1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd October 28, 2013 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66In addition to 67.Pa /etc/rc.conf.local 68you can also place smaller configuration files for each 69.Xr rc 8 70script in the 71.Pa /etc/rc.conf.d 72directory, which will be included by the 73.Va load_rc_config 74function. 75For jail configurations you could use the file 76.Pa /etc/rc.conf.d/jail 77to store jail specific configuration options. 78Also see the 79.Va rc_conf_files 80variable below. 81.Pp 82Options are set with 83.Dq Ar name Ns Li = Ns Ar value 84assignments that use 85.Xr sh 1 86syntax. 87The following list provides a name and short description for each 88variable that can be set in the 89.Nm 90file: 91.Bl -tag -width indent-two 92.It Va rc_debug 93.Pq Vt bool 94If set to 95.Dq Li YES , 96enable output of debug messages from rc scripts. 97This variable can be helpful in diagnosing mistakes when 98editing or integrating new scripts. 99Beware that this produces copious output to the terminal and 100.Xr syslog 3 . 101.It Va rc_info 102.Pq Vt bool 103If set to 104.Dq Li NO , 105disable informational messages from the rc scripts. 106Informational messages are displayed when 107a condition that is not serious enough to warrant a warning or 108an error occurs. 109.It Va rc_startmsgs 110.Pq Vt bool 111If set to 112.Dq Li YES , 113show 114.Dq Starting foo: 115when faststart is used (e.g., at boot time). 116.It Va early_late_divider 117.Pq Vt str 118The name of the script that should be used as the 119delimiter between the 120.Dq early 121and 122.Dq late 123stages of the boot process. 124The early stage should contain all the services needed to 125get the disks (local or remote) mounted so that the late 126stage can include scripts contained in the directories 127listed in the 128.Va local_startup 129variable (see below). 130Thus, the two likely candidates for this value are 131.Pa mountcritlocal 132for the typical system, and 133.Pa mountcritremote 134if the system needs remote file 135systems mounted to get access to the 136.Va local_startup 137directories; for example when 138.Pa /usr/local 139is NFS mounted. 140For 141.Pa rc.conf 142within a 143.Xr jail 8 144.Pa NETWORKING 145is likely to be an appropriate value. 146Extreme care should be taken when changing this value, 147and before changing it one should ensure that there are 148adequate provisions to recover from a failed boot 149(such as physical contact with the machine, 150or reliable remote console access). 151.It Va always_force_depends 152.Pq Vt bool 153Various 154.Pa rc.d 155scripts use the force_depend function to check whether required 156services are already running, and to start them if necessary. 157By default during boot time this check is bypassed if the 158required service is enabled in 159.Pa /etc/rc.conf[.local] . 160Setting this option will bypass that check at boot time and 161always test whether or not the service is actually running. 162Enabling this option is likely to increase your boot time if 163services are enabled that utilize the force_depend check. 164.It Ao Ar name Ac Ns Va _chroot 165.Pq Vt str 166.Xr chroot 167to this directory before running the service. 168.It Ao Ar name Ac Ns Va _user 169.Pq Vt str 170Run the service under this user account. 171.It Ao Ar name Ac Ns Va _group 172.Pq Vt str 173Run the chrooted service under this system group. Unlike the _user 174setting, this setting has no effect if the service is not chrooted. 175.It Ao Ar name Ac Ns Va _fib 176.Pq Vt int 177The 178.Xr setfib 1 179value to run the service under. 180.It Ao Ar name Ac Ns Va _nice 181.Pq Vt int 182The 183.Xr nice 1 184value to run the service under. 185.It Va apm_enable 186.Pq Vt bool 187If set to 188.Dq Li YES , 189enable support for Automatic Power Management with 190the 191.Xr apm 8 192command. 193.It Va apmd_enable 194.Pq Vt bool 195Run 196.Xr apmd 8 197to handle APM event from userland. 198This also enables support for APM. 199.It Va apmd_flags 200.Pq Vt str 201If 202.Va apmd_enable 203is set to 204.Dq Li YES , 205these are the flags to pass to the 206.Xr apmd 8 207daemon. 208.It Va devd_enable 209.Pq Vt bool 210Run 211.Xr devd 8 212to handle device added, removed or unknown events from the kernel. 213.It Va ddb_enable 214.Pq Vt bool 215Run 216.Xr ddb 8 217to install 218.Xr ddb 4 219scripts at boot time. 220.It Va ddb_config 221.Pq Vt str 222Configuration file for 223.Xr ddb 8 . 224Default 225.Pa /etc/ddb.conf . 226.It Va kld_list 227.Pq Vt str 228A list of kernel modules to load right after the local 229disks are mounted. 230Loading modules at this point in the boot process is 231much faster than doing it via 232.Pa /boot/loader.conf 233for those modules not necessary for mounting local disk. 234.It Va kldxref_enable 235.Pq Vt bool 236Set to 237.Dq Li NO 238by default. 239Set to 240.Dq Li YES 241to automatically rebuild 242.Pa linker.hints 243files with 244.Xr kldxref 8 245at boot time. 246.It Va kldxref_clobber 247.Pq Vt bool 248Set to 249.Dq Li NO 250by default. 251If 252.Va kldxref_enable 253is true, 254setting to 255.Dq Li YES 256will overwrite existing 257.Pa linker.hints 258files at boot time. 259Otherwise, 260only missing 261.Pa linker.hints 262files are generated. 263.It Va kldxref_module_path 264.Pq Vt str 265Empty by default. 266A semi-colon 267.Pq Ql \&; 268delimited list of paths containing 269.Xr kld 4 270modules. 271If empty, 272the contents of the 273.Va kern.module_path 274.Xr sysctl 8 275are used. 276.It Va powerd_enable 277.Pq Vt bool 278If set to 279.Dq Li YES , 280enable the system power control facility with the 281.Xr powerd 8 282daemon. 283.It Va powerd_flags 284.Pq Vt str 285If 286.Va powerd_enable 287is set to 288.Dq Li YES , 289these are the flags to pass to the 290.Xr powerd 8 291daemon. 292.It Va tmpmfs 293Controls the creation of a 294.Pa /tmp 295memory file system. 296Always happens if set to 297.Dq Li YES 298and never happens if set to 299.Dq Li NO . 300If set to anything else, a memory file system is created if 301.Pa /tmp 302is not writable. 303.It Va tmpsize 304Controls the size of a created 305.Pa /tmp 306memory file system. 307.It Va tmpmfs_flags 308Extra options passed to the 309.Xr mdmfs 8 310utility when the memory file system for 311.Pa /tmp 312is created. 313The default is 314.Dq Li "-S" , 315which inhibits the use of softupdates on 316.Pa /tmp 317so that file system space is freed without delay 318after file truncation or deletion. 319See 320.Xr mdmfs 8 321for other options you can use in 322.Va tmpmfs_flags . 323.It Va varmfs 324Controls the creation of a 325.Pa /var 326memory file system. 327Always happens if set to 328.Dq Li YES 329and never happens if set to 330.Dq Li NO . 331If set to anything else, a memory file system is created if 332.Pa /var 333is not writable. 334.It Va varsize 335Controls the size of a created 336.Pa /var 337memory file system. 338.It Va varmfs_flags 339Extra options passed to the 340.Xr mdmfs 8 341utility when the memory file system for 342.Pa /var 343is created. 344The default is 345.Dq Li "-S" , 346which inhibits the use of softupdates on 347.Pa /var 348so that file system space is freed without delay 349after file truncation or deletion. 350See 351.Xr mdmfs 8 352for other options you can use in 353.Va varmfs_flags . 354.It Va populate_var 355Controls the automatic population of the 356.Pa /var 357file system. 358Always happens if set to 359.Dq Li YES 360and never happens if set to 361.Dq Li NO . 362If set to anything else, a memory file system is created if 363.Pa /var 364is not writable. 365Note that this process requires access to certain commands in 366.Pa /usr 367before 368.Pa /usr 369is mounted on normal systems. 370.It Va cleanvar_enable 371.Pq Vt bool 372Clean the 373.Pa /var 374directory. 375.It Va local_startup 376.Pq Vt str 377List of directories to search for startup script files. 378.It Va script_name_sep 379.Pq Vt str 380The field separator to use for breaking down the list of startup script files 381into individual filenames. 382The default is a space. 383It is not necessary to change this unless there are startup scripts with names 384containing spaces. 385.It Va hostapd_enable 386.Pq Vt bool 387Set to 388.Dq Li YES 389to start 390.Xr hostapd 8 391at system boot time. 392.It Va hostname 393.Pq Vt str 394The fully qualified domain name (FQDN) of this host on the network. 395This should almost certainly be set to something meaningful, even if 396there is no network connection. 397If 398.Xr dhclient 8 399is used to set the hostname via DHCP, 400this variable should be set to an empty string. 401If this value remains unset when the system is done booting 402your console login will display the default hostname of 403.Dq Amnesiac . 404.It Va nisdomainname 405.Pq Vt str 406The NIS domain name of this host, or 407.Dq Li NO 408if NIS is not used. 409.It Va dhclient_program 410.Pq Vt str 411Path to the DHCP client program 412.Pa ( /sbin/dhclient , 413the 414.Ox 415DHCP client, 416is the default). 417.It Va dhclient_flags 418.Pq Vt str 419Additional flags to pass to the DHCP client program. 420For the 421.Ox 422DHCP client, see the 423.Xr dhclient 8 424manpage for a description of the command line options available. 425.It Va dhclient_flags_ Ns Aq Ar iface 426Additional flags to pass to the DHCP client program running on 427.Ar iface 428only. 429When specified, this variable overrides 430.Va dhclient_flags . 431.It Va background_dhclient 432.Pq Vt bool 433Set to 434.Dq Li YES 435to start the DHCP client in background. 436This can cause trouble with applications depending on 437a working network, but it will provide a faster startup 438in many cases. 439.It Va background_dhclient_ Ns Aq Ar iface 440When specified, this variable overrides the 441.Va background_dhclient 442variable for interface 443.Ar iface 444only. 445.It Va synchronous_dhclient 446.Pq Vt bool 447Set to 448.Dq Li YES 449to start 450.Xr dhclient 8 451synchronously at startup. 452This behavior can be overridden on a per-interface basis by replacing 453the 454.Dq Li DHCP 455keyword in the 456.Va ifconfig_ Ns Aq Ar interface 457variable with 458.Dq Li SYNCDHCP 459or 460.Dq Li NOSYNCDHCP . 461.It Va defaultroute_delay 462.Pq Vt int 463When set to a positive value, wait up to this long after configuring 464DHCP interfaces at startup to give the interfaces time to receive a lease. 465.It Va firewall_enable 466.Pq Vt bool 467Set to 468.Dq Li YES 469to load firewall rules at startup. 470If the kernel was not built with 471.Cd "options IPFIREWALL" , 472the 473.Pa ipfw.ko 474kernel module will be loaded. 475See also 476.Va ipfilter_enable . 477.It Va firewall_script 478.Pq Vt str 479This variable specifies the full path to the firewall script to run. 480The default is 481.Pa /etc/rc.firewall . 482.It Va firewall_type 483.Pq Vt str 484Names the firewall type from the selection in 485.Pa /etc/rc.firewall , 486or the file which contains the local firewall ruleset. 487Valid selections from 488.Pa /etc/rc.firewall 489are: 490.Pp 491.Bl -tag -width ".Li simple" -compact 492.It Li open 493unrestricted IP access 494.It Li closed 495all IP services disabled, except via 496.Dq Li lo0 497.It Li client 498basic protection for a workstation 499.It Li simple 500basic protection for a LAN. 501.El 502.Pp 503If a filename is specified, the full path 504must be given. 505.It Va firewall_quiet 506.Pq Vt bool 507Set to 508.Dq Li YES 509to disable the display of firewall rules on the console during boot. 510.It Va firewall_logging 511.Pq Vt bool 512Set to 513.Dq Li YES 514to enable firewall event logging. 515This is equivalent to the 516.Dv IPFIREWALL_VERBOSE 517kernel option. 518.It Va firewall_logif 519.Pq Vt bool 520Set to 521.Dq Li YES 522to create pseudo interface 523.Li ipfw0 524for logging. 525For more details, see 526.Xr ipfw 8 527manual page. 528.It Va firewall_flags 529.Pq Vt str 530Flags passed to 531.Xr ipfw 8 532if 533.Va firewall_type 534specifies a filename. 535.It Va firewall_coscripts 536.Pq Vt str 537List of executables and/or rc scripts to run after firewall starts/stops. 538Default is empty. 539.\" ----- firewall_nat_enable setting -------------------------------- 540.It Va firewall_nat_enable 541.Pq Vt bool 542The 543.Xr ipfw 8 544equivalent of 545.Va natd_enable . 546Setting this to 547.Dq Li YES 548enables kernel NAT. 549.Va firewall_enable 550must also be set to 551.Dq Li YES . 552.It Va firewall_nat_interface 553.Pq Vt str 554The 555.Xr ipfw 8 556equivalent of 557.Va natd_interface . 558This is the name of the public interface or IP address on which 559kernel NAT should run. 560.It Va firewall_nat_flags 561.Pq Vt str 562Additional configuration parameters for kernel NAT should be placed here. 563.It Va dummynet_enable 564.Pq Vt bool 565Setting this to 566.Dq Li YES 567will automatically load the 568.Xr dummynet 4 569module if 570.Va firewall_enable 571is also set to 572.Dq Li YES . 573.\" ------------------------------------------------------------------- 574.It Va natd_program 575.Pq Vt str 576Path to 577.Xr natd 8 . 578.It Va natd_enable 579.Pq Vt bool 580Set to 581.Dq Li YES 582to enable 583.Xr natd 8 . 584.Va firewall_enable 585must also be set to 586.Dq Li YES , 587and 588.Xr divert 4 589sockets must be enabled in the kernel. 590If the kernel was not built with 591.Cd "options IPDIVERT" , 592the 593.Pa ipdivert.ko 594kernel module will be loaded. 595.It Va natd_interface 596.Pq Vt str 597This is the name of the public interface on which 598.Xr natd 8 599should run. 600The interface may be given as an interface name or as an IP address. 601.It Va natd_flags 602.Pq Vt str 603Additional 604.Xr natd 8 605flags should be placed here. 606The 607.Fl n 608or 609.Fl a 610flag is automatically added with the above 611.Va natd_interface 612as an argument. 613.\" ----- ipfilter_enable setting -------------------------------- 614.It Va ipfilter_enable 615.Pq Vt bool 616Set to 617.Dq Li NO 618by default. 619Setting this to 620.Dq Li YES 621enables 622.Xr ipf 8 623packet filtering. 624.Pp 625Typical usage will require putting 626.Bd -literal 627ipfilter_enable="YES" 628ipnat_enable="YES" 629ipmon_enable="YES" 630ipfs_enable="YES" 631.Ed 632.Pp 633into 634.Pa /etc/rc.conf 635and editing 636.Pa /etc/ipf.rules 637and 638.Pa /etc/ipnat.rules 639appropriately. 