1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd June 28, 2020 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _user 196.Pq Vt str 197Run the service under this user account. 198.It Ao Ar name Ac Ns Va _group 199.Pq Vt str 200Run the chrooted service under this system group. 201Unlike the _user 202setting, this setting has no effect if the service is not chrooted. 203.It Ao Ar name Ac Ns Va _fib 204.Pq Vt int 205The 206.Xr setfib 1 207value to run the service under. 208.It Ao Ar name Ac Ns Va _nice 209.Pq Vt int 210The 211.Xr nice 1 212value to run the service under. 213.It Va apm_enable 214.Pq Vt bool 215If set to 216.Dq Li YES , 217enable support for Automatic Power Management with 218the 219.Xr apm 8 220command. 221.It Va apmd_enable 222.Pq Vt bool 223Run 224.Xr apmd 8 225to handle APM event from userland. 226This also enables support for APM. 227.It Va apmd_flags 228.Pq Vt str 229If 230.Va apmd_enable 231is set to 232.Dq Li YES , 233these are the flags to pass to the 234.Xr apmd 8 235daemon. 236.It Va devd_enable 237.Pq Vt bool 238Run 239.Xr devd 8 240to handle device added, removed or unknown events from the kernel. 241.It Va ddb_enable 242.Pq Vt bool 243Run 244.Xr ddb 8 245to install 246.Xr ddb 4 247scripts at boot time. 248.It Va ddb_config 249.Pq Vt str 250Configuration file for 251.Xr ddb 8 . 252Default 253.Pa /etc/ddb.conf . 254.It Va kld_list 255.Pq Vt str 256A whitespace-separated list of kernel modules to load right after 257the local disks are mounted, without any 258.Pa .ko 259extension or path. 260Loading modules at this point in the boot process is 261much faster than doing it via 262.Pa /boot/loader.conf 263for those modules not necessary for mounting local disks. 264.It Va kldxref_enable 265.Pq Vt bool 266Set to 267.Dq Li NO 268by default. 269Set to 270.Dq Li YES 271to automatically rebuild 272.Pa linker.hints 273files with 274.Xr kldxref 8 275at boot time. 276.It Va kldxref_clobber 277.Pq Vt bool 278Set to 279.Dq Li NO 280by default. 281If 282.Va kldxref_enable 283is true, 284setting to 285.Dq Li YES 286will overwrite existing 287.Pa linker.hints 288files at boot time. 289Otherwise, 290only missing 291.Pa linker.hints 292files are generated. 293.It Va kldxref_module_path 294.Pq Vt str 295Empty by default. 296A semi-colon 297.Pq Ql \&; 298delimited list of paths containing 299.Xr kld 4 300modules. 301If empty, 302the contents of the 303.Va kern.module_path 304.Xr sysctl 8 305are used. 306.It Va powerd_enable 307.Pq Vt bool 308If set to 309.Dq Li YES , 310enable the system power control facility with the 311.Xr powerd 8 312daemon. 313.It Va powerd_flags 314.Pq Vt str 315If 316.Va powerd_enable 317is set to 318.Dq Li YES , 319these are the flags to pass to the 320.Xr powerd 8 321daemon. 322.It Va tmpmfs 323Controls the creation of a 324.Pa /tmp 325memory file system. 326Always happens if set to 327.Dq Li YES 328and never happens if set to 329.Dq Li NO . 330If set to anything else, a memory file system is created if 331.Pa /tmp 332is not writable. 333.It Va tmpsize 334Controls the size of a created 335.Pa /tmp 336memory file system. 337.It Va tmpmfs_flags 338Extra options passed to the 339.Xr mdmfs 8 340utility when the memory file system for 341.Pa /tmp 342is created. 343The default is 344.Dq Li "-S" , 345which inhibits the use of softupdates on 346.Pa /tmp 347so that file system space is freed without delay 348after file truncation or deletion. 349See 350.Xr mdmfs 8 351for other options you can use in 352.Va tmpmfs_flags . 353.It Va varmfs 354Controls the creation of a 355.Pa /var 356memory file system. 357Always happens if set to 358.Dq Li YES 359and never happens if set to 360.Dq Li NO . 361If set to anything else, a memory file system is created if 362.Pa /var 363is not writable. 364.It Va varsize 365Controls the size of a created 366.Pa /var 367memory file system. 368.It Va varmfs_flags 369Extra options passed to the 370.Xr mdmfs 8 371utility when the memory file system for 372.Pa /var 373is created. 374The default is 375.Dq Li "-S" , 376which inhibits the use of softupdates on 377.Pa /var 378so that file system space is freed without delay 379after file truncation or deletion. 380See 381.Xr mdmfs 8 382for other options you can use in 383.Va varmfs_flags . 384.It Va populate_var 385Controls the automatic population of the 386.Pa /var 387file system. 388Always happens if set to 389.Dq Li YES 390and never happens if set to 391.Dq Li NO . 392If set to anything else, a memory file system is created if 393.Pa /var 394is not writable. 395Note that this process requires access to certain commands in 396.Pa /usr 397before 398.Pa /usr 399is mounted on normal systems. 400.It Va cleanvar_enable 401.Pq Vt bool 402Clean the 403.Pa /var 404directory. 405.It Va local_startup 406.Pq Vt str 407List of directories to search for startup script files. 408.It Va script_name_sep 409.Pq Vt str 410The field separator to use for breaking down the list of startup script files 411into individual filenames. 412The default is a space. 413It is not necessary to change this unless there are startup scripts with names 414containing spaces. 415.It Va hostapd_enable 416.Pq Vt bool 417Set to 418.Dq Li YES 419to start 420.Xr hostapd 8 421at system boot time. 422.It Va hostname 423.Pq Vt str 424The fully qualified domain name (FQDN) of this host on the network. 425This should almost certainly be set to something meaningful, even if 426there is no network connection. 427If 428.Xr dhclient 8 429is used to set the hostname via DHCP, 430this variable should be set to an empty string. 431Within a 432.Xr jail 8 433the hostname is generally already set and this variable may be absent. 434If this value remains unset when the system is done booting 435your console login will display the default hostname of 436.Dq Amnesiac . 437.It Va nisdomainname 438.Pq Vt str 439The NIS domain name of this host, or 440.Dq Li NO 441if NIS is not used. 442.It Va dhclient_program 443.Pq Vt str 444Path to the DHCP client program 445.Pa ( /sbin/dhclient , 446the 447.Ox 448DHCP client, 449is the default). 450.It Va dhclient_flags 451.Pq Vt str 452Additional flags to pass to the DHCP client program. 453For the 454.Ox 455DHCP client, see the 456.Xr dhclient 8 457manpage for a description of the command line options available. 458.It Va dhclient_flags_ Ns Aq Ar iface 459Additional flags to pass to the DHCP client program running on 460.Ar iface 461only. 462When specified, this variable overrides 463.Va dhclient_flags . 464.It Va background_dhclient 465.Pq Vt bool 466Set to 467.Dq Li YES 468to start the DHCP client in background. 469This can cause trouble with applications depending on 470a working network, but it will provide a faster startup 471in many cases. 472.It Va background_dhclient_ Ns Aq Ar iface 473When specified, this variable overrides the 474.Va background_dhclient 475variable for interface 476.Ar iface 477only. 478.It Va synchronous_dhclient 479.Pq Vt bool 480Set to 481.Dq Li YES 482to start 483.Xr dhclient 8 484synchronously at startup. 485This behavior can be overridden on a per-interface basis by replacing 486the 487.Dq Li DHCP 488keyword in the 489.Va ifconfig_ Ns Aq Ar interface 490variable with 491.Dq Li SYNCDHCP 492or 493.Dq Li NOSYNCDHCP . 494.It Va defaultroute_delay 495.Pq Vt int 496When set to a positive value, wait up to this long after configuring 497DHCP interfaces at startup to give the interfaces time to receive a lease. 498.It Va firewall_enable 499.Pq Vt bool 500Set to 501.Dq Li YES 502to load firewall rules at startup. 503If the kernel was not built with 504.Cd "options IPFIREWALL" , 505the 506.Pa ipfw.ko 507kernel module will be loaded. 508See also 509.Va ipfilter_enable . 510.It Va firewall_script 511.Pq Vt str 512This variable specifies the full path to the firewall script to run. 513The default is 514.Pa /etc/rc.firewall . 515.It Va firewall_type 516.Pq Vt str 517Names the firewall type from the selection in 518.Pa /etc/rc.firewall , 519or the file which contains the local firewall ruleset. 520Valid selections from 521.Pa /etc/rc.firewall 522are: 523.Pp 524.Bl -tag -width ".Li simple" -compact 525.It Li open 526unrestricted IP access 527.It Li closed 528all IP services disabled, except via 529.Dq Li lo0 530.It Li client 531basic protection for a workstation 532.It Li simple 533basic protection for a LAN. 534.El 535.Pp 536If a filename is specified, the full path 537must be given. 538.It Va firewall_quiet 539.Pq Vt bool 540Set to 541.Dq Li YES 542to disable the display of firewall rules on the console during boot. 543.It Va firewall_logging 544.Pq Vt bool 545Set to 546.Dq Li YES 547to enable firewall event logging. 548This is equivalent to the 549.Dv IPFIREWALL_VERBOSE 550kernel option. 551.It Va firewall_logif 552.Pq Vt bool 553Set to 554.Dq Li YES 555to create pseudo interface 556.Li ipfw0 557for logging. 558For more details, see 559.Xr ipfw 8 560manual page. 561.It Va firewall_flags 562.Pq Vt str 563Flags passed to 564.Xr ipfw 8 565if 566.Va firewall_type 567specifies a filename. 568.It Va firewall_coscripts 569.Pq Vt str 570List of executables and/or rc scripts to run after firewall starts/stops. 571Default is empty. 572.\" ----- firewall_nat_enable setting -------------------------------- 573.It Va firewall_nat_enable 574.Pq Vt bool 575The 576.Xr ipfw 8 577equivalent of 578.Va natd_enable . 579Setting this to 580.Dq Li YES 581will automatically load the 582.Xr ipfw 8 583NAT kernel module if 584.Va firewall_enable 585is also set to 586.Dq Li YES . 587.It Va firewall_nat_interface 588.Pq Vt str 589The 590.Xr ipfw 8 591equivalent of 592.Va natd_interface . 593This is the name of the public interface or IP address on which 594kernel NAT should run. 595.It Va firewall_nat_flags 596.Pq Vt str 597Additional configuration parameters for kernel NAT should be placed here. 598.It Va firewall_nat64_enable 599.Pq Vt bool 600Setting this to 601.Dq Li YES 602will automatically load the 603.Xr ipfw 8 604NAT64 kernel module if 605.Va firewall_enable 606is also set to 607.Dq Li YES . 608.It Va firewall_nptv6_enable 609.Pq Vt bool 610Setting this to 611.Dq Li YES 612will automatically load the 613.Xr ipfw 8 614NPTv6 kernel module if 615.Va firewall_enable 616is also set to 617.Dq Li YES . 618.It Va firewall_pmod_enable 619.Pq Vt bool 620Setting this to 621.Dq Li YES 622will automatically load the 623.Xr ipfw 8 624pmod kernel module if 625.Va firewall_enable 626is also set to 627.Dq Li YES . 628.It Va dummynet_enable 629.Pq Vt bool 630Setting this to 631.Dq Li YES 632will automatically load the 633.Xr dummynet 4 634module if 635.Va firewall_enable 636is also set to 637.Dq Li YES . 638.\" ------------------------------------------------------------------- 639.It Va ipfw_netflow_enable 640.Pq Vt bool 641Setting this to 642.Dq Li YES 643will enable netflow logging via 644.Xr ng_netflow 4 645.Pp 646By default a ipfw rule is inserted and all packets are duplicated with 647the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 648port using protocol version 5. 649.It Va ipfw_netflow_hook 650.Pq Vt int 651netflow hook name, must be numerical 652(default 653.Pa 9995 ) . 654.It Va ipfw_netflow_rule 655.Pq Vt int 656ipfw rule number 657(default 658.Pa 1000 ) . 659.It Va ipfw_netflow_ip 660.Pq Vt str 661Destination server ip for receiving netflow data 662(default 663.Pa 127.0.0.1 ) . 664.It Va ipfw_netflow_port 665.Pq Vt int 666Destination server port for receiving netflow data 667(default 668.Pa 9995 ) . 669.It Va ipfw_netflow_version 670.Pq Vt int 671Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 672.It Va ipfw_netflow_fib 673.Pq Vt int 674Only match packet in FIB 675.Pa ipfw_netflow_fib 676(default is undefined meaning all FIBs). 677.It Va natd_program 678.Pq Vt str 679Path to 680.Xr natd 8 . 681.It Va natd_enable 682.Pq Vt bool 683Set to 684.Dq Li YES 685to enable 686.Xr natd 8 . 687.Va firewall_enable 688must also be set to 689.Dq Li YES , 690and 691.Xr divert 4 692sockets must be enabled in the kernel. 693If the kernel was not built with 694.Cd "options IPDIVERT" , 695the 696.Pa ipdivert.ko 697kernel module will be loaded. 698.It Va natd_interface 699.Pq Vt str 700This is the name of the public interface on which 701.Xr natd 8 702should run. 703The interface may be given as an interface name or as an IP address. 704.It Va natd_flags 705.Pq Vt str 706Additional 707.Xr natd 8 708flags should be placed here. 709The 710.Fl n 711or 712.Fl a 713flag is automatically added with the above 714.Va natd_interface 715as an argument. 716.\" ----- ipfilter_enable setting -------------------------------- 717.It Va ipfilter_enable 718.Pq Vt bool 719Set to 720.Dq Li NO 721by default. 722Setting this to 723.Dq Li YES 724enables 725.Xr ipf 8 726packet filtering. 727.Pp 728Typical usage will require putting 729.Bd -literal 730ipfilter_enable="YES" 731ipnat_enable="YES" 732ipmon_enable="YES" 733ipfs_enable="YES" 734.Ed 735.Pp 736into 737.Pa /etc/rc.conf 738and editing 739.Pa /etc/ipf.rules 740and 741.Pa /etc/ipnat.rules 742appropriately. 743.Pp 744Note that 745.Va ipfilter_enable 746and 747.Va ipnat_enable 748can be enabled independently. 749.Va ipmon_enable 750and 751.Va ipfs_enable 752both require at least one of 753.Va ipfilter_enable 754and 755.Va ipnat_enable 756to be enabled. 757.Pp 758Having 759.Bd -literal 760options IPFILTER 761options IPFILTER_LOG 762options IPFILTER_DEFAULT_BLOCK 763.Ed 764.Pp 765in the kernel configuration file is a good idea, too. 766.\" ----- ipfilter_program setting ------------------------------ 767.It Va ipfilter_program 768.Pq Vt str 769Path to 770.Xr ipf 8 771(default 772.Pa /sbin/ipf ) . 773.\" ----- ipfilter_rules setting -------------------------------- 774.It Va ipfilter_rules 775.Pq Vt str 776Set to 777.Pa /etc/ipf.rules 778by default. 779This variable contains the name of the filter rule definition file. 780The file is expected to be readable for the 781.Xr ipf 8 782command to execute. 783.\" ----- ipv6_ipfilter_rules setting --------------------------- 784.It Va ipv6_ipfilter_rules 785.Pq Vt str 786Set to 787.Pa /etc/ipf6.rules 788by default. 