1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd October 24, 2017 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67The sysrc(8) command provides a scripting interface to modify system 68config files. 69.Pp 70In addition to 71.Pa /etc/rc.conf.local 72you can also place smaller configuration files for each 73.Xr rc 8 74script in the 75.Pa /etc/rc.conf.d 76directory or 77.Ao Ar dir Ac Ns Pa /rc.conf.d 78directories specified in 79.Va local_startup , 80which will be included by the 81.Va load_rc_config 82function. 83For jail configurations you could use the file 84.Pa /etc/rc.conf.d/jail 85to store jail specific configuration options. 86If 87.Va local_startup 88contains 89.Pa /usr/local/etc/rc.d 90and 91.Pa /opt/conf , 92.Pa /usr/local/rc.conf.d/jail 93and 94.Pa /opt/conf/rc.conf.d/jail 95will be loaded. 96If 97.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 98is a directory, 99all of files in the directory will be loaded. 100Also see the 101.Va rc_conf_files 102variable below. 103.Pp 104Options are set with 105.Dq Ar name Ns Li = Ns Ar value 106assignments that use 107.Xr sh 1 108syntax. 109The following list provides a name and short description for each 110variable that can be set in the 111.Nm 112file: 113.Bl -tag -width indent-two 114.It Va rc_debug 115.Pq Vt bool 116If set to 117.Dq Li YES , 118enable output of debug messages from rc scripts. 119This variable can be helpful in diagnosing mistakes when 120editing or integrating new scripts. 121Beware that this produces copious output to the terminal and 122.Xr syslog 3 . 123.It Va rc_info 124.Pq Vt bool 125If set to 126.Dq Li NO , 127disable informational messages from the rc scripts. 128Informational messages are displayed when 129a condition that is not serious enough to warrant a warning or 130an error occurs. 131.It Va rc_startmsgs 132.Pq Vt bool 133If set to 134.Dq Li YES , 135show 136.Dq Starting foo: 137when faststart is used (e.g., at boot time). 138.It Va early_late_divider 139.Pq Vt str 140The name of the script that should be used as the 141delimiter between the 142.Dq early 143and 144.Dq late 145stages of the boot process. 146The early stage should contain all the services needed to 147get the disks (local or remote) mounted so that the late 148stage can include scripts contained in the directories 149listed in the 150.Va local_startup 151variable (see below). 152Thus, the two likely candidates for this value are 153.Pa mountcritlocal 154for the typical system, and 155.Pa mountcritremote 156if the system needs remote file 157systems mounted to get access to the 158.Va local_startup 159directories; for example when 160.Pa /usr/local 161is NFS mounted. 162For 163.Pa rc.conf 164within a 165.Xr jail 8 166.Pa NETWORKING 167is likely to be an appropriate value. 168Extreme care should be taken when changing this value, 169and before changing it one should ensure that there are 170adequate provisions to recover from a failed boot 171(such as physical contact with the machine, 172or reliable remote console access). 173.It Va always_force_depends 174.Pq Vt bool 175Various 176.Pa rc.d 177scripts use the force_depend function to check whether required 178services are already running, and to start them if necessary. 179By default during boot time this check is bypassed if the 180required service is enabled in 181.Pa /etc/rc.conf[.local] . 182Setting this option will bypass that check at boot time and 183always test whether or not the service is actually running. 184Enabling this option is likely to increase your boot time if 185services are enabled that utilize the force_depend check. 186.It Ao Ar name Ac Ns Va _chroot 187.Pq Vt str 188.Xr chroot 8 189to this directory before running the service. 190.It Ao Ar name Ac Ns Va _user 191.Pq Vt str 192Run the service under this user account. 193.It Ao Ar name Ac Ns Va _group 194.Pq Vt str 195Run the chrooted service under this system group. 196Unlike the _user 197setting, this setting has no effect if the service is not chrooted. 198.It Ao Ar name Ac Ns Va _fib 199.Pq Vt int 200The 201.Xr setfib 1 202value to run the service under. 203.It Ao Ar name Ac Ns Va _nice 204.Pq Vt int 205The 206.Xr nice 1 207value to run the service under. 208.It Va apm_enable 209.Pq Vt bool 210If set to 211.Dq Li YES , 212enable support for Automatic Power Management with 213the 214.Xr apm 8 215command. 216.It Va apmd_enable 217.Pq Vt bool 218Run 219.Xr apmd 8 220to handle APM event from userland. 221This also enables support for APM. 222.It Va apmd_flags 223.Pq Vt str 224If 225.Va apmd_enable 226is set to 227.Dq Li YES , 228these are the flags to pass to the 229.Xr apmd 8 230daemon. 231.It Va devd_enable 232.Pq Vt bool 233Run 234.Xr devd 8 235to handle device added, removed or unknown events from the kernel. 236.It Va ddb_enable 237.Pq Vt bool 238Run 239.Xr ddb 8 240to install 241.Xr ddb 4 242scripts at boot time. 243.It Va ddb_config 244.Pq Vt str 245Configuration file for 246.Xr ddb 8 . 247Default 248.Pa /etc/ddb.conf . 249.It Va kld_list 250.Pq Vt str 251A list of kernel modules to load right after the local 252disks are mounted. 253Loading modules at this point in the boot process is 254much faster than doing it via 255.Pa /boot/loader.conf 256for those modules not necessary for mounting local disk. 257.It Va kldxref_enable 258.Pq Vt bool 259Set to 260.Dq Li NO 261by default. 262Set to 263.Dq Li YES 264to automatically rebuild 265.Pa linker.hints 266files with 267.Xr kldxref 8 268at boot time. 269.It Va kldxref_clobber 270.Pq Vt bool 271Set to 272.Dq Li NO 273by default. 274If 275.Va kldxref_enable 276is true, 277setting to 278.Dq Li YES 279will overwrite existing 280.Pa linker.hints 281files at boot time. 282Otherwise, 283only missing 284.Pa linker.hints 285files are generated. 286.It Va kldxref_module_path 287.Pq Vt str 288Empty by default. 289A semi-colon 290.Pq Ql \&; 291delimited list of paths containing 292.Xr kld 4 293modules. 294If empty, 295the contents of the 296.Va kern.module_path 297.Xr sysctl 8 298are used. 299.It Va powerd_enable 300.Pq Vt bool 301If set to 302.Dq Li YES , 303enable the system power control facility with the 304.Xr powerd 8 305daemon. 306.It Va powerd_flags 307.Pq Vt str 308If 309.Va powerd_enable 310is set to 311.Dq Li YES , 312these are the flags to pass to the 313.Xr powerd 8 314daemon. 315.It Va tmpmfs 316Controls the creation of a 317.Pa /tmp 318memory file system. 319Always happens if set to 320.Dq Li YES 321and never happens if set to 322.Dq Li NO . 323If set to anything else, a memory file system is created if 324.Pa /tmp 325is not writable. 326.It Va tmpsize 327Controls the size of a created 328.Pa /tmp 329memory file system. 330.It Va tmpmfs_flags 331Extra options passed to the 332.Xr mdmfs 8 333utility when the memory file system for 334.Pa /tmp 335is created. 336The default is 337.Dq Li "-S" , 338which inhibits the use of softupdates on 339.Pa /tmp 340so that file system space is freed without delay 341after file truncation or deletion. 342See 343.Xr mdmfs 8 344for other options you can use in 345.Va tmpmfs_flags . 346.It Va varmfs 347Controls the creation of a 348.Pa /var 349memory file system. 350Always happens if set to 351.Dq Li YES 352and never happens if set to 353.Dq Li NO . 354If set to anything else, a memory file system is created if 355.Pa /var 356is not writable. 357.It Va varsize 358Controls the size of a created 359.Pa /var 360memory file system. 361.It Va varmfs_flags 362Extra options passed to the 363.Xr mdmfs 8 364utility when the memory file system for 365.Pa /var 366is created. 367The default is 368.Dq Li "-S" , 369which inhibits the use of softupdates on 370.Pa /var 371so that file system space is freed without delay 372after file truncation or deletion. 373See 374.Xr mdmfs 8 375for other options you can use in 376.Va varmfs_flags . 377.It Va populate_var 378Controls the automatic population of the 379.Pa /var 380file system. 381Always happens if set to 382.Dq Li YES 383and never happens if set to 384.Dq Li NO . 385If set to anything else, a memory file system is created if 386.Pa /var 387is not writable. 388Note that this process requires access to certain commands in 389.Pa /usr 390before 391.Pa /usr 392is mounted on normal systems. 393.It Va cleanvar_enable 394.Pq Vt bool 395Clean the 396.Pa /var 397directory. 398.It Va local_startup 399.Pq Vt str 400List of directories to search for startup script files. 401.It Va script_name_sep 402.Pq Vt str 403The field separator to use for breaking down the list of startup script files 404into individual filenames. 405The default is a space. 406It is not necessary to change this unless there are startup scripts with names 407containing spaces. 408.It Va hostapd_enable 409.Pq Vt bool 410Set to 411.Dq Li YES 412to start 413.Xr hostapd 8 414at system boot time. 415.It Va hostname 416.Pq Vt str 417The fully qualified domain name (FQDN) of this host on the network. 418This should almost certainly be set to something meaningful, even if 419there is no network connection. 420If 421.Xr dhclient 8 422is used to set the hostname via DHCP, 423this variable should be set to an empty string. 424If this value remains unset when the system is done booting 425your console login will display the default hostname of 426.Dq Amnesiac . 427.It Va nisdomainname 428.Pq Vt str 429The NIS domain name of this host, or 430.Dq Li NO 431if NIS is not used. 432.It Va dhclient_program 433.Pq Vt str 434Path to the DHCP client program 435.Pa ( /sbin/dhclient , 436the 437.Ox 438DHCP client, 439is the default). 440.It Va dhclient_flags 441.Pq Vt str 442Additional flags to pass to the DHCP client program. 443For the 444.Ox 445DHCP client, see the 446.Xr dhclient 8 447manpage for a description of the command line options available. 448.It Va dhclient_flags_ Ns Aq Ar iface 449Additional flags to pass to the DHCP client program running on 450.Ar iface 451only. 452When specified, this variable overrides 453.Va dhclient_flags . 454.It Va background_dhclient 455.Pq Vt bool 456Set to 457.Dq Li YES 458to start the DHCP client in background. 459This can cause trouble with applications depending on 460a working network, but it will provide a faster startup 461in many cases. 462.It Va background_dhclient_ Ns Aq Ar iface 463When specified, this variable overrides the 464.Va background_dhclient 465variable for interface 466.Ar iface 467only. 468.It Va synchronous_dhclient 469.Pq Vt bool 470Set to 471.Dq Li YES 472to start 473.Xr dhclient 8 474synchronously at startup. 475This behavior can be overridden on a per-interface basis by replacing 476the 477.Dq Li DHCP 478keyword in the 479.Va ifconfig_ Ns Aq Ar interface 480variable with 481.Dq Li SYNCDHCP 482or 483.Dq Li NOSYNCDHCP . 484.It Va defaultroute_delay 485.Pq Vt int 486When set to a positive value, wait up to this long after configuring 487DHCP interfaces at startup to give the interfaces time to receive a lease. 488.It Va firewall_enable 489.Pq Vt bool 490Set to 491.Dq Li YES 492to load firewall rules at startup. 493If the kernel was not built with 494.Cd "options IPFIREWALL" , 495the 496.Pa ipfw.ko 497kernel module will be loaded. 498See also 499.Va ipfilter_enable . 500.It Va firewall_script 501.Pq Vt str 502This variable specifies the full path to the firewall script to run. 503The default is 504.Pa /etc/rc.firewall . 505.It Va firewall_type 506.Pq Vt str 507Names the firewall type from the selection in 508.Pa /etc/rc.firewall , 509or the file which contains the local firewall ruleset. 510Valid selections from 511.Pa /etc/rc.firewall 512are: 513.Pp 514.Bl -tag -width ".Li simple" -compact 515.It Li open 516unrestricted IP access 517.It Li closed 518all IP services disabled, except via 519.Dq Li lo0 520.It Li client 521basic protection for a workstation 522.It Li simple 523basic protection for a LAN. 524.El 525.Pp 526If a filename is specified, the full path 527must be given. 528.It Va firewall_quiet 529.Pq Vt bool 530Set to 531.Dq Li YES 532to disable the display of firewall rules on the console during boot. 533.It Va firewall_logging 534.Pq Vt bool 535Set to 536.Dq Li YES 537to enable firewall event logging. 538This is equivalent to the 539.Dv IPFIREWALL_VERBOSE 540kernel option. 541.It Va firewall_logif 542.Pq Vt bool 543Set to 544.Dq Li YES 545to create pseudo interface 546.Li ipfw0 547for logging. 548For more details, see 549.Xr ipfw 8 550manual page. 551.It Va firewall_flags 552.Pq Vt str 553Flags passed to 554.Xr ipfw 8 555if 556.Va firewall_type 557specifies a filename. 558.It Va firewall_coscripts 559.Pq Vt str 560List of executables and/or rc scripts to run after firewall starts/stops. 561Default is empty. 562.\" ----- firewall_nat_enable setting -------------------------------- 563.It Va firewall_nat_enable 564.Pq Vt bool 565The 566.Xr ipfw 8 567equivalent of 568.Va natd_enable . 569Setting this to 570.Dq Li YES 571enables kernel NAT. 572.Va firewall_enable 573must also be set to 574.Dq Li YES . 575.It Va firewall_nat_interface 576.Pq Vt str 577The 578.Xr ipfw 8 579equivalent of 580.Va natd_interface . 581This is the name of the public interface or IP address on which 582kernel NAT should run. 583.It Va firewall_nat_flags 584.Pq Vt str 585Additional configuration parameters for kernel NAT should be placed here. 586.It Va dummynet_enable 587.Pq Vt bool 588Setting this to 589.Dq Li YES 590will automatically load the 591.Xr dummynet 4 592module if 593.Va firewall_enable 594is also set to 595.Dq Li YES . 596.\" ------------------------------------------------------------------- 597.It Va ipfw_netflow_enable 598.Pq Vt bool 599Setting this to 600.Dq Li YES 601will enable netflow logging via 602.Xr ng_netflow 4 603.Pp 604By default a ipfw rule is inserted and all packets are duplicated with 605the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 606port using protocol version 5. 607.It Va ipfw_netflow_hook 608.Pq Vt int 609netflow hook name, must be numerical 610(default 611.Pa 9995 ) . 612.It Va ipfw_netflow_rule 613.Pq Vt int 614ipfw rule number 615(default 616.Pa 1000 ) . 