640.Pp 641Note that 642.Va ipfilter_enable 643and 644.Va ipnat_enable 645can be enabled independently. 646.Va ipmon_enable 647and 648.Va ipfs_enable 649both require at least one of 650.Va ipfilter_enable 651and 652.Va ipnat_enable 653to be enabled. 654.Pp 655Having 656.Bd -literal 657options IPFILTER 658options IPFILTER_LOG 659options IPFILTER_DEFAULT_BLOCK 660.Ed 661.Pp 662in the kernel configuration file is a good idea, too. 663.\" ----- ipfilter_program setting ------------------------------ 664.It Va ipfilter_program 665.Pq Vt str 666Path to 667.Xr ipf 8 668(default 669.Pa /sbin/ipf ) . 670.\" ----- ipfilter_rules setting -------------------------------- 671.It Va ipfilter_rules 672.Pq Vt str 673Set to 674.Pa /etc/ipf.rules 675by default. 676This variable contains the name of the filter rule definition file. 677The file is expected to be readable for the 678.Xr ipf 8 679command to execute. 680.\" ----- ipv6_ipfilter_rules setting --------------------------- 681.It Va ipv6_ipfilter_rules 682.Pq Vt str 683Set to 684.Pa /etc/ipf6.rules 685by default. 686This variable contains the IPv6 filter rule definition file. 687The file is expected to be readable for the 688.Xr ipf 8 689command to execute. 690.\" ----- ipfilter_flags setting -------------------------------- 691.It Va ipfilter_flags 692.Pq Vt str 693Empty by default. 694This variable contains flags passed to the 695.Xr ipf 8 696program. 697.\" ----- ipnat_enable setting ---------------------------------- 698.It Va ipnat_enable 699.Pq Vt bool 700Set to 701.Dq Li NO 702by default. 703Set it to 704.Dq Li YES 705to enable 706.Xr ipnat 8 707network address translation. 708See 709.Va ipfilter_enable 710for a detailed discussion. 711.\" ----- ipnat_program setting --------------------------------- 712.It Va ipnat_program 713.Pq Vt str 714Path to 715.Xr ipnat 8 716(default 717.Pa /sbin/ipnat ) . 718.\" ----- ipnat_rules setting ----------------------------------- 719.It Va ipnat_rules 720.Pq Vt str 721Set to 722.Pa /etc/ipnat.rules 723by default. 724This variable contains the name of the file 725holding the network address translation definition. 726This file is expected to be readable for the 727.Xr ipnat 8 728command to execute. 729.\" ----- ipnat_flags setting ----------------------------------- 730.It Va ipnat_flags 731.Pq Vt str 732Empty by default. 733This variable contains flags passed to the 734.Xr ipnat 8 735program. 736.\" ----- ipmon_enable setting ---------------------------------- 737.It Va ipmon_enable 738.Pq Vt bool 739Set to 740.Dq Li NO 741by default. 742Set it to 743.Dq Li YES 744to enable 745.Xr ipmon 8 746monitoring (logging 747.Xr ipf 8 748and 749.Xr ipnat 8 750events). 751Setting this variable needs setting 752.Va ipfilter_enable 753or 754.Va ipnat_enable 755too. 756See 757.Va ipfilter_enable 758for a detailed discussion. 759.\" ----- ipmon_program setting --------------------------------- 760.It Va ipmon_program 761.Pq Vt str 762Path to 763.Xr ipmon 8 764(default 765.Pa /sbin/ipmon ) . 766.\" ----- ipmon_flags setting ----------------------------------- 767.It Va ipmon_flags 768.Pq Vt str 769Set to 770.Dq Li -Ds 771by default. 772This variable contains flags passed to the 773.Xr ipmon 8 774program. 775Another typical example would be 776.Dq Fl D Pa /var/log/ipflog 777to have 778.Xr ipmon 8 779log directly to a file bypassing 780.Xr syslogd 8 . 781Make sure to adjust 782.Pa /etc/newsyslog.conf 783in such case like this: 784.Bd -literal 785/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 786.Ed 787.\" ----- ipfs_enable setting ----------------------------------- 788.It Va ipfs_enable 789.Pq Vt bool 790Set to 791.Dq Li NO 792by default. 793Set it to 794.Dq Li YES 795to enable 796.Xr ipfs 8 797saving the filter and NAT state tables during shutdown 798and reloading them during startup again. 799Setting this variable needs setting 800.Va ipfilter_enable 801or 802.Va ipnat_enable 803to 804.Dq Li YES 805too. 806See 807.Va ipfilter_enable 808for a detailed discussion. 809Note that if 810.Va kern_securelevel 811is set to 3, 812.Va ipfs_enable 813cannot be used 814because the raised securelevel will prevent 815.Xr ipfs 8 816from saving the state tables at shutdown time. 817.\" ----- ipfs_program setting ---------------------------------- 818.It Va ipfs_program 819.Pq Vt str 820Path to 821.Xr ipfs 8 822(default 823.Pa /sbin/ipfs ) . 824.\" ----- ipfs_flags setting ------------------------------------ 825.It Va ipfs_flags 826.Pq Vt str 827Empty by default. 828This variable contains flags passed to the 829.Xr ipfs 8 830program. 831.\" ----- end of added ipf hook --------------------------------- 832.It Va pf_enable 833.Pq Vt bool 834Set to 835.Dq Li NO 836by default. 837Setting this to 838.Dq Li YES 839enables 840.Xr pf 4 841packet filtering. 842.Pp 843Typical usage will require putting 844.Pp 845.Dl pf_enable="YES" 846.Pp 847into 848.Pa /etc/rc.conf 849and editing 850.Pa /etc/pf.conf 851appropriately. 852Adding 853.Pp 854.Dl "device pf" 855.Pp 856builds support for 857.Xr pf 4 858into the kernel, otherwise the 859kernel module will be loaded. 860.It Va pf_rules 861.Pq Vt str 862Path to 863.Xr pf 4 864ruleset configuration file 865(default 866.Pa /etc/pf.conf ) . 867.It Va pf_program 868.Pq Vt str 869Path to 870.Xr pfctl 8 871(default 872.Pa /sbin/pfctl ) . 873.It Va pf_flags 874.Pq Vt str 875If 876.Va pf_enable 877is set to 878.Dq Li YES , 879these flags are passed to the 880.Xr pfctl 8 881program when loading the ruleset. 882.It Va pflog_enable 883.Pq Vt bool 884Set to 885.Dq Li NO 886by default. 887Setting this to 888.Dq Li YES 889enables 890.Xr pflogd 8 891which logs packets from the 892.Xr pf 4 893packet filter. 894.It Va pflog_logfile 895.Pq Vt str 896If 897.Va pflog_enable 898is set to 899.Dq Li YES 900this controls where 901.Xr pflogd 8 902stores the logfile 903(default 904.Pa /var/log/pflog ) . 905Check 906.Pa /etc/newsyslog.conf 907to adjust logfile rotation for this. 908.It Va pflog_program 909.Pq Vt str 910Path to 911.Xr pflogd 8 912(default 913.Pa /sbin/pflogd ) . 914.It Va pflog_flags 915.Pq Vt str 916Empty by default. 917This variable contains additional flags passed to the 918.Xr pflogd 8 919program. 920.It Va pflog_instances 921.Pq Vt str 922If logging to more than one 923.Xr pflog 4 924interface is desired, 925.Va pflog_instances 926is set to the list of 927.Xr pflogd 8 928instances that should be started at system boot time. If 929.Va pflog_instances 930is set, for each whitespace-seperated 931.Ar element 932in the list, 933.Ao Ar element Ac Ns Va _dev 934and 935.Ao Ar element Ac Ns Va _logfile 936elements are assumed to exist. 937.Ao Ar element Ac Ns Va _dev 938must contain the 939.Xr pflog 4 940interface to be watched by the named 941.Xr pflogd 8 942instance. 943.Ao Ar element Ac Ns Va _logfile 944must contain the name of the logfile that will be used by the 945.Xr pflogd 8 946instance. 947.It Va ftpproxy_enable 948.Pq Vt bool 949Set to 950.Dq Li NO 951by default. 952Setting this to 953.Dq Li YES 954enables 955.Xr ftp-proxy 8 956which supports the 957.Xr pf 4 958packet filter in translating ftp connections. 959.It Va ftpproxy_flags 960.Pq Vt str 961Empty by default. 962This variable contains additional flags passed to the 963.Xr ftp-proxy 8 964program. 965.It Va ftpproxy_instances 966.Pq Vt str 967Empty by default. If multiple instances of 968.Xr ftp-proxy 8 969are desired at boot time, 970.Va ftpproxy_instances 971should contain a whitespace-seperated list of instance names. For each 972.Ar element 973in the list, a variable named 974.Ao Ar element Ac Ns Va _flags 975should be defined, containing the command-line flags to be passed to the 976.Xr ftp-proxy 8 977instance. 978.It Va pfsync_enable 979.Pq Vt bool 980Set to 981.Dq Li NO 982by default. 983Setting this to 984.Dq Li YES 985enables exposing 986.Xr pf 4 987state changes to other hosts over the network by means of 988.Xr pfsync 4 . 989The 990.Va pfsync_syncdev 991variable 992must also be set then. 993.It Va pfsync_syncdev 994.Pq Vt str 995Empty by default. 996This variable specifies the name of the network interface 997.Xr pfsync 4 998should operate through. 999It must be set accordingly if 1000.Va pfsync_enable 1001is set to 1002.Dq Li YES . 1003.It Va pfsync_syncpeer 1004.Pq Vt str 1005Empty by default. 1006This variable is optional. 1007By default, state change messages are sent out on the synchronisation 1008interface using IP multicast packets. 1009The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1010224.0.0.240. 1011When a peer address is specified using the 1012.Va pfsync_syncpeer 1013option, the peer address is used as a destination for the pfsync 1014traffic, and the traffic can then be protected using 1015.Xr ipsec 4 . 1016See the 1017.Xr pfsync 4 1018manpage for more details about using 1019.Xr ipsec 4 1020with 1021.Xr pfsync 4 1022interfaces. 1023.It Va pfsync_ifconfig 1024.Pq Vt str 1025Empty by default. 1026This variable can contain additional options to be passed to the 1027.Xr ifconfig 8 1028command used to set up 1029.Xr pfsync 4 . 1030.It Va tcp_extensions 1031.Pq Vt bool 1032Set to 1033.Dq Li YES 1034by default. 1035Setting this to 1036.Dq Li NO 1037disables certain TCP options as described by 1038.Rs 1039.%T "RFC 1323" 1040.Re 1041Setting this to 1042.Dq Li NO 1043might help remedy such problems with connections as randomly hanging 1044or other weird behavior. 1045Some network devices are known 1046to be broken with respect to these options. 1047.It Va log_in_vain 1048.Pq Vt int 1049Set to 0 by default. 1050The 1051.Xr sysctl 8 1052variables, 1053.Va net.inet.tcp.log_in_vain 1054and 1055.Va net.inet.udp.log_in_vain , 1056as described in 1057.Xr tcp 4 1058and 1059.Xr udp 4 , 1060are set to the given value. 1061.It Va tcp_keepalive 1062.Pq Vt bool 1063Set to 1064.Dq Li YES 1065by default. 1066Setting to 1067.Dq Li NO 1068will disable probing idle TCP connections to verify that the 1069peer is still up and reachable. 1070.It Va tcp_drop_synfin 1071.Pq Vt bool 1072Set to 1073.Dq Li NO 1074by default. 1075Setting to 1076.Dq Li YES 1077will cause the kernel to ignore TCP frames that have both 1078the SYN and FIN flags set. 1079This prevents OS fingerprinting, but may 1080break some legitimate applications. 1081.It Va icmp_drop_redirect 1082.Pq Vt bool 1083Set to 1084.Dq Li NO 1085by default. 1086Setting to 1087.Dq Li YES 1088will cause the kernel to ignore ICMP REDIRECT packets. 1089Refer to 1090.Xr icmp 4 1091for more information. 1092.It Va icmp_log_redirect 1093.Pq Vt bool 1094Set to 1095.Dq Li NO 1096by default. 1097Setting to 1098.Dq Li YES 1099will cause the kernel to log ICMP REDIRECT packets. 1100Note that 1101the log messages are not rate-limited, so this option should only be used 1102for troubleshooting networks. 1103Refer to 1104.Xr icmp 4 1105for more information. 1106.It Va icmp_bmcastecho 1107.Pq Vt bool 1108Set to 1109.Dq Li YES 1110to respond to broadcast or multicast ICMP ping packets. 1111Refer to 1112.Xr icmp 4 1113for more information. 1114.It Va ip_portrange_first 1115.Pq Vt int 1116If not set to 1117.Dq Li NO , 1118this is the first port in the default portrange. 1119Refer to 1120.Xr ip 4 1121for more information. 1122.It Va ip_portrange_last 1123.Pq Vt int 1124If not set to 1125.Dq Li NO , 1126this is the last port in the default portrange. 1127Refer to 1128.Xr ip 4 1129for more information. 1130.It Va network_interfaces 1131.Pq Vt str 1132Set to the list of network interfaces to configure on this host or 1133.Dq Li AUTO 1134(the default) for all current interfaces. 1135Setting the 1136.Va network_interfaces 1137variable to anything other than the default is deprecated. 1138Interfaces that the administrator wishes to store configuration for, 1139but not start at boot should be configured with the 1140.Dq Li NOAUTO 1141keyword in their 1142.Va ifconfig_ Ns Aq Ar interface 1143variables as described below. 1144.Pp 1145An 1146.Va ifconfig_ Ns Aq Ar interface 1147variable is also assumed to exist for each value of 1148.Ar interface . 1149When an interface name contains any of the characters 1150.Dq Li .-/+ 1151they are translated to 1152.Dq Li _ 1153before lookup. 1154The variable can contain arguments to 1155.Xr ifconfig 8 , 1156as well as special case-insensitive keywords described below. 1157Such keywords are removed before passing the value to 1158.Xr ifconfig 8 1159while the order of the other arguments is preserved. 1160.Pp 1161It is possible to add IP alias entries using 1162.Xr ifconfig 8 1163syntax with the address family keyword such as 1164.Li inet . 1165Assuming that the interface in question was 1166.Li ed0 , 1167it might look something like this: 1168.Bd -literal 1169ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1170ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1171.Ed 1172.Pp 1173It also possible to configure multiple IP addresses in Classless 1174Inter-Domain Routing 1175.Pq CIDR 1176address notation, 1177whose each address component can be a range like 1178.Li inet 192.0.2.5-23/24 1179or 1180.Li inet6 2001:db8:1-f::1/64 . 1181This notation allows address and prefix length part only, 1182not the other address modifiers. 1183.Pp 1184In the case of 1185.Li 192.0.2.5-23/24 , 1186the address 192.0.2.5 will be configured with the 1187netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1188the non-conflicting netmask /32 as explained in the 1189.Xr ifconfig 8 1190alias section. 1191Note that this special netmask handling is only for 1192.Li inet , 1193not for the other address families such as 1194.Li inet6 . 1195.Pp 1196With the interface in question being 1197.Li ed0 , 1198an example could look like: 1199.Bd -literal 1200ifconfig_ed0_alias2="inet 192.0.2.129/27" 1201ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1202.Ed 1203.Pp 1204and so on. 1205.Pp 1206Note that 1207.Va ipv4_addrs_ Ns Aq Ar interface 1208variable was supported for IPv4 CIDR address notation. 1209It is now deprecated because the functionality was integrated into 1210.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1211though 1212.Va ipv4_addrs_ Ns Aq Ar interface 1213is still supported for backward compatibility. 1214.Pp 1215For each 1216.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1217entry with an address family keyword, 1218its contents are passed to 1219.Xr ifconfig 8 . 