789This variable contains the IPv6 filter rule definition file. 790The file is expected to be readable for the 791.Xr ipf 8 792command to execute. 793.\" ----- ipfilter_flags setting -------------------------------- 794.It Va ipfilter_flags 795.Pq Vt str 796Empty by default. 797This variable contains flags passed to the 798.Xr ipf 8 799program. 800.\" ----- ipnat_enable setting ---------------------------------- 801.It Va ipnat_enable 802.Pq Vt bool 803Set to 804.Dq Li NO 805by default. 806Set it to 807.Dq Li YES 808to enable 809.Xr ipnat 8 810network address translation. 811See 812.Va ipfilter_enable 813for a detailed discussion. 814.\" ----- ipnat_program setting --------------------------------- 815.It Va ipnat_program 816.Pq Vt str 817Path to 818.Xr ipnat 8 819(default 820.Pa /sbin/ipnat ) . 821.\" ----- ipnat_rules setting ----------------------------------- 822.It Va ipnat_rules 823.Pq Vt str 824Set to 825.Pa /etc/ipnat.rules 826by default. 827This variable contains the name of the file 828holding the network address translation definition. 829This file is expected to be readable for the 830.Xr ipnat 8 831command to execute. 832.\" ----- ipnat_flags setting ----------------------------------- 833.It Va ipnat_flags 834.Pq Vt str 835Empty by default. 836This variable contains flags passed to the 837.Xr ipnat 8 838program. 839.\" ----- ipmon_enable setting ---------------------------------- 840.It Va ipmon_enable 841.Pq Vt bool 842Set to 843.Dq Li NO 844by default. 845Set it to 846.Dq Li YES 847to enable 848.Xr ipmon 8 849monitoring (logging 850.Xr ipf 8 851and 852.Xr ipnat 8 853events). 854Setting this variable needs setting 855.Va ipfilter_enable 856or 857.Va ipnat_enable 858too. 859See 860.Va ipfilter_enable 861for a detailed discussion. 862.\" ----- ipmon_program setting --------------------------------- 863.It Va ipmon_program 864.Pq Vt str 865Path to 866.Xr ipmon 8 867(default 868.Pa /sbin/ipmon ) . 869.\" ----- ipmon_flags setting ----------------------------------- 870.It Va ipmon_flags 871.Pq Vt str 872Set to 873.Dq Li -Ds 874by default. 875This variable contains flags passed to the 876.Xr ipmon 8 877program. 878Another typical example would be 879.Dq Fl D Pa /var/log/ipflog 880to have 881.Xr ipmon 8 882log directly to a file bypassing 883.Xr syslogd 8 . 884Make sure to adjust 885.Pa /etc/newsyslog.conf 886in such case like this: 887.Bd -literal 888/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 889.Ed 890.\" ----- ipfs_enable setting ----------------------------------- 891.It Va ipfs_enable 892.Pq Vt bool 893Set to 894.Dq Li NO 895by default. 896Set it to 897.Dq Li YES 898to enable 899.Xr ipfs 8 900saving the filter and NAT state tables during shutdown 901and reloading them during startup again. 902Setting this variable needs setting 903.Va ipfilter_enable 904or 905.Va ipnat_enable 906to 907.Dq Li YES 908too. 909See 910.Va ipfilter_enable 911for a detailed discussion. 912Note that if 913.Va kern_securelevel 914is set to 3, 915.Va ipfs_enable 916cannot be used 917because the raised securelevel will prevent 918.Xr ipfs 8 919from saving the state tables at shutdown time. 920.\" ----- ipfs_program setting ---------------------------------- 921.It Va ipfs_program 922.Pq Vt str 923Path to 924.Xr ipfs 8 925(default 926.Pa /sbin/ipfs ) . 927.\" ----- ipfs_flags setting ------------------------------------ 928.It Va ipfs_flags 929.Pq Vt str 930Empty by default. 931This variable contains flags passed to the 932.Xr ipfs 8 933program. 934.\" ----- end of added ipf hook --------------------------------- 935.It Va pf_enable 936.Pq Vt bool 937Set to 938.Dq Li NO 939by default. 940Setting this to 941.Dq Li YES 942enables 943.Xr pf 4 944packet filtering. 945.Pp 946Typical usage will require putting 947.Pp 948.Dl pf_enable="YES" 949.Pp 950into 951.Pa /etc/rc.conf 952and editing 953.Pa /etc/pf.conf 954appropriately. 955Adding 956.Pp 957.Dl "device pf" 958.Pp 959builds support for 960.Xr pf 4 961into the kernel, otherwise the 962kernel module will be loaded. 963.It Va pf_rules 964.Pq Vt str 965Path to 966.Xr pf 4 967ruleset configuration file 968(default 969.Pa /etc/pf.conf ) . 970.It Va pf_program 971.Pq Vt str 972Path to 973.Xr pfctl 8 974(default 975.Pa /sbin/pfctl ) . 976.It Va pf_flags 977.Pq Vt str 978If 979.Va pf_enable 980is set to 981.Dq Li YES , 982these flags are passed to the 983.Xr pfctl 8 984program when loading the ruleset. 985.It Va pflog_enable 986.Pq Vt bool 987Set to 988.Dq Li NO 989by default. 990Setting this to 991.Dq Li YES 992enables 993.Xr pflogd 8 994which logs packets from the 995.Xr pf 4 996packet filter. 997.It Va pflog_logfile 998.Pq Vt str 999If 1000.Va pflog_enable 1001is set to 1002.Dq Li YES 1003this controls where 1004.Xr pflogd 8 1005stores the logfile 1006(default 1007.Pa /var/log/pflog ) . 1008Check 1009.Pa /etc/newsyslog.conf 1010to adjust logfile rotation for this. 1011.It Va pflog_program 1012.Pq Vt str 1013Path to 1014.Xr pflogd 8 1015(default 1016.Pa /sbin/pflogd ) . 1017.It Va pflog_flags 1018.Pq Vt str 1019Empty by default. 1020This variable contains additional flags passed to the 1021.Xr pflogd 8 1022program. 1023.It Va pflog_instances 1024.Pq Vt str 1025If logging to more than one 1026.Xr pflog 4 1027interface is desired, 1028.Va pflog_instances 1029is set to the list of 1030.Xr pflogd 8 1031instances that should be started at system boot time. 1032If 1033.Va pflog_instances 1034is set, for each whitespace-separated 1035.Ar element 1036in the list, 1037.Ao Ar element Ac Ns Va _dev 1038and 1039.Ao Ar element Ac Ns Va _logfile 1040elements are assumed to exist. 1041.Ao Ar element Ac Ns Va _dev 1042must contain the 1043.Xr pflog 4 1044interface to be watched by the named 1045.Xr pflogd 8 1046instance. 1047.Ao Ar element Ac Ns Va _logfile 1048must contain the name of the logfile that will be used by the 1049.Xr pflogd 8 1050instance. 1051.It Va ftpproxy_enable 1052.Pq Vt bool 1053Set to 1054.Dq Li NO 1055by default. 1056Setting this to 1057.Dq Li YES 1058enables 1059.Xr ftp-proxy 8 1060which supports the 1061.Xr pf 4 1062packet filter in translating ftp connections. 1063.It Va ftpproxy_flags 1064.Pq Vt str 1065Empty by default. 1066This variable contains additional flags passed to the 1067.Xr ftp-proxy 8 1068program. 1069.It Va ftpproxy_instances 1070.Pq Vt str 1071Empty by default. 1072If multiple instances of 1073.Xr ftp-proxy 8 1074are desired at boot time, 1075.Va ftpproxy_instances 1076should contain a whitespace-separated list of instance names. 1077For each 1078.Ar element 1079in the list, a variable named 1080.Ao Ar element Ac Ns Va _flags 1081should be defined, containing the command-line flags to be passed to the 1082.Xr ftp-proxy 8 1083instance. 1084.It Va pfsync_enable 1085.Pq Vt bool 1086Set to 1087.Dq Li NO 1088by default. 1089Setting this to 1090.Dq Li YES 1091enables exposing 1092.Xr pf 4 1093state changes to other hosts over the network by means of 1094.Xr pfsync 4 . 1095The 1096.Va pfsync_syncdev 1097variable 1098must also be set then. 1099.It Va pfsync_syncdev 1100.Pq Vt str 1101Empty by default. 1102This variable specifies the name of the network interface 1103.Xr pfsync 4 1104should operate through. 1105It must be set accordingly if 1106.Va pfsync_enable 1107is set to 1108.Dq Li YES . 1109.It Va pfsync_syncpeer 1110.Pq Vt str 1111Empty by default. 1112This variable is optional. 1113By default, state change messages are sent out on the synchronisation 1114interface using IP multicast packets. 1115The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1116224.0.0.240. 1117When a peer address is specified using the 1118.Va pfsync_syncpeer 1119option, the peer address is used as a destination for the pfsync 1120traffic, and the traffic can then be protected using 1121.Xr ipsec 4 . 1122See the 1123.Xr pfsync 4 1124manpage for more details about using 1125.Xr ipsec 4 1126with 1127.Xr pfsync 4 1128interfaces. 1129.It Va pfsync_ifconfig 1130.Pq Vt str 1131Empty by default. 1132This variable can contain additional options to be passed to the 1133.Xr ifconfig 8 1134command used to set up 1135.Xr pfsync 4 . 1136.It Va tcp_extensions 1137.Pq Vt bool 1138Set to 1139.Dq Li YES 1140by default. 1141Setting this to 1142.Dq Li NO 1143disables certain TCP options as described by 1144.Rs 1145.%T "RFC 1323" 1146.Re 1147Setting this to 1148.Dq Li NO 1149might help remedy such problems with connections as randomly hanging 1150or other weird behavior. 1151Some network devices are known 1152to be broken with respect to these options. 1153.It Va log_in_vain 1154.Pq Vt int 1155Set to 0 by default. 1156The 1157.Xr sysctl 8 1158variables, 1159.Va net.inet.tcp.log_in_vain 1160and 1161.Va net.inet.udp.log_in_vain , 1162as described in 1163.Xr tcp 4 1164and 1165.Xr udp 4 , 1166are set to the given value. 1167.It Va tcp_keepalive 1168.Pq Vt bool 1169Set to 1170.Dq Li YES 1171by default. 1172Setting to 1173.Dq Li NO 1174will disable probing idle TCP connections to verify that the 1175peer is still up and reachable. 1176.It Va tcp_drop_synfin 1177.Pq Vt bool 1178Set to 1179.Dq Li NO 1180by default. 1181Setting to 1182.Dq Li YES 1183will cause the kernel to ignore TCP frames that have both 1184the SYN and FIN flags set. 1185This prevents OS fingerprinting, but may 1186break some legitimate applications. 1187.It Va icmp_drop_redirect 1188.Pq Vt bool 1189Set to 1190.Dq Li AUTO 1191by default. 1192This setting will be identical to 1193.Dq Li YES , 1194if a dynamicrouting daemon is enabled, because redirect processing may 1195cause performance issues for large routing tables. 1196If no such service is enabled, this setting behaves like a 1197.Dq Li NO . 1198Setting to 1199.Dq Li YES 1200will cause the kernel to ignore ICMP REDIRECT packets. 1201Setting to 1202.Dq Li NO 1203will cause the kernel to process ICMP REDIRECT packets. 1204Refer to 1205.Xr icmp 4 1206for more information. 1207.It Va icmp_log_redirect 1208.Pq Vt bool 1209Set to 1210.Dq Li NO 1211by default. 1212Setting to 1213.Dq Li YES 1214will cause the kernel to log ICMP REDIRECT packets. 1215Note that 1216the log messages are not rate-limited, so this option should only be used 1217for troubleshooting networks. 1218Refer to 1219.Xr icmp 4 1220for more information. 1221.It Va icmp_bmcastecho 1222.Pq Vt bool 1223Set to 1224.Dq Li YES 1225to respond to broadcast or multicast ICMP ping packets. 1226Refer to 1227.Xr icmp 4 1228for more information. 1229.It Va ip_portrange_first 1230.Pq Vt int 1231If not set to 1232.Dq Li NO , 1233this is the first port in the default portrange. 1234Refer to 1235.Xr ip 4 1236for more information. 1237.It Va ip_portrange_last 1238.Pq Vt int 1239If not set to 1240.Dq Li NO , 1241this is the last port in the default portrange. 1242Refer to 1243.Xr ip 4 1244for more information. 1245.It Va network_interfaces 1246.Pq Vt str 1247Set to the list of network interfaces to configure on this host or 1248.Dq Li AUTO 1249(the default) for all current interfaces. 1250Setting the 1251.Va network_interfaces 1252variable to anything other than the default is deprecated. 1253Interfaces that the administrator wishes to store configuration for, 1254but not start at boot should be configured with the 1255.Dq Li NOAUTO 1256keyword in their 1257.Va ifconfig_ Ns Aq Ar interface 1258variables as described below. 1259.Pp 1260An 1261.Va ifconfig_ Ns Aq Ar interface 1262variable is also assumed to exist for each value of 1263.Ar interface . 1264When an interface name contains any of the characters 1265.Dq Li .-/+ 1266they are translated to 1267.Dq Li _ 1268before lookup. 1269The variable can contain arguments to 1270.Xr ifconfig 8 , 1271as well as special case-insensitive keywords described below. 1272Such keywords are removed before passing the value to 1273.Xr ifconfig 8 1274while the order of the other arguments is preserved. 1275.Pp 1276It is possible to add IP alias entries using 1277.Xr ifconfig 8 1278syntax with the address family keyword such as 1279.Li inet . 1280Assuming that the interface in question was 1281.Li em0 , 1282it might look something like this: 1283.Bd -literal 1284ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1285ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1286.Ed 1287.Pp 1288It also possible to configure multiple IP addresses in Classless 1289Inter-Domain Routing 1290.Pq CIDR 1291address notation, 1292whose each address component can be a range like 1293.Li inet 192.0.2.5-23/24 1294or 1295.Li inet6 2001:db8:1-f::1/64 . 1296This notation allows address and prefix length part only, 1297not the other address modifiers. 1298Note that the maximum number of the generated addresses from a range 1299specification is limited to an integer value specified in 1300.Va netif_ipexpand_max 1301in 1302.Nm 1303because a small typo can unexpectedly generate a large number of addresses. 1304The default value is 1305.Li 2048 . 1306It can be increased by adding the following line into 1307.Nm : 1308.Bd -literal 1309netif_ipexpand_max="4096" 1310.Ed 1311.Pp 1312In the case of 1313.Li 192.0.2.5-23/24 , 1314the address 192.0.2.5 will be configured with the 1315netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1316the non-conflicting netmask /32 as explained in the 1317.Xr ifconfig 8 1318alias section. 1319Note that this special netmask handling is only for 1320.Li inet , 1321not for the other address families such as 1322.Li inet6 . 1323.Pp 1324With the interface in question being 1325.Li em0 , 1326an example could look like: 1327.Bd -literal 1328ifconfig_em0_alias2="inet 192.0.2.129/27" 1329ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1330.Ed 1331.Pp 1332and so on. 1333.Pp 1334Note that deprecated 1335.Va ipv4_addrs_ Ns Aq Ar interface 1336variable was supported for IPv4 CIDR address notation. 1337The 1338.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1339variable replaces it, though 1340.Va ipv4_addrs_ Ns Aq Ar interface 1341is still supported for backward compatibility. 1342.Pp 1343For each 1344.