617.It Va ipfw_netflow_ip 618.Pq Vt str 619Destination server ip for receiving netflow data 620(default 621.Pa 127.0.0.1 ) . 622.It Va ipfw_netflow_port 623.Pq Vt int 624Destination server port for receiving netflow data 625(default 626.Pa 9995 ) . 627.It Va ipfw_netflow_version 628.Pq Vt int 629Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 630.It Va ipfw_netflow_fib 631.Pq Vt int 632Only match packet in FIB 633.Pa ipfw_netflow_fib 634(default is undefined meaning all FIBs). 635.It Va natd_program 636.Pq Vt str 637Path to 638.Xr natd 8 . 639.It Va natd_enable 640.Pq Vt bool 641Set to 642.Dq Li YES 643to enable 644.Xr natd 8 . 645.Va firewall_enable 646must also be set to 647.Dq Li YES , 648and 649.Xr divert 4 650sockets must be enabled in the kernel. 651If the kernel was not built with 652.Cd "options IPDIVERT" , 653the 654.Pa ipdivert.ko 655kernel module will be loaded. 656.It Va natd_interface 657.Pq Vt str 658This is the name of the public interface on which 659.Xr natd 8 660should run. 661The interface may be given as an interface name or as an IP address. 662.It Va natd_flags 663.Pq Vt str 664Additional 665.Xr natd 8 666flags should be placed here. 667The 668.Fl n 669or 670.Fl a 671flag is automatically added with the above 672.Va natd_interface 673as an argument. 674.\" ----- ipfilter_enable setting -------------------------------- 675.It Va ipfilter_enable 676.Pq Vt bool 677Set to 678.Dq Li NO 679by default. 680Setting this to 681.Dq Li YES 682enables 683.Xr ipf 8 684packet filtering. 685.Pp 686Typical usage will require putting 687.Bd -literal 688ipfilter_enable="YES" 689ipnat_enable="YES" 690ipmon_enable="YES" 691ipfs_enable="YES" 692.Ed 693.Pp 694into 695.Pa /etc/rc.conf 696and editing 697.Pa /etc/ipf.rules 698and 699.Pa /etc/ipnat.rules 700appropriately. 701.Pp 702Note that 703.Va ipfilter_enable 704and 705.Va ipnat_enable 706can be enabled independently. 707.Va ipmon_enable 708and 709.Va ipfs_enable 710both require at least one of 711.Va ipfilter_enable 712and 713.Va ipnat_enable 714to be enabled. 715.Pp 716Having 717.Bd -literal 718options IPFILTER 719options IPFILTER_LOG 720options IPFILTER_DEFAULT_BLOCK 721.Ed 722.Pp 723in the kernel configuration file is a good idea, too. 724.\" ----- ipfilter_program setting ------------------------------ 725.It Va ipfilter_program 726.Pq Vt str 727Path to 728.Xr ipf 8 729(default 730.Pa /sbin/ipf ) . 731.\" ----- ipfilter_rules setting -------------------------------- 732.It Va ipfilter_rules 733.Pq Vt str 734Set to 735.Pa /etc/ipf.rules 736by default. 737This variable contains the name of the filter rule definition file. 738The file is expected to be readable for the 739.Xr ipf 8 740command to execute. 741.\" ----- ipv6_ipfilter_rules setting --------------------------- 742.It Va ipv6_ipfilter_rules 743.Pq Vt str 744Set to 745.Pa /etc/ipf6.rules 746by default. 747This variable contains the IPv6 filter rule definition file. 748The file is expected to be readable for the 749.Xr ipf 8 750command to execute. 751.\" ----- ipfilter_flags setting -------------------------------- 752.It Va ipfilter_flags 753.Pq Vt str 754Empty by default. 755This variable contains flags passed to the 756.Xr ipf 8 757program. 758.\" ----- ipnat_enable setting ---------------------------------- 759.It Va ipnat_enable 760.Pq Vt bool 761Set to 762.Dq Li NO 763by default. 764Set it to 765.Dq Li YES 766to enable 767.Xr ipnat 8 768network address translation. 769See 770.Va ipfilter_enable 771for a detailed discussion. 772.\" ----- ipnat_program setting --------------------------------- 773.It Va ipnat_program 774.Pq Vt str 775Path to 776.Xr ipnat 8 777(default 778.Pa /sbin/ipnat ) . 779.\" ----- ipnat_rules setting ----------------------------------- 780.It Va ipnat_rules 781.Pq Vt str 782Set to 783.Pa /etc/ipnat.rules 784by default. 785This variable contains the name of the file 786holding the network address translation definition. 787This file is expected to be readable for the 788.Xr ipnat 8 789command to execute. 790.\" ----- ipnat_flags setting ----------------------------------- 791.It Va ipnat_flags 792.Pq Vt str 793Empty by default. 794This variable contains flags passed to the 795.Xr ipnat 8 796program. 797.\" ----- ipmon_enable setting ---------------------------------- 798.It Va ipmon_enable 799.Pq Vt bool 800Set to 801.Dq Li NO 802by default. 803Set it to 804.Dq Li YES 805to enable 806.Xr ipmon 8 807monitoring (logging 808.Xr ipf 8 809and 810.Xr ipnat 8 811events). 812Setting this variable needs setting 813.Va ipfilter_enable 814or 815.Va ipnat_enable 816too. 817See 818.Va ipfilter_enable 819for a detailed discussion. 820.\" ----- ipmon_program setting --------------------------------- 821.It Va ipmon_program 822.Pq Vt str 823Path to 824.Xr ipmon 8 825(default 826.Pa /sbin/ipmon ) . 827.\" ----- ipmon_flags setting ----------------------------------- 828.It Va ipmon_flags 829.Pq Vt str 830Set to 831.Dq Li -Ds 832by default. 833This variable contains flags passed to the 834.Xr ipmon 8 835program. 836Another typical example would be 837.Dq Fl D Pa /var/log/ipflog 838to have 839.Xr ipmon 8 840log directly to a file bypassing 841.Xr syslogd 8 . 842Make sure to adjust 843.Pa /etc/newsyslog.conf 844in such case like this: 845.Bd -literal 846/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 847.Ed 848.\" ----- ipfs_enable setting ----------------------------------- 849.It Va ipfs_enable 850.Pq Vt bool 851Set to 852.Dq Li NO 853by default. 854Set it to 855.Dq Li YES 856to enable 857.Xr ipfs 8 858saving the filter and NAT state tables during shutdown 859and reloading them during startup again. 860Setting this variable needs setting 861.Va ipfilter_enable 862or 863.Va ipnat_enable 864to 865.Dq Li YES 866too. 867See 868.Va ipfilter_enable 869for a detailed discussion. 870Note that if 871.Va kern_securelevel 872is set to 3, 873.Va ipfs_enable 874cannot be used 875because the raised securelevel will prevent 876.Xr ipfs 8 877from saving the state tables at shutdown time. 878.\" ----- ipfs_program setting ---------------------------------- 879.It Va ipfs_program 880.Pq Vt str 881Path to 882.Xr ipfs 8 883(default 884.Pa /sbin/ipfs ) . 885.\" ----- ipfs_flags setting ------------------------------------ 886.It Va ipfs_flags 887.Pq Vt str 888Empty by default. 889This variable contains flags passed to the 890.Xr ipfs 8 891program. 892.\" ----- end of added ipf hook --------------------------------- 893.It Va pf_enable 894.Pq Vt bool 895Set to 896.Dq Li NO 897by default. 898Setting this to 899.Dq Li YES 900enables 901.Xr pf 4 902packet filtering. 903.Pp 904Typical usage will require putting 905.Pp 906.Dl pf_enable="YES" 907.Pp 908into 909.Pa /etc/rc.conf 910and editing 911.Pa /etc/pf.conf 912appropriately. 913Adding 914.Pp 915.Dl "device pf" 916.Pp 917builds support for 918.Xr pf 4 919into the kernel, otherwise the 920kernel module will be loaded. 921.It Va pf_rules 922.Pq Vt str 923Path to 924.Xr pf 4 925ruleset configuration file 926(default 927.Pa /etc/pf.conf ) . 928.It Va pf_program 929.Pq Vt str 930Path to 931.Xr pfctl 8 932(default 933.Pa /sbin/pfctl ) . 934.It Va pf_flags 935.Pq Vt str 936If 937.Va pf_enable 938is set to 939.Dq Li YES , 940these flags are passed to the 941.Xr pfctl 8 942program when loading the ruleset. 943.It Va pflog_enable 944.Pq Vt bool 945Set to 946.Dq Li NO 947by default. 948Setting this to 949.Dq Li YES 950enables 951.Xr pflogd 8 952which logs packets from the 953.Xr pf 4 954packet filter. 955.It Va pflog_logfile 956.Pq Vt str 957If 958.Va pflog_enable 959is set to 960.Dq Li YES 961this controls where 962.Xr pflogd 8 963stores the logfile 964(default 965.Pa /var/log/pflog ) . 966Check 967.Pa /etc/newsyslog.conf 968to adjust logfile rotation for this. 969.It Va pflog_program 970.Pq Vt str 971Path to 972.Xr pflogd 8 973(default 974.Pa /sbin/pflogd ) . 975.It Va pflog_flags 976.Pq Vt str 977Empty by default. 978This variable contains additional flags passed to the 979.Xr pflogd 8 980program. 981.It Va pflog_instances 982.Pq Vt str 983If logging to more than one 984.Xr pflog 4 985interface is desired, 986.Va pflog_instances 987is set to the list of 988.Xr pflogd 8 989instances that should be started at system boot time. 990If 991.Va pflog_instances 992is set, for each whitespace-seperated 993.Ar element 994in the list, 995.Ao Ar element Ac Ns Va _dev 996and 997.Ao Ar element Ac Ns Va _logfile 998elements are assumed to exist. 999.Ao Ar element Ac Ns Va _dev 1000must contain the 1001.Xr pflog 4 1002interface to be watched by the named 1003.Xr pflogd 8 1004instance. 1005.Ao Ar element Ac Ns Va _logfile 1006must contain the name of the logfile that will be used by the 1007.Xr pflogd 8 1008instance. 1009.It Va ftpproxy_enable 1010.Pq Vt bool 1011Set to 1012.Dq Li NO 1013by default. 1014Setting this to 1015.Dq Li YES 1016enables 1017.Xr ftp-proxy 8 1018which supports the 1019.Xr pf 4 1020packet filter in translating ftp connections. 1021.It Va ftpproxy_flags 1022.Pq Vt str 1023Empty by default. 1024This variable contains additional flags passed to the 1025.Xr ftp-proxy 8 1026program. 1027.It Va ftpproxy_instances 1028.Pq Vt str 1029Empty by default. 1030If multiple instances of 1031.Xr ftp-proxy 8 1032are desired at boot time, 1033.Va ftpproxy_instances 1034should contain a whitespace-seperated list of instance names. 1035For each 1036.Ar element 1037in the list, a variable named 1038.Ao Ar element Ac Ns Va _flags 1039should be defined, containing the command-line flags to be passed to the 1040.Xr ftp-proxy 8 1041instance. 1042.It Va pfsync_enable 1043.Pq Vt bool 1044Set to 1045.Dq Li NO 1046by default. 1047Setting this to 1048.Dq Li YES 1049enables exposing 1050.Xr pf 4 1051state changes to other hosts over the network by means of 1052.Xr pfsync 4 . 1053The 1054.Va pfsync_syncdev 1055variable 1056must also be set then. 1057.It Va pfsync_syncdev 1058.Pq Vt str 1059Empty by default. 1060This variable specifies the name of the network interface 1061.Xr pfsync 4 1062should operate through. 1063It must be set accordingly if 1064.Va pfsync_enable 1065is set to 1066.Dq Li YES . 1067.It Va pfsync_syncpeer 1068.Pq Vt str 1069Empty by default. 1070This variable is optional. 1071By default, state change messages are sent out on the synchronisation 1072interface using IP multicast packets. 1073The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1074224.0.0.240. 1075When a peer address is specified using the 1076.Va pfsync_syncpeer 1077option, the peer address is used as a destination for the pfsync 1078traffic, and the traffic can then be protected using 1079.Xr ipsec 4 . 1080See the 1081.Xr pfsync 4 1082manpage for more details about using 1083.Xr ipsec 4 1084with 1085.Xr pfsync 4 1086interfaces. 1087.It Va pfsync_ifconfig 1088.Pq Vt str 1089Empty by default. 1090This variable can contain additional options to be passed to the 1091.Xr ifconfig 8 1092command used to set up 1093.Xr pfsync 4 . 1094.It Va tcp_extensions 1095.Pq Vt bool 1096Set to 1097.Dq Li YES 1098by default. 1099Setting this to 1100.Dq Li NO 1101disables certain TCP options as described by 1102.Rs 1103.%T "RFC 1323" 1104.Re 1105Setting this to 1106.Dq Li NO 1107might help remedy such problems with connections as randomly hanging 1108or other weird behavior. 1109Some network devices are known 1110to be broken with respect to these options. 1111.It Va log_in_vain 1112.Pq Vt int 1113Set to 0 by default. 1114The 1115.Xr sysctl 8 1116variables, 1117.Va net.inet.tcp.log_in_vain 1118and 1119.Va net.inet.udp.log_in_vain , 1120as described in 1121.Xr tcp 4 1122and 1123.Xr udp 4 , 1124are set to the given value. 1125.It Va tcp_keepalive 1126.Pq Vt bool 1127Set to 1128.Dq Li YES 1129by default. 1130Setting to 1131.Dq Li NO 1132will disable probing idle TCP connections to verify that the 1133peer is still up and reachable. 1134.It Va tcp_drop_synfin 1135.Pq Vt bool 1136Set to 1137.Dq Li NO 1138by default. 1139Setting to 1140.Dq Li YES 1141will cause the kernel to ignore TCP frames that have both 1142the SYN and FIN flags set. 1143This prevents OS fingerprinting, but may 1144break some legitimate applications. 1145.It Va icmp_drop_redirect 1146.Pq Vt bool 1147Set to 1148.Dq Li NO 1149by default. 1150Setting to 1151.Dq Li YES 1152will cause the kernel to ignore ICMP REDIRECT packets. 1153Refer to 1154.Xr icmp 4 1155for more information. 1156.It Va icmp_log_redirect 1157.Pq Vt bool 1158Set to 1159.Dq Li NO 1160by default. 1161Setting to 1162.Dq Li YES 1163will cause the kernel to log ICMP REDIRECT packets. 1164Note that 1165the log messages are not rate-limited, so this option should only be used 1166for troubleshooting networks. 1167Refer to 1168.Xr icmp 4 1169for more information. 1170.It Va icmp_bmcastecho 1171.Pq Vt bool 1172Set to 1173.Dq Li YES 1174to respond to broadcast or multicast ICMP ping packets. 1175Refer to 1176.Xr icmp 4 1177for more information. 1178.It Va ip_portrange_first 1179.Pq Vt int 1180If not set to 1181.Dq Li NO , 1182this is the first port in the default portrange. 1183Refer to 1184.Xr ip 4 1185for more information. 1186.It Va ip_portrange_last 1187.Pq Vt int 1188If not set to 1189.Dq Li NO , 1190this is the last port in the default portrange. 1191Refer to 1192.Xr ip 4 1193for more information. 1194.It Va network_interfaces 1195.Pq Vt str 1196Set to the list of network interfaces to configure on this host or 1197.Dq Li AUTO 1198(the default) for all current interfaces. 1199Setting the 1200.Va network_interfaces 1201variable to anything other than the default is deprecated. 1202Interfaces that the administrator wishes to store configuration for, 1203but not start at boot should be configured with the 1204.Dq Li NOAUTO 1205keyword in their 1206.Va ifconfig_ Ns Aq Ar interface 1207variables as described below. 1208.Pp 1209An 1210.Va ifconfig_ Ns Aq Ar interface 1211variable is also assumed to exist for each value of 1212.Ar interface . 1213When an interface name contains any of the characters 1214.Dq Li .-/+ 1215they are translated to 1216.Dq Li _ 1217before lookup. 