1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd September 3, 2007 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va kldxref_enable 168.Pq Vt bool 169Set to 170.Dq Li NO 171by default. 172Set to 173.Dq Li YES 174to automatically rebuild 175.Pa linker.hints 176files with 177.Xr kldxref 8 178at boot time. 179.It Va kldxref_clobber 180.Pq Vt bool 181Set to 182.Dq Li NO 183by default. 184If 185.Va kldxref_enable 186is true, 187setting to 188.Dq Li YES 189will overwrite existing 190.Pa linker.hints 191files at boot time. 192Otherwise, 193only missing 194.Pa linker.hints 195files are generated. 196.It Va kldxref_module_path 197.Pq Vt str 198Empty by default. 199A semi-colon 200.Pq Ql \&; 201delimited list of paths containing 202.Xr kld 4 203modules. 204If empty, 205the contents of the 206.Va kern.module_path 207.Xr sysctl 8 208are used. 209.It Va powerd_enable 210.Pq Vt bool 211If set to 212.Dq Li YES , 213enable the system power control facility with the 214.Xr powerd 8 215daemon. 216.It Va powerd_flags 217.Pq Vt str 218If 219.Va powerd_enable 220is set to 221.Dq Li YES , 222these are the flags to pass to the 223.Xr powerd 8 224daemon. 225.It Va tmpmfs 226Controls the creation of a 227.Pa /tmp 228memory file system. 229Always happens if set to 230.Dq Li YES 231and never happens if set to 232.Dq Li NO . 233If set to anything else, a memory file system is created if 234.Pa /tmp 235is not writable. 236.It Va tmpsize 237Controls the size of a created 238.Pa /tmp 239memory file system. 240.It Va tmpmfs_flags 241Extra options passed to the 242.Xr mdmfs 8 243utility when the memory file system for 244.Pa /tmp 245is created. 246The default is 247.Dq Li "-S" , 248which inhibits the use of softupdates on 249.Pa /tmp 250so that file system space is freed without delay 251after file truncation or deletion. 252See 253.Xr mdmfs 8 254for other options you can use in 255.Va tmpmfs_flags . 256.It Va varmfs 257Controls the creation of a 258.Pa /var 259memory file system. 260Always happens if set to 261.Dq Li YES 262and never happens if set to 263.Dq Li NO . 264If set to anything else, a memory file system is created if 265.Pa /var 266is not writable. 267.It Va varsize 268Controls the size of a created 269.Pa /var 270memory file system. 271.It Va varmfs_flags 272Extra options passed to the 273.Xr mdmfs 8 274utility when the memory file system for 275.Pa /var 276is created. 277The default is 278.Dq Li "-S" , 279which inhibits the use of softupdates on 280.Pa /var 281so that file system space is freed without delay 282after file truncation or deletion. 283See 284.Xr mdmfs 8 285for other options you can use in 286.Va varmfs_flags . 287.It Va populate_var 288Controls the automatic population of the 289.Pa /var 290file system. 291Always happens if set to 292.Dq Li YES 293and never happens if set to 294.Dq Li NO . 295If set to anything else, a memory file system is created if 296.Pa /var 297is not writable. 298Note that this process requires access to certain commands in 299.Pa /usr 300before 301.Pa /usr 302is mounted on normal systems. 303.It Va cleanvar_enable 304.Pq Vt bool 305Clean the 306.Pa /var 307directory. 308.It Va local_startup 309.Pq Vt str 310List of directories to search for startup script files. 311.It Va script_name_sep 312.Pq Vt str 313The field separator to use for breaking down the list of startup script files 314into individual filenames. 315The default is a space. 316It is not necessary to change this unless there are startup scripts with names 317containing spaces. 