1220Execution stops at the first unsuccessful access, so if 1221something like this is present: 1222.Bd -literal 1223ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1224ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1225ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1226ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1227.Ed 1228.Pp 1229Then note that alias4 would 1230.Em not 1231be added since the search would 1232stop with the missing 1233.Dq Li alias3 1234entry. 1235Because of this difficult to manage behavior, 1236there is 1237.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1238variable, which has the same functionality as 1239.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1240and can have all of entries in a variable like the following: 1241.Bd -literal 1242ifconfig_ed0_aliases="\\ 1243 inet 127.0.0.251 netmask 0xffffffff \\ 1244 inet 127.0.0.252 netmask 0xffffffff \\ 1245 inet 127.0.0.253 netmask 0xffffffff \\ 1246 inet 127.0.0.254 netmask 0xffffffff" 1247.Ed 1248.Pp 1249It also supports CIDR notation. 1250.Pp 1251If the 1252.Pa /etc/start_if. Ns Aq Ar interface 1253file is present, it is read and executed by the 1254.Xr sh 1 1255interpreter 1256before configuring the interface as specified in the 1257.Va ifconfig_ Ns Aq Ar interface 1258and 1259.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1260variables. 1261.Pp 1262If a 1263.Va vlans_ Ns Aq Ar interface 1264variable is set, 1265a 1266.Xr vlan 4 1267interface will be created for each item in the list with the 1268.Ar vlandev 1269argument set to 1270.Ar interface . 1271If a vlan interface's name is a number, 1272then that number is used as the vlan tag and the new vlan interface is 1273named 1274.Ar interface . Ns Ar tag . 1275Otherwise, 1276the vlan tag must be specified via a 1277.Va vlan 1278parameter in the 1279.Va create_args_ Ns Aq Ar interface 1280variable. 1281.Pp 1282To create a vlan device named 1283.Li em0.101 1284on 1285.Li em0 1286with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1287.Bd -literal 1288vlans_em0="101" 1289ifconfig_em0_101="inet 192.0.2.1/24" 1290.Ed 1291.Pp 1292To create a vlan device named 1293.Li myvlan 1294on 1295.Li em0 1296with the vlan tag 102: 1297.Bd -literal 1298vlans_em0="myvlan" 1299create_args_myvlan="vlan 102" 1300.Ed 1301.Pp 1302If a 1303.Va wlans_ Ns Aq Ar interface 1304variable is set, 1305an 1306.Xr wlan 4 1307interface will be created for each item in the list with the 1308.Ar wlandev 1309argument set to 1310.Ar interface . 1311Further wlan cloning arguments may be passed to the 1312.Xr ifconfig 8 1313.Cm create 1314command by setting the 1315.Va create_args_ Ns Aq Ar interface 1316variable. 1317One or more 1318.Xr wlan 4 1319devices must be created for each wireless devices as of 1320.Fx 8.0 . 1321Debugging flags for 1322.Xr wlan 4 1323devices as set by 1324.Xr wlandebug 8 1325may be specified with an 1326.Va wlandebug_ Ns Aq Ar interface 1327variable. 1328The contents of this variable will be passed directly to 1329.Xr wlandebug 8 . 1330.Pp 1331If the 1332.Va ifconfig_ Ns Aq Ar interface 1333contains the keyword 1334.Dq Li NOAUTO 1335then the interface will not be configured 1336at boot or by 1337.Pa /etc/pccard_ether 1338when 1339.Va network_interfaces 1340is set to 1341.Dq Li AUTO . 1342.Pp 1343It is possible to bring up an interface with DHCP by adding 1344.Dq Li DHCP 1345to the 1346.Va ifconfig_ Ns Aq Ar interface 1347variable. 1348For instance, to initialize the 1349.Li ed0 1350device via DHCP, 1351it is possible to use something like: 1352.Bd -literal 1353ifconfig_ed0="DHCP" 1354.Ed 1355.Pp 1356If you want to configure your wireless interface with 1357.Xr wpa_supplicant 8 1358for use with WPA, EAP/LEAP or WEP, you need to add 1359.Dq Li WPA 1360to the 1361.Va ifconfig_ Ns Aq Ar interface 1362variable. 1363.Pp 1364On the other hand, if you want to configure your wireless interface with 1365.Xr hostapd 8 , 1366you need to add 1367.Dq Li HOSTAP 1368to the 1369.Va ifconfig_ Ns Aq Ar interface 1370variable. 1371.Xr hostapd 8 1372will use the settings from 1373.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1374.Pp 1375Finally, you can add 1376.Xr ifconfig 8 1377options in this variable, in addition to the 1378.Pa /etc/start_if. Ns Aq Ar interface 1379file. 1380For instance, to configure an 1381.Xr ath 4 1382wireless device in station mode with an address obtained 1383via DHCP, using WPA authentication and 802.11b mode, it is 1384possible to use something like: 1385.Bd -literal 1386wlans_ath0="wlan0" 1387ifconfig_wlan0="DHCP WPA mode 11b" 1388.Ed 1389.Pp 1390In addition to the 1391.Va ifconfig_ Ns Aq Ar interface 1392form, a fallback variable 1393.Va ifconfig_DEFAULT 1394may be configured. 1395It will be used for all interfaces with no 1396.Va ifconfig_ Ns Aq Ar interface 1397variable. 1398This is intended to replace the no longer supported 1399.Va pccard_ifconfig 1400variable. 1401.Pp 1402It is also possible to rename an interface by doing: 1403.Bd -literal 1404ifconfig_ed0_name="net0" 1405ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1406.Ed 1407.It Va ipv6_enable 1408.Pq Vt bool 1409This variable is deprecated. 1410Use 1411.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1412and 1413.Va ipv6_activate_all_interfaces 1414if necessary. 1415.Pp 1416If the variable is 1417.Dq Li YES , 1418.Dq Li inet6 accept_rtadv 1419is added to all of 1420.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1421and the 1422.Va ipv6_activate_all_interfaces 1423is defined as 1424.Dq Li YES . 1425.It Va ipv6_prefer 1426.Pq Vt bool 1427This variable is deprecated. 1428Use 1429.Va ip6addrctl_policy 1430instead. 1431.Pp 1432If the variable is 1433.Dq Li YES , 1434the default address selection policy table set by 1435.Xr ip6addrctl 8 1436will be IPv6-preferred. 1437.Pp 1438If the variable is 1439.Dq Li NO , 1440the default address selection policy table set by 1441.Xr ip6addrctl 8 1442will be IPv4-preferred. 1443.It Va ipv6_activate_all_interfaces 1444.Pq Vt bool 1445This controls initial configuration on IPv6-capable 1446interfaces with no corresponding 1447.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1448variable. 1449Note that it is not always necessary to set this variable to 1450.Dq YES 1451to use IPv6 functionality on 1452.Fx . 1453In most cases, just configuring 1454.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1455variables works. 1456.Pp 1457If the variable is 1458.Dq Li NO , 1459all interfaces which do not have a corresponding 1460.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1461variable will be marked as 1462.Dq Li IFDISABLED 1463at creation. 1464This means that all of IPv6 functionality on that interface 1465is completely disabled to enforce a security policy. 1466If the variable is set to 1467.Dq YES , 1468the flag will be cleared on all of the interfaces. 1469.Pp 1470In most cases, just defining an 1471.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1472for an IPv6-capable interface should be sufficient. 1473However, if an interface is added dynamically 1474.Pq by some tunneling protocols such as PPP, for example , 1475it is often difficult to define the variable in advance. 1476In such a case, configuring the 1477.Dq Li IFDISABLED 1478flag can be disabled by setting this variable to 1479.Dq YES . 1480.Pp 1481For more details of the 1482.Dq Li IFDISABLED 1483flag and keywords 1484.Dq Li inet6 ifdisabled , 1485see 1486.Xr ifconfig 8 . 1487.Pp 1488Default is 1489.Dq Li NO . 1490.It Va ipv6_privacy 1491.Pq Vt bool 1492If the variable is 1493.Dq Li YES 1494privacy addresses will be generated for each IPv6 1495interface as described in RFC 4941. 1496.It Va ipv6_network_interfaces 1497.Pq Vt str 1498This is the IPv6 equivalent of 1499.Va network_interfaces . 1500Normally manual configuration of this variable is not needed. 1501.Pp 1502.It Va ipv6_cpe_wanif 1503.Pq Vt str 1504If the variable is set to an interface name, 1505the 1506.Xr ifconfig 8 1507options 1508.Dq inet6 -no_radr accept_rtadv 1509will be added to the specified interface automatically before evaluating 1510.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1511and two 1512.Xr sysctl 8 1513variables 1514.Va net.inet6.ip6.rfc6204w3 1515and 1516.Va net.inet6.ip6.no_radr 1517will be set to 1. 1518.Pp 1519This means the specified interface will accept ICMPv6 Router 1520Advertisement messages on that link and add the discovered 1521routers into the Default Router List. 1522While the other interfaces can still accept RA messages if the 1523.Dq inet6 accept_rtadv 1524option is specified, adding 1525routes into the Default Router List will be disabled by 1526.Dq inet6 no_radr 1527option by default. 1528See 1529.Xr ifconfig 8 1530for more details. 1531.Pp 1532Note that ICMPv6 Router Advertisement messages will be 1533accepted even when 1534.Va net.inet6.ip6.forwarding 1535is 1 1536.Pq packet forwarding is enabled 1537when 1538.Va net.inet6.ip6.rfc6204w3 1539is set to 1. 1540.Pp 1541Default is 1542.Dq Li NO . 1543.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1544.Pq Vt str 1545IPv6 functionality on an interface should be configured by 1546.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1547instead of setting ifconfig parameters in 1548.Va ifconfig_ Ns Aq Ar interface . 1549If this variable is empty, all of IPv6 configurations on the 1550specified interface by other variables such as 1551.Va ipv6_prefix_ Ns Ao Ar interface Ac 1552will be ignored. 1553.Pp 1554Aliases should be set by 1555.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1556with 1557.Dq Li inet6 1558keyword. 1559For example: 1560.Bd -literal 1561ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1562ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1563.Ed 1564.Pp 1565Interfaces that have an 1566.Dq Li inet6 accept_rtadv 1567keyword in 1568.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1569setting will be automatically configured by SLAAC 1570.Pq StateLess Address AutoConfiguration 1571described in 1572.Rs 1573.%T "RFC 4862" 1574.Re 1575.Pp 1576Note that a link-local address will be automatically configured in 1577addition to the configured global-scope addresses because the IPv6 1578specifications require it on each link. 1579The address is calculated from the MAC address by using an algorithm 1580defined in 1581.Rs 1582.%T "RFC 4862" 1583.%O "Section 5.3" 1584.Re 1585.Pp 1586If only a link-local address is needed on the interface, 1587the following configuration can be used: 1588.Bd -literal 1589ifconfig_ed0_ipv6="inet6 auto_linklocal" 1590.Ed 1591.Pp 1592A link-local address can also be configured manually. 1593This is useful for the default router address of an IPv6 router 1594so that it does not change when the network interface 1595card is replaced. 1596For example: 1597.Bd -literal 1598ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1599.Ed 1600.It Va ipv6_prefix_ Ns Aq Ar interface 1601.Pq Vt str 1602If one or more prefixes are defined in 1603.Va ipv6_prefix_ Ns Aq Ar interface 1604addresses based on each prefix and the EUI-64 interface index will be 1605configured on that interface. 1606Note that this variable will be ignored when 1607.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1608is empty. 1609.Pp 1610For example, the following configuration 1611.Bd -literal 1612ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1613.Ed 1614.Pp 1615is equivalent to the following: 1616.Bd -literal 1617ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1618ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1619ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1620ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1621.Ed 1622.Pp 1623These Subnet-Router anycast addresses will be added only when 1624.Va ipv6_gateway_enable 1625is YES. 1626.It Va ipv6_default_interface 1627.Pq Vt str 1628If not set to 1629.Dq Li NO , 1630this is the default output interface for scoped addresses. 1631This works only with ipv6_gateway_enable="NO". 1632.It Va ip6addrctl_enable 1633.Pq Vt bool 1634This variable is to enable configuring default address selection policy table 1635.Pq RFC 3484 . 1636The table can be specified in another variable 1637.Va ip6addrctl_policy . 1638For 1639.Va ip6addrctl_policy 1640the following keywords can be specified: 1641.Dq Li ipv4_prefer , 1642.Dq Li ipv6_prefer , 1643or 1644.Dq Li AUTO . 1645.Pp 1646If 1647.Dq Li ipv4_prefer 1648or 1649.Dq Li ipv6_prefer 1650is specified, 1651.Xr ip6addrctl 8 1652installs a pre-defined policy table described in Section 2.1 1653.Pq IPv6-preferred 1654or 10.3 1655.Pq IPv4-preferred 1656of RFC 3484. 1657.Pp 1658If 1659.Dq Li AUTO 1660is specified, it attempts to read a file 1661.Pa /etc/ip6addrctl.conf 1662first. 1663If this file is found, 1664.Xr ip6addrctl 8 1665reads and installs it. 1666If not found, a policy is automatically set 1667according to 1668.Va ipv6_activate_all_interfaces 1669variable; if the variable is set to 1670.Dq Li YES 1671the IPv6-preferred one is used. 1672Otherwise IPv4-preferred. 1673.Pp 1674The default value of 1675.Va ip6addrctl_enable 1676and 1677.Va ip6addrctl_policy 1678are 1679.Dq Li YES 1680and 1681.Dq Li AUTO , 1682respectively. 1683.It Va cloned_interfaces 1684.Pq Vt str 1685Set to the list of clonable network interfaces to create on this host. 1686Further cloning arguments may be passed to the 1687.Xr ifconfig 8 1688.Cm create 1689command for each interface by setting the 1690.Va create_args_ Ns Aq Ar interface 1691variable. 1692If an interface name is specified with 1693.Dq :sticky 1694keyword, 1695the interface will not be destroyed even when 1696.Pa rc.d/netif 1697script is invoked with 1698.Dq stop 1699argument. 1700This is useful when reconfiguring the interface without destroying it. 1701Entries in 1702.Va cloned_interfaces 1703are automatically appended to 1704.Va network_interfaces 1705for configuration. 1706.It Va cloned_interfaces_sticky 1707.Pq Vt bool 1708This variable is to globally enable functionality of 1709.Dq :sticky 1710keyword in 1711.Va cloned_interfaces 1712for all interfaces. 1713The default value is 1714.Dq NO . 1715Even if this variable is specified to 1716.Dq YES , 1717.Dq :nosticky 1718keyword can be used to override it on per interface basis. 1719.It Va gif_interfaces 1720.Pq Vt str 1721This variable is deprecated in favor of 1722.Va cloned_interfaces . 