va pppoed_enable 2387.Pq Vt bool 2388If set to 2389.Dq Li YES , 2390run the 2391.Xr pppoed 8 2392daemon at boot time to provide PPP over Ethernet services. 2393.It Va pppoed_ Ns Aq Ar provider 2394.Pq Vt str 2395.Xr pppoed 8 2396listens to requests to this 2397.Ar provider 2398and ultimately runs 2399.Xr ppp 8 2400with a 2401.Ar system 2402argument of the same name. 2403.It Va pppoed_flags 2404.Pq Vt str 2405Additional flags to pass to 2406.Xr pppoed 8 . 2407.It Va pppoed_interface 2408.Pq Vt str 2409The network interface to run 2410.Xr pppoed 8 2411on. 2412This is mandatory when 2413.Va pppoed_enable 2414is set to 2415.Dq Li YES . 2416.It Va timed_enable 2417.Pq Vt bool 2418If set to 2419.Dq Li YES , 2420run the 2421.Xr timed 8 2422service at boot time. 2423This command is intended for networks of 2424machines where a consistent 2425.Dq "network time" 2426for all hosts must be established. 2427This is often useful in large NFS 2428environments where time stamps on files are expected to be consistent 2429network-wide. 2430.It Va timed_flags 2431.Pq Vt str 2432If 2433.Va timed_enable 2434is set to 2435.Dq Li YES , 2436these are the flags to pass to the 2437.Xr timed 8 2438service. 2439.It Va ntpdate_enable 2440.Pq Vt bool 2441If set to 2442.Dq Li YES , 2443run 2444.Xr ntpdate 8 2445at system startup. 2446This command is intended to 2447synchronize the system clock only 2448.Em once 2449from some standard reference. 2450An option to set this up initially 2451(from a list of known servers) is also provided by the 2452.Xr sysinstall 8 2453program when the system is first installed. 2454.It Va ntpdate_config 2455.Pq Vt str 2456Configuration file for 2457.Xr ntpdate 8 . 2458Default 2459.Pa /etc/ntp.conf . 2460.It Va ntpdate_hosts 2461.Pq Vt str 2462A whitespace-separated list of NTP servers to synchronize with at startup. 2463The default is to use the servers listed in 2464.Va ntpdate_config , 2465if that file exists. 2466.It Va ntpdate_program 2467.Pq Vt str 2468Path to 2469.Xr ntpdate 8 2470(default 2471.Pa /usr/sbin/ntpdate ) . 2472.It Va ntpdate_flags 2473.Pq Vt str 2474If 2475.Va ntpdate_enable 2476is set to 2477.Dq Li YES , 2478these are the flags to pass to the 2479.Xr ntpdate 8 2480command (typically a hostname). 2481.It Va ntpd_enable 2482.Pq Vt bool 2483If set to 2484.Dq Li YES , 2485run the 2486.Xr ntpd 8 2487command at boot time. 2488.It Va ntpd_program 2489.Pq Vt str 2490Path to 2491.Xr ntpd 8 2492(default 2493.Pa /usr/sbin/ntpd ) . 2494.It Va ntpd_config 2495.Pq Vt str 2496Path to 2497.Xr ntpd 8 2498configuration file. 2499Default 2500.Pa /etc/ntp.conf . 2501.It Va ntpd_flags 2502.Pq Vt str 2503If 2504.Va ntpd_enable 2505is set to 2506.Dq Li YES , 2507these are the flags to pass to the 2508.Xr ntpd 8 2509daemon. 2510.It Va ntpd_sync_on_start 2511.Pq Vt bool 2512If set to 2513.Dq Li YES , 2514.Xr ntpd 8 2515is run with the 2516.Fl g 2517flag, which syncs the system's clock on startup. 2518See 2519.Xr ntpd 8 2520for more information regarding the 2521.Fl g 2522option. 2523This is a preferred alternative to using 2524.Xr ntpdate 8 2525or specifying the 2526.Va ntpdate_enable 2527variable. 2528.It Va nis_client_enable 2529.Pq Vt bool 2530If set to 2531.Dq Li YES , 2532run the 2533.Xr ypbind 8 2534service at system boot time. 2535.It Va nis_client_flags 2536.Pq Vt str 2537If 2538.Va nis_client_enable 2539is set to 2540.Dq Li YES , 2541these are the flags to pass to the 2542.Xr ypbind 8 2543service. 2544.It Va nis_ypset_enable 2545.Pq Vt bool 2546If set to 2547.Dq Li YES , 2548run the 2549.Xr ypset 8 2550daemon at system boot time. 2551.It Va nis_ypset_flags 2552.Pq Vt str 2553If 2554.Va nis_ypset_enable 2555is set to 2556.Dq Li YES , 2557these are the flags to pass to the 2558.Xr ypset 8 2559daemon. 2560.It Va nis_server_enable 2561.Pq Vt bool 2562If set to 2563.Dq Li YES , 2564run the 2565.Xr ypserv 8 2566daemon at system boot time. 2567.It Va nis_server_flags 2568.Pq Vt str 2569If 2570.Va nis_server_enable 2571is set to 2572.Dq Li YES , 2573these are the flags to pass to the 2574.Xr ypserv 8 2575daemon. 2576.It Va nis_ypxfrd_enable 2577.Pq Vt bool 2578If set to 2579.Dq Li YES , 2580run the 2581.Xr rpc.ypxfrd 8 2582daemon at system boot time. 2583.It Va nis_ypxfrd_flags 2584.Pq Vt str 2585If 2586.Va nis_ypxfrd_enable 2587is set to 2588.Dq Li YES , 2589these are the flags to pass to the 2590.Xr rpc.ypxfrd 8 2591daemon. 2592.It Va nis_yppasswdd_enable 2593.Pq Vt bool 2594If set to 2595.Dq Li YES , 2596run the 2597.Xr rpc.yppasswdd 8 2598daemon at system boot time. 2599.It Va nis_yppasswdd_flags 2600.Pq Vt str 2601If 2602.Va nis_yppasswdd_enable 2603is set to 2604.Dq Li YES , 2605these are the flags to pass to the 2606.Xr rpc.yppasswdd 8 2607daemon. 2608.It Va rpc_ypupdated_enable 2609.Pq Vt bool 2610If set to 2611.Dq Li YES , 2612run the 2613.Nm rpc.ypupdated 2614daemon at system boot time. 2615.It Va bsnmpd_enable 2616.Pq Vt bool 2617If set to 2618.Dq Li YES , 2619run the 2620.Xr bsnmpd 1 2621daemon at system boot time. 2622Be sure to understand the security implications of running SNMP daemon 2623on your host. 2624.It Va bsnmpd_flags 2625.Pq Vt str 2626If 2627.Va bsnmpd_enable 2628is set to 2629.Dq Li YES , 2630these are the flags to pass to the 2631.Xr bsnmpd 1 2632daemon. 2633.It Va defaultrouter 2634.Pq Vt str 2635If not set to 2636.Dq Li NO , 2637create a default route to this host name or IP address 2638(use an IP address if this router is also required to get to the 2639name server!). 2640.It Va ipv6_defaultrouter 2641.Pq Vt str 2642The IPv6 equivalent of 2643.Va defaultrouter . 2644.It Va static_arp_pairs 2645.Pq Vt str 2646Set to the list of static ARP pairs that are to be added at system 2647boot time. 2648For each whitespace separated 2649.Ar element 2650in the value, a 2651.Va static_arp_ Ns Aq Ar element 2652variable is assumed to exist whose contents will later be passed to a 2653.Dq Nm arp Cm -S 2654operation. 2655For example 2656.Bd -literal 2657static_arp_pairs="gw" 2658static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2659.Ed 2660.It Va static_ndp_pairs 2661.Pq Vt str 2662Set to the list of static NDP pairs that are to be added at system 2663boot time. 2664For each whitespace separated 2665.Ar element 2666in the value, a 2667.Va static_ndp_ Ns Aq Ar element 2668variable is assumed to exist whose contents will later be passed to a 2669.Dq Nm ndp Cm -s 2670operation. 2671For example 2672.Bd -literal 2673static_ndp_pairs="gw" 2674static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2675.Ed 2676.It Va static_routes 2677.Pq Vt str 2678Set to the list of static routes that are to be added at system 2679boot time. 2680If not set to 2681.Dq Li NO 2682then for each whitespace separated 2683.Ar element 2684in the value, a 2685.Va route_ Ns Aq Ar element 2686variable is assumed to exist 2687whose contents will later be passed to a 2688.Dq Nm route Cm add 2689operation. 2690For example: 2691.Bd -literal 2692static_routes="mcast gif0local" 2693route_mcast="-net 224.0.0.0/4 -iface gif0" 2694route_gif0local="-host 169.254.1.1 -iface lo0" 2695.Ed 2696.It Va ipv6_static_routes 2697.Pq Vt str 2698The IPv6 equivalent of 2699.Va static_routes . 