318.It Va hostapd_enable 319.Pq Vt bool 320Set to 321.Dq Li YES 322to start 323.Xr hostapd 8 324at system boot time. 325.It Va hostname 326.Pq Vt str 327The fully qualified domain name (FQDN) of this host on the network. 328This should almost certainly be set to something meaningful, even if 329there is no network connection. 330If 331.Xr dhclient 8 332is used to set the hostname via DHCP, 333this variable should be set to an empty string. 334.It Va ipv6_enable 335.Pq Vt bool 336Enable support for IPv6 networking. 337Note that this requires that the kernel has been compiled with 338.Cd "options INET6" . 339.It Va nisdomainname 340.Pq Vt str 341The NIS domain name of this host, or 342.Dq Li NO 343if NIS is not used. 344.It Va dhclient_program 345.Pq Vt str 346Path to the DHCP client program 347.Pa ( /sbin/dhclient , 348the 349.Ox 350DHCP client, 351is the default). 352.It Va dhclient_flags 353.Pq Vt str 354Additional flags to pass to the DHCP client program. 355For the 356.Ox 357DHCP client, see the 358.Xr dhclient 8 359manpage for a description of the command line options available. 360.It Va dhclient_flags_ Ns Aq Ar iface 361Additional flags to pass to the DHCP client program running on 362.Ar iface 363only. 364When specified, this variable overrides 365.Va dhclient_flags . 366.It Va background_dhclient 367.Pq Vt bool 368Set to 369.Dq Li YES 370to start the DHCP client in background. 371This can cause trouble with applications depending on 372a working network, but it will provide a faster startup 373in many cases. 374.It Va background_dhclient_ Ns Aq Ar iface 375When specified, this variable overrides the 376.Va background_dhclient 377variable for interface 378.Ar iface 379only. 380.It Va synchronous_dhclient 381.Pq Bt bool 382Set to 383.Dq Li NO 384to start 385.Xr dhclient 8 386only in response to interface events and not synchronously at startup. 387This behavior can be overridden on a per-interface basis by replacing 388the 389.Dq Li DHCP 390keyword in the 391.Va ifconfig_ Ns Aq Ar interface 392variable with 393.Dq Li SYNCDHCP 394or 395.Dq Li NOSYNCDHCP . 396.It Va firewall_enable 397.Pq Vt bool 398Set to 399.Dq Li YES 400to load firewall rules at startup. 401If the kernel was not built with 402.Cd "options IPFIREWALL" , 403the 404.Pa ipfw.ko 405kernel module will be loaded. 406See also 407.Va ipfilter_enable . 408.It Va ipv6_firewall_enable 409.Pq Vt bool 410The IPv6 equivalent of 411.Va firewall_enable . 412Set to 413.Dq Li YES 414to load IPv6 firewall rules at startup. 415If the kernel was not built with 416.Cd "options IPV6FIREWALL" , 417the 418.Pa ipfw.ko 419kernel module will be loaded. 420.It Va firewall_script 421.Pq Vt str 422This variable specifies the full path to the firewall script to run. 423The default is 424.Pa /etc/rc.firewall . 425.It Va ipv6_firewall_script 426.Pq Vt str 427The IPv6 equivalent of 428.Va firewall_script . 429.It Va firewall_type 430.Pq Vt str 431Names the firewall type from the selection in 432.Pa /etc/rc.firewall , 433or the file which contains the local firewall ruleset. 434Valid selections from 435.Pa /etc/rc.firewall 436are: 437.Pp 438.Bl -tag -width ".Li simple" -compact 439.It Li open 440unrestricted IP access 441.It Li closed 442all IP services disabled, except via 443.Dq Li lo0 444.It Li client 445basic protection for a workstation 446.It Li simple 447basic protection for a LAN. 448.El 449.Pp 450If a filename is specified, the full path 451must be given. 452.It Va ipv6_firewall_type 453.Pq Vt str 454The IPv6 equivalent of 455.Va firewall_type . 