1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd February 15, 2014 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66In addition to 67.Pa /etc/rc.conf.local 68you can also place smaller configuration files for each 69.Xr rc 8 70script in the 71.Pa /etc/rc.conf.d 72directory, which will be included by the 73.Va load_rc_config 74function. 75For jail configurations you could use the file 76.Pa /etc/rc.conf.d/jail 77to store jail specific configuration options. 78Also see the 79.Va rc_conf_files 80variable below. 81.Pp 82Options are set with 83.Dq Ar name Ns Li = Ns Ar value 84assignments that use 85.Xr sh 1 86syntax. 87The following list provides a name and short description for each 88variable that can be set in the 89.Nm 90file: 91.Bl -tag -width indent-two 92.It Va rc_debug 93.Pq Vt bool 94If set to 95.Dq Li YES , 96enable output of debug messages from rc scripts. 97This variable can be helpful in diagnosing mistakes when 98editing or integrating new scripts. 99Beware that this produces copious output to the terminal and 100.Xr syslog 3 . 101.It Va rc_info 102.Pq Vt bool 103If set to 104.Dq Li NO , 105disable informational messages from the rc scripts. 106Informational messages are displayed when 107a condition that is not serious enough to warrant a warning or 108an error occurs. 109.It Va rc_startmsgs 110.Pq Vt bool 111If set to 112.Dq Li YES , 113show 114.Dq Starting foo: 115when faststart is used (e.g., at boot time). 116.It Va early_late_divider 117.Pq Vt str 118The name of the script that should be used as the 119delimiter between the 120.Dq early 121and 122.Dq late 123stages of the boot process. 124The early stage should contain all the services needed to 125get the disks (local or remote) mounted so that the late 126stage can include scripts contained in the directories 127listed in the 128.Va local_startup 129variable (see below). 130Thus, the two likely candidates for this value are 131.Pa mountcritlocal 132for the typical system, and 133.Pa mountcritremote 134if the system needs remote file 135systems mounted to get access to the 136.Va local_startup 137directories; for example when 138.Pa /usr/local 139is NFS mounted. 140For 141.Pa rc.conf 142within a 143.Xr jail 8 144.Pa NETWORKING 145is likely to be an appropriate value. 146Extreme care should be taken when changing this value, 147and before changing it one should ensure that there are 148adequate provisions to recover from a failed boot 149(such as physical contact with the machine, 150or reliable remote console access). 151.It Va always_force_depends 152.Pq Vt bool 153Various 154.Pa rc.d 155scripts use the force_depend function to check whether required 156services are already running, and to start them if necessary. 157By default during boot time this check is bypassed if the 158required service is enabled in 159.Pa /etc/rc.conf[.local] . 160Setting this option will bypass that check at boot time and 161always test whether or not the service is actually running. 162Enabling this option is likely to increase your boot time if 163services are enabled that utilize the force_depend check. 164.It Ao Ar name Ac Ns Va _chroot 165.Pq Vt str 166.Xr chroot 167to this directory before running the service. 168.It Ao Ar name Ac Ns Va _user 169.Pq Vt str 170Run the service under this user account. 171.It Ao Ar name Ac Ns Va _group 172.Pq Vt str 173Run the chrooted service under this system group. Unlike the _user 174setting, this setting has no effect if the service is not chrooted. 175.It Ao Ar name Ac Ns Va _fib 176.Pq Vt int 177The 178.Xr setfib 1 179value to run the service under. 180.It Ao Ar name Ac Ns Va _nice 181.Pq Vt int 182The 183.Xr nice 1 184value to run the service under. 185.It Va apm_enable 186.Pq Vt bool 187If set to 188.Dq Li YES , 189enable support for Automatic Power Management with 190the 191.Xr apm 8 192command. 193.It Va apmd_enable 194.Pq Vt bool 195Run 196.Xr apmd 8 197to handle APM event from userland. 198This also enables support for APM. 199.It Va apmd_flags 200.Pq Vt str 201If 202.Va apmd_enable 203is set to 204.Dq Li YES , 205these are the flags to pass to the 206.Xr apmd 8 207daemon. 208.It Va devd_enable 209.Pq Vt bool 210Run 211.Xr devd 8 212to handle device added, removed or unknown events from the kernel. 213.It Va ddb_enable 214.Pq Vt bool 215Run 216.Xr ddb 8 217to install 218.Xr ddb 4 219scripts at boot time. 220.It Va ddb_config 221.Pq Vt str 222Configuration file for 223.Xr ddb 8 . 224Default 225.Pa /etc/ddb.conf . 226.It Va kld_list 227.Pq Vt str 228A list of kernel modules to load right after the local 229disks are mounted. 230Loading modules at this point in the boot process is 231much faster than doing it via 232.Pa /boot/loader.conf 233for those modules not necessary for mounting local disk. 234.It Va kldxref_enable 235.Pq Vt bool 236Set to 237.Dq Li NO 238by default. 239Set to 240.Dq Li YES 241to automatically rebuild 242.Pa linker.hints 243files with 244.Xr kldxref 8 245at boot time. 246.It Va kldxref_clobber 247.Pq Vt bool 248Set to 249.Dq Li NO 250by default. 251If 252.Va kldxref_enable 253is true, 254setting to 255.Dq Li YES 256will overwrite existing 257.Pa linker.hints 258files at boot time. 259Otherwise, 260only missing 261.Pa linker.hints 262files are generated. 263.It Va kldxref_module_path 264.Pq Vt str 265Empty by default. 266A semi-colon 267.Pq Ql \&; 268delimited list of paths containing 269.Xr kld 4 270modules. 271If empty, 272the contents of the 273.Va kern.module_path 274.Xr sysctl 8 275are used. 276.It Va powerd_enable 277.Pq Vt bool 278If set to 279.Dq Li YES , 280enable the system power control facility with the 281.Xr powerd 8 282daemon. 283.It Va powerd_flags 284.Pq Vt str 285If 286.Va powerd_enable 287is set to 288.Dq Li YES , 289these are the flags to pass to the 290.Xr powerd 8 291daemon. 292.It Va tmpmfs 293Controls the creation of a 294.Pa /tmp 295memory file system. 296Always happens if set to 297.Dq Li YES 298and never happens if set to 299.Dq Li NO . 300If set to anything else, a memory file system is created if 301.Pa /tmp 302is not writable. 303.It Va tmpsize 304Controls the size of a created 305.Pa /tmp 306memory file system. 307.It Va tmpmfs_flags 308Extra options passed to the 309.Xr mdmfs 8 310utility when the memory file system for 311.Pa /tmp 312is created. 313The default is 314.Dq Li "-S" , 315which inhibits the use of softupdates on 316.Pa /tmp 317so that file system space is freed without delay 318after file truncation or deletion. 319See 320.Xr mdmfs 8 321for other options you can use in 322.Va tmpmfs_flags . 323.It Va varmfs 324Controls the creation of a 325.Pa /var 326memory file system. 327Always happens if set to 328.Dq Li YES 329and never happens if set to 330.Dq Li NO . 331If set to anything else, a memory file system is created if 332.Pa /var 333is not writable. 334.It Va varsize 335Controls the size of a created 336.Pa /var 337memory file system. 338.It Va varmfs_flags 339Extra options passed to the 340.Xr mdmfs 8 341utility when the memory file system for 342.Pa /var 343is created. 344The default is 345.Dq Li "-S" , 346which inhibits the use of softupdates on 347.Pa /var 348so that file system space is freed without delay 349after file truncation or deletion. 350See 351.Xr mdmfs 8 352for other options you can use in 353.Va varmfs_flags . 354.It Va populate_var 355Controls the automatic population of the 356.Pa /var 357file system. 358Always happens if set to 359.Dq Li YES 360and never happens if set to 361.Dq Li NO . 362If set to anything else, a memory file system is created if 363.Pa /var 364is not writable. 365Note that this process requires access to certain commands in 366.Pa /usr 367before 368.Pa /usr 369is mounted on normal systems. 370.It Va cleanvar_enable 371.Pq Vt bool 372Clean the 373.Pa /var 374directory. 375.It Va local_startup 376.Pq Vt str 377List of directories to search for startup script files. 378.It Va script_name_sep 379.Pq Vt str 380The field separator to use for breaking down the list of startup script files 381into individual filenames. 382The default is a space. 383It is not necessary to change this unless there are startup scripts with names 384containing spaces. 385.It Va hostapd_enable 386.Pq Vt bool 387Set to 388.Dq Li YES 389to start 390.Xr hostapd 8 391at system boot time. 392.It Va hostname 393.Pq Vt str 394The fully qualified domain name (FQDN) of this host on the network. 395This should almost certainly be set to something meaningful, even if 396there is no network connection. 397If 398.Xr dhclient 8 399is used to set the hostname via DHCP, 400this variable should be set to an empty string. 401If this value remains unset when the system is done booting 402your console login will display the default hostname of 403.Dq Amnesiac . 404.It Va nisdomainname 405.Pq Vt str 406The NIS domain name of this host, or 407.Dq Li NO 408if NIS is not used. 409.It Va dhclient_program 410.Pq Vt str 411Path to the DHCP client program 412.Pa ( /sbin/dhclient , 413the 414.Ox 415DHCP client, 416is the default). 417.It Va dhclient_flags 418.Pq Vt str 419Additional flags to pass to the DHCP client program. 420For the 421.Ox 422DHCP client, see the 423.Xr dhclient 8 424manpage for a description of the command line options available. 425.It Va dhclient_flags_ Ns Aq Ar iface 426Additional flags to pass to the DHCP client program running on 427.Ar iface 428only. 429When specified, this variable overrides 430.Va dhclient_flags . 431.It Va background_dhclient 432.Pq Vt bool 433Set to 434.Dq Li YES 435to start the DHCP client in background. 436This can cause trouble with applications depending on 437a working network, but it will provide a faster startup 438in many cases. 439.It Va background_dhclient_ Ns Aq Ar iface 440When specified, this variable overrides the 441.Va background_dhclient 442variable for interface 443.Ar iface 444only. 445.It Va synchronous_dhclient 446.Pq Vt bool 447Set to 448.Dq Li YES 449to start 450.Xr dhclient 8 451synchronously at startup. 452This behavior can be overridden on a per-interface basis by replacing 453the 454.Dq Li DHCP 455keyword in the 456.Va ifconfig_ Ns Aq Ar interface 457variable with 458.Dq Li SYNCDHCP 459or 460.Dq Li NOSYNCDHCP . 461.It Va defaultroute_delay 462.Pq Vt int 463When set to a positive value, wait up to this long after configuring 464DHCP interfaces at startup to give the interfaces time to receive a lease. 465.It Va firewall_enable 466.Pq Vt bool 467Set to 468.Dq Li YES 469to load firewall rules at startup. 470If the kernel was not built with 471.Cd "options IPFIREWALL" , 472the 473.Pa ipfw.ko 474kernel module will be loaded. 475See also 476.Va ipfilter_enable . 477.It Va firewall_script 478.Pq Vt str 479This variable specifies the full path to the firewall script to run. 480The default is 481.Pa /etc/rc.firewall . 482.It Va firewall_type 483.Pq Vt str 484Names the firewall type from the selection in 485.Pa /etc/rc.firewall , 486or the file which contains the local firewall ruleset. 487Valid selections from 488.Pa /etc/rc.firewall 489are: 490.Pp 491.Bl -tag -width ".Li simple" -compact 492.It Li open 493unrestricted IP access 494.It Li closed 495all IP services disabled, except via 496.Dq Li lo0 497.It Li client 498basic protection for a workstation 499.It Li simple 500basic protection for a LAN. 501.El 502.Pp 503If a filename is specified, the full path 504must be given. 505.It Va firewall_quiet 506.Pq Vt bool 507Set to 508.Dq Li YES 509to disable the display of firewall rules on the console during boot. 510.It Va firewall_logging 511.Pq Vt bool 512Set to 513.Dq Li YES 514to enable firewall event logging. 515This is equivalent to the 516.Dv IPFIREWALL_VERBOSE 517kernel option. 518.It Va firewall_logif 519.Pq Vt bool 520Set to 521.Dq Li YES 522to create pseudo interface 523.Li ipfw0 524for logging. 525For more details, see 526.Xr ipfw 8 527manual page. 528.It Va firewall_flags 529.Pq Vt str 530Flags passed to 531.Xr ipfw 8 532if 533.Va firewall_type 534specifies a filename. 535.It Va firewall_coscripts 536.Pq Vt str 537List of executables and/or rc scripts to run after firewall starts/stops. 538Default is empty. 539.\" ----- firewall_nat_enable setting -------------------------------- 540.It Va firewall_nat_enable 541.Pq Vt bool 542The 543.Xr ipfw 8 544equivalent of 545.Va natd_enable . 546Setting this to 547.Dq Li YES 548enables kernel NAT. 549.Va firewall_enable 550must also be set to 551.Dq Li YES . 552.It Va firewall_nat_interface 553.Pq Vt str 554The 555.Xr ipfw 8 556equivalent of 557.Va natd_interface . 558This is the name of the public interface or IP address on which 559kernel NAT should run. 560.It Va firewall_nat_flags 561.Pq Vt str 562Additional configuration parameters for kernel NAT should be placed here. 563.It Va dummynet_enable 564.Pq Vt bool 565Setting this to 566.Dq Li YES 567will automatically load the 568.Xr dummynet 4 569module if 570.Va firewall_enable 571is also set to 572.Dq Li YES . 573.\" ------------------------------------------------------------------- 574.It Va natd_program 575.Pq Vt str 576Path to 577.Xr natd 8 . 578.It Va natd_enable 579.Pq Vt bool 580Set to 581.Dq Li YES 582to enable 583.Xr natd 8 . 584.Va firewall_enable 585must also be set to 586.Dq Li YES , 587and 588.Xr divert 4 589sockets must be enabled in the kernel. 590If the kernel was not built with 591.Cd "options IPDIVERT" , 592the 593.Pa ipdivert.ko 594kernel module will be loaded. 595.It Va natd_interface 596.Pq Vt str 597This is the name of the public interface on which 598.Xr natd 8 599should run. 600The interface may be given as an interface name or as an IP address. 601.It Va natd_flags 602.Pq Vt str 603Additional 604.Xr natd 8 605flags should be placed here. 606The 607.Fl n 608or 609.Fl a 610flag is automatically added with the above 611.Va natd_interface 612as an argument. 613.\" ----- ipfilter_enable setting -------------------------------- 614.It Va ipfilter_enable 615.Pq Vt bool 616Set to 617.Dq Li NO 618by default. 619Setting this to 620.Dq Li YES 621enables 622.Xr ipf 8 623packet filtering. 