xref: /freebsd/share/man/man5/rc.conf.5 (revision a2aef24aa3c8458e4036735dd6928b4ef77294e5)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd October 24, 2017
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/rc.conf.local
63is used to override settings in
64.Pa /etc/rc.conf
65for historical reasons.
66.Pp
67The sysrc(8) command provides a scripting interface to modify system
68config files.
69.Pp
70In addition to
71.Pa /etc/rc.conf.local
72you can also place smaller configuration files for each
73.Xr rc 8
74script in the
75.Pa /etc/rc.conf.d
76directory or
77.Ao Ar dir Ac Ns Pa /rc.conf.d
78directories specified in
79.Va local_startup ,
80which will be included by the
81.Va load_rc_config
82function.
83For jail configurations you could use the file
84.Pa /etc/rc.conf.d/jail
85to store jail specific configuration options.
86If
87.Va local_startup
88contains
89.Pa /usr/local/etc/rc.d
90and
91.Pa /opt/conf ,
92.Pa /usr/local/rc.conf.d/jail
93and
94.Pa /opt/conf/rc.conf.d/jail
95will be loaded.
96If
97.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
98is a directory,
99all of files in the directory will be loaded.
100Also see the
101.Va rc_conf_files
102variable below.
103.Pp
104Options are set with
105.Dq Ar name Ns Li = Ns Ar value
106assignments that use
107.Xr sh 1
108syntax.
109The following list provides a name and short description for each
110variable that can be set in the
111.Nm
112file:
113.Bl -tag -width indent-two
114.It Va rc_debug
115.Pq Vt bool
116If set to
117.Dq Li YES ,
118enable output of debug messages from rc scripts.
119This variable can be helpful in diagnosing mistakes when
120editing or integrating new scripts.
121Beware that this produces copious output to the terminal and
122.Xr syslog 3 .
123.It Va rc_info
124.Pq Vt bool
125If set to
126.Dq Li NO ,
127disable informational messages from the rc scripts.
128Informational messages are displayed when
129a condition that is not serious enough to warrant a warning or
130an error occurs.
131.It Va rc_startmsgs
132.Pq Vt bool
133If set to
134.Dq Li YES ,
135show
136.Dq Starting foo:
137when faststart is used (e.g., at boot time).
138.It Va early_late_divider
139.Pq Vt str
140The name of the script that should be used as the
141delimiter between the
142.Dq early
143and
144.Dq late
145stages of the boot process.
146The early stage should contain all the services needed to
147get the disks (local or remote) mounted so that the late
148stage can include scripts contained in the directories
149listed in the
150.Va local_startup
151variable (see below).
152Thus, the two likely candidates for this value are
153.Pa mountcritlocal
154for the typical system, and
155.Pa mountcritremote
156if the system needs remote file
157systems mounted to get access to the
158.Va local_startup
159directories; for example when
160.Pa /usr/local
161is NFS mounted.
162For
163.Pa rc.conf
164within a
165.Xr jail 8
166.Pa NETWORKING
167is likely to be an appropriate value.
168Extreme care should be taken when changing this value,
169and before changing it one should ensure that there are
170adequate provisions to recover from a failed boot
171(such as physical contact with the machine,
172or reliable remote console access).
173.It Va always_force_depends
174.Pq Vt bool
175Various
176.Pa rc.d
177scripts use the force_depend function to check whether required
178services are already running, and to start them if necessary.
179By default during boot time this check is bypassed if the
180required service is enabled in
181.Pa /etc/rc.conf[.local] .
182Setting this option will bypass that check at boot time and
183always test whether or not the service is actually running.
184Enabling this option is likely to increase your boot time if
185services are enabled that utilize the force_depend check.
186.It Ao Ar name Ac Ns Va _chroot
187.Pq Vt str
188.Xr chroot 8
189to this directory before running the service.
190.It Ao Ar name Ac Ns Va _user
191.Pq Vt str
192Run the service under this user account.
193.It Ao Ar name Ac Ns Va _group
194.Pq Vt str
195Run the chrooted service under this system group.
196Unlike the _user
197setting, this setting has no effect if the service is not chrooted.
198.It Ao Ar name Ac Ns Va _fib
199.Pq Vt int
200The
201.Xr setfib 1
202value to run the service under.
203.It Ao Ar name Ac Ns Va _nice
204.Pq Vt int
205The
206.Xr nice 1
207value to run the service under.
208.It Va apm_enable
209.Pq Vt bool
210If set to
211.Dq Li YES ,
212enable support for Automatic Power Management with
213the
214.Xr apm 8
215command.
216.It Va apmd_enable
217.Pq Vt bool
218Run
219.Xr apmd 8
220to handle APM event from userland.
221This also enables support for APM.
222.It Va apmd_flags
223.Pq Vt str
224If
225.Va apmd_enable
226is set to
227.Dq Li YES ,
228these are the flags to pass to the
229.Xr apmd 8
230daemon.
231.It Va devd_enable
232.Pq Vt bool
233Run
234.Xr devd 8
235to handle device added, removed or unknown events from the kernel.
236.It Va ddb_enable
237.Pq Vt bool
238Run
239.Xr ddb 8
240to install
241.Xr ddb 4
242scripts at boot time.
243.It Va ddb_config
244.Pq Vt str
245Configuration file for
246.Xr ddb 8 .
247Default
248.Pa /etc/ddb.conf .
249.It Va kld_list
250.Pq Vt str
251A list of kernel modules to load right after the local
252disks are mounted.
253Loading modules at this point in the boot process is
254much faster than doing it via
255.Pa /boot/loader.conf
256for those modules not necessary for mounting local disk.
257.It Va kldxref_enable
258.Pq Vt bool
259Set to
260.Dq Li NO
261by default.
262Set to
263.Dq Li YES
264to automatically rebuild
265.Pa linker.hints
266files with
267.Xr kldxref 8
268at boot time.
269.It Va kldxref_clobber
270.Pq Vt bool
271Set to
272.Dq Li NO
273by default.
274If
275.Va kldxref_enable
276is true,
277setting to
278.Dq Li YES
279will overwrite existing
280.Pa linker.hints
281files at boot time.
282Otherwise,
283only missing
284.Pa linker.hints
285files are generated.
286.It Va kldxref_module_path
287.Pq Vt str
288Empty by default.
289A semi-colon
290.Pq Ql \&;
291delimited list of paths containing
292.Xr kld 4
293modules.
294If empty,
295the contents of the
296.Va kern.module_path
297.Xr sysctl 8
298are used.
299.It Va powerd_enable
300.Pq Vt bool
301If set to
302.Dq Li YES ,
303enable the system power control facility with the
304.Xr powerd 8
305daemon.
306.It Va powerd_flags
307.Pq Vt str
308If
309.Va powerd_enable
310is set to
311.Dq Li YES ,
312these are the flags to pass to the
313.Xr powerd 8
314daemon.
315.It Va tmpmfs
316Controls the creation of a
317.Pa /tmp
318memory file system.
319Always happens if set to
320.Dq Li YES
321and never happens if set to
322.Dq Li NO .
323If set to anything else, a memory file system is created if
324.Pa /tmp
325is not writable.
326.It Va tmpsize
327Controls the size of a created
328.Pa /tmp
329memory file system.
330.It Va tmpmfs_flags
331Extra options passed to the
332.Xr mdmfs 8
333utility when the memory file system for
334.Pa /tmp
335is created.
336The default is
337.Dq Li "-S" ,
338which inhibits the use of softupdates on
339.Pa /tmp
340so that file system space is freed without delay
341after file truncation or deletion.
342See
343.Xr mdmfs 8
344for other options you can use in
345.Va tmpmfs_flags .
346.It Va varmfs
347Controls the creation of a
348.Pa /var
349memory file system.
350Always happens if set to
351.Dq Li YES
352and never happens if set to
353.Dq Li NO .
354If set to anything else, a memory file system is created if
355.Pa /var
356is not writable.
357.It Va varsize
358Controls the size of a created
359.Pa /var
360memory file system.
361.It Va varmfs_flags
362Extra options passed to the
363.Xr mdmfs 8
364utility when the memory file system for
365.Pa /var
366is created.
367The default is
368.Dq Li "-S" ,
369which inhibits the use of softupdates on
370.Pa /var
371so that file system space is freed without delay
372after file truncation or deletion.
373See
374.Xr mdmfs 8
375for other options you can use in
376.Va varmfs_flags .
377.It Va populate_var
378Controls the automatic population of the
379.Pa /var
380file system.
381Always happens if set to
382.Dq Li YES
383and never happens if set to
384.Dq Li NO .
385If set to anything else, a memory file system is created if
386.Pa /var
387is not writable.
388Note that this process requires access to certain commands in
389.Pa /usr
390before
391.Pa /usr
392is mounted on normal systems.
393.It Va cleanvar_enable
394.Pq Vt bool
395Clean the
396.Pa /var
397directory.
398.It Va local_startup
399.Pq Vt str
400List of directories to search for startup script files.
401.It Va script_name_sep
402.Pq Vt str
403The field separator to use for breaking down the list of startup script files
404into individual filenames.
405The default is a space.
406It is not necessary to change this unless there are startup scripts with names
407containing spaces.
408.It Va hostapd_enable
409.Pq Vt bool
410Set to
411.Dq Li YES
412to start
413.Xr hostapd 8
414at system boot time.
415.It Va hostname
416.Pq Vt str
417The fully qualified domain name (FQDN) of this host on the network.
418This should almost certainly be set to something meaningful, even if
419there is no network connection.
420If
421.Xr dhclient 8
422is used to set the hostname via DHCP,
423this variable should be set to an empty string.
424If this value remains unset when the system is done booting
425your console login will display the default hostname of
426.Dq Amnesiac .
427.It Va nisdomainname
428.Pq Vt str
429The NIS domain name of this host, or
430.Dq Li NO
431if NIS is not used.
432.It Va dhclient_program
433.Pq Vt str
434Path to the DHCP client program
435.Pa ( /sbin/dhclient ,
436the
437.Ox
438DHCP client,
439is the default).
440.It Va dhclient_flags
441.Pq Vt str
442Additional flags to pass to the DHCP client program.
443For the
444.Ox
445DHCP client, see the
446.Xr dhclient 8
447manpage for a description of the command line options available.
448.It Va dhclient_flags_ Ns Aq Ar iface
449Additional flags to pass to the DHCP client program running on
450.Ar iface
451only.
452When specified, this variable overrides
453.Va dhclient_flags .
454.It Va background_dhclient
455.Pq Vt bool
456Set to
457.Dq Li YES
458to start the DHCP client in background.
459This can cause trouble with applications depending on
460a working network, but it will provide a faster startup
461in many cases.
462.It Va background_dhclient_ Ns Aq Ar iface
463When specified, this variable overrides the
464.Va background_dhclient
465variable for interface
466.Ar iface
467only.
468.It Va synchronous_dhclient
469.Pq Vt bool
470Set to
471.Dq Li YES
472to start
473.Xr dhclient 8
474synchronously at startup.
475This behavior can be overridden on a per-interface basis by replacing
476the
477.Dq Li DHCP
478keyword in the
479.Va ifconfig_ Ns Aq Ar interface
480variable with
481.Dq Li SYNCDHCP
482or
483.Dq Li NOSYNCDHCP .
484.It Va defaultroute_delay
485.Pq Vt int
486When set to a positive value, wait up to this long after configuring
487DHCP interfaces at startup to give the interfaces time to receive a lease.
488.It Va firewall_enable
489.Pq Vt bool
490Set to
491.Dq Li YES
492to load firewall rules at startup.
493If the kernel was not built with
494.Cd "options IPFIREWALL" ,
495the
496.Pa ipfw.ko
497kernel module will be loaded.
498See also
499.Va ipfilter_enable .
500.It Va firewall_script
501.Pq Vt str
502This variable specifies the full path to the firewall script to run.
503The default is
504.Pa /etc/rc.firewall .
505.It Va firewall_type
506.Pq Vt str
507Names the firewall type from the selection in
508.Pa /etc/rc.firewall ,
509or the file which contains the local firewall ruleset.
510Valid selections from
511.Pa /etc/rc.firewall
512are:
513.Pp
514.Bl -tag -width ".Li simple" -compact
515.It Li open
516unrestricted IP access
517.It Li closed
518all IP services disabled, except via
519.Dq Li lo0
520.It Li client
521basic protection for a workstation
522.It Li simple
523basic protection for a LAN.
524.El
525.Pp
526If a filename is specified, the full path
527must be given.
528.It Va firewall_quiet
529.Pq Vt bool
530Set to
531.Dq Li YES
532to disable the display of firewall rules on the console during boot.
533.It Va firewall_logging
534.Pq Vt bool
535Set to
536.Dq Li YES
537to enable firewall event logging.
538This is equivalent to the
539.Dv IPFIREWALL_VERBOSE
540kernel option.
541.It Va firewall_logif
542.Pq Vt bool
543Set to
544.Dq Li YES
545to create pseudo interface
546.Li ipfw0
547for logging.
548For more details, see
549.Xr ipfw 8
550manual page.
551.It Va firewall_flags
552.Pq Vt str
553Flags passed to
554.Xr ipfw 8
555if
556.Va firewall_type
557specifies a filename.
558.It Va firewall_coscripts
559.Pq Vt str
560List of executables and/or rc scripts to run after firewall starts/stops.
561Default is empty.
562.\" ----- firewall_nat_enable setting --------------------------------
563.It Va firewall_nat_enable
564.Pq Vt bool
565The
566.Xr ipfw 8
567equivalent of
568.Va natd_enable .
569Setting this to
570.Dq Li YES
571enables kernel NAT.
572.Va firewall_enable
573must also be set to
574.Dq Li YES .
575.It Va firewall_nat_interface
576.Pq Vt str
577The
578.Xr ipfw 8
579equivalent of
580.Va natd_interface .
581This is the name of the public interface or IP address on which
582kernel NAT should run.
583.It Va firewall_nat_flags
584.Pq Vt str
585Additional configuration parameters for kernel NAT should be placed here.
586.It Va dummynet_enable
587.Pq Vt bool
588Setting this to
589.Dq Li YES
590will automatically load the
591.Xr dummynet 4
592module if
593.Va firewall_enable
594is also set to
595.Dq Li YES .
596.\" -------------------------------------------------------------------
597.It Va ipfw_netflow_enable
598.Pq Vt bool
599Setting this to
600.Dq Li YES
601will enable netflow logging via
602.Xr ng_netflow 4
603.Pp
604By default a ipfw rule is inserted and all packets are duplicated with
605the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
606port using protocol version 5.
607.It Va ipfw_netflow_hook
608.Pq Vt int
609netflow hook name, must be numerical
610(default
611.Pa 9995 ) .
612.It Va ipfw_netflow_rule
613.Pq Vt int
614ipfw rule number
615(default
616.Pa 1000 ) .
617.It Va ipfw_netflow_ip
618.Pq Vt str
619Destination server ip for receiving netflow data
620(default
621.Pa 127.0.0.1 ) .
622.It Va ipfw_netflow_port
623.Pq Vt int
624Destination server port for receiving netflow data
625(default
626.Pa 9995 ) .
627.It Va ipfw_netflow_version
628.Pq Vt int
629Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
630.It Va ipfw_netflow_fib
631.Pq Vt int
632Only match packet in FIB
633.Pa ipfw_netflow_fib
634(default is undefined meaning all FIBs).
635.It Va natd_program
636.Pq Vt str
637Path to
638.Xr natd 8 .
639.It Va natd_enable
640.Pq Vt bool
641Set to
642.Dq Li YES
643to enable
644.Xr natd 8 .
645.Va firewall_enable
646must also be set to
647.Dq Li YES ,
648and
649.Xr divert 4
650sockets must be enabled in the kernel.