1218The variable can contain arguments to 1219.Xr ifconfig 8 , 1220as well as special case-insensitive keywords described below. 1221Such keywords are removed before passing the value to 1222.Xr ifconfig 8 1223while the order of the other arguments is preserved. 1224.Pp 1225It is possible to add IP alias entries using 1226.Xr ifconfig 8 1227syntax with the address family keyword such as 1228.Li inet . 1229Assuming that the interface in question was 1230.Li ed0 , 1231it might look something like this: 1232.Bd -literal 1233ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1234ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1235.Ed 1236.Pp 1237It also possible to configure multiple IP addresses in Classless 1238Inter-Domain Routing 1239.Pq CIDR 1240address notation, 1241whose each address component can be a range like 1242.Li inet 192.0.2.5-23/24 1243or 1244.Li inet6 2001:db8:1-f::1/64 . 1245This notation allows address and prefix length part only, 1246not the other address modifiers. 1247Note that the maximum number of the generated addresses from a range 1248specification is limited to an integer value specified in 1249.Va netif_ipexpand_max 1250in 1251.Nm 1252because a small typo can unexpectedly generate a large number of addresses. 1253The default value is 1254.Li 2048 . 1255It can be increased by adding the following line into 1256.Nm : 1257.Bd -literal 1258netif_ipexpand_max="4096" 1259.Ed 1260.Pp 1261In the case of 1262.Li 192.0.2.5-23/24 , 1263the address 192.0.2.5 will be configured with the 1264netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1265the non-conflicting netmask /32 as explained in the 1266.Xr ifconfig 8 1267alias section. 1268Note that this special netmask handling is only for 1269.Li inet , 1270not for the other address families such as 1271.Li inet6 . 1272.Pp 1273With the interface in question being 1274.Li ed0 , 1275an example could look like: 1276.Bd -literal 1277ifconfig_ed0_alias2="inet 192.0.2.129/27" 1278ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1279.Ed 1280.Pp 1281and so on. 1282.Pp 1283Note that 1284.Va ipv4_addrs_ Ns Aq Ar interface 1285variable was supported for IPv4 CIDR address notation. 1286It is now deprecated because the functionality was integrated into 1287.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1288though 1289.Va ipv4_addrs_ Ns Aq Ar interface 1290is still supported for backward compatibility. 1291.Pp 1292For each 1293.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1294entry with an address family keyword, 1295its contents are passed to 1296.Xr ifconfig 8 . 1297Execution stops at the first unsuccessful access, so if 1298something like this is present: 1299.Bd -literal 1300ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1301ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1302ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1303ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1304.Ed 1305.Pp 1306Then note that alias4 would 1307.Em not 1308be added since the search would 1309stop with the missing 1310.Dq Li alias3 1311entry. 1312Because of this difficult to manage behavior, 1313there is 1314.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1315variable, which has the same functionality as 1316.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1317and can have all of entries in a variable like the following: 1318.Bd -literal 1319ifconfig_ed0_aliases="\\ 1320 inet 127.0.0.251 netmask 0xffffffff \\ 1321 inet 127.0.0.252 netmask 0xffffffff \\ 1322 inet 127.0.0.253 netmask 0xffffffff \\ 1323 inet 127.0.0.254 netmask 0xffffffff" 1324.Ed 1325.Pp 1326It also supports CIDR notation. 1327.Pp 1328If the 1329.Pa /etc/start_if. Ns Aq Ar interface 1330file is present, it is read and executed by the 1331.Xr sh 1 1332interpreter 1333before configuring the interface as specified in the 1334.Va ifconfig_ Ns Aq Ar interface 1335and 1336.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1337variables. 1338.Pp 1339If a 1340.Va vlans_ Ns Aq Ar interface 1341variable is set, 1342a 1343.Xr vlan 4 1344interface will be created for each item in the list with the 1345.Ar vlandev 1346argument set to 1347.Ar interface . 1348If a vlan interface's name is a number, 1349then that number is used as the vlan tag and the new vlan interface is 1350named 1351.Ar interface . Ns Ar tag . 1352Otherwise, 1353the vlan tag must be specified via a 1354.Va vlan 1355parameter in the 1356.Va create_args_ Ns Aq Ar interface 1357variable. 1358.Pp 1359To create a vlan device named 1360.Li em0.101 1361on 1362.Li em0 1363with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1364.Bd -literal 1365vlans_em0="101" 1366ifconfig_em0_101="inet 192.0.2.1/24" 1367.Ed 1368.Pp 1369To create a vlan device named 1370.Li myvlan 1371on 1372.Li em0 1373with the vlan tag 102: 1374.Bd -literal 1375vlans_em0="myvlan" 1376create_args_myvlan="vlan 102" 1377.Ed 1378.Pp 1379If a 1380.Va wlans_ Ns Aq Ar interface 1381variable is set, 1382an 1383.Xr wlan 4 1384interface will be created for each item in the list with the 1385.Ar wlandev 1386argument set to 1387.Ar interface . 1388Further wlan cloning arguments may be passed to the 1389.Xr ifconfig 8 1390.Cm create 1391command by setting the 1392.Va create_args_ Ns Aq Ar interface 1393variable. 1394One or more 1395.Xr wlan 4 1396devices must be created for each wireless devices as of 1397.Fx 8.0 . 1398Debugging flags for 1399.Xr wlan 4 1400devices as set by 1401.Xr wlandebug 8 1402may be specified with an 1403.Va wlandebug_ Ns Aq Ar interface 1404variable. 1405The contents of this variable will be passed directly to 1406.Xr wlandebug 8 . 1407.Pp 1408If the 1409.Va ifconfig_ Ns Aq Ar interface 1410contains the keyword 1411.Dq Li NOAUTO 1412then the interface will not be configured 1413at boot or by 1414.Pa /etc/pccard_ether 1415when 1416.Va network_interfaces 1417is set to 1418.Dq Li AUTO . 1419.Pp 1420It is possible to bring up an interface with DHCP by adding 1421.Dq Li DHCP 1422to the 1423.Va ifconfig_ Ns Aq Ar interface 1424variable. 1425For instance, to initialize the 1426.Li ed0 1427device via DHCP, 1428it is possible to use something like: 1429.Bd -literal 1430ifconfig_ed0="DHCP" 1431.Ed 1432.Pp 1433If you want to configure your wireless interface with 1434.Xr wpa_supplicant 8 1435for use with WPA, EAP/LEAP or WEP, you need to add 1436.Dq Li WPA 1437to the 1438.Va ifconfig_ Ns Aq Ar interface 1439variable. 1440.Pp 1441On the other hand, if you want to configure your wireless interface with 1442.Xr hostapd 8 , 1443you need to add 1444.Dq Li HOSTAP 1445to the 1446.Va ifconfig_ Ns Aq Ar interface 1447variable. 1448.Xr hostapd 8 1449will use the settings from 1450.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1451.Pp 1452Finally, you can add 1453.Xr ifconfig 8 1454options in this variable, in addition to the 1455.Pa /etc/start_if. Ns Aq Ar interface 1456file. 1457For instance, to configure an 1458.Xr ath 4 1459wireless device in station mode with an address obtained 1460via DHCP, using WPA authentication and 802.11b mode, it is 1461possible to use something like: 1462.Bd -literal 1463wlans_ath0="wlan0" 1464ifconfig_wlan0="DHCP WPA mode 11b" 1465.Ed 1466.Pp 1467In addition to the 1468.Va ifconfig_ Ns Aq Ar interface 1469form, a fallback variable 1470.Va ifconfig_DEFAULT 1471may be configured. 1472It will be used for all interfaces with no 1473.Va ifconfig_ Ns Aq Ar interface 1474variable. 1475This is intended to replace the no longer supported 1476.Va pccard_ifconfig 1477variable. 1478.Pp 1479It is also possible to rename an interface by doing: 1480.Bd -literal 1481ifconfig_ed0_name="net0" 1482ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1483.Ed 1484.It Va ipv6_enable 1485.Pq Vt bool 1486This variable is deprecated. 1487Use 1488.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1489and 1490.Va ipv6_activate_all_interfaces 1491if necessary. 1492.Pp 1493If the variable is 1494.Dq Li YES , 1495.Dq Li inet6 accept_rtadv 1496is added to all of 1497.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1498and the 1499.Va ipv6_activate_all_interfaces 1500is defined as 1501.Dq Li YES . 1502.It Va ipv6_prefer 1503.Pq Vt bool 1504This variable is deprecated. 1505Use 1506.Va ip6addrctl_policy 1507instead. 1508.Pp 1509If the variable is 1510.Dq Li YES , 1511the default address selection policy table set by 1512.Xr ip6addrctl 8 1513will be IPv6-preferred. 1514.Pp 1515If the variable is 1516.Dq Li NO , 1517the default address selection policy table set by 1518.Xr ip6addrctl 8 1519will be IPv4-preferred. 1520.It Va ipv6_activate_all_interfaces 1521.Pq Vt bool 1522This controls initial configuration on IPv6-capable 1523interfaces with no corresponding 1524.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1525variable. 1526Note that it is not always necessary to set this variable to 1527.Dq YES 1528to use IPv6 functionality on 1529.Fx . 1530In most cases, just configuring 1531.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1532variables works. 1533.Pp 1534If the variable is 1535.Dq Li NO , 1536all interfaces which do not have a corresponding 1537.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1538variable will be marked as 1539.Dq Li IFDISABLED 1540at creation. 1541This means that all of IPv6 functionality on that interface 1542is completely disabled to enforce a security policy. 1543If the variable is set to 1544.Dq YES , 1545the flag will be cleared on all of the interfaces. 1546.Pp 1547In most cases, just defining an 1548.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1549for an IPv6-capable interface should be sufficient. 1550However, if an interface is added dynamically 1551.Pq by some tunneling protocols such as PPP, for example , 1552it is often difficult to define the variable in advance. 1553In such a case, configuring the 1554.Dq Li IFDISABLED 1555flag can be disabled by setting this variable to 1556.Dq YES . 1557.Pp 1558For more details of the 1559.Dq Li IFDISABLED 1560flag and keywords 1561.Dq Li inet6 ifdisabled , 1562see 1563.Xr ifconfig 8 . 1564.Pp 1565Default is 1566.Dq Li NO . 1567.It Va ipv6_privacy 1568.Pq Vt bool 1569If the variable is 1570.Dq Li YES 1571privacy addresses will be generated for each IPv6 1572interface as described in RFC 4941. 1573.It Va ipv6_network_interfaces 1574.Pq Vt str 1575This is the IPv6 equivalent of 1576.Va network_interfaces . 1577Normally manual configuration of this variable is not needed. 1578.It Va ipv6_cpe_wanif 1579.Pq Vt str 1580If the variable is set to an interface name, 1581the 1582.Xr ifconfig 8 1583options 1584.Dq inet6 -no_radr accept_rtadv 1585will be added to the specified interface automatically before evaluating 1586.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1587and two 1588.Xr sysctl 8 1589variables 1590.Va net.inet6.ip6.rfc6204w3 1591and 1592.Va net.inet6.ip6.no_radr 1593will be set to 1. 1594.Pp 1595This means the specified interface will accept ICMPv6 Router 1596Advertisement messages on that link and add the discovered 1597routers into the Default Router List. 1598While the other interfaces can still accept RA messages if the 1599.Dq inet6 accept_rtadv 1600option is specified, adding 1601routes into the Default Router List will be disabled by 1602.Dq inet6 no_radr 1603option by default. 1604See 1605.Xr ifconfig 8 1606for more details. 1607.Pp 1608Note that ICMPv6 Router Advertisement messages will be 1609accepted even when 1610.Va net.inet6.ip6.forwarding 1611is 1 1612.Pq packet forwarding is enabled 1613when 1614.Va net.inet6.ip6.rfc6204w3 1615is set to 1. 1616.Pp 1617Default is 1618.Dq Li NO . 1619.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1620.Pq Vt str 1621IPv6 functionality on an interface should be configured by 1622.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1623instead of setting ifconfig parameters in 1624.Va ifconfig_ Ns Aq Ar interface . 1625If this variable is empty, all of IPv6 configurations on the 1626specified interface by other variables such as 1627.Va ipv6_prefix_ Ns Ao Ar interface Ac 1628will be ignored. 1629.Pp 1630Aliases should be set by 1631.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1632with 1633.Dq Li inet6 1634keyword. 1635For example: 1636.Bd -literal 1637ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1638ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1639.Ed 1640.Pp 1641Interfaces that have an 1642.Dq Li inet6 accept_rtadv 1643keyword in 1644.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1645setting will be automatically configured by SLAAC 1646.Pq StateLess Address AutoConfiguration 1647described in 1648.Rs 1649.%T "RFC 4862" 1650.Re 1651.Pp 1652Note that a link-local address will be automatically configured in 1653addition to the configured global-scope addresses because the IPv6 1654specifications require it on each link. 1655The address is calculated from the MAC address by using an algorithm 1656defined in 1657.Rs 1658.%T "RFC 4862" 1659.%O "Section 5.3" 1660.Re 1661.Pp 1662If only a link-local address is needed on the interface, 1663the following configuration can be used: 1664.Bd -literal 1665ifconfig_ed0_ipv6="inet6 auto_linklocal" 1666.Ed 1667.Pp 1668A link-local address can also be configured manually. 1669This is useful for the default router address of an IPv6 router 1670so that it does not change when the network interface 1671card is replaced. 1672For example: 1673.Bd -literal 1674ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1675.Ed 1676.It Va ipv6_prefix_ Ns Aq Ar interface 1677.Pq Vt str 1678If one or more prefixes are defined in 1679.Va ipv6_prefix_ Ns Aq Ar interface 1680addresses based on each prefix and the EUI-64 interface index will be 1681configured on that interface. 1682Note that this variable will be ignored when 1683.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1684is empty. 