1723Set to the list of 1724.Xr gif 4 1725tunnel interfaces to configure on this host. 1726A 1727.Va gifconfig_ Ns Aq Ar interface 1728variable is assumed to exist for each value of 1729.Ar interface . 1730The value of this variable is used to configure the link layer of the 1731tunnel according to the syntax of the 1732.Cm tunnel 1733option to 1734.Xr ifconfig 8 . 1735Additionally, this option ensures that each listed interface is created 1736via the 1737.Cm create 1738option to 1739.Xr ifconfig 8 1740before attempting to configure it. 1741.It Va sppp_interfaces 1742.Pq Vt str 1743Set to the list of 1744.Xr sppp 4 1745interfaces to configure on this host. 1746A 1747.Va spppconfig_ Ns Aq Ar interface 1748variable is assumed to exist for each value of 1749.Ar interface . 1750Each interface should also be configured by a general 1751.Va ifconfig_ Ns Aq Ar interface 1752setting. 1753Refer to 1754.Xr spppcontrol 8 1755for more information about available options. 1756.It Va ppp_enable 1757.Pq Vt bool 1758If set to 1759.Dq Li YES , 1760run the 1761.Xr ppp 8 1762daemon. 1763.It Va ppp_profile 1764.Pq Vt str 1765The name of the profile to use from 1766.Pa /etc/ppp/ppp.conf . 1767Also used for per-profile overrides of 1768.Va ppp_mode 1769and 1770.Va ppp_nat , 1771and 1772.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1773When the profile name contains any of the characters 1774.Dq Li .-/+ 1775they are translated to 1776.Dq Li _ 1777for the proposes of the override variable names. 1778.It Va ppp_mode 1779.Pq Vt str 1780Mode in which to run the 1781.Xr ppp 8 1782daemon. 1783.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1784.Pq Vt str 1785Overrides the global 1786.Va ppp_mode 1787for 1788.Ar profile . 1789Accepted modes are 1790.Dq Li auto , 1791.Dq Li ddial , 1792.Dq Li direct 1793and 1794.Dq Li dedicated . 1795See the manual for a full description. 1796.It Va ppp_nat 1797.Pq Vt bool 1798If set to 1799.Dq Li YES , 1800enables network address translation. 1801Used in conjunction with 1802.Va gateway_enable 1803allows hosts on private network addresses access to the Internet using 1804this host as a network address translating router. 1805.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1806.Pq Vt str 1807Overrides the global 1808.Va ppp_nat 1809for 1810.Ar profile . 1811.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1812.Pq Vt int 1813Set the unit number to be used for this profile. 1814See the manual description of 1815.Fl unit Ns Ar N 1816for details. 1817.It Va ppp_user 1818.Pq Vt str 1819The name of the user under which 1820.Xr ppp 8 1821should be started. 1822By 1823default, 1824.Xr ppp 8 1825is started as 1826.Dq Li root . 1827.It Va rc_conf_files 1828.Pq Vt str 1829This option is used to specify a list of files that will override 1830the settings in 1831.Pa /etc/defaults/rc.conf . 1832The files will be read in the order in which they are specified and should 1833include the full path to the file. 1834By default, the files specified are 1835.Pa /etc/rc.conf 1836and 1837.Pa /etc/rc.conf.local 1838.It Va zfs_enable 1839.Pq Vt bool 1840If set to 1841.Dq Li YES , 1842.Pa /etc/rc.d/zfs 1843will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1844(ZVOLs). 1845.It Va gptboot_enable 1846.Pq Vt bool 1847If set to 1848.Dq Li YES , 1849.Pa /etc/rc.d/gptboot 1850will log if the system successfully (or not) booted from a GPT partition, 1851which had the 1852.Ar bootonce 1853attribute set using 1854.Xr gpart 8 1855utility. 1856.It Va gbde_autoattach_all 1857.Pq Vt bool 1858If set to 1859.Dq Li YES , 1860.Pa /etc/rc.d/gbde 1861will attempt to automatically initialize your .bde devices in 1862.Pa /etc/fstab . 1863.It Va gbde_devices 1864.Pq Vt str 1865List the devices that the script should try to attach, 1866or 1867.Dq Li AUTO . 1868.It Va gbde_lockdir 1869.Pq Vt str 1870The directory where the 1871.Xr gbde 4 1872lockfiles are located. 1873The default lockfile directory is 1874.Pa /etc . 1875.Pp 1876The lockfile for each individual 1877.Xr gbde 4 1878device can be overridden by setting the variable 1879.Va gbde_lock_ Ns Aq Ar device , 1880where 1881.Ar device 1882is the encrypted device without the 1883.Dq Pa /dev/ 1884and 1885.Dq Pa .bde 1886parts. 1887.It Va gbde_attach_attempts 1888.Pq Vt int 1889Number of times to attempt attaching to a 1890.Xr gbde 4 1891device, i.e., how many times the user is asked for the pass-phrase. 1892Default is 3. 1893.It Va geli_devices 1894.Pq Vt str 1895List of devices to automatically attach on boot. 1896Note that .eli devices from 1897.Pa /etc/fstab 1898are automatically appended to this list. 1899.It Va geli_tries 1900.Pq Vt int 1901Number of times user is asked for the pass-phrase. 1902If empty, it will be taken from 1903.Va kern.geom.eli.tries 1904sysctl variable. 1905.It Va geli_default_flags 1906.Pq Vt str 1907Default flags to use by 1908.Xr geli 8 1909when configuring disk encryption. 1910Flags can be configured for every device separately by defining 1911.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1912variable. 1913.It Va geli_autodetach 1914.Pq Vt str 1915Specifies if GELI devices should be marked for detach on last close after 1916file systems are mounted. 1917Default is 1918.Dq Li YES . 1919This can be changed for every device separately by defining 1920.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1921variable. 1922.It Va root_rw_mount 1923.Pq Vt bool 1924Set to 1925.Dq Li YES 1926by default. 1927After the file systems are checked at boot time, the root file system 1928is remounted as read-write if this is set to 1929.Dq Li YES . 1930Diskless systems that mount their root file system from a read-only remote 1931NFS share should set this to 1932.Dq Li NO 1933in their 1934.Pa rc.conf . 1935.It Va fsck_y_enable 1936.Pq Vt bool 1937If set to 1938.Dq Li YES , 1939.Xr fsck 8 1940will be run with the 1941.Fl y 1942flag if the initial preen 1943of the file systems fails. 1944.It Va background_fsck 1945.Pq Vt bool 1946If set to 1947.Dq Li YES , 1948the system will attempt to run 1949.Xr fsck 8 1950in the background where possible. 1951.It Va background_fsck_delay 1952.Pq Vt int 1953The amount of time in seconds to sleep before starting a background 1954.Xr fsck 8 . 1955It defaults to sixty seconds to allow large applications such as 1956the X server to start before disk I/O bandwidth is monopolized by 1957.Xr fsck 8 . 1958If set to a negative number, the background file system check will be 1959delayed indefinitely to allow the administrator to run it at a more 1960convenient time. 1961For example it may be run from 1962.Xr cron 8 1963by adding a line like 1964.Pp 1965.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1966.Pp 1967to 1968.Pa /etc/crontab . 1969.It Va netfs_types 1970.Pq Vt str 1971List of file system types that are network-based. 1972This list should generally not be modified by end users. 1973Use 1974.Va extra_netfs_types 1975instead. 1976.It Va extra_netfs_types 1977.Pq Vt str 1978If set to something other than 1979.Dq Li NO 1980(the default), 1981this variable extends the list of file system types 1982for which automatic mounting at startup by 1983.Xr rc 8 1984should be delayed until the network is initialized. 1985It should contain 1986a whitespace-separated list of network file system descriptor pairs, 1987each consisting of a file system type as passed to 1988.Xr mount 8 1989and a human-readable, one-word description, 1990joined with a colon 1991.Pq Ql \&: . 1992Extending the default list in this way is only necessary 1993when third party file system types are used. 1994.It Va syslogd_enable 1995.Pq Vt bool 1996If set to 1997.Dq Li YES , 1998run the 1999.Xr syslogd 8 2000daemon. 2001.It Va syslogd_program 2002.Pq Vt str 2003Path to 2004.Xr syslogd 8 2005(default 2006.Pa /usr/sbin/syslogd ) . 2007.It Va syslogd_flags 2008.Pq Vt str 2009If 2010.Va syslogd_enable 2011is set to 2012.Dq Li YES , 2013these are the flags to pass to 2014.Xr syslogd 8 . 2015.It Va inetd_enable 2016.Pq Vt bool 2017If set to 2018.Dq Li YES , 2019run the 2020.Xr inetd 8 2021daemon. 2022.It Va inetd_program 2023.Pq Vt str 2024Path to 2025.Xr inetd 8 2026(default 2027.Pa /usr/sbin/inetd ) . 2028.It Va inetd_flags 2029.Pq Vt str 2030If 2031.Va inetd_enable 2032is set to 2033.Dq Li YES , 2034these are the flags to pass to 2035.Xr inetd 8 . 2036.It Va hastd_enable 2037.Pq Vt bool 2038If set to 2039.Dq Li YES , 2040run the 2041.Xr hastd 8 2042daemon. 2043.It Va hastd_program 2044.Pq Vt str 2045Path to 2046.Xr hastd 8 2047(default 2048.Pa /sbin/hastd ) . 2049.It Va hastd_flags 2050.Pq Vt str 2051If 2052.Va hastd_enable 2053is set to 2054.Dq Li YES , 2055these are the flags to pass to 2056.Xr hastd 8 . 2057.It Va local_unbound_enable 2058.Pq Vt bool 2059If set to 2060.Dq Li YES , 2061run the 2062.Xr unbound 8 2063daemon as a local caching resolver. 2064.It Va named_enable 2065.Pq Vt bool 2066If set to 2067.Dq Li YES , 2068run the 2069.Xr named 8 2070daemon. 2071.It Va named_program 2072.Pq Vt str 2073Path to 2074.Xr named 8 2075(default 2076.Pa /usr/sbin/named ) . 2077.It Va named_conf 2078.Pq Vt str 2079Path to 2080.Xr named 8 2081configuration file, (default 2082.Pa /etc/namedb/named.conf ) . 2083.It Va named_flags 2084.Pq Vt str 2085If 2086.Va named_enable 2087is set to 2088.Dq Li YES , 2089these are the flags to pass to 2090.Xr named 8 . 2091.It Va named_uid 2092.Pq Vt str 2093The user that the 2094.Xr named 8 2095process should be run as. 2096.It Va named_chrootdir 2097.Pq Vt str 2098The root directory for a name server run in a 2099.Xr chroot 8 2100environment (default 2101.Pa /var/named ) . 2102If left empty 2103.Xr named 8 2104will not be run in a 2105.Xr chroot 8 2106environment. 2107.It Va named_chroot_autoupdate 2108.Pq Vt bool 2109Set to 2110.Dq Li NO 2111to disable automatic update of the 2112.Xr chroot 8 2113environment. 2114.It Va named_symlink_enable 2115.Pq Vt bool 2116Set to 2117.Dq Li NO 2118to disable symlinking of 2119daemon's PID file 2120into the 2121.Xr chroot 8 2122environment. 2123.It Va named_wait 2124.Pq Vt bool 2125Set to have 2126.Pa /etc/rc.d/named 2127loop until working name service is established. 2128.It Va named_wait_host 2129.Pq Vt str 2130Name of host to lookup for the named_wait option. 2131(Default localhost) 2132.It Va named_auto_forward 2133.Pq Vt bool 2134Set to enable automatic creation of a forwarder 2135configuration file derived from 2136.Pa /etc/resolv.conf . 2137.It Va named_auto_forward_only 2138.Pq Vt bool 2139Set to change the default forwarder configuration from 2140.Dq forward first 2141to 2142.Dq forward only . 2143.It Va kerberos5_server_enable 2144.Pq Vt bool 2145Set to 2146.Dq Li YES 2147to start a Kerberos 5 authentication server 2148at boot time. 2149.It Va kerberos5_server 2150.Pq Vt str 2151If 2152.Va kerberos5_server_enable 2153is set to 2154.Dq Li YES 2155this is the path to Kerberos 5 Authentication Server. 2156.It Va kerberos5_server_flags 2157.Pq Vt str 2158Empty by default. 2159This variable contains additional flags to be passed to the Kerberos 5 2160authentication server. 2161.It Va kadmind5_server_enable 2162.Pq Vt bool 2163Set to 2164.Dq Li YES 2165to start 2166.Xr kadmind 8 , 2167the Kerberos 5 Administration Daemon; set to 2168.Dq Li NO 2169on a slave server. 2170.It Va kadmind5_server 2171.Pq Vt str 2172If 2173.Va kadmind5_server_enable 2174is set to 2175.Dq Li YES 2176this is the path to Kerberos 5 Administration Daemon. 2177.It Va kpasswdd_server_enable 2178.Pq Vt bool 2179Set to 2180.Dq Li YES 2181to start 2182.Xr kpasswdd 8 , 2183the Kerberos 5 Password-Changing Daemon; set to 2184.Dq Li NO 2185on a slave server. 2186.It Va kpasswdd_server 2187.Pq Vt str 2188If 2189.Va kpasswdd_server_enable 2190is set to 2191.Dq Li YES 2192this is the path to Kerberos 5 Password-Changing Daemon. 2193.It Va kfd_enable 2194.Pq Vt bool 2195Set to 2196.Dq Li YES 2197to start 2198.Xr kfd 8 , 2199the Kerberos 5 ticket forwarding daemon, at the boot time. 2200.It Va kfd_program 2201.Pq Vt str 2202Path to 2203.Xr kfd 8 2204(default 2205.Pa /usr/libexec/kfd ) . 2206.It Va rwhod_enable 2207.Pq Vt bool 2208If set to 2209.Dq Li YES , 2210run the 2211.Xr rwhod 8 2212daemon at boot time. 2213.It Va rwhod_flags 2214.Pq Vt str 2215If 2216.Va rwhod_enable 2217is set to 2218.Dq Li YES , 2219these are the flags to pass to it. 2220.It Va amd_enable 2221.Pq Vt bool 2222If set to 2223.Dq Li YES , 2224run the 2225.Xr amd 8 2226daemon at boot time. 2227.It Va amd_flags 2228.Pq Vt str 2229If 2230.Va amd_enable 2231is set to 2232.Dq Li YES , 2233these are the flags to pass to it. 2234See the 2235.Xr amd 8 2236manpage for more information. 2237.It Va amd_map_program 2238.Pq Vt str 2239If set, 2240the specified program is run to get the list of 2241.Xr amd 8 2242maps. 2243For example, if the 2244.Xr amd 8 2245maps are stored in NIS, one can set this to 2246run 2247.Xr ypcat 1 2248to get a list of 2249.Xr amd 8 2250maps from the 2251.Pa amd.master 2252NIS map. 2253.It Va update_motd 2254.Pq Vt bool 2255If set to 2256.Dq Li YES , 2257.Pa /etc/motd 2258will be updated at boot time to reflect the kernel release 2259being run. 2260If set to 2261.Dq Li NO , 2262.Pa /etc/motd 2263will not be updated. 2264.It Va nfs_client_enable 2265.Pq Vt bool 2266If set to 2267.Dq Li YES , 2268run the NFS client daemons at boot time. 2269.It Va nfs_access_cache 2270.Pq Vt int 2271If 2272.Va nfs_client_enable 2273is set to 2274.Dq Li YES , 2275this can be set to 2276.Dq Li 0 2277to disable NFS ACCESS RPC caching, or to the number of seconds for which 2278NFS ACCESS 2279results should be cached. 2280A value of 2-10 seconds will substantially reduce network 2281traffic for many NFS operations. 2282.It Va nfs_server_enable 2283.Pq Vt bool 2284If set to 2285.Dq Li YES , 2286run the NFS server daemons at boot time. 2287.It Va nfs_server_flags 2288.Pq Vt str 2289If 2290.Va nfs_server_enable 2291is set to 2292.Dq Li YES , 2293these are the flags to pass to the 2294.Xr nfsd 8 2295daemon. 2296.It Va nfsv4_server_enable 2297.Pq Vt bool 2298If 2299.Va nfs_server_enable 2300is set to 2301.Dq Li YES 2302and 2303.Va nfsv4_server_enable 2304are set to 2305.Dq Li YES , 2306enable the server for NFSv4 as well as NFSv2 and NFSv3. 2307.It Va nfsuserd_enable 2308.Pq Vt bool 2309If 2310.Va nfsuserd_enable 2311is set to 2312.Dq Li YES , 2313run the nfsuserd daemon, which is needed for NFSv4 in order 2314to map between user/group names vs uid/gid numbers. 