651If the kernel was not built with
652.Cd "options IPDIVERT" ,
653the
654.Pa ipdivert.ko
655kernel module will be loaded.
656.It Va natd_interface
657.Pq Vt str
658This is the name of the public interface on which
659.Xr natd 8
660should run.
661The interface may be given as an interface name or as an IP address.
662.It Va natd_flags
663.Pq Vt str
664Additional
665.Xr natd 8
666flags should be placed here.
667The
668.Fl n
669or
670.Fl a
671flag is automatically added with the above
672.Va natd_interface
673as an argument.
674.\" ----- ipfilter_enable setting --------------------------------
675.It Va ipfilter_enable
676.Pq Vt bool
677Set to
678.Dq Li NO
679by default.
680Setting this to
681.Dq Li YES
682enables
683.Xr ipf 8
684packet filtering.
685.Pp
686Typical usage will require putting
687.Bd -literal
688ipfilter_enable="YES"
689ipnat_enable="YES"
690ipmon_enable="YES"
691ipfs_enable="YES"
692.Ed
693.Pp
694into
695.Pa /etc/rc.conf
696and editing
697.Pa /etc/ipf.rules
698and
699.Pa /etc/ipnat.rules
700appropriately.
701.Pp
702Note that
703.Va ipfilter_enable
704and
705.Va ipnat_enable
706can be enabled independently.
707.Va ipmon_enable
708and
709.Va ipfs_enable
710both require at least one of
711.Va ipfilter_enable
712and
713.Va ipnat_enable
714to be enabled.
715.Pp
716Having
717.Bd -literal
718options IPFILTER
719options IPFILTER_LOG
720options IPFILTER_DEFAULT_BLOCK
721.Ed
722.Pp
723in the kernel configuration file is a good idea, too.
724.\" ----- ipfilter_program setting ------------------------------
725.It Va ipfilter_program
726.Pq Vt str
727Path to
728.Xr ipf 8
729(default
730.Pa /sbin/ipf ) .
731.\" ----- ipfilter_rules setting --------------------------------
732.It Va ipfilter_rules
733.Pq Vt str
734Set to
735.Pa /etc/ipf.rules
736by default.
737This variable contains the name of the filter rule definition file.
738The file is expected to be readable for the
739.Xr ipf 8
740command to execute.
741.\" ----- ipv6_ipfilter_rules setting ---------------------------
742.It Va ipv6_ipfilter_rules
743.Pq Vt str
744Set to
745.Pa /etc/ipf6.rules
746by default.
747This variable contains the IPv6 filter rule definition file.
748The file is expected to be readable for the
749.Xr ipf 8
750command to execute.
751.\" ----- ipfilter_flags setting --------------------------------
752.It Va ipfilter_flags
753.Pq Vt str
754Empty by default.
755This variable contains flags passed to the
756.Xr ipf 8
757program.
758.\" ----- ipnat_enable setting ----------------------------------
759.It Va ipnat_enable
760.Pq Vt bool
761Set to
762.Dq Li NO
763by default.
764Set it to
765.Dq Li YES
766to enable
767.Xr ipnat 8
768network address translation.
769See
770.Va ipfilter_enable
771for a detailed discussion.
772.\" ----- ipnat_program setting ---------------------------------
773.It Va ipnat_program
774.Pq Vt str
775Path to
776.Xr ipnat 8
777(default
778.Pa /sbin/ipnat ) .
779.\" ----- ipnat_rules setting -----------------------------------
780.It Va ipnat_rules
781.Pq Vt str
782Set to
783.Pa /etc/ipnat.rules
784by default.
785This variable contains the name of the file
786holding the network address translation definition.
787This file is expected to be readable for the
788.Xr ipnat 8
789command to execute.
790.\" ----- ipnat_flags setting -----------------------------------
791.It Va ipnat_flags
792.Pq Vt str
793Empty by default.
794This variable contains flags passed to the
795.Xr ipnat 8
796program.
797.\" ----- ipmon_enable setting ----------------------------------
798.It Va ipmon_enable
799.Pq Vt bool
800Set to
801.Dq Li NO
802by default.
803Set it to
804.Dq Li YES
805to enable
806.Xr ipmon 8
807monitoring (logging
808.Xr ipf 8
809and
810.Xr ipnat 8
811events).
812Setting this variable needs setting
813.Va ipfilter_enable
814or
815.Va ipnat_enable
816too.
817See
818.Va ipfilter_enable
819for a detailed discussion.
820.\" ----- ipmon_program setting ---------------------------------
821.It Va ipmon_program
822.Pq Vt str
823Path to
824.Xr ipmon 8
825(default
826.Pa /sbin/ipmon ) .
827.\" ----- ipmon_flags setting -----------------------------------
828.It Va ipmon_flags
829.Pq Vt str
830Set to
831.Dq Li -Ds
832by default.
833This variable contains flags passed to the
834.Xr ipmon 8
835program.
836Another typical example would be
837.Dq Fl D Pa /var/log/ipflog
838to have
839.Xr ipmon 8
840log directly to a file bypassing
841.Xr syslogd 8 .
842Make sure to adjust
843.Pa /etc/newsyslog.conf
844in such case like this:
845.Bd -literal
846/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
847.Ed
848.\" ----- ipfs_enable setting -----------------------------------
849.It Va ipfs_enable
850.Pq Vt bool
851Set to
852.Dq Li NO
853by default.
854Set it to
855.Dq Li YES
856to enable
857.Xr ipfs 8
858saving the filter and NAT state tables during shutdown
859and reloading them during startup again.
860Setting this variable needs setting
861.Va ipfilter_enable
862or
863.Va ipnat_enable
864to
865.Dq Li YES
866too.
867See
868.Va ipfilter_enable
869for a detailed discussion.
870Note that if
871.Va kern_securelevel
872is set to 3,
873.Va ipfs_enable
874cannot be used
875because the raised securelevel will prevent
876.Xr ipfs 8
877from saving the state tables at shutdown time.
878.\" ----- ipfs_program setting ----------------------------------
879.It Va ipfs_program
880.Pq Vt str
881Path to
882.Xr ipfs 8
883(default
884.Pa /sbin/ipfs ) .
885.\" ----- ipfs_flags setting ------------------------------------
886.It Va ipfs_flags
887.Pq Vt str
888Empty by default.
889This variable contains flags passed to the
890.Xr ipfs 8
891program.
892.\" ----- end of added ipf hook ---------------------------------
893.It Va pf_enable
894.Pq Vt bool
895Set to
896.Dq Li NO
897by default.
898Setting this to
899.Dq Li YES
900enables
901.Xr pf 4
902packet filtering.
903.Pp
904Typical usage will require putting
905.Pp
906.Dl pf_enable="YES"
907.Pp
908into
909.Pa /etc/rc.conf
910and editing
911.Pa /etc/pf.conf
912appropriately.
913Adding
914.Pp
915.Dl "device pf"
916.Pp
917builds support for
918.Xr pf 4
919into the kernel, otherwise the
920kernel module will be loaded.
921.It Va pf_rules
922.Pq Vt str
923Path to
924.Xr pf 4
925ruleset configuration file
926(default
927.Pa /etc/pf.conf ) .
928.It Va pf_program
929.Pq Vt str
930Path to
931.Xr pfctl 8
932(default
933.Pa /sbin/pfctl ) .
934.It Va pf_flags
935.Pq Vt str
936If
937.Va pf_enable
938is set to
939.Dq Li YES ,
940these flags are passed to the
941.Xr pfctl 8
942program when loading the ruleset.
943.It Va pflog_enable
944.Pq Vt bool
945Set to
946.Dq Li NO
947by default.
948Setting this to
949.Dq Li YES
950enables
951.Xr pflogd 8
952which logs packets from the
953.Xr pf 4
954packet filter.
955.It Va pflog_logfile
956.Pq Vt str
957If
958.Va pflog_enable
959is set to
960.Dq Li YES
961this controls where
962.Xr pflogd 8
963stores the logfile
964(default
965.Pa /var/log/pflog ) .
966Check
967.Pa /etc/newsyslog.conf
968to adjust logfile rotation for this.
969.It Va pflog_program
970.Pq Vt str
971Path to
972.Xr pflogd 8
973(default
974.Pa /sbin/pflogd ) .
975.It Va pflog_flags
976.Pq Vt str
977Empty by default.
978This variable contains additional flags passed to the
979.Xr pflogd 8
980program.
981.It Va pflog_instances
982.Pq Vt str
983If logging to more than one
984.Xr pflog 4
985interface is desired,
986.Va pflog_instances
987is set to the list of
988.Xr pflogd 8
989instances that should be started at system boot time.
990If
991.Va pflog_instances
992is set, for each whitespace-seperated
993.Ar element
994in the list,
995.Ao Ar element Ac Ns Va _dev
996and
997.Ao Ar element Ac Ns Va _logfile
998elements are assumed to exist.
999.Ao Ar element Ac Ns Va _dev
1000must contain the
1001.Xr pflog 4
1002interface to be watched by the named
1003.Xr pflogd 8
1004instance.
1005.Ao Ar element Ac Ns Va _logfile
1006must contain the name of the logfile that will be used by the
1007.Xr pflogd 8
1008instance.
1009.It Va ftpproxy_enable
1010.Pq Vt bool
1011Set to
1012.Dq Li NO
1013by default.
1014Setting this to
1015.Dq Li YES
1016enables
1017.Xr ftp-proxy 8
1018which supports the
1019.Xr pf 4
1020packet filter in translating ftp connections.
1021.It Va ftpproxy_flags
1022.Pq Vt str
1023Empty by default.
1024This variable contains additional flags passed to the
1025.Xr ftp-proxy 8
1026program.
1027.It Va ftpproxy_instances
1028.Pq Vt str
1029Empty by default.
1030If multiple instances of
1031.Xr ftp-proxy 8
1032are desired at boot time,
1033.Va ftpproxy_instances
1034should contain a whitespace-seperated list of instance names.
1035For each
1036.Ar element
1037in the list, a variable named
1038.Ao Ar element Ac Ns Va _flags
1039should be defined, containing the command-line flags to be passed to the
1040.Xr ftp-proxy 8
1041instance.
1042.It Va pfsync_enable
1043.Pq Vt bool
1044Set to
1045.Dq Li NO
1046by default.
1047Setting this to
1048.Dq Li YES
1049enables exposing
1050.Xr pf 4
1051state changes to other hosts over the network by means of
1052.Xr pfsync 4 .
1053The
1054.Va pfsync_syncdev
1055variable
1056must also be set then.
1057.It Va pfsync_syncdev
1058.Pq Vt str
1059Empty by default.
1060This variable specifies the name of the network interface
1061.Xr pfsync 4
1062should operate through.
1063It must be set accordingly if
1064.Va pfsync_enable
1065is set to
1066.Dq Li YES .
1067.It Va pfsync_syncpeer
1068.Pq Vt str
1069Empty by default.
1070This variable is optional.
1071By default, state change messages are sent out on the synchronisation
1072interface using IP multicast packets.
1073The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1074224.0.0.240.
1075When a peer address is specified using the
1076.Va pfsync_syncpeer
1077option, the peer address is used as a destination for the pfsync
1078traffic, and the traffic can then be protected using
1079.Xr ipsec 4 .
1080See the
1081.Xr pfsync 4
1082manpage for more details about using
1083.Xr ipsec 4
1084with
1085.Xr pfsync 4
1086interfaces.
1087.It Va pfsync_ifconfig
1088.Pq Vt str
1089Empty by default.
1090This variable can contain additional options to be passed to the
1091.Xr ifconfig 8
1092command used to set up
1093.Xr pfsync 4 .
1094.It Va tcp_extensions
1095.Pq Vt bool
1096Set to
1097.Dq Li YES
1098by default.
1099Setting this to
1100.Dq Li NO
1101disables certain TCP options as described by
1102.Rs
1103.%T "RFC 1323"
1104.Re
1105Setting this to
1106.Dq Li NO
1107might help remedy such problems with connections as randomly hanging
1108or other weird behavior.
1109Some network devices are known
1110to be broken with respect to these options.
1111.It Va log_in_vain
1112.Pq Vt int
1113Set to 0 by default.
1114The
1115.Xr sysctl 8
1116variables,
1117.Va net.inet.tcp.log_in_vain
1118and
1119.Va net.inet.udp.log_in_vain ,
1120as described in
1121.Xr tcp 4
1122and
1123.Xr udp 4 ,
1124are set to the given value.
1125.It Va tcp_keepalive
1126.Pq Vt bool
1127Set to
1128.Dq Li YES
1129by default.
1130Setting to
1131.Dq Li NO
1132will disable probing idle TCP connections to verify that the
1133peer is still up and reachable.
1134.It Va tcp_drop_synfin
1135.Pq Vt bool
1136Set to
1137.Dq Li NO
1138by default.
1139Setting to
1140.Dq Li YES
1141will cause the kernel to ignore TCP frames that have both
1142the SYN and FIN flags set.
1143This prevents OS fingerprinting, but may
1144break some legitimate applications.
1145.It Va icmp_drop_redirect
1146.Pq Vt bool
1147Set to
1148.Dq Li NO
1149by default.
1150Setting to
1151.Dq Li YES
1152will cause the kernel to ignore ICMP REDIRECT packets.
1153Refer to
1154.Xr icmp 4
1155for more information.
1156.It Va icmp_log_redirect
1157.Pq Vt bool
1158Set to
1159.Dq Li NO
1160by default.
1161Setting to
1162.Dq Li YES
1163will cause the kernel to log ICMP REDIRECT packets.
1164Note that
1165the log messages are not rate-limited, so this option should only be used
1166for troubleshooting networks.
1167Refer to
1168.Xr icmp 4
1169for more information.
1170.It Va icmp_bmcastecho
1171.Pq Vt bool
1172Set to
1173.Dq Li YES
1174to respond to broadcast or multicast ICMP ping packets.
1175Refer to
1176.Xr icmp 4
1177for more information.
1178.It Va ip_portrange_first
1179.Pq Vt int
1180If not set to
1181.Dq Li NO ,
1182this is the first port in the default portrange.
1183Refer to
1184.Xr ip 4
1185for more information.
1186.It Va ip_portrange_last
1187.Pq Vt int
1188If not set to
1189.Dq Li NO ,
1190this is the last port in the default portrange.
1191Refer to
1192.Xr ip 4
1193for more information.
1194.It Va network_interfaces
1195.Pq Vt str
1196Set to the list of network interfaces to configure on this host or
1197.Dq Li AUTO
1198(the default) for all current interfaces.
1199Setting the
1200.Va network_interfaces
1201variable to anything other than the default is deprecated.
1202Interfaces that the administrator wishes to store configuration for,
1203but not start at boot should be configured with the
1204.Dq Li NOAUTO
1205keyword in their
1206.Va ifconfig_ Ns Aq Ar interface
1207variables as described below.
1208.Pp
1209An
1210.Va ifconfig_ Ns Aq Ar interface
1211variable is also assumed to exist for each value of
1212.Ar interface .
1213When an interface name contains any of the characters
1214.Dq Li .-/+
1215they are translated to
1216.Dq Li _
1217before lookup.
1218The variable can contain arguments to
1219.Xr ifconfig 8 ,
1220as well as special case-insensitive keywords described below.
1221Such keywords are removed before passing the value to
1222.Xr ifconfig 8
1223while the order of the other arguments is preserved.
1224.Pp
1225It is possible to add IP alias entries using
1226.Xr ifconfig 8
1227syntax with the address family keyword such as
1228.Li inet .
1229Assuming that the interface in question was
1230.Li ed0 ,
1231it might look something like this:
1232.Bd -literal
1233ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1234ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1235.Ed
1236.Pp
1237It also possible to configure multiple IP addresses in Classless
1238Inter-Domain Routing
1239.Pq CIDR
1240address notation,
1241whose each address component can be a range like
1242.Li inet 192.0.2.5-23/24
1243or
1244.Li inet6 2001:db8:1-f::1/64 .