1685.Pp 1686For example, the following configuration 1687.Bd -literal 1688ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1689.Ed 1690.Pp 1691is equivalent to the following: 1692.Bd -literal 1693ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1694ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1695ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1696ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1697.Ed 1698.Pp 1699These Subnet-Router anycast addresses will be added only when 1700.Va ipv6_gateway_enable 1701is YES. 1702.It Va ipv6_default_interface 1703.Pq Vt str 1704If not set to 1705.Dq Li NO , 1706this is the default output interface for scoped addresses. 1707This works only with ipv6_gateway_enable="NO". 1708.It Va ip6addrctl_enable 1709.Pq Vt bool 1710This variable is to enable configuring default address selection policy table 1711.Pq RFC 3484 . 1712The table can be specified in another variable 1713.Va ip6addrctl_policy . 1714For 1715.Va ip6addrctl_policy 1716the following keywords can be specified: 1717.Dq Li ipv4_prefer , 1718.Dq Li ipv6_prefer , 1719or 1720.Dq Li AUTO . 1721.Pp 1722If 1723.Dq Li ipv4_prefer 1724or 1725.Dq Li ipv6_prefer 1726is specified, 1727.Xr ip6addrctl 8 1728installs a pre-defined policy table described in Section 2.1 1729.Pq IPv6-preferred 1730or 10.3 1731.Pq IPv4-preferred 1732of RFC 3484. 1733.Pp 1734If 1735.Dq Li AUTO 1736is specified, it attempts to read a file 1737.Pa /etc/ip6addrctl.conf 1738first. 1739If this file is found, 1740.Xr ip6addrctl 8 1741reads and installs it. 1742If not found, a policy is automatically set 1743according to 1744.Va ipv6_activate_all_interfaces 1745variable; if the variable is set to 1746.Dq Li YES 1747the IPv6-preferred one is used. 1748Otherwise IPv4-preferred. 1749.Pp 1750The default value of 1751.Va ip6addrctl_enable 1752and 1753.Va ip6addrctl_policy 1754are 1755.Dq Li YES 1756and 1757.Dq Li AUTO , 1758respectively. 1759.It Va cloned_interfaces 1760.Pq Vt str 1761Set to the list of clonable network interfaces to create on this host. 1762Further cloning arguments may be passed to the 1763.Xr ifconfig 8 1764.Cm create 1765command for each interface by setting the 1766.Va create_args_ Ns Aq Ar interface 1767variable. 1768If an interface name is specified with 1769.Dq :sticky 1770keyword, 1771the interface will not be destroyed even when 1772.Pa rc.d/netif 1773script is invoked with 1774.Dq stop 1775argument. 1776This is useful when reconfiguring the interface without destroying it. 1777Entries in 1778.Va cloned_interfaces 1779are automatically appended to 1780.Va network_interfaces 1781for configuration. 1782.It Va cloned_interfaces_sticky 1783.Pq Vt bool 1784This variable is to globally enable functionality of 1785.Dq :sticky 1786keyword in 1787.Va cloned_interfaces 1788for all interfaces. 1789The default value is 1790.Dq NO . 1791Even if this variable is specified to 1792.Dq YES , 1793.Dq :nosticky 1794keyword can be used to override it on per interface basis. 1795.It Va gif_interfaces 1796.Pq Vt str 1797This variable is deprecated in favor of 1798.Va cloned_interfaces . 1799Set to the list of 1800.Xr gif 4 1801tunnel interfaces to configure on this host. 1802A 1803.Va gifconfig_ Ns Aq Ar interface 1804variable is assumed to exist for each value of 1805.Ar interface . 1806The value of this variable is used to configure the link layer of the 1807tunnel according to the syntax of the 1808.Cm tunnel 1809option to 1810.Xr ifconfig 8 . 1811Additionally, this option ensures that each listed interface is created 1812via the 1813.Cm create 1814option to 1815.Xr ifconfig 8 1816before attempting to configure it. 1817.It Va sppp_interfaces 1818.Pq Vt str 1819Set to the list of 1820.Xr sppp 4 1821interfaces to configure on this host. 1822A 1823.Va spppconfig_ Ns Aq Ar interface 1824variable is assumed to exist for each value of 1825.Ar interface . 1826Each interface should also be configured by a general 1827.Va ifconfig_ Ns Aq Ar interface 1828setting. 1829Refer to 1830.Xr spppcontrol 8 1831for more information about available options. 1832.It Va ppp_enable 1833.Pq Vt bool 1834If set to 1835.Dq Li YES , 1836run the 1837.Xr ppp 8 1838daemon. 1839.It Va ppp_profile 1840.Pq Vt str 1841The name of the profile to use from 1842.Pa /etc/ppp/ppp.conf . 1843Also used for per-profile overrides of 1844.Va ppp_mode 1845and 1846.Va ppp_nat , 1847and 1848.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1849When the profile name contains any of the characters 1850.Dq Li .-/+ 1851they are translated to 1852.Dq Li _ 1853for the proposes of the override variable names. 1854.It Va ppp_mode 1855.Pq Vt str 1856Mode in which to run the 1857.Xr ppp 8 1858daemon. 1859.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1860.Pq Vt str 1861Overrides the global 1862.Va ppp_mode 1863for 1864.Ar profile . 1865Accepted modes are 1866.Dq Li auto , 1867.Dq Li ddial , 1868.Dq Li direct 1869and 1870.Dq Li dedicated . 1871See the manual for a full description. 1872.It Va ppp_nat 1873.Pq Vt bool 1874If set to 1875.Dq Li YES , 1876enables network address translation. 1877Used in conjunction with 1878.Va gateway_enable 1879allows hosts on private network addresses access to the Internet using 1880this host as a network address translating router. 1881.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1882.Pq Vt str 1883Overrides the global 1884.Va ppp_nat 1885for 1886.Ar profile . 1887.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1888.Pq Vt int 1889Set the unit number to be used for this profile. 1890See the manual description of 1891.Fl unit Ns Ar N 1892for details. 1893.It Va ppp_user 1894.Pq Vt str 1895The name of the user under which 1896.Xr ppp 8 1897should be started. 1898By 1899default, 1900.Xr ppp 8 1901is started as 1902.Dq Li root . 1903.It Va rc_conf_files 1904.Pq Vt str 1905This option is used to specify a list of files that will override 1906the settings in 1907.Pa /etc/defaults/rc.conf . 1908The files will be read in the order in which they are specified and should 1909include the full path to the file. 1910By default, the files specified are 1911.Pa /etc/rc.conf 1912and 1913.Pa /etc/rc.conf.local 1914.It Va zfs_enable 1915.Pq Vt bool 1916If set to 1917.Dq Li YES , 1918.Pa /etc/rc.d/zfs 1919will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1920(ZVOLs). 1921.It Va gptboot_enable 1922.Pq Vt bool 1923If set to 1924.Dq Li YES , 1925.Pa /etc/rc.d/gptboot 1926will log if the system successfully (or not) booted from a GPT partition, 1927which had the 1928.Ar bootonce 1929attribute set using 1930.Xr gpart 8 1931utility. 1932.It Va gbde_autoattach_all 1933.Pq Vt bool 1934If set to 1935.Dq Li YES , 1936.Pa /etc/rc.d/gbde 1937will attempt to automatically initialize your .bde devices in 1938.Pa /etc/fstab . 1939.It Va gbde_devices 1940.Pq Vt str 1941List the devices that the script should try to attach, 1942or 1943.Dq Li AUTO . 1944.It Va gbde_lockdir 1945.Pq Vt str 1946The directory where the 1947.Xr gbde 4 1948lockfiles are located. 1949The default lockfile directory is 1950.Pa /etc . 1951.Pp 1952The lockfile for each individual 1953.Xr gbde 4 1954device can be overridden by setting the variable 1955.Va gbde_lock_ Ns Aq Ar device , 1956where 1957.Ar device 1958is the encrypted device without the 1959.Dq Pa /dev/ 1960and 1961.Dq Pa .bde 1962parts. 1963.It Va gbde_attach_attempts 1964.Pq Vt int 1965Number of times to attempt attaching to a 1966.Xr gbde 4 1967device, i.e., how many times the user is asked for the pass-phrase. 1968Default is 3. 1969.It Va geli_devices 1970.Pq Vt str 1971List of devices to automatically attach on boot. 1972Note that .eli devices from 1973.Pa /etc/fstab 1974are automatically appended to this list. 1975.It Va geli_tries 1976.Pq Vt int 1977Number of times user is asked for the pass-phrase. 1978If empty, it will be taken from 1979.Va kern.geom.eli.tries 1980sysctl variable. 1981.It Va geli_default_flags 1982.Pq Vt str 1983Default flags to use by 1984.Xr geli 8 1985when configuring disk encryption. 1986Flags can be configured for every device separately by defining 1987.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1988variable. 1989.It Va geli_autodetach 1990.Pq Vt str 1991Specifies if GELI devices should be marked for detach on last close after 1992file systems are mounted. 1993Default is 1994.Dq Li YES . 1995This can be changed for every device separately by defining 1996.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1997variable. 1998.It Va root_rw_mount 1999.Pq Vt bool 2000Set to 2001.Dq Li YES 2002by default. 2003After the file systems are checked at boot time, the root file system 2004is remounted as read-write if this is set to 2005.Dq Li YES . 2006Diskless systems that mount their root file system from a read-only remote 2007NFS share should set this to 2008.Dq Li NO 2009in their 2010.Pa rc.conf . 2011.It Va fsck_y_enable 2012.Pq Vt bool 2013If set to 2014.Dq Li YES , 2015.Xr fsck 8 2016will be run with the 2017.Fl y 2018flag if the initial preen 2019of the file systems fails. 2020.It Va background_fsck 2021.Pq Vt bool 2022If set to 2023.Dq Li YES , 2024the system will attempt to run 2025.Xr fsck 8 2026in the background where possible. 2027.It Va background_fsck_delay 2028.Pq Vt int 2029The amount of time in seconds to sleep before starting a background 2030.Xr fsck 8 . 2031It defaults to sixty seconds to allow large applications such as 2032the X server to start before disk I/O bandwidth is monopolized by 2033.Xr fsck 8 . 2034If set to a negative number, the background file system check will be 2035delayed indefinitely to allow the administrator to run it at a more 2036convenient time. 2037For example it may be run from 2038.Xr cron 8 2039by adding a line like 2040.Pp 2041.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2042.Pp 2043to 2044.Pa /etc/crontab . 2045.It Va netfs_types 2046.Pq Vt str 2047List of file system types that are network-based. 2048This list should generally not be modified by end users. 2049Use 2050.Va extra_netfs_types 2051instead. 2052.It Va extra_netfs_types 2053.Pq Vt str 2054If set to something other than 2055.Dq Li NO 2056(the default), 2057this variable extends the list of file system types 2058for which automatic mounting at startup by 2059.Xr rc 8 2060should be delayed until the network is initialized. 2061It should contain 2062a whitespace-separated list of network file system descriptor pairs, 2063each consisting of a file system type as passed to 2064.Xr mount 8 2065and a human-readable, one-word description, 2066joined with a colon 2067.Pq Ql \&: . 2068Extending the default list in this way is only necessary 2069when third party file system types are used. 2070.It Va syslogd_enable 2071.Pq Vt bool 2072If set to 2073.Dq Li YES , 2074run the 2075.Xr syslogd 8 2076daemon. 2077.It Va syslogd_program 2078.Pq Vt str 2079Path to 2080.Xr syslogd 8 2081(default 2082.Pa /usr/sbin/syslogd ) . 2083.It Va syslogd_flags 2084.Pq Vt str 2085If 2086.Va syslogd_enable 2087is set to 2088.Dq Li YES , 2089these are the flags to pass to 2090.Xr syslogd 8 . 2091.It Va inetd_enable 2092.Pq Vt bool 2093If set to 2094.Dq Li YES , 2095run the 2096.Xr inetd 8 2097daemon. 2098.It Va inetd_program 2099.Pq Vt str 2100Path to 2101.Xr inetd 8 2102(default 2103.Pa /usr/sbin/inetd ) . 2104.It Va inetd_flags 2105.Pq Vt str 2106If 2107.Va inetd_enable 2108is set to 2109.Dq Li YES , 2110these are the flags to pass to 2111.Xr inetd 8 . 2112.It Va hastd_enable 2113.Pq Vt bool 2114If set to 2115.Dq Li YES , 2116run the 2117.Xr hastd 8 2118daemon. 2119.It Va hastd_program 2120.Pq Vt str 2121Path to 2122.Xr hastd 8 2123(default 2124.Pa /sbin/hastd ) . 2125.It Va hastd_flags 2126.Pq Vt str 2127If 2128.Va hastd_enable 2129is set to 2130.Dq Li YES , 2131these are the flags to pass to 2132.Xr hastd 8 . 2133.It Va local_unbound_enable 2134.Pq Vt bool 2135If set to 2136.Dq Li YES , 2137run the 2138.Xr unbound 8 2139daemon as a local caching resolver. 2140.It Va kdc_enable 2141.Pq Vt bool 2142Set to 2143.Dq Li YES 2144to start a Kerberos 5 authentication server 2145at boot time. 2146.It Va kdc_program 2147.Pq Vt str 2148If 2149.Va kdc_enable 2150is set to 2151.Dq Li YES 2152this is the path to Kerberos 5 Authentication Server. 2153.It Va kdc_flags 2154.Pq Vt str 2155Empty by default. 2156This variable contains additional flags to be passed to the Kerberos 5 2157authentication server. 2158.It Va kadmind_enable 2159.Pq Vt bool 2160Set to 2161.Dq Li YES 2162to start 2163.Xr kadmind 8 , 2164the Kerberos 5 Administration Daemon; set to 2165.Dq Li NO 2166on a slave server. 2167.It Va kadmind_program 2168.Pq Vt str 2169If 2170.Va kadmind_enable 2171is set to 2172.Dq Li YES 2173this is the path to Kerberos 5 Administration Daemon. 2174.It Va kpasswdd_enable 2175.Pq Vt bool 2176Set to 2177.Dq Li YES 2178to start 2179.Xr kpasswdd 8 , 2180the Kerberos 5 Password-Changing Daemon; set to 2181.Dq Li NO 2182on a slave server. 2183.It Va kpasswdd_program 2184.Pq Vt str 2185If 2186.Va kpasswdd_enable 2187is set to 2188.Dq Li YES 2189this is the path to Kerberos 5 Password-Changing Daemon. 2190.It Va kfd_enable 2191.Pq Vt bool 2192Set to 2193.Dq Li YES 2194to start 2195.Xr kfd 8 , 2196the Kerberos 5 ticket forwarding daemon, at the boot time. 2197.It Va kfd_program 2198.Pq Vt str 2199Path to 2200.Xr kfd 8 2201(default 2202.Pa /usr/libexec/kfd ) . 2203.It Va rwhod_enable 2204.Pq Vt bool 2205If set to 2206.Dq Li YES , 2207run the 2208.Xr rwhod 8 2209daemon at boot time. 2210.It Va rwhod_flags 2211.Pq Vt str 2212If 2213.Va rwhod_enable 2214is set to 2215.Dq Li YES , 2216these are the flags to pass to it. 2217.It Va amd_enable 2218.Pq Vt bool 2219If set to 2220.Dq Li YES , 2221run the 2222.Xr amd 8 2223daemon at boot time. 2224.It Va amd_flags 2225.Pq Vt str 2226If 2227.Va amd_enable 2228is set to 2229.Dq Li YES , 2230these are the flags to pass to it. 2231See the 2232.Xr amd 8 2233manpage for more information. 2234.It Va amd_map_program 2235.Pq Vt str 2236If set, 2237the specified program is run to get the list of 2238.Xr amd 8 2239maps. 2240For example, if the 2241.Xr amd 8 2242maps are stored in NIS, one can set this to 2243run 2244.Xr ypcat 1 2245to get a list of 2246.Xr amd 8 2247maps from the 2248.Pa amd.master 2249NIS map. 2250.It Va update_motd 2251.Pq Vt bool 2252If set to 2253.Dq Li YES , 2254.Pa /etc/motd 2255will be updated at boot time to reflect the kernel release 2256being run. 2257If set to 2258.Dq Li NO , 2259.Pa /etc/motd 2260will not be updated. 