1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd August 28, 2022 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail-specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/etc/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _fib 196.Pq Vt int 197The 198.Xr setfib 1 199value to run the service under. 200.It Ao Ar name Ac Ns Va _group 201.Pq Vt str 202Run the chrooted service under this system group. 203Unlike the 204.Ao Ar name Ac Ns Va _user 205setting, this setting has no effect if the service is not chrooted. 206.It Ao Ar name Ac Ns Va _limits 207.Pq Vt str 208Resource limits to apply to the service using 209.Xr limits 1 . 210By default, resource limits are based on the login class defined in 211.Ao Ar name Ac Ns Va _login_class . 212.It Ao Ar name Ac Ns Va _login_class 213.Pq Vt str 214Login class to be used with 215.Ao Ar name Ac Ns Va _limits . 216Defaults to 217.Dq Li daemon . 218.It Ao Ar name Ac Ns Va _nice 219.Pq Vt int 220The 221.Xr nice 1 222value to run the service under. 223.It Ao Ar name Ac Ns Va _oomprotect 224.Pq Vt str 225Use 226.Xr protect 1 227to prevent the service from being killed when swap space 228is exhausted. 229Use 230.Dq Li YES 231to protect only the service itself, and 232.Dq Li ALL 233to protect the service and all its child processes. 234.Pp 235Please note that rc scripts which redefine 236.Dl ${argument}_cmd 237.Pq see Xr rc.subr 8 238such as PostgreSQL will not inherit the OOM killer protection. 239.Pp 240This variable has no effect on services running within a 241.Xr jail 8 . 242.It Ao Ar name Ac Ns Va _umask 243.Pq Vt int 244Run the service using this 245.Xr umask 1 246value. 247.It Ao Ar name Ac Ns Va _user 248.Pq Vt str 249Run the service under this user account. 250.It Va apm_enable 251.Pq Vt bool 252If set to 253.Dq Li YES , 254enable support for Automatic Power Management with 255the 256.Xr apm 8 257command. 258.It Va apmd_enable 259.Pq Vt bool 260Run 261.Xr apmd 8 262to handle APM event from userland. 263This also enables support for APM. 264.It Va apmd_flags 265.Pq Vt str 266If 267.Va apmd_enable 268is set to 269.Dq Li YES , 270these are the flags to pass to the 271.Xr apmd 8 272daemon. 273.It Va devd_enable 274.Pq Vt bool 275Run 276.Xr devd 8 277to handle device added, removed or unknown events from the kernel. 278.It Va ddb_enable 279.Pq Vt bool 280Run 281.Xr ddb 8 282to install 283.Xr ddb 4 284scripts at boot time. 285.It Va ddb_config 286.Pq Vt str 287Configuration file for 288.Xr ddb 8 . 289Default 290.Pa /etc/ddb.conf . 291.It Va devmatch_enable 292.Pq Vt bool 293If set to 294.Dq Li NO , 295disable auto-loading of kernel modules with 296.Xr devmatch 8 . 297.It Va devmatch_blocklist 298.Pq Vt str 299A whitespace-separated list of kernel modules to be ignored by 300.Xr devmatch 8 . 301In addition, the 302.Xr kenv 1 303.Va devmatch_blocklist 304is appended to this variable to allow disabling of 305.Xr devmatch 8 306loaded modules from the boot loader. 307.It Va devmatch_blacklist 308.Pq Vt str 309This variable is deprecated. 310Use 311.Va devmatch_blocklist 312instead. 313A whitespace-separated list of kernel modules to be ignored by 314.Xr devmatch 8 . 315.It Va kld_list 316.Pq Vt str 317A whitespace-separated list of kernel modules to load right after 318the local disks are mounted, without any 319.Pa .ko 320extension or path. 321Loading modules at this point in the boot process is 322much faster than doing it via 323.Pa /boot/loader.conf 324for those modules not necessary for mounting local disks. 325.It Va kldxref_enable 326.Pq Vt bool 327Set to 328.Dq Li NO 329by default. 330Set to 331.Dq Li YES 332to automatically rebuild 333.Pa linker.hints 334files with 335.Xr kldxref 8 336at boot time. 337.It Va kldxref_clobber 338.Pq Vt bool 339Set to 340.Dq Li NO 341by default. 342If 343.Va kldxref_enable 344is true, 345setting to 346.Dq Li YES 347will overwrite existing 348.Pa linker.hints 349files at boot time. 350Otherwise, 351only missing 352.Pa linker.hints 353files are generated. 354.It Va kldxref_module_path 355.Pq Vt str 356Empty by default. 357A semi-colon 358.Pq Ql \&; 359delimited list of paths containing 360.Xr kld 4 361modules. 362If empty, 363the contents of the 364.Va kern.module_path 365.Xr sysctl 8 366are used. 367.It Va powerd_enable 368.Pq Vt bool 369If set to 370.Dq Li YES , 371enable the system power control facility with the 372.Xr powerd 8 373daemon. 374.It Va powerd_flags 375.Pq Vt str 376If 377.Va powerd_enable 378is set to 379.Dq Li YES , 380these are the flags to pass to the 381.Xr powerd 8 382daemon. 383.It Va tmpmfs 384Controls the creation of a 385.Pa /tmp 386memory file system. 387Always happens if set to 388.Dq Li YES 389and never happens if set to 390.Dq Li NO . 391If set to anything else, a memory file system is created if 392.Pa /tmp 393is not writable. 394.It Va tmpsize 395Controls the size of a created 396.Pa /tmp 397memory file system. 398.It Va tmpmfs_flags 399Extra options passed to the 400.Xr mdmfs 8 401utility when the memory file system for 402.Pa /tmp 403is created. 404The default is 405.Dq Li "-S" , 406which inhibits the use of softupdates on 407.Pa /tmp 408so that file system space is freed without delay 409after file truncation or deletion. 410See 411.Xr mdmfs 8 412for other options you can use in 413.Va tmpmfs_flags . 414.It Va varmfs 415Controls the creation of a 416.Pa /var 417memory file system. 418Always happens if set to 419.Dq Li YES 420and never happens if set to 421.Dq Li NO . 422If set to anything else, a memory file system is created if 423.Pa /var 424is not writable. 425.It Va varsize 426Controls the size of a created 427.Pa /var 428memory file system. 429.It Va varmfs_flags 430Extra options passed to the 431.Xr mdmfs 8 432utility when the memory file system for 433.Pa /var 434is created. 435The default is 436.Dq Li "-S" , 437which inhibits the use of softupdates on 438.Pa /var 439so that file system space is freed without delay 440after file truncation or deletion. 441See 442.Xr mdmfs 8 443for other options you can use in 444.Va varmfs_flags . 445.It Va populate_var 446Controls the automatic population of the 447.Pa /var 448file system. 449Always happens if set to 450.Dq Li YES 451and never happens if set to 452.Dq Li NO . 453If set to anything else, a memory file system is created if 454.Pa /var 455is not writable. 456Note that this process requires access to certain commands in 457.Pa /usr 458before 459.Pa /usr 460is mounted on normal systems. 461.It Va cleanvar_enable 462.Pq Vt bool 463Clean the 464.Pa /var 465directory. 466.It Va local_startup 467.Pq Vt str 468List of directories to search for startup script files. 469.It Va script_name_sep 470.Pq Vt str 471The field separator to use for breaking down the list of startup script files 472into individual filenames. 473The default is a space. 474It is not necessary to change this unless there are startup scripts with names 475containing spaces. 476.It Va hostapd_enable 477.Pq Vt bool 478Set to 479.Dq Li YES 480to start 481.Xr hostapd 8 482at system boot time. 483.It Va hostname 484.Pq Vt str 485The fully qualified domain name (FQDN) of this host on the network. 486This should almost certainly be set to something meaningful, even if 487there is no network connection. 488If 489.Xr dhclient 8 490is used to set the hostname via DHCP, 491this variable should be set to an empty string. 492Within a 493.Xr jail 8 494the hostname is generally already set and this variable may be absent. 495If this value remains unset when the system is done booting 496your console login will display the default hostname of 497.Dq Amnesiac . 498.It Va nisdomainname 499.Pq Vt str 500The NIS domain name of this host, or 501.Dq Li NO 502if NIS is not used. 503.It Va dhclient_program 504.Pq Vt str 505Path to the DHCP client program 506.Pa ( /sbin/dhclient , 507the 508.Ox 509DHCP client, 510is the default). 511.It Va dhclient_flags 512.Pq Vt str 513Additional flags to pass to the DHCP client program. 514For the 515.Ox 516DHCP client, see the 517.Xr dhclient 8 518manpage for a description of the command line options available. 519.It Va dhclient_flags_ Ns Aq Ar iface 520Additional flags to pass to the DHCP client program running on 521.Ar iface 522only. 523When specified, this variable overrides 524.Va dhclient_flags . 525.It Va background_dhclient 526.Pq Vt bool 527Set to 528.Dq Li YES 529to start the DHCP client in background. 530This can cause trouble with applications depending on 531a working network, but it will provide a faster startup 532in many cases. 533.It Va background_dhclient_ Ns Aq Ar iface 534When specified, this variable overrides the 535.Va background_dhclient 536variable for interface 537.Ar iface 538only. 539.It Va synchronous_dhclient 540.Pq Vt bool 541Set to 542.Dq Li YES 543to start 544.Xr dhclient 8 545synchronously at startup. 546This behavior can be overridden on a per-interface basis by replacing 547the 548.Dq Li DHCP 549keyword in the 550.Va ifconfig_ Ns Aq Ar interface 551variable with 552.Dq Li SYNCDHCP 553or 554.Dq Li NOSYNCDHCP . 555.It Va defaultroute_delay 556.Pq Vt int 557When set to a positive value, wait up to this long after configuring 558DHCP interfaces at startup to give the interfaces time to receive a lease. 559.It Va firewall_enable 560.Pq Vt bool 561Set to 562.Dq Li YES 563to load firewall rules at startup. 564If the kernel was not built with 565.Cd "options IPFIREWALL" , 566the 567.Pa ipfw.ko 568kernel module will be loaded. 569See also 570.Va ipfilter_enable . 571.It Va firewall_script 572.Pq Vt str 573This variable specifies the full path to the firewall script to run. 574The default is 575.Pa /etc/rc.firewall . 576.It Va firewall_type 577.Pq Vt str 578Names the firewall type from the selection in 579.Pa /etc/rc.firewall , 580or the file which contains the local firewall ruleset. 581Valid selections from 582.Pa /etc/rc.firewall 583are: 584.Pp 585.Bl -tag -width ".Li workstation" -compact 586.It Li open 587unrestricted IP access 588.It Li closed 589all IP services disabled, except via 590.Dq Li lo0 591.It Li client 592basic protection for a workstation 593.It Li workstation 594basic protection for a workstation using stateful firewalling 595.It Li simple 596basic protection for a LAN. 597.El 598.Pp 599If a filename is specified, the full path 600must be given. 601.Pp 602Most of the predefined rulesets define additional configuration variables. 603These are documented in 604.Pa /etc/rc.firewall . 605.It Va firewall_quiet 606.Pq Vt bool 607Set to 608.Dq Li YES 609to disable the display of firewall rules on the console during boot. 610.It Va firewall_logging 611.Pq Vt bool 612Set to 613.Dq Li YES 614to enable firewall event logging. 615This is equivalent to the 616.Dv IPFIREWALL_VERBOSE 617kernel option. 618.It Va firewall_logif 619.Pq Vt bool 620Set to 621.Dq Li YES 622to create pseudo interface 623.Li ipfw0 624for logging. 625For more details, see 626.Xr ipfw 8 627manual page. 628.It Va firewall_flags 629.Pq Vt str 630Flags passed to 631.Xr ipfw 8 632if 633.Va firewall_type 634specifies a filename. 635.It Va firewall_coscripts 636.Pq Vt str 637List of executables and/or rc scripts to run after firewall starts/stops. 638Default is empty. 639.\" ----- firewall_nat_enable setting -------------------------------- 640.It Va firewall_nat_enable 641.Pq Vt bool 642The 643.Xr ipfw 8 644equivalent of 645.Va natd_enable . 646Setting this to 647.Dq Li YES 648will automatically load the 649.Xr ipfw 8 650NAT kernel module if 651.Va firewall_enable 652is also set to 653.Dq Li YES . 654.It Va firewall_nat_interface 655.Pq Vt str 656The 657.Xr ipfw 8 658equivalent of 659.Va natd_interface . 660This is the name of the public interface or IP address on which 661kernel NAT should run. 662.It Va firewall_nat_flags 663.Pq Vt str 664Additional configuration parameters for kernel NAT should be placed here. 665.It Va firewall_nat64_enable 666.Pq Vt bool 667Setting this to 668.Dq Li YES 669will automatically load the 670.Xr ipfw 8 671NAT64 kernel module if 672.Va firewall_enable 673is also set to 674.Dq Li YES . 675.It Va firewall_nptv6_enable 676.Pq Vt bool 677Setting this to 678.Dq Li YES 679will automatically load the 680.Xr ipfw 8 681NPTv6 kernel module if 682.Va firewall_enable 683is also set to 684.Dq Li YES . 685.It Va firewall_pmod_enable 686.Pq Vt bool 687Setting this to 688.Dq Li YES 689will automatically load the 690.Xr ipfw 8 691pmod kernel module if 692.Va firewall_enable 693is also set to 694.Dq Li YES . 695.It Va dummynet_enable 696.Pq Vt bool 697Setting this to 698.Dq Li YES 699will automatically load the 700.Xr dummynet 4 701module if 702.Va firewall_enable 703is also set to 704.Dq Li YES . 705.\" ------------------------------------------------------------------- 706.It Va ipfw_netflow_enable 707.Pq Vt bool 708Setting this to 709.Dq Li YES 710will enable netflow logging via 711.Xr ng_netflow 4 712.Pp 713By default a ipfw rule is inserted and all packets are duplicated with 714the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 715port using protocol version 5. 716.It Va ipfw_netflow_hook 717.Pq Vt int 718netflow hook name, must be numerical 719(default 720.Pa 9995 ) . 721.It Va ipfw_netflow_rule 722.Pq Vt int 723ipfw rule number 724(default 725.Pa 1000 ) . 726.It Va ipfw_netflow_ip 727.Pq Vt str 728Destination server ip for receiving netflow data 729(default 730.Pa 127.0.0.1 ) . 731.It Va ipfw_netflow_port 732.Pq Vt int 733Destination server port for receiving netflow data 734(default 735.Pa 9995 ) . 736.It Va ipfw_netflow_version 737.Pq Vt int 738Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 739.It Va ipfw_netflow_fib 740.Pq Vt int 741Only match packet in FIB 742.Pa ipfw_netflow_fib 743(default is undefined meaning all FIBs). 744.It Va natd_program 745.Pq Vt str 746Path to 747.Xr natd 8 . 748.It Va natd_enable 749.Pq Vt bool 750Set to 751.Dq Li YES 752to enable 753.Xr natd 8 . 754.Va firewall_enable 755must also be set to 756.Dq Li YES , 757and 758.Xr divert 4 759sockets must be enabled in the kernel. 760If the kernel was not built with 761.Cd "options IPDIVERT" , 762the 763.Pa ipdivert.ko 764kernel module will be loaded. 765.It Va natd_interface 766.Pq Vt str 767This is the name of the public interface on which 768.Xr natd 8 769should run. 770The interface may be given as an interface name or as an IP address. 771.It Va natd_flags 772.Pq Vt str 773Additional 774.Xr natd 8 775flags should be placed here. 776The 777.Fl n 778or 779.Fl a 780flag is automatically added with the above 781.Va natd_interface 782as an argument. 