2700If not set to 2701.Dq Li NO 2702then for each whitespace separated 2703.Ar element 2704in the value, a 2705.Va ipv6_route_ Ns Aq Ar element 2706variable is assumed to exist 2707whose contents will later be passed to a 2708.Dq Nm route Cm add Fl inet6 2709operation. 2710.It Va natm_static_routes 2711.Pq Vt str 2712The 2713.Xr natmip 4 2714equivalent of 2715.Va static_routes . 2716If not empty then for each whitespace separated 2717.Ar element 2718in the value, a 2719.Va route_ Ns Aq Ar element 2720variable is assumed to exist whose contents will later be passed to a 2721.Dq Nm atmconfig Cm natm Cm add 2722operation. 2723.It Va gateway_enable 2724.Pq Vt bool 2725If set to 2726.Dq Li YES , 2727configure host to act as an IP router, e.g.\& to forward packets 2728between interfaces. 2729.It Va ipv6_gateway_enable 2730.Pq Vt bool 2731The IPv6 equivalent of 2732.Va gateway_enable . 2733.It Va routed_enable 2734.Pq Vt bool 2735If set to 2736.Dq Li YES , 2737run a routing daemon of some sort, based on the 2738settings of 2739.Va routed_program 2740and 2741.Va routed_flags . 2742.It Va route6d_enable 2743.Pq Vt bool 2744The IPv6 equivalent of 2745.Va routed_enable . 2746If set to 2747.Dq Li YES , 2748run a routing daemon of some sort, based on the 2749settings of 2750.Va route6d_program 2751and 2752.Va route6d_flags . 2753.It Va routed_program 2754.Pq Vt str 2755If 2756.Va routed_enable 2757is set to 2758.Dq Li YES , 2759this is the name of the routing daemon to use. 2760.It Va route6d_program 2761.Pq Vt str 2762The IPv6 equivalent of 2763.Va routed_program . 2764.It Va routed_flags 2765.Pq Vt str 2766If 2767.Va routed_enable 2768is set to 2769.Dq Li YES , 2770these are the flags to pass to the routing daemon. 2771.It Va route6d_flags 2772.Pq Vt str 2773The IPv6 equivalent of 2774.Va routed_flags . 2775.It Va mrouted_enable 2776.Pq Vt bool 2777If set to 2778.Dq Li YES , 2779run the multicast routing daemon, 2780.Xr mrouted 8 . 2781.It Va mroute6d_enable 2782.Pq Vt bool 2783The IPv6 equivalent of 2784.Va mrouted_enable . 2785If set to 2786.Dq Li YES , 2787run the IPv6 multicast routing daemon. 2788.Pp 2789Note that multicast routing daemons are no longer included in the 2790.Fx 2791base system, however, both 2792.Xr mrouted 8 2793and 2794.Xr pim6dd 8 2795may be installed from the 2796.Fx 2797Ports Collection. 2798.It Va mrouted_flags 2799.Pq Vt str 2800If 2801.Va mrouted_enable 2802is set to 2803.Dq Li YES , 2804these are the flags to pass to the 2805.Xr mrouted 8 2806daemon. 2807.It Va mroute6d_flags 2808.Pq Vt str 2809The IPv6 equivalent of 2810.Va mrouted_flags . 2811If 2812.Va mroute6d_enable 2813is set to 2814.Dq Li YES , 2815these are the flags passed to the IPv6 multicast routing daemon. 2816.It Va mroute6d_program 2817.Pq Vt str 2818If 2819.Va mroute6d_enable 2820is set to 2821.Dq Li YES , 2822this is the path to the IPv6 multicast routing daemon. 2823.It Va rtadvd_enable 2824.Pq Vt bool 2825If set to 2826.Dq Li YES , 2827run the 2828.Xr rtadvd 8 2829daemon at boot time. 2830The 2831.Xr rtadvd 8 2832utility sends ICMPv6 Router Advertisement messages to 2833the interfaces specified in 2834.Va rtadvd_interfaces . 2835This should only be enabled with great care. 2836You may want to fine-tune 2837.Xr rtadvd.conf 5 . 2838.It Va rtadvd_interfaces 2839.Pq Vt str 2840If 2841.Va rtadvd_enable 2842is set to 2843.Dq Li YES 2844this is the list of interfaces to use. 2845.It Va ipxgateway_enable 2846.Pq Vt bool 2847If set to 2848.Dq Li YES , 2849enable the routing of IPX traffic. 2850.It Va ipxrouted_enable 2851.Pq Vt bool 2852If set to 2853.Dq Li YES , 2854run the 2855.Xr IPXrouted 8 2856daemon at system boot time. 2857.It Va ipxrouted_flags 2858.Pq Vt str 2859If 2860.Va ipxrouted_enable 2861is set to 2862.Dq Li YES , 2863these are the flags to pass to the 2864.Xr IPXrouted 8 2865daemon. 2866.It Va arpproxy_all 2867.Pq Vt bool 2868If set to 2869.Dq Li YES , 2870enable global proxy ARP. 2871.It Va forward_sourceroute 2872.Pq Vt bool 2873If set to 2874.Dq Li YES 2875and 2876.Va gateway_enable 2877is also set to 2878.Dq Li YES , 2879source-routed packets are forwarded. 2880.It Va accept_sourceroute 2881.Pq Vt bool 2882If set to 2883.Dq Li YES , 2884the system will accept source-routed packets directed at it. 2885.It Va rarpd_enable 2886.Pq Vt bool 2887If set to 2888.Dq Li YES , 2889run the 2890.Xr rarpd 8 2891daemon at system boot time. 2892.It Va rarpd_flags 2893.Pq Vt str 2894If 2895.Va rarpd_enable 2896is set to 2897.Dq Li YES , 2898these are the flags to pass to the 2899.Xr rarpd 8 2900daemon. 2901.It Va bootparamd_enable 2902.Pq Vt bool 2903If set to 2904.Dq Li YES , 2905run the 2906.Xr bootparamd 8 2907daemon at system boot time. 2908.It Va bootparamd_flags 2909.Pq Vt str 2910If 2911.Va bootparamd_enable 2912is set to 2913.Dq Li YES , 2914these are the flags to pass to the 2915.Xr bootparamd 8 2916daemon. 2917.It Va stf_interface_ipv4addr 2918.Pq Vt str 2919If not set to 2920.Dq Li NO , 2921this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2922interface). 2923Specify this entry to enable the 6to4 interface. 2924.It Va stf_interface_ipv4plen 2925.Pq Vt int 2926Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2927An effective value is 0-31. 2928.It Va stf_interface_ipv6_ifid 2929.Pq Vt str 2930IPv6 interface ID for 2931.Xr stf 4 . 2932This can be set to 2933.Dq Li AUTO . 2934.It Va stf_interface_ipv6_slaid 2935.Pq Vt str 2936IPv6 Site Level Aggregator for 2937.Xr stf 4 . 2938.It Va ipv6_faith_prefix 2939.Pq Vt str 2940If not set to 2941.Dq Li NO , 2942this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2943translator. 2944You also need 2945.Xr faithd 8 2946setup. 2947.It Va ipv6_ipv4mapping 2948.Pq Vt bool 2949If set to 2950.Dq Li YES 2951this enables IPv4 mapped IPv6 address communication (like 2952.Li ::ffff:a.b.c.d ) . 2953.It Va rtsold_enable 2954.Pq Vt bool 2955Set to 2956.Dq Li YES 2957to enable the 2958.Xr rtsold 8 2959daemon to send ICMPv6 Router Solicitation messages. 2960.It Va rtsold_flags 2961.Pq Vt str 2962If 2963.Va rtsold_enable 2964is set to 2965.Dq Li YES , 2966these are the flags to pass to 2967.Xr rtsold 8 . 2968.It Va rtsol_flags 2969.Pq Vt str 2970For interfaces configured with the 2971.Dq Li inet6 accept_rtadv 2972keyword, these are the flags to pass to 2973.Xr rtsol 8 . 2974.Pp 2975Note that 2976.Va rtsold_enable 2977is mutually exclusive to 2978.Va rtsol_flags ; 2979.Va rtsold_enable 2980takes precedence. 2981.It Va atm_enable 2982.Pq Vt bool 2983Set to 2984.Dq Li YES 2985to enable the configuration of ATM interfaces at system boot time. 2986For all of the ATM variables described below, please refer to the 2987.Xr atm 8 2988manual page for further details on the available command parameters. 2989Also refer to the files in 2990.Pa /usr/share/examples/atm 2991for more detailed configuration information. 2992.It Va atm_load 2993.Pq Vt str 2994This is a list of physical ATM interface drivers to load. 2995Typical values are 2996.Dq Li hfa_pci 2997and/or 2998.Dq Li hea_pci . 2999.It Va atm_netif_ Ns Aq Ar intf 3000.Pq Vt str 3001For the ATM physical interface 3002.Ar intf , 3003this variable defines the name prefix and count for the ATM network 3004interfaces to be created. 3005The value will be passed as the parameters of an 3006.Dq Nm atm Cm "set netif" Ar intf 3007command. 