624.Pp 625Typical usage will require putting 626.Bd -literal 627ipfilter_enable="YES" 628ipnat_enable="YES" 629ipmon_enable="YES" 630ipfs_enable="YES" 631.Ed 632.Pp 633into 634.Pa /etc/rc.conf 635and editing 636.Pa /etc/ipf.rules 637and 638.Pa /etc/ipnat.rules 639appropriately. 640.Pp 641Note that 642.Va ipfilter_enable 643and 644.Va ipnat_enable 645can be enabled independently. 646.Va ipmon_enable 647and 648.Va ipfs_enable 649both require at least one of 650.Va ipfilter_enable 651and 652.Va ipnat_enable 653to be enabled. 654.Pp 655Having 656.Bd -literal 657options IPFILTER 658options IPFILTER_LOG 659options IPFILTER_DEFAULT_BLOCK 660.Ed 661.Pp 662in the kernel configuration file is a good idea, too. 663.\" ----- ipfilter_program setting ------------------------------ 664.It Va ipfilter_program 665.Pq Vt str 666Path to 667.Xr ipf 8 668(default 669.Pa /sbin/ipf ) . 670.\" ----- ipfilter_rules setting -------------------------------- 671.It Va ipfilter_rules 672.Pq Vt str 673Set to 674.Pa /etc/ipf.rules 675by default. 676This variable contains the name of the filter rule definition file. 677The file is expected to be readable for the 678.Xr ipf 8 679command to execute. 680.\" ----- ipv6_ipfilter_rules setting --------------------------- 681.It Va ipv6_ipfilter_rules 682.Pq Vt str 683Set to 684.Pa /etc/ipf6.rules 685by default. 686This variable contains the IPv6 filter rule definition file. 687The file is expected to be readable for the 688.Xr ipf 8 689command to execute. 690.\" ----- ipfilter_flags setting -------------------------------- 691.It Va ipfilter_flags 692.Pq Vt str 693Empty by default. 694This variable contains flags passed to the 695.Xr ipf 8 696program. 697.\" ----- ipnat_enable setting ---------------------------------- 698.It Va ipnat_enable 699.Pq Vt bool 700Set to 701.Dq Li NO 702by default. 703Set it to 704.Dq Li YES 705to enable 706.Xr ipnat 8 707network address translation. 708See 709.Va ipfilter_enable 710for a detailed discussion. 711.\" ----- ipnat_program setting --------------------------------- 712.It Va ipnat_program 713.Pq Vt str 714Path to 715.Xr ipnat 8 716(default 717.Pa /sbin/ipnat ) . 718.\" ----- ipnat_rules setting ----------------------------------- 719.It Va ipnat_rules 720.Pq Vt str 721Set to 722.Pa /etc/ipnat.rules 723by default. 724This variable contains the name of the file 725holding the network address translation definition. 726This file is expected to be readable for the 727.Xr ipnat 8 728command to execute. 729.\" ----- ipnat_flags setting ----------------------------------- 730.It Va ipnat_flags 731.Pq Vt str 732Empty by default. 733This variable contains flags passed to the 734.Xr ipnat 8 735program. 736.\" ----- ipmon_enable setting ---------------------------------- 737.It Va ipmon_enable 738.Pq Vt bool 739Set to 740.Dq Li NO 741by default. 742Set it to 743.Dq Li YES 744to enable 745.Xr ipmon 8 746monitoring (logging 747.Xr ipf 8 748and 749.Xr ipnat 8 750events). 751Setting this variable needs setting 752.Va ipfilter_enable 753or 754.Va ipnat_enable 755too. 756See 757.Va ipfilter_enable 758for a detailed discussion. 759.\" ----- ipmon_program setting --------------------------------- 760.It Va ipmon_program 761.Pq Vt str 762Path to 763.Xr ipmon 8 764(default 765.Pa /sbin/ipmon ) . 766.\" ----- ipmon_flags setting ----------------------------------- 767.It Va ipmon_flags 768.Pq Vt str 769Set to 770.Dq Li -Ds 771by default. 772This variable contains flags passed to the 773.Xr ipmon 8 774program. 775Another typical example would be 776.Dq Fl D Pa /var/log/ipflog 777to have 778.Xr ipmon 8 779log directly to a file bypassing 780.Xr syslogd 8 . 781Make sure to adjust 782.Pa /etc/newsyslog.conf 783in such case like this: 784.Bd -literal 785/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 786.Ed 787.\" ----- ipfs_enable setting ----------------------------------- 788.It Va ipfs_enable 789.Pq Vt bool 790Set to 791.Dq Li NO 792by default. 793Set it to 794.Dq Li YES 795to enable 796.Xr ipfs 8 797saving the filter and NAT state tables during shutdown 798and reloading them during startup again. 799Setting this variable needs setting 800.Va ipfilter_enable 801or 802.Va ipnat_enable 803to 804.Dq Li YES 805too. 806See 807.Va ipfilter_enable 808for a detailed discussion. 809Note that if 810.Va kern_securelevel 811is set to 3, 812.Va ipfs_enable 813cannot be used 814because the raised securelevel will prevent 815.Xr ipfs 8 816from saving the state tables at shutdown time. 817.\" ----- ipfs_program setting ---------------------------------- 818.It Va ipfs_program 819.Pq Vt str 820Path to 821.Xr ipfs 8 822(default 823.Pa /sbin/ipfs ) . 824.\" ----- ipfs_flags setting ------------------------------------ 825.It Va ipfs_flags 826.Pq Vt str 827Empty by default. 828This variable contains flags passed to the 829.Xr ipfs 8 830program. 831.\" ----- end of added ipf hook --------------------------------- 832.It Va pf_enable 833.Pq Vt bool 834Set to 835.Dq Li NO 836by default. 837Setting this to 838.Dq Li YES 839enables 840.Xr pf 4 841packet filtering. 842.Pp 843Typical usage will require putting 844.Pp 845.Dl pf_enable="YES" 846.Pp 847into 848.Pa /etc/rc.conf 849and editing 850.Pa /etc/pf.conf 851appropriately. 852Adding 853.Pp 854.Dl "device pf" 855.Pp 856builds support for 857.Xr pf 4 858into the kernel, otherwise the 859kernel module will be loaded. 860.It Va pf_rules 861.Pq Vt str 862Path to 863.Xr pf 4 864ruleset configuration file 865(default 866.Pa /etc/pf.conf ) . 867.It Va pf_program 868.Pq Vt str 869Path to 870.Xr pfctl 8 871(default 872.Pa /sbin/pfctl ) . 873.It Va pf_flags 874.Pq Vt str 875If 876.Va pf_enable 877is set to 878.Dq Li YES , 879these flags are passed to the 880.Xr pfctl 8 881program when loading the ruleset. 882.It Va pflog_enable 883.Pq Vt bool 884Set to 885.Dq Li NO 886by default. 887Setting this to 888.Dq Li YES 889enables 890.Xr pflogd 8 891which logs packets from the 892.Xr pf 4 893packet filter. 894.It Va pflog_logfile 895.Pq Vt str 896If 897.Va pflog_enable 898is set to 899.Dq Li YES 900this controls where 901.Xr pflogd 8 902stores the logfile 903(default 904.Pa /var/log/pflog ) . 905Check 906.Pa /etc/newsyslog.conf 907to adjust logfile rotation for this. 908.It Va pflog_program 909.Pq Vt str 910Path to 911.Xr pflogd 8 912(default 913.Pa /sbin/pflogd ) . 914.It Va pflog_flags 915.Pq Vt str 916Empty by default. 917This variable contains additional flags passed to the 918.Xr pflogd 8 919program. 920.It Va pflog_instances 921.Pq Vt str 922If logging to more than one 923.Xr pflog 4 924interface is desired, 925.Va pflog_instances 926is set to the list of 927.Xr pflogd 8 928instances that should be started at system boot time. If 929.Va pflog_instances 930is set, for each whitespace-seperated 931.Ar element 932in the list, 933.Ao Ar element Ac Ns Va _dev 934and 935.Ao Ar element Ac Ns Va _logfile 936elements are assumed to exist. 937.Ao Ar element Ac Ns Va _dev 938must contain the 939.Xr pflog 4 940interface to be watched by the named 941.Xr pflogd 8 942instance. 943.Ao Ar element Ac Ns Va _logfile 944must contain the name of the logfile that will be used by the 945.Xr pflogd 8 946instance. 947.It Va ftpproxy_enable 948.Pq Vt bool 949Set to 950.Dq Li NO 951by default. 952Setting this to 953.Dq Li YES 954enables 955.Xr ftp-proxy 8 956which supports the 957.Xr pf 4 958packet filter in translating ftp connections. 959.It Va ftpproxy_flags 960.Pq Vt str 961Empty by default. 962This variable contains additional flags passed to the 963.Xr ftp-proxy 8 964program. 965.It Va ftpproxy_instances 966.Pq Vt str 967Empty by default. If multiple instances of 968.Xr ftp-proxy 8 969are desired at boot time, 970.Va ftpproxy_instances 971should contain a whitespace-seperated list of instance names. For each 972.Ar element 973in the list, a variable named 974.Ao Ar element Ac Ns Va _flags 975should be defined, containing the command-line flags to be passed to the 976.Xr ftp-proxy 8 977instance. 978.It Va pfsync_enable 979.Pq Vt bool 980Set to 981.Dq Li NO 982by default. 983Setting this to 984.Dq Li YES 985enables exposing 986.Xr pf 4 987state changes to other hosts over the network by means of 988.Xr pfsync 4 . 989The 990.Va pfsync_syncdev 991variable 992must also be set then. 993.It Va pfsync_syncdev 994.Pq Vt str 995Empty by default. 996This variable specifies the name of the network interface 997.Xr pfsync 4 998should operate through. 999It must be set accordingly if 1000.Va pfsync_enable 1001is set to 1002.Dq Li YES . 1003.It Va pfsync_syncpeer 1004.Pq Vt str 1005Empty by default. 1006This variable is optional. 1007By default, state change messages are sent out on the synchronisation 1008interface using IP multicast packets. 1009The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1010224.0.0.240. 1011When a peer address is specified using the 1012.Va pfsync_syncpeer 1013option, the peer address is used as a destination for the pfsync 1014traffic, and the traffic can then be protected using 1015.Xr ipsec 4 . 1016See the 1017.Xr pfsync 4 1018manpage for more details about using 1019.Xr ipsec 4 1020with 1021.Xr pfsync 4 1022interfaces. 1023.It Va pfsync_ifconfig 1024.Pq Vt str 1025Empty by default. 1026This variable can contain additional options to be passed to the 1027.Xr ifconfig 8 1028command used to set up 1029.Xr pfsync 4 . 1030.It Va tcp_extensions 1031.Pq Vt bool 1032Set to 1033.Dq Li YES 1034by default. 1035Setting this to 1036.Dq Li NO 1037disables certain TCP options as described by 1038.Rs 1039.%T "RFC 1323" 1040.Re 1041Setting this to 1042.Dq Li NO 1043might help remedy such problems with connections as randomly hanging 1044or other weird behavior. 1045Some network devices are known 1046to be broken with respect to these options. 1047.It Va log_in_vain 1048.Pq Vt int 1049Set to 0 by default. 1050The 1051.Xr sysctl 8 1052variables, 1053.Va net.inet.tcp.log_in_vain 1054and 1055.Va net.inet.udp.log_in_vain , 1056as described in 1057.Xr tcp 4 1058and 1059.Xr udp 4 , 1060are set to the given value. 1061.It Va tcp_keepalive 1062.Pq Vt bool 1063Set to 1064.Dq Li YES 1065by default. 1066Setting to 1067.Dq Li NO 1068will disable probing idle TCP connections to verify that the 1069peer is still up and reachable. 1070.It Va tcp_drop_synfin 1071.Pq Vt bool 1072Set to 1073.Dq Li NO 1074by default. 1075Setting to 1076.Dq Li YES 1077will cause the kernel to ignore TCP frames that have both 1078the SYN and FIN flags set. 1079This prevents OS fingerprinting, but may 1080break some legitimate applications. 1081.It Va icmp_drop_redirect 1082.Pq Vt bool 1083Set to 1084.Dq Li NO 1085by default. 1086Setting to 1087.Dq Li YES 1088will cause the kernel to ignore ICMP REDIRECT packets. 1089Refer to 1090.Xr icmp 4 1091for more information. 1092.It Va icmp_log_redirect 1093.Pq Vt bool 1094Set to 1095.Dq Li NO 1096by default. 1097Setting to 1098.Dq Li YES 1099will cause the kernel to log ICMP REDIRECT packets. 1100Note that 1101the log messages are not rate-limited, so this option should only be used 1102for troubleshooting networks. 1103Refer to 1104.Xr icmp 4 1105for more information. 1106.It Va icmp_bmcastecho 1107.Pq Vt bool 1108Set to 1109.Dq Li YES 1110to respond to broadcast or multicast ICMP ping packets. 1111Refer to 1112.Xr icmp 4 1113for more information. 1114.It Va ip_portrange_first 1115.Pq Vt int 1116If not set to 1117.Dq Li NO , 1118this is the first port in the default portrange. 1119Refer to 1120.Xr ip 4 1121for more information. 1122.It Va ip_portrange_last 1123.Pq Vt int 1124If not set to 1125.Dq Li NO , 1126this is the last port in the default portrange. 1127Refer to 1128.Xr ip 4 1129for more information. 1130.It Va network_interfaces 1131.Pq Vt str 1132Set to the list of network interfaces to configure on this host or 1133.Dq Li AUTO 1134(the default) for all current interfaces. 1135Setting the 1136.Va network_interfaces 1137variable to anything other than the default is deprecated. 1138Interfaces that the administrator wishes to store configuration for, 1139but not start at boot should be configured with the 1140.Dq Li NOAUTO 1141keyword in their 1142.Va ifconfig_ Ns Aq Ar interface 1143variables as described below. 1144.Pp 1145An 1146.Va ifconfig_ Ns Aq Ar interface 1147variable is also assumed to exist for each value of 1148.Ar interface . 1149When an interface name contains any of the characters 1150.Dq Li .-/+ 1151they are translated to 1152.Dq Li _ 1153before lookup. 1154The variable can contain arguments to 1155.Xr ifconfig 8 , 1156as well as special case-insensitive keywords described below. 1157Such keywords are removed before passing the value to 1158.Xr ifconfig 8 1159while the order of the other arguments is preserved. 1160.Pp 1161It is possible to add IP alias entries using 1162.Xr ifconfig 8 1163syntax with the address family keyword such as 1164.Li inet . 1165Assuming that the interface in question was 1166.Li ed0 , 1167it might look something like this: 1168.Bd -literal 1169ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1170ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1171.Ed 1172.Pp 1173It also possible to configure multiple IP addresses in Classless 1174Inter-Domain Routing 1175.Pq CIDR 1176address notation, 1177whose each address component can be a range like 1178.Li inet 192.0.2.5-23/24 1179or 1180.Li inet6 2001:db8:1-f::1/64 . 1181This notation allows address and prefix length part only, 1182not the other address modifiers. 1183.Pp 1184In the case of 1185.Li 192.0.2.5-23/24 , 1186the address 192.0.2.5 will be configured with the 1187netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1188the non-conflicting netmask /32 as explained in the 1189.Xr ifconfig 8 1190alias section. 1191Note that this special netmask handling is only for 1192.Li inet , 1193not for the other address families such as 1194.Li inet6 . 1195.Pp 1196With the interface in question being 1197.Li ed0 , 1198an example could look like: 1199.Bd -literal 1200ifconfig_ed0_alias2="inet 192.0.2.129/27" 1201ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1202.Ed 1203.Pp 1204and so on. 1205.Pp 1206Note that 1207.Va ipv4_addrs_ Ns Aq Ar interface 1208variable was supported for IPv4 CIDR address notation. 