456.It Va firewall_quiet 457.Pq Vt bool 458Set to 459.Dq Li YES 460to disable the display of firewall rules on the console during boot. 461.It Va ipv6_firewall_quiet 462.Pq Vt bool 463The IPv6 equivalent of 464.Va firewall_quiet . 465.It Va firewall_logging 466.Pq Vt bool 467Set to 468.Dq Li YES 469to enable firewall event logging. 470This is equivalent to the 471.Dv IPFIREWALL_VERBOSE 472kernel option. 473.It Va ipv6_firewall_logging 474.Pq Vt bool 475The IPv6 equivalent of 476.Va firewall_logging . 477.It Va firewall_flags 478.Pq Vt str 479Flags passed to 480.Xr ipfw 8 481if 482.Va firewall_type 483specifies a filename. 484.It Va ipv6_firewall_flags 485.Pq Vt str 486The IPv6 equivalent of 487.Va firewall_flags . 488.It Va natd_program 489.Pq Vt str 490Path to 491.Xr natd 8 . 492.It Va natd_enable 493.Pq Vt bool 494Set to 495.Dq Li YES 496to enable 497.Xr natd 8 . 498.Va firewall_enable 499must also be set to 500.Dq Li YES , 501and 502.Xr divert 4 503sockets must be enabled in the kernel. 504If the kernel was not built with 505.Cd "options IPDIVERT" , 506the 507.Pa ipdivert.ko 508kernel module will be loaded. 509.It Va natd_interface 510.Pq Vt str 511This is the name of the public interface on which 512.Xr natd 8 513should run. 514The interface may be given as an interface name or as an IP address. 515.It Va natd_flags 516.Pq Vt str 517Additional 518.Xr natd 8 519flags should be placed here. 520The 521.Fl n 522or 523.Fl a 524flag is automatically added with the above 525.Va natd_interface 526as an argument. 527.\" ----- ipfilter_enable setting -------------------------------- 528.It Va ipfilter_enable 529.Pq Vt bool 530Set to 531.Dq Li NO 532by default. 533Setting this to 534.Dq Li YES 535enables 536.Xr ipf 8 537packet filtering. 538.Pp 539Typical usage will require putting 540.Bd -literal 541ipfilter_enable="YES" 542ipnat_enable="YES" 543ipmon_enable="YES" 544ipfs_enable="YES" 545.Ed 546.Pp 547into 548.Pa /etc/rc.conf 549and editing 550.Pa /etc/ipf.rules 551and 552.Pa /etc/ipnat.rules 553appropriately. 554.Pp 555Note that 556.Va ipfilter_enable 557and 558.Va ipnat_enable 559can be enabled independently. 560.Va ipmon_enable 561and 562.Va ipfs_enable 563both require at least one of 564.Va ipfilter_enable 565and 566.Va ipnat_enable 567to be enabled. 568.Pp 569Having 570.Bd -literal 571options IPFILTER 572options IPFILTER_LOG 573options IPFILTER_DEFAULT_BLOCK 574.Ed 575.Pp 576in the kernel configuration file is a good idea, too. 577.\" ----- ipfilter_program setting ------------------------------ 578.It Va ipfilter_program 579.Pq Vt str 580Path to 581.Xr ipf 8 582(default 583.Pa /sbin/ipf ) . 584.\" ----- ipfilter_rules setting -------------------------------- 585.It Va ipfilter_rules 586.Pq Vt str 587Set to 588.Pa /etc/ipf.rules 589by default. 590This variable contains the name of the filter rule definition file. 591The file is expected to be readable for the 592.Xr ipf 8 593command to execute. 594.\" ----- ipv6_ipfilter_rules setting --------------------------- 595.It Va ipv6_ipfilter_rules 596.Pq Vt str 597Set to 598.Pa /etc/ipf6.rules 599by default. 600This variable contains the IPv6 filter rule definition file. 601The file is expected to be readable for the 602.Xr ipf 8 603command to execute. 604.\" ----- ipfilter_flags setting -------------------------------- 605.It Va ipfilter_flags 606.Pq Vt str 607Empty by default. 608This variable contains flags passed to the 609.Xr ipf 8 610program. 611.\" ----- ipnat_enable setting ---------------------------------- 612.It Va ipnat_enable 613.Pq Vt bool 614Set to 615.Dq Li NO 616by default. 