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1345entry with an address family keyword, 1346its contents are passed to 1347.Xr ifconfig 8 . 1348Execution stops at the first unsuccessful access, so if 1349something like this is present: 1350.Bd -literal 1351ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1352ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1353ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1354ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1355.Ed 1356.Pp 1357Then note that alias4 would 1358.Em not 1359be added since the search would 1360stop with the missing 1361.Dq Li alias3 1362entry. 1363Because of this difficult to manage behavior, 1364there is 1365.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1366variable, which has the same functionality as 1367.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1368and can have all of entries in a variable like the following: 1369.Bd -literal 1370ifconfig_em0_aliases="\\ 1371 inet 127.0.0.251 netmask 0xffffffff \\ 1372 inet 127.0.0.252 netmask 0xffffffff \\ 1373 inet 127.0.0.253 netmask 0xffffffff \\ 1374 inet 127.0.0.254 netmask 0xffffffff" 1375.Ed 1376.Pp 1377It also supports CIDR notation. 1378.Pp 1379If the 1380.Pa /etc/start_if. Ns Aq Ar interface 1381file is present, it is read and executed by the 1382.Xr sh 1 1383interpreter 1384before configuring the interface as specified in the 1385.Va ifconfig_ Ns Aq Ar interface 1386and 1387.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1388variables. 1389.Pp 1390If a 1391.Va vlans_ Ns Aq Ar interface 1392variable is set, 1393a 1394.Xr vlan 4 1395interface will be created for each item in the list with the 1396.Ar vlandev 1397argument set to 1398.Ar interface . 1399If a vlan interface's name is a number, 1400then that number is used as the vlan tag and the new vlan interface is 1401named 1402.Ar interface . Ns Ar tag . 1403Otherwise, 1404the vlan tag must be specified via a 1405.Va vlan 1406parameter in the 1407.Va create_args_ Ns Aq Ar interface 1408variable. 1409.Pp 1410To create a vlan device named 1411.Li em0.101 1412on 1413.Li em0 1414with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1415.Bd -literal 1416vlans_em0="101" 1417ifconfig_em0_101="inet 192.0.2.1/24" 1418.Ed 1419.Pp 1420To create a vlan device named 1421.Li myvlan 1422on 1423.Li em0 1424with the vlan tag 102: 1425.Bd -literal 1426vlans_em0="myvlan" 1427create_args_myvlan="vlan 102" 1428.Ed 1429.Pp 1430If a 1431.Va wlans_ Ns Aq Ar interface 1432variable is set, 1433an 1434.Xr wlan 4 1435interface will be created for each item in the list with the 1436.Ar wlandev 1437argument set to 1438.Ar interface . 1439Further wlan cloning arguments may be passed to the 1440.Xr ifconfig 8 1441.Cm create 1442command by setting the 1443.Va create_args_ Ns Aq Ar interface 1444variable. 1445One or more 1446.Xr wlan 4 1447devices must be created for each wireless devices as of 1448.Fx 8.0 . 1449Debugging flags for 1450.Xr wlan 4 1451devices as set by 1452.Xr wlandebug 8 1453may be specified with an 1454.Va wlandebug_ Ns Aq Ar interface 1455variable. 1456The contents of this variable will be passed directly to 1457.Xr wlandebug 8 . 1458.Pp 1459If the 1460.Va ifconfig_ Ns Aq Ar interface 1461contains the keyword 1462.Dq Li NOAUTO 1463then the interface will not be configured 1464at boot or by 1465.Pa /etc/pccard_ether 1466when 1467.Va network_interfaces 1468is set to 1469.Dq Li AUTO . 1470.Pp 1471It is possible to bring up an interface with DHCP by adding 1472.Dq Li DHCP 1473to the 1474.Va ifconfig_ Ns Aq Ar interface 1475variable. 1476For instance, to initialize the 1477.Li em0 1478device via DHCP, 1479it is possible to use something like: 1480.Bd -literal 1481ifconfig_em0="DHCP" 1482.Ed 1483.Pp 1484If you want to configure your wireless interface with 1485.Xr wpa_supplicant 8 1486for use with WPA, EAP/LEAP or WEP, you need to add 1487.Dq Li WPA 1488to the 1489.Va ifconfig_ Ns Aq Ar interface 1490variable. 1491.Pp 1492On the other hand, if you want to configure your wireless interface with 1493.Xr hostapd 8 , 1494you need to add 1495.Dq Li HOSTAP 1496to the 1497.Va ifconfig_ Ns Aq Ar interface 1498variable. 1499.Xr hostapd 8 1500will use the settings from 1501.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1502.Pp 1503Finally, you can add 1504.Xr ifconfig 8 1505options in this variable, in addition to the 1506.Pa /etc/start_if. Ns Aq Ar interface 1507file. 1508For instance, to configure an 1509.Xr ath 4 1510wireless device in station mode with an address obtained 1511via DHCP, using WPA authentication and 802.11b mode, it is 1512possible to use something like: 1513.Bd -literal 1514wlans_ath0="wlan0" 1515ifconfig_wlan0="DHCP WPA mode 11b" 1516.Ed 1517.Pp 1518In addition to the 1519.Va ifconfig_ Ns Aq Ar interface 1520form, a fallback variable 1521.Va ifconfig_DEFAULT 1522may be configured. 1523It will be used for all interfaces with no 1524.Va ifconfig_ Ns Aq Ar interface 1525variable. 1526This is intended to replace the no longer supported 1527.Va pccard_ifconfig 1528variable. 1529.Pp 1530It is also possible to rename an interface by doing: 1531.Bd -literal 1532ifconfig_em0_name="net0" 1533ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1534.Ed 1535.It Va ipv6_enable 1536.Pq Vt bool 1537This variable is deprecated. 1538Use 1539.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1540and 1541.Va ipv6_activate_all_interfaces 1542if necessary. 1543.Pp 1544If the variable is 1545.Dq Li YES , 1546.Dq Li inet6 accept_rtadv 1547is added to all of 1548.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1549and the 1550.Va ipv6_activate_all_interfaces 1551is defined as 1552.Dq Li YES . 1553.It Va ipv6_prefer 1554.Pq Vt bool 1555This variable is deprecated. 1556Use 1557.Va ip6addrctl_policy 1558instead. 1559.Pp 1560If the variable is 1561.Dq Li YES , 1562the default address selection policy table set by 1563.Xr ip6addrctl 8 1564will be IPv6-preferred. 1565.Pp 1566If the variable is 1567.Dq Li NO , 1568the default address selection policy table set by 1569.Xr ip6addrctl 8 1570will be IPv4-preferred. 1571.It Va ipv6_activate_all_interfaces 1572.Pq Vt bool 1573This controls initial configuration on IPv6-capable 1574interfaces with no corresponding 1575.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1576variable. 1577Note that it is not always necessary to set this variable to 1578.Dq YES 1579to use IPv6 functionality on 1580.Fx . 1581In most cases, just configuring 1582.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1583variables works. 1584.Pp 1585If the variable is 1586.Dq Li NO , 1587all interfaces which do not have a corresponding 1588.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1589variable will be marked as 1590.Dq Li IFDISABLED 1591at creation. 1592This means that all of IPv6 functionality on that interface 1593is completely disabled to enforce a security policy. 1594If the variable is set to 1595.Dq YES , 1596the flag will be cleared on all of the interfaces. 1597.Pp 1598In most cases, just defining an 1599.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1600for an IPv6-capable interface should be sufficient. 1601However, if an interface is added dynamically 1602.Pq by some tunneling protocols such as PPP, for example , 1603it is often difficult to define the variable in advance. 1604In such a case, configuring the 1605.Dq Li IFDISABLED 1606flag can be disabled by setting this variable to 1607.Dq YES . 1608.Pp 1609For more details of the 1610.Dq Li IFDISABLED 1611flag and keywords 1612.Dq Li inet6 ifdisabled , 1613see 1614.Xr ifconfig 8 . 1615.Pp 1616Default is 1617.Dq Li NO . 1618.It Va ipv6_privacy 1619.Pq Vt bool 1620If the variable is 1621.Dq Li YES 1622privacy addresses will be generated for each IPv6 1623interface as described in RFC 4941. 1624.It Va ipv6_network_interfaces 1625.Pq Vt str 1626This is the IPv6 equivalent of 1627.Va network_interfaces . 1628Normally manual configuration of this variable is not needed. 1629.It Va ipv6_cpe_wanif 1630.Pq Vt str 1631If the variable is set to an interface name, 1632the 1633.Xr ifconfig 8 1634options 1635.Dq inet6 -no_radr accept_rtadv 1636will be added to the specified interface automatically before evaluating 1637.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1638and two 1639.Xr sysctl 8 1640variables 1641.Va net.inet6.ip6.rfc6204w3 1642and 1643.Va net.inet6.ip6.no_radr 1644will be set to 1. 1645.Pp 1646This means the specified interface will accept ICMPv6 Router 1647Advertisement messages on that link and add the discovered 1648routers into the Default Router List. 1649While the other interfaces can still accept RA messages if the 1650.Dq inet6 accept_rtadv 1651option is specified, adding 1652routes into the Default Router List will be disabled by 1653.Dq inet6 no_radr 1654option by default. 1655See 1656.Xr ifconfig 8 1657for more details. 1658.Pp 1659Note that ICMPv6 Router Advertisement messages will be 1660accepted even when 1661.Va net.inet6.ip6.forwarding 1662is 1 1663.Pq packet forwarding is enabled 1664when 1665.Va net.inet6.ip6.rfc6204w3 1666is set to 1. 1667.Pp 1668Default is 1669.Dq Li NO . 1670.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1671.Pq Vt str 1672This assigns arbitrary description to an interface. 1673The 1674.Xr sysctl 8 1675variable 1676.Va net.ifdescr_maxlen 1677limits its length. 1678This static setting may be overridden by commands 1679started with dynamic interface configuration utilities 1680like 1681.Xr dhclient 8 1682hooks. 1683The description can be seen with 1684.Xr ifconfig 8 1685command and it may be exported with 1686.Xr bsnmpd 1 1687daemon using its MIB-2 module. 1688.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1689.Pq Vt str 1690IPv6 functionality on an interface should be configured by 1691.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1692instead of setting ifconfig parameters in 1693.Va ifconfig_ Ns Aq Ar interface . 1694If this variable is empty, all of IPv6 configurations on the 1695specified interface by other variables such as 1696.Va ipv6_prefix_ Ns Ao Ar interface Ac 1697will be ignored. 1698.Pp 1699Aliases should be set by 1700.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1701with 1702.Dq Li inet6 1703keyword. 1704For example: 1705.Bd -literal 1706ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1707ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1708.Ed 1709.Pp 1710Interfaces that have an 1711.Dq Li inet6 accept_rtadv 1712keyword in 1713.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1714setting will be automatically configured by SLAAC 1715.Pq StateLess Address AutoConfiguration 1716described in 1717.Rs 1718.%T "RFC 4862" 1719.Re 1720.Pp 1721Note that a link-local address will be automatically configured in 1722addition to the configured global-scope addresses because the IPv6 1723specifications require it on each link. 1724The address is calculated from the MAC address by using an algorithm 1725defined in 1726.Rs 1727.%T "RFC 4862" 1728.%O "Section 5.3" 1729.Re 1730.Pp 1731If only a link-local address is needed on the interface, 1732the following configuration can be used: 1733.Bd -literal 1734ifconfig_em0_ipv6="inet6 auto_linklocal" 1735.Ed 1736.Pp 1737A link-local address can also be configured manually. 1738This is useful for the default router address of an IPv6 router 1739so that it does not change when the network interface 1740card is replaced. 1741For example: 1742.Bd -literal 1743ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1744.Ed 1745.It Va ipv6_prefix_ Ns Aq Ar interface 1746.Pq Vt str 1747If one or more prefixes are defined in 1748.Va ipv6_prefix_ Ns Aq Ar interface 1749addresses based on each prefix and the EUI-64 interface index will be 1750configured on that interface. 1751Note that this variable will be ignored when 1752.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1753is empty. 1754.Pp 1755For example, the following configuration 1756.Bd -literal 1757ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1758.Ed 1759.Pp 1760is equivalent to the following: 1761.Bd -literal 1762ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1763ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1764ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1765ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1766.Ed 1767.Pp 1768These Subnet-Router anycast addresses will be added only when 1769.Va ipv6_gateway_enable 1770is YES. 1771.It Va ipv6_default_interface 1772.Pq Vt str 1773If not set to 1774.Dq Li NO , 1775this is the default output interface for scoped addresses. 1776This works only with ipv6_gateway_enable="NO". 1777.It Va ip6addrctl_enable 1778.Pq Vt bool 1779This variable is to enable configuring default address selection policy table 1780.Pq RFC 3484 . 1781The table can be specified in another variable 1782.Va ip6addrctl_policy . 1783For 1784.Va ip6addrctl_policy 1785the following keywords can be specified: 1786.Dq Li ipv4_prefer , 1787.Dq Li ipv6_prefer , 1788or 1789.Dq Li AUTO . 1790.Pp 1791If 1792.Dq Li ipv4_prefer 1793or 1794.Dq Li ipv6_prefer 1795is specified, 1796.Xr ip6addrctl 8 1797installs a pre-defined policy table described in Section 10.3 1798.Pq IPv4-preferred 1799or 2.1 1800.Pq IPv6-preferred 1801of RFC 3484. 1802.Pp 1803If 1804.Dq Li AUTO 1805is specified, it attempts to read a file 1806.Pa /etc/ip6addrctl.conf 1807first. 1808If this file is found, 1809.Xr ip6addrctl 8 1810reads and installs it. 1811If not found, a policy is automatically set 1812according to 1813.Va ipv6_activate_all_interfaces 1814variable; if the variable is set to 1815.Dq Li YES 1816the IPv6-preferred one is used. 1817Otherwise IPv4-preferred. 1818.Pp 1819The default value of 1820.Va ip6addrctl_enable 1821and 1822.Va ip6addrctl_policy 1823are 1824.Dq Li YES 1825and 1826.Dq Li AUTO , 1827respectively. 1828.It Va cloned_interfaces 1829.Pq Vt str 1830Set to the list of clonable network interfaces to create on this host. 1831Further cloning arguments may be passed to the 1832.Xr ifconfig 8 1833.Cm create 1834command for each interface by setting the 1835.Va create_args_ Ns Aq Ar interface 1836variable. 