3008.It Va atm_sigmgr_ Ns Aq Ar intf 3009.Pq Vt str 3010For the ATM physical interface 3011.Ar intf , 3012this variable defines the ATM signalling manager to be used. 3013The value will be passed as the parameters of an 3014.Dq Nm atm Cm attach Ar intf 3015command. 3016.It Va atm_prefix_ Ns Aq Ar intf 3017.Pq Vt str 3018For the ATM physical interface 3019.Ar intf , 3020this variable defines the NSAP prefix for interfaces using a UNI signalling 3021manager. 3022If set to 3023.Dq Li ILMI , 3024the prefix will automatically be set via the 3025.Xr ilmid 8 3026daemon. 3027Otherwise, the value will be passed as the parameters of an 3028.Dq Nm atm Cm "set prefix" Ar intf 3029command. 3030.It Va atm_macaddr_ Ns Aq Ar intf 3031.Pq Vt str 3032For the ATM physical interface 3033.Ar intf , 3034this variable defines the MAC address for interfaces using a UNI signalling 3035manager. 3036If set to 3037.Dq Li NO , 3038the hardware MAC address contained in the ATM interface card will be used. 3039Otherwise, the value will be passed as the parameters of an 3040.Dq Nm atm Cm "set mac" Ar intf 3041command. 3042.It Va atm_arpserver_ Ns Aq Ar netif 3043.Pq Vt str 3044For the ATM network interface 3045.Ar netif , 3046this variable defines the ATM address for a host which is to provide ATMARP 3047service. 3048This variable is only applicable to interfaces using a UNI signalling 3049manager. 3050If set to 3051.Dq Li local , 3052this host will become an ATMARP server. 3053The value will be passed as the parameters of an 3054.Dq Nm atm Cm "set arpserver" Ar netif 3055command. 3056.It Va atm_scsparp_ Ns Aq Ar netif 3057.Pq Vt bool 3058If set to 3059.Dq Li YES , 3060SCSP/ATMARP service for the network interface 3061.Ar netif 3062will be initiated using the 3063.Xr scspd 8 3064and 3065.Xr atmarpd 8 3066daemons. 3067This variable is only applicable if 3068.Va atm_arpserver_ Ns Aq Ar netif 3069is set to 3070.Dq Li local . 3071.It Va atm_pvcs 3072.Pq Vt str 3073Set to the list of ATM PVCs to be added at system 3074boot time. 3075For each whitespace separated 3076.Ar element 3077in the value, an 3078.Va atm_pvc_ Ns Aq Ar element 3079variable is assumed to exist. 3080The value of each of these variables 3081will be passed as the parameters of an 3082.Dq Nm atm Cm "add pvc" 3083command. 3084.It Va atm_arps 3085.Pq Vt str 3086Set to the list of permanent ATM ARP entries to be added 3087at system boot time. 3088For each whitespace separated 3089.Ar element 3090in the value, an 3091.Va atm_arp_ Ns Aq Ar element 3092variable is assumed to exist. 3093The value of each of these variables 3094will be passed as the parameters of an 3095.Dq Nm atm Cm "add arp" 3096command. 3097.It Va natm_interfaces 3098.Pq Vt str 3099Set to the list of 3100.Xr natm 4 3101interfaces that will also be used for HARP through 3102.Xr harp 4 . 3103If this list is not empty all interfaces in the list will be brought up 3104with 3105.Xr ifconfig 8 3106and 3107.Xr harp 4 3108will be loaded. 3109For this to work the interface drivers must be either compiled into the 3110kernel or must reside on the root partition. 3111.It Va keybell 3112.Pq Vt str 3113The keyboard bell sound. 3114Set to 3115.Dq Li normal , 3116.Dq Li visual , 3117.Dq Li off , 3118or 3119.Dq Li NO 3120if the default behavior is desired. 3121For details, refer to the 3122.Xr kbdcontrol 1 3123manpage. 3124.It Va keyboard 3125.Pq Vt str 3126If set to a non-null string, the virtual console's keyboard input is 3127set to this device. 3128.It Va keymap 3129.Pq Vt str 3130If set to 3131.Dq Li NO , 3132no keymap is installed, otherwise the value is used to install 3133the keymap file in 3134.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3135.It Va keyrate 3136.Pq Vt str 3137The keyboard repeat speed. 3138Set to 3139.Dq Li slow , 3140.Dq Li normal , 3141.Dq Li fast , 3142or 3143.Dq Li NO 3144if the default behavior is desired. 3145.It Va keychange 3146.Pq Vt str 3147If not set to 3148.Dq Li NO , 3149attempt to program the function keys with the value. 3150The value should 3151be a single string of the form: 3152.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3153.It Va cursor 3154.Pq Vt str 3155Can be set to the value of 3156.Dq Li normal , 3157.Dq Li blink , 3158.Dq Li destructive , 3159or 3160.Dq Li NO 3161to set the cursor behavior explicitly or choose the default behavior. 3162.It Va scrnmap 3163.Pq Vt str 3164If set to 3165.Dq Li NO , 3166no screen map is installed, otherwise the value is used to install 3167the screen map file in 3168.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3169.It Va font8x16 3170.Pq Vt str 3171If set to 3172.Dq Li NO , 3173the default 8x16 font value is used for screen size requests, otherwise 3174the value in 3175.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3176is used. 3177.It Va font8x14 3178.Pq Vt str 3179If set to 3180.Dq Li NO , 3181the default 8x14 font value is used for screen size requests, otherwise 3182the value in 3183.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3184is used. 3185.It Va font8x8 3186.Pq Vt str 3187If set to 3188.Dq Li NO , 3189the default 8x8 font value is used for screen size requests, otherwise 3190the value in 3191.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3192is used. 3193.It Va blanktime 3194.Pq Vt int 3195If set to 3196.Dq Li NO , 3197the default screen blanking interval is used, otherwise it is set 3198to 3199.Ar value 3200seconds. 3201.It Va saver 3202.Pq Vt str 3203If not set to 3204.Dq Li NO , 3205this is the actual screen saver to use 3206.Li ( blank , snake , daemon , 3207etc). 3208.It Va moused_nondefault_enable 3209.Pq Vt str 3210If set to 3211.Dq Li NO , 3212the mouse device specified on 3213the command line is not automatically treated as enabled by the 3214.Pa /etc/rc.d/moused 3215script. 3216Having this variable set to 3217.Dq Li YES 3218allows a 3219.Xr usb 4 3220mouse, 3221for example, 3222to be enabled as soon as it is plugged in. 3223.It Va moused_enable 3224.Pq Vt str 3225If set to 3226.Dq Li YES , 3227the 3228.Xr moused 8 3229daemon is started for doing cut/paste selection on the console. 3230.It Va moused_type 3231.Pq Vt str 3232This is the protocol type of the mouse connected to this host. 3233This variable must be set if 3234.Va moused_enable 3235is set to 3236.Dq Li YES . 3237The 3238.Xr moused 8 3239daemon 3240is able to detect the appropriate mouse type automatically in many cases. 3241Set this variable to 3242.Dq Li auto 3243to let the daemon detect it, or 3244select one from the following list if the automatic detection fails. 3245.Pp 3246If the mouse is attached to the PS/2 mouse port, choose 3247.Dq Li auto 3248or 3249.Dq Li ps/2 , 3250regardless of the brand and model of the mouse. 3251Likewise, if the 3252mouse is attached to the bus mouse port, choose 3253.Dq Li auto 3254or 3255.Dq Li busmouse . 3256All other protocols are for serial mice and will not work with 3257the PS/2 and bus mice. 3258If this is a USB mouse, 3259.Dq Li auto 3260is the only protocol type which will work. 3261.Pp 3262.Bl -tag -width ".Li x10mouseremote" -compact 3263.It Li microsoft 3264Microsoft mouse (serial) 3265.It Li intellimouse 3266Microsoft IntelliMouse (serial) 3267.It Li mousesystems 3268Mouse systems Corp.