1245This notation allows address and prefix length part only,
1246not the other address modifiers.
1247Note that the maximum number of the generated addresses from a range
1248specification is limited to an integer value specified in
1249.Va netif_ipexpand_max
1250in
1251.Nm
1252because a small typo can unexpectedly generate a large number of addresses.
1253The default value is
1254.Li 2048 .
1255It can be increased by adding the following line into
1256.Nm :
1257.Bd -literal
1258netif_ipexpand_max="4096"
1259.Ed
1260.Pp
1261In the case of
1262.Li 192.0.2.5-23/24 ,
1263the address 192.0.2.5 will be configured with the
1264netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1265the non-conflicting netmask /32 as explained in the
1266.Xr ifconfig 8
1267alias section.
1268Note that this special netmask handling is only for
1269.Li inet ,
1270not for the other address families such as
1271.Li inet6 .
1272.Pp
1273With the interface in question being
1274.Li ed0 ,
1275an example could look like:
1276.Bd -literal
1277ifconfig_ed0_alias2="inet 192.0.2.129/27"
1278ifconfig_ed0_alias3="inet 192.0.2.1-5/28"
1279.Ed
1280.Pp
1281and so on.
1282.Pp
1283Note that
1284.Va ipv4_addrs_ Ns Aq Ar interface
1285variable was supported for IPv4 CIDR address notation.
1286It is now deprecated because the functionality was integrated into
1287.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1288though
1289.Va ipv4_addrs_ Ns Aq Ar interface
1290is still supported for backward compatibility.
1291.Pp
1292For each
1293.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1294entry with an address family keyword,
1295its contents are passed to
1296.Xr ifconfig 8 .
1297Execution stops at the first unsuccessful access, so if
1298something like this is present:
1299.Bd -literal
1300ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1301ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1302ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1303ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1304.Ed
1305.Pp
1306Then note that alias4 would
1307.Em not
1308be added since the search would
1309stop with the missing
1310.Dq Li alias3
1311entry.
1312Because of this difficult to manage behavior,
1313there is
1314.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1315variable, which has the same functionality as
1316.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1317and can have all of entries in a variable like the following:
1318.Bd -literal
1319ifconfig_ed0_aliases="\\
1320	inet 127.0.0.251 netmask 0xffffffff \\
1321	inet 127.0.0.252 netmask 0xffffffff \\
1322	inet 127.0.0.253 netmask 0xffffffff \\
1323	inet 127.0.0.254 netmask 0xffffffff"
1324.Ed
1325.Pp
1326It also supports CIDR notation.
1327.Pp
1328If the
1329.Pa /etc/start_if. Ns Aq Ar interface
1330file is present, it is read and executed by the
1331.Xr sh 1
1332interpreter
1333before configuring the interface as specified in the
1334.Va ifconfig_ Ns Aq Ar interface
1335and
1336.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1337variables.
1338.Pp
1339If a
1340.Va vlans_ Ns Aq Ar interface
1341variable is set,
1342a
1343.Xr vlan 4
1344interface will be created for each item in the list with the
1345.Ar vlandev
1346argument set to
1347.Ar interface .
1348If a vlan interface's name is a number,
1349then that number is used as the vlan tag and the new vlan interface is
1350named
1351.Ar interface . Ns Ar tag .
1352Otherwise,
1353the vlan tag must be specified via a
1354.Va vlan
1355parameter in the
1356.Va create_args_ Ns Aq Ar interface
1357variable.
1358.Pp
1359To create a vlan device named
1360.Li em0.101
1361on
1362.Li em0
1363with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1364.Bd -literal
1365vlans_em0="101"
1366ifconfig_em0_101="inet 192.0.2.1/24"
1367.Ed
1368.Pp
1369To create a vlan device named
1370.Li myvlan
1371on
1372.Li em0
1373with the vlan tag 102:
1374.Bd -literal
1375vlans_em0="myvlan"
1376create_args_myvlan="vlan 102"
1377.Ed
1378.Pp
1379If a
1380.Va wlans_ Ns Aq Ar interface
1381variable is set,
1382an
1383.Xr wlan 4
1384interface will be created for each item in the list with the
1385.Ar wlandev
1386argument set to
1387.Ar interface .
1388Further wlan cloning arguments may be passed to the
1389.Xr ifconfig 8
1390.Cm create
1391command by setting the
1392.Va create_args_ Ns Aq Ar interface
1393variable.
1394One or more
1395.Xr wlan 4
1396devices must be created for each wireless devices as of
1397.Fx 8.0 .
1398Debugging flags for
1399.Xr wlan 4
1400devices as set by
1401.Xr wlandebug 8
1402may be specified with an
1403.Va wlandebug_ Ns Aq Ar interface
1404variable.
1405The contents of this variable will be passed directly to
1406.Xr wlandebug 8 .
1407.Pp
1408If the
1409.Va ifconfig_ Ns Aq Ar interface
1410contains the keyword
1411.Dq Li NOAUTO
1412then the interface will not be configured
1413at boot or by
1414.Pa /etc/pccard_ether
1415when
1416.Va network_interfaces
1417is set to
1418.Dq Li AUTO .
1419.Pp
1420It is possible to bring up an interface with DHCP by adding
1421.Dq Li DHCP
1422to the
1423.Va ifconfig_ Ns Aq Ar interface
1424variable.
1425For instance, to initialize the
1426.Li ed0
1427device via DHCP,
1428it is possible to use something like:
1429.Bd -literal
1430ifconfig_ed0="DHCP"
1431.Ed
1432.Pp
1433If you want to configure your wireless interface with
1434.Xr wpa_supplicant 8
1435for use with WPA, EAP/LEAP or WEP, you need to add
1436.Dq Li WPA
1437to the
1438.Va ifconfig_ Ns Aq Ar interface
1439variable.
1440.Pp
1441On the other hand, if you want to configure your wireless interface with
1442.Xr hostapd 8 ,
1443you need to add
1444.Dq Li HOSTAP
1445to the
1446.Va ifconfig_ Ns Aq Ar interface
1447variable.
1448.Xr hostapd 8
1449will use the settings from
1450.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1451.Pp
1452Finally, you can add
1453.Xr ifconfig 8
1454options in this variable, in addition to the
1455.Pa /etc/start_if. Ns Aq Ar interface
1456file.
1457For instance, to configure an
1458.Xr ath 4
1459wireless device in station mode with an address obtained
1460via DHCP, using WPA authentication and 802.11b mode, it is
1461possible to use something like:
1462.Bd -literal
1463wlans_ath0="wlan0"
1464ifconfig_wlan0="DHCP WPA mode 11b"
1465.Ed
1466.Pp
1467In addition to the
1468.Va ifconfig_ Ns Aq Ar interface
1469form, a fallback variable
1470.Va ifconfig_DEFAULT
1471may be configured.
1472It will be used for all interfaces with no
1473.Va ifconfig_ Ns Aq Ar interface
1474variable.
1475This is intended to replace the no longer supported
1476.Va pccard_ifconfig
1477variable.
1478.Pp
1479It is also possible to rename an interface by doing:
1480.Bd -literal
1481ifconfig_ed0_name="net0"
1482ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1483.Ed
1484.It Va ipv6_enable
1485.Pq Vt bool
1486This variable is deprecated.
1487Use
1488.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1489and
1490.Va ipv6_activate_all_interfaces
1491if necessary.
1492.Pp
1493If the variable is
1494.Dq Li YES ,
1495.Dq Li inet6 accept_rtadv
1496is added to all of
1497.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1498and the
1499.Va ipv6_activate_all_interfaces
1500is defined as
1501.Dq Li YES .
1502.It Va ipv6_prefer
1503.Pq Vt bool
1504This variable is deprecated.
1505Use
1506.Va ip6addrctl_policy
1507instead.
1508.Pp
1509If the variable is
1510.Dq Li YES ,
1511the default address selection policy table set by
1512.Xr ip6addrctl 8
1513will be IPv6-preferred.
1514.Pp
1515If the variable is
1516.Dq Li NO ,
1517the default address selection policy table set by
1518.Xr ip6addrctl 8
1519will be IPv4-preferred.
1520.It Va ipv6_activate_all_interfaces
1521.Pq Vt bool
1522This controls initial configuration on IPv6-capable
1523interfaces with no corresponding
1524.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1525variable.
1526Note that it is not always necessary to set this variable to
1527.Dq YES
1528to use IPv6 functionality on
1529.Fx .
1530In most cases, just configuring
1531.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1532variables works.
1533.Pp
1534If the variable is
1535.Dq Li NO ,
1536all interfaces which do not have a corresponding
1537.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1538variable will be marked as
1539.Dq Li IFDISABLED
1540at creation.
1541This means that all of IPv6 functionality on that interface
1542is completely disabled to enforce a security policy.
1543If the variable is set to
1544.Dq YES ,
1545the flag will be cleared on all of the interfaces.
1546.Pp
1547In most cases, just defining an
1548.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1549for an IPv6-capable interface should be sufficient.
1550However, if an interface is added dynamically
1551.Pq by some tunneling protocols such as PPP, for example ,
1552it is often difficult to define the variable in advance.
1553In such a case, configuring the
1554.Dq Li IFDISABLED
1555flag can be disabled by setting this variable to
1556.Dq YES .
1557.Pp
1558For more details of the
1559.Dq Li IFDISABLED
1560flag and keywords
1561.Dq Li inet6 ifdisabled ,
1562see
1563.Xr ifconfig 8 .
1564.Pp
1565Default is
1566.Dq Li NO .
1567.It Va ipv6_privacy
1568.Pq Vt bool
1569If the variable is
1570.Dq Li YES
1571privacy addresses will be generated for each IPv6
1572interface as described in RFC 4941.
1573.It Va ipv6_network_interfaces
1574.Pq Vt str
1575This is the IPv6 equivalent of
1576.Va network_interfaces .
1577Normally manual configuration of this variable is not needed.
1578.It Va ipv6_cpe_wanif
1579.Pq Vt str
1580If the variable is set to an interface name,
1581the
1582.Xr ifconfig 8
1583options
1584.Dq inet6 -no_radr accept_rtadv
1585will be added to the specified interface automatically before evaluating
1586.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1587and two
1588.Xr sysctl 8
1589variables
1590.Va net.inet6.ip6.rfc6204w3
1591and
1592.Va net.inet6.ip6.no_radr
1593will be set to 1.
1594.Pp
1595This means the specified interface will accept ICMPv6 Router
1596Advertisement messages on that link and add the discovered
1597routers into the Default Router List.
1598While the other interfaces can still accept RA messages if the
1599.Dq inet6 accept_rtadv
1600option is specified, adding
1601routes into the Default Router List will be disabled by
1602.Dq inet6 no_radr
1603option by default.
1604See
1605.Xr ifconfig 8
1606for more details.
1607.Pp
1608Note that ICMPv6 Router Advertisement messages will be
1609accepted even when
1610.Va net.inet6.ip6.forwarding
1611is 1
1612.Pq packet forwarding is enabled
1613when
1614.Va net.inet6.ip6.rfc6204w3
1615is set to 1.
1616.Pp
1617Default is
1618.Dq Li NO .
1619.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1620.Pq Vt str
1621IPv6 functionality on an interface should be configured by
1622.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1623instead of setting ifconfig parameters in
1624.Va ifconfig_ Ns Aq Ar interface .
1625If this variable is empty, all of IPv6 configurations on the
1626specified interface by other variables such as
1627.Va ipv6_prefix_ Ns Ao Ar interface Ac
1628will be ignored.
1629.Pp
1630Aliases should be set by
1631.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1632with
1633.Dq Li inet6
1634keyword.
1635For example:
1636.Bd -literal
1637ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1638ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1639.Ed
1640.Pp
1641Interfaces that have an
1642.Dq Li inet6 accept_rtadv
1643keyword in
1644.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1645setting will be automatically configured by SLAAC
1646.Pq StateLess Address AutoConfiguration
1647described in
1648.Rs
1649.%T "RFC 4862"
1650.Re
1651.Pp
1652Note that a link-local address will be automatically configured in
1653addition to the configured global-scope addresses because the IPv6
1654specifications require it on each link.
1655The address is calculated from the MAC address by using an algorithm
1656defined in
1657.Rs
1658.%T "RFC 4862"
1659.%O "Section 5.3"
1660.Re
1661.Pp
1662If only a link-local address is needed on the interface,
1663the following configuration can be used:
1664.Bd -literal
1665ifconfig_ed0_ipv6="inet6 auto_linklocal"
1666.Ed
1667.Pp
1668A link-local address can also be configured manually.
1669This is useful for the default router address of an IPv6 router
1670so that it does not change when the network interface
1671card is replaced.
1672For example:
1673.Bd -literal
1674ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"
1675.Ed
1676.It Va ipv6_prefix_ Ns Aq Ar interface
1677.Pq Vt str
1678If one or more prefixes are defined in
1679.Va ipv6_prefix_ Ns Aq Ar interface
1680addresses based on each prefix and the EUI-64 interface index will be
1681configured on that interface.
1682Note that this variable will be ignored when
1683.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1684is empty.
1685.Pp
1686For example, the following configuration
1687.Bd -literal
1688ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"
1689.Ed
1690.Pp
1691is equivalent to the following:
1692.Bd -literal
1693ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1694ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1695ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1696ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1697.Ed
1698.Pp
1699These Subnet-Router anycast addresses will be added only when
1700.Va ipv6_gateway_enable
1701is YES.
1702.It Va ipv6_default_interface
1703.Pq Vt str
1704If not set to
1705.Dq Li NO ,
1706this is the default output interface for scoped addresses.
1707This works only with ipv6_gateway_enable="NO".
1708.It Va ip6addrctl_enable
1709.Pq Vt bool
1710This variable is to enable configuring default address selection policy table
1711.Pq RFC 3484 .
1712The table can be specified in another variable
1713.Va ip6addrctl_policy .
1714For
1715.Va ip6addrctl_policy
1716the following keywords can be specified:
1717.Dq Li ipv4_prefer ,
1718.Dq Li ipv6_prefer ,
1719or
1720.Dq Li AUTO .
1721.Pp
1722If
1723.Dq Li ipv4_prefer
1724or
1725.Dq Li ipv6_prefer
1726is specified,
1727.Xr ip6addrctl 8
1728installs a pre-defined policy table described in Section 2.1
1729.Pq IPv6-preferred
1730or 10.3
1731.Pq IPv4-preferred
1732of RFC 3484.
1733.Pp
1734If
1735.Dq Li AUTO
1736is specified, it attempts to read a file
1737.Pa /etc/ip6addrctl.conf
1738first.
1739If this file is found,
1740.Xr ip6addrctl 8
1741reads and installs it.
1742If not found, a policy is automatically set
1743according to
1744.Va ipv6_activate_all_interfaces
1745variable; if the variable is set to
1746.Dq Li YES
1747the IPv6-preferred one is used.
1748Otherwise IPv4-preferred.
1749.Pp
1750The default value of
1751.Va ip6addrctl_enable
1752and
1753.Va ip6addrctl_policy
1754are
1755.Dq Li YES
1756and
1757.Dq Li AUTO ,
1758respectively.
1759.It Va cloned_interfaces
1760.Pq Vt str
1761Set to the list of clonable network interfaces to create on this host.
1762Further cloning arguments may be passed to the
1763.Xr ifconfig 8
1764.Cm create
1765command for each interface by setting the
1766.Va create_args_ Ns Aq Ar interface
1767variable.
1768If an interface name is specified with
1769.Dq :sticky
1770keyword,
1771the interface will not be destroyed even when
1772.Pa rc.d/netif
1773script is invoked with
1774.Dq stop
1775argument.
1776This is useful when reconfiguring the interface without destroying it.