1209It is now deprecated because the functionality was integrated into 1210.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1211though 1212.Va ipv4_addrs_ Ns Aq Ar interface 1213is still supported for backward compatibility. 1214.Pp 1215For each 1216.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1217entry with an address family keyword, 1218its contents are passed to 1219.Xr ifconfig 8 . 1220Execution stops at the first unsuccessful access, so if 1221something like this is present: 1222.Bd -literal 1223ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1224ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1225ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1226ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1227.Ed 1228.Pp 1229Then note that alias4 would 1230.Em not 1231be added since the search would 1232stop with the missing 1233.Dq Li alias3 1234entry. 1235Because of this difficult to manage behavior, 1236there is 1237.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1238variable, which has the same functionality as 1239.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1240and can have all of entries in a variable like the following: 1241.Bd -literal 1242ifconfig_ed0_aliases="\\ 1243 inet 127.0.0.251 netmask 0xffffffff \\ 1244 inet 127.0.0.252 netmask 0xffffffff \\ 1245 inet 127.0.0.253 netmask 0xffffffff \\ 1246 inet 127.0.0.254 netmask 0xffffffff" 1247.Ed 1248.Pp 1249It also supports CIDR notation. 1250.Pp 1251If the 1252.Pa /etc/start_if. Ns Aq Ar interface 1253file is present, it is read and executed by the 1254.Xr sh 1 1255interpreter 1256before configuring the interface as specified in the 1257.Va ifconfig_ Ns Aq Ar interface 1258and 1259.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1260variables. 1261.Pp 1262If a 1263.Va vlans_ Ns Aq Ar interface 1264variable is set, 1265a 1266.Xr vlan 4 1267interface will be created for each item in the list with the 1268.Ar vlandev 1269argument set to 1270.Ar interface . 1271If a vlan interface's name is a number, 1272then that number is used as the vlan tag and the new vlan interface is 1273named 1274.Ar interface . Ns Ar tag . 1275Otherwise, 1276the vlan tag must be specified via a 1277.Va vlan 1278parameter in the 1279.Va create_args_ Ns Aq Ar interface 1280variable. 1281.Pp 1282To create a vlan device named 1283.Li em0.101 1284on 1285.Li em0 1286with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1287.Bd -literal 1288vlans_em0="101" 1289ifconfig_em0_101="inet 192.0.2.1/24" 1290.Ed 1291.Pp 1292To create a vlan device named 1293.Li myvlan 1294on 1295.Li em0 1296with the vlan tag 102: 1297.Bd -literal 1298vlans_em0="myvlan" 1299create_args_myvlan="vlan 102" 1300.Ed 1301.Pp 1302If a 1303.Va wlans_ Ns Aq Ar interface 1304variable is set, 1305an 1306.Xr wlan 4 1307interface will be created for each item in the list with the 1308.Ar wlandev 1309argument set to 1310.Ar interface . 1311Further wlan cloning arguments may be passed to the 1312.Xr ifconfig 8 1313.Cm create 1314command by setting the 1315.Va create_args_ Ns Aq Ar interface 1316variable. 1317One or more 1318.Xr wlan 4 1319devices must be created for each wireless devices as of 1320.Fx 8.0 . 1321Debugging flags for 1322.Xr wlan 4 1323devices as set by 1324.Xr wlandebug 8 1325may be specified with an 1326.Va wlandebug_ Ns Aq Ar interface 1327variable. 1328The contents of this variable will be passed directly to 1329.Xr wlandebug 8 . 1330.Pp 1331If the 1332.Va ifconfig_ Ns Aq Ar interface 1333contains the keyword 1334.Dq Li NOAUTO 1335then the interface will not be configured 1336at boot or by 1337.Pa /etc/pccard_ether 1338when 1339.Va network_interfaces 1340is set to 1341.Dq Li AUTO . 1342.Pp 1343It is possible to bring up an interface with DHCP by adding 1344.Dq Li DHCP 1345to the 1346.Va ifconfig_ Ns Aq Ar interface 1347variable. 1348For instance, to initialize the 1349.Li ed0 1350device via DHCP, 1351it is possible to use something like: 1352.Bd -literal 1353ifconfig_ed0="DHCP" 1354.Ed 1355.Pp 1356If you want to configure your wireless interface with 1357.Xr wpa_supplicant 8 1358for use with WPA, EAP/LEAP or WEP, you need to add 1359.Dq Li WPA 1360to the 1361.Va ifconfig_ Ns Aq Ar interface 1362variable. 1363.Pp 1364On the other hand, if you want to configure your wireless interface with 1365.Xr hostapd 8 , 1366you need to add 1367.Dq Li HOSTAP 1368to the 1369.Va ifconfig_ Ns Aq Ar interface 1370variable. 1371.Xr hostapd 8 1372will use the settings from 1373.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1374.Pp 1375Finally, you can add 1376.Xr ifconfig 8 1377options in this variable, in addition to the 1378.Pa /etc/start_if. Ns Aq Ar interface 1379file. 1380For instance, to configure an 1381.Xr ath 4 1382wireless device in station mode with an address obtained 1383via DHCP, using WPA authentication and 802.11b mode, it is 1384possible to use something like: 1385.Bd -literal 1386wlans_ath0="wlan0" 1387ifconfig_wlan0="DHCP WPA mode 11b" 1388.Ed 1389.Pp 1390In addition to the 1391.Va ifconfig_ Ns Aq Ar interface 1392form, a fallback variable 1393.Va ifconfig_DEFAULT 1394may be configured. 1395It will be used for all interfaces with no 1396.Va ifconfig_ Ns Aq Ar interface 1397variable. 1398This is intended to replace the no longer supported 1399.Va pccard_ifconfig 1400variable. 1401.Pp 1402It is also possible to rename an interface by doing: 1403.Bd -literal 1404ifconfig_ed0_name="net0" 1405ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1406.Ed 1407.It Va ipv6_enable 1408.Pq Vt bool 1409This variable is deprecated. 1410Use 1411.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1412and 1413.Va ipv6_activate_all_interfaces 1414if necessary. 1415.Pp 1416If the variable is 1417.Dq Li YES , 1418.Dq Li inet6 accept_rtadv 1419is added to all of 1420.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1421and the 1422.Va ipv6_activate_all_interfaces 1423is defined as 1424.Dq Li YES . 1425.It Va ipv6_prefer 1426.Pq Vt bool 1427This variable is deprecated. 1428Use 1429.Va ip6addrctl_policy 1430instead. 1431.Pp 1432If the variable is 1433.Dq Li YES , 1434the default address selection policy table set by 1435.Xr ip6addrctl 8 1436will be IPv6-preferred. 1437.Pp 1438If the variable is 1439.Dq Li NO , 1440the default address selection policy table set by 1441.Xr ip6addrctl 8 1442will be IPv4-preferred. 1443.It Va ipv6_activate_all_interfaces 1444.Pq Vt bool 1445This controls initial configuration on IPv6-capable 1446interfaces with no corresponding 1447.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1448variable. 1449Note that it is not always necessary to set this variable to 1450.Dq YES 1451to use IPv6 functionality on 1452.Fx . 1453In most cases, just configuring 1454.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1455variables works. 1456.Pp 1457If the variable is 1458.Dq Li NO , 1459all interfaces which do not have a corresponding 1460.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1461variable will be marked as 1462.Dq Li IFDISABLED 1463at creation. 1464This means that all of IPv6 functionality on that interface 1465is completely disabled to enforce a security policy. 1466If the variable is set to 1467.Dq YES , 1468the flag will be cleared on all of the interfaces. 1469.Pp 1470In most cases, just defining an 1471.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1472for an IPv6-capable interface should be sufficient. 1473However, if an interface is added dynamically 1474.Pq by some tunneling protocols such as PPP, for example , 1475it is often difficult to define the variable in advance. 1476In such a case, configuring the 1477.Dq Li IFDISABLED 1478flag can be disabled by setting this variable to 1479.Dq YES . 1480.Pp 1481For more details of the 1482.Dq Li IFDISABLED 1483flag and keywords 1484.Dq Li inet6 ifdisabled , 1485see 1486.Xr ifconfig 8 . 1487.Pp 1488Default is 1489.Dq Li NO . 1490.It Va ipv6_privacy 1491.Pq Vt bool 1492If the variable is 1493.Dq Li YES 1494privacy addresses will be generated for each IPv6 1495interface as described in RFC 4941. 1496.It Va ipv6_network_interfaces 1497.Pq Vt str 1498This is the IPv6 equivalent of 1499.Va network_interfaces . 1500Normally manual configuration of this variable is not needed. 1501.It Va ipv6_cpe_wanif 1502.Pq Vt str 1503If the variable is set to an interface name, 1504the 1505.Xr ifconfig 8 1506options 1507.Dq inet6 -no_radr accept_rtadv 1508will be added to the specified interface automatically before evaluating 1509.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1510and two 1511.Xr sysctl 8 1512variables 1513.Va net.inet6.ip6.rfc6204w3 1514and 1515.Va net.inet6.ip6.no_radr 1516will be set to 1. 1517.Pp 1518This means the specified interface will accept ICMPv6 Router 1519Advertisement messages on that link and add the discovered 1520routers into the Default Router List. 1521While the other interfaces can still accept RA messages if the 1522.Dq inet6 accept_rtadv 1523option is specified, adding 1524routes into the Default Router List will be disabled by 1525.Dq inet6 no_radr 1526option by default. 1527See 1528.Xr ifconfig 8 1529for more details. 1530.Pp 1531Note that ICMPv6 Router Advertisement messages will be 1532accepted even when 1533.Va net.inet6.ip6.forwarding 1534is 1 1535.Pq packet forwarding is enabled 1536when 1537.Va net.inet6.ip6.rfc6204w3 1538is set to 1. 1539.Pp 1540Default is 1541.Dq Li NO . 1542.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1543.Pq Vt str 1544IPv6 functionality on an interface should be configured by 1545.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1546instead of setting ifconfig parameters in 1547.Va ifconfig_ Ns Aq Ar interface . 1548If this variable is empty, all of IPv6 configurations on the 1549specified interface by other variables such as 1550.Va ipv6_prefix_ Ns Ao Ar interface Ac 1551will be ignored. 1552.Pp 1553Aliases should be set by 1554.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1555with 1556.Dq Li inet6 1557keyword. 1558For example: 1559.Bd -literal 1560ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1561ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1562.Ed 1563.Pp 1564Interfaces that have an 1565.Dq Li inet6 accept_rtadv 1566keyword in 1567.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1568setting will be automatically configured by SLAAC 1569.Pq StateLess Address AutoConfiguration 1570described in 1571.Rs 1572.%T "RFC 4862" 1573.Re 1574.Pp 1575Note that a link-local address will be automatically configured in 1576addition to the configured global-scope addresses because the IPv6 1577specifications require it on each link. 1578The address is calculated from the MAC address by using an algorithm 1579defined in 1580.Rs 1581.%T "RFC 4862" 1582.%O "Section 5.3" 1583.Re 1584.Pp 1585If only a link-local address is needed on the interface, 1586the following configuration can be used: 1587.Bd -literal 1588ifconfig_ed0_ipv6="inet6 auto_linklocal" 1589.Ed 1590.Pp 1591A link-local address can also be configured manually. 1592This is useful for the default router address of an IPv6 router 1593so that it does not change when the network interface 1594card is replaced. 1595For example: 1596.Bd -literal 1597ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1598.Ed 1599.It Va ipv6_prefix_ Ns Aq Ar interface 1600.Pq Vt str 1601If one or more prefixes are defined in 1602.Va ipv6_prefix_ Ns Aq Ar interface 1603addresses based on each prefix and the EUI-64 interface index will be 1604configured on that interface. 1605Note that this variable will be ignored when 1606.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1607is empty. 1608.Pp 1609For example, the following configuration 1610.Bd -literal 1611ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1612.Ed 1613.Pp 1614is equivalent to the following: 1615.Bd -literal 1616ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1617ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1618ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1619ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1620.Ed 1621.Pp 1622These Subnet-Router anycast addresses will be added only when 1623.Va ipv6_gateway_enable 1624is YES. 1625.It Va ipv6_default_interface 1626.Pq Vt str 1627If not set to 1628.Dq Li NO , 1629this is the default output interface for scoped addresses. 1630This works only with ipv6_gateway_enable="NO". 1631.It Va ip6addrctl_enable 1632.Pq Vt bool 1633This variable is to enable configuring default address selection policy table 1634.Pq RFC 3484 . 1635The table can be specified in another variable 1636.Va ip6addrctl_policy . 1637For 1638.Va ip6addrctl_policy 1639the following keywords can be specified: 1640.Dq Li ipv4_prefer , 1641.Dq Li ipv6_prefer , 1642or 1643.Dq Li AUTO . 1644.Pp 1645If 1646.Dq Li ipv4_prefer 1647or 1648.Dq Li ipv6_prefer 1649is specified, 1650.Xr ip6addrctl 8 1651installs a pre-defined policy table described in Section 2.1 1652.Pq IPv6-preferred 1653or 10.3 1654.Pq IPv4-preferred 1655of RFC 3484. 1656.Pp 1657If 1658.Dq Li AUTO 1659is specified, it attempts to read a file 1660.Pa /etc/ip6addrctl.conf 1661first. 1662If this file is found, 1663.Xr ip6addrctl 8 1664reads and installs it. 1665If not found, a policy is automatically set 1666according to 1667.Va ipv6_activate_all_interfaces 1668variable; if the variable is set to 1669.Dq Li YES 1670the IPv6-preferred one is used. 1671Otherwise IPv4-preferred. 1672.Pp 1673The default value of 1674.Va ip6addrctl_enable 1675and 1676.Va ip6addrctl_policy 1677are 1678.Dq Li YES 1679and 1680.Dq Li AUTO , 1681respectively. 1682.It Va cloned_interfaces 1683.Pq Vt str 1684Set to the list of clonable network interfaces to create on this host. 1685Further cloning arguments may be passed to the 1686.Xr ifconfig 8 1687.Cm create 1688command for each interface by setting the 1689.Va create_args_ Ns Aq Ar interface 1690variable. 1691If an interface name is specified with 1692.Dq :sticky 1693keyword, 1694the interface will not be destroyed even when 1695.Pa rc.d/netif 1696script is invoked with 1697.Dq stop 1698argument. 