2261.It Va nfs_client_enable 2262.Pq Vt bool 2263If set to 2264.Dq Li YES , 2265run the NFS client daemons at boot time. 2266.It Va nfs_access_cache 2267.Pq Vt int 2268If 2269.Va nfs_client_enable 2270is set to 2271.Dq Li YES , 2272this can be set to 2273.Dq Li 0 2274to disable NFS ACCESS RPC caching, or to the number of seconds for which 2275NFS ACCESS 2276results should be cached. 2277A value of 2-10 seconds will substantially reduce network 2278traffic for many NFS operations. 2279.It Va nfs_server_enable 2280.Pq Vt bool 2281If set to 2282.Dq Li YES , 2283run the NFS server daemons at boot time. 2284.It Va nfs_server_flags 2285.Pq Vt str 2286If 2287.Va nfs_server_enable 2288is set to 2289.Dq Li YES , 2290these are the flags to pass to the 2291.Xr nfsd 8 2292daemon. 2293.It Va nfsv4_server_enable 2294.Pq Vt bool 2295If 2296.Va nfs_server_enable 2297is set to 2298.Dq Li YES 2299and 2300.Va nfsv4_server_enable 2301are set to 2302.Dq Li YES , 2303enable the server for NFSv4 as well as NFSv2 and NFSv3. 2304.It Va nfsuserd_enable 2305.Pq Vt bool 2306If 2307.Va nfsuserd_enable 2308is set to 2309.Dq Li YES , 2310run the nfsuserd daemon, which is needed for NFSv4 in order 2311to map between user/group names vs uid/gid numbers. 2312If 2313.Va nfsv4_server_enable 2314is set to 2315.Dq Li YES , 2316this will be forced enabled. 2317.It Va nfsuserd_flags 2318.Pq Vt str 2319If 2320.Va nfsuserd_enable 2321is set to 2322.Dq Li YES , 2323these are the flags to pass to the 2324.Xr nfsuserd 8 2325daemon. 2326.It Va nfscbd_enable 2327.Pq Vt bool 2328If 2329.Va nfscbd_enable 2330is set to 2331.Dq Li YES , 2332run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2333.It Va nfscbd_flags 2334.Pq Vt str 2335If 2336.Va nfscbd_enable 2337is set to 2338.Dq Li YES , 2339these are the flags to pass to the 2340.Xr nfscbd 8 2341daemon. 2342.It Va mountd_enable 2343.Pq Vt bool 2344If set to 2345.Dq Li YES , 2346and no 2347.Va nfs_server_enable 2348is set, start 2349.Xr mountd 8 , 2350but not 2351.Xr nfsd 8 2352daemon. 2353It is commonly needed to run CFS without real NFS used. 2354.It Va mountd_flags 2355.Pq Vt str 2356If 2357.Va mountd_enable 2358is set to 2359.Dq Li YES , 2360these are the flags to pass to the 2361.Xr mountd 8 2362daemon. 2363.It Va weak_mountd_authentication 2364.Pq Vt bool 2365If set to 2366.Dq Li YES , 2367allow services like PCNFSD to make non-privileged mount 2368requests. 2369.It Va nfs_reserved_port_only 2370.Pq Vt bool 2371If set to 2372.Dq Li YES , 2373provide NFS services only on a secure port. 2374.It Va nfs_bufpackets 2375.Pq Vt int 2376If set to a number, indicates the number of packets worth of 2377socket buffer space to reserve on an NFS client. 2378The kernel default is typically 4. 2379Using a higher number may be 2380useful on gigabit networks to improve performance. 2381The minimum value is 23822 and the maximum is 64. 2383.It Va rpc_lockd_enable 2384.Pq Vt bool 2385If set to 2386.Dq Li YES 2387and also an NFS server or client, run 2388.Xr rpc.lockd 8 2389at boot time. 2390.It Va rpc_lockd_flags 2391.Pq Vt str 2392If 2393.Va rpc_lockd_enable 2394is set to 2395.Dq Li YES , 2396these are the flags to pass to the 2397.Xr rpc.lockd 8 2398daemon. 2399.It Va rpc_statd_enable 2400.Pq Vt bool 2401If set to 2402.Dq Li YES 2403and also an NFS server or client, run 2404.Xr rpc.statd 8 2405at boot time. 2406.It Va rpc_statd_flags 2407.Pq Vt str 2408If 2409.Va rpc_statd_enable 2410is set to 2411.Dq Li YES , 2412these are the flags to pass to the 2413.Xr rpc.statd 8 2414daemon. 2415.It Va rpcbind_program 2416.Pq Vt str 2417Path to 2418.Xr rpcbind 8 2419(default 2420.Pa /usr/sbin/rpcbind ) . 2421.It Va rpcbind_enable 2422.Pq Vt bool 2423If set to 2424.Dq Li YES , 2425run the 2426.Xr rpcbind 8 2427service at boot time. 2428.It Va rpcbind_flags 2429.Pq Vt str 2430If 2431.Va rpcbind_enable 2432is set to 2433.Dq Li YES , 2434these are the flags to pass to the 2435.Xr rpcbind 8 2436daemon. 2437.It Va keyserv_enable 2438.Pq Vt bool 2439If set to 2440.Dq Li YES , 2441run the 2442.Xr keyserv 8 2443daemon on boot for running Secure RPC. 2444.It Va keyserv_flags 2445.Pq Vt str 2446If 2447.Va keyserv_enable 2448is set to 2449.Dq Li YES , 2450these are the flags to pass to 2451.Xr keyserv 8 2452daemon. 2453.It Va pppoed_enable 2454.Pq Vt bool 2455If set to 2456.Dq Li YES , 2457run the 2458.Xr pppoed 8 2459daemon at boot time to provide PPP over Ethernet services. 2460.It Va pppoed_ Ns Aq Ar provider 2461.Pq Vt str 2462.Xr pppoed 8 2463listens to requests to this 2464.Ar provider 2465and ultimately runs 2466.Xr ppp 8 2467with a 2468.Ar system 2469argument of the same name. 2470.It Va pppoed_flags 2471.Pq Vt str 2472Additional flags to pass to 2473.Xr pppoed 8 . 2474.It Va pppoed_interface 2475.Pq Vt str 2476The network interface to run 2477.Xr pppoed 8 2478on. 2479This is mandatory when 2480.Va pppoed_enable 2481is set to 2482.Dq Li YES . 2483.It Va timed_enable 2484.Pq Vt bool 2485If set to 2486.Dq Li YES , 2487run the 2488.Xr timed 8 2489service at boot time. 2490This command is intended for networks of 2491machines where a consistent 2492.Dq "network time" 2493for all hosts must be established. 2494This is often useful in large NFS 2495environments where time stamps on files are expected to be consistent 2496network-wide. 2497.It Va timed_flags 2498.Pq Vt str 2499If 2500.Va timed_enable 2501is set to 2502.Dq Li YES , 2503these are the flags to pass to the 2504.Xr timed 8 2505service. 2506.It Va ntpdate_enable 2507.Pq Vt bool 2508If set to 2509.Dq Li YES , 2510run 2511.Xr ntpdate 8 2512at system startup. 2513This command is intended to 2514synchronize the system clock only 2515.Em once 2516from some standard reference. 2517.It Va ntpdate_config 2518.Pq Vt str 2519Configuration file for 2520.Xr ntpdate 8 . 2521Default 2522.Pa /etc/ntp.conf . 2523.It Va ntpdate_hosts 2524.Pq Vt str 2525A whitespace-separated list of NTP servers to synchronize with at startup. 2526The default is to use the servers listed in 2527.Va ntpdate_config , 2528if that file exists. 2529.It Va ntpdate_program 2530.Pq Vt str 2531Path to 2532.Xr ntpdate 8 2533(default 2534.Pa /usr/sbin/ntpdate ) . 2535.It Va ntpdate_flags 2536.Pq Vt str 2537If 2538.Va ntpdate_enable 2539is set to 2540.Dq Li YES , 2541these are the flags to pass to the 2542.Xr ntpdate 8 2543command (typically a hostname). 2544.It Va ntpd_enable 2545.Pq Vt bool 2546If set to 2547.Dq Li YES , 2548run the 2549.Xr ntpd 8 2550command at boot time. 2551.It Va ntpd_program 2552.Pq Vt str 2553Path to 2554.Xr ntpd 8 2555(default 2556.Pa /usr/sbin/ntpd ) . 2557.It Va ntpd_config 2558.Pq Vt str 2559Path to 2560.Xr ntpd 8 2561configuration file. 2562Default 2563.Pa /etc/ntp.conf . 2564.It Va ntpd_flags 2565.Pq Vt str 2566If 2567.Va ntpd_enable 2568is set to 2569.Dq Li YES , 2570these are the flags to pass to the 2571.Xr ntpd 8 2572daemon. 2573.It Va ntpd_sync_on_start 2574.Pq Vt bool 2575If set to 2576.Dq Li YES , 2577.Xr ntpd 8 2578is run with the 2579.Fl g 2580flag, which syncs the system's clock on startup. 2581See 2582.Xr ntpd 8 2583for more information regarding the 2584.Fl g 2585option. 2586This is a preferred alternative to using 2587.Xr ntpdate 8 2588or specifying the 2589.Va ntpdate_enable 2590variable. 2591.It Va nis_client_enable 2592.Pq Vt bool 2593If set to 2594.Dq Li YES , 2595run the 2596.Xr ypbind 8 2597service at system boot time. 2598.It Va nis_client_flags 2599.Pq Vt str 2600If 2601.Va nis_client_enable 2602is set to 2603.Dq Li YES , 2604these are the flags to pass to the 2605.Xr ypbind 8 2606service. 2607.It Va nis_ypldap_enable 2608.Pq Vt bool 2609If set to 2610.Dq Li YES , 2611run the 2612.Xr ypldap 8 2613daemon at system boot time. 2614.It Va nis_ypldap_flags 2615.Pq Vt str 2616If 2617.Va nis.ypldap_enable 2618is set to 2619.Dq Li YES , 2620these are the flags to pass to the 2621.Xr ypldap 8 2622daemon. 2623.It Va nis_ypset_enable 2624.Pq Vt bool 2625If set to 2626.Dq Li YES , 2627run the 2628.Xr ypset 8 2629daemon at system boot time. 2630.It Va nis_ypset_flags 2631.Pq Vt str 2632If 2633.Va nis_ypset_enable 2634is set to 2635.Dq Li YES , 2636these are the flags to pass to the 2637.Xr ypset 8 2638daemon. 2639.It Va nis_server_enable 2640.Pq Vt bool 2641If set to 2642.Dq Li YES , 2643run the 2644.Xr ypserv 8 2645daemon at system boot time. 2646.It Va nis_server_flags 2647.Pq Vt str 2648If 2649.Va nis_server_enable 2650is set to 2651.Dq Li YES , 2652these are the flags to pass to the 2653.Xr ypserv 8 2654daemon. 2655.It Va nis_ypxfrd_enable 2656.Pq Vt bool 2657If set to 2658.Dq Li YES , 2659run the 2660.Xr rpc.ypxfrd 8 2661daemon at system boot time. 2662.It Va nis_ypxfrd_flags 2663.Pq Vt str 2664If 2665.Va nis_ypxfrd_enable 2666is set to 2667.Dq Li YES , 2668these are the flags to pass to the 2669.Xr rpc.ypxfrd 8 2670daemon. 2671.It Va nis_yppasswdd_enable 2672.Pq Vt bool 2673If set to 2674.Dq Li YES , 2675run the 2676.Xr rpc.yppasswdd 8 2677daemon at system boot time. 2678.It Va nis_yppasswdd_flags 2679.Pq Vt str 2680If 2681.Va nis_yppasswdd_enable 2682is set to 2683.Dq Li YES , 2684these are the flags to pass to the 2685.Xr rpc.yppasswdd 8 2686daemon. 2687.It Va rpc_ypupdated_enable 2688.Pq Vt bool 2689If set to 2690.Dq Li YES , 2691run the 2692.Nm rpc.ypupdated 2693daemon at system boot time. 2694.It Va bsnmpd_enable 2695.Pq Vt bool 2696If set to 2697.Dq Li YES , 2698run the 2699.Xr bsnmpd 1 2700daemon at system boot time. 2701Be sure to understand the security implications of running SNMP daemon 2702on your host. 2703.It Va bsnmpd_flags 2704.Pq Vt str 2705If 2706.Va bsnmpd_enable 2707is set to 2708.Dq Li YES , 2709these are the flags to pass to the 2710.Xr bsnmpd 1 2711daemon. 2712.It Va defaultrouter 2713.Pq Vt str 2714If not set to 2715.Dq Li NO , 2716create a default route to this host name or IP address 2717(use an IP address if this router is also required to get to the 2718name server!). 2719.It Va ipv6_defaultrouter 2720.Pq Vt str 2721The IPv6 equivalent of 2722.Va defaultrouter . 2723.It Va static_arp_pairs 2724.Pq Vt str 2725Set to the list of static ARP pairs that are to be added at system 2726boot time. 2727For each whitespace separated 2728.Ar element 2729in the value, a 2730.Va static_arp_ Ns Aq Ar element 2731variable is assumed to exist whose contents will later be passed to a 2732.Dq Nm arp Cm -S 2733operation. 2734For example 2735.Bd -literal 2736static_arp_pairs="gw" 2737static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2738.Ed 2739.It Va static_ndp_pairs 2740.Pq Vt str 2741Set to the list of static NDP pairs that are to be added at system 2742boot time. 2743For each whitespace separated 2744.Ar element 2745in the value, a 2746.Va static_ndp_ Ns Aq Ar element 2747variable is assumed to exist whose contents will later be passed to a 2748.Dq Nm ndp Cm -s 2749operation. 2750For example 2751.Bd -literal 2752static_ndp_pairs="gw" 2753static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2754.Ed 2755.It Va static_routes 2756.Pq Vt str 2757Set to the list of static routes that are to be added at system 2758boot time. 2759If not set to 2760.Dq Li NO 2761then for each whitespace separated 2762.Ar element 2763in the value, a 2764.Va route_ Ns Aq Ar element 2765variable is assumed to exist 2766whose contents will later be passed to a 2767.Dq Nm route Cm add 2768operation. 2769For example: 2770.Bd -literal 2771static_routes="ext mcast:gif0 gif0local:gif0" 2772route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2773route_mcast="-net 224.0.0.0/4 -iface gif0" 2774route_gif0local="-host 169.254.1.1 -iface lo0" 2775.Ed 2776.Pp 2777When an 2778.Ar element 2779is in the form of 2780.Li name:ifname , 2781the route is specific to the interface 2782.Li ifname . 2783.It Va ipv6_static_routes 2784.Pq Vt str 2785The IPv6 equivalent of 2786.Va static_routes . 2787If not set to 2788.Dq Li NO 2789then for each whitespace separated 2790.Ar element 2791in the value, a 2792.Va ipv6_route_ Ns Aq Ar element 2793variable is assumed to exist 2794whose contents will later be passed to a 2795.Dq Nm route Cm add Fl inet6 2796operation. 2797.It Va gateway_enable 2798.Pq Vt bool 2799If set to 2800.Dq Li YES , 2801configure host to act as an IP router, e.g.\& to forward packets 2802between interfaces. 2803.It Va ipv6_gateway_enable 2804.Pq Vt bool 2805The IPv6 equivalent of 2806.Va gateway_enable . 2807.It Va routed_enable 2808.Pq Vt bool 2809If set to 2810.Dq Li YES , 2811run a routing daemon of some sort, based on the 2812settings of 2813.Va routed_program 2814and 2815.Va routed_flags . 2816.It Va route6d_enable 2817.Pq Vt bool 2818The IPv6 equivalent of 2819.Va routed_enable . 2820If set to 2821.Dq Li YES , 2822run a routing daemon of some sort, based on the 2823settings of 2824.Va route6d_program 2825and 2826.Va route6d_flags . 2827.It Va routed_program 2828.Pq Vt str 2829If 2830.Va routed_enable 2831is set to 2832.Dq Li YES , 2833this is the name of the routing daemon to use. 2834.It Va route6d_program 2835.Pq Vt str 2836The IPv6 equivalent of 2837.Va routed_program . 2838.It Va routed_flags 2839.Pq Vt str 2840If 2841.Va routed_enable 2842is set to 2843.Dq Li YES , 2844these are the flags to pass to the routing daemon. 2845.It Va route6d_flags 2846.Pq Vt str 2847The IPv6 equivalent of 2848.Va routed_flags . 2849.It Va rtadvd_enable 2850.Pq Vt bool 2851If set to 2852.Dq Li YES , 2853run the 2854.Xr rtadvd 8 2855daemon at boot time. 2856The 2857.Xr rtadvd 8 2858utility sends ICMPv6 Router Advertisement messages to 2859the interfaces specified in 2860.Va rtadvd_interfaces . 2861This should only be enabled with great care. 2862You may want to fine-tune 2863.Xr rtadvd.conf 5 . 2864.It Va rtadvd_interfaces 2865.Pq Vt str 2866If 2867.Va rtadvd_enable 2868is set to 2869.Dq Li YES 2870this is the list of interfaces to use. 2871.It Va arpproxy_all 2872.Pq Vt bool 2873If set to 2874.Dq Li YES , 2875enable global proxy ARP. 2876.It Va forward_sourceroute 2877.Pq Vt bool 2878If set to 2879.Dq Li YES 2880and 2881.Va gateway_enable 2882is also set to 2883.Dq Li YES , 2884source-routed packets are forwarded. 