1777Entries in
1778.Va cloned_interfaces
1779are automatically appended to
1780.Va network_interfaces
1781for configuration.
1782.It Va cloned_interfaces_sticky
1783.Pq Vt bool
1784This variable is to globally enable functionality of
1785.Dq :sticky
1786keyword in
1787.Va cloned_interfaces
1788for all interfaces.
1789The default value is
1790.Dq NO .
1791Even if this variable is specified to
1792.Dq YES ,
1793.Dq :nosticky
1794keyword can be used to override it on per interface basis.
1795.It Va gif_interfaces
1796.Pq Vt str
1797This variable is deprecated in favor of
1798.Va cloned_interfaces .
1799Set to the list of
1800.Xr gif 4
1801tunnel interfaces to configure on this host.
1802A
1803.Va gifconfig_ Ns Aq Ar interface
1804variable is assumed to exist for each value of
1805.Ar interface .
1806The value of this variable is used to configure the link layer of the
1807tunnel according to the syntax of the
1808.Cm tunnel
1809option to
1810.Xr ifconfig 8 .
1811Additionally, this option ensures that each listed interface is created
1812via the
1813.Cm create
1814option to
1815.Xr ifconfig 8
1816before attempting to configure it.
1817.It Va sppp_interfaces
1818.Pq Vt str
1819Set to the list of
1820.Xr sppp 4
1821interfaces to configure on this host.
1822A
1823.Va spppconfig_ Ns Aq Ar interface
1824variable is assumed to exist for each value of
1825.Ar interface .
1826Each interface should also be configured by a general
1827.Va ifconfig_ Ns Aq Ar interface
1828setting.
1829Refer to
1830.Xr spppcontrol 8
1831for more information about available options.
1832.It Va ppp_enable
1833.Pq Vt bool
1834If set to
1835.Dq Li YES ,
1836run the
1837.Xr ppp 8
1838daemon.
1839.It Va ppp_profile
1840.Pq Vt str
1841The name of the profile to use from
1842.Pa /etc/ppp/ppp.conf .
1843Also used for per-profile overrides of
1844.Va ppp_mode
1845and
1846.Va ppp_nat ,
1847and
1848.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1849When the profile name contains any of the characters
1850.Dq Li .-/+
1851they are translated to
1852.Dq Li _
1853for the proposes of the override variable names.
1854.It Va ppp_mode
1855.Pq Vt str
1856Mode in which to run the
1857.Xr ppp 8
1858daemon.
1859.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1860.Pq Vt str
1861Overrides the global
1862.Va ppp_mode
1863for
1864.Ar profile .
1865Accepted modes are
1866.Dq Li auto ,
1867.Dq Li ddial ,
1868.Dq Li direct
1869and
1870.Dq Li dedicated .
1871See the manual for a full description.
1872.It Va ppp_nat
1873.Pq Vt bool
1874If set to
1875.Dq Li YES ,
1876enables network address translation.
1877Used in conjunction with
1878.Va gateway_enable
1879allows hosts on private network addresses access to the Internet using
1880this host as a network address translating router.
1881.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1882.Pq Vt str
1883Overrides the global
1884.Va ppp_nat
1885for
1886.Ar profile .
1887.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1888.Pq Vt int
1889Set the unit number to be used for this profile.
1890See the manual description of
1891.Fl unit Ns Ar N
1892for details.
1893.It Va ppp_user
1894.Pq Vt str
1895The name of the user under which
1896.Xr ppp 8
1897should be started.
1898By
1899default,
1900.Xr ppp 8
1901is started as
1902.Dq Li root .
1903.It Va rc_conf_files
1904.Pq Vt str
1905This option is used to specify a list of files that will override
1906the settings in
1907.Pa /etc/defaults/rc.conf .
1908The files will be read in the order in which they are specified and should
1909include the full path to the file.
1910By default, the files specified are
1911.Pa /etc/rc.conf
1912and
1913.Pa /etc/rc.conf.local
1914.It Va zfs_enable
1915.Pq Vt bool
1916If set to
1917.Dq Li YES ,
1918.Pa /etc/rc.d/zfs
1919will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1920(ZVOLs).
1921.It Va gptboot_enable
1922.Pq Vt bool
1923If set to
1924.Dq Li YES ,
1925.Pa /etc/rc.d/gptboot
1926will log if the system successfully (or not) booted from a GPT partition,
1927which had the
1928.Ar bootonce
1929attribute set using
1930.Xr gpart 8
1931utility.
1932.It Va gbde_autoattach_all
1933.Pq Vt bool
1934If set to
1935.Dq Li YES ,
1936.Pa /etc/rc.d/gbde
1937will attempt to automatically initialize your .bde devices in
1938.Pa /etc/fstab .
1939.It Va gbde_devices
1940.Pq Vt str
1941List the devices that the script should try to attach,
1942or
1943.Dq Li AUTO .
1944.It Va gbde_lockdir
1945.Pq Vt str
1946The directory where the
1947.Xr gbde 4
1948lockfiles are located.
1949The default lockfile directory is
1950.Pa /etc .
1951.Pp
1952The lockfile for each individual
1953.Xr gbde 4
1954device can be overridden by setting the variable
1955.Va gbde_lock_ Ns Aq Ar device ,
1956where
1957.Ar device
1958is the encrypted device without the
1959.Dq Pa /dev/
1960and
1961.Dq Pa .bde
1962parts.
1963.It Va gbde_attach_attempts
1964.Pq Vt int
1965Number of times to attempt attaching to a
1966.Xr gbde 4
1967device, i.e., how many times the user is asked for the pass-phrase.
1968Default is 3.
1969.It Va geli_devices
1970.Pq Vt str
1971List of devices to automatically attach on boot.
1972Note that .eli devices from
1973.Pa /etc/fstab
1974are automatically appended to this list.
1975.It Va geli_tries
1976.Pq Vt int
1977Number of times user is asked for the pass-phrase.
1978If empty, it will be taken from
1979.Va kern.geom.eli.tries
1980sysctl variable.
1981.It Va geli_default_flags
1982.Pq Vt str
1983Default flags to use by
1984.Xr geli 8
1985when configuring disk encryption.
1986Flags can be configured for every device separately by defining
1987.Va geli_ Ns Ao Ar device Ac Ns Va _flags
1988variable.
1989.It Va geli_autodetach
1990.Pq Vt str
1991Specifies if GELI devices should be marked for detach on last close after
1992file systems are mounted.
1993Default is
1994.Dq Li YES .
1995This can be changed for every device separately by defining
1996.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1997variable.
1998.It Va root_rw_mount
1999.Pq Vt bool
2000Set to
2001.Dq Li YES
2002by default.
2003After the file systems are checked at boot time, the root file system
2004is remounted as read-write if this is set to
2005.Dq Li YES .
2006Diskless systems that mount their root file system from a read-only remote
2007NFS share should set this to
2008.Dq Li NO
2009in their
2010.Pa rc.conf .
2011.It Va fsck_y_enable
2012.Pq Vt bool
2013If set to
2014.Dq Li YES ,
2015.Xr fsck 8
2016will be run with the
2017.Fl y
2018flag if the initial preen
2019of the file systems fails.
2020.It Va background_fsck
2021.Pq Vt bool
2022If set to
2023.Dq Li YES ,
2024the system will attempt to run
2025.Xr fsck 8
2026in the background where possible.
2027.It Va background_fsck_delay
2028.Pq Vt int
2029The amount of time in seconds to sleep before starting a background
2030.Xr fsck 8 .
2031It defaults to sixty seconds to allow large applications such as
2032the X server to start before disk I/O bandwidth is monopolized by
2033.Xr fsck 8 .
2034If set to a negative number, the background file system check will be
2035delayed indefinitely to allow the administrator to run it at a more
2036convenient time.
2037For example it may be run from
2038.Xr cron 8
2039by adding a line like
2040.Pp
2041.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2042.Pp
2043to
2044.Pa /etc/crontab .
2045.It Va netfs_types
2046.Pq Vt str
2047List of file system types that are network-based.
2048This list should generally not be modified by end users.
2049Use
2050.Va extra_netfs_types
2051instead.
2052.It Va extra_netfs_types
2053.Pq Vt str
2054If set to something other than
2055.Dq Li NO
2056(the default),
2057this variable extends the list of file system types
2058for which automatic mounting at startup by
2059.Xr rc 8
2060should be delayed until the network is initialized.
2061It should contain
2062a whitespace-separated list of network file system descriptor pairs,
2063each consisting of a file system type as passed to
2064.Xr mount 8
2065and a human-readable, one-word description,
2066joined with a colon
2067.Pq Ql \&: .
2068Extending the default list in this way is only necessary
2069when third party file system types are used.
2070.It Va syslogd_enable
2071.Pq Vt bool
2072If set to
2073.Dq Li YES ,
2074run the
2075.Xr syslogd 8
2076daemon.
2077.It Va syslogd_program
2078.Pq Vt str
2079Path to
2080.Xr syslogd 8
2081(default
2082.Pa /usr/sbin/syslogd ) .
2083.It Va syslogd_flags
2084.Pq Vt str
2085If
2086.Va syslogd_enable
2087is set to
2088.Dq Li YES ,
2089these are the flags to pass to
2090.Xr syslogd 8 .
2091.It Va inetd_enable
2092.Pq Vt bool
2093If set to
2094.Dq Li YES ,
2095run the
2096.Xr inetd 8
2097daemon.
2098.It Va inetd_program
2099.Pq Vt str
2100Path to
2101.Xr inetd 8
2102(default
2103.Pa /usr/sbin/inetd ) .
2104.It Va inetd_flags
2105.Pq Vt str
2106If
2107.Va inetd_enable
2108is set to
2109.Dq Li YES ,
2110these are the flags to pass to
2111.Xr inetd 8 .
2112.It Va hastd_enable
2113.Pq Vt bool
2114If set to
2115.Dq Li YES ,
2116run the
2117.Xr hastd 8
2118daemon.
2119.It Va hastd_program
2120.Pq Vt str
2121Path to
2122.Xr hastd 8
2123(default
2124.Pa /sbin/hastd ) .
2125.It Va hastd_flags
2126.Pq Vt str
2127If
2128.Va hastd_enable
2129is set to
2130.Dq Li YES ,
2131these are the flags to pass to
2132.Xr hastd 8 .
2133.It Va local_unbound_enable
2134.Pq Vt bool
2135If set to
2136.Dq Li YES ,
2137run the
2138.Xr unbound 8
2139daemon as a local caching resolver.
2140.It Va kdc_enable
2141.Pq Vt bool
2142Set to
2143.Dq Li YES
2144to start a Kerberos 5 authentication server
2145at boot time.
2146.It Va kdc_program
2147.Pq Vt str
2148If
2149.Va kdc_enable
2150is set to
2151.Dq Li YES
2152this is the path to Kerberos 5 Authentication Server.
2153.It Va kdc_flags
2154.Pq Vt str
2155Empty by default.
2156This variable contains additional flags to be passed to the Kerberos 5
2157authentication server.
2158.It Va kadmind_enable
2159.Pq Vt bool
2160Set to
2161.Dq Li YES
2162to start
2163.Xr kadmind 8 ,
2164the Kerberos 5 Administration Daemon; set to
2165.Dq Li NO
2166on a slave server.
2167.It Va kadmind_program
2168.Pq Vt str
2169If
2170.Va kadmind_enable
2171is set to
2172.Dq Li YES
2173this is the path to Kerberos 5 Administration Daemon.
2174.It Va kpasswdd_enable
2175.Pq Vt bool
2176Set to
2177.Dq Li YES
2178to start
2179.Xr kpasswdd 8 ,
2180the Kerberos 5 Password-Changing Daemon; set to
2181.Dq Li NO
2182on a slave server.
2183.It Va kpasswdd_program
2184.Pq Vt str
2185If
2186.Va kpasswdd_enable
2187is set to
2188.Dq Li YES
2189this is the path to Kerberos 5 Password-Changing Daemon.
2190.It Va kfd_enable
2191.Pq Vt bool
2192Set to
2193.Dq Li YES
2194to start
2195.Xr kfd 8 ,
2196the Kerberos 5 ticket forwarding daemon, at the boot time.
2197.It Va kfd_program
2198.Pq Vt str
2199Path to
2200.Xr kfd 8
2201(default
2202.Pa /usr/libexec/kfd ) .
2203.It Va rwhod_enable
2204.Pq Vt bool
2205If set to
2206.Dq Li YES ,
2207run the
2208.Xr rwhod 8
2209daemon at boot time.
2210.It Va rwhod_flags
2211.Pq Vt str
2212If
2213.Va rwhod_enable
2214is set to
2215.Dq Li YES ,
2216these are the flags to pass to it.
2217.It Va amd_enable
2218.Pq Vt bool
2219If set to
2220.Dq Li YES ,
2221run the
2222.Xr amd 8
2223daemon at boot time.
2224.It Va amd_flags
2225.Pq Vt str
2226If
2227.Va amd_enable
2228is set to
2229.Dq Li YES ,
2230these are the flags to pass to it.
2231See the
2232.Xr amd 8
2233manpage for more information.
2234.It Va amd_map_program
2235.Pq Vt str
2236If set,
2237the specified program is run to get the list of
2238.Xr amd 8
2239maps.
2240For example, if the
2241.Xr amd 8
2242maps are stored in NIS, one can set this to
2243run
2244.Xr ypcat 1
2245to get a list of
2246.Xr amd 8
2247maps from the
2248.Pa amd.master
2249NIS map.
2250.It Va update_motd
2251.Pq Vt bool
2252If set to
2253.Dq Li YES ,
2254.Pa /etc/motd
2255will be updated at boot time to reflect the kernel release
2256being run.
2257If set to
2258.Dq Li NO ,
2259.Pa /etc/motd
2260will not be updated.
2261.It Va nfs_client_enable
2262.Pq Vt bool
2263If set to
2264.Dq Li YES ,
2265run the NFS client daemons at boot time.
2266.It Va nfs_access_cache
2267.Pq Vt int
2268If
2269.Va nfs_client_enable
2270is set to
2271.Dq Li YES ,
2272this can be set to
2273.Dq Li 0
2274to disable NFS ACCESS RPC caching, or to the number of seconds for which
2275NFS ACCESS
2276results should be cached.
2277A value of 2-10 seconds will substantially reduce network
2278traffic for many NFS operations.
2279.It Va nfs_server_enable
2280.Pq Vt bool
2281If set to
2282.Dq Li YES ,
2283run the NFS server daemons at boot time.
2284.It Va nfs_server_flags
2285.Pq Vt str
2286If
2287.Va nfs_server_enable
2288is set to
2289.Dq Li YES ,
2290these are the flags to pass to the
2291.Xr nfsd 8
2292daemon.
2293.It Va nfsv4_server_enable
2294.Pq Vt bool
2295If
2296.Va nfs_server_enable
2297is set to
2298.Dq Li YES
2299and
2300.Va nfsv4_server_enable
2301are set to
2302.Dq Li YES ,
2303enable the server for NFSv4 as well as NFSv2 and NFSv3.
2304.It Va nfsuserd_enable
2305.Pq Vt bool
2306If
2307.Va nfsuserd_enable
2308is set to
2309.Dq Li YES ,
2310run the nfsuserd daemon, which is needed for NFSv4 in order
2311to map between user/group names vs uid/gid numbers.
2312If
2313.Va nfsv4_server_enable
2314is set to
2315.Dq Li YES ,
2316this will be forced enabled.
2317.It Va nfsuserd_flags
2318.Pq Vt str
2319If
2320.Va nfsuserd_enable
2321is set to
2322.Dq Li YES ,
2323these are the flags to pass to the
2324.Xr nfsuserd 8
2325daemon.