783.\" ----- ipfilter_enable setting -------------------------------- 784.It Va ipfilter_enable 785.Pq Vt bool 786Set to 787.Dq Li NO 788by default. 789Setting this to 790.Dq Li YES 791enables 792.Xr ipf 8 793packet filtering. 794.Pp 795Typical usage will require putting 796.Bd -literal 797ipfilter_enable="YES" 798ipnat_enable="YES" 799ipmon_enable="YES" 800ipfs_enable="YES" 801.Ed 802.Pp 803into 804.Pa /etc/rc.conf 805and editing 806.Pa /etc/ipf.rules 807and 808.Pa /etc/ipnat.rules 809appropriately. 810.Pp 811Note that 812.Va ipfilter_enable 813and 814.Va ipnat_enable 815can be enabled independently. 816.Va ipmon_enable 817and 818.Va ipfs_enable 819both require at least one of 820.Va ipfilter_enable 821and 822.Va ipnat_enable 823to be enabled. 824.Pp 825Having 826.Bd -literal 827options IPFILTER 828options IPFILTER_LOG 829options IPFILTER_DEFAULT_BLOCK 830.Ed 831.Pp 832in the kernel configuration file is a good idea, too. 833.\" ----- ipfilter_program setting ------------------------------ 834.It Va ipfilter_program 835.Pq Vt str 836Path to 837.Xr ipf 8 838(default 839.Pa /sbin/ipf ) . 840.\" ----- ipfilter_rules setting -------------------------------- 841.It Va ipfilter_rules 842.Pq Vt str 843Set to 844.Pa /etc/ipf.rules 845by default. 846This variable contains the name of the filter rule definition file. 847The file is expected to be readable for the 848.Xr ipf 8 849command to execute. 850.\" ----- ipfilter_flags setting -------------------------------- 851.It Va ipfilter_flags 852.Pq Vt str 853Empty by default. 854This variable contains flags passed to the 855.Xr ipf 8 856program. 857.\" ----- ipnat_enable setting ---------------------------------- 858.It Va ipnat_enable 859.Pq Vt bool 860Set to 861.Dq Li NO 862by default. 863Set it to 864.Dq Li YES 865to enable 866.Xr ipnat 8 867network address translation. 868See 869.Va ipfilter_enable 870for a detailed discussion. 871.\" ----- ipnat_program setting --------------------------------- 872.It Va ipnat_program 873.Pq Vt str 874Path to 875.Xr ipnat 8 876(default 877.Pa /sbin/ipnat ) . 878.\" ----- ipnat_rules setting ----------------------------------- 879.It Va ipnat_rules 880.Pq Vt str 881Set to 882.Pa /etc/ipnat.rules 883by default. 884This variable contains the name of the file 885holding the network address translation definition. 886This file is expected to be readable for the 887.Xr ipnat 8 888command to execute. 889.\" ----- ipnat_flags setting ----------------------------------- 890.It Va ipnat_flags 891.Pq Vt str 892Empty by default. 893This variable contains flags passed to the 894.Xr ipnat 8 895program. 896.\" ----- ipmon_enable setting ---------------------------------- 897.It Va ipmon_enable 898.Pq Vt bool 899Set to 900.Dq Li NO 901by default. 902Set it to 903.Dq Li YES 904to enable 905.Xr ipmon 8 906monitoring (logging 907.Xr ipf 8 908and 909.Xr ipnat 8 910events). 911Setting this variable needs setting 912.Va ipfilter_enable 913or 914.Va ipnat_enable 915too. 916See 917.Va ipfilter_enable 918for a detailed discussion. 919.\" ----- ipmon_program setting --------------------------------- 920.It Va ipmon_program 921.Pq Vt str 922Path to 923.Xr ipmon 8 924(default 925.Pa /sbin/ipmon ) . 926.\" ----- ipmon_flags setting ----------------------------------- 927.It Va ipmon_flags 928.Pq Vt str 929Set to 930.Dq Li -Ds 931by default. 932This variable contains flags passed to the 933.Xr ipmon 8 934program. 935Another typical example would be 936.Dq Fl D Pa /var/log/ipflog 937to have 938.Xr ipmon 8 939log directly to a file bypassing 940.Xr syslogd 8 . 941Make sure to adjust 942.Pa /etc/newsyslog.conf 943in such case like this: 944.Bd -literal 945/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 946.Ed 947.\" ----- ipfs_enable setting ----------------------------------- 948.It Va ipfs_enable 949.Pq Vt bool 950Set to 951.Dq Li NO 952by default. 953Set it to 954.Dq Li YES 955to enable 956.Xr ipfs 8 957saving the filter and NAT state tables during shutdown 958and reloading them during startup again. 959Setting this variable needs setting 960.Va ipfilter_enable 961or 962.Va ipnat_enable 963to 964.Dq Li YES 965too. 966See 967.Va ipfilter_enable 968for a detailed discussion. 969Note that if 970.Va kern_securelevel 971is set to 3, 972.Va ipfs_enable 973cannot be used 974because the raised securelevel will prevent 975.Xr ipfs 8 976from saving the state tables at shutdown time. 977.\" ----- ipfs_program setting ---------------------------------- 978.It Va ipfs_program 979.Pq Vt str 980Path to 981.Xr ipfs 8 982(default 983.Pa /sbin/ipfs ) . 984.\" ----- ipfs_flags setting ------------------------------------ 985.It Va ipfs_flags 986.Pq Vt str 987Empty by default. 988This variable contains flags passed to the 989.Xr ipfs 8 990program. 991.\" ----- end of added ipf hook --------------------------------- 992.It Va pf_enable 993.Pq Vt bool 994Set to 995.Dq Li NO 996by default. 997Setting this to 998.Dq Li YES 999enables 1000.Xr pf 4 1001packet filtering. 1002.Pp 1003Typical usage will require putting 1004.Pp 1005.Dl pf_enable="YES" 1006.Pp 1007into 1008.Pa /etc/rc.conf 1009and editing 1010.Pa /etc/pf.conf 1011appropriately. 1012Adding 1013.Pp 1014.Dl "device pf" 1015.Pp 1016builds support for 1017.Xr pf 4 1018into the kernel, otherwise the 1019kernel module will be loaded. 1020.It Va pf_rules 1021.Pq Vt str 1022Path to 1023.Xr pf 4 1024ruleset configuration file 1025(default 1026.Pa /etc/pf.conf ) . 1027.It Va pf_program 1028.Pq Vt str 1029Path to 1030.Xr pfctl 8 1031(default 1032.Pa /sbin/pfctl ) . 1033.It Va pf_flags 1034.Pq Vt str 1035If 1036.Va pf_enable 1037is set to 1038.Dq Li YES , 1039these flags are passed to the 1040.Xr pfctl 8 1041program when loading the ruleset. 1042.It Va pf_fallback_rules_enable 1043.Pq Vt bool 1044Set to 1045.Dq Li NO 1046by default. 1047Setting this to 1048.Dq Li YES 1049enables loading 1050.Va pf_fallback_rules_file 1051or 1052.Va pf_fallback_rules 1053in case of a problem when loading the ruleset in 1054.Va pf_rules . 1055.It Va pf_fallback_rules_file 1056.Pq Vt str 1057Path to a pf ruleset to load in case of failure when loading the 1058ruleset in 1059.Va pf_rules 1060(default 1061.Pa /etc/pf-fallback.conf ) . 1062.It Va pf_fallback_rules 1063.Pq Vt str 1064A pf ruleset to load in case of failure when loading the ruleset in 1065.Va pf_rules 1066and 1067.Va pf_fallback_rules_file 1068is not found. 1069Multiple rules can be set as follows: 1070.Bd -literal 1071pf_fallback_rules="\\ 1072 block drop log all\\ 1073 pass in quick on em0" 1074.Pp 1075.Ed 1076The default fallback rule is 1077.Dq block drop log all 1078.It Va pflog_enable 1079.Pq Vt bool 1080Set to 1081.Dq Li NO 1082by default. 1083Setting this to 1084.Dq Li YES 1085enables 1086.Xr pflogd 8 1087which logs packets from the 1088.Xr pf 4 1089packet filter. 1090.It Va pflog_logfile 1091.Pq Vt str 1092If 1093.Va pflog_enable 1094is set to 1095.Dq Li YES 1096this controls where 1097.Xr pflogd 8 1098stores the logfile 1099(default 1100.Pa /var/log/pflog ) . 1101Check 1102.Pa /etc/newsyslog.conf 1103to adjust logfile rotation for this. 1104.It Va pflog_program 1105.Pq Vt str 1106Path to 1107.Xr pflogd 8 1108(default 1109.Pa /sbin/pflogd ) . 1110.It Va pflog_flags 1111.Pq Vt str 1112Empty by default. 1113This variable contains additional flags passed to the 1114.Xr pflogd 8 1115program. 1116.It Va pflog_instances 1117.Pq Vt str 1118If logging to more than one 1119.Xr pflog 4 1120interface is desired, 1121.Va pflog_instances 1122is set to the list of 1123.Xr pflogd 8 1124instances that should be started at system boot time. 1125If 1126.Va pflog_instances 1127is set, for each whitespace-separated 1128.Ar element 1129in the list, 1130.Ao Ar element Ac Ns Va _dev 1131and 1132.Ao Ar element Ac Ns Va _logfile 1133elements are assumed to exist. 1134.Ao Ar element Ac Ns Va _dev 1135must contain the 1136.Xr pflog 4 1137interface to be watched by the named 1138.Xr pflogd 8 1139instance. 1140.Ao Ar element Ac Ns Va _logfile 1141must contain the name of the logfile that will be used by the 1142.Xr pflogd 8 1143instance. 1144.It Va ftpproxy_enable 1145.Pq Vt bool 1146Set to 1147.Dq Li NO 1148by default. 1149Setting this to 1150.Dq Li YES 1151enables 1152.Xr ftp-proxy 8 1153which supports the 1154.Xr pf 4 1155packet filter in translating ftp connections. 1156.It Va ftpproxy_flags 1157.Pq Vt str 1158Empty by default. 1159This variable contains additional flags passed to the 1160.Xr ftp-proxy 8 1161program. 1162.It Va ftpproxy_instances 1163.Pq Vt str 1164Empty by default. 1165If multiple instances of 1166.Xr ftp-proxy 8 1167are desired at boot time, 1168.Va ftpproxy_instances 1169should contain a whitespace-separated list of instance names. 1170For each 1171.Ar element 1172in the list, a variable named 1173.Ao Ar element Ac Ns Va _flags 1174should be defined, containing the command-line flags to be passed to the 1175.Xr ftp-proxy 8 1176instance. 1177.It Va pfsync_enable 1178.Pq Vt bool 1179Set to 1180.Dq Li NO 1181by default. 1182Setting this to 1183.Dq Li YES 1184enables exposing 1185.Xr pf 4 1186state changes to other hosts over the network by means of 1187.Xr pfsync 4 . 1188The 1189.Va pfsync_syncdev 1190variable 1191must also be set then. 1192.It Va pfsync_syncdev 1193.Pq Vt str 1194Empty by default. 1195This variable specifies the name of the network interface 1196.Xr pfsync 4 1197should operate through. 1198It must be set accordingly if 1199.Va pfsync_enable 1200is set to 1201.Dq Li YES . 1202.It Va pfsync_syncpeer 1203.Pq Vt str 1204Empty by default. 1205This variable is optional. 1206By default, state change messages are sent out on the synchronisation 1207interface using IP multicast packets. 1208The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1209224.0.0.240. 1210When a peer address is specified using the 1211.Va pfsync_syncpeer 1212option, the peer address is used as a destination for the pfsync 1213traffic, and the traffic can then be protected using 1214.Xr ipsec 4 . 1215See the 1216.Xr pfsync 4 1217manpage for more details about using 1218.Xr ipsec 4 1219with 1220.Xr pfsync 4 1221interfaces. 1222.It Va pfsync_ifconfig 1223.Pq Vt str 1224Empty by default. 1225This variable can contain additional options to be passed to the 1226.Xr ifconfig 8 1227command used to set up 1228.Xr pfsync 4 . 1229.It Va tcp_extensions 1230.Pq Vt bool 1231Set to 1232.Dq Li YES 1233by default. 1234Setting this to 1235.Dq Li NO 1236disables certain TCP options as described by 1237.Rs 1238.%T "RFC 1323" 1239.Re 1240Setting this to 1241.Dq Li NO 1242might help remedy such problems with connections as randomly hanging 1243or other weird behavior. 1244Some network devices are known 1245to be broken with respect to these options. 1246.It Va log_in_vain 1247.Pq Vt int 1248Set to 0 by default. 1249The 1250.Xr sysctl 8 1251variables, 1252.Va net.inet.tcp.log_in_vain 1253and 1254.Va net.inet.udp.log_in_vain , 1255as described in 1256.Xr tcp 4 1257and 1258.Xr udp 4 , 1259are set to the given value. 1260.It Va tcp_keepalive 1261.Pq Vt bool 1262Set to 1263.Dq Li YES 1264by default. 1265Setting to 1266.Dq Li NO 1267will disable probing idle TCP connections to verify that the 1268peer is still up and reachable. 1269.It Va tcp_drop_synfin 1270.Pq Vt bool 1271Set to 1272.Dq Li NO 1273by default. 1274Setting to 1275.Dq Li YES 1276will cause the kernel to ignore TCP frames that have both 1277the SYN and FIN flags set. 1278This prevents OS fingerprinting, but may 1279break some legitimate applications. 1280.It Va icmp_drop_redirect 1281.Pq Vt bool 1282Set to 1283.Dq Li AUTO 1284by default. 1285This setting will be identical to 1286.Dq Li YES , 1287if a dynamicrouting daemon is enabled, because redirect processing may 1288cause performance issues for large routing tables. 1289If no such service is enabled, this setting behaves like a 1290.Dq Li NO . 1291Setting to 1292.Dq Li YES 1293will cause the kernel to ignore ICMP REDIRECT packets. 1294Setting to 1295.Dq Li NO 1296will cause the kernel to process ICMP REDIRECT packets. 1297Refer to 1298.Xr icmp 4 1299for more information. 1300.It Va icmp_log_redirect 1301.Pq Vt bool 1302Set to 1303.Dq Li NO 1304by default. 1305Setting to 1306.Dq Li YES 1307will cause the kernel to log ICMP REDIRECT packets. 1308Note that 1309the log messages are not rate-limited, so this option should only be used 1310for troubleshooting networks. 1311Refer to 1312.Xr icmp 4 1313for more information. 1314.It Va icmp_bmcastecho 1315.Pq Vt bool 1316Set to 1317.Dq Li YES 1318to respond to broadcast or multicast ICMP ping packets. 1319Refer to 1320.Xr icmp 4 1321for more information. 1322.It Va ip_portrange_first 1323.Pq Vt int 1324If not set to 1325.Dq Li NO , 1326this is the first port in the default portrange. 1327Refer to 1328.Xr ip 4 1329for more information. 1330.It Va ip_portrange_last 1331.Pq Vt int 1332If not set to 1333.Dq Li NO , 1334this is the last port in the default portrange. 1335Refer to 1336.Xr ip 4 1337for more information. 1338.It Va network_interfaces 1339.Pq Vt str 1340Set to the list of network interfaces to configure on this host or 1341.Dq Li AUTO 1342(the default) for all current interfaces. 1343Setting the 1344.Va network_interfaces 1345variable to anything other than the default is deprecated. 1346Interfaces that the administrator wishes to store configuration for, 1347but not start at boot should be configured with the 1348.Dq Li NOAUTO 1349keyword in their 1350.Va ifconfig_ Ns Aq Ar interface 1351variables as described below. 1352.Pp 1353An 1354.Va ifconfig_ Ns Aq Ar interface 1355variable is also assumed to exist for each value of 1356.Ar interface . 1357When an interface name contains any of the characters 1358.Dq Li .-/+ 1359they are translated to 1360.Dq Li _ 1361before lookup. 1362The variable can contain arguments to 1363.Xr ifconfig 8 , 1364as well as special case-insensitive keywords described below. 1365Such keywords are removed before passing the value to 1366.Xr ifconfig 8 1367while the order of the other arguments is preserved. 1368.Pp 1369It is possible to add IP alias entries using 1370.Xr ifconfig 8 1371syntax with the address family keyword such as 1372.Li inet . 1373Assuming that the interface in question was 1374.Li em0 , 1375it might look something like this: 1376.Bd -literal 1377ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1378ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1379.Ed 1380.Pp 1381It also possible to configure multiple IP addresses in Classless 1382Inter-Domain Routing 1383.Pq CIDR 1384address notation, 1385whose each address component can be a range like 1386.Li inet 192.0.2.5-23/24 1387or 1388.Li inet6 2001:db8:1-f::1/64 . 