2315If 2316.Va nfsv4_server_enable 2317is set to 2318.Dq Li YES , 2319this will be forced enabled. 2320.It Va nfsuserd_flags 2321.Pq Vt str 2322If 2323.Va nfsuserd_enable 2324is set to 2325.Dq Li YES , 2326these are the flags to pass to the 2327.Xr nfsuserd 8 2328daemon. 2329.It Va nfscbd_enable 2330.Pq Vt bool 2331If 2332.Va nfscbd_enable 2333is set to 2334.Dq Li YES , 2335run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2336.It Va nfscbd_flags 2337.Pq Vt str 2338If 2339.Va nfscbd_enable 2340is set to 2341.Dq Li YES , 2342these are the flags to pass to the 2343.Xr nfscbd 8 2344daemon. 2345.It Va oldnfs_server_enable 2346.Pq Vt bool 2347If 2348.Va oldnfs_server_enable 2349is set to 2350.Dq Li YES , 2351force the NFS server daemons to run the old NFS server code 2352that does not support NFSv4. 2353.It Va mountd_enable 2354.Pq Vt bool 2355If set to 2356.Dq Li YES , 2357and no 2358.Va nfs_server_enable 2359is set, start 2360.Xr mountd 8 , 2361but not 2362.Xr nfsd 8 2363daemon. 2364It is commonly needed to run CFS without real NFS used. 2365.It Va mountd_flags 2366.Pq Vt str 2367If 2368.Va mountd_enable 2369is set to 2370.Dq Li YES , 2371these are the flags to pass to the 2372.Xr mountd 8 2373daemon. 2374.It Va weak_mountd_authentication 2375.Pq Vt bool 2376If set to 2377.Dq Li YES , 2378allow services like PCNFSD to make non-privileged mount 2379requests. 2380.It Va nfs_reserved_port_only 2381.Pq Vt bool 2382If set to 2383.Dq Li YES , 2384provide NFS services only on a secure port. 2385.It Va nfs_bufpackets 2386.Pq Vt int 2387If set to a number, indicates the number of packets worth of 2388socket buffer space to reserve on an NFS client. 2389The kernel default is typically 4. 2390Using a higher number may be 2391useful on gigabit networks to improve performance. 2392The minimum value is 23932 and the maximum is 64. 2394.It Va rpc_lockd_enable 2395.Pq Vt bool 2396If set to 2397.Dq Li YES 2398and also an NFS server or client, run 2399.Xr rpc.lockd 8 2400at boot time. 2401.It Va rpc_lockd_flags 2402.Pq Vt str 2403If 2404.Va rpc_lockd_enable 2405is set to 2406.Dq Li YES , 2407these are the flags to pass to the 2408.Xr rpc.lockd 8 2409daemon. 2410.It Va rpc_statd_enable 2411.Pq Vt bool 2412If set to 2413.Dq Li YES 2414and also an NFS server or client, run 2415.Xr rpc.statd 8 2416at boot time. 2417.It Va rpc_statd_flags 2418.Pq Vt str 2419If 2420.Va rpc_statd_enable 2421is set to 2422.Dq Li YES , 2423these are the flags to pass to the 2424.Xr rpc.statd 8 2425daemon. 2426.It Va rpcbind_program 2427.Pq Vt str 2428Path to 2429.Xr rpcbind 8 2430(default 2431.Pa /usr/sbin/rpcbind ) . 2432.It Va rpcbind_enable 2433.Pq Vt bool 2434If set to 2435.Dq Li YES , 2436run the 2437.Xr rpcbind 8 2438service at boot time. 2439.It Va rpcbind_flags 2440.Pq Vt str 2441If 2442.Va rpcbind_enable 2443is set to 2444.Dq Li YES , 2445these are the flags to pass to the 2446.Xr rpcbind 8 2447daemon. 2448.It Va keyserv_enable 2449.Pq Vt bool 2450If set to 2451.Dq Li YES , 2452run the 2453.Xr keyserv 8 2454daemon on boot for running Secure RPC. 2455.It Va keyserv_flags 2456.Pq Vt str 2457If 2458.Va keyserv_enable 2459is set to 2460.Dq Li YES , 2461these are the flags to pass to 2462.Xr keyserv 8 2463daemon. 2464.It Va pppoed_enable 2465.Pq Vt bool 2466If set to 2467.Dq Li YES , 2468run the 2469.Xr pppoed 8 2470daemon at boot time to provide PPP over Ethernet services. 2471.It Va pppoed_ Ns Aq Ar provider 2472.Pq Vt str 2473.Xr pppoed 8 2474listens to requests to this 2475.Ar provider 2476and ultimately runs 2477.Xr ppp 8 2478with a 2479.Ar system 2480argument of the same name. 2481.It Va pppoed_flags 2482.Pq Vt str 2483Additional flags to pass to 2484.Xr pppoed 8 . 2485.It Va pppoed_interface 2486.Pq Vt str 2487The network interface to run 2488.Xr pppoed 8 2489on. 2490This is mandatory when 2491.Va pppoed_enable 2492is set to 2493.Dq Li YES . 2494.It Va timed_enable 2495.Pq Vt bool 2496If set to 2497.Dq Li YES , 2498run the 2499.Xr timed 8 2500service at boot time. 2501This command is intended for networks of 2502machines where a consistent 2503.Dq "network time" 2504for all hosts must be established. 2505This is often useful in large NFS 2506environments where time stamps on files are expected to be consistent 2507network-wide. 2508.It Va timed_flags 2509.Pq Vt str 2510If 2511.Va timed_enable 2512is set to 2513.Dq Li YES , 2514these are the flags to pass to the 2515.Xr timed 8 2516service. 2517.It Va ntpdate_enable 2518.Pq Vt bool 2519If set to 2520.Dq Li YES , 2521run 2522.Xr ntpdate 8 2523at system startup. 2524This command is intended to 2525synchronize the system clock only 2526.Em once 2527from some standard reference. 2528.It Va ntpdate_config 2529.Pq Vt str 2530Configuration file for 2531.Xr ntpdate 8 . 2532Default 2533.Pa /etc/ntp.conf . 2534.It Va ntpdate_hosts 2535.Pq Vt str 2536A whitespace-separated list of NTP servers to synchronize with at startup. 2537The default is to use the servers listed in 2538.Va ntpdate_config , 2539if that file exists. 2540.It Va ntpdate_program 2541.Pq Vt str 2542Path to 2543.Xr ntpdate 8 2544(default 2545.Pa /usr/sbin/ntpdate ) . 2546.It Va ntpdate_flags 2547.Pq Vt str 2548If 2549.Va ntpdate_enable 2550is set to 2551.Dq Li YES , 2552these are the flags to pass to the 2553.Xr ntpdate 8 2554command (typically a hostname). 2555.It Va ntpd_enable 2556.Pq Vt bool 2557If set to 2558.Dq Li YES , 2559run the 2560.Xr ntpd 8 2561command at boot time. 2562.It Va ntpd_program 2563.Pq Vt str 2564Path to 2565.Xr ntpd 8 2566(default 2567.Pa /usr/sbin/ntpd ) . 2568.It Va ntpd_config 2569.Pq Vt str 2570Path to 2571.Xr ntpd 8 2572configuration file. 2573Default 2574.Pa /etc/ntp.conf . 2575.It Va ntpd_flags 2576.Pq Vt str 2577If 2578.Va ntpd_enable 2579is set to 2580.Dq Li YES , 2581these are the flags to pass to the 2582.Xr ntpd 8 2583daemon. 2584.It Va ntpd_sync_on_start 2585.Pq Vt bool 2586If set to 2587.Dq Li YES , 2588.Xr ntpd 8 2589is run with the 2590.Fl g 2591flag, which syncs the system's clock on startup. 2592See 2593.Xr ntpd 8 2594for more information regarding the 2595.Fl g 2596option. 2597This is a preferred alternative to using 2598.Xr ntpdate 8 2599or specifying the 2600.Va ntpdate_enable 2601variable. 2602.It Va nis_client_enable 2603.Pq Vt bool 2604If set to 2605.Dq Li YES , 2606run the 2607.Xr ypbind 8 2608service at system boot time. 2609.It Va nis_client_flags 2610.Pq Vt str 2611If 2612.Va nis_client_enable 2613is set to 2614.Dq Li YES , 2615these are the flags to pass to the 2616.Xr ypbind 8 2617service. 2618.It Va nis_ypset_enable 2619.Pq Vt bool 2620If set to 2621.Dq Li YES , 2622run the 2623.Xr ypset 8 2624daemon at system boot time. 2625.It Va nis_ypset_flags 2626.Pq Vt str 2627If 2628.Va nis_ypset_enable 2629is set to 2630.Dq Li YES , 2631these are the flags to pass to the 2632.Xr ypset 8 2633daemon. 2634.It Va nis_server_enable 2635.Pq Vt bool 2636If set to 2637.Dq Li YES , 2638run the 2639.Xr ypserv 8 2640daemon at system boot time. 2641.It Va nis_server_flags 2642.Pq Vt str 2643If 2644.Va nis_server_enable 2645is set to 2646.Dq Li YES , 2647these are the flags to pass to the 2648.Xr ypserv 8 2649daemon. 2650.It Va nis_ypxfrd_enable 2651.Pq Vt bool 2652If set to 2653.Dq Li YES , 2654run the 2655.Xr rpc.ypxfrd 8 2656daemon at system boot time. 2657.It Va nis_ypxfrd_flags 2658.Pq Vt str 2659If 2660.Va nis_ypxfrd_enable 2661is set to 2662.Dq Li YES , 2663these are the flags to pass to the 2664.Xr rpc.ypxfrd 8 2665daemon. 2666.It Va nis_yppasswdd_enable 2667.Pq Vt bool 2668If set to 2669.Dq Li YES , 2670run the 2671.Xr rpc.yppasswdd 8 2672daemon at system boot time. 2673.It Va nis_yppasswdd_flags 2674.Pq Vt str 2675If 2676.Va nis_yppasswdd_enable 2677is set to 2678.Dq Li YES , 2679these are the flags to pass to the 2680.Xr rpc.yppasswdd 8 2681daemon. 2682.It Va rpc_ypupdated_enable 2683.Pq Vt bool 2684If set to 2685.Dq Li YES , 2686run the 2687.Nm rpc.ypupdated 2688daemon at system boot time. 2689.It Va bsnmpd_enable 2690.Pq Vt bool 2691If set to 2692.Dq Li YES , 2693run the 2694.Xr bsnmpd 1 2695daemon at system boot time. 2696Be sure to understand the security implications of running SNMP daemon 2697on your host. 2698.It Va bsnmpd_flags 2699.Pq Vt str 2700If 2701.Va bsnmpd_enable 2702is set to 2703.Dq Li YES , 2704these are the flags to pass to the 2705.Xr bsnmpd 1 2706daemon. 2707.It Va defaultrouter 2708.Pq Vt str 2709If not set to 2710.Dq Li NO , 2711create a default route to this host name or IP address 2712(use an IP address if this router is also required to get to the 2713name server!). 2714.It Va ipv6_defaultrouter 2715.Pq Vt str 2716The IPv6 equivalent of 2717.Va defaultrouter . 2718.It Va static_arp_pairs 2719.Pq Vt str 2720Set to the list of static ARP pairs that are to be added at system 2721boot time. 2722For each whitespace separated 2723.Ar element 2724in the value, a 2725.Va static_arp_ Ns Aq Ar element 2726variable is assumed to exist whose contents will later be passed to a 2727.Dq Nm arp Cm -S 2728operation. 2729For example 2730.Bd -literal 2731static_arp_pairs="gw" 2732static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2733.Ed 2734.It Va static_ndp_pairs 2735.Pq Vt str 2736Set to the list of static NDP pairs that are to be added at system 2737boot time. 2738For each whitespace separated 2739.Ar element 2740in the value, a 2741.Va static_ndp_ Ns Aq Ar element 2742variable is assumed to exist whose contents will later be passed to a 2743.Dq Nm ndp Cm -s 2744operation. 2745For example 2746.Bd -literal 2747static_ndp_pairs="gw" 2748static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2749.Ed 2750.It Va static_routes 2751.Pq Vt str 2752Set to the list of static routes that are to be added at system 2753boot time. 2754If not set to 2755.Dq Li NO 2756then for each whitespace separated 2757.Ar element 2758in the value, a 2759.Va route_ Ns Aq Ar element 2760variable is assumed to exist 2761whose contents will later be passed to a 2762.Dq Nm route Cm add 2763operation. 2764For example: 2765.Bd -literal 2766static_routes="ext mcast:gif0 gif0local:gif0" 2767route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2768route_mcast="-net 224.0.0.0/4 -iface gif0" 2769route_gif0local="-host 169.254.1.1 -iface lo0" 2770.Ed 2771.Pp 2772When an 2773.Ar element 2774is in the form of 2775.Li name:ifname , 2776the route is specific to the interface 2777.Li ifname . 2778.It Va ipv6_static_routes 2779.Pq Vt str 2780The IPv6 equivalent of 2781.Va static_routes . 2782If not set to 2783.Dq Li NO 2784then for each whitespace separated 2785.Ar element 2786in the value, a 2787.Va ipv6_route_ Ns Aq Ar element 2788variable is assumed to exist 2789whose contents will later be passed to a 2790.Dq Nm route Cm add Fl inet6 2791operation. 2792.It Va natm_static_routes 2793.Pq Vt str 2794The 2795.Xr natmip 4 2796equivalent of 2797.Va static_routes . 2798If not empty then for each whitespace separated 2799.Ar element 2800in the value, a 2801.Va route_ Ns Aq Ar element 2802variable is assumed to exist whose contents will later be passed to a 2803.Dq Nm atmconfig Cm natm Cm add 2804operation. 2805.It Va gateway_enable 2806.Pq Vt bool 2807If set to 2808.Dq Li YES , 2809configure host to act as an IP router, e.g.\& to forward packets 2810between interfaces. 2811.It Va ipv6_gateway_enable 2812.Pq Vt bool 2813The IPv6 equivalent of 2814.Va gateway_enable . 2815.It Va routed_enable 2816.Pq Vt bool 2817If set to 2818.Dq Li YES , 2819run a routing daemon of some sort, based on the 2820settings of 2821.Va routed_program 2822and 2823.Va routed_flags . 2824.It Va route6d_enable 2825.Pq Vt bool 2826The IPv6 equivalent of 2827.Va routed_enable . 2828If set to 2829.Dq Li YES , 2830run a routing daemon of some sort, based on the 2831settings of 2832.Va route6d_program 2833and 2834.Va route6d_flags . 2835.It Va routed_program 2836.Pq Vt str 2837If 2838.Va routed_enable 2839is set to 2840.Dq Li YES , 2841this is the name of the routing daemon to use. 2842.It Va route6d_program 2843.Pq Vt str 2844The IPv6 equivalent of 2845.Va routed_program . 2846.It Va routed_flags 2847.Pq Vt str 2848If 2849.Va routed_enable 2850is set to 2851.Dq Li YES , 2852these are the flags to pass to the routing daemon. 2853.It Va route6d_flags 2854.Pq Vt str 2855The IPv6 equivalent of 2856.Va routed_flags . 2857.It Va mrouted_enable 2858.Pq Vt bool 2859If set to 2860.Dq Li YES , 2861run the multicast routing daemon, 2862.Xr mrouted 8 . 2863.It Va mroute6d_enable 2864.Pq Vt bool 2865The IPv6 equivalent of 2866.Va mrouted_enable . 2867If set to 2868.Dq Li YES , 2869run the IPv6 multicast routing daemon. 2870.Pp 2871Note that multicast routing daemons are no longer included in the 2872.Fx 2873base system, however, both 2874.Xr mrouted 8 2875and 2876.Xr pim6dd 8 2877may be installed from the 2878.Fx 2879Ports Collection. 2880.It Va mrouted_flags 2881.Pq Vt str 2882If 2883.Va mrouted_enable 2884is set to 2885.Dq Li YES , 2886these are the flags to pass to the 2887.Xr mrouted 8 2888daemon. 2889.It Va mroute6d_flags 2890.Pq Vt str 2891The IPv6 equivalent of 2892.Va mrouted_flags . 2893If 2894.Va mroute6d_enable 2895is set to 2896.Dq Li YES , 2897these are the flags passed to the IPv6 multicast routing daemon. 2898.It Va mroute6d_program 2899.Pq Vt str 2900If 2901.Va mroute6d_enable 2902is set to 2903.Dq Li YES , 2904this is the path to the IPv6 multicast routing daemon. 2905.It Va rtadvd_enable 2906.Pq Vt bool 2907If set to 2908.Dq Li YES , 2909run the 2910.Xr rtadvd 8 2911daemon at boot time. 2912The 2913.Xr rtadvd 8 2914utility sends ICMPv6 Router Advertisement messages to 2915the interfaces specified in 2916.Va rtadvd_interfaces . 2917This should only be enabled with great care. 2918You may want to fine-tune 2919.Xr rtadvd.conf 5 . 2920.It Va rtadvd_interfaces 2921.Pq Vt str 2922If 2923.Va rtadvd_enable 2924is set to 2925.Dq Li YES 2926this is the list of interfaces to use. 2927.It Va ipxgateway_enable 2928.Pq Vt bool 2929If set to 2930.Dq Li YES , 2931enable the routing of IPX traffic. 2932.It Va ipxrouted_enable 2933.Pq Vt bool 2934If set to 2935.Dq Li YES , 2936run the 2937.Xr IPXrouted 8 2938daemon at system boot time. 2939.It Va ipxrouted_flags 2940.Pq Vt str 2941If 2942.Va ipxrouted_enable 2943is set to 2944.Dq Li YES , 2945these are the flags to pass to the 2946.Xr IPXrouted 8 2947daemon. 