2326.It Va nfscbd_enable
2327.Pq Vt bool
2328If
2329.Va nfscbd_enable
2330is set to
2331.Dq Li YES ,
2332run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2333.It Va nfscbd_flags
2334.Pq Vt str
2335If
2336.Va nfscbd_enable
2337is set to
2338.Dq Li YES ,
2339these are the flags to pass to the
2340.Xr nfscbd 8
2341daemon.
2342.It Va mountd_enable
2343.Pq Vt bool
2344If set to
2345.Dq Li YES ,
2346and no
2347.Va nfs_server_enable
2348is set, start
2349.Xr mountd 8 ,
2350but not
2351.Xr nfsd 8
2352daemon.
2353It is commonly needed to run CFS without real NFS used.
2354.It Va mountd_flags
2355.Pq Vt str
2356If
2357.Va mountd_enable
2358is set to
2359.Dq Li YES ,
2360these are the flags to pass to the
2361.Xr mountd 8
2362daemon.
2363.It Va weak_mountd_authentication
2364.Pq Vt bool
2365If set to
2366.Dq Li YES ,
2367allow services like PCNFSD to make non-privileged mount
2368requests.
2369.It Va nfs_reserved_port_only
2370.Pq Vt bool
2371If set to
2372.Dq Li YES ,
2373provide NFS services only on a secure port.
2374.It Va nfs_bufpackets
2375.Pq Vt int
2376If set to a number, indicates the number of packets worth of
2377socket buffer space to reserve on an NFS client.
2378The kernel default is typically 4.
2379Using a higher number may be
2380useful on gigabit networks to improve performance.
2381The minimum value is
23822 and the maximum is 64.
2383.It Va rpc_lockd_enable
2384.Pq Vt bool
2385If set to
2386.Dq Li YES
2387and also an NFS server or client, run
2388.Xr rpc.lockd 8
2389at boot time.
2390.It Va rpc_lockd_flags
2391.Pq Vt str
2392If
2393.Va rpc_lockd_enable
2394is set to
2395.Dq Li YES ,
2396these are the flags to pass to the
2397.Xr rpc.lockd 8
2398daemon.
2399.It Va rpc_statd_enable
2400.Pq Vt bool
2401If set to
2402.Dq Li YES
2403and also an NFS server or client, run
2404.Xr rpc.statd 8
2405at boot time.
2406.It Va rpc_statd_flags
2407.Pq Vt str
2408If
2409.Va rpc_statd_enable
2410is set to
2411.Dq Li YES ,
2412these are the flags to pass to the
2413.Xr rpc.statd 8
2414daemon.
2415.It Va rpcbind_program
2416.Pq Vt str
2417Path to
2418.Xr rpcbind 8
2419(default
2420.Pa /usr/sbin/rpcbind ) .
2421.It Va rpcbind_enable
2422.Pq Vt bool
2423If set to
2424.Dq Li YES ,
2425run the
2426.Xr rpcbind 8
2427service at boot time.
2428.It Va rpcbind_flags
2429.Pq Vt str
2430If
2431.Va rpcbind_enable
2432is set to
2433.Dq Li YES ,
2434these are the flags to pass to the
2435.Xr rpcbind 8
2436daemon.
2437.It Va keyserv_enable
2438.Pq Vt bool
2439If set to
2440.Dq Li YES ,
2441run the
2442.Xr keyserv 8
2443daemon on boot for running Secure RPC.
2444.It Va keyserv_flags
2445.Pq Vt str
2446If
2447.Va keyserv_enable
2448is set to
2449.Dq Li YES ,
2450these are the flags to pass to
2451.Xr keyserv 8
2452daemon.
2453.It Va pppoed_enable
2454.Pq Vt bool
2455If set to
2456.Dq Li YES ,
2457run the
2458.Xr pppoed 8
2459daemon at boot time to provide PPP over Ethernet services.
2460.It Va pppoed_ Ns Aq Ar provider
2461.Pq Vt str
2462.Xr pppoed 8
2463listens to requests to this
2464.Ar provider
2465and ultimately runs
2466.Xr ppp 8
2467with a
2468.Ar system
2469argument of the same name.
2470.It Va pppoed_flags
2471.Pq Vt str
2472Additional flags to pass to
2473.Xr pppoed 8 .
2474.It Va pppoed_interface
2475.Pq Vt str
2476The network interface to run
2477.Xr pppoed 8
2478on.
2479This is mandatory when
2480.Va pppoed_enable
2481is set to
2482.Dq Li YES .
2483.It Va timed_enable
2484.Pq Vt bool
2485If set to
2486.Dq Li YES ,
2487run the
2488.Xr timed 8
2489service at boot time.
2490This command is intended for networks of
2491machines where a consistent
2492.Dq "network time"
2493for all hosts must be established.
2494This is often useful in large NFS
2495environments where time stamps on files are expected to be consistent
2496network-wide.
2497.It Va timed_flags
2498.Pq Vt str
2499If
2500.Va timed_enable
2501is set to
2502.Dq Li YES ,
2503these are the flags to pass to the
2504.Xr timed 8
2505service.
2506.It Va ntpdate_enable
2507.Pq Vt bool
2508If set to
2509.Dq Li YES ,
2510run
2511.Xr ntpdate 8
2512at system startup.
2513This command is intended to
2514synchronize the system clock only
2515.Em once
2516from some standard reference.
2517.It Va ntpdate_config
2518.Pq Vt str
2519Configuration file for
2520.Xr ntpdate 8 .
2521Default
2522.Pa /etc/ntp.conf .
2523.It Va ntpdate_hosts
2524.Pq Vt str
2525A whitespace-separated list of NTP servers to synchronize with at startup.
2526The default is to use the servers listed in
2527.Va ntpdate_config ,
2528if that file exists.
2529.It Va ntpdate_program
2530.Pq Vt str
2531Path to
2532.Xr ntpdate 8
2533(default
2534.Pa /usr/sbin/ntpdate ) .
2535.It Va ntpdate_flags
2536.Pq Vt str
2537If
2538.Va ntpdate_enable
2539is set to
2540.Dq Li YES ,
2541these are the flags to pass to the
2542.Xr ntpdate 8
2543command (typically a hostname).
2544.It Va ntpd_enable
2545.Pq Vt bool
2546If set to
2547.Dq Li YES ,
2548run the
2549.Xr ntpd 8
2550command at boot time.
2551.It Va ntpd_program
2552.Pq Vt str
2553Path to
2554.Xr ntpd 8
2555(default
2556.Pa /usr/sbin/ntpd ) .
2557.It Va ntpd_config
2558.Pq Vt str
2559Path to
2560.Xr ntpd 8
2561configuration file.
2562Default
2563.Pa /etc/ntp.conf .
2564.It Va ntpd_flags
2565.Pq Vt str
2566If
2567.Va ntpd_enable
2568is set to
2569.Dq Li YES ,
2570these are the flags to pass to the
2571.Xr ntpd 8
2572daemon.
2573.It Va ntpd_sync_on_start
2574.Pq Vt bool
2575If set to
2576.Dq Li YES ,
2577.Xr ntpd 8
2578is run with the
2579.Fl g
2580flag, which syncs the system's clock on startup.
2581See
2582.Xr ntpd 8
2583for more information regarding the
2584.Fl g
2585option.
2586This is a preferred alternative to using
2587.Xr ntpdate 8
2588or specifying the
2589.Va ntpdate_enable
2590variable.
2591.It Va nis_client_enable
2592.Pq Vt bool
2593If set to
2594.Dq Li YES ,
2595run the
2596.Xr ypbind 8
2597service at system boot time.
2598.It Va nis_client_flags
2599.Pq Vt str
2600If
2601.Va nis_client_enable
2602is set to
2603.Dq Li YES ,
2604these are the flags to pass to the
2605.Xr ypbind 8
2606service.
2607.It Va nis_ypldap_enable
2608.Pq Vt bool
2609If set to
2610.Dq Li YES ,
2611run the
2612.Xr ypldap 8
2613daemon at system boot time.
2614.It Va nis_ypldap_flags
2615.Pq Vt str
2616If
2617.Va nis.ypldap_enable
2618is set to
2619.Dq Li YES ,
2620these are the flags to pass to the
2621.Xr ypldap 8
2622daemon.
2623.It Va nis_ypset_enable
2624.Pq Vt bool
2625If set to
2626.Dq Li YES ,
2627run the
2628.Xr ypset 8
2629daemon at system boot time.
2630.It Va nis_ypset_flags
2631.Pq Vt str
2632If
2633.Va nis_ypset_enable
2634is set to
2635.Dq Li YES ,
2636these are the flags to pass to the
2637.Xr ypset 8
2638daemon.
2639.It Va nis_server_enable
2640.Pq Vt bool
2641If set to
2642.Dq Li YES ,
2643run the
2644.Xr ypserv 8
2645daemon at system boot time.
2646.It Va nis_server_flags
2647.Pq Vt str
2648If
2649.Va nis_server_enable
2650is set to
2651.Dq Li YES ,
2652these are the flags to pass to the
2653.Xr ypserv 8
2654daemon.
2655.It Va nis_ypxfrd_enable
2656.Pq Vt bool
2657If set to
2658.Dq Li YES ,
2659run the
2660.Xr rpc.ypxfrd 8
2661daemon at system boot time.
2662.It Va nis_ypxfrd_flags
2663.Pq Vt str
2664If
2665.Va nis_ypxfrd_enable
2666is set to
2667.Dq Li YES ,
2668these are the flags to pass to the
2669.Xr rpc.ypxfrd 8
2670daemon.
2671.It Va nis_yppasswdd_enable
2672.Pq Vt bool
2673If set to
2674.Dq Li YES ,
2675run the
2676.Xr rpc.yppasswdd 8
2677daemon at system boot time.
2678.It Va nis_yppasswdd_flags
2679.Pq Vt str
2680If
2681.Va nis_yppasswdd_enable
2682is set to
2683.Dq Li YES ,
2684these are the flags to pass to the
2685.Xr rpc.yppasswdd 8
2686daemon.
2687.It Va rpc_ypupdated_enable
2688.Pq Vt bool
2689If set to
2690.Dq Li YES ,
2691run the
2692.Nm rpc.ypupdated
2693daemon at system boot time.
2694.It Va bsnmpd_enable
2695.Pq Vt bool
2696If set to
2697.Dq Li YES ,
2698run the
2699.Xr bsnmpd 1
2700daemon at system boot time.
2701Be sure to understand the security implications of running SNMP daemon
2702on your host.
2703.It Va bsnmpd_flags
2704.Pq Vt str
2705If
2706.Va bsnmpd_enable
2707is set to
2708.Dq Li YES ,
2709these are the flags to pass to the
2710.Xr bsnmpd 1
2711daemon.
2712.It Va defaultrouter
2713.Pq Vt str
2714If not set to
2715.Dq Li NO ,
2716create a default route to this host name or IP address
2717(use an IP address if this router is also required to get to the
2718name server!).
2719.It Va ipv6_defaultrouter
2720.Pq Vt str
2721The IPv6 equivalent of
2722.Va defaultrouter .
2723.It Va static_arp_pairs
2724.Pq Vt str
2725Set to the list of static ARP pairs that are to be added at system
2726boot time.
2727For each whitespace separated
2728.Ar element
2729in the value, a
2730.Va static_arp_ Ns Aq Ar element
2731variable is assumed to exist whose contents will later be passed to a
2732.Dq Nm arp Cm -S
2733operation.
2734For example
2735.Bd -literal
2736static_arp_pairs="gw"
2737static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2738.Ed
2739.It Va static_ndp_pairs
2740.Pq Vt str
2741Set to the list of static NDP pairs that are to be added at system
2742boot time.
2743For each whitespace separated
2744.Ar element
2745in the value, a
2746.Va static_ndp_ Ns Aq Ar element
2747variable is assumed to exist whose contents will later be passed to a
2748.Dq Nm ndp Cm -s
2749operation.
2750For example
2751.Bd -literal
2752static_ndp_pairs="gw"
2753static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2754.Ed
2755.It Va static_routes
2756.Pq Vt str
2757Set to the list of static routes that are to be added at system
2758boot time.
2759If not set to
2760.Dq Li NO
2761then for each whitespace separated
2762.Ar element
2763in the value, a
2764.Va route_ Ns Aq Ar element
2765variable is assumed to exist
2766whose contents will later be passed to a
2767.Dq Nm route Cm add
2768operation.
2769For example:
2770.Bd -literal
2771static_routes="ext mcast:gif0 gif0local:gif0"
2772route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2773route_mcast="-net 224.0.0.0/4 -iface gif0"
2774route_gif0local="-host 169.254.1.1 -iface lo0"
2775.Ed
2776.Pp
2777When an
2778.Ar element
2779is in the form of
2780.Li name:ifname ,
2781the route is specific to the interface
2782.Li ifname .
2783.It Va ipv6_static_routes
2784.Pq Vt str
2785The IPv6 equivalent of
2786.Va static_routes .
2787If not set to
2788.Dq Li NO
2789then for each whitespace separated
2790.Ar element
2791in the value, a
2792.Va ipv6_route_ Ns Aq Ar element
2793variable is assumed to exist
2794whose contents will later be passed to a
2795.Dq Nm route Cm add Fl inet6
2796operation.
2797.It Va gateway_enable
2798.Pq Vt bool
2799If set to
2800.Dq Li YES ,
2801configure host to act as an IP router, e.g.\& to forward packets
2802between interfaces.
2803.It Va ipv6_gateway_enable
2804.Pq Vt bool
2805The IPv6 equivalent of
2806.Va gateway_enable .
2807.It Va routed_enable
2808.Pq Vt bool
2809If set to
2810.Dq Li YES ,
2811run a routing daemon of some sort, based on the
2812settings of
2813.Va routed_program
2814and
2815.Va routed_flags .
2816.It Va route6d_enable
2817.Pq Vt bool
2818The IPv6 equivalent of
2819.Va routed_enable .
2820If set to
2821.Dq Li YES ,
2822run a routing daemon of some sort, based on the
2823settings of
2824.Va route6d_program
2825and
2826.Va route6d_flags .
2827.It Va routed_program
2828.Pq Vt str
2829If
2830.Va routed_enable
2831is set to
2832.Dq Li YES ,
2833this is the name of the routing daemon to use.
2834.It Va route6d_program
2835.Pq Vt str
2836The IPv6 equivalent of
2837.Va routed_program .
2838.It Va routed_flags
2839.Pq Vt str
2840If
2841.Va routed_enable
2842is set to
2843.Dq Li YES ,
2844these are the flags to pass to the routing daemon.
2845.It Va route6d_flags
2846.Pq Vt str
2847The IPv6 equivalent of
2848.Va routed_flags .
2849.It Va rtadvd_enable
2850.Pq Vt bool
2851If set to
2852.Dq Li YES ,
2853run the
2854.Xr rtadvd 8
2855daemon at boot time.
2856The
2857.Xr rtadvd 8
2858utility sends ICMPv6 Router Advertisement messages to
2859the interfaces specified in
2860.Va rtadvd_interfaces .
2861This should only be enabled with great care.
2862You may want to fine-tune
2863.Xr rtadvd.conf 5 .
2864.It Va rtadvd_interfaces
2865.Pq Vt str
2866If
2867.Va rtadvd_enable
2868is set to
2869.Dq Li YES
2870this is the list of interfaces to use.
2871.It Va arpproxy_all
2872.Pq Vt bool
2873If set to
2874.Dq Li YES ,
2875enable global proxy ARP.
2876.It Va forward_sourceroute
2877.Pq Vt bool
2878If set to
2879.Dq Li YES
2880and
2881.Va gateway_enable
2882is also set to
2883.Dq Li YES ,
2884source-routed packets are forwarded.
2885.It Va accept_sourceroute
2886.Pq Vt bool
2887If set to
2888.Dq Li YES ,
2889the system will accept source-routed packets directed at it.