1837If an interface name is specified with 1838.Dq :sticky 1839keyword, 1840the interface will not be destroyed even when 1841.Pa rc.d/netif 1842script is invoked with 1843.Dq stop 1844argument. 1845This is useful when reconfiguring the interface without destroying it. 1846Entries in 1847.Va cloned_interfaces 1848are automatically appended to 1849.Va network_interfaces 1850for configuration. 1851.It Va cloned_interfaces_sticky 1852.Pq Vt bool 1853This variable is to globally enable functionality of 1854.Dq :sticky 1855keyword in 1856.Va cloned_interfaces 1857for all interfaces. 1858The default value is 1859.Dq NO . 1860Even if this variable is specified to 1861.Dq YES , 1862.Dq :nosticky 1863keyword can be used to override it on per interface basis. 1864.It Va gif_interfaces 1865Set to the list of 1866.Xr gif 4 1867tunnel interfaces to configure on this host. 1868A 1869.Va gifconfig_ Ns Aq Ar interface 1870variable is assumed to exist for each value of 1871.Ar interface . 1872The value of this variable is used to configure the link layer of the 1873tunnel using the 1874.Cm tunnel 1875option to 1876.Xr ifconfig . 1877Additionally, this option ensures that each listed interface is created 1878via the 1879.Cm create 1880option to 1881.Xr ifconfig 1882before attempting to configure it. 1883.Pp 1884For example, configure two 1885.Xr gif 1886interfaces with: 1887.Bd -literal 1888gif_interfaces="gif0 gif1" 1889gifconfig_gif0="100.64.0.1 100.64.0.2" 1890ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1891gifconfig_gif1="inet6 2a00::1 2a01::1" 1892ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1893.Ed 1894.It Va sppp_interfaces 1895.Pq Vt str 1896Set to the list of 1897.Xr sppp 4 1898interfaces to configure on this host. 1899A 1900.Va spppconfig_ Ns Aq Ar interface 1901variable is assumed to exist for each value of 1902.Ar interface . 1903Each interface should also be configured by a general 1904.Va ifconfig_ Ns Aq Ar interface 1905setting. 1906Refer to 1907.Xr spppcontrol 8 1908for more information about available options. 1909.It Va ppp_enable 1910.Pq Vt bool 1911If set to 1912.Dq Li YES , 1913run the 1914.Xr ppp 8 1915daemon. 1916.It Va ppp_profile 1917.Pq Vt str 1918The name of the profile to use from 1919.Pa /etc/ppp/ppp.conf . 1920Also used for per-profile overrides of 1921.Va ppp_mode 1922and 1923.Va ppp_nat , 1924and 1925.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1926When the profile name contains any of the characters 1927.Dq Li .-/+ 1928they are translated to 1929.Dq Li _ 1930for the proposes of the override variable names. 1931.It Va ppp_mode 1932.Pq Vt str 1933Mode in which to run the 1934.Xr ppp 8 1935daemon. 1936.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1937.Pq Vt str 1938Overrides the global 1939.Va ppp_mode 1940for 1941.Ar profile . 1942Accepted modes are 1943.Dq Li auto , 1944.Dq Li ddial , 1945.Dq Li direct 1946and 1947.Dq Li dedicated . 1948See the manual for a full description. 1949.It Va ppp_nat 1950.Pq Vt bool 1951If set to 1952.Dq Li YES , 1953enables network address translation. 1954Used in conjunction with 1955.Va gateway_enable 1956allows hosts on private network addresses access to the Internet using 1957this host as a network address translating router. 1958.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1959.Pq Vt str 1960Overrides the global 1961.Va ppp_nat 1962for 1963.Ar profile . 1964.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1965.Pq Vt int 1966Set the unit number to be used for this profile. 1967See the manual description of 1968.Fl unit Ns Ar N 1969for details. 1970.It Va ppp_user 1971.Pq Vt str 1972The name of the user under which 1973.Xr ppp 8 1974should be started. 1975By 1976default, 1977.Xr ppp 8 1978is started as 1979.Dq Li root . 1980.It Va rc_conf_files 1981.Pq Vt str 1982This option is used to specify a list of files that will override 1983the settings in 1984.Pa /etc/defaults/rc.conf . 1985The files will be read in the order in which they are specified and should 1986include the full path to the file. 1987By default, the files specified are 1988.Pa /etc/rc.conf 1989and 1990.Pa /etc/rc.conf.local 1991.It Va zfs_enable 1992.Pq Vt bool 1993If set to 1994.Dq Li YES , 1995.Pa /etc/rc.d/zfs 1996will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1997(ZVOLs). 1998.It Va gptboot_enable 1999.Pq Vt bool 2000If set to 2001.Dq Li YES , 2002.Pa /etc/rc.d/gptboot 2003will log if the system successfully (or not) booted from a GPT partition, 2004which had the 2005.Ar bootonce 2006attribute set using 2007.Xr gpart 8 2008utility. 2009.It Va gbde_autoattach_all 2010.Pq Vt bool 2011If set to 2012.Dq Li YES , 2013.Pa /etc/rc.d/gbde 2014will attempt to automatically initialize your .bde devices in 2015.Pa /etc/fstab . 2016.It Va gbde_devices 2017.Pq Vt str 2018List the devices that the script should try to attach, 2019or 2020.Dq Li AUTO . 2021.It Va gbde_lockdir 2022.Pq Vt str 2023The directory where the 2024.Xr gbde 4 2025lockfiles are located. 2026The default lockfile directory is 2027.Pa /etc . 2028.Pp 2029The lockfile for each individual 2030.Xr gbde 4 2031device can be overridden by setting the variable 2032.Va gbde_lock_ Ns Aq Ar device , 2033where 2034.Ar device 2035is the encrypted device without the 2036.Dq Pa /dev/ 2037and 2038.Dq Pa .bde 2039parts. 2040.It Va gbde_attach_attempts 2041.Pq Vt int 2042Number of times to attempt attaching to a 2043.Xr gbde 4 2044device, i.e., how many times the user is asked for the pass-phrase. 2045Default is 3. 2046.It Va geli_devices 2047.Pq Vt str 2048List of devices to automatically attach on boot. 2049Note that .eli devices from 2050.Pa /etc/fstab 2051are automatically appended to this list. 2052.It Va geli_groups 2053.Pq Vt str 2054List of groups containing devices to automatically attach on boot with the same 2055keyfiles and passphrase. 2056This must be accompanied with a corresponding 2057.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2058variable. 2059.It Va geli_tries 2060.Pq Vt int 2061Number of times user is asked for the pass-phrase. 2062If empty, it will be taken from 2063.Va kern.geom.eli.tries 2064sysctl variable. 2065.It Va geli_default_flags 2066.Pq Vt str 2067Default flags to use by 2068.Xr geli 8 2069when configuring disk encryption. 2070Flags can be configured for every device separately by defining the 2071.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2072variable, and for every group separately by defining the 2073.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2074variable. 2075.It Va geli_autodetach 2076.Pq Vt str 2077Specifies if GELI devices should be marked for detach on last close after 2078file systems are mounted. 2079Default is 2080.Dq Li YES . 2081This can be changed for every device separately by defining the 2082.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2083variable. 2084.It Va root_rw_mount 2085.Pq Vt bool 2086Set to 2087.Dq Li YES 2088by default. 2089After the file systems are checked at boot time, the root file system 2090is remounted as read-write if this is set to 2091.Dq Li YES . 2092Diskless systems that mount their root file system from a read-only remote 2093NFS share should set this to 2094.Dq Li NO 2095in their 2096.Pa rc.conf . 2097.It Va fsck_y_enable 2098.Pq Vt bool 2099If set to 2100.Dq Li YES , 2101.Xr fsck 8 2102will be run with the 2103.Fl y 2104flag if the initial preen 2105of the file systems fails. 2106.It Va background_fsck 2107.Pq Vt bool 2108If set to 2109.Dq Li NO , 2110the system will not attempt to run 2111.Xr fsck 8 2112in the background where possible. 2113.It Va background_fsck_delay 2114.Pq Vt int 2115The amount of time in seconds to sleep before starting a background 2116.Xr fsck 8 . 2117It defaults to sixty seconds to allow large applications such as 2118the X server to start before disk I/O bandwidth is monopolized by 2119.Xr fsck 8 . 2120If set to a negative number, the background file system check will be 2121delayed indefinitely to allow the administrator to run it at a more 2122convenient time. 2123For example it may be run from 2124.Xr cron 8 2125by adding a line like 2126.Pp 2127.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2128.Pp 2129to 2130.Pa /etc/crontab . 2131.It Va netfs_types 2132.Pq Vt str 2133List of file system types that are network-based. 2134This list should generally not be modified by end users. 2135Use 2136.Va extra_netfs_types 2137instead. 2138.It Va extra_netfs_types 2139.Pq Vt str 2140If set to something other than 2141.Dq Li NO 2142(the default), 2143this variable extends the list of file system types 2144for which automatic mounting at startup by 2145.Xr rc 8 2146should be delayed until the network is initialized. 2147It should contain 2148a whitespace-separated list of network file system descriptor pairs, 2149each consisting of a file system type as passed to 2150.Xr mount 8 2151and a human-readable, one-word description, 2152joined with a colon 2153.Pq Ql \&: . 2154Extending the default list in this way is only necessary 2155when third party file system types are used. 2156.It Va syslogd_enable 2157.Pq Vt bool 2158If set to 2159.Dq Li YES , 2160run the 2161.Xr syslogd 8 2162daemon. 2163.It Va syslogd_program 2164.Pq Vt str 2165Path to 2166.Xr syslogd 8 2167(default 2168.Pa /usr/sbin/syslogd ) . 2169.It Va syslogd_flags 2170.Pq Vt str 2171If 2172.Va syslogd_enable 2173is set to 2174.Dq Li YES , 2175these are the flags to pass to 2176.Xr syslogd 8 . 2177.It Va inetd_enable 2178.Pq Vt bool 2179If set to 2180.Dq Li YES , 2181run the 2182.Xr inetd 8 2183daemon. 2184.It Va inetd_program 2185.Pq Vt str 2186Path to 2187.Xr inetd 8 2188(default 2189.Pa /usr/sbin/inetd ) . 2190.It Va inetd_flags 2191.Pq Vt str 2192If 2193.Va inetd_enable 2194is set to 2195.Dq Li YES , 2196these are the flags to pass to 2197.Xr inetd 8 . 2198.It Va hastd_enable 2199.Pq Vt bool 2200If set to 2201.Dq Li YES , 2202run the 2203.Xr hastd 8 2204daemon. 2205.It Va hastd_program 2206.Pq Vt str 2207Path to 2208.Xr hastd 8 2209(default 2210.Pa /sbin/hastd ) . 2211.It Va hastd_flags 2212.Pq Vt str 2213If 2214.Va hastd_enable 2215is set to 2216.Dq Li YES , 2217these are the flags to pass to 2218.Xr hastd 8 . 2219.It Va local_unbound_enable 2220.Pq Vt bool 2221If set to 2222.Dq Li YES , 2223run the 2224.Xr unbound 8 2225daemon as a local caching resolver. 2226.It Va kdc_enable 2227.Pq Vt bool 2228Set to 2229.Dq Li YES 2230to start a Kerberos 5 authentication server 2231at boot time. 2232.It Va kdc_program 2233.Pq Vt str 2234If 2235.Va kdc_enable 2236is set to 2237.Dq Li YES 2238this is the path to Kerberos 5 Authentication Server. 2239.It Va kdc_flags 2240.Pq Vt str 2241Empty by default. 2242This variable contains additional flags to be passed to the Kerberos 5 2243authentication server. 2244.It Va kadmind_enable 2245.Pq Vt bool 2246Set to 2247.Dq Li YES 2248to start 2249.Xr kadmind 8 , 2250the Kerberos 5 Administration Daemon; set to 2251.Dq Li NO 2252on a slave server. 2253.It Va kadmind_program 2254.Pq Vt str 2255If 2256.Va kadmind_enable 2257is set to 2258.Dq Li YES 2259this is the path to Kerberos 5 Administration Daemon. 2260.It Va kpasswdd_enable 2261.Pq Vt bool 2262Set to 2263.Dq Li YES 2264to start 2265.Xr kpasswdd 8 , 2266the Kerberos 5 Password-Changing Daemon; set to 2267.Dq Li NO 2268on a slave server. 2269.It Va kpasswdd_program 2270.Pq Vt str 2271If 2272.Va kpasswdd_enable 2273is set to 2274.Dq Li YES 2275this is the path to Kerberos 5 Password-Changing Daemon. 2276.It Va kfd_enable 2277.Pq Vt bool 2278Set to 2279.Dq Li YES 2280to start 2281.Xr kfd 8 , 2282the Kerberos 5 ticket forwarding daemon, at the boot time. 2283.It Va kfd_program 2284.Pq Vt str 2285Path to 2286.Xr kfd 8 2287(default 2288.Pa /usr/libexec/kfd ) . 2289.It Va rwhod_enable 2290.Pq Vt bool 2291If set to 2292.Dq Li YES , 2293run the 2294.Xr rwhod 8 2295daemon at boot time. 2296.It Va rwhod_flags 2297.Pq Vt str 2298If 2299.Va rwhod_enable 2300is set to 2301.Dq Li YES , 2302these are the flags to pass to it. 2303.It Va amd_enable 2304.Pq Vt bool 2305If set to 2306.Dq Li YES , 2307run the 2308.Xr amd 8 2309daemon at boot time. 2310.It Va amd_flags 2311.Pq Vt str 2312If 2313.Va amd_enable 2314is set to 2315.Dq Li YES , 2316these are the flags to pass to it. 2317See the 2318.Xr amd 8 2319manpage for more information. 2320.It Va amd_map_program 2321.Pq Vt str 2322If set, 2323the specified program is run to get the list of 2324.Xr amd 8 2325maps. 2326For example, if the 2327.Xr amd 8 2328maps are stored in NIS, one can set this to 2329run 2330.Xr ypcat 1 2331to get a list of 2332.Xr amd 8 2333maps from the 2334.Pa amd.master 2335NIS map. 2336.It Va update_motd 2337.Pq Vt bool 2338If set to 2339.Dq Li YES , 2340.Pa /etc/motd 2341will be updated at boot time to reflect the kernel release 2342being run. 2343If set to 2344.Dq Li NO , 2345.Pa /etc/motd 2346will not be updated. 2347.It Va nfs_client_enable 2348.Pq Vt bool 2349If set to 2350.Dq Li YES , 2351run the NFS client daemons at boot time. 2352.It Va nfs_access_cache 2353.Pq Vt int 2354If 2355.Va nfs_client_enable 2356is set to 2357.Dq Li YES , 2358this can be set to 2359.Dq Li 0 2360to disable NFS ACCESS RPC caching, or to the number of seconds for which 2361NFS ACCESS 2362results should be cached. 2363A value of 2-10 seconds will substantially reduce network 2364traffic for many NFS operations. 2365.It Va nfs_server_enable 2366.Pq Vt bool 2367If set to 2368.Dq Li YES , 2369run the NFS server daemons at boot time. 2370.It Va nfs_server_flags 2371.Pq Vt str 2372If 2373.Va nfs_server_enable 2374is set to 2375.Dq Li YES , 2376these are the flags to pass to the 2377.Xr nfsd 8 2378daemon. 2379.It Va nfsv4_server_enable 2380.Pq Vt bool 2381If 2382.Va nfs_server_enable 2383is set to 2384.Dq Li YES 2385and 2386.Va nfsv4_server_enable 2387are set to 2388.Dq Li YES , 2389enable the server for NFSv4 as well as NFSv2 and NFSv3. 