\& mouse (serial) 3269.It Li mmseries 3270MM Series mouse (serial) 3271.It Li logitech 3272Logitech mouse (serial) 3273.It Li busmouse 3274A bus mouse 3275.It Li mouseman 3276Logitech MouseMan and TrackMan (serial) 3277.It Li glidepoint 3278ALPS GlidePoint (serial) 3279.It Li thinkingmouse 3280Kensington ThinkingMouse (serial) 3281.It Li ps/2 3282PS/2 mouse 3283.It Li mmhittab 3284MM HitTablet (serial) 3285.It Li x10mouseremote 3286X10 MouseRemote (serial) 3287.It Li versapad 3288Interlink VersaPad (serial) 3289.El 3290.Pp 3291Even if the mouse is not in the above list, it may be compatible 3292with one in the list. 3293Refer to the manual page for 3294.Xr moused 8 3295for compatibility information. 3296.Pp 3297It should also be noted that while this is enabled, any 3298other client of the mouse (such as an X server) should access 3299the mouse through the virtual mouse device, 3300.Pa /dev/sysmouse , 3301and configure it as a 3302.Dq Li sysmouse 3303type mouse, since all 3304mouse data is converted to this single canonical format when 3305using 3306.Xr moused 8 . 3307If the client program does not support the 3308.Dq Li sysmouse 3309type, 3310specify the 3311.Dq Li mousesystems 3312type. 3313It is the second preferred type. 3314.It Va moused_port 3315.Pq Vt str 3316If 3317.Va moused_enable 3318is set to 3319.Dq Li YES , 3320this is the actual port the mouse is on. 3321It might be 3322.Pa /dev/cuad0 3323for a COM1 serial mouse, 3324.Pa /dev/psm0 3325for a PS/2 mouse or 3326.Pa /dev/mse0 3327for a bus mouse, for example. 3328.It Va moused_flags 3329.Pq Vt str 3330If 3331.Va moused_flags 3332is set, its value is used as an additional set of flags to pass to the 3333.Xr moused 8 3334daemon. 3335.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3336When 3337.Va moused_nondefault_enable 3338is enabled, and a 3339.Xr moused 8 3340daemon is started for a non-default port, the 3341.Va "moused_" Ns Ar XXX Ns Va "_flags" 3342set of options has precedence over and replaces the default 3343.Va moused_flags 3344(where 3345.Ar XXX 3346is the name of the non-default port, i.e.,\& 3347.Ar ums0 ) . 3348By setting 3349.Va "moused_" Ns Ar XXX Ns Va "_flags" 3350it is possible to set up a different set of default flags for each 3351.Xr moused 8 3352instance. 3353For example, you can use 3354.Dq Li "-3" 3355for the default 3356.Va moused_flags 3357to make your laptop's touchpad more comfortable to use, 3358but an empty set of options for 3359.Va moused_ums0_flags 3360when your 3361.Xr usb 4 3362mouse has three or more buttons. 3363.It Va mousechar_start 3364.Pq Vt int 3365If set to 3366.Dq Li NO , 3367the default mouse cursor character range 3368.Li 0xd0 Ns - Ns Li 0xd3 3369is used, 3370otherwise the range start is set 3371to 3372.Ar value 3373character, see 3374.Xr vidcontrol 1 . 3375Use if the default range is occupied in the language code table. 3376.It Va allscreens_flags 3377.Pq Vt str 3378If set, 3379.Xr vidcontrol 1 3380is run with these options for each of the virtual terminals 3381.Pq Pa /dev/ttyv* . 3382For example, 3383.Dq Fl m Cm on 3384will enable the mouse pointer on all virtual terminals 3385if 3386.Va moused_enable 3387is set to 3388.Dq Li YES . 3389.It Va allscreens_kbdflags 3390.Pq Vt str 3391If set, 3392.Xr kbdcontrol 1 3393is run with these options for each of the virtual terminals 3394.Pq Pa /dev/ttyv* . 3395For example, 3396.Dq Fl h Li 200 3397will set the 3398.Xr syscons 4 3399scrollback (history) buffer to 200 lines. 3400.It Va cron_enable 3401.Pq Vt bool 3402If set to 3403.Dq Li YES , 3404run the 3405.Xr cron 8 3406daemon at system boot time. 3407.It Va cron_program 3408.Pq Vt str 3409Path to 3410.Xr cron 8 3411(default 3412.Pa /usr/sbin/cron ) . 3413.It Va cron_flags 3414.Pq Vt str 3415If 3416.Va cron_enable 3417is set to 3418.Dq Li YES , 3419these are the flags to pass to 3420.Xr cron 8 . 3421.It Va cron_dst 3422.Pq Vt bool 3423If set to 3424.Dq Li YES , 3425enable the special handling of transitions to and from the 3426Daylight Saving Time in 3427.Xr cron 8 3428(equivalent to using the flag 3429.Fl s ) . 3430.It Va lpd_program 3431.Pq Vt str 3432Path to 3433.Xr lpd 8 3434(default 3435.Pa /usr/sbin/lpd ) . 3436.It Va lpd_enable 3437.Pq Vt bool 3438If set to 3439.Dq Li YES , 3440run the 3441.Xr lpd 8 3442daemon at system boot time. 3443.It Va lpd_flags 3444.Pq Vt str 3445If 3446.Va lpd_enable 3447is set to 3448.Dq Li YES , 3449these are the flags to pass to the 3450.Xr lpd 8 3451daemon. 3452.It Va chkprintcap_enable 3453.Pq Vt bool 3454If set to 3455.Dq Li YES , 3456run the 3457.Xr chkprintcap 8 3458command before starting the 3459.Xr lpd 8 3460daemon. 3461.It Va chkprintcap_flags 3462.Pq Vt str 3463If 3464.Va lpd_enable 3465and 3466.Va chkprintcap_enable 3467are set to 3468.Dq Li YES , 3469these are the flags to pass to the 3470.Xr chkprintcap 8 3471program. 3472The default is 3473.Dq Li -d , 3474which causes missing directories to be created. 3475.It Va mta_start_script 3476.Pq Vt str 3477This variable specifies the full path to the script to run to start 3478a mail transfer agent. 3479The default is 3480.Pa /etc/rc.sendmail . 3481The 3482.Va sendmail_* 3483variables which 3484.Pa /etc/rc.sendmail 3485uses are documented in the 3486.Xr rc.sendmail 8 3487manual page. 3488.It Va dumpdev 3489.Pq Vt str 3490Indicates the device (usually a swap partition) to which a crash dump 3491should be written in the event of a system crash. 3492If the value of this variable is 3493.Dq Li AUTO , 3494the first suitable swap device listed in 3495.Pa /etc/fstab 3496will be used as dump device. 3497Otherwise, the value of this variable is passed as the argument to 3498.Xr dumpon 8 . 3499To disable crash dumps, set this variable to 3500.Dq Li NO . 3501.It Va dumpdir 3502.Pq Vt str 3503When the system reboots after a crash and a crash dump is found on the 3504device specified by the 3505.Va dumpdev 3506variable, 3507.Xr savecore 8 3508will save that crash dump and a copy of the kernel to the directory 3509specified by the 3510.Va dumpdir 3511variable. 3512The default value is 3513.Pa /var/crash . 3514Set to 3515.Dq Li NO 3516to not run 3517.Xr savecore 8 3518at boot time when 3519.Va dumpdir 3520is set. 3521.It Va savecore_flags 3522.Pq Vt str 3523If crash dumps are enabled, these are the flags to pass to the 3524.Xr savecore 8 3525utility. 3526.It Va quota_enable 3527.Pq Vt bool 3528Set to 3529.Dq Li YES 3530to turn on user and group disk quotas on system startup via the 3531.Xr quotaon 8 3532command for all file systems marked as having quotas enabled in 3533.Pa /etc/fstab . 3534The kernel must be built with 3535.Cd "options QUOTA" 3536for disk quotas to function. 3537.It Va check_quotas 3538.Pq Vt bool 3539Set to 3540.Dq Li YES 3541to enable user and group disk quota checking via the 3542.Xr quotacheck 8 3543command. 3544.It Va quotacheck_flags 3545.Pq Vt str 3546If 3547.Va quota_enable 3548is set to 3549.Dq Li YES , 3550and 3551.Va check_quotas 3552is set to 3553.Dq Li YES , 3554these are the flags to pass to the 3555.Xr quotacheck 8 3556utility. 3557The default is 3558.Dq Li "-a" , 3559which checks quotas for all file systems with quotas enabled in 3560.Pa /etc/fstab . 3561.It Va quotaon_flags 3562.Pq Vt str 3563If 3564.Va quota_enable 3565is set to 3566.Dq Li YES , 3567these are the flags to pass to the 3568.Xr quotaon 8 3569utility. 3570The default is 3571.Dq Li "-a" , 3572which enables quotas for all file systems with quotas enabled in 3573.Pa /etc/fstab . 