2948.It Va arpproxy_all 2949.Pq Vt bool 2950If set to 2951.Dq Li YES , 2952enable global proxy ARP. 2953.It Va forward_sourceroute 2954.Pq Vt bool 2955If set to 2956.Dq Li YES 2957and 2958.Va gateway_enable 2959is also set to 2960.Dq Li YES , 2961source-routed packets are forwarded. 2962.It Va accept_sourceroute 2963.Pq Vt bool 2964If set to 2965.Dq Li YES , 2966the system will accept source-routed packets directed at it. 2967.It Va rarpd_enable 2968.Pq Vt bool 2969If set to 2970.Dq Li YES , 2971run the 2972.Xr rarpd 8 2973daemon at system boot time. 2974.It Va rarpd_flags 2975.Pq Vt str 2976If 2977.Va rarpd_enable 2978is set to 2979.Dq Li YES , 2980these are the flags to pass to the 2981.Xr rarpd 8 2982daemon. 2983.It Va bootparamd_enable 2984.Pq Vt bool 2985If set to 2986.Dq Li YES , 2987run the 2988.Xr bootparamd 8 2989daemon at system boot time. 2990.It Va bootparamd_flags 2991.Pq Vt str 2992If 2993.Va bootparamd_enable 2994is set to 2995.Dq Li YES , 2996these are the flags to pass to the 2997.Xr bootparamd 8 2998daemon. 2999.It Va stf_interface_ipv4addr 3000.Pq Vt str 3001If not set to 3002.Dq Li NO , 3003this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3004interface). 3005Specify this entry to enable the 6to4 interface. 3006.It Va stf_interface_ipv4plen 3007.Pq Vt int 3008Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3009An effective value is 0-31. 3010.It Va stf_interface_ipv6_ifid 3011.Pq Vt str 3012IPv6 interface ID for 3013.Xr stf 4 . 3014This can be set to 3015.Dq Li AUTO . 3016.It Va stf_interface_ipv6_slaid 3017.Pq Vt str 3018IPv6 Site Level Aggregator for 3019.Xr stf 4 . 3020.It Va ipv6_faith_prefix 3021.Pq Vt str 3022If not set to 3023.Dq Li NO , 3024this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 3025translator. 3026You also need 3027.Xr faithd 8 3028setup. 3029.It Va ipv6_ipv4mapping 3030.Pq Vt bool 3031If set to 3032.Dq Li YES 3033this enables IPv4 mapped IPv6 address communication (like 3034.Li ::ffff:a.b.c.d ) . 3035.It Va rtsold_enable 3036.Pq Vt bool 3037Set to 3038.Dq Li YES 3039to enable the 3040.Xr rtsold 8 3041daemon to send ICMPv6 Router Solicitation messages. 3042.It Va rtsold_flags 3043.Pq Vt str 3044If 3045.Va rtsold_enable 3046is set to 3047.Dq Li YES , 3048these are the flags to pass to 3049.Xr rtsold 8 . 3050.It Va rtsol_flags 3051.Pq Vt str 3052For interfaces configured with the 3053.Dq Li inet6 accept_rtadv 3054keyword, these are the flags to pass to 3055.Xr rtsol 8 . 3056.Pp 3057Note that 3058.Va rtsold_enable 3059is mutually exclusive to 3060.Va rtsol_flags ; 3061.Va rtsold_enable 3062takes precedence. 3063.It Va atm_enable 3064.Pq Vt bool 3065Set to 3066.Dq Li YES 3067to enable the configuration of ATM interfaces at system boot time. 3068For all of the ATM variables described below, please refer to the 3069.Xr atm 8 3070manual page for further details on the available command parameters. 3071Also refer to the files in 3072.Pa /usr/share/examples/atm 3073for more detailed configuration information. 3074.It Va atm_load 3075.Pq Vt str 3076This is a list of physical ATM interface drivers to load. 3077Typical values are 3078.Dq Li hfa_pci 3079and/or 3080.Dq Li hea_pci . 3081.It Va atm_netif_ Ns Aq Ar intf 3082.Pq Vt str 3083For the ATM physical interface 3084.Ar intf , 3085this variable defines the name prefix and count for the ATM network 3086interfaces to be created. 3087The value will be passed as the parameters of an 3088.Dq Nm atm Cm "set netif" Ar intf 3089command. 3090.It Va atm_sigmgr_ Ns Aq Ar intf 3091.Pq Vt str 3092For the ATM physical interface 3093.Ar intf , 3094this variable defines the ATM signalling manager to be used. 3095The value will be passed as the parameters of an 3096.Dq Nm atm Cm attach Ar intf 3097command. 3098.It Va atm_prefix_ Ns Aq Ar intf 3099.Pq Vt str 3100For the ATM physical interface 3101.Ar intf , 3102this variable defines the NSAP prefix for interfaces using a UNI signalling 3103manager. 3104If set to 3105.Dq Li ILMI , 3106the prefix will automatically be set via the 3107.Xr ilmid 8 3108daemon. 3109Otherwise, the value will be passed as the parameters of an 3110.Dq Nm atm Cm "set prefix" Ar intf 3111command. 3112.It Va atm_macaddr_ Ns Aq Ar intf 3113.Pq Vt str 3114For the ATM physical interface 3115.Ar intf , 3116this variable defines the MAC address for interfaces using a UNI signalling 3117manager. 3118If set to 3119.Dq Li NO , 3120the hardware MAC address contained in the ATM interface card will be used. 3121Otherwise, the value will be passed as the parameters of an 3122.Dq Nm atm Cm "set mac" Ar intf 3123command. 3124.It Va atm_arpserver_ Ns Aq Ar netif 3125.Pq Vt str 3126For the ATM network interface 3127.Ar netif , 3128this variable defines the ATM address for a host which is to provide ATMARP 3129service. 3130This variable is only applicable to interfaces using a UNI signalling 3131manager. 3132If set to 3133.Dq Li local , 3134this host will become an ATMARP server. 3135The value will be passed as the parameters of an 3136.Dq Nm atm Cm "set arpserver" Ar netif 3137command. 3138.It Va atm_scsparp_ Ns Aq Ar netif 3139.Pq Vt bool 3140If set to 3141.Dq Li YES , 3142SCSP/ATMARP service for the network interface 3143.Ar netif 3144will be initiated using the 3145.Xr scspd 8 3146and 3147.Xr atmarpd 8 3148daemons. 3149This variable is only applicable if 3150.Va atm_arpserver_ Ns Aq Ar netif 3151is set to 3152.Dq Li local . 3153.It Va atm_pvcs 3154.Pq Vt str 3155Set to the list of ATM PVCs to be added at system 3156boot time. 3157For each whitespace separated 3158.Ar element 3159in the value, an 3160.Va atm_pvc_ Ns Aq Ar element 3161variable is assumed to exist. 3162The value of each of these variables 3163will be passed as the parameters of an 3164.Dq Nm atm Cm "add pvc" 3165command. 3166.It Va atm_arps 3167.Pq Vt str 3168Set to the list of permanent ATM ARP entries to be added 3169at system boot time. 3170For each whitespace separated 3171.Ar element 3172in the value, an 3173.Va atm_arp_ Ns Aq Ar element 3174variable is assumed to exist. 3175The value of each of these variables 3176will be passed as the parameters of an 3177.Dq Nm atm Cm "add arp" 3178command. 3179.It Va natm_interfaces 3180.Pq Vt str 3181Set to the list of 3182.Xr natm 4 3183interfaces that will also be used for HARP through 3184.Xr harp 4 . 3185If this list is not empty all interfaces in the list will be brought up 3186with 3187.Xr ifconfig 8 3188and 3189.Xr harp 4 3190will be loaded. 3191For this to work the interface drivers must be either compiled into the 3192kernel or must reside on the root partition. 3193.It Va keybell 3194.Pq Vt str 3195The keyboard bell sound. 3196Set to 3197.Dq Li normal , 3198.Dq Li visual , 3199.Dq Li off , 3200or 3201.Dq Li NO 3202if the default behavior is desired. 3203For details, refer to the 3204.Xr kbdcontrol 1 3205manpage. 3206.It Va keyboard 3207.Pq Vt str 3208If set to a non-null string, the virtual console's keyboard input is 3209set to this device. 3210.It Va keymap 3211.Pq Vt str 3212If set to 3213.Dq Li NO , 3214no keymap is installed, otherwise the value is used to install 3215the keymap file in 3216.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3217.It Va keyrate 3218.Pq Vt str 3219The keyboard repeat speed. 3220Set to 3221.Dq Li slow , 3222.Dq Li normal , 3223.Dq Li fast , 3224or 3225.Dq Li NO 3226if the default behavior is desired. 3227.It Va keychange 3228.Pq Vt str 3229If not set to 3230.Dq Li NO , 3231attempt to program the function keys with the value. 3232The value should 3233be a single string of the form: 3234.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3235.It Va cursor 3236.Pq Vt str 3237Can be set to the value of 3238.Dq Li normal , 3239.Dq Li blink , 3240.Dq Li destructive , 3241or 3242.Dq Li NO 3243to set the cursor behavior explicitly or choose the default behavior. 3244.It Va scrnmap 3245.Pq Vt str 3246If set to 3247.Dq Li NO , 3248no screen map is installed, otherwise the value is used to install 3249the screen map file in 3250.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3251.It Va font8x16 3252.Pq Vt str 3253If set to 3254.Dq Li NO , 3255the default 8x16 font value is used for screen size requests, otherwise 3256the value in 3257.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3258is used. 3259.It Va font8x14 3260.Pq Vt str 3261If set to 3262.Dq Li NO , 3263the default 8x14 font value is used for screen size requests, otherwise 3264the value in 3265.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3266is used. 3267.It Va font8x8 3268.Pq Vt str 3269If set to 3270.Dq Li NO , 3271the default 8x8 font value is used for screen size requests, otherwise 3272the value in 3273.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3274is used. 3275.It Va blanktime 3276.Pq Vt int 3277If set to 3278.Dq Li NO , 3279the default screen blanking interval is used, otherwise it is set 3280to 3281.Ar value 3282seconds. 3283.It Va saver 3284.Pq Vt str 3285If not set to 3286.Dq Li NO , 3287this is the actual screen saver to use 3288.Li ( blank , snake , daemon , 3289etc). 3290.It Va moused_nondefault_enable 3291.Pq Vt str 3292If set to 3293.Dq Li NO , 3294the mouse device specified on 3295the command line is not automatically treated as enabled by the 3296.Pa /etc/rc.d/moused 3297script. 3298Having this variable set to 3299.Dq Li YES 3300allows a 3301.Xr usb 4 3302mouse, 3303for example, 3304to be enabled as soon as it is plugged in. 3305.It Va moused_enable 3306.Pq Vt str 3307If set to 3308.Dq Li YES , 3309the 3310.Xr moused 8 3311daemon is started for doing cut/paste selection on the console. 3312.It Va moused_type 3313.Pq Vt str 3314This is the protocol type of the mouse connected to this host. 3315This variable must be set if 3316.Va moused_enable 3317is set to 3318.Dq Li YES . 3319The 3320.Xr moused 8 3321daemon 3322is able to detect the appropriate mouse type automatically in many cases. 3323Set this variable to 3324.Dq Li auto 3325to let the daemon detect it, or 3326select one from the following list if the automatic detection fails. 3327.Pp 3328If the mouse is attached to the PS/2 mouse port, choose 3329.Dq Li auto 3330or 3331.Dq Li ps/2 , 3332regardless of the brand and model of the mouse. 3333Likewise, if the 3334mouse is attached to the bus mouse port, choose 3335.Dq Li auto 3336or 3337.Dq Li busmouse . 3338All other protocols are for serial mice and will not work with 3339the PS/2 and bus mice. 3340If this is a USB mouse, 3341.Dq Li auto 3342is the only protocol type which will work. 3343.Pp 3344.Bl -tag -width ".Li x10mouseremote" -compact 3345.It Li microsoft 3346Microsoft mouse (serial) 3347.It Li intellimouse 3348Microsoft IntelliMouse (serial) 3349.It Li mousesystems 3350Mouse systems Corp.\& mouse (serial) 3351.It Li mmseries 3352MM Series mouse (serial) 3353.It Li logitech 3354Logitech mouse (serial) 3355.It Li busmouse 3356A bus mouse 3357.It Li mouseman 3358Logitech MouseMan and TrackMan (serial) 3359.It Li glidepoint 3360ALPS GlidePoint (serial) 3361.It Li thinkingmouse 3362Kensington ThinkingMouse (serial) 3363.It Li ps/2 3364PS/2 mouse 3365.It Li mmhittab 3366MM HitTablet (serial) 3367.It Li x10mouseremote 3368X10 MouseRemote (serial) 3369.It Li versapad 3370Interlink VersaPad (serial) 3371.El 3372.Pp 3373Even if the mouse is not in the above list, it may be compatible 3374with one in the list. 3375Refer to the manual page for 3376.Xr moused 8 3377for compatibility information. 3378.Pp 3379It should also be noted that while this is enabled, any 3380other client of the mouse (such as an X server) should access 3381the mouse through the virtual mouse device, 3382.Pa /dev/sysmouse , 3383and configure it as a 3384.Dq Li sysmouse 3385type mouse, since all 3386mouse data is converted to this single canonical format when 3387using 3388.Xr moused 8 . 3389If the client program does not support the 3390.Dq Li sysmouse 3391type, 3392specify the 3393.Dq Li mousesystems 3394type. 3395It is the second preferred type. 3396.It Va moused_port 3397.Pq Vt str 3398If 3399.Va moused_enable 3400is set to 3401.Dq Li YES , 3402this is the actual port the mouse is on. 3403It might be 3404.Pa /dev/cuau0 3405for a COM1 serial mouse, 3406.Pa /dev/psm0 3407for a PS/2 mouse or 3408.Pa /dev/mse0 3409for a bus mouse, for example. 3410.It Va moused_flags 3411.Pq Vt str 3412If 3413.Va moused_flags 3414is set, its value is used as an additional set of flags to pass to the 3415.Xr moused 8 3416daemon. 3417.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3418When 3419.Va moused_nondefault_enable 3420is enabled, and a 3421.Xr moused 8 3422daemon is started for a non-default port, the 3423.Va "moused_" Ns Ar XXX Ns Va "_flags" 3424set of options has precedence over and replaces the default 3425.Va moused_flags 3426(where 3427.Ar XXX 3428is the name of the non-default port, i.e.,\& 3429.Ar ums0 ) . 3430By setting 3431.Va "moused_" Ns Ar XXX Ns Va "_flags" 3432it is possible to set up a different set of default flags for each 3433.Xr moused 8 3434instance. 3435For example, you can use 3436.Dq Li "-3" 3437for the default 3438.Va moused_flags 3439to make your laptop's touchpad more comfortable to use, 3440but an empty set of options for 3441.Va moused_ums0_flags 3442when your 3443.Xr usb 4 3444mouse has three or more buttons. 3445.It Va mousechar_start 3446.Pq Vt int 3447If set to 3448.Dq Li NO , 3449the default mouse cursor character range 3450.Li 0xd0 Ns - Ns Li 0xd3 3451is used, 3452otherwise the range start is set 3453to 3454.Ar value 3455character, see 3456.Xr vidcontrol 1 . 3457Use if the default range is occupied in the language code table. 3458.It Va allscreens_flags 3459.Pq Vt str 3460If set, 3461.Xr vidcontrol 1 3462is run with these options for each of the virtual terminals 3463.Pq Pa /dev/ttyv* . 3464For example, 3465.Dq Fl m Cm on 3466will enable the mouse pointer on all virtual terminals 3467if 3468.Va moused_enable 3469is set to 3470.Dq Li YES . 3471.It Va allscreens_kbdflags 3472.Pq Vt str 3473If set, 3474.Xr kbdcontrol 1 3475is run with these options for each of the virtual terminals 3476.Pq Pa /dev/ttyv* . 3477For example, 3478.Dq Fl h Li 200 3479will set the 3480.Xr syscons 4 3481scrollback (history) buffer to 200 lines. 3482.It Va cron_enable 3483.Pq Vt bool 3484If set to 3485.Dq Li YES , 3486run the 3487.Xr cron 8 3488daemon at system boot time. 3489.It Va cron_program 3490.Pq Vt str 3491Path to 3492.Xr cron 8 3493(default 3494.Pa /usr/sbin/cron ) . 