2890.It Va rarpd_enable
2891.Pq Vt bool
2892If set to
2893.Dq Li YES ,
2894run the
2895.Xr rarpd 8
2896daemon at system boot time.
2897.It Va rarpd_flags
2898.Pq Vt str
2899If
2900.Va rarpd_enable
2901is set to
2902.Dq Li YES ,
2903these are the flags to pass to the
2904.Xr rarpd 8
2905daemon.
2906.It Va bootparamd_enable
2907.Pq Vt bool
2908If set to
2909.Dq Li YES ,
2910run the
2911.Xr bootparamd 8
2912daemon at system boot time.
2913.It Va bootparamd_flags
2914.Pq Vt str
2915If
2916.Va bootparamd_enable
2917is set to
2918.Dq Li YES ,
2919these are the flags to pass to the
2920.Xr bootparamd 8
2921daemon.
2922.It Va stf_interface_ipv4addr
2923.Pq Vt str
2924If not set to
2925.Dq Li NO ,
2926this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2927interface).
2928Specify this entry to enable the 6to4 interface.
2929.It Va stf_interface_ipv4plen
2930.Pq Vt int
2931Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2932An effective value is 0-31.
2933.It Va stf_interface_ipv6_ifid
2934.Pq Vt str
2935IPv6 interface ID for
2936.Xr stf 4 .
2937This can be set to
2938.Dq Li AUTO .
2939.It Va stf_interface_ipv6_slaid
2940.Pq Vt str
2941IPv6 Site Level Aggregator for
2942.Xr stf 4 .
2943.It Va ipv6_ipv4mapping
2944.Pq Vt bool
2945If set to
2946.Dq Li YES
2947this enables IPv4 mapped IPv6 address communication (like
2948.Li ::ffff:a.b.c.d ) .
2949.It Va rtsold_enable
2950.Pq Vt bool
2951Set to
2952.Dq Li YES
2953to enable the
2954.Xr rtsold 8
2955daemon to send ICMPv6 Router Solicitation messages.
2956.It Va rtsold_flags
2957.Pq Vt str
2958If
2959.Va rtsold_enable
2960is set to
2961.Dq Li YES ,
2962these are the flags to pass to
2963.Xr rtsold 8 .
2964.It Va rtsol_flags
2965.Pq Vt str
2966For interfaces configured with the
2967.Dq Li inet6 accept_rtadv
2968keyword, these are the flags to pass to
2969.Xr rtsol 8 .
2970.Pp
2971Note that
2972.Va rtsold_enable
2973is mutually exclusive to
2974.Va rtsol_flags ;
2975.Va rtsold_enable
2976takes precedence.
2977.It Va keybell
2978.Pq Vt str
2979The keyboard bell sound.
2980Set to
2981.Dq Li normal ,
2982.Dq Li visual ,
2983.Dq Li off ,
2984or
2985.Dq Li NO
2986if the default behavior is desired.
2987For details, refer to the
2988.Xr kbdcontrol 1
2989manpage.
2990.It Va keyboard
2991.Pq Vt str
2992If set to a non-null string, the virtual console's keyboard input is
2993set to this device.
2994.It Va keymap
2995.Pq Vt str
2996If set to
2997.Dq Li NO ,
2998no keymap is installed, otherwise the value is used to install
2999the keymap file found in
3000.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3001(if using
3002.Xr syscons 4 ) or
3003.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3004(if using
3005.Xr vt 4 ) .
3006.It Va keyrate
3007.Pq Vt str
3008The keyboard repeat speed.
3009Set to
3010.Dq Li slow ,
3011.Dq Li normal ,
3012.Dq Li fast ,
3013or
3014.Dq Li NO
3015if the default behavior is desired.
3016.It Va keychange
3017.Pq Vt str
3018If not set to
3019.Dq Li NO ,
3020attempt to program the function keys with the value.
3021The value should
3022be a single string of the form:
3023.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3024.It Va cursor
3025.Pq Vt str
3026Can be set to the value of
3027.Dq Li normal ,
3028.Dq Li blink ,
3029.Dq Li destructive ,
3030or
3031.Dq Li NO
3032to set the cursor behavior explicitly or choose the default behavior.
3033.It Va scrnmap
3034.Pq Vt str
3035If set to
3036.Dq Li NO ,
3037no screen map is installed, otherwise the value is used to install
3038the screen map file in
3039.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3040This parameter is ignored when using
3041.Xr vt 4
3042as the console driver.
3043.It Va font8x16
3044.Pq Vt str
3045If set to
3046.Dq Li NO ,
3047the default 8x16 font value is used for screen size requests, otherwise
3048the value in
3049.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3050or
3051.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3052is used (depending on the console driver being used).
3053.It Va font8x14
3054.Pq Vt str
3055If set to
3056.Dq Li NO ,
3057the default 8x14 font value is used for screen size requests, otherwise
3058the value in
3059.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3060or
3061.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3062is used (depending on the console driver being used).
3063.It Va font8x8
3064.Pq Vt str
3065If set to
3066.Dq Li NO ,
3067the default 8x8 font value is used for screen size requests, otherwise
3068the value in
3069.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3070or
3071.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3072is used (depending on the console driver being used).
3073.It Va blanktime
3074.Pq Vt int
3075If set to
3076.Dq Li NO ,
3077the default screen blanking interval is used, otherwise it is set
3078to
3079.Ar value
3080seconds.
3081.It Va saver
3082.Pq Vt str
3083If not set to
3084.Dq Li NO ,
3085this is the actual screen saver to use
3086.Li ( blank , snake , daemon ,
3087etc).
3088.It Va moused_nondefault_enable
3089.Pq Vt str
3090If set to
3091.Dq Li NO ,
3092the mouse device specified on
3093the command line is not automatically treated as enabled by the
3094.Pa /etc/rc.d/moused
3095script.
3096Having this variable set to
3097.Dq Li YES
3098allows a
3099.Xr usb 4
3100mouse,
3101for example,
3102to be enabled as soon as it is plugged in.
3103.It Va moused_enable
3104.Pq Vt str
3105If set to
3106.Dq Li YES ,
3107the
3108.Xr moused 8
3109daemon is started for doing cut/paste selection on the console.
3110.It Va moused_type
3111.Pq Vt str
3112This is the protocol type of the mouse connected to this host.
3113This variable must be set if
3114.Va moused_enable
3115is set to
3116.Dq Li YES .
3117The
3118.Xr moused 8
3119daemon
3120is able to detect the appropriate mouse type automatically in many cases.
3121Set this variable to
3122.Dq Li auto
3123to let the daemon detect it, or
3124select one from the following list if the automatic detection fails.
3125.Pp
3126If the mouse is attached to the PS/2 mouse port, choose
3127.Dq Li auto
3128or
3129.Dq Li ps/2 ,
3130regardless of the brand and model of the mouse.
3131Likewise, if the
3132mouse is attached to the bus mouse port, choose
3133.Dq Li auto
3134or
3135.Dq Li busmouse .
3136All other protocols are for serial mice and will not work with
3137the PS/2 and bus mice.
3138If this is a USB mouse,
3139.Dq Li auto
3140is the only protocol type which will work.
3141.Pp
3142.Bl -tag -width ".Li x10mouseremote" -compact
3143.It Li microsoft
3144Microsoft mouse (serial)
3145.It Li intellimouse
3146Microsoft IntelliMouse (serial)
3147.It Li mousesystems
3148Mouse systems Corp.\& mouse (serial)
3149.It Li mmseries
3150MM Series mouse (serial)
3151.It Li logitech
3152Logitech mouse (serial)
3153.It Li busmouse
3154A bus mouse
3155.It Li mouseman
3156Logitech MouseMan and TrackMan (serial)
3157.It Li glidepoint
3158ALPS GlidePoint (serial)
3159.It Li thinkingmouse
3160Kensington ThinkingMouse (serial)
3161.It Li ps/2
3162PS/2 mouse
3163.It Li mmhittab
3164MM HitTablet (serial)
3165.It Li x10mouseremote
3166X10 MouseRemote (serial)
3167.It Li versapad
3168Interlink VersaPad (serial)
3169.El
3170.Pp
3171Even if the mouse is not in the above list, it may be compatible
3172with one in the list.
3173Refer to the manual page for
3174.Xr moused 8
3175for compatibility information.
3176.Pp
3177It should also be noted that while this is enabled, any
3178other client of the mouse (such as an X server) should access
3179the mouse through the virtual mouse device,
3180.Pa /dev/sysmouse ,
3181and configure it as a
3182.Dq Li sysmouse
3183type mouse, since all
3184mouse data is converted to this single canonical format when
3185using
3186.Xr moused 8 .
3187If the client program does not support the
3188.Dq Li sysmouse
3189type,
3190specify the
3191.Dq Li mousesystems
3192type.
3193It is the second preferred type.
3194.It Va moused_port
3195.Pq Vt str
3196If
3197.Va moused_enable
3198is set to
3199.Dq Li YES ,
3200this is the actual port the mouse is on.
3201It might be
3202.Pa /dev/cuau0
3203for a COM1 serial mouse,
3204.Pa /dev/psm0
3205for a PS/2 mouse or
3206.Pa /dev/mse0
3207for a bus mouse, for example.
3208.It Va moused_flags
3209.Pq Vt str
3210If
3211.Va moused_flags
3212is set, its value is used as an additional set of flags to pass to the
3213.Xr moused 8
3214daemon.
3215.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3216When
3217.Va moused_nondefault_enable
3218is enabled, and a
3219.Xr moused 8
3220daemon is started for a non-default port, the
3221.Va "moused_" Ns Ar XXX Ns Va "_flags"
3222set of options has precedence over and replaces the default
3223.Va moused_flags
3224(where
3225.Ar XXX
3226is the name of the non-default port, i.e.,\&
3227.Ar ums0 ) .
3228By setting
3229.Va "moused_" Ns Ar XXX Ns Va "_flags"
3230it is possible to set up a different set of default flags for each
3231.Xr moused 8
3232instance.
3233For example, you can use
3234.Dq Li "-3"
3235for the default
3236.Va moused_flags
3237to make your laptop's touchpad more comfortable to use,
3238but an empty set of options for
3239.Va moused_ums0_flags
3240when your
3241.Xr usb 4
3242mouse has three or more buttons.
3243.It Va mousechar_start
3244.Pq Vt int
3245If set to
3246.Dq Li NO ,
3247the default mouse cursor character range
3248.Li 0xd0 Ns - Ns Li 0xd3
3249is used,
3250otherwise the range start is set
3251to
3252.Ar value
3253character, see
3254.Xr vidcontrol 1 .
3255Use if the default range is occupied in the language code table.
3256.It Va allscreens_flags
3257.Pq Vt str
3258If set,
3259.Xr vidcontrol 1
3260is run with these options for each of the virtual terminals
3261.Pq Pa /dev/ttyv* .
3262For example,
3263.Dq Fl m Cm on
3264will enable the mouse pointer on all virtual terminals
3265if
3266.Va moused_enable
3267is set to
3268.Dq Li YES .
3269.It Va allscreens_kbdflags
3270.Pq Vt str
3271If set,
3272.Xr kbdcontrol 1
3273is run with these options for each of the virtual terminals
3274.Pq Pa /dev/ttyv* .
3275For example,
3276.Dq Fl h Li 200
3277will set the
3278.Xr syscons 4
3279or
3280.Xr vt 4
3281scrollback (history) buffer to 200 lines.
3282.It Va cron_enable
3283.Pq Vt bool
3284If set to
3285.Dq Li YES ,
3286run the
3287.Xr cron 8
3288daemon at system boot time.
3289.It Va cron_program
3290.Pq Vt str
3291Path to
3292.Xr cron 8
3293(default
3294.Pa /usr/sbin/cron ) .
3295.It Va cron_flags
3296.Pq Vt str
3297If
3298.Va cron_enable
3299is set to
3300.Dq Li YES ,
3301these are the flags to pass to
3302.Xr cron 8 .
3303.It Va cron_dst
3304.Pq Vt bool
3305If set to
3306.Dq Li YES ,
3307enable the special handling of transitions to and from the
3308Daylight Saving Time in
3309.Xr cron 8
3310(equivalent to using the flag
3311.Fl s ) .
3312.It Va lpd_program
3313.Pq Vt str
3314Path to
3315.Xr lpd 8
3316(default
3317.Pa /usr/sbin/lpd ) .
3318.It Va lpd_enable
3319.Pq Vt bool
3320If set to
3321.Dq Li YES ,
3322run the
3323.Xr lpd 8
3324daemon at system boot time.
3325.It Va lpd_flags
3326.Pq Vt str
3327If
3328.Va lpd_enable
3329is set to
3330.Dq Li YES ,
3331these are the flags to pass to the
3332.Xr lpd 8
3333daemon.
3334.It Va chkprintcap_enable
3335.Pq Vt bool
3336If set to
3337.Dq Li YES ,
3338run the
3339.Xr chkprintcap 8
3340command before starting the
3341.Xr lpd 8
3342daemon.
3343.It Va chkprintcap_flags
3344.Pq Vt str
3345If
3346.Va lpd_enable
3347and
3348.Va chkprintcap_enable
3349are set to
3350.Dq Li YES ,
3351these are the flags to pass to the
3352.Xr chkprintcap 8
3353program.
3354The default is
3355.Dq Li -d ,
3356which causes missing directories to be created.
3357.It Va mta_start_script
3358.Pq Vt str
3359This variable specifies the full path to the script to run to start
3360a mail transfer agent.
3361The default is
3362.Pa /etc/rc.sendmail .
3363The
3364.Va sendmail_*
3365variables which
3366.Pa /etc/rc.sendmail
3367uses are documented in the
3368.Xr rc.sendmail 8
3369manual page.
3370.It Va dumpdev
3371.Pq Vt str
3372Indicates the device (usually a swap partition) to which a crash dump
3373should be written in the event of a system crash.
3374If the value of this variable is
3375.Dq Li AUTO ,
3376the first suitable swap device listed in
3377.Pa /etc/fstab
3378will be used as dump device.
3379Otherwise, the value of this variable is passed as the argument to
3380.Xr dumpon 8 .
3381To disable crash dumps, set this variable to
3382.Dq Li NO .
3383.It Va dumpon_flags
3384.Pq Vt str
3385Flags to pass to
3386.Xr dumpon 8
3387when configuring
3388.Va dumpdev
3389as the system dump device.
3390.It Va dumpdir
3391.Pq Vt str
3392When the system reboots after a crash and a crash dump is found on the
3393device specified by the
3394.Va dumpdev
3395variable,
3396.Xr savecore 8
3397will save that crash dump and a copy of the kernel to the directory
3398specified by the
3399.Va dumpdir
3400variable.
3401The default value is
3402.Pa /var/crash .
3403Set to
3404.Dq Li NO
3405to not run
3406.Xr savecore 8
3407at boot time when
3408.Va dumpdir
3409is set.
3410.It Va savecore_enable
3411.Pq Vt bool
3412If set to
3413.Dq Li NO ,
3414disable automatic extraction of the crash dump from the
3415.Va dumpdev .
3416.It Va savecore_flags
3417.Pq Vt str
3418If crash dumps are enabled, these are the flags to pass to the
3419.Xr savecore 8
3420utility.
3421.It Va quota_enable
3422.Pq Vt bool
3423Set to
3424.Dq Li YES
3425to turn on user and group disk quotas on system startup via the
3426.Xr quotaon 8
3427command for all file systems marked as having quotas enabled in
3428.Pa /etc/fstab .
3429The kernel must be built with
3430.Cd "options QUOTA"
3431for disk quotas to function.
3432.It Va check_quotas
3433.Pq Vt bool
3434Set to
3435.Dq Li YES
3436to enable user and group disk quota checking via the
3437.Xr quotacheck 8
3438command.