1389This notation allows address and prefix length part only, 1390not the other address modifiers. 1391Note that the maximum number of the generated addresses from a range 1392specification is limited to an integer value specified in 1393.Va netif_ipexpand_max 1394in 1395.Nm 1396because a small typo can unexpectedly generate a large number of addresses. 1397The default value is 1398.Li 2048 . 1399It can be increased by adding the following line into 1400.Nm : 1401.Bd -literal 1402netif_ipexpand_max="4096" 1403.Ed 1404.Pp 1405In the case of 1406.Li 192.0.2.5-23/24 , 1407the address 192.0.2.5 will be configured with the 1408netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1409the non-conflicting netmask /32 as explained in the 1410.Xr ifconfig 8 1411alias section. 1412Note that this special netmask handling is only for 1413.Li inet , 1414not for the other address families such as 1415.Li inet6 . 1416.Pp 1417With the interface in question being 1418.Li em0 , 1419an example could look like: 1420.Bd -literal 1421ifconfig_em0_alias2="inet 192.0.2.129/27" 1422ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1423.Ed 1424.Pp 1425and so on. 1426.Pp 1427Note that deprecated 1428.Va ipv4_addrs_ Ns Aq Ar interface 1429variable was supported for IPv4 CIDR address notation. 1430The 1431.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1432variable replaces it, though 1433.Va ipv4_addrs_ Ns Aq Ar interface 1434is still supported for backward compatibility. 1435.Pp 1436For each 1437.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1438entry with an address family keyword, 1439its contents are passed to 1440.Xr ifconfig 8 . 1441Execution stops at the first unsuccessful access, so if 1442something like this is present: 1443.Bd -literal 1444ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1445ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1446ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1447ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1448.Ed 1449.Pp 1450Then note that alias4 would 1451.Em not 1452be added since the search would 1453stop with the missing 1454.Dq Li alias3 1455entry. 1456Because of this difficult to manage behavior, 1457there is 1458.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1459variable, which has the same functionality as 1460.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1461and can have all of entries in a variable like the following: 1462.Bd -literal 1463ifconfig_em0_aliases="\\ 1464 inet 127.0.0.251 netmask 0xffffffff \\ 1465 inet 127.0.0.252 netmask 0xffffffff \\ 1466 inet 127.0.0.253 netmask 0xffffffff \\ 1467 inet 127.0.0.254 netmask 0xffffffff" 1468.Ed 1469.Pp 1470It also supports CIDR notation. 1471.Pp 1472If the 1473.Pa /etc/start_if . Ns Aq Ar interface 1474file is present, it is read and executed by the 1475.Xr sh 1 1476interpreter 1477before configuring the interface as specified in the 1478.Va ifconfig_ Ns Aq Ar interface 1479and 1480.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1481variables. 1482.Pp 1483If a 1484.Va vlans_ Ns Aq Ar interface 1485variable is set, 1486a 1487.Xr vlan 4 1488interface will be created for each item in the list with the 1489.Ar vlandev 1490argument set to 1491.Ar interface . 1492If a vlan interface's name is a number, 1493then that number is used as the vlan tag and the new vlan interface is 1494named 1495.Ar interface . Ns Ar tag . 1496Otherwise, 1497the vlan tag must be specified via a 1498.Va vlan 1499parameter in the 1500.Va create_args_ Ns Aq Ar interface 1501variable. 1502.Pp 1503To create a vlan device named 1504.Li em0.101 1505on 1506.Li em0 1507with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1508.Bd -literal 1509vlans_em0="101" 1510ifconfig_em0_101="inet 192.0.2.1/24" 1511.Ed 1512.Pp 1513To create a vlan device named 1514.Li myvlan 1515on 1516.Li em0 1517with the vlan tag 102: 1518.Bd -literal 1519vlans_em0="myvlan" 1520create_args_myvlan="vlan 102" 1521.Ed 1522.Pp 1523If a 1524.Va wlans_ Ns Aq Ar interface 1525variable is set, 1526an 1527.Xr wlan 4 1528interface will be created for each item in the list with the 1529.Ar wlandev 1530argument set to 1531.Ar interface . 1532Further wlan cloning arguments may be passed to the 1533.Xr ifconfig 8 1534.Cm create 1535command by setting the 1536.Va create_args_ Ns Aq Ar interface 1537variable. 1538One or more 1539.Xr wlan 4 1540devices must be created for each wireless devices as of 1541.Fx 8.0 . 1542Debugging flags for 1543.Xr wlan 4 1544devices as set by 1545.Xr wlandebug 8 1546may be specified with an 1547.Va wlandebug_ Ns Aq Ar interface 1548variable. 1549The contents of this variable will be passed directly to 1550.Xr wlandebug 8 . 1551.Pp 1552If the 1553.Va ifconfig_ Ns Aq Ar interface 1554contains the keyword 1555.Dq Li NOAUTO 1556then the interface will not be configured 1557at boot or by 1558.Pa /etc/pccard_ether 1559when 1560.Va network_interfaces 1561is set to 1562.Dq Li AUTO . 1563.Pp 1564It is possible to bring up an interface with DHCP by adding 1565.Dq Li DHCP 1566to the 1567.Va ifconfig_ Ns Aq Ar interface 1568variable. 1569For instance, to initialize the 1570.Li em0 1571device via DHCP, 1572it is possible to use something like: 1573.Bd -literal 1574ifconfig_em0="DHCP" 1575.Ed 1576.Pp 1577If you want to configure your wireless interface with 1578.Xr wpa_supplicant 8 1579for use with WPA, EAP/LEAP or WEP, you need to add 1580.Dq Li WPA 1581to the 1582.Va ifconfig_ Ns Aq Ar interface 1583variable. 1584.Pp 1585On the other hand, if you want to configure your wireless interface with 1586.Xr hostapd 8 , 1587you need to add 1588.Dq Li HOSTAP 1589to the 1590.Va ifconfig_ Ns Aq Ar interface 1591variable. 1592.Xr hostapd 8 1593will use the settings from 1594.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1595.Pp 1596Finally, you can add 1597.Xr ifconfig 8 1598options in this variable, in addition to the 1599.Pa /etc/start_if . Ns Aq Ar interface 1600file. 1601For instance, to configure an 1602.Xr ath 4 1603wireless device in station mode with an address obtained 1604via DHCP, using WPA authentication and 802.11b mode, it is 1605possible to use something like: 1606.Bd -literal 1607wlans_ath0="wlan0" 1608ifconfig_wlan0="DHCP WPA mode 11b" 1609.Ed 1610.Pp 1611In addition to the 1612.Va ifconfig_ Ns Aq Ar interface 1613form, a fallback variable 1614.Va ifconfig_DEFAULT 1615may be configured. 1616It will be used for all interfaces with no 1617.Va ifconfig_ Ns Aq Ar interface 1618variable. 1619This is intended to replace the no longer supported 1620.Va pccard_ifconfig 1621variable. 1622.Pp 1623It is also possible to rename an interface by doing: 1624.Bd -literal 1625ifconfig_em0_name="net0" 1626ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1627.Ed 1628.It Va ipv6_enable 1629.Pq Vt bool 1630This variable is deprecated. 1631Use 1632.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1633and 1634.Va ipv6_activate_all_interfaces 1635if necessary. 1636.Pp 1637If the variable is 1638.Dq Li YES , 1639.Dq Li inet6 accept_rtadv 1640is added to all of 1641.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1642and the 1643.Va ipv6_activate_all_interfaces 1644is defined as 1645.Dq Li YES . 1646.It Va ipv6_prefer 1647.Pq Vt bool 1648This variable is deprecated. 1649Use 1650.Va ip6addrctl_policy 1651instead. 1652.Pp 1653If the variable is 1654.Dq Li YES , 1655the default address selection policy table set by 1656.Xr ip6addrctl 8 1657will be IPv6-preferred. 1658.Pp 1659If the variable is 1660.Dq Li NO , 1661the default address selection policy table set by 1662.Xr ip6addrctl 8 1663will be IPv4-preferred. 1664.It Va ipv6_activate_all_interfaces 1665.Pq Vt bool 1666This controls initial configuration on IPv6-capable 1667interfaces with no corresponding 1668.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1669variable. 1670Note that it is not always necessary to set this variable to 1671.Dq YES 1672to use IPv6 functionality on 1673.Fx . 1674In most cases, just configuring 1675.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1676variables works. 1677.Pp 1678If the variable is 1679.Dq Li NO , 1680all interfaces which do not have a corresponding 1681.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1682variable will be marked as 1683.Dq Li IFDISABLED 1684at creation. 1685This means that all of IPv6 functionality on that interface 1686is completely disabled to enforce a security policy. 1687If the variable is set to 1688.Dq YES , 1689the flag will be cleared on all of the interfaces. 1690.Pp 1691In most cases, just defining an 1692.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1693for an IPv6-capable interface should be sufficient. 1694However, if an interface is added dynamically 1695.Pq by some tunneling protocols such as PPP, for example , 1696it is often difficult to define the variable in advance. 1697In such a case, configuring the 1698.Dq Li IFDISABLED 1699flag can be disabled by setting this variable to 1700.Dq YES . 1701.Pp 1702For more details of the 1703.Dq Li IFDISABLED 1704flag and keywords 1705.Dq Li inet6 ifdisabled , 1706see 1707.Xr ifconfig 8 . 1708.Pp 1709Default is 1710.Dq Li NO . 1711.It Va ipv6_privacy 1712.Pq Vt bool 1713If the variable is 1714.Dq Li YES 1715privacy addresses will be generated for each IPv6 1716interface as described in RFC 4941. 1717.It Va ipv6_network_interfaces 1718.Pq Vt str 1719This is the IPv6 equivalent of 1720.Va network_interfaces . 1721Normally manual configuration of this variable is not needed. 1722.It Va ipv6_cpe_wanif 1723.Pq Vt str 1724If the variable is set to an interface name, 1725the 1726.Xr ifconfig 8 1727options 1728.Dq inet6 -no_radr accept_rtadv 1729will be added to the specified interface automatically before evaluating 1730.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1731and two 1732.Xr sysctl 8 1733variables 1734.Va net.inet6.ip6.rfc6204w3 1735and 1736.Va net.inet6.ip6.no_radr 1737will be set to 1. 1738.Pp 1739This means the specified interface will accept ICMPv6 Router 1740Advertisement messages on that link and add the discovered 1741routers into the Default Router List. 1742While the other interfaces can still accept RA messages if the 1743.Dq inet6 accept_rtadv 1744option is specified, adding 1745routes into the Default Router List will be disabled by 1746.Dq inet6 no_radr 1747option by default. 1748See 1749.Xr ifconfig 8 1750for more details. 1751.Pp 1752Note that ICMPv6 Router Advertisement messages will be 1753accepted even when 1754.Va net.inet6.ip6.forwarding 1755is 1 1756.Pq packet forwarding is enabled 1757when 1758.Va net.inet6.ip6.rfc6204w3 1759is set to 1. 1760.Pp 1761Default is 1762.Dq Li NO . 1763.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1764.Pq Vt str 1765This assigns arbitrary description to an interface. 1766The 1767.Xr sysctl 8 1768variable 1769.Va net.ifdescr_maxlen 1770limits its length. 1771This static setting may be overridden by commands 1772started with dynamic interface configuration utilities 1773like 1774.Xr dhclient 8 1775hooks. 1776The description can be seen with 1777.Xr ifconfig 8 1778command and it may be exported with 1779.Xr bsnmpd 1 1780daemon using its MIB-2 module. 1781.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1782.Pq Vt str 1783IPv6 functionality on an interface should be configured by 1784.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1785instead of setting ifconfig parameters in 1786.Va ifconfig_ Ns Aq Ar interface . 1787If this variable is empty, all of IPv6 configurations on the 1788specified interface by other variables such as 1789.Va ipv6_prefix_ Ns Ao Ar interface Ac 1790will be ignored. 1791.Pp 1792Aliases should be set by 1793.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1794with 1795.Dq Li inet6 1796keyword. 1797For example: 1798.Bd -literal 1799ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1800ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1801.Ed 1802.Pp 1803Interfaces that have an 1804.Dq Li inet6 accept_rtadv 1805keyword in 1806.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1807setting will be automatically configured by SLAAC 1808.Pq StateLess Address AutoConfiguration 1809described in 1810.Rs 1811.%T "RFC 4862" 1812.Re 1813.Pp 1814Note that a link-local address will be automatically configured in 1815addition to the configured global-scope addresses because the IPv6 1816specifications require it on each link. 1817The address is calculated from the MAC address by using an algorithm 1818defined in 1819.Rs 1820.%T "RFC 4862" 1821.%O "Section 5.3" 1822.Re 1823.Pp 1824If only a link-local address is needed on the interface, 1825the following configuration can be used: 1826.Bd -literal 1827ifconfig_em0_ipv6="inet6 auto_linklocal" 1828.Ed 1829.Pp 1830A link-local address can also be configured manually. 1831This is useful for the default router address of an IPv6 router 1832so that it does not change when the network interface 1833card is replaced. 1834For example: 1835.Bd -literal 1836ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1837.Ed 1838.It Va ipv6_prefix_ Ns Aq Ar interface 1839.Pq Vt str 1840If one or more prefixes are defined in 1841.Va ipv6_prefix_ Ns Aq Ar interface 1842addresses based on each prefix and the EUI-64 interface index will be 1843configured on that interface. 1844Note that this variable will be ignored when 1845.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1846is empty. 1847.Pp 1848For example, the following configuration 1849.Bd -literal 1850ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1851.Ed 1852.Pp 1853is equivalent to the following: 1854.Bd -literal 1855ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1856ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1857ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1858ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1859.Ed 1860.Pp 1861These Subnet-Router anycast addresses will be added only when 1862.Va ipv6_gateway_enable 1863is YES. 1864.It Va ipv6_default_interface 1865.Pq Vt str 1866If not set to 1867.Dq Li NO , 1868this is the default output interface for scoped addresses. 1869This works only with ipv6_gateway_enable="NO". 1870.It Va ip6addrctl_enable 1871.Pq Vt bool 1872This variable is to enable configuring default address selection policy table 1873.Pq RFC 3484 . 