2885.It Va accept_sourceroute 2886.Pq Vt bool 2887If set to 2888.Dq Li YES , 2889the system will accept source-routed packets directed at it. 2890.It Va rarpd_enable 2891.Pq Vt bool 2892If set to 2893.Dq Li YES , 2894run the 2895.Xr rarpd 8 2896daemon at system boot time. 2897.It Va rarpd_flags 2898.Pq Vt str 2899If 2900.Va rarpd_enable 2901is set to 2902.Dq Li YES , 2903these are the flags to pass to the 2904.Xr rarpd 8 2905daemon. 2906.It Va bootparamd_enable 2907.Pq Vt bool 2908If set to 2909.Dq Li YES , 2910run the 2911.Xr bootparamd 8 2912daemon at system boot time. 2913.It Va bootparamd_flags 2914.Pq Vt str 2915If 2916.Va bootparamd_enable 2917is set to 2918.Dq Li YES , 2919these are the flags to pass to the 2920.Xr bootparamd 8 2921daemon. 2922.It Va stf_interface_ipv4addr 2923.Pq Vt str 2924If not set to 2925.Dq Li NO , 2926this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2927interface). 2928Specify this entry to enable the 6to4 interface. 2929.It Va stf_interface_ipv4plen 2930.Pq Vt int 2931Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2932An effective value is 0-31. 2933.It Va stf_interface_ipv6_ifid 2934.Pq Vt str 2935IPv6 interface ID for 2936.Xr stf 4 . 2937This can be set to 2938.Dq Li AUTO . 2939.It Va stf_interface_ipv6_slaid 2940.Pq Vt str 2941IPv6 Site Level Aggregator for 2942.Xr stf 4 . 2943.It Va ipv6_ipv4mapping 2944.Pq Vt bool 2945If set to 2946.Dq Li YES 2947this enables IPv4 mapped IPv6 address communication (like 2948.Li ::ffff:a.b.c.d ) . 2949.It Va rtsold_enable 2950.Pq Vt bool 2951Set to 2952.Dq Li YES 2953to enable the 2954.Xr rtsold 8 2955daemon to send ICMPv6 Router Solicitation messages. 2956.It Va rtsold_flags 2957.Pq Vt str 2958If 2959.Va rtsold_enable 2960is set to 2961.Dq Li YES , 2962these are the flags to pass to 2963.Xr rtsold 8 . 2964.It Va rtsol_flags 2965.Pq Vt str 2966For interfaces configured with the 2967.Dq Li inet6 accept_rtadv 2968keyword, these are the flags to pass to 2969.Xr rtsol 8 . 2970.Pp 2971Note that 2972.Va rtsold_enable 2973is mutually exclusive to 2974.Va rtsol_flags ; 2975.Va rtsold_enable 2976takes precedence. 2977.It Va keybell 2978.Pq Vt str 2979The keyboard bell sound. 2980Set to 2981.Dq Li normal , 2982.Dq Li visual , 2983.Dq Li off , 2984or 2985.Dq Li NO 2986if the default behavior is desired. 2987For details, refer to the 2988.Xr kbdcontrol 1 2989manpage. 2990.It Va keyboard 2991.Pq Vt str 2992If set to a non-null string, the virtual console's keyboard input is 2993set to this device. 2994.It Va keymap 2995.Pq Vt str 2996If set to 2997.Dq Li NO , 2998no keymap is installed, otherwise the value is used to install 2999the keymap file found in 3000.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3001(if using 3002.Xr syscons 4 ) or 3003.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3004(if using 3005.Xr vt 4 ) . 3006.It Va keyrate 3007.Pq Vt str 3008The keyboard repeat speed. 3009Set to 3010.Dq Li slow , 3011.Dq Li normal , 3012.Dq Li fast , 3013or 3014.Dq Li NO 3015if the default behavior is desired. 3016.It Va keychange 3017.Pq Vt str 3018If not set to 3019.Dq Li NO , 3020attempt to program the function keys with the value. 3021The value should 3022be a single string of the form: 3023.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3024.It Va cursor 3025.Pq Vt str 3026Can be set to the value of 3027.Dq Li normal , 3028.Dq Li blink , 3029.Dq Li destructive , 3030or 3031.Dq Li NO 3032to set the cursor behavior explicitly or choose the default behavior. 3033.It Va scrnmap 3034.Pq Vt str 3035If set to 3036.Dq Li NO , 3037no screen map is installed, otherwise the value is used to install 3038the screen map file in 3039.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3040This parameter is ignored when using 3041.Xr vt 4 3042as the console driver. 3043.It Va font8x16 3044.Pq Vt str 3045If set to 3046.Dq Li NO , 3047the default 8x16 font value is used for screen size requests, otherwise 3048the value in 3049.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3050or 3051.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3052is used (depending on the console driver being used). 3053.It Va font8x14 3054.Pq Vt str 3055If set to 3056.Dq Li NO , 3057the default 8x14 font value is used for screen size requests, otherwise 3058the value in 3059.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3060or 3061.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3062is used (depending on the console driver being used). 3063.It Va font8x8 3064.Pq Vt str 3065If set to 3066.Dq Li NO , 3067the default 8x8 font value is used for screen size requests, otherwise 3068the value in 3069.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3070or 3071.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3072is used (depending on the console driver being used). 3073.It Va blanktime 3074.Pq Vt int 3075If set to 3076.Dq Li NO , 3077the default screen blanking interval is used, otherwise it is set 3078to 3079.Ar value 3080seconds. 3081.It Va saver 3082.Pq Vt str 3083If not set to 3084.Dq Li NO , 3085this is the actual screen saver to use 3086.Li ( blank , snake , daemon , 3087etc). 3088.It Va moused_nondefault_enable 3089.Pq Vt str 3090If set to 3091.Dq Li NO , 3092the mouse device specified on 3093the command line is not automatically treated as enabled by the 3094.Pa /etc/rc.d/moused 3095script. 3096Having this variable set to 3097.Dq Li YES 3098allows a 3099.Xr usb 4 3100mouse, 3101for example, 3102to be enabled as soon as it is plugged in. 3103.It Va moused_enable 3104.Pq Vt str 3105If set to 3106.Dq Li YES , 3107the 3108.Xr moused 8 3109daemon is started for doing cut/paste selection on the console. 3110.It Va moused_type 3111.Pq Vt str 3112This is the protocol type of the mouse connected to this host. 3113This variable must be set if 3114.Va moused_enable 3115is set to 3116.Dq Li YES . 3117The 3118.Xr moused 8 3119daemon 3120is able to detect the appropriate mouse type automatically in many cases. 3121Set this variable to 3122.Dq Li auto 3123to let the daemon detect it, or 3124select one from the following list if the automatic detection fails. 3125.Pp 3126If the mouse is attached to the PS/2 mouse port, choose 3127.Dq Li auto 3128or 3129.Dq Li ps/2 , 3130regardless of the brand and model of the mouse. 3131Likewise, if the 3132mouse is attached to the bus mouse port, choose 3133.Dq Li auto 3134or 3135.Dq Li busmouse . 3136All other protocols are for serial mice and will not work with 3137the PS/2 and bus mice. 3138If this is a USB mouse, 3139.Dq Li auto 3140is the only protocol type which will work. 3141.Pp 3142.Bl -tag -width ".Li x10mouseremote" -compact 3143.It Li microsoft 3144Microsoft mouse (serial) 3145.It Li intellimouse 3146Microsoft IntelliMouse (serial) 3147.It Li mousesystems 3148Mouse systems Corp.\& mouse (serial) 3149.It Li mmseries 3150MM Series mouse (serial) 3151.It Li logitech 3152Logitech mouse (serial) 3153.It Li busmouse 3154A bus mouse 3155.It Li mouseman 3156Logitech MouseMan and TrackMan (serial) 3157.It Li glidepoint 3158ALPS GlidePoint (serial) 3159.It Li thinkingmouse 3160Kensington ThinkingMouse (serial) 3161.It Li ps/2 3162PS/2 mouse 3163.It Li mmhittab 3164MM HitTablet (serial) 3165.It Li x10mouseremote 3166X10 MouseRemote (serial) 3167.It Li versapad 3168Interlink VersaPad (serial) 3169.El 3170.Pp 3171Even if the mouse is not in the above list, it may be compatible 3172with one in the list. 3173Refer to the manual page for 3174.Xr moused 8 3175for compatibility information. 3176.Pp 3177It should also be noted that while this is enabled, any 3178other client of the mouse (such as an X server) should access 3179the mouse through the virtual mouse device, 3180.Pa /dev/sysmouse , 3181and configure it as a 3182.Dq Li sysmouse 3183type mouse, since all 3184mouse data is converted to this single canonical format when 3185using 3186.Xr moused 8 . 3187If the client program does not support the 3188.Dq Li sysmouse 3189type, 3190specify the 3191.Dq Li mousesystems 3192type. 3193It is the second preferred type. 3194.It Va moused_port 3195.Pq Vt str 3196If 3197.Va moused_enable 3198is set to 3199.Dq Li YES , 3200this is the actual port the mouse is on. 3201It might be 3202.Pa /dev/cuau0 3203for a COM1 serial mouse, 3204.Pa /dev/psm0 3205for a PS/2 mouse or 3206.Pa /dev/mse0 3207for a bus mouse, for example. 3208.It Va moused_flags 3209.Pq Vt str 3210If 3211.Va moused_flags 3212is set, its value is used as an additional set of flags to pass to the 3213.Xr moused 8 3214daemon. 3215.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3216When 3217.Va moused_nondefault_enable 3218is enabled, and a 3219.Xr moused 8 3220daemon is started for a non-default port, the 3221.Va "moused_" Ns Ar XXX Ns Va "_flags" 3222set of options has precedence over and replaces the default 3223.Va moused_flags 3224(where 3225.Ar XXX 3226is the name of the non-default port, i.e.,\& 3227.Ar ums0 ) . 3228By setting 3229.Va "moused_" Ns Ar XXX Ns Va "_flags" 3230it is possible to set up a different set of default flags for each 3231.Xr moused 8 3232instance. 3233For example, you can use 3234.Dq Li "-3" 3235for the default 3236.Va moused_flags 3237to make your laptop's touchpad more comfortable to use, 3238but an empty set of options for 3239.Va moused_ums0_flags 3240when your 3241.Xr usb 4 3242mouse has three or more buttons. 3243.It Va mousechar_start 3244.Pq Vt int 3245If set to 3246.Dq Li NO , 3247the default mouse cursor character range 3248.Li 0xd0 Ns - Ns Li 0xd3 3249is used, 3250otherwise the range start is set 3251to 3252.Ar value 3253character, see 3254.Xr vidcontrol 1 . 3255Use if the default range is occupied in the language code table. 3256.It Va allscreens_flags 3257.Pq Vt str 3258If set, 3259.Xr vidcontrol 1 3260is run with these options for each of the virtual terminals 3261.Pq Pa /dev/ttyv* . 3262For example, 3263.Dq Fl m Cm on 3264will enable the mouse pointer on all virtual terminals 3265if 3266.Va moused_enable 3267is set to 3268.Dq Li YES . 3269.It Va allscreens_kbdflags 3270.Pq Vt str 3271If set, 3272.Xr kbdcontrol 1 3273is run with these options for each of the virtual terminals 3274.Pq Pa /dev/ttyv* . 3275For example, 3276.Dq Fl h Li 200 3277will set the 3278.Xr syscons 4 3279or 3280.Xr vt 4 3281scrollback (history) buffer to 200 lines. 3282.It Va cron_enable 3283.Pq Vt bool 3284If set to 3285.Dq Li YES , 3286run the 3287.Xr cron 8 3288daemon at system boot time. 3289.It Va cron_program 3290.Pq Vt str 3291Path to 3292.Xr cron 8 3293(default 3294.Pa /usr/sbin/cron ) . 3295.It Va cron_flags 3296.Pq Vt str 3297If 3298.Va cron_enable 3299is set to 3300.Dq Li YES , 3301these are the flags to pass to 3302.Xr cron 8 . 3303.It Va cron_dst 3304.Pq Vt bool 3305If set to 3306.Dq Li YES , 3307enable the special handling of transitions to and from the 3308Daylight Saving Time in 3309.Xr cron 8 3310(equivalent to using the flag 3311.Fl s ) . 3312.It Va lpd_program 3313.Pq Vt str 3314Path to 3315.Xr lpd 8 3316(default 3317.Pa /usr/sbin/lpd ) . 3318.It Va lpd_enable 3319.Pq Vt bool 3320If set to 3321.Dq Li YES , 3322run the 3323.Xr lpd 8 3324daemon at system boot time. 3325.It Va lpd_flags 3326.Pq Vt str 3327If 3328.Va lpd_enable 3329is set to 3330.Dq Li YES , 3331these are the flags to pass to the 3332.Xr lpd 8 3333daemon. 3334.It Va chkprintcap_enable 3335.Pq Vt bool 3336If set to 3337.Dq Li YES , 3338run the 3339.Xr chkprintcap 8 3340command before starting the 3341.Xr lpd 8 3342daemon. 3343.It Va chkprintcap_flags 3344.Pq Vt str 3345If 3346.Va lpd_enable 3347and 3348.Va chkprintcap_enable 3349are set to 3350.Dq Li YES , 3351these are the flags to pass to the 3352.Xr chkprintcap 8 3353program. 3354The default is 3355.Dq Li -d , 3356which causes missing directories to be created. 3357.It Va mta_start_script 3358.Pq Vt str 3359This variable specifies the full path to the script to run to start 3360a mail transfer agent. 3361The default is 3362.Pa /etc/rc.sendmail . 3363The 3364.Va sendmail_* 3365variables which 3366.Pa /etc/rc.sendmail 3367uses are documented in the 3368.Xr rc.sendmail 8 3369manual page. 3370.It Va dumpdev 3371.Pq Vt str 3372Indicates the device (usually a swap partition) to which a crash dump 3373should be written in the event of a system crash. 3374If the value of this variable is 3375.Dq Li AUTO , 3376the first suitable swap device listed in 3377.Pa /etc/fstab 3378will be used as dump device. 3379Otherwise, the value of this variable is passed as the argument to 3380.Xr dumpon 8 . 3381To disable crash dumps, set this variable to 3382.Dq Li NO . 3383.It Va dumpon_flags 3384.Pq Vt str 3385Flags to pass to 3386.Xr dumpon 8 3387when configuring 3388.Va dumpdev 3389as the system dump device. 3390.It Va dumpdir 3391.Pq Vt str 3392When the system reboots after a crash and a crash dump is found on the 3393device specified by the 3394.Va dumpdev 3395variable, 3396.Xr savecore 8 3397will save that crash dump and a copy of the kernel to the directory 3398specified by the 3399.Va dumpdir 3400variable. 3401The default value is 3402.Pa /var/crash . 3403Set to 3404.Dq Li NO 3405to not run 3406.Xr savecore 8 3407at boot time when 3408.Va dumpdir 3409is set. 3410.It Va savecore_enable 3411.Pq Vt bool 3412If set to 3413.Dq Li NO , 3414disable automatic extraction of the crash dump from the 3415.Va dumpdev . 3416.It Va savecore_flags 3417.Pq Vt str 3418If crash dumps are enabled, these are the flags to pass to the 3419.Xr savecore 8 3420utility. 3421.It Va quota_enable 3422.Pq Vt bool 3423Set to 3424.Dq Li YES 3425to turn on user and group disk quotas on system startup via the 3426.Xr quotaon 8 3427command for all file systems marked as having quotas enabled in 3428.Pa /etc/fstab . 3429The kernel must be built with 3430.Cd "options QUOTA" 3431for disk quotas to function. 