2390.It Va nfsuserd_enable 2391.Pq Vt bool 2392If 2393.Va nfsuserd_enable 2394is set to 2395.Dq Li YES , 2396run the nfsuserd daemon, which is needed for NFSv4 in order 2397to map between user/group names vs uid/gid numbers. 2398If 2399.Va nfsv4_server_enable 2400is set to 2401.Dq Li YES , 2402this will be forced enabled. 2403.It Va nfsuserd_flags 2404.Pq Vt str 2405If 2406.Va nfsuserd_enable 2407is set to 2408.Dq Li YES , 2409these are the flags to pass to the 2410.Xr nfsuserd 8 2411daemon. 2412.It Va nfscbd_enable 2413.Pq Vt bool 2414If 2415.Va nfscbd_enable 2416is set to 2417.Dq Li YES , 2418run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2419.It Va nfscbd_flags 2420.Pq Vt str 2421If 2422.Va nfscbd_enable 2423is set to 2424.Dq Li YES , 2425these are the flags to pass to the 2426.Xr nfscbd 8 2427daemon. 2428.It Va mountd_enable 2429.Pq Vt bool 2430If set to 2431.Dq Li YES , 2432and no 2433.Va nfs_server_enable 2434is set, start 2435.Xr mountd 8 , 2436but not 2437.Xr nfsd 8 2438daemon. 2439It is commonly needed to run CFS without real NFS used. 2440.It Va mountd_flags 2441.Pq Vt str 2442If 2443.Va mountd_enable 2444is set to 2445.Dq Li YES , 2446these are the flags to pass to the 2447.Xr mountd 8 2448daemon. 2449.It Va weak_mountd_authentication 2450.Pq Vt bool 2451If set to 2452.Dq Li YES , 2453allow services like PCNFSD to make non-privileged mount 2454requests. 2455.It Va nfs_reserved_port_only 2456.Pq Vt bool 2457If set to 2458.Dq Li YES , 2459provide NFS services only on a secure port. 2460.It Va nfs_bufpackets 2461.Pq Vt int 2462If set to a number, indicates the number of packets worth of 2463socket buffer space to reserve on an NFS client. 2464The kernel default is typically 4. 2465Using a higher number may be 2466useful on gigabit networks to improve performance. 2467The minimum value is 24682 and the maximum is 64. 2469.It Va rpc_lockd_enable 2470.Pq Vt bool 2471If set to 2472.Dq Li YES 2473and also an NFS server or client, run 2474.Xr rpc.lockd 8 2475at boot time. 2476.It Va rpc_lockd_flags 2477.Pq Vt str 2478If 2479.Va rpc_lockd_enable 2480is set to 2481.Dq Li YES , 2482these are the flags to pass to the 2483.Xr rpc.lockd 8 2484daemon. 2485.It Va rpc_statd_enable 2486.Pq Vt bool 2487If set to 2488.Dq Li YES 2489and also an NFS server or client, run 2490.Xr rpc.statd 8 2491at boot time. 2492.It Va rpc_statd_flags 2493.Pq Vt str 2494If 2495.Va rpc_statd_enable 2496is set to 2497.Dq Li YES , 2498these are the flags to pass to the 2499.Xr rpc.statd 8 2500daemon. 2501.It Va rpcbind_program 2502.Pq Vt str 2503Path to 2504.Xr rpcbind 8 2505(default 2506.Pa /usr/sbin/rpcbind ) . 2507.It Va rpcbind_enable 2508.Pq Vt bool 2509If set to 2510.Dq Li YES , 2511run the 2512.Xr rpcbind 8 2513service at boot time. 2514.It Va rpcbind_flags 2515.Pq Vt str 2516If 2517.Va rpcbind_enable 2518is set to 2519.Dq Li YES , 2520these are the flags to pass to the 2521.Xr rpcbind 8 2522daemon. 2523.It Va keyserv_enable 2524.Pq Vt bool 2525If set to 2526.Dq Li YES , 2527run the 2528.Xr keyserv 8 2529daemon on boot for running Secure RPC. 2530.It Va keyserv_flags 2531.Pq Vt str 2532If 2533.Va keyserv_enable 2534is set to 2535.Dq Li YES , 2536these are the flags to pass to 2537.Xr keyserv 8 2538daemon. 2539.It Va pppoed_enable 2540.Pq Vt bool 2541If set to 2542.Dq Li YES , 2543run the 2544.Xr pppoed 8 2545daemon at boot time to provide PPP over Ethernet services. 2546.It Va pppoed_ Ns Aq Ar provider 2547.Pq Vt str 2548.Xr pppoed 8 2549listens to requests to this 2550.Ar provider 2551and ultimately runs 2552.Xr ppp 8 2553with a 2554.Ar system 2555argument of the same name. 2556.It Va pppoed_flags 2557.Pq Vt str 2558Additional flags to pass to 2559.Xr pppoed 8 . 2560.It Va pppoed_interface 2561.Pq Vt str 2562The network interface to run 2563.Xr pppoed 8 2564on. 2565This is mandatory when 2566.Va pppoed_enable 2567is set to 2568.Dq Li YES . 2569.It Va timed_enable 2570.Pq Vt bool 2571If set to 2572.Dq Li YES , 2573run the 2574.Xr timed 8 2575service at boot time. 2576This command is intended for networks of 2577machines where a consistent 2578.Dq "network time" 2579for all hosts must be established. 2580This is often useful in large NFS 2581environments where time stamps on files are expected to be consistent 2582network-wide. 2583.It Va timed_flags 2584.Pq Vt str 2585If 2586.Va timed_enable 2587is set to 2588.Dq Li YES , 2589these are the flags to pass to the 2590.Xr timed 8 2591service. 2592.It Va ntpdate_enable 2593.Pq Vt bool 2594If set to 2595.Dq Li YES , 2596run 2597.Xr ntpdate 8 2598at system startup. 2599This command is intended to 2600synchronize the system clock only 2601.Em once 2602from some standard reference. 2603.Pp 2604Note that the use of the 2605.Va ntpd_sync_on_start 2606variable is a preferred alternative to the 2607.Xr ntpdate 8 2608utility as 2609.Xr ntpdate 8 2610is to be retired from the NTP distribution. 2611.It Va ntpdate_config 2612.Pq Vt str 2613Configuration file for 2614.Xr ntpdate 8 . 2615Default 2616.Pa /etc/ntp.conf . 2617.It Va ntpdate_hosts 2618.Pq Vt str 2619A whitespace-separated list of NTP servers to synchronize with at startup. 2620The default is to use the servers listed in 2621.Va ntpdate_config , 2622if that file exists. 2623.It Va ntpdate_program 2624.Pq Vt str 2625Path to 2626.Xr ntpdate 8 2627(default 2628.Pa /usr/sbin/ntpdate ) . 2629.It Va ntpdate_flags 2630.Pq Vt str 2631If 2632.Va ntpdate_enable 2633is set to 2634.Dq Li YES , 2635these are the flags to pass to the 2636.Xr ntpdate 8 2637command (typically a hostname). 2638.It Va ntpd_enable 2639.Pq Vt bool 2640If set to 2641.Dq Li YES , 2642run the 2643.Xr ntpd 8 2644command at boot time. 2645.It Va ntpd_program 2646.Pq Vt str 2647Path to 2648.Xr ntpd 8 2649(default 2650.Pa /usr/sbin/ntpd ) . 2651.It Va ntpd_config 2652.Pq Vt str 2653Path to 2654.Xr ntpd 8 2655configuration file. 2656Default 2657.Pa /etc/ntp.conf . 2658.It Va ntpd_flags 2659.Pq Vt str 2660If 2661.Va ntpd_enable 2662is set to 2663.Dq Li YES , 2664these are the flags to pass to the 2665.Xr ntpd 8 2666daemon. 2667.It Va ntpd_sync_on_start 2668.Pq Vt bool 2669If set to 2670.Dq Li YES , 2671.Xr ntpd 8 2672is run with the 2673.Fl g 2674flag, which syncs the system's clock on startup. 2675See 2676.Xr ntpd 8 2677for more information regarding the 2678.Fl g 2679option. 2680This is a preferred alternative to using 2681.Xr ntpdate 8 2682or specifying the 2683.Va ntpdate_enable 2684variable. 2685.It Va nis_client_enable 2686.Pq Vt bool 2687If set to 2688.Dq Li YES , 2689run the 2690.Xr ypbind 8 2691service at system boot time. 2692.It Va nis_client_flags 2693.Pq Vt str 2694If 2695.Va nis_client_enable 2696is set to 2697.Dq Li YES , 2698these are the flags to pass to the 2699.Xr ypbind 8 2700service. 2701.It Va nis_ypldap_enable 2702.Pq Vt bool 2703If set to 2704.Dq Li YES , 2705run the 2706.Xr ypldap 8 2707daemon at system boot time. 2708.It Va nis_ypldap_flags 2709.Pq Vt str 2710If 2711.Va nis.ypldap_enable 2712is set to 2713.Dq Li YES , 2714these are the flags to pass to the 2715.Xr ypldap 8 2716daemon. 2717.It Va nis_ypset_enable 2718.Pq Vt bool 2719If set to 2720.Dq Li YES , 2721run the 2722.Xr ypset 8 2723daemon at system boot time. 2724.It Va nis_ypset_flags 2725.Pq Vt str 2726If 2727.Va nis_ypset_enable 2728is set to 2729.Dq Li YES , 2730these are the flags to pass to the 2731.Xr ypset 8 2732daemon. 2733.It Va nis_server_enable 2734.Pq Vt bool 2735If set to 2736.Dq Li YES , 2737run the 2738.Xr ypserv 8 2739daemon at system boot time. 2740.It Va nis_server_flags 2741.Pq Vt str 2742If 2743.Va nis_server_enable 2744is set to 2745.Dq Li YES , 2746these are the flags to pass to the 2747.Xr ypserv 8 2748daemon. 2749.It Va nis_ypxfrd_enable 2750.Pq Vt bool 2751If set to 2752.Dq Li YES , 2753run the 2754.Xr rpc.ypxfrd 8 2755daemon at system boot time. 2756.It Va nis_ypxfrd_flags 2757.Pq Vt str 2758If 2759.Va nis_ypxfrd_enable 2760is set to 2761.Dq Li YES , 2762these are the flags to pass to the 2763.Xr rpc.ypxfrd 8 2764daemon. 2765.It Va nis_yppasswdd_enable 2766.Pq Vt bool 2767If set to 2768.Dq Li YES , 2769run the 2770.Xr rpc.yppasswdd 8 2771daemon at system boot time. 2772.It Va nis_yppasswdd_flags 2773.Pq Vt str 2774If 2775.Va nis_yppasswdd_enable 2776is set to 2777.Dq Li YES , 2778these are the flags to pass to the 2779.Xr rpc.yppasswdd 8 2780daemon. 2781.It Va rpc_ypupdated_enable 2782.Pq Vt bool 2783If set to 2784.Dq Li YES , 2785run the 2786.Nm rpc.ypupdated 2787daemon at system boot time. 2788.It Va bsnmpd_enable 2789.Pq Vt bool 2790If set to 2791.Dq Li YES , 2792run the 2793.Xr bsnmpd 1 2794daemon at system boot time. 2795Be sure to understand the security implications of running SNMP daemon 2796on your host. 2797.It Va bsnmpd_flags 2798.Pq Vt str 2799If 2800.Va bsnmpd_enable 2801is set to 2802.Dq Li YES , 2803these are the flags to pass to the 2804.Xr bsnmpd 1 2805daemon. 2806.It Va defaultrouter 2807.Pq Vt str 2808If not set to 2809.Dq Li NO , 2810create a default route to this host name or IP address 2811(use an IP address if this router is also required to get to the 2812name server!). 2813.It Va ipv6_defaultrouter 2814.Pq Vt str 2815The IPv6 equivalent of 2816.Va defaultrouter . 2817.It Va static_arp_pairs 2818.Pq Vt str 2819Set to the list of static ARP pairs that are to be added at system 2820boot time. 2821For each whitespace separated 2822.Ar element 2823in the value, a 2824.Va static_arp_ Ns Aq Ar element 2825variable is assumed to exist whose contents will later be passed to a 2826.Dq Nm arp Cm -S 2827operation. 2828For example 2829.Bd -literal 2830static_arp_pairs="gw" 2831static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2832.Ed 2833.It Va static_ndp_pairs 2834.Pq Vt str 2835Set to the list of static NDP pairs that are to be added at system 2836boot time. 2837For each whitespace separated 2838.Ar element 2839in the value, a 2840.Va static_ndp_ Ns Aq Ar element 2841variable is assumed to exist whose contents will later be passed to a 2842.Dq Nm ndp Cm -s 2843operation. 2844For example 2845.Bd -literal 2846static_ndp_pairs="gw" 2847static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2848.Ed 2849.It Va static_routes 2850.Pq Vt str 2851Set to the list of static routes that are to be added at system 2852boot time. 2853If not set to 2854.Dq Li NO 2855then for each whitespace separated 2856.Ar element 2857in the value, a 2858.Va route_ Ns Aq Ar element 2859variable is assumed to exist 2860whose contents will later be passed to a 2861.Dq Nm route Cm add 2862operation. 2863For example: 2864.Bd -literal 2865static_routes="ext mcast:gif0 gif0local:gif0" 2866route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2867route_mcast="-net 224.0.0.0/4 -iface gif0" 2868route_gif0local="-host 169.254.1.1 -iface lo0" 2869.Ed 2870.Pp 2871When an 2872.Ar element 2873is in the form of 2874.Li name:ifname , 2875the route is specific to the interface 2876.Li ifname . 2877.It Va ipv6_static_routes 2878.Pq Vt str 2879The IPv6 equivalent of 2880.Va static_routes . 2881If not set to 2882.Dq Li NO 2883then for each whitespace separated 2884.Ar element 2885in the value, a 2886.Va ipv6_route_ Ns Aq Ar element 2887variable is assumed to exist 2888whose contents will later be passed to a 2889.Dq Nm route Cm add Fl inet6 2890operation. 2891.It Va gateway_enable 2892.Pq Vt bool 2893If set to 2894.Dq Li YES , 2895configure host to act as an IP router, e.g.\& to forward packets 2896between interfaces. 2897.It Va ipv6_gateway_enable 2898.Pq Vt bool 2899The IPv6 equivalent of 2900.Va gateway_enable . 2901.It Va routed_enable 2902.Pq Vt bool 2903If set to 2904.Dq Li YES , 2905run a routing daemon of some sort, based on the 2906settings of 2907.Va routed_program 2908and 2909.Va routed_flags . 2910.It Va route6d_enable 2911.Pq Vt bool 2912The IPv6 equivalent of 2913.Va routed_enable . 2914If set to 2915.Dq Li YES , 2916run a routing daemon of some sort, based on the 2917settings of 2918.Va route6d_program 2919and 2920.Va route6d_flags . 2921.It Va routed_program 2922.Pq Vt str 2923If 2924.Va routed_enable 2925is set to 2926.Dq Li YES , 2927this is the name of the routing daemon to use. 2928.It Va route6d_program 2929.Pq Vt str 2930The IPv6 equivalent of 2931.Va routed_program . 2932.It Va routed_flags 2933.Pq Vt str 2934If 2935.Va routed_enable 2936is set to 2937.Dq Li YES , 2938these are the flags to pass to the routing daemon. 2939.It Va route6d_flags 2940.Pq Vt str 2941The IPv6 equivalent of 2942.Va routed_flags . 2943.It Va rtadvd_enable 2944.Pq Vt bool 2945If set to 2946.Dq Li YES , 2947run the 2948.Xr rtadvd 8 2949daemon at boot time. 2950The 2951.Xr rtadvd 8 2952utility sends ICMPv6 Router Advertisement messages to 2953the interfaces specified in 2954.Va rtadvd_interfaces . 2955This should only be enabled with great care. 2956You may want to fine-tune 2957.Xr rtadvd.conf 5 . 2958.It Va rtadvd_interfaces 2959.Pq Vt str 2960If 2961.Va rtadvd_enable 2962is set to 2963.Dq Li YES 2964this is the list of interfaces to use. 2965.It Va arpproxy_all 2966.Pq Vt bool 2967If set to 2968.Dq Li YES , 2969enable global proxy ARP. 2970.It Va forward_sourceroute 2971.Pq Vt bool 2972If set to 2973.Dq Li YES 2974and 2975.Va gateway_enable 2976is also set to 2977.Dq Li YES , 2978source-routed packets are forwarded. 2979.It Va accept_sourceroute 2980.Pq Vt bool 2981If set to 2982.Dq Li YES , 2983the system will accept source-routed packets directed at it. 2984.It Va rarpd_enable 2985.Pq Vt bool 2986If set to 2987.Dq Li YES , 2988run the 2989.Xr rarpd 8 2990daemon at system boot time. 2991.It Va rarpd_flags 2992.Pq Vt str 2993If 2994.Va rarpd_enable 2995is set to 2996.Dq Li YES , 2997these are the flags to pass to the 2998.Xr rarpd 8 2999daemon. 3000.It Va bootparamd_enable 3001.Pq Vt bool 3002If set to 3003.Dq Li YES , 3004run the 3005.Xr bootparamd 8 3006daemon at system boot time. 3007.It Va bootparamd_flags 3008.Pq Vt str 3009If 3010.Va bootparamd_enable 3011is set to 3012.Dq Li YES , 3013these are the flags to pass to the 3014.Xr bootparamd 8 3015daemon. 