3439.It Va quotacheck_flags
3440.Pq Vt str
3441If
3442.Va quota_enable
3443is set to
3444.Dq Li YES ,
3445and
3446.Va check_quotas
3447is set to
3448.Dq Li YES ,
3449these are the flags to pass to the
3450.Xr quotacheck 8
3451utility.
3452The default is
3453.Dq Li "-a" ,
3454which checks quotas for all file systems with quotas enabled in
3455.Pa /etc/fstab .
3456.It Va quotaon_flags
3457.Pq Vt str
3458If
3459.Va quota_enable
3460is set to
3461.Dq Li YES ,
3462these are the flags to pass to the
3463.Xr quotaon 8
3464utility.
3465The default is
3466.Dq Li "-a" ,
3467which enables quotas for all file systems with quotas enabled in
3468.Pa /etc/fstab .
3469.It Va quotaoff_flags
3470.Pq Vt str
3471If
3472.Va quota_enable
3473is set to
3474.Dq Li YES ,
3475these are the flags to pass to the
3476.Xr quotaoff 8
3477utility when shutting down the quota system.
3478The default is
3479.Dq Li "-a" ,
3480which disables quotas for all file systems with quotas enabled in
3481.Pa /etc/fstab .
3482.It Va accounting_enable
3483.Pq Vt bool
3484Set to
3485.Dq Li YES
3486to enable system accounting through the
3487.Xr accton 8
3488facility.
3489.It Va ibcs2_enable
3490.Pq Vt bool
3491Set to
3492.Dq Li YES
3493to enable iBCS2 (SCO) binary emulation at system initial boot
3494time.
3495.It Va ibcs2_loaders
3496.Pq Vt str
3497If not set to
3498.Dq Li NO
3499and if
3500.Va ibcs2_enable
3501is set to
3502.Dq Li YES ,
3503this specifies a list of additional iBCS2 loaders to enable.
3504.It Va firstboot_sentinel
3505.Pq Vt str
3506This variable specifies the full path to a
3507.Dq first boot
3508sentinel file.
3509If a file exists with this path,
3510.Pa rc.d
3511scripts with the
3512.Dq firstboot
3513keyword will be run on startup and the sentinel file will be deleted
3514after the boot process completes.
3515The sentinel file must be located on a writable file system which is
3516mounted no later than
3517.Va early_late_divider
3518to function properly.
3519The default is
3520.Pa /firstboot .
3521.It Va linux_enable
3522.Pq Vt bool
3523Set to
3524.Dq Li YES
3525to enable Linux/ELF binary emulation at system initial
3526boot time.
3527.It Va sysvipc_enable
3528.Pq Vt bool
3529If set to
3530.Dq Li YES ,
3531load System V IPC primitives at boot time.
3532.It Va clear_tmp_enable
3533.Pq Vt bool
3534Set to
3535.Dq Li YES
3536to have
3537.Pa /tmp
3538cleaned at startup.
3539.It Va clear_tmp_X
3540.Pq Vt bool
3541Set to
3542.Dq Li NO
3543to disable removing of X11 lock files,
3544and the removal and (secure) recreation
3545of the various socket directories for X11
3546related programs.
3547.It Va ldconfig_paths
3548.Pq Vt str
3549Set to the list of shared library paths to use with
3550.Xr ldconfig 8 .
3551NOTE:
3552.Pa /usr/lib
3553will always be added first, so it need not appear in this list.
3554.It Va ldconfig32_paths
3555.Pq Vt str
3556Set to the list of 32-bit compatibility shared library paths to
3557use with
3558.Xr ldconfig 8 .
3559.It Va ldconfig_paths_aout
3560.Pq Vt str
3561Set to the list of shared library paths to use with
3562.Xr ldconfig 8
3563legacy
3564.Xr a.out 5
3565support.
3566.It Va ldconfig_insecure
3567.Pq Vt bool
3568The
3569.Xr ldconfig 8
3570utility normally refuses to use directories
3571which are writable by anyone except root.
3572Set this variable to
3573.Dq Li YES
3574to disable that security check during system startup.
3575.It Va ldconfig_local_dirs
3576.Pq Vt str
3577Set to the list of local
3578.Xr ldconfig 8
3579directories.
3580The names of all files in the directories listed will be
3581passed as arguments to
3582.Xr ldconfig 8 .
3583.It Va ldconfig_local32_dirs
3584.Pq Vt str
3585Set to the list of local 32-bit compatibility
3586.Xr ldconfig 8
3587directories.
3588The names of all files in the directories listed will be
3589passed as arguments to
3590.Dq Nm ldconfig Fl 32 .
3591.It Va kern_securelevel_enable
3592.Pq Vt bool
3593Set to
3594.Dq Li YES
3595to set the kernel security level at system startup.
3596.It Va kern_securelevel
3597.Pq Vt int
3598The kernel security level to set at startup.
3599The allowed range of
3600.Ar value
3601ranges from \-1 (the compile time default) to 3 (the
3602most secure).
3603See
3604.Xr security 7
3605for the list of possible security levels and their effect
3606on system operation.
3607.It Va sshd_program
3608.Pq Vt str
3609Path to the SSH server program
3610.Pa ( /usr/sbin/sshd
3611is the default).
3612.It Va sshd_enable
3613.Pq Vt bool
3614Set to
3615.Dq Li YES
3616to start
3617.Xr sshd 8
3618at system boot time.
3619.It Va sshd_flags
3620.Pq Vt str
3621If
3622.Va sshd_enable
3623is set to
3624.Dq Li YES ,
3625these are the flags to pass to the
3626.Xr sshd 8
3627daemon.
3628.It Va ftpd_program
3629.Pq Vt str
3630Path to the FTP server program
3631.Pa ( /usr/libexec/ftpd
3632is the default).
3633.It Va ftpd_enable
3634.Pq Vt bool
3635Set to
3636.Dq Li YES
3637to start
3638.Xr ftpd 8
3639as a stand-alone daemon at system boot time.
3640.It Va ftpd_flags
3641.Pq Vt str
3642If
3643.Va ftpd_enable
3644is set to
3645.Dq Li YES ,
3646these are the additional flags to pass to the
3647.Xr ftpd 8
3648daemon.
3649.It Va watchdogd_enable
3650.Pq Vt bool
3651If set to
3652.Dq Li YES ,
3653start the
3654.Xr watchdogd 8
3655daemon at boot time.
3656This requires that the kernel have been compiled with a
3657.Xr watchdog 4
3658compatible device.
3659.It Va watchdogd_flags
3660.Pq Vt str
3661If
3662.Va watchdogd_enable
3663is set to
3664.Dq Li YES ,
3665these are the flags passed to the
3666.Xr watchdogd 8
3667daemon.
3668.It Va devfs_rulesets
3669.Pq Vt str
3670List of files containing sets of rules for
3671.Xr devfs 8 .
3672.It Va devfs_system_ruleset
3673.Pq Vt str
3674Rule name(s) to apply to the system
3675.Pa /dev
3676itself.
3677.It Va devfs_set_rulesets
3678.Pq Vt str
3679Pairs of already-mounted
3680.Pa dev
3681directories and rulesets that should be applied to them.
3682For example: /mount/dev=ruleset_name
3683.It Va devfs_load_rulesets
3684.Pq Vt bool
3685If set, always load the default rulesets listed in
3686.Va devfs_rulesets .
3687.It Va performance_cx_lowest
3688.Pq Vt str
3689CPU idle state to use while on AC power.
3690The string
3691.Dq Li LOW
3692indicates that
3693.Xr acpi 4
3694should use the lowest power state available while
3695.Dq Li HIGH
3696indicates that the lowest latency state (less power savings) should be used.
3697.It Va performance_cpu_freq
3698.Pq Vt str
3699CPU clock frequency to use while on AC power.
3700The string
3701.Dq Li LOW
3702indicates that
3703.Xr cpufreq 4
3704should use the lowest frequency available while
3705.Dq Li HIGH
3706indicates that the highest frequency (less power savings) should be used.
3707.It Va economy_cx_lowest
3708.Pq Vt str
3709CPU idle state to use when off AC power.
3710The string
3711.Dq Li LOW
3712indicates that
3713.Xr acpi 4
3714should use the lowest power state available while
3715.Dq Li HIGH
3716indicates that the lowest latency state (less power savings) should be used.
3717.It Va economy_cpu_freq
3718.Pq Vt str
3719CPU clock frequency to use when off AC power.
3720The string
3721.Dq Li LOW
3722indicates that
3723.Xr cpufreq 4
3724should use the lowest frequency available while
3725.Dq Li HIGH
3726indicates that the highest frequency (less power savings) should be used.
3727.It Va jail_enable
3728.Pq Vt bool
3729If set to
3730.Dq Li NO ,
3731any configured jails will not be started.
3732.It Va jail_conf
3733.Pq Vt str
3734The configuration filename used by
3735.Xr jail 8
3736utility.
3737The default value is
3738.Pa /etc/jail.conf .
3739.It Va jail_parallel_start
3740.Pq Vt bool
3741If set to
3742.Dq Li YES ,
3743all configured jails will be started in the background (in parallel).
3744.It Va jail_flags
3745.Pq Vt str
3746Unset by default.
3747When set, use as default value for
3748.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3749for every jail in
3750.Va jail_list .
3751.It Va jail_list
3752.Pq Vt str
3753A space-delimited list of jail names.
3754When left empty, all of the
3755.Xr jail 8
3756instances defined in the configuration file are started.
3757The names specified in this list control the jail startup order.
3758.Xr jail 8
3759instances missing from
3760.Va jail_list
3761must be started manually.
3762Note that a jail's
3763.Va depend
3764parameter in the configuration file may override this list.
3765.It Va jail_reverse_stop
3766.Pq Vt bool
3767When set to
3768.Dq Li YES ,
3769all configured jails in
3770.Va jail_list
3771are stopped in reverse order.
3772.It Va jail_* variables
3773Note that older releases supported per-jail configuration via
3774.Nm
3775variables.
3776For example,
3777hostname of a jail named
3778.Li vjail
3779was able to be set by
3780.Li jail_vjail_hostname .
3781These per-jail configuration variables are now obsolete in favor of
3782.Xr jail 8
3783configuration file.
3784For backward compatibility,
3785when per-jail configuration variables are defined,
3786.Xr jail 8
3787configuration files are created as
3788.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3789and used.
3790.Pp
3791The following per-jail parameters are handled by
3792.Pa rc.d/jail
3793script out of their corresponding
3794.Nm
3795variables.
3796In addition to them, parameters in
3797.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3798will be added to the configuration file.
3799They must be a semi-colon
3800.Pq Ql \&;
3801delimited list of
3802.Dq key=value .
3803For more details,
3804see
3805.Xr jail 8
3806manual page.
3807.Bl  -tag -width "host.hostname" -offset indent
3808.It Li path
3809set from
3810.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3811.It Li host.hostname
3812set from
3813.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3814.It Li exec.consolelog
3815set from
3816.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3817The default value is
3818.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3819.It Li interface
3820set from
3821.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3822.It Li vnet.interface
3823set from
3824.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3825This implies
3826.Li vnet
3827parameter will be enabled and cannot be specified with
3828.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3829.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3830and/or
3831.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3832at the same time.
3833.It Li fstab
3834set from
3835.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3836.It Li mount
3837set from
3838.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
3839.It Li exec.fib
3840set from
3841.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3842.It Li exec.start
3843set from
3844.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
3845The parameter name was
3846.Li command
3847in some older releases.
3848.It Li exec.prestart
3849set from
3850.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
3851.It Li exec.poststart
3852set from
3853.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
3854.It Li exec.stop
3855set from
3856.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3857.It Li exec.prestop
3858set from
3859.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
3860.It Li exec.poststop
3861set from
3862.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
3863.It Li ip4.addr
3864set if
3865.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3866or
3867.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3868contain IPv4 addresses
3869.It Li ip6.addr
3870set if
3871.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3872or
3873.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3874contain IPv6 addresses
3875.It Li allow.mount
3876set from
3877.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3878.It Li mount.devfs
3879set from
3880.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3881.It Li devfs_ruleset
3882set from
3883.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
3884This must be an integer,
3885not a string.
3886.It Li mount.fdescfs
3887set from
3888.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3889.It Li allow.set_hostname
3890set from
3891.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
3892.It Li allow.rawsocket
3893set from
3894.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
3895.It Li allow.sysvipc
3896set from
3897.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
3898.El
3899.\" -----------------------------------------------------
3900.It Va harvest_mask
3901.Pq Vt int
3902Set to a bit-mask
3903representing the entropy sources
3904you wish to harvest.
3905Refer to
3906.Xr random 4
3907for more information.
3908.It Va entropy_dir
3909.Pq Vt str
3910Set to
3911.Dq Li NO
3912to disable caching entropy via
3913.Xr cron 8 .
3914Otherwise set to the directory
3915in which the entropy files are stored.
3916To be useful,
3917there must be
3918a system cron job
3919that regularly writes and rotates
3920files here.
3921All files found
3922will be used at boot time.
3923The default is
3924.Pa /var/db/entropy .
3925.It Va entropy_file
3926.Pq Vt str
3927Set to
3928.Dq Li NO
3929to disable caching entropy through reboots.
3930Otherwise set to the name
3931of a file used to store cached entropy.
3932This file should be located
3933on a file system that is readable
3934before all the volumes specified in
3935.Xr fstab 5
3936are mounted.
3937By default,
3938.Pa /entropy
3939is used,
3940but if
3941.Pa /var/db/entropy-file
3942is found it will also be used.
3943This will be of some use to
3944.Xr bsdinstall 8 .
3945.It Va entropy_boot_file
3946.Pq Vt str
3947Set to
3948.Dq Li NO
3949to disable
3950very early caching entropy
3951through reboots.
3952Otherwise set to the filename
3953used to read
3954very early reboot cached entropy.
3955This file should be located where
3956.Xr loader 8
3957can read it.
3958See also
3959.Xr loader.conf 5 .
3960The default location is
3961.Pa /boot/entropy .
3962.It Va entropy_save_sz
3963.Pq Vt int
3964Size of the entropy cache files saved by
3965.Nm save-entropy
3966periodically.
3967.It Va entropy_save_num
3968.Pq Vt int
3969Number of entropy cache files to save by
3970.Nm save-entropy
3971periodically.
3972.It Va ipsec_enable
3973.Pq Vt bool
3974Set to
3975.Dq Li YES
3976to run
3977.Xr setkey 8
3978on
3979.Va ipsec_file
3980at boot time.
3981.It Va ipsec_file
3982.Pq Vt str
3983Configuration file for
3984.Xr setkey 8 .
3985.It Va dmesg_enable
3986.Pq Vt bool
3987Set to
3988.Dq Li YES
3989to save
3990.Xr dmesg 8
3991to
3992.Pa /var/run/dmesg.boot
3993on boot.
3994.It Va rcshutdown_timeout
3995.Pq Vt int
3996If set, start a watchdog timer in the background which will terminate
3997.Pa rc.shutdown
3998if
3999.Xr shutdown 8
4000has not completed within the specified time (in seconds).
4001Notice that in addition to this soft timeout,
4002.Xr init 8
4003also applies a hard timeout for the execution of
4004.Pa rc.shutdown .
4005This is configured via
4006.Xr sysctl 8
4007variable
4008.Va kern.init_shutdown_timeout
4009and defaults to 120 seconds.
4010Setting the value of
4011.Va rcshutdown_timeout
4012to more than 120 seconds will have no effect until the
4013.Xr sysctl 8
4014variable
4015.Va kern.init_shutdown_timeout
4016is also increased.
4017.It Va virecover_enable
4018.Pq Vt bool
4019Set to
4020.Dq Li NO
4021to prevent the system from trying to
4022recover pre-maturely terminated
4023.Xr vi 1
4024sessions.