3432.It Va check_quotas 3433.Pq Vt bool 3434Set to 3435.Dq Li YES 3436to enable user and group disk quota checking via the 3437.Xr quotacheck 8 3438command. 3439.It Va quotacheck_flags 3440.Pq Vt str 3441If 3442.Va quota_enable 3443is set to 3444.Dq Li YES , 3445and 3446.Va check_quotas 3447is set to 3448.Dq Li YES , 3449these are the flags to pass to the 3450.Xr quotacheck 8 3451utility. 3452The default is 3453.Dq Li "-a" , 3454which checks quotas for all file systems with quotas enabled in 3455.Pa /etc/fstab . 3456.It Va quotaon_flags 3457.Pq Vt str 3458If 3459.Va quota_enable 3460is set to 3461.Dq Li YES , 3462these are the flags to pass to the 3463.Xr quotaon 8 3464utility. 3465The default is 3466.Dq Li "-a" , 3467which enables quotas for all file systems with quotas enabled in 3468.Pa /etc/fstab . 3469.It Va quotaoff_flags 3470.Pq Vt str 3471If 3472.Va quota_enable 3473is set to 3474.Dq Li YES , 3475these are the flags to pass to the 3476.Xr quotaoff 8 3477utility when shutting down the quota system. 3478The default is 3479.Dq Li "-a" , 3480which disables quotas for all file systems with quotas enabled in 3481.Pa /etc/fstab . 3482.It Va accounting_enable 3483.Pq Vt bool 3484Set to 3485.Dq Li YES 3486to enable system accounting through the 3487.Xr accton 8 3488facility. 3489.It Va ibcs2_enable 3490.Pq Vt bool 3491Set to 3492.Dq Li YES 3493to enable iBCS2 (SCO) binary emulation at system initial boot 3494time. 3495.It Va ibcs2_loaders 3496.Pq Vt str 3497If not set to 3498.Dq Li NO 3499and if 3500.Va ibcs2_enable 3501is set to 3502.Dq Li YES , 3503this specifies a list of additional iBCS2 loaders to enable. 3504.It Va firstboot_sentinel 3505.Pq Vt str 3506This variable specifies the full path to a 3507.Dq first boot 3508sentinel file. 3509If a file exists with this path, 3510.Pa rc.d 3511scripts with the 3512.Dq firstboot 3513keyword will be run on startup and the sentinel file will be deleted 3514after the boot process completes. 3515The sentinel file must be located on a writable file system which is 3516mounted no later than 3517.Va early_late_divider 3518to function properly. 3519The default is 3520.Pa /firstboot . 3521.It Va linux_enable 3522.Pq Vt bool 3523Set to 3524.Dq Li YES 3525to enable Linux/ELF binary emulation at system initial 3526boot time. 3527.It Va sysvipc_enable 3528.Pq Vt bool 3529If set to 3530.Dq Li YES , 3531load System V IPC primitives at boot time. 3532.It Va clear_tmp_enable 3533.Pq Vt bool 3534Set to 3535.Dq Li YES 3536to have 3537.Pa /tmp 3538cleaned at startup. 3539.It Va clear_tmp_X 3540.Pq Vt bool 3541Set to 3542.Dq Li NO 3543to disable removing of X11 lock files, 3544and the removal and (secure) recreation 3545of the various socket directories for X11 3546related programs. 3547.It Va ldconfig_paths 3548.Pq Vt str 3549Set to the list of shared library paths to use with 3550.Xr ldconfig 8 . 3551NOTE: 3552.Pa /usr/lib 3553will always be added first, so it need not appear in this list. 3554.It Va ldconfig32_paths 3555.Pq Vt str 3556Set to the list of 32-bit compatibility shared library paths to 3557use with 3558.Xr ldconfig 8 . 3559.It Va ldconfig_paths_aout 3560.Pq Vt str 3561Set to the list of shared library paths to use with 3562.Xr ldconfig 8 3563legacy 3564.Xr a.out 5 3565support. 3566.It Va ldconfig_insecure 3567.Pq Vt bool 3568The 3569.Xr ldconfig 8 3570utility normally refuses to use directories 3571which are writable by anyone except root. 3572Set this variable to 3573.Dq Li YES 3574to disable that security check during system startup. 3575.It Va ldconfig_local_dirs 3576.Pq Vt str 3577Set to the list of local 3578.Xr ldconfig 8 3579directories. 3580The names of all files in the directories listed will be 3581passed as arguments to 3582.Xr ldconfig 8 . 3583.It Va ldconfig_local32_dirs 3584.Pq Vt str 3585Set to the list of local 32-bit compatibility 3586.Xr ldconfig 8 3587directories. 3588The names of all files in the directories listed will be 3589passed as arguments to 3590.Dq Nm ldconfig Fl 32 . 3591.It Va kern_securelevel_enable 3592.Pq Vt bool 3593Set to 3594.Dq Li YES 3595to set the kernel security level at system startup. 3596.It Va kern_securelevel 3597.Pq Vt int 3598The kernel security level to set at startup. 3599The allowed range of 3600.Ar value 3601ranges from \-1 (the compile time default) to 3 (the 3602most secure). 3603See 3604.Xr security 7 3605for the list of possible security levels and their effect 3606on system operation. 3607.It Va sshd_program 3608.Pq Vt str 3609Path to the SSH server program 3610.Pa ( /usr/sbin/sshd 3611is the default). 3612.It Va sshd_enable 3613.Pq Vt bool 3614Set to 3615.Dq Li YES 3616to start 3617.Xr sshd 8 3618at system boot time. 3619.It Va sshd_flags 3620.Pq Vt str 3621If 3622.Va sshd_enable 3623is set to 3624.Dq Li YES , 3625these are the flags to pass to the 3626.Xr sshd 8 3627daemon. 3628.It Va ftpd_program 3629.Pq Vt str 3630Path to the FTP server program 3631.Pa ( /usr/libexec/ftpd 3632is the default). 3633.It Va ftpd_enable 3634.Pq Vt bool 3635Set to 3636.Dq Li YES 3637to start 3638.Xr ftpd 8 3639as a stand-alone daemon at system boot time. 3640.It Va ftpd_flags 3641.Pq Vt str 3642If 3643.Va ftpd_enable 3644is set to 3645.Dq Li YES , 3646these are the additional flags to pass to the 3647.Xr ftpd 8 3648daemon. 3649.It Va watchdogd_enable 3650.Pq Vt bool 3651If set to 3652.Dq Li YES , 3653start the 3654.Xr watchdogd 8 3655daemon at boot time. 3656This requires that the kernel have been compiled with a 3657.Xr watchdog 4 3658compatible device. 3659.It Va watchdogd_flags 3660.Pq Vt str 3661If 3662.Va watchdogd_enable 3663is set to 3664.Dq Li YES , 3665these are the flags passed to the 3666.Xr watchdogd 8 3667daemon. 3668.It Va devfs_rulesets 3669.Pq Vt str 3670List of files containing sets of rules for 3671.Xr devfs 8 . 3672.It Va devfs_system_ruleset 3673.Pq Vt str 3674Rule name(s) to apply to the system 3675.Pa /dev 3676itself. 3677.It Va devfs_set_rulesets 3678.Pq Vt str 3679Pairs of already-mounted 3680.Pa dev 3681directories and rulesets that should be applied to them. 3682For example: /mount/dev=ruleset_name 3683.It Va devfs_load_rulesets 3684.Pq Vt bool 3685If set, always load the default rulesets listed in 3686.Va devfs_rulesets . 3687.It Va performance_cx_lowest 3688.Pq Vt str 3689CPU idle state to use while on AC power. 3690The string 3691.Dq Li LOW 3692indicates that 3693.Xr acpi 4 3694should use the lowest power state available while 3695.Dq Li HIGH 3696indicates that the lowest latency state (less power savings) should be used. 3697.It Va performance_cpu_freq 3698.Pq Vt str 3699CPU clock frequency to use while on AC power. 3700The string 3701.Dq Li LOW 3702indicates that 3703.Xr cpufreq 4 3704should use the lowest frequency available while 3705.Dq Li HIGH 3706indicates that the highest frequency (less power savings) should be used. 3707.It Va economy_cx_lowest 3708.Pq Vt str 3709CPU idle state to use when off AC power. 3710The string 3711.Dq Li LOW 3712indicates that 3713.Xr acpi 4 3714should use the lowest power state available while 3715.Dq Li HIGH 3716indicates that the lowest latency state (less power savings) should be used. 3717.It Va economy_cpu_freq 3718.Pq Vt str 3719CPU clock frequency to use when off AC power. 3720The string 3721.Dq Li LOW 3722indicates that 3723.Xr cpufreq 4 3724should use the lowest frequency available while 3725.Dq Li HIGH 3726indicates that the highest frequency (less power savings) should be used. 3727.It Va jail_enable 3728.Pq Vt bool 3729If set to 3730.Dq Li NO , 3731any configured jails will not be started. 3732.It Va jail_conf 3733.Pq Vt str 3734The configuration filename used by 3735.Xr jail 8 3736utility. 3737The default value is 3738.Pa /etc/jail.conf . 3739.It Va jail_parallel_start 3740.Pq Vt bool 3741If set to 3742.Dq Li YES , 3743all configured jails will be started in the background (in parallel). 3744.It Va jail_flags 3745.Pq Vt str 3746Unset by default. 3747When set, use as default value for 3748.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3749for every jail in 3750.Va jail_list . 3751.It Va jail_list 3752.Pq Vt str 3753A space-delimited list of jail names. 3754When left empty, all of the 3755.Xr jail 8 3756instances defined in the configuration file are started. 3757The names specified in this list control the jail startup order. 3758.Xr jail 8 3759instances missing from 3760.Va jail_list 3761must be started manually. 3762Note that a jail's 3763.Va depend 3764parameter in the configuration file may override this list. 3765.It Va jail_reverse_stop 3766.Pq Vt bool 3767When set to 3768.Dq Li YES , 3769all configured jails in 3770.Va jail_list 3771are stopped in reverse order. 3772.It Va jail_* variables 3773Note that older releases supported per-jail configuration via 3774.Nm 3775variables. 3776For example, 3777hostname of a jail named 3778.Li vjail 3779was able to be set by 3780.Li jail_vjail_hostname . 3781These per-jail configuration variables are now obsolete in favor of 3782.Xr jail 8 3783configuration file. 3784For backward compatibility, 3785when per-jail configuration variables are defined, 3786.Xr jail 8 3787configuration files are created as 3788.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3789and used. 3790.Pp 3791The following per-jail parameters are handled by 3792.Pa rc.d/jail 3793script out of their corresponding 3794.Nm 3795variables. 3796In addition to them, parameters in 3797.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3798will be added to the configuration file. 3799They must be a semi-colon 3800.Pq Ql \&; 3801delimited list of 3802.Dq key=value . 3803For more details, 3804see 3805.Xr jail 8 3806manual page. 3807.Bl -tag -width "host.hostname" -offset indent 3808.It Li path 3809set from 3810.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3811.It Li host.hostname 3812set from 3813.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3814.It Li exec.consolelog 3815set from 3816.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3817The default value is 3818.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3819.It Li interface 3820set from 3821.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3822.It Li vnet.interface 3823set from 3824.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3825This implies 3826.Li vnet 3827parameter will be enabled and cannot be specified with 3828.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3829.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3830and/or 3831.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3832at the same time. 3833.It Li fstab 3834set from 3835.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3836.It Li mount 3837set from 3838.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3839.It Li exec.fib 3840set from 3841.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3842.It Li exec.start 3843set from 3844.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3845The parameter name was 3846.Li command 3847in some older releases. 3848.It Li exec.prestart 3849set from 3850.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3851.It Li exec.poststart 3852set from 3853.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3854.It Li exec.stop 3855set from 3856.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3857.It Li exec.prestop 3858set from 3859.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3860.It Li exec.poststop 3861set from 3862.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3863.It Li ip4.addr 3864set if 3865.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3866or 3867.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3868contain IPv4 addresses 3869.It Li ip6.addr 3870set if 3871.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3872or 3873.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3874contain IPv6 addresses 3875.It Li allow.mount 3876set from 3877.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3878.It Li mount.devfs 3879set from 3880.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3881.It Li devfs_ruleset 3882set from 3883.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3884This must be an integer, 3885not a string. 3886.It Li mount.fdescfs 3887set from 3888.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3889.It Li allow.set_hostname 3890set from 3891.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3892.It Li allow.rawsocket 3893set from 3894.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3895.It Li allow.sysvipc 3896set from 3897.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 3898.El 3899.\" ----------------------------------------------------- 3900.It Va harvest_mask 3901.Pq Vt int 3902Set to a bit-mask 3903representing the entropy sources 3904you wish to harvest. 3905Refer to 3906.Xr random 4 3907for more information. 3908.It Va entropy_dir 3909.Pq Vt str 3910Set to 3911.Dq Li NO 3912to disable caching entropy via 3913.Xr cron 8 . 3914Otherwise set to the directory 3915in which the entropy files are stored. 3916To be useful, 3917there must be 3918a system cron job 3919that regularly writes and rotates 3920files here. 3921All files found 3922will be used at boot time. 3923The default is 3924.Pa /var/db/entropy . 3925.It Va entropy_file 3926.Pq Vt str 3927Set to 3928.Dq Li NO 3929to disable caching entropy through reboots. 3930Otherwise set to the name 3931of a file used to store cached entropy. 3932This file should be located 3933on a file system that is readable 3934before all the volumes specified in 3935.Xr fstab 5 3936are mounted. 3937By default, 3938.Pa /entropy 3939is used, 3940but if 3941.Pa /var/db/entropy-file 3942is found it will also be used. 3943This will be of some use to 3944.Xr bsdinstall 8 . 3945.It Va entropy_boot_file 3946.Pq Vt str 3947Set to 3948.Dq Li NO 3949to disable 3950very early caching entropy 3951through reboots. 3952Otherwise set to the filename 3953used to read 3954very early reboot cached entropy. 3955This file should be located where 3956.Xr loader 8 3957can read it. 3958See also 3959.Xr loader.conf 5 . 3960The default location is 3961.Pa /boot/entropy . 