3574.It Va quotaoff_flags 3575.Pq Vt str 3576If 3577.Va quota_enable 3578is set to 3579.Dq Li YES , 3580these are the flags to pass to the 3581.Xr quotaoff 8 3582utility when shutting down the quota system. 3583The default is 3584.Dq Li "-a" , 3585which disables quotas for all file systems with quotas enabled in 3586.Pa /etc/fstab . 3587.It Va accounting_enable 3588.Pq Vt bool 3589Set to 3590.Dq Li YES 3591to enable system accounting through the 3592.Xr accton 8 3593facility. 3594.It Va ibcs2_enable 3595.Pq Vt bool 3596Set to 3597.Dq Li YES 3598to enable iBCS2 (SCO) binary emulation at system initial boot 3599time. 3600.It Va ibcs2_loaders 3601.Pq Vt str 3602If not set to 3603.Dq Li NO 3604and if 3605.Va ibcs2_enable 3606is set to 3607.Dq Li YES , 3608this specifies a list of additional iBCS2 loaders to enable. 3609.It Va linux_enable 3610.Pq Vt bool 3611Set to 3612.Dq Li YES 3613to enable Linux/ELF binary emulation at system initial 3614boot time. 3615.It Va svr4_enable 3616.Pq Vt bool 3617If set to 3618.Dq Li YES , 3619enable SysVR4 emulation at boot time. 3620.It Va sysvipc_enable 3621.Pq Vt bool 3622If set to 3623.Dq Li YES , 3624load System V IPC primitives at boot time. 3625.It Va clear_tmp_enable 3626.Pq Vt bool 3627Set to 3628.Dq Li YES 3629to have 3630.Pa /tmp 3631cleaned at startup. 3632.It Va clear_tmp_X 3633.Pq Vt bool 3634Set to 3635.Dq Li NO 3636to disable removing of X11 lock files, 3637and the removal and (secure) recreation 3638of the various socket directories for X11 3639related programs. 3640.It Va ldconfig_paths 3641.Pq Vt str 3642Set to the list of shared library paths to use with 3643.Xr ldconfig 8 . 3644NOTE: 3645.Pa /usr/lib 3646will always be added first, so it need not appear in this list. 3647.It Va ldconfig32_paths 3648.Pq Vt str 3649Set to the list of 32-bit compatibility shared library paths to 3650use with 3651.Xr ldconfig 8 . 3652.It Va ldconfig_paths_aout 3653.Pq Vt str 3654Set to the list of shared library paths to use with 3655.Xr ldconfig 8 3656legacy 3657.Xr a.out 5 3658support. 3659.It Va ldconfig_insecure 3660.Pq Vt bool 3661The 3662.Xr ldconfig 8 3663utility normally refuses to use directories 3664which are writable by anyone except root. 3665Set this variable to 3666.Dq Li YES 3667to disable that security check during system startup. 3668.It Va ldconfig_local_dirs 3669.Pq Vt str 3670Set to the list of local 3671.Xr ldconfig 8 3672directories. 3673The names of all files in the directories listed will be 3674passed as arguments to 3675.Xr ldconfig 8 . 3676.It Va ldconfig_local32_dirs 3677.Pq Vt str 3678Set to the list of local 32-bit compatibility 3679.Xr ldconfig 8 3680directories. 3681The names of all files in the directories listed will be 3682passed as arguments to 3683.Dq Nm ldconfig Fl 32 . 3684.It Va kern_securelevel_enable 3685.Pq Vt bool 3686Set to 3687.Dq Li YES 3688to set the kernel security level at system startup. 3689.It Va kern_securelevel 3690.Pq Vt int 3691The kernel security level to set at startup. 3692The allowed range of 3693.Ar value 3694ranges from \-1 (the compile time default) to 3 (the 3695most secure). 3696See 3697.Xr security 7 3698for the list of possible security levels and their effect 3699on system operation. 3700.It Va sshd_program 3701.Pq Vt str 3702Path to the SSH server program 3703.Pa ( /usr/sbin/sshd 3704is the default). 3705.It Va sshd_enable 3706.Pq Vt bool 3707Set to 3708.Dq Li YES 3709to start 3710.Xr sshd 8 3711at system boot time. 3712.It Va sshd_flags 3713.Pq Vt str 3714If 3715.Va sshd_enable 3716is set to 3717.Dq Li YES , 3718these are the flags to pass to the 3719.Xr sshd 8 3720daemon. 3721.It Va ftpd_program 3722.Pq Vt str 3723Path to the FTP server program 3724.Pa ( /usr/libexec/ftpd 3725is the default). 3726.It Va ftpd_enable 3727.Pq Vt bool 3728Set to 3729.Dq Li YES 3730to start 3731.Xr ftpd 8 3732as a stand-alone daemon at system boot time. 3733.It Va ftpd_flags 3734.Pq Vt str 3735If 3736.Va ftpd_enable 3737is set to 3738.Dq Li YES , 3739these are the additional flags to pass to the 3740.Xr ftpd 8 3741daemon. 3742.It Va watchdogd_enable 3743.Pq Vt bool 3744If set to 3745.Dq Li YES , 3746start the 3747.Xr watchdogd 8 3748daemon at boot time. 3749This requires that the kernel have been compiled with a 3750.Xr watchdog 4 3751compatible device. 3752.It Va watchdogd_flags 3753.Pq Vt str 3754If 3755.Va watchdogd_enable 3756is set to 3757.Dq Li YES , 3758these are the flags passed to the 3759.Xr watchdogd 8 3760daemon. 3761.It Va devfs_rulesets 3762.Pq Vt str 3763List of files containing sets of rules for 3764.Xr devfs 8 . 3765.It Va devfs_system_ruleset 3766.Pq Vt str 3767Rule name(s) to apply to the system 3768.Pa /dev 3769itself. 3770.It Va devfs_set_rulesets 3771.Pq Vt str 3772Pairs of already-mounted 3773.Pa dev 3774directories and rulesets that should be applied to them. 3775For example: /mount/dev=ruleset_name 3776.It Va devfs_load_rulesets 3777.Pq Vt bool 3778If set, always load the default rulesets listed in 3779.Va devfs_rulesets . 3780.It Va performance_cx_lowest 3781.Pq Vt str 3782CPU idle state to use while on AC power. 3783The string 3784.Dq Li LOW 3785indicates that 3786.Xr acpi 4 3787should use the lowest power state available while 3788.Dq Li HIGH 3789indicates that the lowest latency state (less power savings) should be used. 3790.It Va performance_cpu_freq 3791.Pq Vt str 3792CPU clock frequency to use while on AC power. 3793The string 3794.Dq Li LOW 3795indicates that 3796.Xr cpufreq 4 3797should use the lowest frequency available while 3798.Dq Li HIGH 3799indicates that the highest frequency (less power savings) should be used. 3800.It Va economy_cx_lowest 3801.Pq Vt str 3802CPU idle state to use when off AC power. 3803The string 3804.Dq Li LOW 3805indicates that 3806.Xr acpi 4 3807should use the lowest power state available while 3808.Dq Li HIGH 3809indicates that the lowest latency state (less power savings) should be used. 3810.It Va economy_cpu_freq 3811.Pq Vt str 3812CPU clock frequency to use when off AC power. 3813The string 3814.Dq Li LOW 3815indicates that 3816.Xr cpufreq 4 3817should use the lowest frequency available while 3818.Dq Li HIGH 3819indicates that the highest frequency (less power savings) should be used. 3820.It Va jail_enable 3821.Pq Vt bool 3822If set to 3823.Dq Li NO , 3824any configured jails will not be started. 3825.It Va jail_parallel_start 3826.Pq Vt bool 3827If set to 3828.Dq Li YES , 3829all configured jails will be started in the background (in parallel). 3830.It Va jail_list 3831.Pq Vt str 3832A space separated list of names for jails. 3833This is purely a configuration aid to help identify and 3834configure multiple jails. 3835The names specified in this list will be used to 3836identify settings common to an instance of a jail, 3837and should contain alphanumeric characters only. 3838Assuming that the jail in question was named 3839.Li vjail , 3840you would have the following dependent variables: 3841.Bd -literal 3842jail_vjail_hostname="jail.example.com" 3843jail_vjail_ip="192.0.2.100" 3844jail_vjail_rootdir="/var/jails/vjail/root" 3845.Ed 3846.Pp 3847.It Va jail_flags 3848.Pq Vt str 3849Unset by default. 3850When set, use as default value for 3851.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3852for every jail in 3853.Va jail_list . 