1699This is useful when reconfiguring the interface without destroying it. 1700Entries in 1701.Va cloned_interfaces 1702are automatically appended to 1703.Va network_interfaces 1704for configuration. 1705.It Va cloned_interfaces_sticky 1706.Pq Vt bool 1707This variable is to globally enable functionality of 1708.Dq :sticky 1709keyword in 1710.Va cloned_interfaces 1711for all interfaces. 1712The default value is 1713.Dq NO . 1714Even if this variable is specified to 1715.Dq YES , 1716.Dq :nosticky 1717keyword can be used to override it on per interface basis. 1718.It Va gif_interfaces 1719.Pq Vt str 1720This variable is deprecated in favor of 1721.Va cloned_interfaces . 1722Set to the list of 1723.Xr gif 4 1724tunnel interfaces to configure on this host. 1725A 1726.Va gifconfig_ Ns Aq Ar interface 1727variable is assumed to exist for each value of 1728.Ar interface . 1729The value of this variable is used to configure the link layer of the 1730tunnel according to the syntax of the 1731.Cm tunnel 1732option to 1733.Xr ifconfig 8 . 1734Additionally, this option ensures that each listed interface is created 1735via the 1736.Cm create 1737option to 1738.Xr ifconfig 8 1739before attempting to configure it. 1740.It Va sppp_interfaces 1741.Pq Vt str 1742Set to the list of 1743.Xr sppp 4 1744interfaces to configure on this host. 1745A 1746.Va spppconfig_ Ns Aq Ar interface 1747variable is assumed to exist for each value of 1748.Ar interface . 1749Each interface should also be configured by a general 1750.Va ifconfig_ Ns Aq Ar interface 1751setting. 1752Refer to 1753.Xr spppcontrol 8 1754for more information about available options. 1755.It Va ppp_enable 1756.Pq Vt bool 1757If set to 1758.Dq Li YES , 1759run the 1760.Xr ppp 8 1761daemon. 1762.It Va ppp_profile 1763.Pq Vt str 1764The name of the profile to use from 1765.Pa /etc/ppp/ppp.conf . 1766Also used for per-profile overrides of 1767.Va ppp_mode 1768and 1769.Va ppp_nat , 1770and 1771.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1772When the profile name contains any of the characters 1773.Dq Li .-/+ 1774they are translated to 1775.Dq Li _ 1776for the proposes of the override variable names. 1777.It Va ppp_mode 1778.Pq Vt str 1779Mode in which to run the 1780.Xr ppp 8 1781daemon. 1782.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1783.Pq Vt str 1784Overrides the global 1785.Va ppp_mode 1786for 1787.Ar profile . 1788Accepted modes are 1789.Dq Li auto , 1790.Dq Li ddial , 1791.Dq Li direct 1792and 1793.Dq Li dedicated . 1794See the manual for a full description. 1795.It Va ppp_nat 1796.Pq Vt bool 1797If set to 1798.Dq Li YES , 1799enables network address translation. 1800Used in conjunction with 1801.Va gateway_enable 1802allows hosts on private network addresses access to the Internet using 1803this host as a network address translating router. 1804.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1805.Pq Vt str 1806Overrides the global 1807.Va ppp_nat 1808for 1809.Ar profile . 1810.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1811.Pq Vt int 1812Set the unit number to be used for this profile. 1813See the manual description of 1814.Fl unit Ns Ar N 1815for details. 1816.It Va ppp_user 1817.Pq Vt str 1818The name of the user under which 1819.Xr ppp 8 1820should be started. 1821By 1822default, 1823.Xr ppp 8 1824is started as 1825.Dq Li root . 1826.It Va rc_conf_files 1827.Pq Vt str 1828This option is used to specify a list of files that will override 1829the settings in 1830.Pa /etc/defaults/rc.conf . 1831The files will be read in the order in which they are specified and should 1832include the full path to the file. 1833By default, the files specified are 1834.Pa /etc/rc.conf 1835and 1836.Pa /etc/rc.conf.local 1837.It Va zfs_enable 1838.Pq Vt bool 1839If set to 1840.Dq Li YES , 1841.Pa /etc/rc.d/zfs 1842will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1843(ZVOLs). 1844.It Va gptboot_enable 1845.Pq Vt bool 1846If set to 1847.Dq Li YES , 1848.Pa /etc/rc.d/gptboot 1849will log if the system successfully (or not) booted from a GPT partition, 1850which had the 1851.Ar bootonce 1852attribute set using 1853.Xr gpart 8 1854utility. 1855.It Va gbde_autoattach_all 1856.Pq Vt bool 1857If set to 1858.Dq Li YES , 1859.Pa /etc/rc.d/gbde 1860will attempt to automatically initialize your .bde devices in 1861.Pa /etc/fstab . 1862.It Va gbde_devices 1863.Pq Vt str 1864List the devices that the script should try to attach, 1865or 1866.Dq Li AUTO . 1867.It Va gbde_lockdir 1868.Pq Vt str 1869The directory where the 1870.Xr gbde 4 1871lockfiles are located. 1872The default lockfile directory is 1873.Pa /etc . 1874.Pp 1875The lockfile for each individual 1876.Xr gbde 4 1877device can be overridden by setting the variable 1878.Va gbde_lock_ Ns Aq Ar device , 1879where 1880.Ar device 1881is the encrypted device without the 1882.Dq Pa /dev/ 1883and 1884.Dq Pa .bde 1885parts. 1886.It Va gbde_attach_attempts 1887.Pq Vt int 1888Number of times to attempt attaching to a 1889.Xr gbde 4 1890device, i.e., how many times the user is asked for the pass-phrase. 1891Default is 3. 1892.It Va geli_devices 1893.Pq Vt str 1894List of devices to automatically attach on boot. 1895Note that .eli devices from 1896.Pa /etc/fstab 1897are automatically appended to this list. 1898.It Va geli_tries 1899.Pq Vt int 1900Number of times user is asked for the pass-phrase. 1901If empty, it will be taken from 1902.Va kern.geom.eli.tries 1903sysctl variable. 1904.It Va geli_default_flags 1905.Pq Vt str 1906Default flags to use by 1907.Xr geli 8 1908when configuring disk encryption. 1909Flags can be configured for every device separately by defining 1910.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1911variable. 1912.It Va geli_autodetach 1913.Pq Vt str 1914Specifies if GELI devices should be marked for detach on last close after 1915file systems are mounted. 1916Default is 1917.Dq Li YES . 1918This can be changed for every device separately by defining 1919.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1920variable. 1921.It Va root_rw_mount 1922.Pq Vt bool 1923Set to 1924.Dq Li YES 1925by default. 1926After the file systems are checked at boot time, the root file system 1927is remounted as read-write if this is set to 1928.Dq Li YES . 1929Diskless systems that mount their root file system from a read-only remote 1930NFS share should set this to 1931.Dq Li NO 1932in their 1933.Pa rc.conf . 1934.It Va fsck_y_enable 1935.Pq Vt bool 1936If set to 1937.Dq Li YES , 1938.Xr fsck 8 1939will be run with the 1940.Fl y 1941flag if the initial preen 1942of the file systems fails. 1943.It Va background_fsck 1944.Pq Vt bool 1945If set to 1946.Dq Li YES , 1947the system will attempt to run 1948.Xr fsck 8 1949in the background where possible. 1950.It Va background_fsck_delay 1951.Pq Vt int 1952The amount of time in seconds to sleep before starting a background 1953.Xr fsck 8 . 1954It defaults to sixty seconds to allow large applications such as 1955the X server to start before disk I/O bandwidth is monopolized by 1956.Xr fsck 8 . 1957If set to a negative number, the background file system check will be 1958delayed indefinitely to allow the administrator to run it at a more 1959convenient time. 1960For example it may be run from 1961.Xr cron 8 1962by adding a line like 1963.Pp 1964.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1965.Pp 1966to 1967.Pa /etc/crontab . 1968.It Va netfs_types 1969.Pq Vt str 1970List of file system types that are network-based. 1971This list should generally not be modified by end users. 1972Use 1973.Va extra_netfs_types 1974instead. 1975.It Va extra_netfs_types 1976.Pq Vt str 1977If set to something other than 1978.Dq Li NO 1979(the default), 1980this variable extends the list of file system types 1981for which automatic mounting at startup by 1982.Xr rc 8 1983should be delayed until the network is initialized. 1984It should contain 1985a whitespace-separated list of network file system descriptor pairs, 1986each consisting of a file system type as passed to 1987.Xr mount 8 1988and a human-readable, one-word description, 1989joined with a colon 1990.Pq Ql \&: . 1991Extending the default list in this way is only necessary 1992when third party file system types are used. 1993.It Va syslogd_enable 1994.Pq Vt bool 1995If set to 1996.Dq Li YES , 1997run the 1998.Xr syslogd 8 1999daemon. 2000.It Va syslogd_program 2001.Pq Vt str 2002Path to 2003.Xr syslogd 8 2004(default 2005.Pa /usr/sbin/syslogd ) . 2006.It Va syslogd_flags 2007.Pq Vt str 2008If 2009.Va syslogd_enable 2010is set to 2011.Dq Li YES , 2012these are the flags to pass to 2013.Xr syslogd 8 . 2014.It Va inetd_enable 2015.Pq Vt bool 2016If set to 2017.Dq Li YES , 2018run the 2019.Xr inetd 8 2020daemon. 2021.It Va inetd_program 2022.Pq Vt str 2023Path to 2024.Xr inetd 8 2025(default 2026.Pa /usr/sbin/inetd ) . 2027.It Va inetd_flags 2028.Pq Vt str 2029If 2030.Va inetd_enable 2031is set to 2032.Dq Li YES , 2033these are the flags to pass to 2034.Xr inetd 8 . 2035.It Va hastd_enable 2036.Pq Vt bool 2037If set to 2038.Dq Li YES , 2039run the 2040.Xr hastd 8 2041daemon. 2042.It Va hastd_program 2043.Pq Vt str 2044Path to 2045.Xr hastd 8 2046(default 2047.Pa /sbin/hastd ) . 2048.It Va hastd_flags 2049.Pq Vt str 2050If 2051.Va hastd_enable 2052is set to 2053.Dq Li YES , 2054these are the flags to pass to 2055.Xr hastd 8 . 2056.It Va local_unbound_enable 2057.Pq Vt bool 2058If set to 2059.Dq Li YES , 2060run the 2061.Xr unbound 8 2062daemon as a local caching resolver. 2063.It Va kerberos5_server_enable 2064.Pq Vt bool 2065Set to 2066.Dq Li YES 2067to start a Kerberos 5 authentication server 2068at boot time. 2069.It Va kerberos5_server 2070.Pq Vt str 2071If 2072.Va kerberos5_server_enable 2073is set to 2074.Dq Li YES 2075this is the path to Kerberos 5 Authentication Server. 2076.It Va kerberos5_server_flags 2077.Pq Vt str 2078Empty by default. 2079This variable contains additional flags to be passed to the Kerberos 5 2080authentication server. 2081.It Va kadmind5_server_enable 2082.Pq Vt bool 2083Set to 2084.Dq Li YES 2085to start 2086.Xr kadmind 8 , 2087the Kerberos 5 Administration Daemon; set to 2088.Dq Li NO 2089on a slave server. 2090.It Va kadmind5_server 2091.Pq Vt str 2092If 2093.Va kadmind5_server_enable 2094is set to 2095.Dq Li YES 2096this is the path to Kerberos 5 Administration Daemon. 2097.It Va kpasswdd_server_enable 2098.Pq Vt bool 2099Set to 2100.Dq Li YES 2101to start 2102.Xr kpasswdd 8 , 2103the Kerberos 5 Password-Changing Daemon; set to 2104.Dq Li NO 2105on a slave server. 2106.It Va kpasswdd_server 2107.Pq Vt str 2108If 2109.Va kpasswdd_server_enable 2110is set to 2111.Dq Li YES 2112this is the path to Kerberos 5 Password-Changing Daemon. 2113.It Va kfd_enable 2114.Pq Vt bool 2115Set to 2116.Dq Li YES 2117to start 2118.Xr kfd 8 , 2119the Kerberos 5 ticket forwarding daemon, at the boot time. 2120.It Va kfd_program 2121.Pq Vt str 2122Path to 2123.Xr kfd 8 2124(default 2125.Pa /usr/libexec/kfd ) . 2126.It Va rwhod_enable 2127.Pq Vt bool 2128If set to 2129.Dq Li YES , 2130run the 2131.Xr rwhod 8 2132daemon at boot time. 2133.It Va rwhod_flags 2134.Pq Vt str 2135If 2136.Va rwhod_enable 2137is set to 2138.Dq Li YES , 2139these are the flags to pass to it. 2140.It Va amd_enable 2141.Pq Vt bool 2142If set to 2143.Dq Li YES , 2144run the 2145.Xr amd 8 2146daemon at boot time. 2147.It Va amd_flags 2148.Pq Vt str 2149If 2150.Va amd_enable 2151is set to 2152.Dq Li YES , 2153these are the flags to pass to it. 2154See the 2155.Xr amd 8 2156manpage for more information. 2157.It Va amd_map_program 2158.Pq Vt str 2159If set, 2160the specified program is run to get the list of 2161.Xr amd 8 2162maps. 2163For example, if the 2164.Xr amd 8 2165maps are stored in NIS, one can set this to 2166run 2167.Xr ypcat 1 2168to get a list of 2169.Xr amd 8 2170maps from the 2171.Pa amd.master 2172NIS map. 2173.It Va update_motd 2174.Pq Vt bool 2175If set to 2176.Dq Li YES , 2177.Pa /etc/motd 2178will be updated at boot time to reflect the kernel release 2179being run. 2180If set to 2181.Dq Li NO , 2182.Pa /etc/motd 2183will not be updated. 2184.It Va nfs_client_enable 2185.Pq Vt bool 2186If set to 2187.Dq Li YES , 2188run the NFS client daemons at boot time. 2189.It Va nfs_access_cache 2190.Pq Vt int 2191If 2192.Va nfs_client_enable 2193is set to 2194.Dq Li YES , 2195this can be set to 2196.Dq Li 0 2197to disable NFS ACCESS RPC caching, or to the number of seconds for which 2198NFS ACCESS 2199results should be cached. 2200A value of 2-10 seconds will substantially reduce network 2201traffic for many NFS operations. 2202.It Va nfs_server_enable 2203.Pq Vt bool 2204If set to 2205.Dq Li YES , 2206run the NFS server daemons at boot time. 2207.It Va nfs_server_flags 2208.Pq Vt str 2209If 2210.Va nfs_server_enable 2211is set to 2212.Dq Li YES , 2213these are the flags to pass to the 2214.Xr nfsd 8 2215daemon. 2216.It Va nfsv4_server_enable 2217.Pq Vt bool 2218If 2219.Va nfs_server_enable 2220is set to 2221.Dq Li YES 2222and 2223.Va nfsv4_server_enable 2224are set to 2225.Dq Li YES , 2226enable the server for NFSv4 as well as NFSv2 and NFSv3. 2227.It Va nfsuserd_enable 2228.Pq Vt bool 2229If 2230.Va nfsuserd_enable 2231is set to 2232.Dq Li YES , 2233run the nfsuserd daemon, which is needed for NFSv4 in order 2234to map between user/group names vs uid/gid numbers. 2235If 2236.Va nfsv4_server_enable 2237is set to 2238.Dq Li YES , 2239this will be forced enabled. 2240.It Va nfsuserd_flags 2241.Pq Vt str 2242If 2243.Va nfsuserd_enable 2244is set to 2245.Dq Li YES , 2246these are the flags to pass to the 2247.Xr nfsuserd 8 2248daemon. 2249.It Va nfscbd_enable 2250.Pq Vt bool 2251If 2252.Va nfscbd_enable 2253is set to 2254.Dq Li YES , 2255run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2256.It Va nfscbd_flags 2257.Pq Vt str 2258If 2259.Va nfscbd_enable 2260is set to 2261.Dq Li YES , 2262these are the flags to pass to the 2263.Xr nfscbd 8 2264daemon. 2265.It Va oldnfs_server_enable 2266.Pq Vt bool 2267If 2268.Va oldnfs_server_enable 2269is set to 2270.Dq Li YES , 2271force the NFS server daemons to run the old NFS server code 2272that does not support NFSv4. 