617Set it to 618.Dq Li YES 619to enable 620.Xr ipnat 8 621network address translation. 622See 623.Va ipfilter_enable 624for a detailed discussion. 625.\" ----- ipnat_program setting --------------------------------- 626.It Va ipnat_program 627.Pq Vt str 628Path to 629.Xr ipnat 8 630(default 631.Pa /sbin/ipnat ) . 632.\" ----- ipnat_rules setting ----------------------------------- 633.It Va ipnat_rules 634.Pq Vt str 635Set to 636.Pa /etc/ipnat.rules 637by default. 638This variable contains the name of the file 639holding the network address translation definition. 640This file is expected to be readable for the 641.Xr ipnat 8 642command to execute. 643.\" ----- ipnat_flags setting ----------------------------------- 644.It Va ipnat_flags 645.Pq Vt str 646Empty by default. 647This variable contains flags passed to the 648.Xr ipnat 8 649program. 650.\" ----- ipmon_enable setting ---------------------------------- 651.It Va ipmon_enable 652.Pq Vt bool 653Set to 654.Dq Li NO 655by default. 656Set it to 657.Dq Li YES 658to enable 659.Xr ipmon 8 660monitoring (logging 661.Xr ipf 8 662and 663.Xr ipnat 8 664events). 665Setting this variable needs setting 666.Va ipfilter_enable 667or 668.Va ipnat_enable 669too. 670See 671.Va ipfilter_enable 672for a detailed discussion. 673.\" ----- ipmon_program setting --------------------------------- 674.It Va ipmon_program 675.Pq Vt str 676Path to 677.Xr ipmon 8 678(default 679.Pa /sbin/ipmon ) . 680.\" ----- ipmon_flags setting ----------------------------------- 681.It Va ipmon_flags 682.Pq Vt str 683Set to 684.Dq Li -Ds 685by default. 686This variable contains flags passed to the 687.Xr ipmon 8 688program. 689Another typical example would be 690.Dq Fl D Pa /var/log/ipflog 691to have 692.Xr ipmon 8 693log directly to a file bypassing 694.Xr syslogd 8 . 695Make sure to adjust 696.Pa /etc/newsyslog.conf 697in such case like this: 698.Bd -literal 699/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 700.Ed 701.\" ----- ipfs_enable setting ----------------------------------- 702.It Va ipfs_enable 703.Pq Vt bool 704Set to 705.Dq Li NO 706by default. 707Set it to 708.Dq Li YES 709to enable 710.Xr ipfs 8 711saving the filter and NAT state tables during shutdown 712and reloading them during startup again. 713Setting this variable needs setting 714.Va ipfilter_enable 715or 716.Va ipnat_enable 717to 718.Dq Li YES 719too. 720See 721.Va ipfilter_enable 722for a detailed discussion. 723Note that if 724.Va kern_securelevel 725is set to 3, 726.Va ipfs_enable 727cannot be used 728because the raised securelevel will prevent 729.Xr ipfs 8 730from saving the state tables at shutdown time. 731.\" ----- ipfs_program setting ---------------------------------- 732.It Va ipfs_program 733.Pq Vt str 734Path to 735.Xr ipfs 8 736(default 737.Pa /sbin/ipfs ) . 738.\" ----- ipfs_flags setting ------------------------------------ 739.It Va ipfs_flags 740.Pq Vt str 741Empty by default. 742This variable contains flags passed to the 743.Xr ipfs 8 744program. 745.\" ----- end of added ipf hook --------------------------------- 746.It Va pf_enable 747.Pq Vt bool 748Set to 749.Dq Li NO 750by default. 751Setting this to 752.Dq Li YES 753enables 754.Xr pf 4 755packet filtering. 756.Pp 757Typical usage will require putting 758.Pp 759.Dl pf_enable="YES" 760.Pp 761into 762.Pa /etc/rc.conf 763and editing 764.Pa /etc/pf.conf 765appropriately. 766Adding 767.Pp 768.Dl "device pf" 769.Pp 770builds support for 771.Xr pf 4 772into the kernel, otherwise the 773kernel module will be loaded. 