3854.It Va jail_interface 3855.Pq Vt str 3856Unset by default. 3857When set, use as default value for 3858.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3859for every jail in 3860.Va jail_list . 3861.It Va jail_fstab 3862.Pq Vt str 3863Unset by default. 3864When set, use as default value for 3865.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3866for every jail in 3867.Va jail_list . 3868.It Va jail_mount_enable 3869.Pq Vt bool 3870Set to 3871.Dq Li NO 3872by default. 3873When set to 3874.Dq Li YES , 3875sets 3876.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3877to 3878.Dq Li YES 3879by default for every jail in 3880.Va jail_list . 3881.It Va jail_devfs_ruleset 3882.Pq Vt str 3883Unset by default. 3884When set, sets 3885.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3886to given value for every jail in 3887.Va jail_list . 3888.It Va jail_devfs_enable 3889.Pq Vt bool 3890Set to 3891.Dq Li NO 3892by default. 3893When set to 3894.Dq Li YES , 3895sets 3896.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3897to 3898.Dq Li YES 3899by default for every jail in 3900.Va jail_list . 3901.It Va jail_fdescfs_enable 3902.Pq Vt bool 3903Set to 3904.Dq Li NO 3905by default. 3906When set to 3907.Dq Li YES , 3908sets 3909.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3910to 3911.Dq Li YES 3912by default for every jail in 3913.Va jail_list . 3914.It Va jail_procfs_enable 3915.Pq Vt bool 3916Set to 3917.Dq Li NO 3918by default. 3919When set to 3920.Dq Li YES , 3921sets 3922.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3923to 3924.Dq Li YES 3925by default for every jail in 3926.Va jail_list . 3927.It Va jail_exec_prestart Ns Aq Ar N 3928.Pq Vt str 3929Unset by default. 3930When set, use as default value for 3931.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3932for every jail in 3933.Va jail_list . 3934.It Va jail_exec_start 3935.Pq Vt str 3936Unset by default. 3937When set, use as default value for 3938.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3939for every jail in 3940.Va jail_list . 3941.It Va jail_exec_afterstart Ns Aq Ar N 3942.Pq Vt str 3943Unset by default. 3944When set, use as default value for 3945.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3946for every jail in 3947.Va jail_list . 3948.It Va jail_exec_poststart Ns Aq Ar N 3949.Pq Vt str 3950Unset by default. 3951When set, use as default value for 3952.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 3953for every jail in 3954.Va jail_list . 3955.It Va jail_exec_prestop Ns Aq Ar N 3956.Pq Vt str 3957Unset by default. 3958When set, use as default value for 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 3960for every jail in 3961.Va jail_list . 3962.It Va jail_exec_stop 3963Unset by default. 3964When set, use as default value for 3965.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3966for every jail in 3967.Va jail_list . 3968.It Va jail_exec_poststop Ns Aq Ar N 3969.Pq Vt str 3970Unset by default. 3971When set, use as default value for 3972.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 3973for every jail in 3974.Va jail_list . 3975.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3976.Pq Vt str 3977Unset by default. 3978Set to the root directory used by jail 3979.Va jname . 3980.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3981.Pq Vt str 3982Unset by default. 3983Set to the fully qualified domain name (FQDN) assigned to jail 3984.Va jname . 3985.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3986.Pq Vt str 3987Unset by default. 3988Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 3989The argument can be a sole address or a comma separated list of addresses. 3990Additionally each address can be prefixed by the name of an interface 3991followed by a pipe to overwrite 3992.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3993or 3994.Va jail_interface 3995and/or suffixed by a netmask, prefixlen or prefix. 3996In case no netmask, prefixlen or prefix is given, 3997.Sq /32 3998will be used for IPv4 and 3999.Sq /128 4000will be used for an IPv6 address. 4001If no address is given for the jail then the jail will be started with 4002no networking support. 4003.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4004.Pq Vt str 4005Unset by default. 4006Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 4007The sequence starts with 4008.Dq Li _multi0 4009and the numbers have to be strictly ascending. 4010These entries follow the same syntax as their primary 4011.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4012entry. 4013The order of the entries can be important as the first address for 4014each address family found will be the primary address of the jail. 4015See 4016.Va ip-addresses 4017option in 4018.Xr jail 8 4019for more details. 4020.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4021.Pq Vt str 4022Set to 4023.Dq Li -l -U root 4024by default. 4025These are flags to pass to 4026.Xr jail 8 . 4027.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4028.Pq Vt str 4029Unset by default. 4030When set, sets the interface to use when setting IP address alias. 4031Note that the alias is created at jail startup and removed at jail shutdown. 4032.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4033.Pq Vt str 4034Unset by default. 4035When set, the jail is started with the specified forwarding table (sometimes 4036referred to as a routing table) via 4037.Xr setfib 1 . 4038.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4039.Pq Vt str 4040Set to 4041.Pa /etc/fstab. Ns Aq Ar jname 4042by default. 4043This is the file system information file to use for jail 4044.Va jname . 4045.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4046.Pq Vt bool 4047Set to 4048.Dq Li NO 4049by default. 4050When set to 4051.Dq Li YES , 4052mount all file systems from 4053.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4054at jail startup. 4055.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 4056.Pq Vt str 4057Unset by default. 4058When set, defines the device file system ruleset file to use for jail 4059.Va jname . 4060.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4061.Pq Vt bool 4062Set to 4063.Dq Li NO 4064by default. 4065When set to 4066.Dq Li YES , 4067mount the device file system inside jail 4068.Ar jname 4069at jail startup. 4070.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4071.Pq Vt bool 4072Set to 4073.Dq Li NO 4074by default. 4075When set to 4076.Dq Li YES , 4077mount the file-descriptor file system inside jail 4078.Ar jname 4079at jail startup. 4080.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 4081.Pq Vt bool 4082Set to 4083.Dq Li NO 4084by default. 4085When set to 4086.Dq Li YES , 4087mount the process file system inside jail 4088.Ar jname 4089at jail startup. 4090.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 4091.Pq Vt str 4092Unset by default. 4093This is the command run as 4094.Ar N Ns 4095th command 4096before jail startup, where 4097.Ar N 4098is 0, 1, and so on. 4099It is run outside the jail. 4100.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4101.Pq Vt str 4102Set to 4103.Dq Li /bin/sh /etc/rc 4104by default. 4105This is the command executed in a jail at jail startup. 4106.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4107.Pq Vt str 4108Unset by default. 