2273.It Va mountd_enable 2274.Pq Vt bool 2275If set to 2276.Dq Li YES , 2277and no 2278.Va nfs_server_enable 2279is set, start 2280.Xr mountd 8 , 2281but not 2282.Xr nfsd 8 2283daemon. 2284It is commonly needed to run CFS without real NFS used. 2285.It Va mountd_flags 2286.Pq Vt str 2287If 2288.Va mountd_enable 2289is set to 2290.Dq Li YES , 2291these are the flags to pass to the 2292.Xr mountd 8 2293daemon. 2294.It Va weak_mountd_authentication 2295.Pq Vt bool 2296If set to 2297.Dq Li YES , 2298allow services like PCNFSD to make non-privileged mount 2299requests. 2300.It Va nfs_reserved_port_only 2301.Pq Vt bool 2302If set to 2303.Dq Li YES , 2304provide NFS services only on a secure port. 2305.It Va nfs_bufpackets 2306.Pq Vt int 2307If set to a number, indicates the number of packets worth of 2308socket buffer space to reserve on an NFS client. 2309The kernel default is typically 4. 2310Using a higher number may be 2311useful on gigabit networks to improve performance. 2312The minimum value is 23132 and the maximum is 64. 2314.It Va rpc_lockd_enable 2315.Pq Vt bool 2316If set to 2317.Dq Li YES 2318and also an NFS server or client, run 2319.Xr rpc.lockd 8 2320at boot time. 2321.It Va rpc_lockd_flags 2322.Pq Vt str 2323If 2324.Va rpc_lockd_enable 2325is set to 2326.Dq Li YES , 2327these are the flags to pass to the 2328.Xr rpc.lockd 8 2329daemon. 2330.It Va rpc_statd_enable 2331.Pq Vt bool 2332If set to 2333.Dq Li YES 2334and also an NFS server or client, run 2335.Xr rpc.statd 8 2336at boot time. 2337.It Va rpc_statd_flags 2338.Pq Vt str 2339If 2340.Va rpc_statd_enable 2341is set to 2342.Dq Li YES , 2343these are the flags to pass to the 2344.Xr rpc.statd 8 2345daemon. 2346.It Va rpcbind_program 2347.Pq Vt str 2348Path to 2349.Xr rpcbind 8 2350(default 2351.Pa /usr/sbin/rpcbind ) . 2352.It Va rpcbind_enable 2353.Pq Vt bool 2354If set to 2355.Dq Li YES , 2356run the 2357.Xr rpcbind 8 2358service at boot time. 2359.It Va rpcbind_flags 2360.Pq Vt str 2361If 2362.Va rpcbind_enable 2363is set to 2364.Dq Li YES , 2365these are the flags to pass to the 2366.Xr rpcbind 8 2367daemon. 2368.It Va keyserv_enable 2369.Pq Vt bool 2370If set to 2371.Dq Li YES , 2372run the 2373.Xr keyserv 8 2374daemon on boot for running Secure RPC. 2375.It Va keyserv_flags 2376.Pq Vt str 2377If 2378.Va keyserv_enable 2379is set to 2380.Dq Li YES , 2381these are the flags to pass to 2382.Xr keyserv 8 2383daemon. 2384.It Va pppoed_enable 2385.Pq Vt bool 2386If set to 2387.Dq Li YES , 2388run the 2389.Xr pppoed 8 2390daemon at boot time to provide PPP over Ethernet services. 2391.It Va pppoed_ Ns Aq Ar provider 2392.Pq Vt str 2393.Xr pppoed 8 2394listens to requests to this 2395.Ar provider 2396and ultimately runs 2397.Xr ppp 8 2398with a 2399.Ar system 2400argument of the same name. 2401.It Va pppoed_flags 2402.Pq Vt str 2403Additional flags to pass to 2404.Xr pppoed 8 . 2405.It Va pppoed_interface 2406.Pq Vt str 2407The network interface to run 2408.Xr pppoed 8 2409on. 2410This is mandatory when 2411.Va pppoed_enable 2412is set to 2413.Dq Li YES . 2414.It Va timed_enable 2415.Pq Vt bool 2416If set to 2417.Dq Li YES , 2418run the 2419.Xr timed 8 2420service at boot time. 2421This command is intended for networks of 2422machines where a consistent 2423.Dq "network time" 2424for all hosts must be established. 2425This is often useful in large NFS 2426environments where time stamps on files are expected to be consistent 2427network-wide. 2428.It Va timed_flags 2429.Pq Vt str 2430If 2431.Va timed_enable 2432is set to 2433.Dq Li YES , 2434these are the flags to pass to the 2435.Xr timed 8 2436service. 2437.It Va ntpdate_enable 2438.Pq Vt bool 2439If set to 2440.Dq Li YES , 2441run 2442.Xr ntpdate 8 2443at system startup. 2444This command is intended to 2445synchronize the system clock only 2446.Em once 2447from some standard reference. 2448.It Va ntpdate_config 2449.Pq Vt str 2450Configuration file for 2451.Xr ntpdate 8 . 2452Default 2453.Pa /etc/ntp.conf . 2454.It Va ntpdate_hosts 2455.Pq Vt str 2456A whitespace-separated list of NTP servers to synchronize with at startup. 2457The default is to use the servers listed in 2458.Va ntpdate_config , 2459if that file exists. 2460.It Va ntpdate_program 2461.Pq Vt str 2462Path to 2463.Xr ntpdate 8 2464(default 2465.Pa /usr/sbin/ntpdate ) . 2466.It Va ntpdate_flags 2467.Pq Vt str 2468If 2469.Va ntpdate_enable 2470is set to 2471.Dq Li YES , 2472these are the flags to pass to the 2473.Xr ntpdate 8 2474command (typically a hostname). 2475.It Va ntpd_enable 2476.Pq Vt bool 2477If set to 2478.Dq Li YES , 2479run the 2480.Xr ntpd 8 2481command at boot time. 2482.It Va ntpd_program 2483.Pq Vt str 2484Path to 2485.Xr ntpd 8 2486(default 2487.Pa /usr/sbin/ntpd ) . 2488.It Va ntpd_config 2489.Pq Vt str 2490Path to 2491.Xr ntpd 8 2492configuration file. 2493Default 2494.Pa /etc/ntp.conf . 2495.It Va ntpd_flags 2496.Pq Vt str 2497If 2498.Va ntpd_enable 2499is set to 2500.Dq Li YES , 2501these are the flags to pass to the 2502.Xr ntpd 8 2503daemon. 2504.It Va ntpd_sync_on_start 2505.Pq Vt bool 2506If set to 2507.Dq Li YES , 2508.Xr ntpd 8 2509is run with the 2510.Fl g 2511flag, which syncs the system's clock on startup. 2512See 2513.Xr ntpd 8 2514for more information regarding the 2515.Fl g 2516option. 2517This is a preferred alternative to using 2518.Xr ntpdate 8 2519or specifying the 2520.Va ntpdate_enable 2521variable. 2522.It Va nis_client_enable 2523.Pq Vt bool 2524If set to 2525.Dq Li YES , 2526run the 2527.Xr ypbind 8 2528service at system boot time. 2529.It Va nis_client_flags 2530.Pq Vt str 2531If 2532.Va nis_client_enable 2533is set to 2534.Dq Li YES , 2535these are the flags to pass to the 2536.Xr ypbind 8 2537service. 2538.It Va nis_ypset_enable 2539.Pq Vt bool 2540If set to 2541.Dq Li YES , 2542run the 2543.Xr ypset 8 2544daemon at system boot time. 2545.It Va nis_ypset_flags 2546.Pq Vt str 2547If 2548.Va nis_ypset_enable 2549is set to 2550.Dq Li YES , 2551these are the flags to pass to the 2552.Xr ypset 8 2553daemon. 2554.It Va nis_server_enable 2555.Pq Vt bool 2556If set to 2557.Dq Li YES , 2558run the 2559.Xr ypserv 8 2560daemon at system boot time. 2561.It Va nis_server_flags 2562.Pq Vt str 2563If 2564.Va nis_server_enable 2565is set to 2566.Dq Li YES , 2567these are the flags to pass to the 2568.Xr ypserv 8 2569daemon. 2570.It Va nis_ypxfrd_enable 2571.Pq Vt bool 2572If set to 2573.Dq Li YES , 2574run the 2575.Xr rpc.ypxfrd 8 2576daemon at system boot time. 2577.It Va nis_ypxfrd_flags 2578.Pq Vt str 2579If 2580.Va nis_ypxfrd_enable 2581is set to 2582.Dq Li YES , 2583these are the flags to pass to the 2584.Xr rpc.ypxfrd 8 2585daemon. 2586.It Va nis_yppasswdd_enable 2587.Pq Vt bool 2588If set to 2589.Dq Li YES , 2590run the 2591.Xr rpc.yppasswdd 8 2592daemon at system boot time. 2593.It Va nis_yppasswdd_flags 2594.Pq Vt str 2595If 2596.Va nis_yppasswdd_enable 2597is set to 2598.Dq Li YES , 2599these are the flags to pass to the 2600.Xr rpc.yppasswdd 8 2601daemon. 2602.It Va rpc_ypupdated_enable 2603.Pq Vt bool 2604If set to 2605.Dq Li YES , 2606run the 2607.Nm rpc.ypupdated 2608daemon at system boot time. 2609.It Va bsnmpd_enable 2610.Pq Vt bool 2611If set to 2612.Dq Li YES , 2613run the 2614.Xr bsnmpd 1 2615daemon at system boot time. 2616Be sure to understand the security implications of running SNMP daemon 2617on your host. 2618.It Va bsnmpd_flags 2619.Pq Vt str 2620If 2621.Va bsnmpd_enable 2622is set to 2623.Dq Li YES , 2624these are the flags to pass to the 2625.Xr bsnmpd 1 2626daemon. 2627.It Va defaultrouter 2628.Pq Vt str 2629If not set to 2630.Dq Li NO , 2631create a default route to this host name or IP address 2632(use an IP address if this router is also required to get to the 2633name server!). 2634.It Va ipv6_defaultrouter 2635.Pq Vt str 2636The IPv6 equivalent of 2637.Va defaultrouter . 2638.It Va static_arp_pairs 2639.Pq Vt str 2640Set to the list of static ARP pairs that are to be added at system 2641boot time. 2642For each whitespace separated 2643.Ar element 2644in the value, a 2645.Va static_arp_ Ns Aq Ar element 2646variable is assumed to exist whose contents will later be passed to a 2647.Dq Nm arp Cm -S 2648operation. 2649For example 2650.Bd -literal 2651static_arp_pairs="gw" 2652static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2653.Ed 2654.It Va static_ndp_pairs 2655.Pq Vt str 2656Set to the list of static NDP pairs that are to be added at system 2657boot time. 2658For each whitespace separated 2659.Ar element 2660in the value, a 2661.Va static_ndp_ Ns Aq Ar element 2662variable is assumed to exist whose contents will later be passed to a 2663.Dq Nm ndp Cm -s 2664operation. 2665For example 2666.Bd -literal 2667static_ndp_pairs="gw" 2668static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2669.Ed 2670.It Va static_routes 2671.Pq Vt str 2672Set to the list of static routes that are to be added at system 2673boot time. 2674If not set to 2675.Dq Li NO 2676then for each whitespace separated 2677.Ar element 2678in the value, a 2679.Va route_ Ns Aq Ar element 2680variable is assumed to exist 2681whose contents will later be passed to a 2682.Dq Nm route Cm add 2683operation. 2684For example: 2685.Bd -literal 2686static_routes="ext mcast:gif0 gif0local:gif0" 2687route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2688route_mcast="-net 224.0.0.0/4 -iface gif0" 2689route_gif0local="-host 169.254.1.1 -iface lo0" 2690.Ed 2691.Pp 2692When an 2693.Ar element 2694is in the form of 2695.Li name:ifname , 2696the route is specific to the interface 2697.Li ifname . 2698.It Va ipv6_static_routes 2699.Pq Vt str 2700The IPv6 equivalent of 2701.Va static_routes . 2702If not set to 2703.Dq Li NO 2704then for each whitespace separated 2705.Ar element 2706in the value, a 2707.Va ipv6_route_ Ns Aq Ar element 2708variable is assumed to exist 2709whose contents will later be passed to a 2710.Dq Nm route Cm add Fl inet6 2711operation. 2712.It Va natm_static_routes 2713.Pq Vt str 2714The 2715.Xr natmip 4 2716equivalent of 2717.Va static_routes . 2718If not empty then for each whitespace separated 2719.Ar element 2720in the value, a 2721.Va route_ Ns Aq Ar element 2722variable is assumed to exist whose contents will later be passed to a 2723.Dq Nm atmconfig Cm natm Cm add 2724operation. 2725.It Va gateway_enable 2726.Pq Vt bool 2727If set to 2728.Dq Li YES , 2729configure host to act as an IP router, e.g.\& to forward packets 2730between interfaces. 2731.It Va ipv6_gateway_enable 2732.Pq Vt bool 2733The IPv6 equivalent of 2734.Va gateway_enable . 2735.It Va routed_enable 2736.Pq Vt bool 2737If set to 2738.Dq Li YES , 2739run a routing daemon of some sort, based on the 2740settings of 2741.Va routed_program 2742and 2743.Va routed_flags . 2744.It Va route6d_enable 2745.Pq Vt bool 2746The IPv6 equivalent of 2747.Va routed_enable . 2748If set to 2749.Dq Li YES , 2750run a routing daemon of some sort, based on the 2751settings of 2752.Va route6d_program 2753and 2754.Va route6d_flags . 2755.It Va routed_program 2756.Pq Vt str 2757If 2758.Va routed_enable 2759is set to 2760.Dq Li YES , 2761this is the name of the routing daemon to use. 2762.It Va route6d_program 2763.Pq Vt str 2764The IPv6 equivalent of 2765.Va routed_program . 2766.It Va routed_flags 2767.Pq Vt str 2768If 2769.Va routed_enable 2770is set to 2771.Dq Li YES , 2772these are the flags to pass to the routing daemon. 2773.It Va route6d_flags 2774.Pq Vt str 2775The IPv6 equivalent of 2776.Va routed_flags . 2777.It Va mrouted_enable 2778.Pq Vt bool 2779If set to 2780.Dq Li YES , 2781run the multicast routing daemon, 2782.Xr mrouted 8 . 2783.It Va mroute6d_enable 2784.Pq Vt bool 2785The IPv6 equivalent of 2786.Va mrouted_enable . 2787If set to 2788.Dq Li YES , 2789run the IPv6 multicast routing daemon. 2790.Pp 2791Note that multicast routing daemons are no longer included in the 2792.Fx 2793base system, however, both 2794.Xr mrouted 8 2795and 2796.Xr pim6dd 8 2797may be installed from the 2798.Fx 2799Ports Collection. 2800.It Va mrouted_flags 2801.Pq Vt str 2802If 2803.Va mrouted_enable 2804is set to 2805.Dq Li YES , 2806these are the flags to pass to the 2807.Xr mrouted 8 2808daemon. 2809.It Va mroute6d_flags 2810.Pq Vt str 2811The IPv6 equivalent of 2812.Va mrouted_flags . 2813If 2814.Va mroute6d_enable 2815is set to 2816.Dq Li YES , 2817these are the flags passed to the IPv6 multicast routing daemon. 2818.It Va mroute6d_program 2819.Pq Vt str 2820If 2821.Va mroute6d_enable 2822is set to 2823.Dq Li YES , 2824this is the path to the IPv6 multicast routing daemon. 2825.It Va rtadvd_enable 2826.Pq Vt bool 2827If set to 2828.Dq Li YES , 2829run the 2830.Xr rtadvd 8 2831daemon at boot time. 2832The 2833.Xr rtadvd 8 2834utility sends ICMPv6 Router Advertisement messages to 2835the interfaces specified in 2836.Va rtadvd_interfaces . 2837This should only be enabled with great care. 2838You may want to fine-tune 2839.Xr rtadvd.conf 5 . 2840.It Va rtadvd_interfaces 2841.Pq Vt str 2842If 2843.Va rtadvd_enable 2844is set to 2845.Dq Li YES 2846this is the list of interfaces to use. 2847.It Va arpproxy_all 2848.Pq Vt bool 2849If set to 2850.Dq Li YES , 2851enable global proxy ARP. 2852.It Va forward_sourceroute 2853.Pq Vt bool 2854If set to 2855.Dq Li YES 2856and 2857.Va gateway_enable 2858is also set to 2859.Dq Li YES , 2860source-routed packets are forwarded. 2861.It Va accept_sourceroute 2862.Pq Vt bool 2863If set to 2864.Dq Li YES , 2865the system will accept source-routed packets directed at it. 2866.It Va rarpd_enable 2867.Pq Vt bool 2868If set to 2869.Dq Li YES , 2870run the 2871.Xr rarpd 8 2872daemon at system boot time. 2873.It Va rarpd_flags 2874.Pq Vt str 2875If 2876.Va rarpd_enable 2877is set to 2878.Dq Li YES , 2879these are the flags to pass to the 2880.Xr rarpd 8 2881daemon. 2882.It Va bootparamd_enable 2883.Pq Vt bool 2884If set to 2885.Dq Li YES , 2886run the 2887.Xr bootparamd 8 2888daemon at system boot time. 2889.It Va bootparamd_flags 2890.Pq Vt str 2891If 2892.Va bootparamd_enable 2893is set to 2894.Dq Li YES , 2895these are the flags to pass to the 2896.Xr bootparamd 8 2897daemon. 