774.It Va pf_rules 775.Pq Vt str 776Path to 777.Xr pf 4 778ruleset configuration file 779(default 780.Pa /etc/pf.conf ) . 781.It Va pf_program 782.Pq Vt str 783Path to 784.Xr pfctl 8 785(default 786.Pa /sbin/pfctl ) . 787.It Va pf_flags 788.Pq Vt str 789If 790.Va pf_enable 791is set to 792.Dq Li YES , 793these flags are passed to the 794.Xr pfctl 8 795program when loading the ruleset. 796.It Va pflog_enable 797.Pq Vt bool 798Set to 799.Dq Li NO 800by default. 801Setting this to 802.Dq Li YES 803enables 804.Xr pflogd 8 805which logs packets from the 806.Xr pf 4 807packet filter. 808.It Va pflog_logfile 809.Pq Vt str 810If 811.Va pflog_enable 812is set to 813.Dq Li YES 814this controls where 815.Xr pflogd 8 816stores the logfile 817(default 818.Pa /var/log/pflog ) . 819Check 820.Pa /etc/newsyslog.conf 821to adjust logfile rotation for this. 822.It Va pflog_program 823.Pq Vt str 824Path to 825.Xr pflogd 8 826(default 827.Pa /sbin/pflogd ) . 828.It Va pflog_flags 829.Pq Vt str 830Empty by default. 831This variable contains additional flags passed to the 832.Xr pflogd 8 833program. 834.It Va ftpproxy_enable 835.Pq Vt bool 836Set to 837.Dq Li NO 838by default. 839Setting this to 840.Dq Li YES 841enables 842.Xr ftp-proxy 8 843which supports the 844.Xr pf 4 845packet filter in translating ftp connections. 846.It Va ftpproxy_flags 847.Pq Vt str 848Empty by default. 849This variable contains additional flags passed to the 850.Xr ftp-proxy 8 851program. 852.It Va pfsync_enable 853.Pq Vt bool 854Set to 855.Dq Li NO 856by default. 857Setting this to 858.Dq Li YES 859enables exposing 860.Xr pf 4 861state changes to other hosts over the network by means of 862.Xr pfsync 4 . 863The 864.Va pfsync_syncdev 865variable 866must also be set then. 867.It Va pfsync_syncdev 868.Pq Vt str 869Empty by default. 870This variable specifies the name of the network interface 871.Xr pfsync 4 872should operate through. 873It must be set accordingly if 874.Va pfsync_enable 875is set to 876.Dq Li YES . 877.It Va pfsync_syncpeer 878.Pq Vt str 879Empty by default. 880This variable is optional. 881By default, state change messages are sent out on the synchronisation 882interface using IP multicast packets. 883The protocol is IP protocol 240, PFSYNC, and the multicast group used is 884224.0.0.240. 885When a peer address is specified using the 886.Va pfsync_syncpeer 887option, the peer address is used as a destination for the pfsync 888traffic, and the traffic can then be protected using 889.Xr ipsec 4 . 890See the 891.Xr pfsync 4 892manpage for more details about using 893.Xr ipsec 4 894with 895.Xr pfsync 4 896interfaces. 897.It Va pfsync_ifconfig 898.Pq Vt str 899Empty by default. 900This variable can contain additional options to be passed to the 901.Xr ifconfig 8 902command used to set up 903.Xr pfsync 4 . 904.It Va tcp_extensions 905.Pq Vt bool 906Set to 907.Dq Li YES 908by default. 909Setting this to 910.Dq Li NO 911disables certain TCP options as described by 912.Rs 913.%T "RFC 1323" 914.Re 915Setting this to 916.Dq Li NO 917might help remedy such problems with connections as randomly hanging 918or other weird behavior. 919Some network devices are known 920to be broken with respect to these options. 921.It Va log_in_vain 922.Pq Vt int 923Set to 0 by default. 924The 925.Xr sysctl 8 926variables, 927.Va net.inet.tcp.log_in_vain 928and 929.Va net.inet.udp.log_in_vain , 930as described in 931.Xr tcp 4 932and 933.Xr udp 4 , 934are set to the given value. 