4109This is the command run as 4110.Ar N Ns 4111th command 4112in a jail 4113after jail startup, where 4114.Ar N 4115is 1, 2, and so on. 4116.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4117.Pq Vt str 4118Unset by default. 4119This is the command run as 4120.Ar N Ns 4121th command 4122after jail startup, where 4123.Ar N 4124is 0, 1, and so on. 4125It is run outside the jail. 4126.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4127.Pq Vt str 4128Unset by default. 4129This is the command run as 4130.Ar N Ns 4131th command 4132before jail shutdown, where 4133.Ar N 4134is 0, 1, and so on. 4135It is run outside the jail. 4136.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4137.Pq Vt str 4138Set to 4139.Dq Li /bin/sh /etc/rc.shutdown 4140by default. 4141This is the command executed in a jail at jail shutdown. 4142.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4143.Pq Vt str 4144Unset by default. 4145This is the command run as 4146.Ar N Ns 4147th command 4148after jail shutdown, where 4149.Ar N 4150is 0, 1, and so on. 4151It is run outside the jail. 4152.It Va jail_set_hostname_allow 4153.Pq Vt bool 4154If set to 4155.Dq Li NO , 4156do not allow the root user in a jail to set its hostname. 4157.It Va jail_socket_unixiproute_only 4158.Pq Vt bool 4159If set to 4160.Dq Li YES , 4161do not allow any sockets, 4162besides UNIX/IP/route sockets, 4163to be used within a jail. 4164.It Va jail_sysvipc_allow 4165.Pq Vt bool 4166If set to 4167.Dq Li YES , 4168allow applications within a jail to use System V IPC. 4169.\" ----------------------------------------------------- 4170.It Va harvest_interrupt 4171.Pq Vt bool 4172Set to 4173.Dq Li YES 4174to use hardware interrupts as an entropy source. 4175Refer to 4176.Xr random 4 4177for more information. 4178.It Va harvest_ethernet 4179.Pq Vt bool 4180Set to 4181.Dq Li YES 4182to use LAN traffic as an entropy source. 4183Refer to 4184.Xr random 4 4185for more information. 4186.It Va harvest_p_to_p 4187.Pq Vt bool 4188Set to 4189.Dq Li YES 4190to use serial line traffic as an entropy source. 4191Refer to 4192.Xr random 4 4193for more information. 4194.It Va entropy_dir 4195.Pq Vt str 4196Set to 4197.Dq Li NO 4198to disable caching entropy via 4199.Xr cron 8 . 4200Otherwise set to the directory used to store entropy files in. 4201.It Va entropy_file 4202.Pq Vt str 4203Set to 4204.Dq Li NO 4205to disable caching entropy through reboots. 4206Otherwise set to the filename used to store cached entropy through 4207reboots. 4208This file should be located on the root file system to seed the 4209.Xr random 4 4210device as early as possible in the boot process. 4211.It Va entropy_save_sz 4212.Pq Vt int 4213Size of the entropy cache files saved by 4214.Nm save-entropy 4215periodically. 4216.It Va entropy_save_num 4217.Pq Vt int 4218Number of entropy cache files to save by 4219.Nm save-entropy 4220periodically. 4221.It Va ipsec_enable 4222.Pq Vt bool 4223Set to 4224.Dq Li YES 4225to run 4226.Xr setkey 8 4227on 4228.Va ipsec_file 4229at boot time. 4230.It Va ipsec_file 4231.Pq Vt str 4232Configuration file for 4233.Xr setkey 8 . 4234.It Va dmesg_enable 4235.Pq Vt bool 4236Set to 4237.Dq Li YES 4238to save 4239.Xr dmesg 8 4240to 4241.Pa /var/run/dmesg.boot 4242on boot. 4243.It Va rcshutdown_timeout 4244.Pq Vt int 4245If set, start a watchdog timer in the background which will terminate 4246.Pa rc.shutdown 4247if 4248.Xr shutdown 8 4249has not completed within the specified time (in seconds). 4250Notice that in addition to this soft timeout, 4251.Xr init 8 4252also applies a hard timeout for the execution of 4253.Pa rc.shutdown . 4254This is configured via 4255.Xr sysctl 8 4256variable 4257.Va kern.init_shutdown_timeout 4258and defaults to 120 seconds. 4259Setting the value of 4260.Va rcshutdown_timeout 4261to more than 120 seconds will have no effect until the 4262.Xr sysctl 8 4263variable 4264.Va kern.init_shutdown_timeout 4265is also increased. 4266.It Va virecover_enable 4267.Pq Vt bool 4268Set to 4269.Dq Li NO 4270to prevent the system from trying to 4271recover pre-maturely terminated 4272.Xr vi 1 4273sessions. 4274.It Va ugidfw_enable 4275.Pq Vt bool 4276Set to 4277.Dq Li YES 4278to load the 4279.Xr mac_bsdextended 4 4280module upon system initialization and load a default 4281ruleset file. 4282.It Va bsdextended_script 4283.Pq Vt str 4284The default 4285.Xr mac_bsdextended 4 4286ruleset file to load. 4287The default value of this variable is 4288.Pa /etc/rc.bsdextended . 4289.It Va newsyslog_enable 4290.Pq Vt bool 4291If set to 4292.Dq Li YES , 4293run 4294.Xr newsyslog 8 4295command at startup. 4296.It Va newsyslog_flags 4297.Pq Vt str 4298If 4299.Va newsyslog_enable 4300is set to 4301.Dq Li YES , 4302these are the flags to pass to the 4303.Xr newsyslog 8 4304program. 4305The default is 4306.Dq Li -CN , 4307which causes log files flagged with a 4308.Cm C 4309to be created. 4310.It Va mdconfig_md Ns Aq Ar X 4311.Pq Vt str 4312Arguments to 4313.Xr mdconfig 8 4314for 4315.Xr md 4 4316device 4317.Ar X . 4318At minimum a 4319.Fl t Ar type 4320must be specified and either a 4321.Fl s Ar size 4322for malloc or swap backed 4323.Xr md 4 4324devices or a 4325.Fl f Ar file 4326for vnode backed 4327.Xr md 4 4328devices. 4329Note that 4330.Va mdconfig_md Ns Aq Ar X 4331variables are evaluated until one variable is unset or null. 4332.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4333.Pq Vt str 4334Optional arguments passed to 4335.Xr newfs 8 4336to initialize 4337.Xr md 4 4338device 4339.Ar X . 4340.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4341.Pq Vt str 4342An ownership specification passed to 4343.Xr chown 8 4344after the specified 4345.Xr md 4 4346device 4347.Ar X 4348has been mounted. 4349Both the 4350.Xr md 4 4351device and the mount point will be changed. 4352.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4353.Pq Vt str 4354A mode string passed to 4355.Xr chmod 1 4356after the specified 4357.Xr md 4 4358device 4359.Ar X 4360has been mounted. 4361Both the 4362.Xr md 4 4363device and the mount point will be changed. 4364.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4365.Pq Vt str 4366Files to be copied to the mount point of the 4367.Xr md 4 4368device 4369.Ar X 4370after it has been mounted. 4371.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4372.Pq Vt str 4373Command to execute after the specified 4374.Xr md 4 4375device 4376.Ar X 4377has been mounted. 4378Note that the command is passed to 4379.Ic eval 4380and that both 4381.Va _dev 4382and 4383.Va _mp 4384variables can be used to reference respectively the 4385.Xr md 4 4386device and the mount point. 4387Assuming that the 4388.Xr md 4 4389device is 4390.Li md0 , 4391one could set the following: 4392.Bd -literal 4393mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4394.Ed 4395.It Va autobridge_interfaces 4396.Pq Vt str 4397Set to the list of bridge interfaces that will have newly arriving interfaces 4398checked against to be automatically added. 4399If not set to 4400.Dq Li NO 4401then for each whitespace separated 4402.Ar element 4403in the value, a 4404.Va autobridge_ Ns Aq Ar element 4405variable is assumed to exist which has a whitespace separated list of interface 4406names to match, these names can use wildcards. 