3016.It Va stf_interface_ipv4addr 3017.Pq Vt str 3018If not set to 3019.Dq Li NO , 3020this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3021interface). 3022Specify this entry to enable the 6to4 interface. 3023.It Va stf_interface_ipv4plen 3024.Pq Vt int 3025Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3026An effective value is 0-31. 3027.It Va stf_interface_ipv6_ifid 3028.Pq Vt str 3029IPv6 interface ID for 3030.Xr stf 4 . 3031This can be set to 3032.Dq Li AUTO . 3033.It Va stf_interface_ipv6_slaid 3034.Pq Vt str 3035IPv6 Site Level Aggregator for 3036.Xr stf 4 . 3037.It Va ipv6_ipv4mapping 3038.Pq Vt bool 3039If set to 3040.Dq Li YES 3041this enables IPv4 mapped IPv6 address communication (like 3042.Li ::ffff:a.b.c.d ) . 3043.It Va rtsold_enable 3044.Pq Vt bool 3045Set to 3046.Dq Li YES 3047to enable the 3048.Xr rtsold 8 3049daemon to send ICMPv6 Router Solicitation messages. 3050.It Va rtsold_flags 3051.Pq Vt str 3052If 3053.Va rtsold_enable 3054is set to 3055.Dq Li YES , 3056these are the flags to pass to 3057.Xr rtsold 8 . 3058.It Va rtsol_flags 3059.Pq Vt str 3060For interfaces configured with the 3061.Dq Li inet6 accept_rtadv 3062keyword, these are the flags to pass to 3063.Xr rtsol 8 . 3064.Pp 3065Note that 3066.Va rtsold_enable 3067is mutually exclusive to 3068.Va rtsol_flags ; 3069.Va rtsold_enable 3070takes precedence. 3071.It Va keybell 3072.Pq Vt str 3073The keyboard bell sound. 3074Set to 3075.Dq Li normal , 3076.Dq Li visual , 3077.Dq Li off , 3078or 3079.Dq Li NO 3080if the default behavior is desired. 3081For details, refer to the 3082.Xr kbdcontrol 1 3083manpage. 3084.It Va keyboard 3085.Pq Vt str 3086If set to a non-null string, the virtual console's keyboard input is 3087set to this device. 3088.It Va keymap 3089.Pq Vt str 3090If set to 3091.Dq Li NO , 3092no keymap is installed, otherwise the value is used to install 3093the keymap file found in 3094.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3095(if using 3096.Xr syscons 4 ) or 3097.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3098(if using 3099.Xr vt 4 ) . 3100.It Va keyrate 3101.Pq Vt str 3102The keyboard repeat speed. 3103Set to 3104.Dq Li slow , 3105.Dq Li normal , 3106.Dq Li fast , 3107or 3108.Dq Li NO 3109if the default behavior is desired. 3110.It Va keychange 3111.Pq Vt str 3112If not set to 3113.Dq Li NO , 3114attempt to program the function keys with the value. 3115The value should 3116be a single string of the form: 3117.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3118.It Va cursor 3119.Pq Vt str 3120Can be set to the value of 3121.Dq Li normal , 3122.Dq Li blink , 3123.Dq Li destructive , 3124or 3125.Dq Li NO 3126to set the cursor behavior explicitly or choose the default behavior. 3127.It Va scrnmap 3128.Pq Vt str 3129If set to 3130.Dq Li NO , 3131no screen map is installed, otherwise the value is used to install 3132the screen map file in 3133.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3134This parameter is ignored when using 3135.Xr vt 4 3136as the console driver. 3137.It Va font8x16 3138.Pq Vt str 3139If set to 3140.Dq Li NO , 3141the default 8x16 font value is used for screen size requests, otherwise 3142the value in 3143.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3144or 3145.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3146is used (depending on the console driver being used). 3147.It Va font8x14 3148.Pq Vt str 3149If set to 3150.Dq Li NO , 3151the default 8x14 font value is used for screen size requests, otherwise 3152the value in 3153.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3154or 3155.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3156is used (depending on the console driver being used). 3157.It Va font8x8 3158.Pq Vt str 3159If set to 3160.Dq Li NO , 3161the default 8x8 font value is used for screen size requests, otherwise 3162the value in 3163.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3164or 3165.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3166is used (depending on the console driver being used). 3167.It Va blanktime 3168.Pq Vt int 3169If set to 3170.Dq Li NO , 3171the default screen blanking interval is used, otherwise it is set 3172to 3173.Ar value 3174seconds. 3175.It Va saver 3176.Pq Vt str 3177If not set to 3178.Dq Li NO , 3179this is the actual screen saver to use 3180.Li ( blank , snake , daemon , 3181etc). 3182.It Va moused_nondefault_enable 3183.Pq Vt str 3184If set to 3185.Dq Li NO , 3186the mouse device specified on 3187the command line is not automatically treated as enabled by the 3188.Pa /etc/rc.d/moused 3189script. 3190Having this variable set to 3191.Dq Li YES 3192allows a 3193.Xr usb 4 3194mouse, 3195for example, 3196to be enabled as soon as it is plugged in. 3197.It Va moused_enable 3198.Pq Vt str 3199If set to 3200.Dq Li YES , 3201the 3202.Xr moused 8 3203daemon is started for doing cut/paste selection on the console. 3204.It Va moused_type 3205.Pq Vt str 3206This is the protocol type of the mouse connected to this host. 3207This variable must be set if 3208.Va moused_enable 3209is set to 3210.Dq Li YES . 3211The 3212.Xr moused 8 3213daemon 3214is able to detect the appropriate mouse type automatically in many cases. 3215Set this variable to 3216.Dq Li auto 3217to let the daemon detect it, or 3218select one from the following list if the automatic detection fails. 3219.Pp 3220If the mouse is attached to the PS/2 mouse port, choose 3221.Dq Li auto 3222or 3223.Dq Li ps/2 , 3224regardless of the brand and model of the mouse. 3225Likewise, if the 3226mouse is attached to the bus mouse port, choose 3227.Dq Li auto 3228or 3229.Dq Li busmouse . 3230All other protocols are for serial mice and will not work with 3231the PS/2 and bus mice. 3232If this is a USB mouse, 3233.Dq Li auto 3234is the only protocol type which will work. 3235.Pp 3236.Bl -tag -width ".Li x10mouseremote" -compact 3237.It Li microsoft 3238Microsoft mouse (serial) 3239.It Li intellimouse 3240Microsoft IntelliMouse (serial) 3241.It Li mousesystems 3242Mouse systems Corp.\& mouse (serial) 3243.It Li mmseries 3244MM Series mouse (serial) 3245.It Li logitech 3246Logitech mouse (serial) 3247.It Li busmouse 3248A bus mouse 3249.It Li mouseman 3250Logitech MouseMan and TrackMan (serial) 3251.It Li glidepoint 3252ALPS GlidePoint (serial) 3253.It Li thinkingmouse 3254Kensington ThinkingMouse (serial) 3255.It Li ps/2 3256PS/2 mouse 3257.It Li mmhittab 3258MM HitTablet (serial) 3259.It Li x10mouseremote 3260X10 MouseRemote (serial) 3261.It Li versapad 3262Interlink VersaPad (serial) 3263.El 3264.Pp 3265Even if the mouse is not in the above list, it may be compatible 3266with one in the list. 3267Refer to the manual page for 3268.Xr moused 8 3269for compatibility information. 3270.Pp 3271It should also be noted that while this is enabled, any 3272other client of the mouse (such as an X server) should access 3273the mouse through the virtual mouse device, 3274.Pa /dev/sysmouse , 3275and configure it as a 3276.Dq Li sysmouse 3277type mouse, since all 3278mouse data is converted to this single canonical format when 3279using 3280.Xr moused 8 . 3281If the client program does not support the 3282.Dq Li sysmouse 3283type, 3284specify the 3285.Dq Li mousesystems 3286type. 3287It is the second preferred type. 3288.It Va moused_port 3289.Pq Vt str 3290If 3291.Va moused_enable 3292is set to 3293.Dq Li YES , 3294this is the actual port the mouse is on. 3295It might be 3296.Pa /dev/cuau0 3297for a COM1 serial mouse, or 3298.Pa /dev/psm0 3299for a PS/2 mouse, for example. 3300.It Va moused_flags 3301.Pq Vt str 3302If 3303.Va moused_flags 3304is set, its value is used as an additional set of flags to pass to the 3305.Xr moused 8 3306daemon. 3307.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3308When 3309.Va moused_nondefault_enable 3310is enabled, and a 3311.Xr moused 8 3312daemon is started for a non-default port, the 3313.Va "moused_" Ns Ar XXX Ns Va "_flags" 3314set of options has precedence over and replaces the default 3315.Va moused_flags 3316(where 3317.Ar XXX 3318is the name of the non-default port, i.e.,\& 3319.Ar ums0 ) . 3320By setting 3321.Va "moused_" Ns Ar XXX Ns Va "_flags" 3322it is possible to set up a different set of default flags for each 3323.Xr moused 8 3324instance. 3325For example, you can use 3326.Dq Li "-3" 3327for the default 3328.Va moused_flags 3329to make your laptop's touchpad more comfortable to use, 3330but an empty set of options for 3331.Va moused_ums0_flags 3332when your 3333.Xr usb 4 3334mouse has three or more buttons. 3335.It Va mousechar_start 3336.Pq Vt int 3337If set to 3338.Dq Li NO , 3339the default mouse cursor character range 3340.Li 0xd0 Ns - Ns Li 0xd3 3341is used, 3342otherwise the range start is set 3343to 3344.Ar value 3345character, see 3346.Xr vidcontrol 1 . 3347Use if the default range is occupied in the language code table. 3348.It Va allscreens_flags 3349.Pq Vt str 3350If set, 3351.Xr vidcontrol 1 3352is run with these options for each of the virtual terminals 3353.Pq Pa /dev/ttyv* . 3354For example, 3355.Dq Fl m Cm on 3356will enable the mouse pointer on all virtual terminals 3357if 3358.Va moused_enable 3359is set to 3360.Dq Li YES . 3361.It Va allscreens_kbdflags 3362.Pq Vt str 3363If set, 3364.Xr kbdcontrol 1 3365is run with these options for each of the virtual terminals 3366.Pq Pa /dev/ttyv* . 3367For example, 3368.Dq Fl h Li 200 3369will set the 3370.Xr syscons 4 3371or 3372.Xr vt 4 3373scrollback (history) buffer to 200 lines. 3374.It Va cron_enable 3375.Pq Vt bool 3376If set to 3377.Dq Li YES , 3378run the 3379.Xr cron 8 3380daemon at system boot time. 3381.It Va cron_program 3382.Pq Vt str 3383Path to 3384.Xr cron 8 3385(default 3386.Pa /usr/sbin/cron ) . 3387.It Va cron_flags 3388.Pq Vt str 3389If 3390.Va cron_enable 3391is set to 3392.Dq Li YES , 3393these are the flags to pass to 3394.Xr cron 8 . 3395.It Va cron_dst 3396.Pq Vt bool 3397If set to 3398.Dq Li YES , 3399enable the special handling of transitions to and from the 3400Daylight Saving Time in 3401.Xr cron 8 3402(equivalent to using the flag 3403.Fl s ) . 3404.It Va lpd_program 3405.Pq Vt str 3406Path to 3407.Xr lpd 8 3408(default 3409.Pa /usr/sbin/lpd ) . 3410.It Va lpd_enable 3411.Pq Vt bool 3412If set to 3413.Dq Li YES , 3414run the 3415.Xr lpd 8 3416daemon at system boot time. 3417.It Va lpd_flags 3418.Pq Vt str 3419If 3420.Va lpd_enable 3421is set to 3422.Dq Li YES , 3423these are the flags to pass to the 3424.Xr lpd 8 3425daemon. 3426.It Va chkprintcap_enable 3427.Pq Vt bool 3428If set to 3429.Dq Li YES , 3430run the 3431.Xr chkprintcap 8 3432command before starting the 3433.Xr lpd 8 3434daemon. 3435.It Va chkprintcap_flags 3436.Pq Vt str 3437If 3438.Va lpd_enable 3439and 3440.Va chkprintcap_enable 3441are set to 3442.Dq Li YES , 3443these are the flags to pass to the 3444.Xr chkprintcap 8 3445program. 3446The default is 3447.Dq Li -d , 3448which causes missing directories to be created. 3449.It Va mta_start_script 3450.Pq Vt str 3451This variable specifies the full path to the script to run to start 3452a mail transfer agent. 3453The default is 3454.Pa /etc/rc.sendmail . 3455The 3456.Va sendmail_* 3457variables which 3458.Pa /etc/rc.sendmail 3459uses are documented in the 3460.Xr rc.sendmail 8 3461manual page. 3462.It Va dumpdev 3463.Pq Vt str 3464Indicates the device (usually a swap partition) to which a crash dump 3465should be written in the event of a system crash. 3466If the value of this variable is 3467.Dq Li AUTO , 3468the first suitable swap device listed in 3469.Pa /etc/fstab 3470will be used as dump device. 3471Otherwise, the value of this variable is passed as the argument to 3472.Xr dumpon 8 3473and 3474.Xr savecore 8 . 3475To disable crash dumps, set this variable to 3476.Dq Li NO . 3477.It Va dumpon_flags 3478.Pq Vt str 3479Flags to pass to 3480.Xr dumpon 8 3481when configuring 3482.Va dumpdev 3483as the system dump device. 3484.It Va dumpdir 3485.Pq Vt str 3486When the system reboots after a crash and a crash dump is found on the 3487device specified by the 3488.Va dumpdev 3489variable, 3490.Xr savecore 8 3491will save that crash dump and a copy of the kernel to the directory 3492specified by the 3493.Va dumpdir 3494variable. 3495The default value is 3496.Pa /var/crash . 3497Set to 3498.Dq Li NO 3499to not run 3500.Xr savecore 8 3501at boot time when 3502.Va dumpdir 3503is set. 3504.It Va savecore_enable 3505.Pq Vt bool 3506If set to 3507.Dq Li NO , 3508disable automatic extraction of the crash dump from the 3509.Va dumpdev . 3510.It Va savecore_flags 3511.Pq Vt str 3512If crash dumps are enabled, these are the flags to pass to the 3513.Xr savecore 8 3514utility. 3515.It Va quota_enable 3516.Pq Vt bool 3517Set to 3518.Dq Li YES 3519to turn on user and group disk quotas on system startup via the 3520.Xr quotaon 8 3521command for all file systems marked as having quotas enabled in 3522.Pa /etc/fstab . 3523The kernel must be built with 3524.Cd "options QUOTA" 3525for disk quotas to function. 3526.It Va check_quotas 3527.Pq Vt bool 3528Set to 3529.Dq Li YES 3530to enable user and group disk quota checking via the 3531.Xr quotacheck 8 3532command. 3533.It Va quotacheck_flags 3534.Pq Vt str 3535If 3536.Va quota_enable 3537is set to 3538.Dq Li YES , 3539and 3540.Va check_quotas 3541is set to 3542.Dq Li YES , 3543these are the flags to pass to the 3544.Xr quotacheck 8 3545utility. 3546The default is 3547.Dq Li "-a" , 3548which checks quotas for all file systems with quotas enabled in 3549.Pa /etc/fstab . 3550.It Va quotaon_flags 3551.Pq Vt str 3552If 3553.Va quota_enable 3554is set to 3555.Dq Li YES , 3556these are the flags to pass to the 3557.Xr quotaon 8 3558utility. 3559The default is 3560.Dq Li "-a" , 3561which enables quotas for all file systems with quotas enabled in 3562.Pa /etc/fstab . 3563.It Va quotaoff_flags 3564.Pq Vt str 3565If 3566.Va quota_enable 3567is set to 3568.Dq Li YES , 3569these are the flags to pass to the 3570.Xr quotaoff 8 3571utility when shutting down the quota system. 