1874The table can be specified in another variable 1875.Va ip6addrctl_policy . 1876For 1877.Va ip6addrctl_policy 1878the following keywords can be specified: 1879.Dq Li ipv4_prefer , 1880.Dq Li ipv6_prefer , 1881or 1882.Dq Li AUTO . 1883.Pp 1884If 1885.Dq Li ipv4_prefer 1886or 1887.Dq Li ipv6_prefer 1888is specified, 1889.Xr ip6addrctl 8 1890installs a pre-defined policy table described in Section 10.3 1891.Pq IPv4-preferred 1892or 2.1 1893.Pq IPv6-preferred 1894of RFC 3484. 1895.Pp 1896If 1897.Dq Li AUTO 1898is specified, it attempts to read a file 1899.Pa /etc/ip6addrctl.conf 1900first. 1901If this file is found, 1902.Xr ip6addrctl 8 1903reads and installs it. 1904If not found, a policy is automatically set 1905according to 1906.Va ipv6_activate_all_interfaces 1907variable; if the variable is set to 1908.Dq Li YES 1909the IPv6-preferred one is used. 1910Otherwise IPv4-preferred. 1911.Pp 1912The default value of 1913.Va ip6addrctl_enable 1914and 1915.Va ip6addrctl_policy 1916are 1917.Dq Li YES 1918and 1919.Dq Li AUTO , 1920respectively. 1921.It Va cloned_interfaces 1922.Pq Vt str 1923Set to the list of clonable network interfaces to create on this host. 1924Further cloning arguments may be passed to the 1925.Xr ifconfig 8 1926.Cm create 1927command for each interface by setting the 1928.Va create_args_ Ns Aq Ar interface 1929variable. 1930If an interface name is specified with 1931.Dq :sticky 1932keyword, 1933the interface will not be destroyed even when 1934.Pa rc.d/netif 1935script is invoked with 1936.Dq stop 1937argument. 1938This is useful when reconfiguring the interface without destroying it. 1939Entries in 1940.Va cloned_interfaces 1941are automatically appended to 1942.Va network_interfaces 1943for configuration. 1944.It Va cloned_interfaces_sticky 1945.Pq Vt bool 1946This variable is to globally enable functionality of 1947.Dq :sticky 1948keyword in 1949.Va cloned_interfaces 1950for all interfaces. 1951The default value is 1952.Dq NO . 1953Even if this variable is specified to 1954.Dq YES , 1955.Dq :nosticky 1956keyword can be used to override it on per interface basis. 1957.It Va gif_interfaces 1958Set to the list of 1959.Xr gif 4 1960tunnel interfaces to configure on this host. 1961A 1962.Va gifconfig_ Ns Aq Ar interface 1963variable is assumed to exist for each value of 1964.Ar interface . 1965The value of this variable is used to configure the link layer of the 1966tunnel using the 1967.Cm tunnel 1968option to 1969.Xr ifconfig 8 . 1970Additionally, this option ensures that each listed interface is created 1971via the 1972.Cm create 1973option to 1974.Xr ifconfig 8 1975before attempting to configure it. 1976.Pp 1977For example, configure two 1978.Xr gif 4 1979interfaces with: 1980.Bd -literal 1981gif_interfaces="gif0 gif1" 1982gifconfig_gif0="100.64.0.1 100.64.0.2" 1983ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1984gifconfig_gif1="inet6 2a00::1 2a01::1" 1985ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1986.Ed 1987.It Va ppp_enable 1988.Pq Vt bool 1989If set to 1990.Dq Li YES , 1991run the 1992.Xr ppp 8 1993daemon. 1994.It Va ppp_profile 1995.Pq Vt str 1996The name of the profile to use from 1997.Pa /etc/ppp/ppp.conf . 1998Also used for per-profile overrides of 1999.Va ppp_mode 2000and 2001.Va ppp_nat , 2002and 2003.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2004When the profile name contains any of the characters 2005.Dq Li .-/+ 2006they are translated to 2007.Dq Li _ 2008for the proposes of the override variable names. 2009.It Va ppp_mode 2010.Pq Vt str 2011Mode in which to run the 2012.Xr ppp 8 2013daemon. 2014.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2015.Pq Vt str 2016Overrides the global 2017.Va ppp_mode 2018for 2019.Ar profile . 2020Accepted modes are 2021.Dq Li auto , 2022.Dq Li ddial , 2023.Dq Li direct 2024and 2025.Dq Li dedicated . 2026See the manual for a full description. 2027.It Va ppp_nat 2028.Pq Vt bool 2029If set to 2030.Dq Li YES , 2031enables network address translation. 2032Used in conjunction with 2033.Va gateway_enable 2034allows hosts on private network addresses access to the Internet using 2035this host as a network address translating router. 2036Default is 2037.Dq Li YES . 2038.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2039.Pq Vt str 2040Overrides the global 2041.Va ppp_nat 2042for 2043.Ar profile . 2044.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2045.Pq Vt int 2046Set the unit number to be used for this profile. 2047See the manual description of 2048.Fl unit Ns Ar N 2049for details. 2050.It Va ppp_user 2051.Pq Vt str 2052The name of the user under which 2053.Xr ppp 8 2054should be started. 2055By 2056default, 2057.Xr ppp 8 2058is started as 2059.Dq Li root . 2060.It Va rc_conf_files 2061.Pq Vt str 2062This option is used to specify a list of files that will override 2063the settings in 2064.Pa /etc/defaults/rc.conf . 2065The files will be read in the order in which they are specified and should 2066include the full path to the file. 2067By default, the files specified are 2068.Pa /etc/rc.conf 2069and 2070.Pa /etc/rc.conf.local 2071.It Va zfs_enable 2072.Pq Vt bool 2073If set to 2074.Dq Li YES , 2075.Pa /etc/rc.d/zfs 2076will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2077(ZVOLs). 2078.It Va zpool_reguid 2079.Pq Vt str 2080A space-separated list of ZFS pool names for which new pool GUIDs should be 2081assigned upon first boot. 2082This is useful when using a ZFS pool copied from a template, such as a virtual 2083machine image. 2084.It Va gptboot_enable 2085.Pq Vt bool 2086If set to 2087.Dq Li YES , 2088.Pa /etc/rc.d/gptboot 2089will log if the system successfully (or not) booted from a GPT partition, 2090which had the 2091.Ar bootonce 2092attribute set using 2093.Xr gpart 8 2094utility. 2095.It Va gbde_autoattach_all 2096.Pq Vt bool 2097If set to 2098.Dq Li YES , 2099.Pa /etc/rc.d/gbde 2100will attempt to automatically initialize your .bde devices in 2101.Pa /etc/fstab . 2102.It Va gbde_devices 2103.Pq Vt str 2104List the devices that the script should try to attach, 2105or 2106.Dq Li AUTO . 2107.It Va gbde_lockdir 2108.Pq Vt str 2109The directory where the 2110.Xr gbde 4 2111lockfiles are located. 2112The default lockfile directory is 2113.Pa /etc . 2114.Pp 2115The lockfile for each individual 2116.Xr gbde 4 2117device can be overridden by setting the variable 2118.Va gbde_lock_ Ns Aq Ar device , 2119where 2120.Ar device 2121is the encrypted device without the 2122.Dq Pa /dev/ 2123and 2124.Dq Pa .bde 2125parts. 2126.It Va gbde_attach_attempts 2127.Pq Vt int 2128Number of times to attempt attaching to a 2129.Xr gbde 4 2130device, i.e., how many times the user is asked for the pass-phrase. 2131Default is 3. 2132.It Va geli_devices 2133.Pq Vt str 2134List of devices to automatically attach on boot. 2135Note that .eli devices from 2136.Pa /etc/fstab 2137are automatically appended to this list. 2138.It Va geli_groups 2139.Pq Vt str 2140List of groups containing devices to automatically attach on boot with the same 2141keyfiles and passphrase. 2142This must be accompanied with a corresponding 2143.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2144variable. 2145.It Va geli_tries 2146.Pq Vt int 2147Number of times user is asked for the pass-phrase. 2148If empty, it will be taken from 2149.Va kern.geom.eli.tries 2150sysctl variable. 2151.It Va geli_default_flags 2152.Pq Vt str 2153Default flags to use by 2154.Xr geli 8 2155when configuring disk encryption. 2156Flags can be configured for every device separately by defining the 2157.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2158variable, and for every group separately by defining the 2159.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2160variable. 2161.It Va geli_autodetach 2162.Pq Vt str 2163Specifies if GELI devices should be marked for detach on last close after 2164file systems are mounted. 2165Default is 2166.Dq Li YES . 2167This can be changed for every device separately by defining the 2168.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2169variable. 2170.It Va root_rw_mount 2171.Pq Vt bool 2172Set to 2173.Dq Li YES 2174by default. 2175After the file systems are checked at boot time, the root file system 2176is remounted as read-write if this is set to 2177.Dq Li YES . 2178Diskless systems that mount their root file system from a read-only remote 2179NFS share should set this to 2180.Dq Li NO 2181in their 2182.Pa rc.conf . 2183.It Va fsck_y_enable 2184.Pq Vt bool 2185If set to 2186.Dq Li YES , 2187.Xr fsck 8 2188will be run with the 2189.Fl y 2190flag if the initial preen 2191of the file systems fails. 2192.It Va background_fsck 2193.Pq Vt bool 2194If set to 2195.Dq Li NO , 2196the system will not attempt to run 2197.Xr fsck 8 2198in the background where possible. 2199.It Va background_fsck_delay 2200.Pq Vt int 2201The amount of time in seconds to sleep before starting a background 2202.Xr fsck 8 . 2203It defaults to sixty seconds to allow large applications such as 2204the X server to start before disk I/O bandwidth is monopolized by 2205.Xr fsck 8 . 2206If set to a negative number, the background file system check will be 2207delayed indefinitely to allow the administrator to run it at a more 2208convenient time. 2209For example it may be run from 2210.Xr cron 8 2211by adding a line like 2212.Pp 2213.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2214.Pp 2215to 2216.Pa /etc/crontab . 2217.It Va netfs_types 2218.Pq Vt str 2219List of file system types that are network-based. 2220This list should generally not be modified by end users. 2221Use 2222.Va extra_netfs_types 2223instead. 2224.It Va extra_netfs_types 2225.Pq Vt str 2226If set to something other than 2227.Dq Li NO 2228(the default), 2229this variable extends the list of file system types 2230for which automatic mounting at startup by 2231.Xr rc 8 2232should be delayed until the network is initialized. 2233It should contain 2234a whitespace-separated list of network file system descriptor pairs, 2235each consisting of a file system type as passed to 2236.Xr mount 8 2237and a human-readable, one-word description, 2238joined with a colon 2239.Pq Ql \&: . 2240Extending the default list in this way is only necessary 2241when third party file system types are used. 2242.It Va syslogd_enable 2243.Pq Vt bool 2244If set to 2245.Dq Li YES , 2246run the 2247.Xr syslogd 8 2248daemon. 2249.It Va syslogd_program 2250.Pq Vt str 2251Path to 2252.Xr syslogd 8 2253(default 2254.Pa /usr/sbin/syslogd ) . 2255.It Va syslogd_flags 2256.Pq Vt str 2257If 2258.Va syslogd_enable 2259is set to 2260.Dq Li YES , 2261these are the flags to pass to 2262.Xr syslogd 8 . 2263.It Va inetd_enable 2264.Pq Vt bool 2265If set to 2266.Dq Li YES , 2267run the 2268.Xr inetd 8 2269daemon. 2270.It Va inetd_program 2271.Pq Vt str 2272Path to 2273.Xr inetd 8 2274(default 2275.Pa /usr/sbin/inetd ) . 2276.It Va inetd_flags 2277.Pq Vt str 2278If 2279.Va inetd_enable 2280is set to 2281.Dq Li YES , 2282these are the flags to pass to 2283.Xr inetd 8 . 2284.It Va hastd_enable 2285.Pq Vt bool 2286If set to 2287.Dq Li YES , 2288run the 2289.Xr hastd 8 2290daemon. 2291.It Va hastd_program 2292.Pq Vt str 2293Path to 2294.Xr hastd 8 2295(default 2296.Pa /sbin/hastd ) . 2297.It Va hastd_flags 2298.Pq Vt str 2299If 2300.Va hastd_enable 2301is set to 2302.Dq Li YES , 2303these are the flags to pass to 2304.Xr hastd 8 . 2305.It Va local_unbound_enable 2306.Pq Vt bool 2307If set to 2308.Dq Li YES , 2309run the 2310.Xr unbound 8 2311daemon as a local caching resolver. 2312.It Va kdc_enable 2313.Pq Vt bool 2314Set to 2315.Dq Li YES 2316to start a Kerberos 5 authentication server 2317at boot time. 2318.It Va kdc_program 2319.Pq Vt str 2320If 2321.Va kdc_enable 2322is set to 2323.Dq Li YES 2324this is the path to Kerberos 5 Authentication Server. 2325.It Va kdc_flags 2326.Pq Vt str 2327Empty by default. 2328This variable contains additional flags to be passed to the Kerberos 5 2329authentication server. 2330.It Va kadmind_enable 2331.Pq Vt bool 2332Set to 2333.Dq Li YES 2334to start 2335.Xr kadmind 8 , 2336the Kerberos 5 Administration Daemon; set to 2337.Dq Li NO 2338on a slave server. 2339.It Va kadmind_program 2340.Pq Vt str 2341If 2342.Va kadmind_enable 2343is set to 2344.Dq Li YES 2345this is the path to Kerberos 5 Administration Daemon. 2346.It Va kpasswdd_enable 2347.Pq Vt bool 2348Set to 2349.Dq Li YES 2350to start 2351.Xr kpasswdd 8 , 2352the Kerberos 5 Password-Changing Daemon; set to 2353.Dq Li NO 2354on a slave server. 2355.It Va kpasswdd_program 2356.Pq Vt str 2357If 2358.Va kpasswdd_enable 2359is set to 2360.Dq Li YES 2361this is the path to Kerberos 5 Password-Changing Daemon. 2362.It Va kfd_enable 2363.Pq Vt bool 2364Set to 2365.Dq Li YES 2366to start 2367.Xr kfd 8 , 2368the Kerberos 5 ticket forwarding daemon, at the boot time. 2369.It Va kfd_program 2370.Pq Vt str 2371Path to 2372.Xr kfd 8 2373(default 2374.Pa /usr/libexec/kfd ) . 2375.It Va rwhod_enable 2376.Pq Vt bool 2377If set to 2378.Dq Li YES , 2379run the 2380.Xr rwhod 8 2381daemon at boot time. 2382.It Va rwhod_flags 2383.Pq Vt str 2384If 2385.Va rwhod_enable 2386is set to 2387.Dq Li YES , 2388these are the flags to pass to it. 2389.It Va update_motd 2390.Pq Vt bool 2391If set to 2392.Dq Li YES , 2393.Pa /etc/motd 2394will be updated at boot time to reflect the kernel release 2395being run. 2396If set to 2397.Dq Li NO , 2398.Pa /etc/motd 2399will not be updated. 2400.It Va nfs_client_enable 2401.Pq Vt bool 2402If set to 2403.Dq Li YES , 2404run the NFS client daemons at boot time. 2405.It Va nfs_access_cache 2406.Pq Vt int 2407If 2408.Va nfs_client_enable 2409is set to 2410.Dq Li YES , 2411this can be set to 2412.Dq Li 0 2413to disable NFS ACCESS RPC caching, or to the number of seconds for which 2414NFS ACCESS 2415results should be cached. 2416A value of 2-10 seconds will substantially reduce network 2417traffic for many NFS operations. 2418.It Va nfs_server_enable 2419.Pq Vt bool 2420If set to 2421.Dq Li YES , 2422run the NFS server daemons at boot time. 2423.It Va nfs_server_flags 2424.Pq Vt str 2425If 2426.Va nfs_server_enable 2427is set to 2428.Dq Li YES , 2429these are the flags to pass to the 2430.Xr nfsd 8 2431daemon. 2432.It Va nfsv4_server_enable 2433.Pq Vt bool 2434If 2435.Va nfs_server_enable 2436is set to 2437.Dq Li YES 2438and 2439.Va nfsv4_server_enable 2440is set to 2441.Dq Li YES , 2442enable the server for NFSv4 as well as NFSv2 and NFSv3. 