4407For example: 4408.Bd -literal 4409autobridge_interfaces="bridge0" 4410autobridge_bridge0="tap* dc0 vlan[345]" 4411.Ed 4412.It Va mixer_enable 4413.Pq Vt bool 4414If set to 4415.Dq Li YES , 4416enable support for sound mixer. 4417.It Va hcsecd_enable 4418.Pq Vt bool 4419If set to 4420.Dq Li YES , 4421enable Bluetooth security daemon. 4422.It Va hcsecd_config 4423.Pq Vt str 4424Configuration file for 4425.Xr hcsecd 8 . 4426Default 4427.Pa /etc/bluetooth/hcsecd.conf . 4428.It Va sdpd_enable 4429.Pq Vt bool 4430If set to 4431.Dq Li YES , 4432enable Bluetooth Service Discovery Protocol daemon. 4433.It Va sdpd_control 4434.Pq Vt str 4435Path to 4436.Xr sdpd 8 4437control socket. 4438Default 4439.Pa /var/run/sdp . 4440.It Va sdpd_groupname 4441.Pq Vt str 4442Sets 4443.Xr sdpd 8 4444group to run as after it initializes. 4445Default 4446.Dq Li nobody . 4447.It Va sdpd_username 4448.Pq Vt str 4449Sets 4450.Xr sdpd 8 4451user to run as after it initializes. 4452Default 4453.Dq Li nobody . 4454.It Va bthidd_enable 4455.Pq Vt bool 4456If set to 4457.Dq Li YES , 4458enable Bluetooth Human Interface Device daemon. 4459.It Va bthidd_config 4460.Pq Vt str 4461Configuration file for 4462.Xr bthidd 8 . 4463Default 4464.Pa /etc/bluetooth/bthidd.conf . 4465.It Va bthidd_hids 4466.Pq Vt str 4467Path to a file, where 4468.Xr bthidd 8 4469will store information about known HID devices. 4470Default 4471.Pa /var/db/bthidd.hids . 4472.It Va rfcomm_pppd_server_enable 4473.Pq Vt bool 4474If set to 4475.Dq Li YES , 4476enable Bluetooth RFCOMM PPP wrapper daemon. 4477.It Va rfcomm_pppd_server_profile 4478.Pq Vt str 4479The name of the profile to use from 4480.Pa /etc/ppp/ppp.conf . 4481Multiple profiles can be specified here. 4482Also used to specify per-profile overrides. 4483When the profile name contains any of the characters 4484.Dq Li .-/+ 4485they are translated to 4486.Dq Li _ 4487for the proposes of the override variable names. 4488.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4489.Pq Vt str 4490Overrides local address to listen on. 4491By default 4492.Xr rfcomm_pppd 8 4493will listen on 4494.Dq Li ANY 4495address. 4496The address can be specified as BD_ADDR or name. 4497.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4498.Pq Vt str 4499Overrides local RFCOMM channel to listen on. 4500By default 4501.Xr rfcomm_pppd 8 4502will listen on RFCOMM channel 1. 4503Must set properly if multiple profiles used in the same time. 4504.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4505.Pq Vt bool 4506Tells 4507.Xr rfcomm_pppd 8 4508if it should register Serial Port service on the specified RFCOMM channel. 4509Default 4510.Dq Li NO . 4511.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4512.Pq Vt bool 4513Tells 4514.Xr rfcomm_pppd 8 4515if it should register Dial-Up Networking service on the specified 4516RFCOMM channel. 4517Default 4518.Dq Li NO . 4519.It Va ubthidhci_enable 4520.Pq Vt bool 4521If set to 4522.Dq Li YES , 4523change the USB Bluetooth controller from HID mode to HCI mode. 4524You also need to specify the location of USB Bluetooth controller with the 4525.Va ubthidhci_busnum 4526and 4527.Va ubthidhci_addr 4528variables. 4529.It Va ubthidhci_busnum 4530Bus number where the USB Bluetooth controller is located. 4531Check the output of 4532.Xr usbconfig 8 4533on your system to find this information. 4534.It Va ubthidhci_addr 4535Bus address of the USB Bluetooth controller. 4536Check the output of 4537.Xr usbconfig 8 4538on your system to find this information. 4539.It Va netwait_enable 4540.Pq Vt bool 4541If set to 4542.Dq Li YES , 4543delays the start of network-reliant services until 4544.Va netwait_if 4545is up and ICMP packets to a destination defined in 4546.Va netwait_ip 4547are flowing. 4548Link state is examined first, followed by 4549.Dq Li pinging 4550an IP address to verify network usability. 4551If no destination can be reached or timeouts are exceeded, 4552network services are started anyway with no guarantee that 4553the network is usable. 4554Use of this variable requires both 4555.Va netwait_ip 4556and 4557.Va netwait_if 4558to be set. 4559.It Va netwait_ip 4560.Pq Vt str 4561Empty by default. 4562This variable contains a space-delimited list of IP addresses to 4563.Xr ping 8 . 4564DNS hostnames should not be used as resolution is not guaranteed 4565to be functional at this point. 4566If multiple IP addresses are specified, 4567each will be tried until one is successful or the list is exhausted. 4568.It Va netwait_timeout 4569.Pq Vt int 4570Indicates the total number of seconds to perform a 4571.Dq Li ping 4572against each IP address in 4573.Va netwait_ip , 4574at a rate of one ping per second. 4575If any of the pings are successful, 4576full network connectivity is considered reliable. 4577The default is 60. 4578.It Va netwait_if 4579.Pq Vt str 4580Empty by default. 4581Defines the name of the network interface on which watch for link. 4582.Xr ifconfig 8 4583is used to monitor the interface, looking for 4584.Dq Li status: no carrier . 4585Once gone, the link is considered up. 4586This can be a 4587.Xr vlan 4 4588interface if desired. 4589.It Va netwait_if_timeout 4590.Pq Vt int 4591Defines the total number of seconds to wait for link to become usable, 4592polled at a 1-second interval. 4593The default is 30. 4594.El 4595.Sh FILES 4596.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4597.It Pa /etc/defaults/rc.conf 4598.It Pa /etc/rc.conf 4599.It Pa /etc/rc.conf.local 4600.El 4601.Sh SEE ALSO 4602.Xr catman 1 , 4603.Xr chmod 1 , 4604.Xr gdb 1 , 4605.Xr info 1 , 4606.Xr kbdcontrol 1 , 4607.Xr makewhatis 1 , 4608.Xr sh 1 , 4609.Xr vi 1 , 4610.Xr vidcontrol 1 , 4611.Xr bridge 4 , 4612.Xr dummynet 4 , 4613.Xr ip 4 , 4614.Xr ipf 4 , 4615.Xr ipfw 4 , 4616.Xr ipnat 4 , 4617.Xr kld 4 , 4618.Xr pf 4 , 4619.Xr pflog 4 , 4620.Xr pfsync 4 , 4621.Xr tcp 4 , 4622.Xr udp 4 , 4623.Xr exports 5 , 4624.Xr fstab 5 , 4625.Xr ipf 5 , 4626.Xr ipnat 5 , 4627.Xr motd 5 , 4628.Xr newsyslog.conf 5 , 4629.Xr pf.conf 5 , 4630.Xr security 7 , 4631.Xr accton 8 , 4632.Xr amd 8 , 4633.Xr apm 8 , 4634.Xr atm 8 , 4635.Xr bthidd 8 , 4636.Xr chkprintcap 8 , 4637.Xr chown 8 , 4638.Xr cron 8 , 4639.Xr devfs 8 , 4640.Xr dhclient 8 , 4641.Xr ftpd 8 , 4642.Xr geli 8 , 4643.Xr hcsecd 8 , 4644.Xr ifconfig 8 , 4645.Xr inetd 8 , 4646.Xr ipf 8 , 4647.Xr ipfw 8 , 4648.Xr ipnat 8 , 4649.Xr jail 8 , 4650.Xr kldxref 8 , 4651.Xr lpd 8 , 4652.Xr mdconfig 8 , 4653.Xr mdmfs 8 , 4654.Xr mixer 8 , 4655.Xr mountd 8 , 4656.Xr moused 8 , 4657.Xr mrouted 8 , 4658.Xr named 8 , 4659.Xr newfs 8 , 4660.Xr newsyslog 8 , 4661.Xr nfsd 8 , 4662.Xr ntpd 8 , 4663.Xr ntpdate 8 , 4664.Xr pfctl 8 , 4665.Xr pflogd 8 , 4666.Xr ping 8 , 4667.Xr powerd 8 , 4668.Xr quotacheck 8 , 4669.Xr quotaon 8 , 4670.Xr rc 8 , 4671.Xr rc.sendmail 8 , 4672.Xr rfcomm_pppd 8 , 4673.Xr route 8 , 4674.Xr routed 8 , 4675.Xr rpcbind 8 , 4676.Xr rpc.lockd 8 , 4677.Xr rpc.statd 8 , 4678.Xr rwhod 8 , 4679.Xr savecore 8 , 4680.Xr sdpd 8 , 4681.Xr sshd 8 , 4682.Xr swapon 8 , 4683.Xr sysctl 8 , 4684.Xr syslogd 8 , 4685.Xr timed 8 , 4686.Xr usbconfig 8 , 4687.Xr wlandebug 8 , 4688.Xr yp 8 , 4689.Xr ypbind 8 , 4690.Xr ypserv 8 , 4691.Xr ypset 8 4692.Sh HISTORY 4693The 4694.Nm 4695file appeared in 4696.Fx 2.2.2 . 4697.Sh AUTHORS 4698.An Jordan K. Hubbard . 4699