3572The default is 3573.Dq Li "-a" , 3574which disables quotas for all file systems with quotas enabled in 3575.Pa /etc/fstab . 3576.It Va accounting_enable 3577.Pq Vt bool 3578Set to 3579.Dq Li YES 3580to enable system accounting through the 3581.Xr accton 8 3582facility. 3583.It Va firstboot_sentinel 3584.Pq Vt str 3585This variable specifies the full path to a 3586.Dq first boot 3587sentinel file. 3588If a file exists with this path, 3589.Pa rc.d 3590scripts with the 3591.Dq firstboot 3592keyword will be run on startup and the sentinel file will be deleted 3593after the boot process completes. 3594The sentinel file must be located on a writable file system which is 3595mounted no later than 3596.Va early_late_divider 3597to function properly. 3598The default is 3599.Pa /firstboot . 3600.It Va linux_enable 3601.Pq Vt bool 3602Set to 3603.Dq Li YES 3604to enable Linux/ELF binary emulation at system initial 3605boot time. 3606.It Va sysvipc_enable 3607.Pq Vt bool 3608If set to 3609.Dq Li YES , 3610load System V IPC primitives at boot time. 3611.It Va clear_tmp_enable 3612.Pq Vt bool 3613Set to 3614.Dq Li YES 3615to have 3616.Pa /tmp 3617cleaned at startup. 3618.It Va clear_tmp_X 3619.Pq Vt bool 3620Set to 3621.Dq Li NO 3622to disable removing of X11 lock files, 3623and the removal and (secure) recreation 3624of the various socket directories for X11 3625related programs. 3626.It Va ldconfig_paths 3627.Pq Vt str 3628Set to the list of shared library paths to use with 3629.Xr ldconfig 8 . 3630NOTE: 3631.Pa /lib 3632and 3633.Pa /usr/lib 3634will always be added first, so they need not appear in this list. 3635.It Va ldconfig32_paths 3636.Pq Vt str 3637Set to the list of 32-bit compatibility shared library paths to 3638use with 3639.Xr ldconfig 8 . 3640.It Va ldconfig_insecure 3641.Pq Vt bool 3642The 3643.Xr ldconfig 8 3644utility normally refuses to use directories 3645which are writable by anyone except root. 3646Set this variable to 3647.Dq Li YES 3648to disable that security check during system startup. 3649.It Va ldconfig_local_dirs 3650.Pq Vt str 3651Set to the list of local 3652.Xr ldconfig 8 3653directories. 3654The names of all files in the directories listed will be 3655passed as arguments to 3656.Xr ldconfig 8 . 3657.It Va ldconfig_local32_dirs 3658.Pq Vt str 3659Set to the list of local 32-bit compatibility 3660.Xr ldconfig 8 3661directories. 3662The names of all files in the directories listed will be 3663passed as arguments to 3664.Dq Nm ldconfig Fl 32 . 3665.It Va kern_securelevel_enable 3666.Pq Vt bool 3667Set to 3668.Dq Li YES 3669to set the kernel security level at system startup. 3670.It Va kern_securelevel 3671.Pq Vt int 3672The kernel security level to set at startup. 3673The allowed range of 3674.Ar value 3675ranges from \-1 (the compile time default) to 3 (the 3676most secure). 3677See 3678.Xr security 7 3679for the list of possible security levels and their effect 3680on system operation. 3681.It Va sshd_program 3682.Pq Vt str 3683Path to the SSH server program 3684.Pa ( /usr/sbin/sshd 3685is the default). 3686.It Va sshd_enable 3687.Pq Vt bool 3688Set to 3689.Dq Li YES 3690to start 3691.Xr sshd 8 3692at system boot time. 3693.It Va sshd_flags 3694.Pq Vt str 3695If 3696.Va sshd_enable 3697is set to 3698.Dq Li YES , 3699these are the flags to pass to the 3700.Xr sshd 8 3701daemon. 3702.It Va ftpd_program 3703.Pq Vt str 3704Path to the FTP server program 3705.Pa ( /usr/libexec/ftpd 3706is the default). 3707.It Va ftpd_enable 3708.Pq Vt bool 3709Set to 3710.Dq Li YES 3711to start 3712.Xr ftpd 8 3713as a stand-alone daemon at system boot time. 3714.It Va ftpd_flags 3715.Pq Vt str 3716If 3717.Va ftpd_enable 3718is set to 3719.Dq Li YES , 3720these are the additional flags to pass to the 3721.Xr ftpd 8 3722daemon. 3723.It Va watchdogd_enable 3724.Pq Vt bool 3725If set to 3726.Dq Li YES , 3727start the 3728.Xr watchdogd 8 3729daemon at boot time. 3730This requires that the kernel have been compiled with a 3731.Xr watchdog 4 3732compatible device. 3733.It Va watchdogd_flags 3734.Pq Vt str 3735If 3736.Va watchdogd_enable 3737is set to 3738.Dq Li YES , 3739these are the flags passed to the 3740.Xr watchdogd 8 3741daemon. 3742.It Va watchdogd_timeout 3743.Pq Vt int 3744If 3745.Va watchdogd_enable 3746is set to 3747.Dq Li YES , 3748this is a timeout that will be used by the 3749.Xr watchdogd 8 3750daemon. 3751If this option is set, it overrides 3752.Fl t 3753in 3754.Va watchdogd_flags . 3755.It Va watchdogd_shutdown_timeout 3756.Pq Vt int 3757If 3758.Va watchdogd_enable 3759is set to 3760.Dq Li YES , 3761this is a timeout that will be set by the 3762.Xr watchdogd 8 3763daemon when it exits during the system shutdown. 3764This timeout will not be set when returning to the single-user mode 3765or when the watchdogd service is stopped individually using the 3766.Xr service 8 3767command or the rc.d script. 3768Note that the timeout will be applied if 3769.Xr watchdogd 8 3770is stopped outside of 3771.Xr rc 8 3772framework. 3773If this option is set, it overrides 3774.Fl x 3775in 3776.Va watchdogd_flags . 3777.It Va devfs_rulesets 3778.Pq Vt str 3779List of files containing sets of rules for 3780.Xr devfs 8 . 3781.It Va devfs_system_ruleset 3782.Pq Vt str 3783Rule name(s) to apply to the system 3784.Pa /dev 3785itself. 3786.It Va devfs_set_rulesets 3787.Pq Vt str 3788Pairs of already-mounted 3789.Pa dev 3790directories and rulesets that should be applied to them. 3791For example: /mount/dev=ruleset_name 3792.It Va devfs_load_rulesets 3793.Pq Vt bool 3794If set, always load the default rulesets listed in 3795.Va devfs_rulesets . 3796.It Va performance_cx_lowest 3797.Pq Vt str 3798CPU idle state to use while on AC power. 3799The string 3800.Dq Li LOW 3801indicates that 3802.Xr acpi 4 3803should use the lowest power state available while 3804.Dq Li HIGH 3805indicates that the lowest latency state (less power savings) should be used. 3806.It Va performance_cpu_freq 3807.Pq Vt str 3808CPU clock frequency to use while on AC power. 3809The string 3810.Dq Li LOW 3811indicates that 3812.Xr cpufreq 4 3813should use the lowest frequency available while 3814.Dq Li HIGH 3815indicates that the highest frequency (less power savings) should be used. 3816.It Va economy_cx_lowest 3817.Pq Vt str 3818CPU idle state to use when off AC power. 3819The string 3820.Dq Li LOW 3821indicates that 3822.Xr acpi 4 3823should use the lowest power state available while 3824.Dq Li HIGH 3825indicates that the lowest latency state (less power savings) should be used. 3826.It Va economy_cpu_freq 3827.Pq Vt str 3828CPU clock frequency to use when off AC power. 3829The string 3830.Dq Li LOW 3831indicates that 3832.Xr cpufreq 4 3833should use the lowest frequency available while 3834.Dq Li HIGH 3835indicates that the highest frequency (less power savings) should be used. 3836.It Va jail_enable 3837.Pq Vt bool 3838If set to 3839.Dq Li NO , 3840any configured jails will not be started. 3841.It Va jail_conf 3842.Pq Vt str 3843The configuration filename used by 3844.Xr jail 8 3845utility. 3846The default value is 3847.Pa /etc/jail.conf . 3848.It Va jail_parallel_start 3849.Pq Vt bool 3850If set to 3851.Dq Li YES , 3852all configured jails will be started in the background (in parallel). 3853.It Va jail_flags 3854.Pq Vt str 3855Unset by default. 3856When set, use as default value for 3857.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3858for every jail in 3859.Va jail_list . 3860.It Va jail_list 3861.Pq Vt str 3862A space-delimited list of jail names. 3863When left empty, all of the 3864.Xr jail 8 3865instances defined in the configuration file are started. 3866The names specified in this list control the jail startup order. 3867.Xr jail 8 3868instances missing from 3869.Va jail_list 3870must be started manually. 3871Note that a jail's 3872.Va depend 3873parameter in the configuration file may override this list. 3874.It Va jail_reverse_stop 3875.Pq Vt bool 3876When set to 3877.Dq Li YES , 3878all configured jails in 3879.Va jail_list 3880are stopped in reverse order. 3881.It Va jail_ Ns * variables 3882Note that older releases supported per-jail configuration via 3883.Nm 3884variables. 3885For example, 3886hostname of a jail named 3887.Li vjail 3888was able to be set by 3889.Li jail_vjail_hostname . 3890These per-jail configuration variables are now obsolete in favor of 3891.Xr jail 8 3892configuration file. 3893For backward compatibility, 3894when per-jail configuration variables are defined, 3895.Xr jail 8 3896configuration files are created as 3897.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3898and used. 3899.Pp 3900The following per-jail parameters are handled by 3901.Pa rc.d/jail 3902script out of their corresponding 3903.Nm 3904variables. 3905In addition to them, parameters in 3906.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3907will be added to the configuration file. 3908They must be a semi-colon 3909.Pq Ql \&; 3910delimited list of 3911.Dq key=value . 3912For more details, 3913see 3914.Xr jail 8 3915manual page. 3916.Bl -tag -width "host.hostname" -offset indent 3917.It Li path 3918set from 3919.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3920.It Li host.hostname 3921set from 3922.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3923.It Li exec.consolelog 3924set from 3925.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3926The default value is 3927.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3928.It Li interface 3929set from 3930.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3931.It Li vnet.interface 3932set from 3933.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3934This implies 3935.Li vnet 3936parameter will be enabled and cannot be specified with 3937.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3938.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3939and/or 3940.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3941at the same time. 3942.It Li fstab 3943set from 3944.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3945.It Li mount 3946set from 3947.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3948.It Li exec.fib 3949set from 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3951.It Li exec.start 3952set from 3953.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3954The parameter name was 3955.Li command 3956in some older releases. 3957.It Li exec.prestart 3958set from 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3960.It Li exec.poststart 3961set from 3962.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3963.It Li exec.stop 3964set from 3965.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3966.It Li exec.prestop 3967set from 3968.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3969.It Li exec.poststop 3970set from 3971.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3972.It Li ip4.addr 3973set if 3974.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3975or 3976.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3977contain IPv4 addresses 3978.It Li ip6.addr 3979set if 3980.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3981or 3982.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3983contain IPv6 addresses 3984.It Li allow.mount 3985set from 3986.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3987.It Li mount.devfs 3988set from 3989.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3990.It Li devfs_ruleset 3991set from 3992.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3993This must be an integer, 3994not a string. 3995.It Li mount.fdescfs 3996set from 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3998.It Li allow.set_hostname 3999set from 4000.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4001.It Li allow.rawsocket 4002set from 4003.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4004.It Li allow.sysvipc 4005set from 4006.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4007.El 4008.\" ----------------------------------------------------- 4009.It Va harvest_mask 4010.Pq Vt int 4011Set to a bit-mask 4012representing the entropy sources 4013you wish to harvest. 4014Refer to 4015.Xr random 4 4016for more information. 4017.It Va entropy_dir 4018.Pq Vt str 4019Set to 4020.Dq Li NO 4021to disable caching entropy via 4022.Xr cron 8 . 4023Otherwise set to the directory 4024in which the entropy files are stored. 4025To be useful, 4026there must be 4027a system cron job 4028that regularly writes and rotates 4029files here. 4030All files found 4031will be used at boot time. 4032The default is 4033.Pa /var/db/entropy . 4034.It Va entropy_file 4035.Pq Vt str 4036Set to 4037.Dq Li NO 4038to disable caching entropy through reboots. 4039Otherwise set to the name 4040of a file used to store cached entropy. 4041This file should be located 4042on a file system that is readable 4043before all the volumes specified in 4044.Xr fstab 5 4045are mounted. 4046By default, 4047.Pa /entropy 4048is used, 4049but if 4050.Pa /var/db/entropy-file 4051is found it will also be used. 4052This will be of some use to 4053.Xr bsdinstall 8 . 4054.It Va entropy_boot_file 4055.Pq Vt str 4056Set to 4057.Dq Li NO 4058to disable 4059very early caching entropy 4060through reboots. 4061Otherwise set to the filename 4062used to read 4063very early reboot cached entropy. 4064This file should be located where 4065.Xr loader 8 4066can read it. 4067See also 4068.Xr loader.conf 5 . 4069The default location is 4070.Pa /boot/entropy . 4071.It Va entropy_save_sz 4072.Pq Vt int 4073Size of the entropy cache files saved by 4074.Nm save-entropy 4075periodically. 4076.It Va entropy_save_num 4077.Pq Vt int 4078Number of entropy cache files to save by 4079.Nm save-entropy 4080periodically. 4081.It Va ipsec_enable 4082.Pq Vt bool 4083Set to 4084.Dq Li YES 4085to run 4086.Xr setkey 8 4087on 4088.Va ipsec_file 4089at boot time. 4090.It Va ipsec_file 4091.Pq Vt str 4092Configuration file for 4093.Xr setkey 8 . 