935.It Va tcp_keepalive 936.Pq Vt bool 937Set to 938.Dq Li YES 939by default. 940Setting to 941.Dq Li NO 942will disable probing idle TCP connections to verify that the 943peer is still up and reachable. 944.It Va tcp_drop_synfin 945.Pq Vt bool 946Set to 947.Dq Li NO 948by default. 949Setting to 950.Dq Li YES 951will cause the kernel to ignore TCP frames that have both 952the SYN and FIN flags set. 953This prevents OS fingerprinting, but may 954break some legitimate applications. 955This option is only available if the 956kernel was built with the 957.Dv TCP_DROP_SYNFIN 958option. 959.It Va icmp_drop_redirect 960.Pq Vt bool 961Set to 962.Dq Li NO 963by default. 964Setting to 965.Dq Li YES 966will cause the kernel to ignore ICMP REDIRECT packets. 967Refer to 968.Xr icmp 4 969for more information. 970.It Va icmp_log_redirect 971.Pq Vt bool 972Set to 973.Dq Li NO 974by default. 975Setting to 976.Dq Li YES 977will cause the kernel to log ICMP REDIRECT packets. 978Note that 979the log messages are not rate-limited, so this option should only be used 980for troubleshooting networks. 981Refer to 982.Xr icmp 4 983for more information. 984.It Va icmp_bmcastecho 985.Pq Vt bool 986Set to 987.Dq Li YES 988to respond to broadcast or multicast ICMP ping packets. 989Refer to 990.Xr icmp 4 991for more information. 992.It Va ip_portrange_first 993.Pq Vt int 994If not set to 995.Dq Li NO , 996this is the first port in the default portrange. 997Refer to 998.Xr ip 4 999for more information. 1000.It Va ip_portrange_last 1001.Pq Vt int 1002If not set to 1003.Dq Li NO , 1004this is the last port in the default portrange. 1005Refer to 1006.Xr ip 4 1007for more information. 1008.It Va network_interfaces 1009.Pq Vt str 1010Set to the list of network interfaces to configure on this host or 1011.Dq Li AUTO 1012(the default) for all current interfaces. 1013Setting the 1014.Va network_interfaces 1015variable to anything other than the default is deprecated. 1016Interfaces that the administrator wishes to store configuration for, 1017but not start at boot should be configured with the 1018.Dq Li NOAUTO 1019keyword in their 1020.Va ifconfig_ Ns Aq Ar interface 1021variables as described below. 1022.Pp 1023An 1024.Va ifconfig_ Ns Aq Ar interface 1025variable is also assumed to exist for each value of 1026.Ar interface . 1027When an interface name contains any of the characters 1028.Dq Li .-/+ 1029they are translated to 1030.Dq Li _ 1031before lookup. 1032The variable can contain arguments to 1033.Xr ifconfig 8 , 1034as well as special case-insensitive keywords described below. 1035Such keywords are removed before passing the value to 1036.Xr ifconfig 8 1037while the order of the other arguments is preserved. 1038.Pp 1039One can configure more than one IPv4 address with the 1040.Va ipv4_addrs_ Ns Aq Ar interface 1041variable. 1042One or more IP addresses must be provided in Classless Inter-Domain 1043Routing (CIDR) address notation, whose last byte can be a range like 1044192.168.0.5-23/24. 1045In this case the address 192.168.0.5 will be configured with the 1046netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with 1047the non-conflicting netmask /32 as explained in the 1048.Xr ifconfig 8 1049alias section. 1050With the interface in question being 1051.Li ed0 , 1052an example could look like: 1053.Bd -literal 1054ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28" 1055.Ed 1056.Pp 1057It is also possible to add IP alias entries using 1058.Xr ifconfig 8 1059syntax. 