2443.It Va nfsv4_server_only 2444.Pq Vt bool 2445If 2446.Va nfs_server_enable 2447is set to 2448.Dq Li YES 2449and 2450.Va nfsv4_server_only 2451is set to 2452.Dq Li YES , 2453enable the NFS server for NFSv4 only. 2454.It Va nfs_server_maxio 2455.Pq Vt int 2456value to set vfs.nfsd.srvmaxio to, which is the 2457maximum I/O size for the NFS server. 2458.It Va tlsclntd_enable 2459.Pq Vt bool 2460If set to 2461.Dq Li YES , 2462run the 2463.Xr rpc.tlsclntd 8 2464daemon, which is needed for NFS-over-TLS NFS mounts. 2465.It Va tlsservd_enable 2466.Pq Vt bool 2467If set to 2468.Dq Li YES , 2469run the 2470.Xr rpc.tlsservd 8 2471daemon, which is needed for the 2472.Xr nfsd 8 2473to support NFS-over-TLS NFS mounts. 2474.It Va nfsuserd_enable 2475.Pq Vt bool 2476If 2477.Va nfsuserd_enable 2478is set to 2479.Dq Li YES , 2480run the nfsuserd daemon, which is needed for NFSv4 in order 2481to map between user/group names vs uid/gid numbers. 2482If 2483.Va nfsv4_server_enable 2484is set to 2485.Dq Li YES , 2486this will be forced enabled. 2487.It Va nfsuserd_flags 2488.Pq Vt str 2489If 2490.Va nfsuserd_enable 2491is set to 2492.Dq Li YES , 2493these are the flags to pass to the 2494.Xr nfsuserd 8 2495daemon. 2496.It Va nfscbd_enable 2497.Pq Vt bool 2498If 2499.Va nfscbd_enable 2500is set to 2501.Dq Li YES , 2502run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2503.It Va nfscbd_flags 2504.Pq Vt str 2505If 2506.Va nfscbd_enable 2507is set to 2508.Dq Li YES , 2509these are the flags to pass to the 2510.Xr nfscbd 8 2511daemon. 2512.It Va mountd_enable 2513.Pq Vt bool 2514If set to 2515.Dq Li YES , 2516and no 2517.Va nfs_server_enable 2518is set, start 2519.Xr mountd 8 , 2520but not 2521.Xr nfsd 8 2522daemon. 2523It is commonly needed to run CFS without real NFS used. 2524.It Va mountd_flags 2525.Pq Vt str 2526If 2527.Va mountd_enable 2528is set to 2529.Dq Li YES , 2530these are the flags to pass to the 2531.Xr mountd 8 2532daemon. 2533.It Va weak_mountd_authentication 2534.Pq Vt bool 2535If set to 2536.Dq Li YES , 2537allow services like PCNFSD to make non-privileged mount 2538requests. 2539.It Va nfs_reserved_port_only 2540.Pq Vt bool 2541If set to 2542.Dq Li YES , 2543provide NFS services only on a secure port. 2544.It Va nfs_bufpackets 2545.Pq Vt int 2546If set to a number, indicates the number of packets worth of 2547socket buffer space to reserve on an NFS client. 2548The kernel default is typically 4. 2549Using a higher number may be 2550useful on gigabit networks to improve performance. 2551The minimum value is 25522 and the maximum is 64. 2553.It Va rpc_lockd_enable 2554.Pq Vt bool 2555If set to 2556.Dq Li YES 2557and also an NFS server or client, run 2558.Xr rpc.lockd 8 2559at boot time. 2560.It Va rpc_lockd_flags 2561.Pq Vt str 2562If 2563.Va rpc_lockd_enable 2564is set to 2565.Dq Li YES , 2566these are the flags to pass to the 2567.Xr rpc.lockd 8 2568daemon. 2569.It Va rpc_statd_enable 2570.Pq Vt bool 2571If set to 2572.Dq Li YES 2573and also an NFS server or client, run 2574.Xr rpc.statd 8 2575at boot time. 2576.It Va rpc_statd_flags 2577.Pq Vt str 2578If 2579.Va rpc_statd_enable 2580is set to 2581.Dq Li YES , 2582these are the flags to pass to the 2583.Xr rpc.statd 8 2584daemon. 2585.It Va rpcbind_program 2586.Pq Vt str 2587Path to 2588.Xr rpcbind 8 2589(default 2590.Pa /usr/sbin/rpcbind ) . 2591.It Va rpcbind_enable 2592.Pq Vt bool 2593If set to 2594.Dq Li YES , 2595run the 2596.Xr rpcbind 8 2597service at boot time. 2598.It Va rpcbind_flags 2599.Pq Vt str 2600If 2601.Va rpcbind_enable 2602is set to 2603.Dq Li YES , 2604these are the flags to pass to the 2605.Xr rpcbind 8 2606daemon. 2607.It Va keyserv_enable 2608.Pq Vt bool 2609If set to 2610.Dq Li YES , 2611run the 2612.Xr keyserv 8 2613daemon on boot for running Secure RPC. 2614.It Va keyserv_flags 2615.Pq Vt str 2616If 2617.Va keyserv_enable 2618is set to 2619.Dq Li YES , 2620these are the flags to pass to 2621.Xr keyserv 8 2622daemon. 2623.It Va pppoed_enable 2624.Pq Vt bool 2625If set to 2626.Dq Li YES , 2627run the 2628.Xr pppoed 8 2629daemon at boot time to provide PPP over Ethernet services. 2630.It Va pppoed_ Ns Aq Ar provider 2631.Pq Vt str 2632.Xr pppoed 8 2633listens to requests to this 2634.Ar provider 2635and ultimately runs 2636.Xr ppp 8 2637with a 2638.Ar system 2639argument of the same name. 2640.It Va pppoed_flags 2641.Pq Vt str 2642Additional flags to pass to 2643.Xr pppoed 8 . 2644.It Va pppoed_interface 2645.Pq Vt str 2646The network interface to run 2647.Xr pppoed 8 2648on. 2649This is mandatory when 2650.Va pppoed_enable 2651is set to 2652.Dq Li YES . 2653.It Va ntpdate_enable 2654.Pq Vt bool 2655If set to 2656.Dq Li YES , 2657run 2658.Xr ntpdate 8 2659at system startup. 2660This command is intended to 2661synchronize the system clock only 2662.Em once 2663from some standard reference. 2664.Pp 2665Note that the use of the 2666.Va ntpd_sync_on_start 2667variable is a preferred alternative to the 2668.Xr ntpdate 8 2669utility as 2670.Xr ntpdate 8 2671is to be retired from the NTP distribution. 2672.It Va ntpdate_config 2673.Pq Vt str 2674Configuration file for 2675.Xr ntpdate 8 . 2676Default 2677.Pa /etc/ntp.conf . 2678.It Va ntpdate_hosts 2679.Pq Vt str 2680A whitespace-separated list of NTP servers to synchronize with at startup. 2681The default is to use the servers listed in 2682.Va ntpdate_config , 2683if that file exists. 2684.It Va ntpdate_program 2685.Pq Vt str 2686Path to 2687.Xr ntpdate 8 2688(default 2689.Pa /usr/sbin/ntpdate ) . 2690.It Va ntpdate_flags 2691.Pq Vt str 2692If 2693.Va ntpdate_enable 2694is set to 2695.Dq Li YES , 2696these are the flags to pass to the 2697.Xr ntpdate 8 2698command (typically a hostname). 2699.It Va ntpd_enable 2700.Pq Vt bool 2701If set to 2702.Dq Li YES , 2703run the 2704.Xr ntpd 8 2705command at boot time. 2706.It Va ntpd_program 2707.Pq Vt str 2708Path to 2709.Xr ntpd 8 2710(default 2711.Pa /usr/sbin/ntpd ) . 2712.It Va ntpd_config 2713.Pq Vt str 2714Path to 2715.Xr ntpd 8 2716configuration file. 2717Default 2718.Pa /etc/ntp.conf . 2719.It Va ntpd_flags 2720.Pq Vt str 2721If 2722.Va ntpd_enable 2723is set to 2724.Dq Li YES , 2725these are the flags to pass to the 2726.Xr ntpd 8 2727daemon. 2728.It Va ntpd_sync_on_start 2729.Pq Vt bool 2730If set to 2731.Dq Li YES , 2732.Xr ntpd 8 2733is run with the 2734.Fl g 2735flag, which syncs the system's clock on startup. 2736See 2737.Xr ntpd 8 2738for more information regarding the 2739.Fl g 2740option. 2741This is a preferred alternative to using 2742.Xr ntpdate 8 2743or specifying the 2744.Va ntpdate_enable 2745variable. 2746.It Va nis_client_enable 2747.Pq Vt bool 2748If set to 2749.Dq Li YES , 2750run the 2751.Xr ypbind 8 2752service at system boot time. 2753.It Va nis_client_flags 2754.Pq Vt str 2755If 2756.Va nis_client_enable 2757is set to 2758.Dq Li YES , 2759these are the flags to pass to the 2760.Xr ypbind 8 2761service. 2762.It Va nis_ypldap_enable 2763.Pq Vt bool 2764If set to 2765.Dq Li YES , 2766run the 2767.Xr ypldap 8 2768daemon at system boot time. 2769.It Va nis_ypldap_flags 2770.Pq Vt str 2771If 2772.Va nis.ypldap_enable 2773is set to 2774.Dq Li YES , 2775these are the flags to pass to the 2776.Xr ypldap 8 2777daemon. 2778.It Va nis_ypset_enable 2779.Pq Vt bool 2780If set to 2781.Dq Li YES , 2782run the 2783.Xr ypset 8 2784daemon at system boot time. 2785.It Va nis_ypset_flags 2786.Pq Vt str 2787If 2788.Va nis_ypset_enable 2789is set to 2790.Dq Li YES , 2791these are the flags to pass to the 2792.Xr ypset 8 2793daemon. 2794.It Va nis_server_enable 2795.Pq Vt bool 2796If set to 2797.Dq Li YES , 2798run the 2799.Xr ypserv 8 2800daemon at system boot time. 2801.It Va nis_server_flags 2802.Pq Vt str 2803If 2804.Va nis_server_enable 2805is set to 2806.Dq Li YES , 2807these are the flags to pass to the 2808.Xr ypserv 8 2809daemon. 2810.It Va nis_ypxfrd_enable 2811.Pq Vt bool 2812If set to 2813.Dq Li YES , 2814run the 2815.Xr rpc.ypxfrd 8 2816daemon at system boot time. 2817.It Va nis_ypxfrd_flags 2818.Pq Vt str 2819If 2820.Va nis_ypxfrd_enable 2821is set to 2822.Dq Li YES , 2823these are the flags to pass to the 2824.Xr rpc.ypxfrd 8 2825daemon. 2826.It Va nis_yppasswdd_enable 2827.Pq Vt bool 2828If set to 2829.Dq Li YES , 2830run the 2831.Xr rpc.yppasswdd 8 2832daemon at system boot time. 2833.It Va nis_yppasswdd_flags 2834.Pq Vt str 2835If 2836.Va nis_yppasswdd_enable 2837is set to 2838.Dq Li YES , 2839these are the flags to pass to the 2840.Xr rpc.yppasswdd 8 2841daemon. 2842.It Va rpc_ypupdated_enable 2843.Pq Vt bool 2844If set to 2845.Dq Li YES , 2846run the 2847.Nm rpc.ypupdated 2848daemon at system boot time. 2849.It Va bsnmpd_enable 2850.Pq Vt bool 2851If set to 2852.Dq Li YES , 2853run the 2854.Xr bsnmpd 1 2855daemon at system boot time. 2856Be sure to understand the security implications of running SNMP daemon 2857on your host. 2858.It Va bsnmpd_flags 2859.Pq Vt str 2860If 2861.Va bsnmpd_enable 2862is set to 2863.Dq Li YES , 2864these are the flags to pass to the 2865.Xr bsnmpd 1 2866daemon. 2867.It Va defaultrouter 2868.Pq Vt str 2869If not set to 2870.Dq Li NO , 2871create a default route to this host name or IP address 2872(use an IP address if this router is also required to get to the 2873name server!). 2874.It Va defaultrouter_fibN 2875.Pq Vt str 2876If not set to 2877.Dq Li NO , 2878create a default route in FIB N to this host name or IP address. 2879.It Va ipv6_defaultrouter 2880.Pq Vt str 2881The IPv6 equivalent of 2882.Va defaultrouter . 2883.It Va ipv6_defaultrouter_fibN 2884.Pq Vt str 2885The IPv6 equivalent of 2886.Va defaultrouter_fibN . 2887.It Va static_arp_pairs 2888.Pq Vt str 2889Set to the list of static ARP pairs that are to be added at system 2890boot time. 2891For each whitespace separated 2892.Ar element 2893in the value, a 2894.Va static_arp_ Ns Aq Ar element 2895variable is assumed to exist whose contents will later be passed to a 2896.Dq Nm arp Cm -S 2897operation. 2898For example 2899.Bd -literal 2900static_arp_pairs="gw" 2901static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2902.Ed 2903.It Va static_ndp_pairs 2904.Pq Vt str 2905Set to the list of static NDP pairs that are to be added at system 2906boot time. 2907For each whitespace separated 2908.Ar element 2909in the value, a 2910.Va static_ndp_ Ns Aq Ar element 2911variable is assumed to exist whose contents will later be passed to a 2912.Dq Nm ndp Cm -s 2913operation. 2914For example 2915.Bd -literal 2916static_ndp_pairs="gw" 2917static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2918.Ed 2919.It Va static_routes 2920.Pq Vt str 2921Set to the list of static routes that are to be added at system 2922boot time. 2923If not set to 2924.Dq Li NO 2925then for each whitespace separated 2926.Ar element 2927in the value, a 2928.Va route_ Ns Aq Ar element 2929variable is assumed to exist 2930whose contents will later be passed to a 2931.Dq Nm route Cm add 2932operation. 2933For example: 2934.Bd -literal 2935static_routes="ext mcast:gif0 gif0local:gif0" 2936route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2937route_mcast="-net 224.0.0.0/4 -iface gif0" 2938route_gif0local="-host 169.254.1.1 -iface lo0" 2939.Ed 2940.Pp 2941When an 2942.Ar element 2943is in the form of 2944.Li name:ifname , 2945the route is specific to the interface 2946.Li ifname . 2947.It Va ipv6_static_routes 2948.Pq Vt str 2949The IPv6 equivalent of 2950.Va static_routes . 2951If not set to 2952.Dq Li NO 2953then for each whitespace separated 2954.Ar element 2955in the value, a 2956.Va ipv6_route_ Ns Aq Ar element 2957variable is assumed to exist 2958whose contents will later be passed to a 2959.Dq Nm route Cm add Fl inet6 2960operation. 2961.It Va gateway_enable 2962.Pq Vt bool 2963If set to 2964.Dq Li YES , 2965configure host to act as an IP router, e.g.\& to forward packets 2966between interfaces. 2967.It Va ipv6_gateway_enable 2968.Pq Vt bool 2969The IPv6 equivalent of 2970.Va gateway_enable . 2971.It Va routed_enable 2972.Pq Vt bool 2973If set to 2974.Dq Li YES , 2975run a routing daemon of some sort, based on the 2976settings of 2977.Va routed_program 2978and 2979.Va routed_flags . 2980.It Va route6d_enable 2981.Pq Vt bool 2982The IPv6 equivalent of 2983.Va routed_enable . 2984If set to 2985.Dq Li YES , 2986run a routing daemon of some sort, based on the 2987settings of 2988.Va route6d_program 2989and 2990.Va route6d_flags . 2991.It Va routed_program 2992.Pq Vt str 2993If 2994.Va routed_enable 2995is set to 2996.Dq Li YES , 2997this is the name of the routing daemon to use. 2998.It Va route6d_program 2999.Pq Vt str 3000The IPv6 equivalent of 3001.Va routed_program . 3002.It Va routed_flags 3003.Pq Vt str 3004If 3005.Va routed_enable 3006is set to 3007.Dq Li YES , 3008these are the flags to pass to the routing daemon. 3009.It Va route6d_flags 3010.Pq Vt str 3011The IPv6 equivalent of 3012.Va routed_flags . 3013.It Va rtadvd_enable 3014.Pq Vt bool 3015If set to 3016.Dq Li YES , 3017run the 3018.Xr rtadvd 8 3019daemon at boot time. 3020The 3021.Xr rtadvd 8 3022utility sends ICMPv6 Router Advertisement messages to 3023the interfaces specified in 3024.Va rtadvd_interfaces . 3025This should only be enabled with great care. 3026You may want to fine-tune 3027.Xr rtadvd.conf 5 . 3028.It Va rtadvd_interfaces 3029.Pq Vt str 3030If 3031.Va rtadvd_enable 3032is set to 3033.Dq Li YES 3034this is the list of interfaces to use. 3035.It Va arpproxy_all 3036.Pq Vt bool 3037If set to 3038.Dq Li YES , 3039enable global proxy ARP. 3040.It Va forward_sourceroute 3041.Pq Vt bool 3042If set to 3043.Dq Li YES 3044and 3045.Va gateway_enable 3046is also set to 3047.Dq Li YES , 3048source-routed packets are forwarded. 3049.It Va accept_sourceroute 3050.Pq Vt bool 3051If set to 3052.Dq Li YES , 3053the system will accept source-routed packets directed at it. 3054.It Va rarpd_enable 3055.Pq Vt bool 3056If set to 3057.Dq Li YES , 3058run the 3059.Xr rarpd 8 3060daemon at system boot time. 3061.It Va rarpd_flags 3062.Pq Vt str 3063If 3064.Va rarpd_enable 3065is set to 3066.Dq Li YES , 3067these are the flags to pass to the 3068.Xr rarpd 8 3069daemon. 3070.It Va bootparamd_enable 3071.Pq Vt bool 3072If set to 3073.Dq Li YES , 3074run the 3075.Xr bootparamd 8 3076daemon at system boot time. 3077.It Va bootparamd_flags 3078.Pq Vt str 3079If 3080.Va bootparamd_enable 3081is set to 3082.Dq Li YES , 3083these are the flags to pass to the 3084.Xr bootparamd 8 3085daemon. 3086.It Va stf_interface_ipv4addr 3087.Pq Vt str 3088If not set to 3089.Dq Li NO , 3090this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3091interface). 