4025.It Va ugidfw_enable
4026.Pq Vt bool
4027Set to
4028.Dq Li YES
4029to load the
4030.Xr mac_bsdextended 4
4031module upon system initialization and load a default
4032ruleset file.
4033.It Va bsdextended_script
4034.Pq Vt str
4035The default
4036.Xr mac_bsdextended 4
4037ruleset file to load.
4038The default value of this variable is
4039.Pa /etc/rc.bsdextended .
4040.It Va newsyslog_enable
4041.Pq Vt bool
4042If set to
4043.Dq Li YES ,
4044run
4045.Xr newsyslog 8
4046command at startup.
4047.It Va newsyslog_flags
4048.Pq Vt str
4049If
4050.Va newsyslog_enable
4051is set to
4052.Dq Li YES ,
4053these are the flags to pass to the
4054.Xr newsyslog 8
4055program.
4056The default is
4057.Dq Li -CN ,
4058which causes log files flagged with a
4059.Cm C
4060to be created.
4061.It Va mdconfig_md Ns Aq Ar X
4062.Pq Vt str
4063Arguments to
4064.Xr mdconfig 8
4065for
4066.Xr md 4
4067device
4068.Ar X .
4069At minimum a
4070.Fl t Ar type
4071must be specified and either a
4072.Fl s Ar size
4073for malloc or swap backed
4074.Xr md 4
4075devices or a
4076.Fl f Ar file
4077for vnode backed
4078.Xr md 4
4079devices.
4080Note that
4081.Va mdconfig_md Ns Aq Ar X
4082variables are evaluated until one variable is unset or null.
4083.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4084.Pq Vt str
4085Optional arguments passed to
4086.Xr newfs 8
4087to initialize
4088.Xr md 4
4089device
4090.Ar X .
4091.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4092.Pq Vt str
4093An ownership specification passed to
4094.Xr chown 8
4095after the specified
4096.Xr md 4
4097device
4098.Ar X
4099has been mounted.
4100Both the
4101.Xr md 4
4102device and the mount point will be changed.
4103.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4104.Pq Vt str
4105A mode string passed to
4106.Xr chmod 1
4107after the specified
4108.Xr md 4
4109device
4110.Ar X
4111has been mounted.
4112Both the
4113.Xr md 4
4114device and the mount point will be changed.
4115.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4116.Pq Vt str
4117Files to be copied to the mount point of the
4118.Xr md 4
4119device
4120.Ar X
4121after it has been mounted.
4122.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4123.Pq Vt str
4124Command to execute after the specified
4125.Xr md 4
4126device
4127.Ar X
4128has been mounted.
4129Note that the command is passed to
4130.Ic eval
4131and that both
4132.Va _dev
4133and
4134.Va _mp
4135variables can be used to reference respectively the
4136.Xr md 4
4137device and the mount point.
4138Assuming that the
4139.Xr md 4
4140device is
4141.Li md0 ,
4142one could set the following:
4143.Bd -literal
4144mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4145.Ed
4146.It Va autobridge_interfaces
4147.Pq Vt str
4148Set to the list of bridge interfaces that will have newly arriving interfaces
4149checked against to be automatically added.
4150If not set to
4151.Dq Li NO
4152then for each whitespace separated
4153.Ar element
4154in the value, a
4155.Va autobridge_ Ns Aq Ar element
4156variable is assumed to exist which has a whitespace separated list of interface
4157names to match, these names can use wildcards.
4158For example:
4159.Bd -literal
4160autobridge_interfaces="bridge0"
4161autobridge_bridge0="tap* dc0 vlan[345]"
4162.Ed
4163.It Va mixer_enable
4164.Pq Vt bool
4165If set to
4166.Dq Li YES ,
4167enable support for sound mixer.
4168.It Va hcsecd_enable
4169.Pq Vt bool
4170If set to
4171.Dq Li YES ,
4172enable Bluetooth security daemon.
4173.It Va hcsecd_config
4174.Pq Vt str
4175Configuration file for
4176.Xr hcsecd 8 .
4177Default
4178.Pa /etc/bluetooth/hcsecd.conf .
4179.It Va sdpd_enable
4180.Pq Vt bool
4181If set to
4182.Dq Li YES ,
4183enable Bluetooth Service Discovery Protocol daemon.
4184.It Va sdpd_control
4185.Pq Vt str
4186Path to
4187.Xr sdpd 8
4188control socket.
4189Default
4190.Pa /var/run/sdp .
4191.It Va sdpd_groupname
4192.Pq Vt str
4193Sets
4194.Xr sdpd 8
4195group to run as after it initializes.
4196Default
4197.Dq Li nobody .
4198.It Va sdpd_username
4199.Pq Vt str
4200Sets
4201.Xr sdpd 8
4202user to run as after it initializes.
4203Default
4204.Dq Li nobody .
4205.It Va bthidd_enable
4206.Pq Vt bool
4207If set to
4208.Dq Li YES ,
4209enable Bluetooth Human Interface Device daemon.
4210.It Va bthidd_config
4211.Pq Vt str
4212Configuration file for
4213.Xr bthidd 8 .
4214Default
4215.Pa /etc/bluetooth/bthidd.conf .
4216.It Va bthidd_hids
4217.Pq Vt str
4218Path to a file, where
4219.Xr bthidd 8
4220will store information about known HID devices.
4221Default
4222.Pa /var/db/bthidd.hids .
4223.It Va rfcomm_pppd_server_enable
4224.Pq Vt bool
4225If set to
4226.Dq Li YES ,
4227enable Bluetooth RFCOMM PPP wrapper daemon.
4228.It Va rfcomm_pppd_server_profile
4229.Pq Vt str
4230The name of the profile to use from
4231.Pa /etc/ppp/ppp.conf .
4232Multiple profiles can be specified here.
4233Also used to specify per-profile overrides.
4234When the profile name contains any of the characters
4235.Dq Li .-/+
4236they are translated to
4237.Dq Li _
4238for the proposes of the override variable names.
4239.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4240.Pq Vt str
4241Overrides local address to listen on.
4242By default
4243.Xr rfcomm_pppd 8
4244will listen on
4245.Dq Li ANY
4246address.
4247The address can be specified as BD_ADDR or name.
4248.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4249.Pq Vt str
4250Overrides local RFCOMM channel to listen on.
4251By default
4252.Xr rfcomm_pppd 8
4253will listen on RFCOMM channel 1.
4254Must set properly if multiple profiles used in the same time.
4255.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4256.Pq Vt bool
4257Tells
4258.Xr rfcomm_pppd 8
4259if it should register Serial Port service on the specified RFCOMM channel.
4260Default
4261.Dq Li NO .
4262.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4263.Pq Vt bool
4264Tells
4265.Xr rfcomm_pppd 8
4266if it should register Dial-Up Networking service on the specified
4267RFCOMM channel.
4268Default
4269.Dq Li NO .
4270.It Va ubthidhci_enable
4271.Pq Vt bool
4272If set to
4273.Dq Li YES ,
4274change the USB Bluetooth controller from HID mode to HCI mode.
4275You also need to specify the location of USB Bluetooth controller with the
4276.Va ubthidhci_busnum
4277and
4278.Va ubthidhci_addr
4279variables.
4280.It Va ubthidhci_busnum
4281Bus number where the USB Bluetooth controller is located.
4282Check the output of
4283.Xr usbconfig 8
4284on your system to find this information.
4285.It Va ubthidhci_addr
4286Bus address of the USB Bluetooth controller.
4287Check the output of
4288.Xr usbconfig 8
4289on your system to find this information.
4290.It Va netwait_enable
4291.Pq Vt bool
4292If set to
4293.Dq Li YES ,
4294delays the start of network-reliant services until
4295.Va netwait_if
4296is up and ICMP packets to a destination defined in
4297.Va netwait_ip
4298are flowing.
4299Link state is examined first, followed by
4300.Dq Li pinging
4301an IP address to verify network usability.
4302If no destination can be reached or timeouts are exceeded,
4303network services are started anyway with no guarantee that
4304the network is usable.
4305Use of this variable requires both
4306.Va netwait_ip
4307and
4308.Va netwait_if
4309to be set.
4310.It Va netwait_ip
4311.Pq Vt str
4312Empty by default.
4313This variable contains a space-delimited list of IP addresses to
4314.Xr ping 8 .
4315DNS hostnames should not be used as resolution is not guaranteed
4316to be functional at this point.
4317If multiple IP addresses are specified,
4318each will be tried until one is successful or the list is exhausted.
4319.It Va netwait_timeout
4320.Pq Vt int
4321Indicates the total number of seconds to perform a
4322.Dq Li ping
4323against each IP address in
4324.Va netwait_ip ,
4325at a rate of one ping per second.
4326If any of the pings are successful,
4327full network connectivity is considered reliable.
4328The default is 60.
4329.It Va netwait_if
4330.Pq Vt str
4331Empty by default.
4332Defines the name of the network interface on which watch for link.
4333.Xr ifconfig 8
4334is used to monitor the interface, looking for
4335.Dq Li status: no carrier .
4336Once gone, the link is considered up.
4337This can be a
4338.Xr vlan 4
4339interface if desired.
4340.It Va netwait_if_timeout
4341.Pq Vt int
4342Defines the total number of seconds to wait for link to become usable,
4343polled at a 1-second interval.
4344The default is 30.
4345.It Va rctl_enable
4346.Pq Vt bool
4347If set to
4348.Dq Li YES ,
4349load
4350.Xr rctl 8
4351rules from the defined ruleset.
4352The kernel must be built with
4353.Cd "options RACCT"
4354and
4355.Cd "options RCTL" .
4356.It Va rctl_rules
4357.Pq Vt str
4358Set to
4359.Pa /etc/rctl.conf
4360by default.
4361This variables contains the
4362.Xr rctl.conf 5
4363ruleset to load for
4364.Xr rctl 8 .
4365.It Va iovctl_files
4366.Pq Vt str
4367A space-separated list of configuration files used by
4368.Xr iovctl 8 .
4369The default value is an empty string.
4370.It Va autofs_enable
4371.Pq Vt bool
4372If set to
4373.Dq Li YES ,
4374start the
4375.Xr automount 8
4376utility and the
4377.Xr automountd 8
4378and
4379.Xr autounmountd 8
4380daemons at boot time.
4381.It Va automount_flags
4382.Pq Vt str
4383If
4384.Va autofs_enable
4385is set to
4386.Dq Li YES ,
4387these are the flags to pass to the
4388.Xr automount 8
4389program.
4390By default no flags are passed.
4391.It Va automountd_flags
4392.Pq Vt str
4393If
4394.Va autofs_enable
4395is set to
4396.Dq Li YES ,
4397these are the flags to pass to the
4398.Xr automountd 8
4399daemon.
4400By default no flags are passed.
4401.It Va autounmountd_flags
4402.Pq Vt str
4403If
4404.Va autofs_enable
4405is set to
4406.Dq Li YES ,
4407these are the flags to pass to the
4408.Xr autounmountd 8
4409daemon.
4410By default no flags are passed.
4411.It Va ctld_enable
4412.Pq Vt bool
4413If set to
4414.Dq Li YES ,
4415start the
4416.Xr ctld 8
4417daemon at boot time.
4418.It Va iscsid_enable
4419.Pq Vt bool
4420If set to
4421.Dq Li YES ,
4422start the
4423.Xr iscsid 8
4424daemon at boot time.
4425.It Va iscsictl_enable
4426.Pq Vt bool
4427If set to
4428.Dq Li YES ,
4429start the
4430.Xr iscsictl 8
4431utility at boot time.
4432.It Va iscsictl_flags
4433.Pq Vt str
4434If
4435.Va iscsictl_enable
4436is set to
4437.Dq Li YES ,
4438these are the flags to pass to the
4439.Xr iscsictl 8
4440program.
4441The default is
4442.Dq Li -Aa ,
4443which configures sessions based on the
4444.Pa /etc/iscsi.conf
4445configuration file.
4446.El
4447.Sh FILES
4448.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4449.It Pa /etc/defaults/rc.conf
4450.It Pa /etc/rc.conf
4451.It Pa /etc/rc.conf.local
4452.El
4453.Sh SEE ALSO
4454.Xr chmod 1 ,
4455.Xr gdb 1 ,
4456.Xr info 1 ,
4457.Xr kbdcontrol 1 ,
4458.Xr makewhatis 1 ,
4459.Xr sh 1 ,
4460.Xr vi 1 ,
4461.Xr vidcontrol 1 ,
4462.Xr bridge 4 ,
4463.Xr dummynet 4 ,
4464.Xr ip 4 ,
4465.Xr ipf 4 ,
4466.Xr ipfw 4 ,
4467.Xr ipnat 4 ,
4468.Xr kld 4 ,
4469.Xr pf 4 ,
4470.Xr pflog 4 ,
4471.Xr pfsync 4 ,
4472.Xr tcp 4 ,
4473.Xr udp 4 ,
4474.Xr exports 5 ,
4475.Xr fstab 5 ,
4476.Xr ipf 5 ,
4477.Xr ipnat 5 ,
4478.Xr jail.conf 5 ,
4479.Xr loader.conf 5 ,
4480.Xr motd 5 ,
4481.Xr newsyslog.conf 5 ,
4482.Xr pf.conf 5 ,
4483.Xr security 7 ,
4484.Xr accton 8 ,
4485.Xr amd 8 ,
4486.Xr apm 8 ,
4487.Xr bsdinstall 8 ,
4488.Xr bthidd 8 ,
4489.Xr chkprintcap 8 ,
4490.Xr chown 8 ,
4491.Xr cron 8 ,
4492.Xr devfs 8 ,
4493.Xr dhclient 8 ,
4494.Xr ftpd 8 ,
4495.Xr geli 8 ,
4496.Xr hcsecd 8 ,
4497.Xr ifconfig 8 ,
4498.Xr inetd 8 ,
4499.Xr iovctl 8 ,
4500.Xr ipf 8 ,
4501.Xr ipfw 8 ,
4502.Xr ipnat 8 ,
4503.Xr jail 8 ,
4504.Xr kldxref 8 ,
4505.Xr loader 8 ,
4506.Xr lpd 8 ,
4507.Xr mdconfig 8 ,
4508.Xr mdmfs 8 ,
4509.Xr mixer 8 ,
4510.Xr mountd 8 ,
4511.Xr moused 8 ,
4512.Xr newfs 8 ,
4513.Xr newsyslog 8 ,
4514.Xr nfsd 8 ,
4515.Xr ntpd 8 ,
4516.Xr ntpdate 8 ,
4517.Xr pfctl 8 ,
4518.Xr pflogd 8 ,
4519.Xr ping 8 ,
4520.Xr powerd 8 ,
4521.Xr quotacheck 8 ,
4522.Xr quotaon 8 ,
4523.Xr rc 8 ,
4524.Xr rc.sendmail 8 ,
4525.Xr rfcomm_pppd 8 ,
4526.Xr route 8 ,
4527.Xr routed 8 ,
4528.Xr rpc.lockd 8 ,
4529.Xr rpc.statd 8 ,
4530.Xr rpcbind 8 ,
4531.Xr rwhod 8 ,
4532.Xr savecore 8 ,
4533.Xr sdpd 8 ,
4534.Xr sshd 8 ,
4535.Xr swapon 8 ,
4536.Xr sysctl 8 ,
4537.Xr syslogd 8 ,
4538.Xr sysrc 8 ,
4539.Xr timed 8 ,
4540.Xr unbound 8 ,
4541.Xr usbconfig 8 ,
4542.Xr wlandebug 8 ,
4543.Xr yp 8 ,
4544.Xr ypbind 8 ,
4545.Xr ypserv 8 ,
4546.Xr ypset 8
4547.Sh HISTORY
4548The
4549.Nm
4550file appeared in
4551.Fx 2.2.2 .
4552.Sh AUTHORS
4553.An Jordan K. Hubbard .
4554