2898.It Va stf_interface_ipv4addr 2899.Pq Vt str 2900If not set to 2901.Dq Li NO , 2902this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2903interface). 2904Specify this entry to enable the 6to4 interface. 2905.It Va stf_interface_ipv4plen 2906.Pq Vt int 2907Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2908An effective value is 0-31. 2909.It Va stf_interface_ipv6_ifid 2910.Pq Vt str 2911IPv6 interface ID for 2912.Xr stf 4 . 2913This can be set to 2914.Dq Li AUTO . 2915.It Va stf_interface_ipv6_slaid 2916.Pq Vt str 2917IPv6 Site Level Aggregator for 2918.Xr stf 4 . 2919.It Va ipv6_faith_prefix 2920.Pq Vt str 2921If not set to 2922.Dq Li NO , 2923this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2924translator. 2925You also need 2926.Xr faithd 8 2927setup. 2928.It Va ipv6_ipv4mapping 2929.Pq Vt bool 2930If set to 2931.Dq Li YES 2932this enables IPv4 mapped IPv6 address communication (like 2933.Li ::ffff:a.b.c.d ) . 2934.It Va rtsold_enable 2935.Pq Vt bool 2936Set to 2937.Dq Li YES 2938to enable the 2939.Xr rtsold 8 2940daemon to send ICMPv6 Router Solicitation messages. 2941.It Va rtsold_flags 2942.Pq Vt str 2943If 2944.Va rtsold_enable 2945is set to 2946.Dq Li YES , 2947these are the flags to pass to 2948.Xr rtsold 8 . 2949.It Va rtsol_flags 2950.Pq Vt str 2951For interfaces configured with the 2952.Dq Li inet6 accept_rtadv 2953keyword, these are the flags to pass to 2954.Xr rtsol 8 . 2955.Pp 2956Note that 2957.Va rtsold_enable 2958is mutually exclusive to 2959.Va rtsol_flags ; 2960.Va rtsold_enable 2961takes precedence. 2962.It Va atm_enable 2963.Pq Vt bool 2964Set to 2965.Dq Li YES 2966to enable the configuration of ATM interfaces at system boot time. 2967For all of the ATM variables described below, please refer to the 2968.Xr atm 8 2969manual page for further details on the available command parameters. 2970Also refer to the files in 2971.Pa /usr/share/examples/atm 2972for more detailed configuration information. 2973.It Va atm_load 2974.Pq Vt str 2975This is a list of physical ATM interface drivers to load. 2976Typical values are 2977.Dq Li hfa_pci 2978and/or 2979.Dq Li hea_pci . 2980.It Va atm_netif_ Ns Aq Ar intf 2981.Pq Vt str 2982For the ATM physical interface 2983.Ar intf , 2984this variable defines the name prefix and count for the ATM network 2985interfaces to be created. 2986The value will be passed as the parameters of an 2987.Dq Nm atm Cm "set netif" Ar intf 2988command. 2989.It Va atm_sigmgr_ Ns Aq Ar intf 2990.Pq Vt str 2991For the ATM physical interface 2992.Ar intf , 2993this variable defines the ATM signalling manager to be used. 2994The value will be passed as the parameters of an 2995.Dq Nm atm Cm attach Ar intf 2996command. 2997.It Va atm_prefix_ Ns Aq Ar intf 2998.Pq Vt str 2999For the ATM physical interface 3000.Ar intf , 3001this variable defines the NSAP prefix for interfaces using a UNI signalling 3002manager. 3003If set to 3004.Dq Li ILMI , 3005the prefix will automatically be set via the 3006.Xr ilmid 8 3007daemon. 3008Otherwise, the value will be passed as the parameters of an 3009.Dq Nm atm Cm "set prefix" Ar intf 3010command. 3011.It Va atm_macaddr_ Ns Aq Ar intf 3012.Pq Vt str 3013For the ATM physical interface 3014.Ar intf , 3015this variable defines the MAC address for interfaces using a UNI signalling 3016manager. 3017If set to 3018.Dq Li NO , 3019the hardware MAC address contained in the ATM interface card will be used. 3020Otherwise, the value will be passed as the parameters of an 3021.Dq Nm atm Cm "set mac" Ar intf 3022command. 3023.It Va atm_arpserver_ Ns Aq Ar netif 3024.Pq Vt str 3025For the ATM network interface 3026.Ar netif , 3027this variable defines the ATM address for a host which is to provide ATMARP 3028service. 3029This variable is only applicable to interfaces using a UNI signalling 3030manager. 3031If set to 3032.Dq Li local , 3033this host will become an ATMARP server. 3034The value will be passed as the parameters of an 3035.Dq Nm atm Cm "set arpserver" Ar netif 3036command. 3037.It Va atm_scsparp_ Ns Aq Ar netif 3038.Pq Vt bool 3039If set to 3040.Dq Li YES , 3041SCSP/ATMARP service for the network interface 3042.Ar netif 3043will be initiated using the 3044.Xr scspd 8 3045and 3046.Xr atmarpd 8 3047daemons. 3048This variable is only applicable if 3049.Va atm_arpserver_ Ns Aq Ar netif 3050is set to 3051.Dq Li local . 3052.It Va atm_pvcs 3053.Pq Vt str 3054Set to the list of ATM PVCs to be added at system 3055boot time. 3056For each whitespace separated 3057.Ar element 3058in the value, an 3059.Va atm_pvc_ Ns Aq Ar element 3060variable is assumed to exist. 3061The value of each of these variables 3062will be passed as the parameters of an 3063.Dq Nm atm Cm "add pvc" 3064command. 3065.It Va atm_arps 3066.Pq Vt str 3067Set to the list of permanent ATM ARP entries to be added 3068at system boot time. 3069For each whitespace separated 3070.Ar element 3071in the value, an 3072.Va atm_arp_ Ns Aq Ar element 3073variable is assumed to exist. 3074The value of each of these variables 3075will be passed as the parameters of an 3076.Dq Nm atm Cm "add arp" 3077command. 3078.It Va natm_interfaces 3079.Pq Vt str 3080Set to the list of 3081.Xr natm 4 3082interfaces that will also be used for HARP through 3083.Xr harp 4 . 3084If this list is not empty all interfaces in the list will be brought up 3085with 3086.Xr ifconfig 8 3087and 3088.Xr harp 4 3089will be loaded. 3090For this to work the interface drivers must be either compiled into the 3091kernel or must reside on the root partition. 3092.It Va keybell 3093.Pq Vt str 3094The keyboard bell sound. 3095Set to 3096.Dq Li normal , 3097.Dq Li visual , 3098.Dq Li off , 3099or 3100.Dq Li NO 3101if the default behavior is desired. 3102For details, refer to the 3103.Xr kbdcontrol 1 3104manpage. 3105.It Va keyboard 3106.Pq Vt str 3107If set to a non-null string, the virtual console's keyboard input is 3108set to this device. 3109.It Va keymap 3110.Pq Vt str 3111If set to 3112.Dq Li NO , 3113no keymap is installed, otherwise the value is used to install 3114the keymap file in 3115.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3116.It Va keyrate 3117.Pq Vt str 3118The keyboard repeat speed. 3119Set to 3120.Dq Li slow , 3121.Dq Li normal , 3122.Dq Li fast , 3123or 3124.Dq Li NO 3125if the default behavior is desired. 3126.It Va keychange 3127.Pq Vt str 3128If not set to 3129.Dq Li NO , 3130attempt to program the function keys with the value. 3131The value should 3132be a single string of the form: 3133.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3134.It Va cursor 3135.Pq Vt str 3136Can be set to the value of 3137.Dq Li normal , 3138.Dq Li blink , 3139.Dq Li destructive , 3140or 3141.Dq Li NO 3142to set the cursor behavior explicitly or choose the default behavior. 3143.It Va scrnmap 3144.Pq Vt str 3145If set to 3146.Dq Li NO , 3147no screen map is installed, otherwise the value is used to install 3148the screen map file in 3149.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3150.It Va font8x16 3151.Pq Vt str 3152If set to 3153.Dq Li NO , 3154the default 8x16 font value is used for screen size requests, otherwise 3155the value in 3156.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3157is used. 3158.It Va font8x14 3159.Pq Vt str 3160If set to 3161.Dq Li NO , 3162the default 8x14 font value is used for screen size requests, otherwise 3163the value in 3164.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3165is used. 3166.It Va font8x8 3167.Pq Vt str 3168If set to 3169.Dq Li NO , 3170the default 8x8 font value is used for screen size requests, otherwise 3171the value in 3172.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3173is used. 3174.It Va blanktime 3175.Pq Vt int 3176If set to 3177.Dq Li NO , 3178the default screen blanking interval is used, otherwise it is set 3179to 3180.Ar value 3181seconds. 3182.It Va saver 3183.Pq Vt str 3184If not set to 3185.Dq Li NO , 3186this is the actual screen saver to use 3187.Li ( blank , snake , daemon , 3188etc). 3189.It Va moused_nondefault_enable 3190.Pq Vt str 3191If set to 3192.Dq Li NO , 3193the mouse device specified on 3194the command line is not automatically treated as enabled by the 3195.Pa /etc/rc.d/moused 3196script. 3197Having this variable set to 3198.Dq Li YES 3199allows a 3200.Xr usb 4 3201mouse, 3202for example, 3203to be enabled as soon as it is plugged in. 3204.It Va moused_enable 3205.Pq Vt str 3206If set to 3207.Dq Li YES , 3208the 3209.Xr moused 8 3210daemon is started for doing cut/paste selection on the console. 3211.It Va moused_type 3212.Pq Vt str 3213This is the protocol type of the mouse connected to this host. 3214This variable must be set if 3215.Va moused_enable 3216is set to 3217.Dq Li YES . 3218The 3219.Xr moused 8 3220daemon 3221is able to detect the appropriate mouse type automatically in many cases. 3222Set this variable to 3223.Dq Li auto 3224to let the daemon detect it, or 3225select one from the following list if the automatic detection fails. 3226.Pp 3227If the mouse is attached to the PS/2 mouse port, choose 3228.Dq Li auto 3229or 3230.Dq Li ps/2 , 3231regardless of the brand and model of the mouse. 3232Likewise, if the 3233mouse is attached to the bus mouse port, choose 3234.Dq Li auto 3235or 3236.Dq Li busmouse . 3237All other protocols are for serial mice and will not work with 3238the PS/2 and bus mice. 3239If this is a USB mouse, 3240.Dq Li auto 3241is the only protocol type which will work. 3242.Pp 3243.Bl -tag -width ".Li x10mouseremote" -compact 3244.It Li microsoft 3245Microsoft mouse (serial) 3246.It Li intellimouse 3247Microsoft IntelliMouse (serial) 3248.It Li mousesystems 3249Mouse systems Corp.\& mouse (serial) 3250.It Li mmseries 3251MM Series mouse (serial) 3252.It Li logitech 3253Logitech mouse (serial) 3254.It Li busmouse 3255A bus mouse 3256.It Li mouseman 3257Logitech MouseMan and TrackMan (serial) 3258.It Li glidepoint 3259ALPS GlidePoint (serial) 3260.It Li thinkingmouse 3261Kensington ThinkingMouse (serial) 3262.It Li ps/2 3263PS/2 mouse 3264.It Li mmhittab 3265MM HitTablet (serial) 3266.It Li x10mouseremote 3267X10 MouseRemote (serial) 3268.It Li versapad 3269Interlink VersaPad (serial) 3270.El 3271.Pp 3272Even if the mouse is not in the above list, it may be compatible 3273with one in the list. 3274Refer to the manual page for 3275.Xr moused 8 3276for compatibility information. 3277.Pp 3278It should also be noted that while this is enabled, any 3279other client of the mouse (such as an X server) should access 3280the mouse through the virtual mouse device, 3281.Pa /dev/sysmouse , 3282and configure it as a 3283.Dq Li sysmouse 3284type mouse, since all 3285mouse data is converted to this single canonical format when 3286using 3287.Xr moused 8 . 3288If the client program does not support the 3289.Dq Li sysmouse 3290type, 3291specify the 3292.Dq Li mousesystems 3293type. 3294It is the second preferred type. 3295.It Va moused_port 3296.Pq Vt str 3297If 3298.Va moused_enable 3299is set to 3300.Dq Li YES , 3301this is the actual port the mouse is on. 3302It might be 3303.Pa /dev/cuau0 3304for a COM1 serial mouse, 3305.Pa /dev/psm0 3306for a PS/2 mouse or 3307.Pa /dev/mse0 3308for a bus mouse, for example. 3309.It Va moused_flags 3310.Pq Vt str 3311If 3312.Va moused_flags 3313is set, its value is used as an additional set of flags to pass to the 3314.Xr moused 8 3315daemon. 3316.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3317When 3318.Va moused_nondefault_enable 3319is enabled, and a 3320.Xr moused 8 3321daemon is started for a non-default port, the 3322.Va "moused_" Ns Ar XXX Ns Va "_flags" 3323set of options has precedence over and replaces the default 3324.Va moused_flags 3325(where 3326.Ar XXX 3327is the name of the non-default port, i.e.,\& 3328.Ar ums0 ) . 3329By setting 3330.Va "moused_" Ns Ar XXX Ns Va "_flags" 3331it is possible to set up a different set of default flags for each 3332.Xr moused 8 3333instance. 3334For example, you can use 3335.Dq Li "-3" 3336for the default 3337.Va moused_flags 3338to make your laptop's touchpad more comfortable to use, 3339but an empty set of options for 3340.Va moused_ums0_flags 3341when your 3342.Xr usb 4 3343mouse has three or more buttons. 3344.It Va mousechar_start 3345.Pq Vt int 3346If set to 3347.Dq Li NO , 3348the default mouse cursor character range 3349.Li 0xd0 Ns - Ns Li 0xd3 3350is used, 3351otherwise the range start is set 3352to 3353.Ar value 3354character, see 3355.Xr vidcontrol 1 . 3356Use if the default range is occupied in the language code table. 3357.It Va allscreens_flags 3358.Pq Vt str 3359If set, 3360.Xr vidcontrol 1 3361is run with these options for each of the virtual terminals 3362.Pq Pa /dev/ttyv* . 3363For example, 3364.Dq Fl m Cm on 3365will enable the mouse pointer on all virtual terminals 3366if 3367.Va moused_enable 3368is set to 3369.Dq Li YES . 3370.It Va allscreens_kbdflags 3371.Pq Vt str 3372If set, 3373.Xr kbdcontrol 1 3374is run with these options for each of the virtual terminals 3375.Pq Pa /dev/ttyv* . 3376For example, 3377.Dq Fl h Li 200 3378will set the 3379.Xr syscons 4 3380scrollback (history) buffer to 200 lines. 3381.It Va cron_enable 3382.Pq Vt bool 3383If set to 3384.Dq Li YES , 3385run the 3386.Xr cron 8 3387daemon at system boot time. 3388.It Va cron_program 3389.Pq Vt str 3390Path to 3391.Xr cron 8 3392(default 3393.Pa /usr/sbin/cron ) . 3394.It Va cron_flags 3395.Pq Vt str 3396If 3397.Va cron_enable 3398is set to 3399.Dq Li YES , 3400these are the flags to pass to 3401.Xr cron 8 . 3402.It Va cron_dst 3403.Pq Vt bool 3404If set to 3405.Dq Li YES , 3406enable the special handling of transitions to and from the 3407Daylight Saving Time in 3408.Xr cron 8 3409(equivalent to using the flag 3410.Fl s ) . 3411.It Va lpd_program 3412.Pq Vt str 3413Path to 3414.Xr lpd 8 3415(default 3416.Pa /usr/sbin/lpd ) . 3417.It Va lpd_enable 3418.Pq Vt bool 3419If set to 3420.Dq Li YES , 3421run the 3422.Xr lpd 8 3423daemon at system boot time. 3424.It Va lpd_flags 3425.Pq Vt str 3426If 3427.Va lpd_enable 3428is set to 3429.Dq Li YES , 3430these are the flags to pass to the 3431.Xr lpd 8 3432daemon. 