3092Specify this entry to enable the 6to4 interface. 3093.It Va stf_interface_ipv4plen 3094.Pq Vt int 3095Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3096An effective value is 0-31. 3097.It Va stf_interface_ipv6_ifid 3098.Pq Vt str 3099IPv6 interface ID for 3100.Xr stf 4 . 3101This can be set to 3102.Dq Li AUTO . 3103.It Va stf_interface_ipv6_slaid 3104.Pq Vt str 3105IPv6 Site Level Aggregator for 3106.Xr stf 4 . 3107.It Va ipv6_ipv4mapping 3108.Pq Vt bool 3109If set to 3110.Dq Li YES 3111this enables IPv4 mapped IPv6 address communication (like 3112.Li ::ffff:a.b.c.d ) . 3113.It Va rtsold_enable 3114.Pq Vt bool 3115Set to 3116.Dq Li YES 3117to enable the 3118.Xr rtsold 8 3119daemon to send ICMPv6 Router Solicitation messages. 3120.It Va rtsold_flags 3121.Pq Vt str 3122If 3123.Va rtsold_enable 3124is set to 3125.Dq Li YES , 3126these are the flags to pass to 3127.Xr rtsold 8 . 3128.It Va rtsol_flags 3129.Pq Vt str 3130For interfaces configured with the 3131.Dq Li inet6 accept_rtadv 3132keyword, these are the flags to pass to 3133.Xr rtsol 8 . 3134.Pp 3135Note that 3136.Va rtsold_enable 3137is mutually exclusive to 3138.Va rtsol_flags ; 3139.Va rtsold_enable 3140takes precedence. 3141.It Va keybell 3142.Pq Vt str 3143The keyboard bell sound. 3144Set to 3145.Dq Li normal , 3146.Dq Li visual , 3147.Dq Li off , 3148or 3149.Dq Li NO 3150if the default behavior is desired. 3151For details, refer to the 3152.Xr kbdcontrol 1 3153manpage. 3154.It Va keyboard 3155.Pq Vt str 3156If set to a non-null string, the virtual console's keyboard input is 3157set to this device. 3158.It Va keymap 3159.Pq Vt str 3160If set to 3161.Dq Li NO , 3162no keymap is installed, otherwise the value is used to install 3163the keymap file found in 3164.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3165(if using 3166.Xr syscons 4 ) or 3167.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3168(if using 3169.Xr vt 4 ) . 3170.It Va keyrate 3171.Pq Vt str 3172The keyboard repeat speed. 3173Set to 3174.Dq Li slow , 3175.Dq Li normal , 3176.Dq Li fast , 3177or 3178.Dq Li NO 3179if the default behavior is desired. 3180.It Va keychange 3181.Pq Vt str 3182If not set to 3183.Dq Li NO , 3184attempt to program the function keys with the value. 3185The value should 3186be a single string of the form: 3187.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3188.It Va cursor 3189.Pq Vt str 3190Can be set to the value of 3191.Dq Li normal , 3192.Dq Li blink , 3193.Dq Li destructive , 3194or 3195.Dq Li NO 3196to set the cursor behavior explicitly or choose the default behavior. 3197.It Va scrnmap 3198.Pq Vt str 3199If set to 3200.Dq Li NO , 3201no screen map is installed, otherwise the value is used to install 3202the screen map file in 3203.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3204This parameter is ignored when using 3205.Xr vt 4 3206as the console driver. 3207.It Va font8x16 3208.Pq Vt str 3209If set to 3210.Dq Li NO , 3211the default 8x16 font value is used for screen size requests, otherwise 3212the value in 3213.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3214or 3215.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3216is used (depending on the console driver being used). 3217.It Va font8x14 3218.Pq Vt str 3219If set to 3220.Dq Li NO , 3221the default 8x14 font value is used for screen size requests, otherwise 3222the value in 3223.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3224or 3225.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3226is used (depending on the console driver being used). 3227.It Va font8x8 3228.Pq Vt str 3229If set to 3230.Dq Li NO , 3231the default 8x8 font value is used for screen size requests, otherwise 3232the value in 3233.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3234or 3235.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3236is used (depending on the console driver being used). 3237.It Va blanktime 3238.Pq Vt int 3239If set to 3240.Dq Li NO , 3241the default screen blanking interval is used, otherwise it is set 3242to 3243.Ar value 3244seconds. 3245.It Va saver 3246.Pq Vt str 3247If not set to 3248.Dq Li NO , 3249this is the actual screen saver to use 3250.Li ( blank , snake , daemon , 3251etc). 3252.It Va moused_nondefault_enable 3253.Pq Vt str 3254If set to 3255.Dq Li NO , 3256the mouse device specified on 3257the command line is not automatically treated as enabled by the 3258.Pa /etc/rc.d/moused 3259script. 3260Having this variable set to 3261.Dq Li YES 3262allows a 3263.Xr usb 4 3264mouse, 3265for example, 3266to be enabled as soon as it is plugged in. 3267.It Va moused_enable 3268.Pq Vt str 3269If set to 3270.Dq Li YES , 3271the 3272.Xr moused 8 3273daemon is started for doing cut/paste selection on the console. 3274.It Va moused_type 3275.Pq Vt str 3276This is the protocol type of the mouse connected to this host. 3277This variable must be set if 3278.Va moused_enable 3279is set to 3280.Dq Li YES . 3281The 3282.Xr moused 8 3283daemon 3284is able to detect the appropriate mouse type automatically in many cases. 3285Set this variable to 3286.Dq Li auto 3287to let the daemon detect it, or 3288select one from the following list if the automatic detection fails. 3289.Pp 3290If the mouse is attached to the PS/2 mouse port, choose 3291.Dq Li auto 3292or 3293.Dq Li ps/2 , 3294regardless of the brand and model of the mouse. 3295Likewise, if the 3296mouse is attached to the bus mouse port, choose 3297.Dq Li auto 3298or 3299.Dq Li busmouse . 3300All other protocols are for serial mice and will not work with 3301the PS/2 and bus mice. 3302If this is a USB mouse, 3303.Dq Li auto 3304is the only protocol type which will work. 3305.Pp 3306.Bl -tag -width ".Li x10mouseremote" -compact 3307.It Li microsoft 3308Microsoft mouse (serial) 3309.It Li intellimouse 3310Microsoft IntelliMouse (serial) 3311.It Li mousesystems 3312Mouse systems Corp.\& mouse (serial) 3313.It Li mmseries 3314MM Series mouse (serial) 3315.It Li logitech 3316Logitech mouse (serial) 3317.It Li busmouse 3318A bus mouse 3319.It Li mouseman 3320Logitech MouseMan and TrackMan (serial) 3321.It Li glidepoint 3322ALPS GlidePoint (serial) 3323.It Li thinkingmouse 3324Kensington ThinkingMouse (serial) 3325.It Li ps/2 3326PS/2 mouse 3327.It Li mmhittab 3328MM HitTablet (serial) 3329.It Li x10mouseremote 3330X10 MouseRemote (serial) 3331.It Li versapad 3332Interlink VersaPad (serial) 3333.El 3334.Pp 3335Even if the mouse is not in the above list, it may be compatible 3336with one in the list. 3337Refer to the manual page for 3338.Xr moused 8 3339for compatibility information. 3340.Pp 3341It should also be noted that while this is enabled, any 3342other client of the mouse (such as an X server) should access 3343the mouse through the virtual mouse device, 3344.Pa /dev/sysmouse , 3345and configure it as a 3346.Dq Li sysmouse 3347type mouse, since all 3348mouse data is converted to this single canonical format when 3349using 3350.Xr moused 8 . 3351If the client program does not support the 3352.Dq Li sysmouse 3353type, 3354specify the 3355.Dq Li mousesystems 3356type. 3357It is the second preferred type. 3358.It Va moused_port 3359.Pq Vt str 3360If 3361.Va moused_enable 3362is set to 3363.Dq Li YES , 3364this is the actual port the mouse is on. 3365It might be 3366.Pa /dev/cuau0 3367for a COM1 serial mouse, or 3368.Pa /dev/psm0 3369for a PS/2 mouse, for example. 3370.It Va moused_flags 3371.Pq Vt str 3372If 3373.Va moused_flags 3374is set, its value is used as an additional set of flags to pass to the 3375.Xr moused 8 3376daemon. 3377.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3378When 3379.Va moused_nondefault_enable 3380is enabled, and a 3381.Xr moused 8 3382daemon is started for a non-default port, the 3383.Va "moused_" Ns Ar XXX Ns Va "_flags" 3384set of options has precedence over and replaces the default 3385.Va moused_flags 3386(where 3387.Ar XXX 3388is the name of the non-default port, i.e.,\& 3389.Ar ums0 ) . 3390By setting 3391.Va "moused_" Ns Ar XXX Ns Va "_flags" 3392it is possible to set up a different set of default flags for each 3393.Xr moused 8 3394instance. 3395For example, you can use 3396.Dq Li "-3" 3397for the default 3398.Va moused_flags 3399to make your laptop's touchpad more comfortable to use, 3400but an empty set of options for 3401.Va moused_ums0_flags 3402when your 3403.Xr usb 4 3404mouse has three or more buttons. 3405.It Va mousechar_start 3406.Pq Vt int 3407If set to 3408.Dq Li NO , 3409the default mouse cursor character range 3410.Li 0xd0 Ns - Ns Li 0xd3 3411is used, 3412otherwise the range start is set 3413to 3414.Ar value 3415character, see 3416.Xr vidcontrol 1 . 3417Use if the default range is occupied in the language code table. 3418.It Va allscreens_flags 3419.Pq Vt str 3420If set, 3421.Xr vidcontrol 1 3422is run with these options for each of the virtual terminals 3423.Pq Pa /dev/ttyv* . 3424For example, 3425.Dq Fl m Cm on 3426will enable the mouse pointer on all virtual terminals 3427if 3428.Va moused_enable 3429is set to 3430.Dq Li YES . 3431.It Va allscreens_kbdflags 3432.Pq Vt str 3433If set, 3434.Xr kbdcontrol 1 3435is run with these options for each of the virtual terminals 3436.Pq Pa /dev/ttyv* . 3437For example, 3438.Dq Fl h Li 200 3439will set the 3440.Xr syscons 4 3441or 3442.Xr vt 4 3443scrollback (history) buffer to 200 lines. 3444.It Va cron_enable 3445.Pq Vt bool 3446If set to 3447.Dq Li YES , 3448run the 3449.Xr cron 8 3450daemon at system boot time. 3451.It Va cron_program 3452.Pq Vt str 3453Path to 3454.Xr cron 8 3455(default 3456.Pa /usr/sbin/cron ) . 3457.It Va cron_flags 3458.Pq Vt str 3459If 3460.Va cron_enable 3461is set to 3462.Dq Li YES , 3463these are the flags to pass to 3464.Xr cron 8 . 3465.It Va cron_dst 3466.Pq Vt bool 3467If set to 3468.Dq Li YES , 3469enable the special handling of transitions to and from the 3470Daylight Saving Time in 3471.Xr cron 8 3472(equivalent to using the flag 3473.Fl s ) . 3474.It Va lpd_program 3475.Pq Vt str 3476Path to 3477.Xr lpd 8 3478(default 3479.Pa /usr/sbin/lpd ) . 3480.It Va lpd_enable 3481.Pq Vt bool 3482If set to 3483.Dq Li YES , 3484run the 3485.Xr lpd 8 3486daemon at system boot time. 3487.It Va lpd_flags 3488.Pq Vt str 3489If 3490.Va lpd_enable 3491is set to 3492.Dq Li YES , 3493these are the flags to pass to the 3494.Xr lpd 8 3495daemon. 3496.It Va chkprintcap_enable 3497.Pq Vt bool 3498If set to 3499.Dq Li YES , 3500run the 3501.Xr chkprintcap 8 3502command before starting the 3503.Xr lpd 8 3504daemon. 3505.It Va chkprintcap_flags 3506.Pq Vt str 3507If 3508.Va lpd_enable 3509and 3510.Va chkprintcap_enable 3511are set to 3512.Dq Li YES , 3513these are the flags to pass to the 3514.Xr chkprintcap 8 3515program. 3516The default is 3517.Dq Li -d , 3518which causes missing directories to be created. 3519.It Va mta_start_script 3520.Pq Vt str 3521This variable specifies the full path to the script to run to start 3522a mail transfer agent. 3523The default is 3524.Pa /etc/rc.sendmail . 3525The 3526.Va sendmail_* 3527variables which 3528.Pa /etc/rc.sendmail 3529uses are documented in the 3530.Xr rc.sendmail 8 3531manual page. 3532.It Va dumpdev 3533.Pq Vt str 3534Indicates the device (usually a swap partition) to which a crash dump 3535should be written in the event of a system crash. 3536If the value of this variable is 3537.Dq Li AUTO , 3538the first suitable swap device listed in 3539.Pa /etc/fstab 3540will be used as dump device. 3541Otherwise, the value of this variable is passed as the argument to 3542.Xr dumpon 8 3543and 3544.Xr savecore 8 . 3545To disable crash dumps, set this variable to 3546.Dq Li NO . 3547.It Va dumpon_flags 3548.Pq Vt str 3549Flags to pass to 3550.Xr dumpon 8 3551when configuring 3552.Va dumpdev 3553as the system dump device. 3554.It Va dumpdir 3555.Pq Vt str 3556When the system reboots after a crash and a crash dump is found on the 3557device specified by the 3558.Va dumpdev 3559variable, 3560.Xr savecore 8 3561will save that crash dump and a copy of the kernel to the directory 3562specified by the 3563.Va dumpdir 3564variable. 3565The default value is 3566.Pa /var/crash . 3567Set to 3568.Dq Li NO 3569to not run 3570.Xr savecore 8 3571at boot time when 3572.Va dumpdir 3573is set. 3574.It Va savecore_enable 3575.Pq Vt bool 3576If set to 3577.Dq Li NO , 3578disable automatic extraction of the crash dump from the 3579.Va dumpdev . 3580.It Va savecore_flags 3581.Pq Vt str 3582If crash dumps are enabled, these are the flags to pass to the 3583.Xr savecore 8 3584utility. 3585.It Va quota_enable 3586.Pq Vt bool 3587Set to 3588.Dq Li YES 3589to turn on user and group disk quotas on system startup via the 3590.Xr quotaon 8 3591command for all file systems marked as having quotas enabled in 3592.Pa /etc/fstab . 3593The kernel must be built with 3594.Cd "options QUOTA" 3595for disk quotas to function. 3596.It Va check_quotas 3597.Pq Vt bool 3598Set to 3599.Dq Li YES 3600to enable user and group disk quota checking via the 3601.Xr quotacheck 8 3602command. 3603.It Va quotacheck_flags 3604.Pq Vt str 3605If 3606.Va quota_enable 3607is set to 3608.Dq Li YES , 3609and 3610.Va check_quotas 3611is set to 3612.Dq Li YES , 3613these are the flags to pass to the 3614.Xr quotacheck 8 3615utility. 3616The default is 3617.Dq Li "-a" , 3618which checks quotas for all file systems with quotas enabled in 3619.Pa /etc/fstab . 3620.It Va quotaon_flags 3621.Pq Vt str 3622If 3623.Va quota_enable 3624is set to 3625.Dq Li YES , 3626these are the flags to pass to the 3627.Xr quotaon 8 3628utility. 3629The default is 3630.Dq Li "-a" , 3631which enables quotas for all file systems with quotas enabled in 3632.Pa /etc/fstab . 3633.It Va quotaoff_flags 3634.Pq Vt str 3635If 3636.Va quota_enable 3637is set to 3638.Dq Li YES , 3639these are the flags to pass to the 3640.Xr quotaoff 8 3641utility when shutting down the quota system. 3642The default is 3643.Dq Li "-a" , 3644which disables quotas for all file systems with quotas enabled in 3645.Pa /etc/fstab . 3646.It Va accounting_enable 3647.Pq Vt bool 3648Set to 3649.Dq Li YES 3650to enable system accounting through the 3651.Xr accton 8 3652facility. 3653.It Va firstboot_sentinel 3654.Pq Vt str 3655This variable specifies the full path to a 3656.Dq first boot 3657sentinel file. 3658If a file exists with this path, 3659.Pa rc.d 3660scripts with the 3661.Dq firstboot 3662keyword will be run on startup and the sentinel file will be deleted 3663after the boot process completes. 