3495.It Va cron_flags 3496.Pq Vt str 3497If 3498.Va cron_enable 3499is set to 3500.Dq Li YES , 3501these are the flags to pass to 3502.Xr cron 8 . 3503.It Va cron_dst 3504.Pq Vt bool 3505If set to 3506.Dq Li YES , 3507enable the special handling of transitions to and from the 3508Daylight Saving Time in 3509.Xr cron 8 3510(equivalent to using the flag 3511.Fl s ) . 3512.It Va lpd_program 3513.Pq Vt str 3514Path to 3515.Xr lpd 8 3516(default 3517.Pa /usr/sbin/lpd ) . 3518.It Va lpd_enable 3519.Pq Vt bool 3520If set to 3521.Dq Li YES , 3522run the 3523.Xr lpd 8 3524daemon at system boot time. 3525.It Va lpd_flags 3526.Pq Vt str 3527If 3528.Va lpd_enable 3529is set to 3530.Dq Li YES , 3531these are the flags to pass to the 3532.Xr lpd 8 3533daemon. 3534.It Va chkprintcap_enable 3535.Pq Vt bool 3536If set to 3537.Dq Li YES , 3538run the 3539.Xr chkprintcap 8 3540command before starting the 3541.Xr lpd 8 3542daemon. 3543.It Va chkprintcap_flags 3544.Pq Vt str 3545If 3546.Va lpd_enable 3547and 3548.Va chkprintcap_enable 3549are set to 3550.Dq Li YES , 3551these are the flags to pass to the 3552.Xr chkprintcap 8 3553program. 3554The default is 3555.Dq Li -d , 3556which causes missing directories to be created. 3557.It Va mta_start_script 3558.Pq Vt str 3559This variable specifies the full path to the script to run to start 3560a mail transfer agent. 3561The default is 3562.Pa /etc/rc.sendmail . 3563The 3564.Va sendmail_* 3565variables which 3566.Pa /etc/rc.sendmail 3567uses are documented in the 3568.Xr rc.sendmail 8 3569manual page. 3570.It Va dumpdev 3571.Pq Vt str 3572Indicates the device (usually a swap partition) to which a crash dump 3573should be written in the event of a system crash. 3574If the value of this variable is 3575.Dq Li AUTO , 3576the first suitable swap device listed in 3577.Pa /etc/fstab 3578will be used as dump device. 3579Otherwise, the value of this variable is passed as the argument to 3580.Xr dumpon 8 . 3581To disable crash dumps, set this variable to 3582.Dq Li NO . 3583.It Va dumpdir 3584.Pq Vt str 3585When the system reboots after a crash and a crash dump is found on the 3586device specified by the 3587.Va dumpdev 3588variable, 3589.Xr savecore 8 3590will save that crash dump and a copy of the kernel to the directory 3591specified by the 3592.Va dumpdir 3593variable. 3594The default value is 3595.Pa /var/crash . 3596Set to 3597.Dq Li NO 3598to not run 3599.Xr savecore 8 3600at boot time when 3601.Va dumpdir 3602is set. 3603.It Va savecore_flags 3604.Pq Vt str 3605If crash dumps are enabled, these are the flags to pass to the 3606.Xr savecore 8 3607utility. 3608.It Va quota_enable 3609.Pq Vt bool 3610Set to 3611.Dq Li YES 3612to turn on user and group disk quotas on system startup via the 3613.Xr quotaon 8 3614command for all file systems marked as having quotas enabled in 3615.Pa /etc/fstab . 3616The kernel must be built with 3617.Cd "options QUOTA" 3618for disk quotas to function. 3619.It Va check_quotas 3620.Pq Vt bool 3621Set to 3622.Dq Li YES 3623to enable user and group disk quota checking via the 3624.Xr quotacheck 8 3625command. 3626.It Va quotacheck_flags 3627.Pq Vt str 3628If 3629.Va quota_enable 3630is set to 3631.Dq Li YES , 3632and 3633.Va check_quotas 3634is set to 3635.Dq Li YES , 3636these are the flags to pass to the 3637.Xr quotacheck 8 3638utility. 3639The default is 3640.Dq Li "-a" , 3641which checks quotas for all file systems with quotas enabled in 3642.Pa /etc/fstab . 3643.It Va quotaon_flags 3644.Pq Vt str 3645If 3646.Va quota_enable 3647is set to 3648.Dq Li YES , 3649these are the flags to pass to the 3650.Xr quotaon 8 3651utility. 3652The default is 3653.Dq Li "-a" , 3654which enables quotas for all file systems with quotas enabled in 3655.Pa /etc/fstab . 3656.It Va quotaoff_flags 3657.Pq Vt str 3658If 3659.Va quota_enable 3660is set to 3661.Dq Li YES , 3662these are the flags to pass to the 3663.Xr quotaoff 8 3664utility when shutting down the quota system. 3665The default is 3666.Dq Li "-a" , 3667which disables quotas for all file systems with quotas enabled in 3668.Pa /etc/fstab . 3669.It Va accounting_enable 3670.Pq Vt bool 3671Set to 3672.Dq Li YES 3673to enable system accounting through the 3674.Xr accton 8 3675facility. 3676.It Va ibcs2_enable 3677.Pq Vt bool 3678Set to 3679.Dq Li YES 3680to enable iBCS2 (SCO) binary emulation at system initial boot 3681time. 3682.It Va ibcs2_loaders 3683.Pq Vt str 3684If not set to 3685.Dq Li NO 3686and if 3687.Va ibcs2_enable 3688is set to 3689.Dq Li YES , 3690this specifies a list of additional iBCS2 loaders to enable. 3691.It Va firstboot_sentinel 3692.Pq Vt str 3693This variable specifies the full path to a 3694.Dq first boot 3695sentinel file. 3696If a file exists with this path, 3697.Pa rc.d 3698scripts with the 3699.Dq firstboot 3700keyword will be run on startup and the sentinel file will be deleted 3701after the boot process completes. 3702The sentinel file must be located on a writable file system which is 3703mounted no later than 3704.Va early_late_divider 3705to function properly. 3706The default is 3707.Pa /firstboot . 3708.It Va linux_enable 3709.Pq Vt bool 3710Set to 3711.Dq Li YES 3712to enable Linux/ELF binary emulation at system initial 3713boot time. 3714.It Va svr4_enable 3715.Pq Vt bool 3716If set to 3717.Dq Li YES , 3718enable SysVR4 emulation at boot time. 3719.It Va sysvipc_enable 3720.Pq Vt bool 3721If set to 3722.Dq Li YES , 3723load System V IPC primitives at boot time. 3724.It Va clear_tmp_enable 3725.Pq Vt bool 3726Set to 3727.Dq Li YES 3728to have 3729.Pa /tmp 3730cleaned at startup. 3731.It Va clear_tmp_X 3732.Pq Vt bool 3733Set to 3734.Dq Li NO 3735to disable removing of X11 lock files, 3736and the removal and (secure) recreation 3737of the various socket directories for X11 3738related programs. 3739.It Va ldconfig_paths 3740.Pq Vt str 3741Set to the list of shared library paths to use with 3742.Xr ldconfig 8 . 3743NOTE: 3744.Pa /usr/lib 3745will always be added first, so it need not appear in this list. 3746.It Va ldconfig32_paths 3747.Pq Vt str 3748Set to the list of 32-bit compatibility shared library paths to 3749use with 3750.Xr ldconfig 8 . 3751.It Va ldconfig_paths_aout 3752.Pq Vt str 3753Set to the list of shared library paths to use with 3754.Xr ldconfig 8 3755legacy 3756.Xr a.out 5 3757support. 3758.It Va ldconfig_insecure 3759.Pq Vt bool 3760The 3761.Xr ldconfig 8 3762utility normally refuses to use directories 3763which are writable by anyone except root. 3764Set this variable to 3765.Dq Li YES 3766to disable that security check during system startup. 3767.It Va ldconfig_local_dirs 3768.Pq Vt str 3769Set to the list of local 3770.Xr ldconfig 8 3771directories. 3772The names of all files in the directories listed will be 3773passed as arguments to 3774.Xr ldconfig 8 . 3775.It Va ldconfig_local32_dirs 3776.Pq Vt str 3777Set to the list of local 32-bit compatibility 3778.Xr ldconfig 8 3779directories. 3780The names of all files in the directories listed will be 3781passed as arguments to 3782.Dq Nm ldconfig Fl 32 . 3783.It Va kern_securelevel_enable 3784.Pq Vt bool 3785Set to 3786.Dq Li YES 3787to set the kernel security level at system startup. 3788.It Va kern_securelevel 3789.Pq Vt int 3790The kernel security level to set at startup. 3791The allowed range of 3792.Ar value 3793ranges from \-1 (the compile time default) to 3 (the 3794most secure). 3795See 3796.Xr security 7 3797for the list of possible security levels and their effect 3798on system operation. 3799.It Va sshd_program 3800.Pq Vt str 3801Path to the SSH server program 3802.Pa ( /usr/sbin/sshd 3803is the default). 3804.It Va sshd_enable 3805.Pq Vt bool 3806Set to 3807.Dq Li YES 3808to start 3809.Xr sshd 8 3810at system boot time. 3811.It Va sshd_flags 3812.Pq Vt str 3813If 3814.Va sshd_enable 3815is set to 3816.Dq Li YES , 3817these are the flags to pass to the 3818.Xr sshd 8 3819daemon. 3820.It Va ftpd_program 3821.Pq Vt str 3822Path to the FTP server program 3823.Pa ( /usr/libexec/ftpd 3824is the default). 3825.It Va ftpd_enable 3826.Pq Vt bool 3827Set to 3828.Dq Li YES 3829to start 3830.Xr ftpd 8 3831as a stand-alone daemon at system boot time. 3832.It Va ftpd_flags 3833.Pq Vt str 3834If 3835.Va ftpd_enable 3836is set to 3837.Dq Li YES , 3838these are the additional flags to pass to the 3839.Xr ftpd 8 3840daemon. 3841.It Va watchdogd_enable 3842.Pq Vt bool 3843If set to 3844.Dq Li YES , 3845start the 3846.Xr watchdogd 8 3847daemon at boot time. 3848This requires that the kernel have been compiled with a 3849.Xr watchdog 4 3850compatible device. 3851.It Va watchdogd_flags 3852.Pq Vt str 3853If 3854.Va watchdogd_enable 3855is set to 3856.Dq Li YES , 3857these are the flags passed to the 3858.Xr watchdogd 8 3859daemon. 3860.It Va devfs_rulesets 3861.Pq Vt str 3862List of files containing sets of rules for 3863.Xr devfs 8 . 3864.It Va devfs_system_ruleset 3865.Pq Vt str 3866Rule name(s) to apply to the system 3867.Pa /dev 3868itself. 3869.It Va devfs_set_rulesets 3870.Pq Vt str 3871Pairs of already-mounted 3872.Pa dev 3873directories and rulesets that should be applied to them. 3874For example: /mount/dev=ruleset_name 3875.It Va devfs_load_rulesets 3876.Pq Vt bool 3877If set, always load the default rulesets listed in 3878.Va devfs_rulesets . 3879.It Va performance_cx_lowest 3880.Pq Vt str 3881CPU idle state to use while on AC power. 3882The string 3883.Dq Li LOW 3884indicates that 3885.Xr acpi 4 3886should use the lowest power state available while 3887.Dq Li HIGH 3888indicates that the lowest latency state (less power savings) should be used. 3889.It Va performance_cpu_freq 3890.Pq Vt str 3891CPU clock frequency to use while on AC power. 3892The string 3893.Dq Li LOW 3894indicates that 3895.Xr cpufreq 4 3896should use the lowest frequency available while 3897.Dq Li HIGH 3898indicates that the highest frequency (less power savings) should be used. 3899.It Va economy_cx_lowest 3900.Pq Vt str 3901CPU idle state to use when off AC power. 3902The string 3903.Dq Li LOW 3904indicates that 3905.Xr acpi 4 3906should use the lowest power state available while 3907.Dq Li HIGH 3908indicates that the lowest latency state (less power savings) should be used. 3909.It Va economy_cpu_freq 3910.Pq Vt str 3911CPU clock frequency to use when off AC power. 3912The string 3913.Dq Li LOW 3914indicates that 3915.Xr cpufreq 4 3916should use the lowest frequency available while 3917.Dq Li HIGH 3918indicates that the highest frequency (less power savings) should be used. 3919.It Va jail_enable 3920.Pq Vt bool 3921If set to 3922.Dq Li NO , 3923any configured jails will not be started. 3924.It Va jail_conf 3925.Pq Vt str 3926The configuration filename used by 3927.Xr jail 8 3928utility. 3929The default value is 3930.Pa /etc/jail.conf . 3931.It Va jail_parallel_start 3932.Pq Vt bool 3933If set to 3934.Dq Li YES , 3935all configured jails will be started in the background (in parallel). 3936.It Va jail_flags 3937.Pq Vt str 3938Unset by default. 3939When set, use as default value for 3940.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3941for every jail in 3942.Va jail_list . 3943.It Va jail_list 3944.Pq Vt str 3945A space separated list of names for jails. 3946If this variable is empty, 3947all of 3948.Xr jail 8 3949instances in the configuration file will be configured. 3950This is purely a configuration aid to help identify and 3951configure multiple jails. 3952The names specified in this list will be used to 3953identify settings common to an instance of a jail, 3954and should contain alphanumeric characters only. 3955The literal jail name of 3956.Dq Li 0 3957.Pq zero 3958is not allowed. 3959.It Va jail_* variables 3960Note that older releases supported per-jail configuration via 3961.Xr rc.conf 5 3962variables. 3963For example, 3964hostname of a jail named 3965.Li vjail 3966was able to be set by 3967.Li jail_vjail_hostname . 3968These per-jail configuration variables are now obsolete in favor of 3969.Xr jail 8 3970configuration file. 3971For backward compatibility, 3972when per-jail configuration variables are defined, 3973.Xr jail 8 3974configuration files are created as 3975.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3976and used. 3977.Pp 3978The following per-jail parameters are handled by 3979.Pa rc.d/jail 3980script out of their corresponding 3981.Nm 3982variables. 3983In addition to them, parameters in 3984.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3985will be added to the configuration file. 3986They must be a semi-colon 3987.Pq Ql \&; 3988delimited list of 3989.Dq key=value . 3990For more details, 3991see 3992.Xr jail 8 3993manual page. 3994.Bl -tag -width "host.hostname" -offset indent 3995.It Li path 3996set from 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3998.It Li host.hostname 3999set from 4000.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4001.It Li exec.consolelog 4002set from 4003.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4004The default value is 4005.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 4006.It Li interface 4007set from 4008.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4009.It Li vnet.interface 4010set from 4011.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4012This implies 4013.Li vnet 4014parameter will be enabled and cannot be specified with 4015.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4016.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4017and/or 4018.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4019at the same time. 4020.It Li fstab 4021set from 4022.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4023.It Li mount 4024set from 4025.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4026.It Li exec.fib 4027set from 4028.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4029.It Li exec.start 4030set from 4031.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4032The parameter name was 4033.Li command 4034in some older releases. 4035.It Li exec.prestart 4036set from 4037.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4038.It Li exec.poststart 4039set from 4040.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4041.It Li exec.stop 4042set from 4043.