3433.It Va chkprintcap_enable 3434.Pq Vt bool 3435If set to 3436.Dq Li YES , 3437run the 3438.Xr chkprintcap 8 3439command before starting the 3440.Xr lpd 8 3441daemon. 3442.It Va chkprintcap_flags 3443.Pq Vt str 3444If 3445.Va lpd_enable 3446and 3447.Va chkprintcap_enable 3448are set to 3449.Dq Li YES , 3450these are the flags to pass to the 3451.Xr chkprintcap 8 3452program. 3453The default is 3454.Dq Li -d , 3455which causes missing directories to be created. 3456.It Va mta_start_script 3457.Pq Vt str 3458This variable specifies the full path to the script to run to start 3459a mail transfer agent. 3460The default is 3461.Pa /etc/rc.sendmail . 3462The 3463.Va sendmail_* 3464variables which 3465.Pa /etc/rc.sendmail 3466uses are documented in the 3467.Xr rc.sendmail 8 3468manual page. 3469.It Va dumpdev 3470.Pq Vt str 3471Indicates the device (usually a swap partition) to which a crash dump 3472should be written in the event of a system crash. 3473If the value of this variable is 3474.Dq Li AUTO , 3475the first suitable swap device listed in 3476.Pa /etc/fstab 3477will be used as dump device. 3478Otherwise, the value of this variable is passed as the argument to 3479.Xr dumpon 8 . 3480To disable crash dumps, set this variable to 3481.Dq Li NO . 3482.It Va dumpdir 3483.Pq Vt str 3484When the system reboots after a crash and a crash dump is found on the 3485device specified by the 3486.Va dumpdev 3487variable, 3488.Xr savecore 8 3489will save that crash dump and a copy of the kernel to the directory 3490specified by the 3491.Va dumpdir 3492variable. 3493The default value is 3494.Pa /var/crash . 3495Set to 3496.Dq Li NO 3497to not run 3498.Xr savecore 8 3499at boot time when 3500.Va dumpdir 3501is set. 3502.It Va savecore_flags 3503.Pq Vt str 3504If crash dumps are enabled, these are the flags to pass to the 3505.Xr savecore 8 3506utility. 3507.It Va quota_enable 3508.Pq Vt bool 3509Set to 3510.Dq Li YES 3511to turn on user and group disk quotas on system startup via the 3512.Xr quotaon 8 3513command for all file systems marked as having quotas enabled in 3514.Pa /etc/fstab . 3515The kernel must be built with 3516.Cd "options QUOTA" 3517for disk quotas to function. 3518.It Va check_quotas 3519.Pq Vt bool 3520Set to 3521.Dq Li YES 3522to enable user and group disk quota checking via the 3523.Xr quotacheck 8 3524command. 3525.It Va quotacheck_flags 3526.Pq Vt str 3527If 3528.Va quota_enable 3529is set to 3530.Dq Li YES , 3531and 3532.Va check_quotas 3533is set to 3534.Dq Li YES , 3535these are the flags to pass to the 3536.Xr quotacheck 8 3537utility. 3538The default is 3539.Dq Li "-a" , 3540which checks quotas for all file systems with quotas enabled in 3541.Pa /etc/fstab . 3542.It Va quotaon_flags 3543.Pq Vt str 3544If 3545.Va quota_enable 3546is set to 3547.Dq Li YES , 3548these are the flags to pass to the 3549.Xr quotaon 8 3550utility. 3551The default is 3552.Dq Li "-a" , 3553which enables quotas for all file systems with quotas enabled in 3554.Pa /etc/fstab . 3555.It Va quotaoff_flags 3556.Pq Vt str 3557If 3558.Va quota_enable 3559is set to 3560.Dq Li YES , 3561these are the flags to pass to the 3562.Xr quotaoff 8 3563utility when shutting down the quota system. 3564The default is 3565.Dq Li "-a" , 3566which disables quotas for all file systems with quotas enabled in 3567.Pa /etc/fstab . 3568.It Va accounting_enable 3569.Pq Vt bool 3570Set to 3571.Dq Li YES 3572to enable system accounting through the 3573.Xr accton 8 3574facility. 3575.It Va ibcs2_enable 3576.Pq Vt bool 3577Set to 3578.Dq Li YES 3579to enable iBCS2 (SCO) binary emulation at system initial boot 3580time. 3581.It Va ibcs2_loaders 3582.Pq Vt str 3583If not set to 3584.Dq Li NO 3585and if 3586.Va ibcs2_enable 3587is set to 3588.Dq Li YES , 3589this specifies a list of additional iBCS2 loaders to enable. 3590.It Va firstboot_sentinel 3591.Pq Vt str 3592This variable specifies the full path to a 3593.Dq first boot 3594sentinel file. 3595If a file exists with this path, 3596.Pa rc.d 3597scripts with the 3598.Dq firstboot 3599keyword will be run on startup and the sentinel file will be deleted 3600after the boot process completes. 3601The sentinel file must be located on a writable file system which is 3602mounted no later than 3603.Va early_late_divider 3604to function properly. 3605The default is 3606.Pa /firstboot . 3607.It Va linux_enable 3608.Pq Vt bool 3609Set to 3610.Dq Li YES 3611to enable Linux/ELF binary emulation at system initial 3612boot time. 3613.It Va svr4_enable 3614.Pq Vt bool 3615If set to 3616.Dq Li YES , 3617enable SysVR4 emulation at boot time. 3618.It Va sysvipc_enable 3619.Pq Vt bool 3620If set to 3621.Dq Li YES , 3622load System V IPC primitives at boot time. 3623.It Va clear_tmp_enable 3624.Pq Vt bool 3625Set to 3626.Dq Li YES 3627to have 3628.Pa /tmp 3629cleaned at startup. 3630.It Va clear_tmp_X 3631.Pq Vt bool 3632Set to 3633.Dq Li NO 3634to disable removing of X11 lock files, 3635and the removal and (secure) recreation 3636of the various socket directories for X11 3637related programs. 3638.It Va ldconfig_paths 3639.Pq Vt str 3640Set to the list of shared library paths to use with 3641.Xr ldconfig 8 . 3642NOTE: 3643.Pa /usr/lib 3644will always be added first, so it need not appear in this list. 3645.It Va ldconfig32_paths 3646.Pq Vt str 3647Set to the list of 32-bit compatibility shared library paths to 3648use with 3649.Xr ldconfig 8 . 3650.It Va ldconfig_paths_aout 3651.Pq Vt str 3652Set to the list of shared library paths to use with 3653.Xr ldconfig 8 3654legacy 3655.Xr a.out 5 3656support. 3657.It Va ldconfig_insecure 3658.Pq Vt bool 3659The 3660.Xr ldconfig 8 3661utility normally refuses to use directories 3662which are writable by anyone except root. 3663Set this variable to 3664.Dq Li YES 3665to disable that security check during system startup. 3666.It Va ldconfig_local_dirs 3667.Pq Vt str 3668Set to the list of local 3669.Xr ldconfig 8 3670directories. 3671The names of all files in the directories listed will be 3672passed as arguments to 3673.Xr ldconfig 8 . 3674.It Va ldconfig_local32_dirs 3675.Pq Vt str 3676Set to the list of local 32-bit compatibility 3677.Xr ldconfig 8 3678directories. 3679The names of all files in the directories listed will be 3680passed as arguments to 3681.Dq Nm ldconfig Fl 32 . 3682.It Va kern_securelevel_enable 3683.Pq Vt bool 3684Set to 3685.Dq Li YES 3686to set the kernel security level at system startup. 3687.It Va kern_securelevel 3688.Pq Vt int 3689The kernel security level to set at startup. 3690The allowed range of 3691.Ar value 3692ranges from \-1 (the compile time default) to 3 (the 3693most secure). 3694See 3695.Xr security 7 3696for the list of possible security levels and their effect 3697on system operation. 3698.It Va sshd_program 3699.Pq Vt str 3700Path to the SSH server program 3701.Pa ( /usr/sbin/sshd 3702is the default). 3703.It Va sshd_enable 3704.Pq Vt bool 3705Set to 3706.Dq Li YES 3707to start 3708.Xr sshd 8 3709at system boot time. 3710.It Va sshd_flags 3711.Pq Vt str 3712If 3713.Va sshd_enable 3714is set to 3715.Dq Li YES , 3716these are the flags to pass to the 3717.Xr sshd 8 3718daemon. 3719.It Va ftpd_program 3720.Pq Vt str 3721Path to the FTP server program 3722.Pa ( /usr/libexec/ftpd 3723is the default). 3724.It Va ftpd_enable 3725.Pq Vt bool 3726Set to 3727.Dq Li YES 3728to start 3729.Xr ftpd 8 3730as a stand-alone daemon at system boot time. 3731.It Va ftpd_flags 3732.Pq Vt str 3733If 3734.Va ftpd_enable 3735is set to 3736.Dq Li YES , 3737these are the additional flags to pass to the 3738.Xr ftpd 8 3739daemon. 3740.It Va watchdogd_enable 3741.Pq Vt bool 3742If set to 3743.Dq Li YES , 3744start the 3745.Xr watchdogd 8 3746daemon at boot time. 3747This requires that the kernel have been compiled with a 3748.Xr watchdog 4 3749compatible device. 3750.It Va watchdogd_flags 3751.Pq Vt str 3752If 3753.Va watchdogd_enable 3754is set to 3755.Dq Li YES , 3756these are the flags passed to the 3757.Xr watchdogd 8 3758daemon. 3759.It Va devfs_rulesets 3760.Pq Vt str 3761List of files containing sets of rules for 3762.Xr devfs 8 . 3763.It Va devfs_system_ruleset 3764.Pq Vt str 3765Rule name(s) to apply to the system 3766.Pa /dev 3767itself. 3768.It Va devfs_set_rulesets 3769.Pq Vt str 3770Pairs of already-mounted 3771.Pa dev 3772directories and rulesets that should be applied to them. 3773For example: /mount/dev=ruleset_name 3774.It Va devfs_load_rulesets 3775.Pq Vt bool 3776If set, always load the default rulesets listed in 3777.Va devfs_rulesets . 3778.It Va performance_cx_lowest 3779.Pq Vt str 3780CPU idle state to use while on AC power. 3781The string 3782.Dq Li LOW 3783indicates that 3784.Xr acpi 4 3785should use the lowest power state available while 3786.Dq Li HIGH 3787indicates that the lowest latency state (less power savings) should be used. 3788.It Va performance_cpu_freq 3789.Pq Vt str 3790CPU clock frequency to use while on AC power. 3791The string 3792.Dq Li LOW 3793indicates that 3794.Xr cpufreq 4 3795should use the lowest frequency available while 3796.Dq Li HIGH 3797indicates that the highest frequency (less power savings) should be used. 3798.It Va economy_cx_lowest 3799.Pq Vt str 3800CPU idle state to use when off AC power. 3801The string 3802.Dq Li LOW 3803indicates that 3804.Xr acpi 4 3805should use the lowest power state available while 3806.Dq Li HIGH 3807indicates that the lowest latency state (less power savings) should be used. 3808.It Va economy_cpu_freq 3809.Pq Vt str 3810CPU clock frequency to use when off AC power. 3811The string 3812.Dq Li LOW 3813indicates that 3814.Xr cpufreq 4 3815should use the lowest frequency available while 3816.Dq Li HIGH 3817indicates that the highest frequency (less power savings) should be used. 3818.It Va jail_enable 3819.Pq Vt bool 3820If set to 3821.Dq Li NO , 3822any configured jails will not be started. 3823.It Va jail_conf 3824.Pq Vt str 3825The configuration filename used by 3826.Xr jail 8 3827utility. 3828The default value is 3829.Pa /etc/jail.conf . 3830.It Va jail_parallel_start 3831.Pq Vt bool 3832If set to 3833.Dq Li YES , 3834all configured jails will be started in the background (in parallel). 3835.It Va jail_flags 3836.Pq Vt str 3837Unset by default. 3838When set, use as default value for 3839.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3840for every jail in 3841.Va jail_list . 3842.It Va jail_list 3843.Pq Vt str 3844A space separated list of names for jails. 3845If this variable is empty, 3846all of 3847.Xr jail 8 3848instances in the configuration file will be configured. 3849This is purely a configuration aid to help identify and 3850configure multiple jails. 3851The names specified in this list will be used to 3852identify settings common to an instance of a jail, 3853and should contain alphanumeric characters only. 3854The literal jail name of 3855.Dq Li 0 3856.Pq zero 3857is not allowed. 3858.It Va jail_* variables 3859Note that older releases supported per-jail configuration via 3860.Xr rc.conf 5 3861variables. 3862For example, 3863hostname of a jail named 3864.Li vjail 3865was able to be set by 3866.Li jail_vjail_hostname . 3867These per-jail configuration variables are now obsolete in favor of 3868.Xr jail 8 3869configuration file. 3870For backward compatibility, 3871when per-jail configuration variables are defined, 3872.Xr jail 8 3873configuration files are created as 3874.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3875and used. 3876.Pp 3877The following per-jail parameters are handled by 3878.Pa rc.d/jail 3879script out of their corresponding 3880.Nm 3881variables. 3882In addition to them, parameters in 3883.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3884will be added to the configuration file. 3885They must be a semi-colon 3886.Pq Ql \&; 3887delimited list of 3888.Dq key=value . 3889For more details, 3890see 3891.Xr jail 8 3892manual page. 3893.Bl -tag -width "host.hostname" -offset indent 3894.It Li path 3895set from 3896.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3897.It Li host.hostname 3898set from 3899.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3900.It Li exec.consolelog 3901set from 3902.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3903The default value is 3904.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3905.It Li interface 3906set from 3907.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3908.It Li vnet.interface 3909set from 3910.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3911This implies 3912.Li vnet 3913parameter will be enabled and cannot be specified with 3914.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3915.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3916and/or 3917.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3918at the same time. 3919.It Li fstab 3920set from 3921.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3922.It Li mount 3923set from 3924.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3925.It Li exec.fib 3926set from 3927.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3928.It Li exec.start 3929set from 3930.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3931The parameter name was 3932.Li command 3933in some older releases. 3934.It Li exec.prestart 3935set from 3936.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3937.It Li exec.poststart 3938set from 3939.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3940.It Li exec.stop 3941set from 3942.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3943.It Li exec.prestop 3944set from 3945.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3946.It Li exec.poststop 3947set from 3948.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3949.It Li ip4.addr 3950set if 3951.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3952or 3953.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3954contain IPv4 addresses 3955.It Li ip6.addr 3956set if 3957.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3958or 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3960contain IPv6 addresses 3961.It Li allow.mount 3962set from 3963.