3664The sentinel file must be located on a writable file system which is 3665mounted no later than 3666.Va early_late_divider 3667to function properly. 3668The default is 3669.Pa /firstboot . 3670.It Va linux_enable 3671.Pq Vt bool 3672Set to 3673.Dq Li YES 3674to enable Linux/ELF binary emulation at system initial 3675boot time. 3676.It Va sysvipc_enable 3677.Pq Vt bool 3678If set to 3679.Dq Li YES , 3680load System V IPC primitives at boot time. 3681.It Va clear_tmp_enable 3682.Pq Vt bool 3683Set to 3684.Dq Li YES 3685to have 3686.Pa /tmp 3687cleaned at startup. 3688.It Va clear_tmp_X 3689.Pq Vt bool 3690Set to 3691.Dq Li NO 3692to disable removing of X11 lock files, 3693and the removal and (secure) recreation 3694of the various socket directories for X11 3695related programs. 3696.It Va ldconfig_paths 3697.Pq Vt str 3698Set to the list of shared library paths to use with 3699.Xr ldconfig 8 . 3700NOTE: 3701.Pa /lib 3702and 3703.Pa /usr/lib 3704will always be added first, so they need not appear in this list. 3705.It Va ldconfig32_paths 3706.Pq Vt str 3707Set to the list of 32-bit compatibility shared library paths to 3708use with 3709.Xr ldconfig 8 . 3710.It Va ldconfig_insecure 3711.Pq Vt bool 3712The 3713.Xr ldconfig 8 3714utility normally refuses to use directories 3715which are writable by anyone except root. 3716Set this variable to 3717.Dq Li YES 3718to disable that security check during system startup. 3719.It Va ldconfig_local_dirs 3720.Pq Vt str 3721Set to the list of local 3722.Xr ldconfig 8 3723directories. 3724The names of all files in the directories listed will be 3725passed as arguments to 3726.Xr ldconfig 8 . 3727.It Va ldconfig_local32_dirs 3728.Pq Vt str 3729Set to the list of local 32-bit compatibility 3730.Xr ldconfig 8 3731directories. 3732The names of all files in the directories listed will be 3733passed as arguments to 3734.Dq Nm ldconfig Fl 32 . 3735.It Va kern_securelevel_enable 3736.Pq Vt bool 3737Set to 3738.Dq Li YES 3739to set the kernel security level at system startup. 3740.It Va kern_securelevel 3741.Pq Vt int 3742The kernel security level to set at startup. 3743The allowed range of 3744.Ar value 3745ranges from \-1 (the compile time default) to 3 (the 3746most secure). 3747See 3748.Xr security 7 3749for the list of possible security levels and their effect 3750on system operation. 3751.It Va sshd_program 3752.Pq Vt str 3753Path to the SSH server program 3754.Pa ( /usr/sbin/sshd 3755is the default). 3756.It Va sshd_enable 3757.Pq Vt bool 3758Set to 3759.Dq Li YES 3760to start 3761.Xr sshd 8 3762at system boot time. 3763.It Va sshd_flags 3764.Pq Vt str 3765If 3766.Va sshd_enable 3767is set to 3768.Dq Li YES , 3769these are the flags to pass to the 3770.Xr sshd 8 3771daemon. 3772.It Va ftpd_program 3773.Pq Vt str 3774Path to the FTP server program 3775.Pa ( /usr/libexec/ftpd 3776is the default). 3777.It Va ftpd_enable 3778.Pq Vt bool 3779Set to 3780.Dq Li YES 3781to start 3782.Xr ftpd 8 3783as a stand-alone daemon at system boot time. 3784.It Va ftpd_flags 3785.Pq Vt str 3786If 3787.Va ftpd_enable 3788is set to 3789.Dq Li YES , 3790these are the additional flags to pass to the 3791.Xr ftpd 8 3792daemon. 3793.It Va watchdogd_enable 3794.Pq Vt bool 3795If set to 3796.Dq Li YES , 3797start the 3798.Xr watchdogd 8 3799daemon at boot time. 3800This requires that the kernel have been compiled with a 3801.Xr watchdog 4 3802compatible device. 3803.It Va watchdogd_flags 3804.Pq Vt str 3805If 3806.Va watchdogd_enable 3807is set to 3808.Dq Li YES , 3809these are the flags passed to the 3810.Xr watchdogd 8 3811daemon. 3812.It Va watchdogd_timeout 3813.Pq Vt int 3814If 3815.Va watchdogd_enable 3816is set to 3817.Dq Li YES , 3818this is a timeout that will be used by the 3819.Xr watchdogd 8 3820daemon. 3821If this option is set, it overrides 3822.Fl t 3823in 3824.Va watchdogd_flags . 3825.It Va watchdogd_shutdown_timeout 3826.Pq Vt int 3827If 3828.Va watchdogd_enable 3829is set to 3830.Dq Li YES , 3831this is a timeout that will be set by the 3832.Xr watchdogd 8 3833daemon when it exits during the system shutdown. 3834This timeout will not be set when returning to the single-user mode 3835or when the watchdogd service is stopped individually using the 3836.Xr service 8 3837command or the rc.d script. 3838Note that the timeout will be applied if 3839.Xr watchdogd 8 3840is stopped outside of 3841.Xr rc 8 3842framework. 3843If this option is set, it overrides 3844.Fl x 3845in 3846.Va watchdogd_flags . 3847.It Va devfs_rulesets 3848.Pq Vt str 3849List of files containing sets of rules for 3850.Xr devfs 8 . 3851.It Va devfs_system_ruleset 3852.Pq Vt str 3853Rule name(s) to apply to the system 3854.Pa /dev 3855itself. 3856.It Va devfs_set_rulesets 3857.Pq Vt str 3858Pairs of already-mounted 3859.Pa dev 3860directories and rulesets that should be applied to them. 3861For example: /mount/dev=ruleset_name 3862.It Va devfs_load_rulesets 3863.Pq Vt bool 3864If set, always load the default rulesets listed in 3865.Va devfs_rulesets . 3866.It Va performance_cx_lowest 3867.Pq Vt str 3868CPU idle state to use while on AC power. 3869The string 3870.Dq Li LOW 3871indicates that 3872.Xr acpi 4 3873should use the lowest power state available while 3874.Dq Li HIGH 3875indicates that the lowest latency state (less power savings) should be used. 3876.It Va performance_cpu_freq 3877.Pq Vt str 3878CPU clock frequency to use while on AC power. 3879The string 3880.Dq Li LOW 3881indicates that 3882.Xr cpufreq 4 3883should use the lowest frequency available while 3884.Dq Li HIGH 3885indicates that the highest frequency (less power savings) should be used. 3886.It Va economy_cx_lowest 3887.Pq Vt str 3888CPU idle state to use when off AC power. 3889The string 3890.Dq Li LOW 3891indicates that 3892.Xr acpi 4 3893should use the lowest power state available while 3894.Dq Li HIGH 3895indicates that the lowest latency state (less power savings) should be used. 3896.It Va economy_cpu_freq 3897.Pq Vt str 3898CPU clock frequency to use when off AC power. 3899The string 3900.Dq Li LOW 3901indicates that 3902.Xr cpufreq 4 3903should use the lowest frequency available while 3904.Dq Li HIGH 3905indicates that the highest frequency (less power savings) should be used. 3906.It Va jail_enable 3907.Pq Vt bool 3908If set to 3909.Dq Li NO , 3910any configured jails will not be started. 3911.It Va jail_conf 3912.Pq Vt str 3913The configuration filename used by 3914.Xr jail 8 3915utility. 3916The default value is 3917.Pa /etc/jail.conf . 3918.Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf 3919and 3920.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf 3921will also be used if 3922.Va Ao Ar jname Ac Va 3923is set in 3924.Va jail_list . 3925.It Va jail_parallel_start 3926.Pq Vt bool 3927If set to 3928.Dq Li YES , 3929all configured jails will be started in the background (in parallel). 3930.It Va jail_flags 3931.Pq Vt str 3932Unset by default. 3933When set, use as default value for 3934.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3935for every jail in 3936.Va jail_list . 3937.It Va jail_list 3938.Pq Vt str 3939A space-delimited list of jail names. 3940When left empty, all of the 3941.Xr jail 8 3942instances defined in the configuration file are started. 3943The names specified in this list control the jail startup order. 3944.Xr jail 8 3945instances missing from 3946.Va jail_list 3947must be started manually. 3948Note that a jail's 3949.Va depend 3950parameter in the configuration file may override this list. 3951.It Va jail_reverse_stop 3952.Pq Vt bool 3953When set to 3954.Dq Li YES , 3955all configured jails in 3956.Va jail_list 3957are stopped in reverse order. 3958.It Va jail_ Ns * variables 3959Note that older releases supported per-jail configuration via 3960.Nm 3961variables. 3962For example, 3963hostname of a jail named 3964.Li vjail 3965was able to be set by 3966.Li jail_vjail_hostname . 3967These per-jail configuration variables are now obsolete in favor of 3968.Xr jail 8 3969configuration file. 3970For backward compatibility, 3971when per-jail configuration variables are defined, 3972.Xr jail 8 3973configuration files are created as 3974.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 3975and used. 3976.Pp 3977The following per-jail parameters are handled by 3978.Pa rc.d/jail 3979script out of their corresponding 3980.Nm 3981variables. 3982In addition to them, parameters in 3983.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3984will be added to the configuration file. 3985They must be a semi-colon 3986.Pq Ql \&; 3987delimited list of 3988.Dq key=value . 3989For more details, 3990see 3991.Xr jail 8 3992manual page. 3993.Bl -tag -width "host.hostname" -offset indent 3994.It Li path 3995set from 3996.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3997.It Li host.hostname 3998set from 3999.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4000.It Li exec.consolelog 4001set from 4002.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4003The default value is 4004.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4005.It Li interface 4006set from 4007.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4008.It Li vnet.interface 4009set from 4010.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4011This implies 4012.Li vnet 4013parameter will be enabled and cannot be specified with 4014.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4015.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4016and/or 4017.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4018at the same time. 4019.It Li fstab 4020set from 4021.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4022.It Li mount 4023set from 4024.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4025.It Li exec.fib 4026set from 4027.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4028.It Li exec.start 4029set from 4030.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4031The parameter name was 4032.Li command 4033in some older releases. 4034.It Li exec.prestart 4035set from 4036.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4037.It Li exec.poststart 4038set from 4039.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4040.It Li exec.stop 4041set from 4042.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4043.It Li exec.prestop 4044set from 4045.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4046.It Li exec.poststop 4047set from 4048.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4049.It Li ip4.addr 4050set if 4051.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4052or 4053.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4054contain IPv4 addresses 4055.It Li ip6.addr 4056set if 4057.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4058or 4059.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4060contain IPv6 addresses 4061.It Li allow.mount 4062set from 4063.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4064.It Li mount.devfs 4065set from 4066.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4067.It Li devfs_ruleset 4068set from 4069.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4070This must be an integer, 4071not a string. 4072.It Li mount.fdescfs 4073set from 4074.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4075.It Li allow.set_hostname 4076set from 4077.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4078.It Li allow.rawsocket 4079set from 4080.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4081.It Li allow.sysvipc 4082set from 4083.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4084.El 4085.\" ----------------------------------------------------- 4086.It Va harvest_mask 4087.Pq Vt int 4088Set to a bit-mask 4089representing the entropy sources 4090you wish to harvest. 4091Refer to 4092.Xr random 4 4093for more information. 4094.It Va entropy_dir 4095.Pq Vt str 4096Set to 4097.Dq Li NO 4098to disable caching entropy via 4099.Xr cron 8 . 4100Otherwise set to the directory 4101in which the entropy files are stored. 4102To be useful, 4103there must be 4104a system cron job 4105that regularly writes and rotates 4106files here. 4107All files found 4108will be used at boot time. 4109The default is 4110.Pa /var/db/entropy . 4111.It Va entropy_file 4112.Pq Vt str 4113Set to 4114.Dq Li NO 4115to disable caching entropy through reboots. 4116Otherwise set to the name 4117of a file used to store cached entropy. 4118This file should be located 4119on a file system that is readable 4120before all the volumes specified in 4121.Xr fstab 5 4122are mounted. 4123By default, 4124.Pa /entropy 4125is used, 4126but if 4127.Pa /var/db/entropy-file 4128is found it will also be used. 4129This will be of some use to 4130.Xr bsdinstall 8 . 4131.It Va entropy_boot_file 4132.Pq Vt str 4133Set to 4134.Dq Li NO 4135to disable 4136very early caching entropy 4137through reboots. 4138Otherwise set to the filename 4139used to read 4140very early reboot cached entropy. 4141This file should be located where 4142.Xr loader 8 4143can read it. 4144See also 4145.Xr loader.conf 5 . 4146The default location is 4147.Pa /boot/entropy . 4148.It Va entropy_save_sz 4149.Pq Vt int 4150Size of the entropy cache files saved by 4151.Nm save-entropy 4152periodically. 4153.It Va entropy_save_num 4154.Pq Vt int 4155Number of entropy cache files to save by 4156.Nm save-entropy 4157periodically. 4158.It Va ipsec_enable 4159.Pq Vt bool 4160Set to 4161.Dq Li YES 4162to run 4163.Xr setkey 8 4164on 4165.Va ipsec_file 4166at boot time. 4167.It Va ipsec_file 4168.Pq Vt str 4169Configuration file for 4170.Xr setkey 8 . 4171.It Va dmesg_enable 4172.Pq Vt bool 4173Set to 4174.Dq Li YES 4175to save 4176.Xr dmesg 8 4177to 4178.Pa /var/run/dmesg.boot 4179on boot. 4180.It Va rcshutdown_timeout 4181.Pq Vt int 4182If set, start a watchdog timer in the background which will terminate 4183.Pa rc.shutdown 4184if 4185.Xr shutdown 8 4186has not completed within the specified time (in seconds). 4187Notice that in addition to this soft timeout, 4188.Xr init 8 4189also applies a hard timeout for the execution of 4190.Pa rc.shutdown . 4191This is configured via 4192.Xr sysctl 8 4193variable 4194.Va kern.init_shutdown_timeout 4195and defaults to 120 seconds. 4196Setting the value of 4197.Va rcshutdown_timeout 4198to more than 120 seconds will have no effect until the 4199.Xr sysctl 8 4200variable 4201.Va kern.init_shutdown_timeout 4202is also increased. 