3962.It Va entropy_save_sz 3963.Pq Vt int 3964Size of the entropy cache files saved by 3965.Nm save-entropy 3966periodically. 3967.It Va entropy_save_num 3968.Pq Vt int 3969Number of entropy cache files to save by 3970.Nm save-entropy 3971periodically. 3972.It Va ipsec_enable 3973.Pq Vt bool 3974Set to 3975.Dq Li YES 3976to run 3977.Xr setkey 8 3978on 3979.Va ipsec_file 3980at boot time. 3981.It Va ipsec_file 3982.Pq Vt str 3983Configuration file for 3984.Xr setkey 8 . 3985.It Va dmesg_enable 3986.Pq Vt bool 3987Set to 3988.Dq Li YES 3989to save 3990.Xr dmesg 8 3991to 3992.Pa /var/run/dmesg.boot 3993on boot. 3994.It Va rcshutdown_timeout 3995.Pq Vt int 3996If set, start a watchdog timer in the background which will terminate 3997.Pa rc.shutdown 3998if 3999.Xr shutdown 8 4000has not completed within the specified time (in seconds). 4001Notice that in addition to this soft timeout, 4002.Xr init 8 4003also applies a hard timeout for the execution of 4004.Pa rc.shutdown . 4005This is configured via 4006.Xr sysctl 8 4007variable 4008.Va kern.init_shutdown_timeout 4009and defaults to 120 seconds. 4010Setting the value of 4011.Va rcshutdown_timeout 4012to more than 120 seconds will have no effect until the 4013.Xr sysctl 8 4014variable 4015.Va kern.init_shutdown_timeout 4016is also increased. 4017.It Va virecover_enable 4018.Pq Vt bool 4019Set to 4020.Dq Li NO 4021to prevent the system from trying to 4022recover pre-maturely terminated 4023.Xr vi 1 4024sessions. 4025.It Va ugidfw_enable 4026.Pq Vt bool 4027Set to 4028.Dq Li YES 4029to load the 4030.Xr mac_bsdextended 4 4031module upon system initialization and load a default 4032ruleset file. 4033.It Va bsdextended_script 4034.Pq Vt str 4035The default 4036.Xr mac_bsdextended 4 4037ruleset file to load. 4038The default value of this variable is 4039.Pa /etc/rc.bsdextended . 4040.It Va newsyslog_enable 4041.Pq Vt bool 4042If set to 4043.Dq Li YES , 4044run 4045.Xr newsyslog 8 4046command at startup. 4047.It Va newsyslog_flags 4048.Pq Vt str 4049If 4050.Va newsyslog_enable 4051is set to 4052.Dq Li YES , 4053these are the flags to pass to the 4054.Xr newsyslog 8 4055program. 4056The default is 4057.Dq Li -CN , 4058which causes log files flagged with a 4059.Cm C 4060to be created. 4061.It Va mdconfig_md Ns Aq Ar X 4062.Pq Vt str 4063Arguments to 4064.Xr mdconfig 8 4065for 4066.Xr md 4 4067device 4068.Ar X . 4069At minimum a 4070.Fl t Ar type 4071must be specified and either a 4072.Fl s Ar size 4073for malloc or swap backed 4074.Xr md 4 4075devices or a 4076.Fl f Ar file 4077for vnode backed 4078.Xr md 4 4079devices. 4080Note that 4081.Va mdconfig_md Ns Aq Ar X 4082variables are evaluated until one variable is unset or null. 4083.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4084.Pq Vt str 4085Optional arguments passed to 4086.Xr newfs 8 4087to initialize 4088.Xr md 4 4089device 4090.Ar X . 4091.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4092.Pq Vt str 4093An ownership specification passed to 4094.Xr chown 8 4095after the specified 4096.Xr md 4 4097device 4098.Ar X 4099has been mounted. 4100Both the 4101.Xr md 4 4102device and the mount point will be changed. 4103.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4104.Pq Vt str 4105A mode string passed to 4106.Xr chmod 1 4107after the specified 4108.Xr md 4 4109device 4110.Ar X 4111has been mounted. 4112Both the 4113.Xr md 4 4114device and the mount point will be changed. 4115.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4116.Pq Vt str 4117Files to be copied to the mount point of the 4118.Xr md 4 4119device 4120.Ar X 4121after it has been mounted. 4122.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4123.Pq Vt str 4124Command to execute after the specified 4125.Xr md 4 4126device 4127.Ar X 4128has been mounted. 4129Note that the command is passed to 4130.Ic eval 4131and that both 4132.Va _dev 4133and 4134.Va _mp 4135variables can be used to reference respectively the 4136.Xr md 4 4137device and the mount point. 4138Assuming that the 4139.Xr md 4 4140device is 4141.Li md0 , 4142one could set the following: 4143.Bd -literal 4144mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4145.Ed 4146.It Va autobridge_interfaces 4147.Pq Vt str 4148Set to the list of bridge interfaces that will have newly arriving interfaces 4149checked against to be automatically added. 4150If not set to 4151.Dq Li NO 4152then for each whitespace separated 4153.Ar element 4154in the value, a 4155.Va autobridge_ Ns Aq Ar element 4156variable is assumed to exist which has a whitespace separated list of interface 4157names to match, these names can use wildcards. 4158For example: 4159.Bd -literal 4160autobridge_interfaces="bridge0" 4161autobridge_bridge0="tap* dc0 vlan[345]" 4162.Ed 4163.It Va mixer_enable 4164.Pq Vt bool 4165If set to 4166.Dq Li YES , 4167enable support for sound mixer. 4168.It Va hcsecd_enable 4169.Pq Vt bool 4170If set to 4171.Dq Li YES , 4172enable Bluetooth security daemon. 4173.It Va hcsecd_config 4174.Pq Vt str 4175Configuration file for 4176.Xr hcsecd 8 . 4177Default 4178.Pa /etc/bluetooth/hcsecd.conf . 4179.It Va sdpd_enable 4180.Pq Vt bool 4181If set to 4182.Dq Li YES , 4183enable Bluetooth Service Discovery Protocol daemon. 4184.It Va sdpd_control 4185.Pq Vt str 4186Path to 4187.Xr sdpd 8 4188control socket. 4189Default 4190.Pa /var/run/sdp . 4191.It Va sdpd_groupname 4192.Pq Vt str 4193Sets 4194.Xr sdpd 8 4195group to run as after it initializes. 4196Default 4197.Dq Li nobody . 4198.It Va sdpd_username 4199.Pq Vt str 4200Sets 4201.Xr sdpd 8 4202user to run as after it initializes. 4203Default 4204.Dq Li nobody . 4205.It Va bthidd_enable 4206.Pq Vt bool 4207If set to 4208.Dq Li YES , 4209enable Bluetooth Human Interface Device daemon. 4210.It Va bthidd_config 4211.Pq Vt str 4212Configuration file for 4213.Xr bthidd 8 . 4214Default 4215.Pa /etc/bluetooth/bthidd.conf . 4216.It Va bthidd_hids 4217.Pq Vt str 4218Path to a file, where 4219.Xr bthidd 8 4220will store information about known HID devices. 4221Default 4222.Pa /var/db/bthidd.hids . 4223.It Va rfcomm_pppd_server_enable 4224.Pq Vt bool 4225If set to 4226.Dq Li YES , 4227enable Bluetooth RFCOMM PPP wrapper daemon. 4228.It Va rfcomm_pppd_server_profile 4229.Pq Vt str 4230The name of the profile to use from 4231.Pa /etc/ppp/ppp.conf . 4232Multiple profiles can be specified here. 4233Also used to specify per-profile overrides. 4234When the profile name contains any of the characters 4235.Dq Li .-/+ 4236they are translated to 4237.Dq Li _ 4238for the proposes of the override variable names. 4239.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4240.Pq Vt str 4241Overrides local address to listen on. 4242By default 4243.Xr rfcomm_pppd 8 4244will listen on 4245.Dq Li ANY 4246address. 4247The address can be specified as BD_ADDR or name. 4248.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4249.Pq Vt str 4250Overrides local RFCOMM channel to listen on. 4251By default 4252.Xr rfcomm_pppd 8 4253will listen on RFCOMM channel 1. 4254Must set properly if multiple profiles used in the same time. 4255.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4256.Pq Vt bool 4257Tells 4258.Xr rfcomm_pppd 8 4259if it should register Serial Port service on the specified RFCOMM channel. 4260Default 4261.Dq Li NO . 4262.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4263.Pq Vt bool 4264Tells 4265.Xr rfcomm_pppd 8 4266if it should register Dial-Up Networking service on the specified 4267RFCOMM channel. 4268Default 4269.Dq Li NO . 4270.It Va ubthidhci_enable 4271.Pq Vt bool 4272If set to 4273.Dq Li YES , 4274change the USB Bluetooth controller from HID mode to HCI mode. 4275You also need to specify the location of USB Bluetooth controller with the 4276.Va ubthidhci_busnum 4277and 4278.Va ubthidhci_addr 4279variables. 4280.It Va ubthidhci_busnum 4281Bus number where the USB Bluetooth controller is located. 4282Check the output of 4283.Xr usbconfig 8 4284on your system to find this information. 4285.It Va ubthidhci_addr 4286Bus address of the USB Bluetooth controller. 4287Check the output of 4288.Xr usbconfig 8 4289on your system to find this information. 4290.It Va netwait_enable 4291.Pq Vt bool 4292If set to 4293.Dq Li YES , 4294delays the start of network-reliant services until 4295.Va netwait_if 4296is up and ICMP packets to a destination defined in 4297.Va netwait_ip 4298are flowing. 4299Link state is examined first, followed by 4300.Dq Li pinging 4301an IP address to verify network usability. 4302If no destination can be reached or timeouts are exceeded, 4303network services are started anyway with no guarantee that 4304the network is usable. 4305Use of this variable requires both 4306.Va netwait_ip 4307and 4308.Va netwait_if 4309to be set. 4310.It Va netwait_ip 4311.Pq Vt str 4312Empty by default. 4313This variable contains a space-delimited list of IP addresses to 4314.Xr ping 8 . 4315DNS hostnames should not be used as resolution is not guaranteed 4316to be functional at this point. 4317If multiple IP addresses are specified, 4318each will be tried until one is successful or the list is exhausted. 4319.It Va netwait_timeout 4320.Pq Vt int 4321Indicates the total number of seconds to perform a 4322.Dq Li ping 4323against each IP address in 4324.Va netwait_ip , 4325at a rate of one ping per second. 4326If any of the pings are successful, 4327full network connectivity is considered reliable. 4328The default is 60. 4329.It Va netwait_if 4330.Pq Vt str 4331Empty by default. 4332Defines the name of the network interface on which watch for link. 4333.Xr ifconfig 8 4334is used to monitor the interface, looking for 4335.Dq Li status: no carrier . 4336Once gone, the link is considered up. 4337This can be a 4338.Xr vlan 4 4339interface if desired. 4340.It Va netwait_if_timeout 4341.Pq Vt int 4342Defines the total number of seconds to wait for link to become usable, 4343polled at a 1-second interval. 4344The default is 30. 4345.It Va rctl_enable 4346.Pq Vt bool 4347If set to 4348.Dq Li YES , 4349load 4350.Xr rctl 8 4351rules from the defined ruleset. 4352The kernel must be built with 4353.Cd "options RACCT" 4354and 4355.Cd "options RCTL" . 4356.It Va rctl_rules 4357.Pq Vt str 4358Set to 4359.Pa /etc/rctl.conf 4360by default. 4361This variables contains the 4362.Xr rctl.conf 5 4363ruleset to load for 4364.Xr rctl 8 . 4365.It Va iovctl_files 4366.Pq Vt str 4367A space-separated list of configuration files used by 4368.Xr iovctl 8 . 4369The default value is an empty string. 4370.It Va autofs_enable 4371.Pq Vt bool 4372If set to 4373.Dq Li YES , 4374start the 4375.Xr automount 8 4376utility and the 4377.Xr automountd 8 4378and 4379.Xr autounmountd 8 4380daemons at boot time. 4381.It Va automount_flags 4382.Pq Vt str 4383If 4384.Va autofs_enable 4385is set to 4386.Dq Li YES , 4387these are the flags to pass to the 4388.Xr automount 8 4389program. 4390By default no flags are passed. 4391.It Va automountd_flags 4392.Pq Vt str 4393If 4394.Va autofs_enable 4395is set to 4396.Dq Li YES , 4397these are the flags to pass to the 4398.Xr automountd 8 4399daemon. 4400By default no flags are passed. 4401.It Va autounmountd_flags 4402.Pq Vt str 4403If 4404.Va autofs_enable 4405is set to 4406.Dq Li YES , 4407these are the flags to pass to the 4408.Xr autounmountd 8 4409daemon. 4410By default no flags are passed. 4411.It Va ctld_enable 4412.Pq Vt bool 4413If set to 4414.Dq Li YES , 4415start the 4416.Xr ctld 8 4417daemon at boot time. 4418.It Va iscsid_enable 4419.Pq Vt bool 4420If set to 4421.Dq Li YES , 4422start the 4423.Xr iscsid 8 4424daemon at boot time. 4425.It Va iscsictl_enable 4426.Pq Vt bool 4427If set to 4428.Dq Li YES , 4429start the 4430.Xr iscsictl 8 4431utility at boot time. 4432.It Va iscsictl_flags 4433.Pq Vt str 4434If 4435.Va iscsictl_enable 4436is set to 4437.Dq Li YES , 4438these are the flags to pass to the 4439.Xr iscsictl 8 4440program. 4441The default is 4442.Dq Li -Aa , 4443which configures sessions based on the 4444.Pa /etc/iscsi.conf 4445configuration file. 4446.El 4447.Sh FILES 4448.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4449.It Pa /etc/defaults/rc.conf 4450.It Pa /etc/rc.conf 4451.It Pa /etc/rc.conf.local 4452.El 4453.Sh SEE ALSO 4454.Xr chmod 1 , 4455.Xr gdb 1 , 4456.Xr info 1 , 4457.Xr kbdcontrol 1 , 4458.Xr makewhatis 1 , 4459.Xr sh 1 , 4460.Xr vi 1 , 4461.Xr vidcontrol 1 , 4462.Xr bridge 4 , 4463.Xr dummynet 4 , 4464.Xr ip 4 , 4465.Xr ipf 4 , 4466.Xr ipfw 4 , 4467.Xr ipnat 4 , 4468.Xr kld 4 , 4469.Xr pf 4 , 4470.Xr pflog 4 , 4471.Xr pfsync 4 , 4472.Xr tcp 4 , 4473.Xr udp 4 , 4474.Xr exports 5 , 4475.Xr fstab 5 , 4476.Xr ipf 5 , 4477.Xr ipnat 5 , 4478.Xr jail.conf 5 , 4479.Xr loader.conf 5 , 4480.Xr motd 5 , 4481.Xr newsyslog.conf 5 , 4482.Xr pf.conf 5 , 4483.Xr security 7 , 4484.Xr accton 8 , 4485.Xr amd 8 , 4486.Xr apm 8 , 4487.Xr bsdinstall 8 , 4488.Xr bthidd 8 , 4489.Xr chkprintcap 8 , 4490.Xr chown 8 , 4491.Xr cron 8 , 4492.Xr devfs 8 , 4493.Xr dhclient 8 , 4494.Xr ftpd 8 , 4495.Xr geli 8 , 4496.Xr hcsecd 8 , 4497.Xr ifconfig 8 , 4498.Xr inetd 8 , 4499.Xr iovctl 8 , 4500.Xr ipf 8 , 4501.Xr ipfw 8 , 4502.Xr ipnat 8 , 4503.Xr jail 8 , 4504.Xr kldxref 8 , 4505.Xr loader 8 , 4506.Xr lpd 8 , 4507.Xr mdconfig 8 , 4508.Xr mdmfs 8 , 4509.Xr mixer 8 , 4510.Xr mountd 8 , 4511.Xr moused 8 , 4512.Xr newfs 8 , 4513.Xr newsyslog 8 , 4514.Xr nfsd 8 , 4515.Xr ntpd 8 , 4516.Xr ntpdate 8 , 4517.Xr pfctl 8 , 4518.Xr pflogd 8 , 4519.Xr ping 8 , 4520.Xr powerd 8 , 4521.Xr quotacheck 8 , 4522.Xr quotaon 8 , 4523.Xr rc 8 , 4524.Xr rc.sendmail 8 , 4525.Xr rfcomm_pppd 8 , 4526.Xr route 8 , 4527.Xr routed 8 , 4528.Xr rpc.lockd 8 , 4529.Xr rpc.statd 8 , 4530.Xr rpcbind 8 , 4531.Xr rwhod 8 , 4532.Xr savecore 8 , 4533.Xr sdpd 8 , 4534.Xr sshd 8 , 4535.Xr swapon 8 , 4536.Xr sysctl 8 , 4537.Xr syslogd 8 , 4538.Xr sysrc 8 , 4539.Xr timed 8 , 4540.Xr unbound 8 , 4541.Xr usbconfig 8 , 4542.Xr wlandebug 8 , 4543.Xr yp 8 , 4544.Xr ypbind 8 , 4545.Xr ypserv 8 , 4546.Xr ypset 8 4547.Sh HISTORY 4548The 4549.Nm 4550file appeared in 4551.Fx 2.2.2 . 4552.Sh AUTHORS 4553.An Jordan K. Hubbard . 4554