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3964.It Li mount.devfs 3965set from 3966.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3967.It Li devfs_ruleset 3968set from 3969.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3970This must be an integer, 3971not a string. 3972.It Li mount.fdescfs 3973set from 3974.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3975.It Li allow.set_hostname 3976set from 3977.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3978.It Li allow.rawsocket 3979set from 3980.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3981.It Li allow.sysvipc 3982set from 3983.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 3984.El 3985.\" ----------------------------------------------------- 3986.It Va harvest_interrupt 3987.Pq Vt bool 3988Set to 3989.Dq Li YES 3990to use hardware interrupts as an entropy source. 3991Refer to 3992.Xr random 4 3993for more information. 3994.It Va harvest_ethernet 3995.Pq Vt bool 3996Set to 3997.Dq Li YES 3998to use LAN traffic as an entropy source. 3999Refer to 4000.Xr random 4 4001for more information. 4002.It Va harvest_p_to_p 4003.Pq Vt bool 4004Set to 4005.Dq Li YES 4006to use serial line traffic as an entropy source. 4007Refer to 4008.Xr random 4 4009for more information. 4010.It Va entropy_dir 4011.Pq Vt str 4012Set to 4013.Dq Li NO 4014to disable caching entropy via 4015.Xr cron 8 . 4016Otherwise set to the directory used to store entropy files in. 4017.It Va entropy_file 4018.Pq Vt str 4019Set to 4020.Dq Li NO 4021to disable caching entropy through reboots. 4022Otherwise set to the filename used to store cached entropy through 4023reboots. 4024This file should be located on the root file system to seed the 4025.Xr random 4 4026device as early as possible in the boot process. 4027.It Va entropy_save_sz 4028.Pq Vt int 4029Size of the entropy cache files saved by 4030.Nm save-entropy 4031periodically. 4032.It Va entropy_save_num 4033.Pq Vt int 4034Number of entropy cache files to save by 4035.Nm save-entropy 4036periodically. 4037.It Va ipsec_enable 4038.Pq Vt bool 4039Set to 4040.Dq Li YES 4041to run 4042.Xr setkey 8 4043on 4044.Va ipsec_file 4045at boot time. 4046.It Va ipsec_file 4047.Pq Vt str 4048Configuration file for 4049.Xr setkey 8 . 4050.It Va dmesg_enable 4051.Pq Vt bool 4052Set to 4053.Dq Li YES 4054to save 4055.Xr dmesg 8 4056to 4057.Pa /var/run/dmesg.boot 4058on boot. 4059.It Va rcshutdown_timeout 4060.Pq Vt int 4061If set, start a watchdog timer in the background which will terminate 4062.Pa rc.shutdown 4063if 4064.Xr shutdown 8 4065has not completed within the specified time (in seconds). 4066Notice that in addition to this soft timeout, 4067.Xr init 8 4068also applies a hard timeout for the execution of 4069.Pa rc.shutdown . 4070This is configured via 4071.Xr sysctl 8 4072variable 4073.Va kern.init_shutdown_timeout 4074and defaults to 120 seconds. 4075Setting the value of 4076.Va rcshutdown_timeout 4077to more than 120 seconds will have no effect until the 4078.Xr sysctl 8 4079variable 4080.Va kern.init_shutdown_timeout 4081is also increased. 4082.It Va virecover_enable 4083.Pq Vt bool 4084Set to 4085.Dq Li NO 4086to prevent the system from trying to 4087recover pre-maturely terminated 4088.Xr vi 1 4089sessions. 4090.It Va ugidfw_enable 4091.Pq Vt bool 4092Set to 4093.Dq Li YES 4094to load the 4095.Xr mac_bsdextended 4 4096module upon system initialization and load a default 4097ruleset file. 4098.It Va bsdextended_script 4099.Pq Vt str 4100The default 4101.Xr mac_bsdextended 4 4102ruleset file to load. 4103The default value of this variable is 4104.Pa /etc/rc.bsdextended . 4105.It Va newsyslog_enable 4106.Pq Vt bool 4107If set to 4108.Dq Li YES , 4109run 4110.Xr newsyslog 8 4111command at startup. 4112.It Va newsyslog_flags 4113.Pq Vt str 4114If 4115.Va newsyslog_enable 4116is set to 4117.Dq Li YES , 4118these are the flags to pass to the 4119.Xr newsyslog 8 4120program. 4121The default is 4122.Dq Li -CN , 4123which causes log files flagged with a 4124.Cm C 4125to be created. 4126.It Va mdconfig_md Ns Aq Ar X 4127.Pq Vt str 4128Arguments to 4129.Xr mdconfig 8 4130for 4131.Xr md 4 4132device 4133.Ar X . 4134At minimum a 4135.Fl t Ar type 4136must be specified and either a 4137.Fl s Ar size 4138for malloc or swap backed 4139.Xr md 4 4140devices or a 4141.Fl f Ar file 4142for vnode backed 4143.Xr md 4 4144devices. 4145Note that 4146.Va mdconfig_md Ns Aq Ar X 4147variables are evaluated until one variable is unset or null. 4148.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4149.Pq Vt str 4150Optional arguments passed to 4151.Xr newfs 8 4152to initialize 4153.Xr md 4 4154device 4155.Ar X . 4156.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4157.Pq Vt str 4158An ownership specification passed to 4159.Xr chown 8 4160after the specified 4161.Xr md 4 4162device 4163.Ar X 4164has been mounted. 4165Both the 4166.Xr md 4 4167device and the mount point will be changed. 4168.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4169.Pq Vt str 4170A mode string passed to 4171.Xr chmod 1 4172after the specified 4173.Xr md 4 4174device 4175.Ar X 4176has been mounted. 4177Both the 4178.Xr md 4 4179device and the mount point will be changed. 4180.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4181.Pq Vt str 4182Files to be copied to the mount point of the 4183.Xr md 4 4184device 4185.Ar X 4186after it has been mounted. 4187.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4188.Pq Vt str 4189Command to execute after the specified 4190.Xr md 4 4191device 4192.Ar X 4193has been mounted. 4194Note that the command is passed to 4195.Ic eval 4196and that both 4197.Va _dev 4198and 4199.Va _mp 4200variables can be used to reference respectively the 4201.Xr md 4 4202device and the mount point. 4203Assuming that the 4204.Xr md 4 4205device is 4206.Li md0 , 4207one could set the following: 4208.Bd -literal 4209mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4210.Ed 4211.It Va autobridge_interfaces 4212.Pq Vt str 4213Set to the list of bridge interfaces that will have newly arriving interfaces 4214checked against to be automatically added. 4215If not set to 4216.Dq Li NO 4217then for each whitespace separated 4218.Ar element 4219in the value, a 4220.Va autobridge_ Ns Aq Ar element 4221variable is assumed to exist which has a whitespace separated list of interface 4222names to match, these names can use wildcards. 4223For example: 4224.Bd -literal 4225autobridge_interfaces="bridge0" 4226autobridge_bridge0="tap* dc0 vlan[345]" 4227.Ed 4228.It Va mixer_enable 4229.Pq Vt bool 4230If set to 4231.Dq Li YES , 4232enable support for sound mixer. 4233.It Va hcsecd_enable 4234.Pq Vt bool 4235If set to 4236.Dq Li YES , 4237enable Bluetooth security daemon. 4238.It Va hcsecd_config 4239.Pq Vt str 4240Configuration file for 4241.Xr hcsecd 8 . 4242Default 4243.Pa /etc/bluetooth/hcsecd.conf . 4244.It Va sdpd_enable 4245.Pq Vt bool 4246If set to 4247.Dq Li YES , 4248enable Bluetooth Service Discovery Protocol daemon. 4249.It Va sdpd_control 4250.Pq Vt str 4251Path to 4252.Xr sdpd 8 4253control socket. 4254Default 4255.Pa /var/run/sdp . 4256.It Va sdpd_groupname 4257.Pq Vt str 4258Sets 4259.Xr sdpd 8 4260group to run as after it initializes. 4261Default 4262.Dq Li nobody . 4263.It Va sdpd_username 4264.Pq Vt str 4265Sets 4266.Xr sdpd 8 4267user to run as after it initializes. 4268Default 4269.Dq Li nobody . 4270.It Va bthidd_enable 4271.Pq Vt bool 4272If set to 4273.Dq Li YES , 4274enable Bluetooth Human Interface Device daemon. 4275.It Va bthidd_config 4276.Pq Vt str 4277Configuration file for 4278.Xr bthidd 8 . 4279Default 4280.Pa /etc/bluetooth/bthidd.conf . 4281.It Va bthidd_hids 4282.Pq Vt str 4283Path to a file, where 4284.Xr bthidd 8 4285will store information about known HID devices. 4286Default 4287.Pa /var/db/bthidd.hids . 4288.It Va rfcomm_pppd_server_enable 4289.Pq Vt bool 4290If set to 4291.Dq Li YES , 4292enable Bluetooth RFCOMM PPP wrapper daemon. 4293.It Va rfcomm_pppd_server_profile 4294.Pq Vt str 4295The name of the profile to use from 4296.Pa /etc/ppp/ppp.conf . 4297Multiple profiles can be specified here. 4298Also used to specify per-profile overrides. 4299When the profile name contains any of the characters 4300.Dq Li .-/+ 4301they are translated to 4302.Dq Li _ 4303for the proposes of the override variable names. 4304.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4305.Pq Vt str 4306Overrides local address to listen on. 4307By default 4308.Xr rfcomm_pppd 8 4309will listen on 4310.Dq Li ANY 4311address. 4312The address can be specified as BD_ADDR or name. 4313.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4314.Pq Vt str 4315Overrides local RFCOMM channel to listen on. 4316By default 4317.Xr rfcomm_pppd 8 4318will listen on RFCOMM channel 1. 4319Must set properly if multiple profiles used in the same time. 4320.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4321.Pq Vt bool 4322Tells 4323.Xr rfcomm_pppd 8 4324if it should register Serial Port service on the specified RFCOMM channel. 4325Default 4326.Dq Li NO . 4327.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4328.Pq Vt bool 4329Tells 4330.Xr rfcomm_pppd 8 4331if it should register Dial-Up Networking service on the specified 4332RFCOMM channel. 4333Default 4334.Dq Li NO . 4335.It Va ubthidhci_enable 4336.Pq Vt bool 4337If set to 4338.Dq Li YES , 4339change the USB Bluetooth controller from HID mode to HCI mode. 4340You also need to specify the location of USB Bluetooth controller with the 4341.Va ubthidhci_busnum 4342and 4343.Va ubthidhci_addr 4344variables. 4345.It Va ubthidhci_busnum 4346Bus number where the USB Bluetooth controller is located. 4347Check the output of 4348.Xr usbconfig 8 4349on your system to find this information. 4350.It Va ubthidhci_addr 4351Bus address of the USB Bluetooth controller. 4352Check the output of 4353.Xr usbconfig 8 4354on your system to find this information. 4355.It Va netwait_enable 4356.Pq Vt bool 4357If set to 4358.Dq Li YES , 4359delays the start of network-reliant services until 4360.Va netwait_if 4361is up and ICMP packets to a destination defined in 4362.Va netwait_ip 4363are flowing. 4364Link state is examined first, followed by 4365.Dq Li pinging 4366an IP address to verify network usability. 4367If no destination can be reached or timeouts are exceeded, 4368network services are started anyway with no guarantee that 4369the network is usable. 4370Use of this variable requires both 4371.Va netwait_ip 4372and 4373.Va netwait_if 4374to be set. 4375.It Va netwait_ip 4376.Pq Vt str 4377Empty by default. 4378This variable contains a space-delimited list of IP addresses to 4379.Xr ping 8 . 4380DNS hostnames should not be used as resolution is not guaranteed 4381to be functional at this point. 4382If multiple IP addresses are specified, 4383each will be tried until one is successful or the list is exhausted. 4384.It Va netwait_timeout 4385.Pq Vt int 4386Indicates the total number of seconds to perform a 4387.Dq Li ping 4388against each IP address in 4389.Va netwait_ip , 4390at a rate of one ping per second. 4391If any of the pings are successful, 4392full network connectivity is considered reliable. 4393The default is 60. 4394.It Va netwait_if 4395.Pq Vt str 4396Empty by default. 4397Defines the name of the network interface on which watch for link. 4398.Xr ifconfig 8 4399is used to monitor the interface, looking for 4400.Dq Li status: no carrier . 4401Once gone, the link is considered up. 4402This can be a 4403.Xr vlan 4 4404interface if desired. 4405.It Va netwait_if_timeout 4406.Pq Vt int 4407Defines the total number of seconds to wait for link to become usable, 4408polled at a 1-second interval. 4409The default is 30. 4410.It Va rctl_enable 4411.Pq Vt bool 4412Set to 4413.Dq Li YES 4414to load 4415.Xr rctl 8 4416rules from the defined ruleset. 4417The kernel must be built with 4418.Cd "options RACCT" 4419and 4420.Cd "options RCTL" . 4421.It Va rctl_rules 4422.Pq Vt str 4423Set to 4424.Pa /etc/rctl.conf 4425by default. 4426This variables contains the 4427.Xr rctl.conf 5 4428ruleset to load for 4429.Xr rctl 8 . 4430.El 4431.Sh FILES 4432.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4433.It Pa /etc/defaults/rc.conf 4434.It Pa /etc/rc.conf 4435.It Pa /etc/rc.conf.local 4436.El 4437.Sh SEE ALSO 4438.Xr catman 1 , 4439.Xr chmod 1 , 4440.Xr gdb 1 , 4441.Xr info 1 , 4442.Xr kbdcontrol 1 , 4443.Xr makewhatis 1 , 4444.Xr sh 1 , 4445.Xr vi 1 , 4446.Xr vidcontrol 1 , 4447.Xr bridge 4 , 4448.Xr dummynet 4 , 4449.Xr ip 4 , 4450.Xr ipf 4 , 4451.Xr ipfw 4 , 4452.Xr ipnat 4 , 4453.Xr kld 4 , 4454.Xr pf 4 , 4455.Xr pflog 4 , 4456.Xr pfsync 4 , 4457.Xr tcp 4 , 4458.Xr udp 4 , 4459.Xr exports 5 , 4460.Xr fstab 5 , 4461.Xr ipf 5 , 4462.Xr ipnat 5 , 4463.Xr jail.conf 5 , 4464.Xr motd 5 , 4465.Xr newsyslog.conf 5 , 4466.Xr pf.conf 5 , 4467.Xr security 7 , 4468.Xr accton 8 , 4469.Xr amd 8 , 4470.Xr apm 8 , 4471.Xr atm 8 , 4472.Xr bthidd 8 , 4473.Xr chkprintcap 8 , 4474.Xr chown 8 , 4475.Xr cron 8 , 4476.Xr devfs 8 , 4477.Xr dhclient 8 , 4478.Xr ftpd 8 , 4479.Xr geli 8 , 4480.Xr hcsecd 8 , 4481.Xr ifconfig 8 , 4482.Xr inetd 8 , 4483.Xr ipf 8 , 4484.Xr ipfw 8 , 4485.Xr ipnat 8 , 4486.Xr jail 8 , 4487.Xr kldxref 8 , 4488.Xr lpd 8 , 4489.Xr mdconfig 8 , 4490.Xr mdmfs 8 , 4491.Xr mixer 8 , 4492.Xr mountd 8 , 4493.Xr moused 8 , 4494.Xr mrouted 8 , 4495.Xr newfs 8 , 4496.Xr newsyslog 8 , 4497.Xr nfsd 8 , 4498.Xr ntpd 8 , 4499.Xr ntpdate 8 , 4500.Xr pfctl 8 , 4501.Xr pflogd 8 , 4502.Xr ping 8 , 4503.Xr powerd 8 , 4504.Xr quotacheck 8 , 4505.Xr quotaon 8 , 4506.Xr rc 8 , 4507.Xr rc.sendmail 8 , 4508.Xr rfcomm_pppd 8 , 4509.Xr route 8 , 4510.Xr routed 8 , 4511.Xr rpcbind 8 , 4512.Xr rpc.lockd 8 , 4513.Xr rpc.statd 8 , 4514.Xr rwhod 8 , 4515.Xr savecore 8 , 4516.Xr sdpd 8 , 4517.Xr sshd 8 , 4518.Xr swapon 8 , 4519.Xr sysctl 8 , 4520.Xr syslogd 8 , 4521.Xr timed 8 , 4522.Xr unbound 8 , 4523.Xr usbconfig 8 , 4524.Xr wlandebug 8 , 4525.Xr yp 8 , 4526.Xr ypbind 8 , 4527.Xr ypserv 8 , 4528.Xr ypset 8 4529.Sh HISTORY 4530The 4531.Nm 4532file appeared in 4533.Fx 2.2.2 . 4534.Sh AUTHORS 4535.An Jordan K. Hubbard . 4536