4203.It Va virecover_enable 4204.Pq Vt bool 4205Set to 4206.Dq Li NO 4207to prevent the system from trying to 4208recover pre-maturely terminated 4209.Xr vi 1 4210sessions. 4211.It Va ugidfw_enable 4212.Pq Vt bool 4213Set to 4214.Dq Li YES 4215to load the 4216.Xr mac_bsdextended 4 4217module upon system initialization and load a default 4218ruleset file. 4219.It Va bsdextended_script 4220.Pq Vt str 4221The default 4222.Xr mac_bsdextended 4 4223ruleset file to load. 4224The default value of this variable is 4225.Pa /etc/rc.bsdextended . 4226.It Va newsyslog_enable 4227.Pq Vt bool 4228If set to 4229.Dq Li YES , 4230run 4231.Xr newsyslog 8 4232command at startup. 4233.It Va newsyslog_flags 4234.Pq Vt str 4235If 4236.Va newsyslog_enable 4237is set to 4238.Dq Li YES , 4239these are the flags to pass to the 4240.Xr newsyslog 8 4241program. 4242The default is 4243.Dq Li -CN , 4244which causes log files flagged with a 4245.Cm C 4246to be created. 4247.It Va mdconfig_md Ns Aq Ar X 4248.Pq Vt str 4249Arguments to 4250.Xr mdconfig 8 4251for 4252.Xr md 4 4253device 4254.Ar X . 4255At minimum a 4256.Fl t Ar type 4257must be specified and either a 4258.Fl s Ar size 4259for malloc or swap backed 4260.Xr md 4 4261devices or a 4262.Fl f Ar file 4263for vnode backed 4264.Xr md 4 4265devices. 4266Note that 4267.Va mdconfig_md Ns Aq Ar X 4268variables are evaluated until one variable is unset or null. 4269.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4270.Pq Vt str 4271Optional arguments passed to 4272.Xr newfs 8 4273to initialize 4274.Xr md 4 4275device 4276.Ar X . 4277.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4278.Pq Vt str 4279An ownership specification passed to 4280.Xr chown 8 4281after the specified 4282.Xr md 4 4283device 4284.Ar X 4285has been mounted. 4286Both the 4287.Xr md 4 4288device and the mount point will be changed. 4289.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4290.Pq Vt str 4291A mode string passed to 4292.Xr chmod 1 4293after the specified 4294.Xr md 4 4295device 4296.Ar X 4297has been mounted. 4298Both the 4299.Xr md 4 4300device and the mount point will be changed. 4301.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4302.Pq Vt str 4303Files to be copied to the mount point of the 4304.Xr md 4 4305device 4306.Ar X 4307after it has been mounted. 4308.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4309.Pq Vt str 4310Command to execute after the specified 4311.Xr md 4 4312device 4313.Ar X 4314has been mounted. 4315Note that the command is passed to 4316.Ic eval 4317and that both 4318.Va _dev 4319and 4320.Va _mp 4321variables can be used to reference respectively the 4322.Xr md 4 4323device and the mount point. 4324Assuming that the 4325.Xr md 4 4326device is 4327.Li md0 , 4328one could set the following: 4329.Bd -literal 4330mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4331.Ed 4332.It Va autobridge_interfaces 4333.Pq Vt str 4334Set to the list of bridge interfaces that will have newly arriving interfaces 4335checked against to be automatically added. 4336If not set to 4337.Dq Li NO 4338then for each whitespace separated 4339.Ar element 4340in the value, a 4341.Va autobridge_ Ns Aq Ar element 4342variable is assumed to exist which has a whitespace separated list of interface 4343names to match, these names can use wildcards. 4344For example: 4345.Bd -literal 4346autobridge_interfaces="bridge0" 4347autobridge_bridge0="tap* dc0 vlan[345]" 4348.Ed 4349.It Va mixer_enable 4350.Pq Vt bool 4351If set to 4352.Dq Li YES , 4353enable support for sound mixer. 4354.It Va hcsecd_enable 4355.Pq Vt bool 4356If set to 4357.Dq Li YES , 4358enable Bluetooth security daemon. 4359.It Va hcsecd_config 4360.Pq Vt str 4361Configuration file for 4362.Xr hcsecd 8 . 4363Default 4364.Pa /etc/bluetooth/hcsecd.conf . 4365.It Va sdpd_enable 4366.Pq Vt bool 4367If set to 4368.Dq Li YES , 4369enable Bluetooth Service Discovery Protocol daemon. 4370.It Va sdpd_control 4371.Pq Vt str 4372Path to 4373.Xr sdpd 8 4374control socket. 4375Default 4376.Pa /var/run/sdp . 4377.It Va sdpd_groupname 4378.Pq Vt str 4379Sets 4380.Xr sdpd 8 4381group to run as after it initializes. 4382Default 4383.Dq Li nobody . 4384.It Va sdpd_username 4385.Pq Vt str 4386Sets 4387.Xr sdpd 8 4388user to run as after it initializes. 4389Default 4390.Dq Li nobody . 4391.It Va bthidd_enable 4392.Pq Vt bool 4393If set to 4394.Dq Li YES , 4395enable Bluetooth Human Interface Device daemon. 4396.It Va bthidd_config 4397.Pq Vt str 4398Configuration file for 4399.Xr bthidd 8 . 4400Default 4401.Pa /etc/bluetooth/bthidd.conf . 4402.It Va bthidd_hids 4403.Pq Vt str 4404Path to a file, where 4405.Xr bthidd 8 4406will store information about known HID devices. 4407Default 4408.Pa /var/db/bthidd.hids . 4409.It Va rfcomm_pppd_server_enable 4410.Pq Vt bool 4411If set to 4412.Dq Li YES , 4413enable Bluetooth RFCOMM PPP wrapper daemon. 4414.It Va rfcomm_pppd_server_profile 4415.Pq Vt str 4416The name of the profile to use from 4417.Pa /etc/ppp/ppp.conf . 4418Multiple profiles can be specified here. 4419Also used to specify per-profile overrides. 4420When the profile name contains any of the characters 4421.Dq Li .-/+ 4422they are translated to 4423.Dq Li _ 4424for the proposes of the override variable names. 4425.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4426.Pq Vt str 4427Overrides local address to listen on. 4428By default 4429.Xr rfcomm_pppd 8 4430will listen on 4431.Dq Li ANY 4432address. 4433The address can be specified as BD_ADDR or name. 4434.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4435.Pq Vt str 4436Overrides local RFCOMM channel to listen on. 4437By default 4438.Xr rfcomm_pppd 8 4439will listen on RFCOMM channel 1. 4440Must set properly if multiple profiles used in the same time. 4441.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4442.Pq Vt bool 4443Tells 4444.Xr rfcomm_pppd 8 4445if it should register Serial Port service on the specified RFCOMM channel. 4446Default 4447.Dq Li NO . 4448.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4449.Pq Vt bool 4450Tells 4451.Xr rfcomm_pppd 8 4452if it should register Dial-Up Networking service on the specified 4453RFCOMM channel. 4454Default 4455.Dq Li NO . 4456.It Va ubthidhci_enable 4457.Pq Vt bool 4458If set to 4459.Dq Li YES , 4460change the USB Bluetooth controller from HID mode to HCI mode. 4461You also need to specify the location of USB Bluetooth controller with the 4462.Va ubthidhci_busnum 4463and 4464.Va ubthidhci_addr 4465variables. 4466.It Va ubthidhci_busnum 4467Bus number where the USB Bluetooth controller is located. 4468Check the output of 4469.Xr usbconfig 8 4470on your system to find this information. 4471.It Va ubthidhci_addr 4472Bus address of the USB Bluetooth controller. 4473Check the output of 4474.Xr usbconfig 8 4475on your system to find this information. 4476.It Va netwait_enable 4477.Pq Vt bool 4478If set to 4479.Dq Li YES , 4480delays the start of network-reliant services until 4481.Va netwait_if 4482is up and ICMP packets to a destination defined in 4483.Va netwait_ip 4484are flowing. 4485Link state is examined first, followed by 4486.Dq Li pinging 4487an IP address to verify network usability. 4488If no destination can be reached or timeouts are exceeded, 4489network services are started anyway with no guarantee that 4490the network is usable. 4491Use of this variable requires both 4492.Va netwait_ip 4493and 4494.Va netwait_if 4495to be set. 4496.It Va netwait_ip 4497.Pq Vt str 4498Empty by default. 4499This variable contains a space-delimited list of IP addresses to 4500.Xr ping 8 . 4501DNS hostnames should not be used as resolution is not guaranteed 4502to be functional at this point. 4503If multiple IP addresses are specified, 4504each will be tried until one is successful or the list is exhausted. 4505.It Va netwait_timeout 4506.Pq Vt int 4507Indicates the total number of seconds to perform a 4508.Dq Li ping 4509against each IP address in 4510.Va netwait_ip , 4511at a rate of one ping per second. 4512If any of the pings are successful, 4513full network connectivity is considered reliable. 4514The default is 60. 4515.It Va netwait_if 4516.Pq Vt str 4517Empty by default. 4518Defines the name of the network interface on which watch for link. 4519.Xr ifconfig 8 4520is used to monitor the interface, looking for 4521.Dq Li status: no carrier . 4522Once gone, the link is considered up. 4523This can be a 4524.Xr vlan 4 4525interface if desired. 4526.It Va netwait_if_timeout 4527.Pq Vt int 4528Defines the total number of seconds to wait for link to become usable, 4529polled at a 1-second interval. 4530The default is 30. 4531.It Va rctl_enable 4532.Pq Vt bool 4533If set to 4534.Dq Li YES , 4535load 4536.Xr rctl 8 4537rules from the defined ruleset. 4538The kernel must be built with 4539.Cd "options RACCT" 4540and 4541.Cd "options RCTL" . 4542.It Va rctl_rules 4543.Pq Vt str 4544Set to 4545.Pa /etc/rctl.conf 4546by default. 4547This variables contains the 4548.Xr rctl.conf 5 4549ruleset to load for 4550.Xr rctl 8 . 4551.It Va iovctl_files 4552.Pq Vt str 4553A space-separated list of configuration files used by 4554.Xr iovctl 8 . 4555The default value is an empty string. 4556.It Va autofs_enable 4557.Pq Vt bool 4558If set to 4559.Dq Li YES , 4560start the 4561.Xr automount 8 4562utility and the 4563.Xr automountd 8 4564and 4565.Xr autounmountd 8 4566daemons at boot time. 4567.It Va automount_flags 4568.Pq Vt str 4569If 4570.Va autofs_enable 4571is set to 4572.Dq Li YES , 4573these are the flags to pass to the 4574.Xr automount 8 4575program. 4576By default no flags are passed. 4577.It Va automountd_flags 4578.Pq Vt str 4579If 4580.Va autofs_enable 4581is set to 4582.Dq Li YES , 4583these are the flags to pass to the 4584.Xr automountd 8 4585daemon. 4586By default no flags are passed. 4587.It Va autounmountd_flags 4588.Pq Vt str 4589If 4590.Va autofs_enable 4591is set to 4592.Dq Li YES , 4593these are the flags to pass to the 4594.Xr autounmountd 8 4595daemon. 4596By default no flags are passed. 4597.It Va ctld_enable 4598.Pq Vt bool 4599If set to 4600.Dq Li YES , 4601start the 4602.Xr ctld 8 4603daemon at boot time. 4604.It Va iscsid_enable 4605.Pq Vt bool 4606If set to 4607.Dq Li YES , 4608start the 4609.Xr iscsid 8 4610daemon at boot time. 4611.It Va iscsictl_enable 4612.Pq Vt bool 4613If set to 4614.Dq Li YES , 4615start the 4616.Xr iscsictl 8 4617utility at boot time. 4618.It Va iscsictl_flags 4619.Pq Vt str 4620If 4621.Va iscsictl_enable 4622is set to 4623.Dq Li YES , 4624these are the flags to pass to the 4625.Xr iscsictl 8 4626program. 4627The default is 4628.Dq Li -Aa , 4629which configures sessions based on the 4630.Pa /etc/iscsi.conf 4631configuration file. 4632.It Va cfumass_enable 4633.Pq Vt bool 4634If set to 4635.Dq Li YES , 4636create and export an USB LUN using 4637.Xr cfumass 4 4638at boot time. 4639.It Va cfumass_dir 4640.Pq Vt str 4641The directory where the files exported by USB LUN are located. 4642The default directory is 4643.Pa /var/cfumass . 4644.It Va service_delete_empty 4645.Pq Vt bool 4646If set to 4647.Dq Li YES , 4648.Ql Li service delete 4649removes empty 4650.Dq Li rc.conf.d 4651files. 4652.It Va zfs_bootonce_activate 4653.Pq Vt bool 4654If set to 4655.Dq Li YES , 4656and a boot environment marked bootonce is successfully booted, 4657it will be made permanently active. 4658.It Va zfskeys_enable 4659.Pq Vt bool 4660If set to 4661.Dq Li YES , 4662enable auto-loading of encryption keys for encrypted ZFS datasets. 4663For every dataset the script will first load the appropriate encryption key 4664and then attempt to unlock the dataset. 4665.Pp 4666The script operates only on datasets which are encrypted with 4667ZFS native encryption 4668and have a ZFS 4669.Dq Li keylocation 4670dataset property beginning with 4671.Dq Li file:// . 4672.It Va zfskeys_datasets 4673.Pq Vt str 4674A whitespace-separated list of ZFS datasets to unlock. 4675The list is empty by default, 4676which means that the script will attempt to unlock all datasets. 4677.It Va zfskeys_timeout 4678.Pq Vt int 4679Define the total number of seconds to wait for the zfskeys script 4680to unlock an encrypted dataset. 4681The default is 10. 4682.El 4683.Sh FILES 4684.Bl -tag -width "/etc/defaults/rc.conf" -compact 4685.It Pa /etc/defaults/rc.conf 4686.It Pa /etc/defaults/vendor.conf 4687.It Pa /etc/rc.conf 4688.It Pa /etc/rc.conf.local 4689.It Pa /etc/rc.conf.d/ 4690.El 4691.Sh SEE ALSO 4692.Xr chmod 1 , 4693.Xr gdb 1 Pq Pa ports/devel/gdb , 4694.Xr info 1 , 4695.Xr kbdcontrol 1 , 4696.Xr limits 1 , 4697.Xr protect 1 , 4698.Xr sh 1 , 4699.Xr umask 1 , 4700.Xr vi 1 , 4701.Xr vidcontrol 1 , 4702.Xr bridge 4 , 4703.Xr dummynet 4 , 4704.Xr ip 4 , 4705.Xr ipf 4 , 4706.Xr ipfw 4 , 4707.Xr ipnat 4 , 4708.Xr kld 4 , 4709.Xr pf 4 , 4710.Xr pflog 4 , 4711.Xr pfsync 4 , 4712.Xr tcp 4 , 4713.Xr udp 4 , 4714.Xr exports 5 , 4715.Xr fstab 5 , 4716.Xr ipf 5 , 4717.Xr ipnat 5 , 4718.Xr jail.conf 5 , 4719.Xr loader.conf 5 , 4720.Xr login.conf 5 , 4721.Xr motd 5 , 4722.Xr newsyslog.conf 5 , 4723.Xr pf.conf 5 , 4724.Xr firewall 7 , 4725.Xr growfs 7 , 4726.Xr security 7 , 4727.Xr tuning 7 , 4728.Xr accton 8 , 4729.Xr apm 8 , 4730.Xr bsdinstall 8 , 4731.Xr bthidd 8 , 4732.Xr chkprintcap 8 , 4733.Xr chown 8 , 4734.Xr cron 8 , 4735.Xr devfs 8 , 4736.Xr dhclient 8 , 4737.Xr ftpd 8 , 4738.Xr geli 8 , 4739.Xr hcsecd 8 , 4740.Xr ifconfig 8 , 4741.Xr inetd 8 , 4742.Xr iovctl 8 , 4743.Xr ipf 8 , 4744.Xr ipfw 8 , 4745.Xr ipnat 8 , 4746.Xr jail 8 , 4747.Xr kldxref 8 , 4748.Xr loader 8 , 4749.Xr lpd 8 , 4750.Xr makewhatis 8 , 4751.Xr mdconfig 8 , 4752.Xr mdmfs 8 , 4753.Xr mixer 8 , 4754.Xr mountd 8 , 4755.Xr moused 8 , 4756.Xr newfs 8 , 4757.Xr newsyslog 8 , 4758.Xr nfsd 8 , 4759.Xr ntpd 8 , 4760.Xr ntpdate 8 , 4761.Xr pfctl 8 , 4762.Xr pflogd 8 , 4763.Xr ping 8 , 4764.Xr powerd 8 , 4765.Xr quotacheck 8 , 4766.Xr quotaon 8 , 4767.Xr rc 8 , 4768.Xr rc.sendmail 8 , 4769.Xr rc.subr 8 , 4770.Xr rcorder 8 , 4771.Xr rfcomm_pppd 8 , 4772.Xr route 8 , 4773.Xr routed 8 , 4774.Xr rpc.lockd 8 , 4775.Xr rpc.statd 8 , 4776.Xr rpc.tlsclntd 8 , 4777.Xr rpc.tlsservd 8 , 4778.Xr rpcbind 8 , 4779.Xr rwhod 8 , 4780.Xr savecore 8 , 4781.Xr sdpd 8 , 4782.Xr service 8 , 4783.Xr sshd 8 , 4784.Xr swapon 8 , 4785.Xr sysctl 8 , 4786.Xr syslogd 8 , 4787.Xr sysrc 8 , 4788.Xr unbound 8 , 4789.Xr usbconfig 8 , 4790.Xr wlandebug 8 , 4791.Xr yp 8 , 4792.Xr ypbind 8 , 4793.Xr ypserv 8 , 4794.Xr ypset 8 4795.Sh HISTORY 4796The 4797.Nm 4798file appeared in 4799.Fx 2.2.2 . 4800.Sh AUTHORS 4801.An Jordan K. Hubbard . 4802