4094.It Va dmesg_enable 4095.Pq Vt bool 4096Set to 4097.Dq Li YES 4098to save 4099.Xr dmesg 8 4100to 4101.Pa /var/run/dmesg.boot 4102on boot. 4103.It Va rcshutdown_timeout 4104.Pq Vt int 4105If set, start a watchdog timer in the background which will terminate 4106.Pa rc.shutdown 4107if 4108.Xr shutdown 8 4109has not completed within the specified time (in seconds). 4110Notice that in addition to this soft timeout, 4111.Xr init 8 4112also applies a hard timeout for the execution of 4113.Pa rc.shutdown . 4114This is configured via 4115.Xr sysctl 8 4116variable 4117.Va kern.init_shutdown_timeout 4118and defaults to 120 seconds. 4119Setting the value of 4120.Va rcshutdown_timeout 4121to more than 120 seconds will have no effect until the 4122.Xr sysctl 8 4123variable 4124.Va kern.init_shutdown_timeout 4125is also increased. 4126.It Va virecover_enable 4127.Pq Vt bool 4128Set to 4129.Dq Li NO 4130to prevent the system from trying to 4131recover pre-maturely terminated 4132.Xr vi 1 4133sessions. 4134.It Va ugidfw_enable 4135.Pq Vt bool 4136Set to 4137.Dq Li YES 4138to load the 4139.Xr mac_bsdextended 4 4140module upon system initialization and load a default 4141ruleset file. 4142.It Va bsdextended_script 4143.Pq Vt str 4144The default 4145.Xr mac_bsdextended 4 4146ruleset file to load. 4147The default value of this variable is 4148.Pa /etc/rc.bsdextended . 4149.It Va newsyslog_enable 4150.Pq Vt bool 4151If set to 4152.Dq Li YES , 4153run 4154.Xr newsyslog 8 4155command at startup. 4156.It Va newsyslog_flags 4157.Pq Vt str 4158If 4159.Va newsyslog_enable 4160is set to 4161.Dq Li YES , 4162these are the flags to pass to the 4163.Xr newsyslog 8 4164program. 4165The default is 4166.Dq Li -CN , 4167which causes log files flagged with a 4168.Cm C 4169to be created. 4170.It Va mdconfig_md Ns Aq Ar X 4171.Pq Vt str 4172Arguments to 4173.Xr mdconfig 8 4174for 4175.Xr md 4 4176device 4177.Ar X . 4178At minimum a 4179.Fl t Ar type 4180must be specified and either a 4181.Fl s Ar size 4182for malloc or swap backed 4183.Xr md 4 4184devices or a 4185.Fl f Ar file 4186for vnode backed 4187.Xr md 4 4188devices. 4189Note that 4190.Va mdconfig_md Ns Aq Ar X 4191variables are evaluated until one variable is unset or null. 4192.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4193.Pq Vt str 4194Optional arguments passed to 4195.Xr newfs 8 4196to initialize 4197.Xr md 4 4198device 4199.Ar X . 4200.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4201.Pq Vt str 4202An ownership specification passed to 4203.Xr chown 8 4204after the specified 4205.Xr md 4 4206device 4207.Ar X 4208has been mounted. 4209Both the 4210.Xr md 4 4211device and the mount point will be changed. 4212.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4213.Pq Vt str 4214A mode string passed to 4215.Xr chmod 1 4216after the specified 4217.Xr md 4 4218device 4219.Ar X 4220has been mounted. 4221Both the 4222.Xr md 4 4223device and the mount point will be changed. 4224.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4225.Pq Vt str 4226Files to be copied to the mount point of the 4227.Xr md 4 4228device 4229.Ar X 4230after it has been mounted. 4231.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4232.Pq Vt str 4233Command to execute after the specified 4234.Xr md 4 4235device 4236.Ar X 4237has been mounted. 4238Note that the command is passed to 4239.Ic eval 4240and that both 4241.Va _dev 4242and 4243.Va _mp 4244variables can be used to reference respectively the 4245.Xr md 4 4246device and the mount point. 4247Assuming that the 4248.Xr md 4 4249device is 4250.Li md0 , 4251one could set the following: 4252.Bd -literal 4253mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4254.Ed 4255.It Va autobridge_interfaces 4256.Pq Vt str 4257Set to the list of bridge interfaces that will have newly arriving interfaces 4258checked against to be automatically added. 4259If not set to 4260.Dq Li NO 4261then for each whitespace separated 4262.Ar element 4263in the value, a 4264.Va autobridge_ Ns Aq Ar element 4265variable is assumed to exist which has a whitespace separated list of interface 4266names to match, these names can use wildcards. 4267For example: 4268.Bd -literal 4269autobridge_interfaces="bridge0" 4270autobridge_bridge0="tap* dc0 vlan[345]" 4271.Ed 4272.It Va mixer_enable 4273.Pq Vt bool 4274If set to 4275.Dq Li YES , 4276enable support for sound mixer. 4277.It Va hcsecd_enable 4278.Pq Vt bool 4279If set to 4280.Dq Li YES , 4281enable Bluetooth security daemon. 4282.It Va hcsecd_config 4283.Pq Vt str 4284Configuration file for 4285.Xr hcsecd 8 . 4286Default 4287.Pa /etc/bluetooth/hcsecd.conf . 4288.It Va sdpd_enable 4289.Pq Vt bool 4290If set to 4291.Dq Li YES , 4292enable Bluetooth Service Discovery Protocol daemon. 4293.It Va sdpd_control 4294.Pq Vt str 4295Path to 4296.Xr sdpd 8 4297control socket. 4298Default 4299.Pa /var/run/sdp . 4300.It Va sdpd_groupname 4301.Pq Vt str 4302Sets 4303.Xr sdpd 8 4304group to run as after it initializes. 4305Default 4306.Dq Li nobody . 4307.It Va sdpd_username 4308.Pq Vt str 4309Sets 4310.Xr sdpd 8 4311user to run as after it initializes. 4312Default 4313.Dq Li nobody . 4314.It Va bthidd_enable 4315.Pq Vt bool 4316If set to 4317.Dq Li YES , 4318enable Bluetooth Human Interface Device daemon. 4319.It Va bthidd_config 4320.Pq Vt str 4321Configuration file for 4322.Xr bthidd 8 . 4323Default 4324.Pa /etc/bluetooth/bthidd.conf . 4325.It Va bthidd_hids 4326.Pq Vt str 4327Path to a file, where 4328.Xr bthidd 8 4329will store information about known HID devices. 4330Default 4331.Pa /var/db/bthidd.hids . 4332.It Va rfcomm_pppd_server_enable 4333.Pq Vt bool 4334If set to 4335.Dq Li YES , 4336enable Bluetooth RFCOMM PPP wrapper daemon. 4337.It Va rfcomm_pppd_server_profile 4338.Pq Vt str 4339The name of the profile to use from 4340.Pa /etc/ppp/ppp.conf . 4341Multiple profiles can be specified here. 4342Also used to specify per-profile overrides. 4343When the profile name contains any of the characters 4344.Dq Li .-/+ 4345they are translated to 4346.Dq Li _ 4347for the proposes of the override variable names. 4348.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4349.Pq Vt str 4350Overrides local address to listen on. 4351By default 4352.Xr rfcomm_pppd 8 4353will listen on 4354.Dq Li ANY 4355address. 4356The address can be specified as BD_ADDR or name. 4357.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4358.Pq Vt str 4359Overrides local RFCOMM channel to listen on. 4360By default 4361.Xr rfcomm_pppd 8 4362will listen on RFCOMM channel 1. 4363Must set properly if multiple profiles used in the same time. 4364.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4365.Pq Vt bool 4366Tells 4367.Xr rfcomm_pppd 8 4368if it should register Serial Port service on the specified RFCOMM channel. 4369Default 4370.Dq Li NO . 4371.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4372.Pq Vt bool 4373Tells 4374.Xr rfcomm_pppd 8 4375if it should register Dial-Up Networking service on the specified 4376RFCOMM channel. 4377Default 4378.Dq Li NO . 4379.It Va ubthidhci_enable 4380.Pq Vt bool 4381If set to 4382.Dq Li YES , 4383change the USB Bluetooth controller from HID mode to HCI mode. 4384You also need to specify the location of USB Bluetooth controller with the 4385.Va ubthidhci_busnum 4386and 4387.Va ubthidhci_addr 4388variables. 4389.It Va ubthidhci_busnum 4390Bus number where the USB Bluetooth controller is located. 4391Check the output of 4392.Xr usbconfig 8 4393on your system to find this information. 4394.It Va ubthidhci_addr 4395Bus address of the USB Bluetooth controller. 4396Check the output of 4397.Xr usbconfig 8 4398on your system to find this information. 4399.It Va netwait_enable 4400.Pq Vt bool 4401If set to 4402.Dq Li YES , 4403delays the start of network-reliant services until 4404.Va netwait_if 4405is up and ICMP packets to a destination defined in 4406.Va netwait_ip 4407are flowing. 4408Link state is examined first, followed by 4409.Dq Li pinging 4410an IP address to verify network usability. 4411If no destination can be reached or timeouts are exceeded, 4412network services are started anyway with no guarantee that 4413the network is usable. 4414Use of this variable requires both 4415.Va netwait_ip 4416and 4417.Va netwait_if 4418to be set. 4419.It Va netwait_ip 4420.Pq Vt str 4421Empty by default. 4422This variable contains a space-delimited list of IP addresses to 4423.Xr ping 8 . 4424DNS hostnames should not be used as resolution is not guaranteed 4425to be functional at this point. 4426If multiple IP addresses are specified, 4427each will be tried until one is successful or the list is exhausted. 4428.It Va netwait_timeout 4429.Pq Vt int 4430Indicates the total number of seconds to perform a 4431.Dq Li ping 4432against each IP address in 4433.Va netwait_ip , 4434at a rate of one ping per second. 4435If any of the pings are successful, 4436full network connectivity is considered reliable. 4437The default is 60. 4438.It Va netwait_if 4439.Pq Vt str 4440Empty by default. 4441Defines the name of the network interface on which watch for link. 4442.Xr ifconfig 8 4443is used to monitor the interface, looking for 4444.Dq Li status: no carrier . 4445Once gone, the link is considered up. 4446This can be a 4447.Xr vlan 4 4448interface if desired. 4449.It Va netwait_if_timeout 4450.Pq Vt int 4451Defines the total number of seconds to wait for link to become usable, 4452polled at a 1-second interval. 4453The default is 30. 4454.It Va rctl_enable 4455.Pq Vt bool 4456If set to 4457.Dq Li YES , 4458load 4459.Xr rctl 8 4460rules from the defined ruleset. 4461The kernel must be built with 4462.Cd "options RACCT" 4463and 4464.Cd "options RCTL" . 4465.It Va rctl_rules 4466.Pq Vt str 4467Set to 4468.Pa /etc/rctl.conf 4469by default. 4470This variables contains the 4471.Xr rctl.conf 5 4472ruleset to load for 4473.Xr rctl 8 . 4474.It Va iovctl_files 4475.Pq Vt str 4476A space-separated list of configuration files used by 4477.Xr iovctl 8 . 4478The default value is an empty string. 4479.It Va autofs_enable 4480.Pq Vt bool 4481If set to 4482.Dq Li YES , 4483start the 4484.Xr automount 8 4485utility and the 4486.Xr automountd 8 4487and 4488.Xr autounmountd 8 4489daemons at boot time. 4490.It Va automount_flags 4491.Pq Vt str 4492If 4493.Va autofs_enable 4494is set to 4495.Dq Li YES , 4496these are the flags to pass to the 4497.Xr automount 8 4498program. 4499By default no flags are passed. 4500.It Va automountd_flags 4501.Pq Vt str 4502If 4503.Va autofs_enable 4504is set to 4505.Dq Li YES , 4506these are the flags to pass to the 4507.Xr automountd 8 4508daemon. 4509By default no flags are passed. 4510.It Va autounmountd_flags 4511.Pq Vt str 4512If 4513.Va autofs_enable 4514is set to 4515.Dq Li YES , 4516these are the flags to pass to the 4517.Xr autounmountd 8 4518daemon. 4519By default no flags are passed. 4520.It Va ctld_enable 4521.Pq Vt bool 4522If set to 4523.Dq Li YES , 4524start the 4525.Xr ctld 8 4526daemon at boot time. 4527.It Va iscsid_enable 4528.Pq Vt bool 4529If set to 4530.Dq Li YES , 4531start the 4532.Xr iscsid 8 4533daemon at boot time. 4534.It Va iscsictl_enable 4535.Pq Vt bool 4536If set to 4537.Dq Li YES , 4538start the 4539.Xr iscsictl 8 4540utility at boot time. 4541.It Va iscsictl_flags 4542.Pq Vt str 4543If 4544.Va iscsictl_enable 4545is set to 4546.Dq Li YES , 4547these are the flags to pass to the 4548.Xr iscsictl 8 4549program. 4550The default is 4551.Dq Li -Aa , 4552which configures sessions based on the 4553.Pa /etc/iscsi.conf 4554configuration file. 4555.It Va cfumass_enable 4556.Pq Vt bool 4557If set to 4558.Dq Li YES , 4559create and export an USB LUN using 4560.Xr cfumass 4 4561at boot time. 4562.It Va cfumass_dir 4563.Pq Vt str 4564The directory where the files exported by USB LUN are located. 4565The default directory is 4566.Pa /var/cfumass . 4567.It Va service_delete_empty 4568.Pq Vt bool 4569If set to 4570.Dq Li YES , 4571.Ql Li service delete 4572removes empty 4573.Dq Li rc.conf.d 4574files. 4575.El 4576.Sh FILES 4577.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4578.It Pa /etc/defaults/rc.conf 4579.It Pa /etc/defaults/vendor.conf 4580.It Pa /etc/rc.conf 4581.It Pa /etc/rc.conf.local 4582.El 4583.Sh SEE ALSO 4584.Xr chmod 1 , 4585.Xr gdb 1 , 4586.Xr info 1 , 4587.Xr kbdcontrol 1 , 4588.Xr makewhatis 1 , 4589.Xr sh 1 , 4590.Xr vi 1 , 4591.Xr vidcontrol 1 , 4592.Xr bridge 4 , 4593.Xr dummynet 4 , 4594.Xr ip 4 , 4595.Xr ipf 4 , 4596.Xr ipfw 4 , 4597.Xr ipnat 4 , 4598.Xr kld 4 , 4599.Xr pf 4 , 4600.Xr pflog 4 , 4601.Xr pfsync 4 , 4602.Xr tcp 4 , 4603.Xr udp 4 , 4604.Xr exports 5 , 4605.Xr fstab 5 , 4606.Xr ipf 5 , 4607.Xr ipnat 5 , 4608.Xr jail.conf 5 , 4609.Xr loader.conf 5 , 4610.Xr motd 5 , 4611.Xr newsyslog.conf 5 , 4612.Xr pf.conf 5 , 4613.Xr security 7 , 4614.Xr accton 8 , 4615.Xr amd 8 , 4616.Xr apm 8 , 4617.Xr bsdinstall 8 , 4618.Xr bthidd 8 , 4619.Xr chkprintcap 8 , 4620.Xr chown 8 , 4621.Xr cron 8 , 4622.Xr devfs 8 , 4623.Xr dhclient 8 , 4624.Xr ftpd 8 , 4625.Xr geli 8 , 4626.Xr hcsecd 8 , 4627.Xr ifconfig 8 , 4628.Xr inetd 8 , 4629.Xr iovctl 8 , 4630.Xr ipf 8 , 4631.Xr ipfw 8 , 4632.Xr ipnat 8 , 4633.Xr jail 8 , 4634.Xr kldxref 8 , 4635.Xr loader 8 , 4636.Xr lpd 8 , 4637.Xr mdconfig 8 , 4638.Xr mdmfs 8 , 4639.Xr mixer 8 , 4640.Xr mountd 8 , 4641.Xr moused 8 , 4642.Xr newfs 8 , 4643.Xr newsyslog 8 , 4644.Xr nfsd 8 , 4645.Xr ntpd 8 , 4646.Xr ntpdate 8 , 4647.Xr pfctl 8 , 4648.Xr pflogd 8 , 4649.Xr ping 8 , 4650.Xr powerd 8 , 4651.Xr quotacheck 8 , 4652.Xr quotaon 8 , 4653.Xr rc 8 , 4654.Xr rc.sendmail 8 , 4655.Xr rfcomm_pppd 8 , 4656.Xr route 8 , 4657.Xr routed 8 , 4658.Xr rpc.lockd 8 , 4659.Xr rpc.statd 8 , 4660.Xr rpcbind 8 , 4661.Xr rwhod 8 , 4662.Xr savecore 8 , 4663.Xr sdpd 8 , 4664.Xr service 8 , 4665.Xr sshd 8 , 4666.Xr swapon 8 , 4667.Xr sysctl 8 , 4668.Xr syslogd 8 , 4669.Xr sysrc 8 , 4670.Xr timed 8 , 4671.Xr unbound 8 , 4672.Xr usbconfig 8 , 4673.Xr wlandebug 8 , 4674.Xr yp 8 , 4675.Xr ypbind 8 , 4676.Xr ypserv 8 , 4677.Xr ypset 8 4678.Sh HISTORY 4679The 4680.Nm 4681file appeared in 4682.Fx 2.2.2 . 4683.Sh AUTHORS 4684.An Jordan K. Hubbard . 4685