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4044.It Li exec.prestop 4045set from 4046.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4047.It Li exec.poststop 4048set from 4049.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4050.It Li ip4.addr 4051set if 4052.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4053or 4054.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4055contain IPv4 addresses 4056.It Li ip6.addr 4057set if 4058.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4059or 4060.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4061contain IPv6 addresses 4062.It Li allow.mount 4063set from 4064.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4065.It Li mount.devfs 4066set from 4067.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4068.It Li devfs_ruleset 4069set from 4070.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4071This must be an integer, 4072not a string. 4073.It Li mount.fdescfs 4074set from 4075.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4076.It Li allow.set_hostname 4077set from 4078.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4079.It Li allow.rawsocket 4080set from 4081.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4082.It Li allow.sysvipc 4083set from 4084.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4085.El 4086.\" ----------------------------------------------------- 4087.It Va harvest_interrupt 4088.Pq Vt bool 4089Set to 4090.Dq Li YES 4091to use hardware interrupts as an entropy source. 4092Refer to 4093.Xr random 4 4094for more information. 4095.It Va harvest_ethernet 4096.Pq Vt bool 4097Set to 4098.Dq Li YES 4099to use LAN traffic as an entropy source. 4100Refer to 4101.Xr random 4 4102for more information. 4103.It Va harvest_p_to_p 4104.Pq Vt bool 4105Set to 4106.Dq Li YES 4107to use serial line traffic as an entropy source. 4108Refer to 4109.Xr random 4 4110for more information. 4111.It Va entropy_dir 4112.Pq Vt str 4113Set to 4114.Dq Li NO 4115to disable caching entropy via 4116.Xr cron 8 . 4117Otherwise set to the directory used to store entropy files in. 4118.It Va entropy_file 4119.Pq Vt str 4120Set to 4121.Dq Li NO 4122to disable caching entropy through reboots. 4123Otherwise set to the filename used to store cached entropy through 4124reboots. 4125This file should be located on the root file system to seed the 4126.Xr random 4 4127device as early as possible in the boot process. 4128.It Va entropy_save_sz 4129.Pq Vt int 4130Size of the entropy cache files saved by 4131.Nm save-entropy 4132periodically. 4133.It Va entropy_save_num 4134.Pq Vt int 4135Number of entropy cache files to save by 4136.Nm save-entropy 4137periodically. 4138.It Va ipsec_enable 4139.Pq Vt bool 4140Set to 4141.Dq Li YES 4142to run 4143.Xr setkey 8 4144on 4145.Va ipsec_file 4146at boot time. 4147.It Va ipsec_file 4148.Pq Vt str 4149Configuration file for 4150.Xr setkey 8 . 4151.It Va dmesg_enable 4152.Pq Vt bool 4153Set to 4154.Dq Li YES 4155to save 4156.Xr dmesg 8 4157to 4158.Pa /var/run/dmesg.boot 4159on boot. 4160.It Va rcshutdown_timeout 4161.Pq Vt int 4162If set, start a watchdog timer in the background which will terminate 4163.Pa rc.shutdown 4164if 4165.Xr shutdown 8 4166has not completed within the specified time (in seconds). 4167Notice that in addition to this soft timeout, 4168.Xr init 8 4169also applies a hard timeout for the execution of 4170.Pa rc.shutdown . 4171This is configured via 4172.Xr sysctl 8 4173variable 4174.Va kern.init_shutdown_timeout 4175and defaults to 120 seconds. 4176Setting the value of 4177.Va rcshutdown_timeout 4178to more than 120 seconds will have no effect until the 4179.Xr sysctl 8 4180variable 4181.Va kern.init_shutdown_timeout 4182is also increased. 4183.It Va virecover_enable 4184.Pq Vt bool 4185Set to 4186.Dq Li NO 4187to prevent the system from trying to 4188recover pre-maturely terminated 4189.Xr vi 1 4190sessions. 4191.It Va ugidfw_enable 4192.Pq Vt bool 4193Set to 4194.Dq Li YES 4195to load the 4196.Xr mac_bsdextended 4 4197module upon system initialization and load a default 4198ruleset file. 4199.It Va bsdextended_script 4200.Pq Vt str 4201The default 4202.Xr mac_bsdextended 4 4203ruleset file to load. 4204The default value of this variable is 4205.Pa /etc/rc.bsdextended . 4206.It Va newsyslog_enable 4207.Pq Vt bool 4208If set to 4209.Dq Li YES , 4210run 4211.Xr newsyslog 8 4212command at startup. 4213.It Va newsyslog_flags 4214.Pq Vt str 4215If 4216.Va newsyslog_enable 4217is set to 4218.Dq Li YES , 4219these are the flags to pass to the 4220.Xr newsyslog 8 4221program. 4222The default is 4223.Dq Li -CN , 4224which causes log files flagged with a 4225.Cm C 4226to be created. 4227.It Va mdconfig_md Ns Aq Ar X 4228.Pq Vt str 4229Arguments to 4230.Xr mdconfig 8 4231for 4232.Xr md 4 4233device 4234.Ar X . 4235At minimum a 4236.Fl t Ar type 4237must be specified and either a 4238.Fl s Ar size 4239for malloc or swap backed 4240.Xr md 4 4241devices or a 4242.Fl f Ar file 4243for vnode backed 4244.Xr md 4 4245devices. 4246Note that 4247.Va mdconfig_md Ns Aq Ar X 4248variables are evaluated until one variable is unset or null. 4249.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4250.Pq Vt str 4251Optional arguments passed to 4252.Xr newfs 8 4253to initialize 4254.Xr md 4 4255device 4256.Ar X . 4257.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4258.Pq Vt str 4259An ownership specification passed to 4260.Xr chown 8 4261after the specified 4262.Xr md 4 4263device 4264.Ar X 4265has been mounted. 4266Both the 4267.Xr md 4 4268device and the mount point will be changed. 4269.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4270.Pq Vt str 4271A mode string passed to 4272.Xr chmod 1 4273after the specified 4274.Xr md 4 4275device 4276.Ar X 4277has been mounted. 4278Both the 4279.Xr md 4 4280device and the mount point will be changed. 4281.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4282.Pq Vt str 4283Files to be copied to the mount point of the 4284.Xr md 4 4285device 4286.Ar X 4287after it has been mounted. 4288.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4289.Pq Vt str 4290Command to execute after the specified 4291.Xr md 4 4292device 4293.Ar X 4294has been mounted. 4295Note that the command is passed to 4296.Ic eval 4297and that both 4298.Va _dev 4299and 4300.Va _mp 4301variables can be used to reference respectively the 4302.Xr md 4 4303device and the mount point. 4304Assuming that the 4305.Xr md 4 4306device is 4307.Li md0 , 4308one could set the following: 4309.Bd -literal 4310mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4311.Ed 4312.It Va autobridge_interfaces 4313.Pq Vt str 4314Set to the list of bridge interfaces that will have newly arriving interfaces 4315checked against to be automatically added. 4316If not set to 4317.Dq Li NO 4318then for each whitespace separated 4319.Ar element 4320in the value, a 4321.Va autobridge_ Ns Aq Ar element 4322variable is assumed to exist which has a whitespace separated list of interface 4323names to match, these names can use wildcards. 4324For example: 4325.Bd -literal 4326autobridge_interfaces="bridge0" 4327autobridge_bridge0="tap* dc0 vlan[345]" 4328.Ed 4329.It Va mixer_enable 4330.Pq Vt bool 4331If set to 4332.Dq Li YES , 4333enable support for sound mixer. 4334.It Va hcsecd_enable 4335.Pq Vt bool 4336If set to 4337.Dq Li YES , 4338enable Bluetooth security daemon. 4339.It Va hcsecd_config 4340.Pq Vt str 4341Configuration file for 4342.Xr hcsecd 8 . 4343Default 4344.Pa /etc/bluetooth/hcsecd.conf . 4345.It Va sdpd_enable 4346.Pq Vt bool 4347If set to 4348.Dq Li YES , 4349enable Bluetooth Service Discovery Protocol daemon. 4350.It Va sdpd_control 4351.Pq Vt str 4352Path to 4353.Xr sdpd 8 4354control socket. 4355Default 4356.Pa /var/run/sdp . 4357.It Va sdpd_groupname 4358.Pq Vt str 4359Sets 4360.Xr sdpd 8 4361group to run as after it initializes. 4362Default 4363.Dq Li nobody . 4364.It Va sdpd_username 4365.Pq Vt str 4366Sets 4367.Xr sdpd 8 4368user to run as after it initializes. 4369Default 4370.Dq Li nobody . 4371.It Va bthidd_enable 4372.Pq Vt bool 4373If set to 4374.Dq Li YES , 4375enable Bluetooth Human Interface Device daemon. 4376.It Va bthidd_config 4377.Pq Vt str 4378Configuration file for 4379.Xr bthidd 8 . 4380Default 4381.Pa /etc/bluetooth/bthidd.conf . 4382.It Va bthidd_hids 4383.Pq Vt str 4384Path to a file, where 4385.Xr bthidd 8 4386will store information about known HID devices. 4387Default 4388.Pa /var/db/bthidd.hids . 4389.It Va rfcomm_pppd_server_enable 4390.Pq Vt bool 4391If set to 4392.Dq Li YES , 4393enable Bluetooth RFCOMM PPP wrapper daemon. 4394.It Va rfcomm_pppd_server_profile 4395.Pq Vt str 4396The name of the profile to use from 4397.Pa /etc/ppp/ppp.conf . 4398Multiple profiles can be specified here. 4399Also used to specify per-profile overrides. 4400When the profile name contains any of the characters 4401.Dq Li .-/+ 4402they are translated to 4403.Dq Li _ 4404for the proposes of the override variable names. 4405.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4406.Pq Vt str 4407Overrides local address to listen on. 4408By default 4409.Xr rfcomm_pppd 8 4410will listen on 4411.Dq Li ANY 4412address. 4413The address can be specified as BD_ADDR or name. 4414.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4415.Pq Vt str 4416Overrides local RFCOMM channel to listen on. 4417By default 4418.Xr rfcomm_pppd 8 4419will listen on RFCOMM channel 1. 4420Must set properly if multiple profiles used in the same time. 4421.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4422.Pq Vt bool 4423Tells 4424.Xr rfcomm_pppd 8 4425if it should register Serial Port service on the specified RFCOMM channel. 4426Default 4427.Dq Li NO . 4428.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4429.Pq Vt bool 4430Tells 4431.Xr rfcomm_pppd 8 4432if it should register Dial-Up Networking service on the specified 4433RFCOMM channel. 4434Default 4435.Dq Li NO . 4436.It Va ubthidhci_enable 4437.Pq Vt bool 4438If set to 4439.Dq Li YES , 4440change the USB Bluetooth controller from HID mode to HCI mode. 4441You also need to specify the location of USB Bluetooth controller with the 4442.Va ubthidhci_busnum 4443and 4444.Va ubthidhci_addr 4445variables. 4446.It Va ubthidhci_busnum 4447Bus number where the USB Bluetooth controller is located. 4448Check the output of 4449.Xr usbconfig 8 4450on your system to find this information. 4451.It Va ubthidhci_addr 4452Bus address of the USB Bluetooth controller. 4453Check the output of 4454.Xr usbconfig 8 4455on your system to find this information. 4456.It Va netwait_enable 4457.Pq Vt bool 4458If set to 4459.Dq Li YES , 4460delays the start of network-reliant services until 4461.Va netwait_if 4462is up and ICMP packets to a destination defined in 4463.Va netwait_ip 4464are flowing. 4465Link state is examined first, followed by 4466.Dq Li pinging 4467an IP address to verify network usability. 4468If no destination can be reached or timeouts are exceeded, 4469network services are started anyway with no guarantee that 4470the network is usable. 4471Use of this variable requires both 4472.Va netwait_ip 4473and 4474.Va netwait_if 4475to be set. 4476.It Va netwait_ip 4477.Pq Vt str 4478Empty by default. 4479This variable contains a space-delimited list of IP addresses to 4480.Xr ping 8 . 4481DNS hostnames should not be used as resolution is not guaranteed 4482to be functional at this point. 4483If multiple IP addresses are specified, 4484each will be tried until one is successful or the list is exhausted. 4485.It Va netwait_timeout 4486.Pq Vt int 4487Indicates the total number of seconds to perform a 4488.Dq Li ping 4489against each IP address in 4490.Va netwait_ip , 4491at a rate of one ping per second. 4492If any of the pings are successful, 4493full network connectivity is considered reliable. 4494The default is 60. 4495.It Va netwait_if 4496.Pq Vt str 4497Empty by default. 4498Defines the name of the network interface on which watch for link. 4499.Xr ifconfig 8 4500is used to monitor the interface, looking for 4501.Dq Li status: no carrier . 4502Once gone, the link is considered up. 4503This can be a 4504.Xr vlan 4 4505interface if desired. 4506.It Va netwait_if_timeout 4507.Pq Vt int 4508Defines the total number of seconds to wait for link to become usable, 4509polled at a 1-second interval. 4510The default is 30. 4511.El 4512.Sh FILES 4513.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4514.It Pa /etc/defaults/rc.conf 4515.It Pa /etc/rc.conf 4516.It Pa /etc/rc.conf.local 4517.El 4518.Sh SEE ALSO 4519.Xr catman 1 , 4520.Xr chmod 1 , 4521.Xr gdb 1 , 4522.Xr info 1 , 4523.Xr kbdcontrol 1 , 4524.Xr makewhatis 1 , 4525.Xr sh 1 , 4526.Xr vi 1 , 4527.Xr vidcontrol 1 , 4528.Xr bridge 4 , 4529.Xr dummynet 4 , 4530.Xr ip 4 , 4531.Xr ipf 4 , 4532.Xr ipfw 4 , 4533.Xr ipnat 4 , 4534.Xr kld 4 , 4535.Xr pf 4 , 4536.Xr pflog 4 , 4537.Xr pfsync 4 , 4538.Xr tcp 4 , 4539.Xr udp 4 , 4540.Xr exports 5 , 4541.Xr fstab 5 , 4542.Xr ipf 5 , 4543.Xr ipnat 5 , 4544.Xr motd 5 , 4545.Xr newsyslog.conf 5 , 4546.Xr pf.conf 5 , 4547.Xr security 7 , 4548.Xr accton 8 , 4549.Xr amd 8 , 4550.Xr apm 8 , 4551.Xr atm 8 , 4552.Xr bthidd 8 , 4553.Xr chkprintcap 8 , 4554.Xr chown 8 , 4555.Xr cron 8 , 4556.Xr devfs 8 , 4557.Xr dhclient 8 , 4558.Xr ftpd 8 , 4559.Xr geli 8 , 4560.Xr hcsecd 8 , 4561.Xr ifconfig 8 , 4562.Xr inetd 8 , 4563.Xr ipf 8 , 4564.Xr ipfw 8 , 4565.Xr ipnat 8 , 4566.Xr jail 8 , 4567.Xr kldxref 8 , 4568.Xr lpd 8 , 4569.Xr mdconfig 8 , 4570.Xr mdmfs 8 , 4571.Xr mixer 8 , 4572.Xr mountd 8 , 4573.Xr moused 8 , 4574.Xr mrouted 8 , 4575.Xr named 8 , 4576.Xr newfs 8 , 4577.Xr newsyslog 8 , 4578.Xr nfsd 8 , 4579.Xr ntpd 8 , 4580.Xr ntpdate 8 , 4581.Xr pfctl 8 , 4582.Xr pflogd 8 , 4583.Xr ping 8 , 4584.Xr powerd 8 , 4585.Xr quotacheck 8 , 4586.Xr quotaon 8 , 4587.Xr rc 8 , 4588.Xr rc.sendmail 8 , 4589.Xr rfcomm_pppd 8 , 4590.Xr route 8 , 4591.Xr routed 8 , 4592.Xr rpcbind 8 , 4593.Xr rpc.lockd 8 , 4594.Xr rpc.statd 8 , 4595.Xr rwhod 8 , 4596.Xr savecore 8 , 4597.Xr sdpd 8 , 4598.Xr sshd 8 , 4599.Xr swapon 8 , 4600.Xr sysctl 8 , 4601.Xr syslogd 8 , 4602.Xr timed 8 , 4603.Xr unbound 8 , 4604.Xr usbconfig 8 , 4605.Xr wlandebug 8 , 4606.Xr yp 8 , 4607.Xr ypbind 8 , 4608.Xr ypserv 8 , 4609.Xr ypset 8 4610.Sh HISTORY 4611The 4612.Nm 4613file appeared in 4614.Fx 2.2.2 . 4615.Sh AUTHORS 4616.An Jordan K. Hubbard . 4617