1060Assuming that the interface in question was 1061.Li ed0 , 1062it might look 1063something like this: 1064.Bd -literal 1065ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1066ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1067.Ed 1068.Pp 1069And so on. 1070For each 1071.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1072entry that is found, 1073its contents are passed to 1074.Xr ifconfig 8 . 1075Execution stops at the first unsuccessful access, so if 1076something like this is present: 1077.Bd -literal 1078ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1079ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1080ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1081ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1082.Ed 1083.Pp 1084Then note that alias4 would 1085.Em not 1086be added since the search would 1087stop with the missing 1088.Dq Li alias3 1089entry. 1090Due to this difficult to manage behavior, the 1091.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1092form is deprecated. 1093.Pp 1094If the 1095.Pa /etc/start_if. Ns Aq Ar interface 1096file is present, it is read and executed by the 1097.Xr sh 1 1098interpreter 1099before configuring the interface as specified in the 1100.Va ifconfig_ Ns Aq Ar interface 1101and 1102.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1103variables. 1104.Pp 1105If the 1106.Va ifconfig_ Ns Aq Ar interface 1107contains the keyword 1108.Dq Li NOAUTO 1109then the interface will not be configured 1110at boot or by 1111.Pa /etc/pccard_ether 1112when 1113.Va network_interfaces 1114is set to 1115.Dq Li AUTO . 1116.Pp 1117It is possible to bring up an interface with DHCP by adding 1118.Dq Li DHCP 1119to the 1120.Va ifconfig_ Ns Aq Ar interface 1121variable. 1122For instance, to initialize the 1123.Li ed0 1124device via DHCP, 1125it is possible to use something like: 1126.Bd -literal 1127ifconfig_ed0="DHCP" 1128.Ed 1129.Pp 1130Also, if your interface needs WPA authentication, it is possible to add 1131.Dq Li WPA 1132to the 1133.Va ifconfig_ Ns Aq Ar interface 1134variable. 1135.Pp 1136Finally, you can add 1137.Xr ifconfig 8 1138options in this variable, in addition to the 1139.Pa /etc/start_if. Ns Aq Ar interface 1140file. 1141For instance, to initialize the 1142.Li wi0 1143device via DHCP, using WPA authentication and 802.11b mode, it is 1144possible to use something like: 1145.Bd -literal 1146ifconfig_wi0="DHCP WPA mode 11b" 1147.Ed 1148.Pp 1149In addition to the 1150.Va ifconfig_ Ns Aq Ar interface 1151form, a fallback variable 1152.Va ifconfig_DEFAULT 1153may be configured. 1154It will be used for all interfaces with no 1155.Va ifconfig_ Ns Aq Ar interface 1156variable. 1157This is intended to replace the no longer supported 1158.Va pccard_ifconfig 1159variable. 1160.Pp 1161It is also possible to rename interface by doing: 1162.Bd -literal 1163ifconfig_ed0_name="net0" 1164ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000" 1165.Ed 1166.It Va ipv6_network_interfaces 1167.Pq Vt str 1168This is the IPv6 equivalent of 1169.Va network_interfaces . 1170Instead of setting the ifconfig variables as 1171.Va ifconfig_ Ns Aq Ar interface 1172they should be set as 1173.Va ipv6_ifconfig_ Ns Aq Ar interface . 1174Aliases should be set as 1175.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1176.Va ipv6_prefix_ Ns Aq Ar interface 1177does something. 1178Interfaces that do not have a 1179.Va ipv6_ifconfig_ Ns Aq Ar interface 1180setting will be auto configured by 1181.Xr rtsol 8 1182if the 1183.Va ipv6_gateway_enable 1184is set to 1185.Dq Li NO . 1186Note that the IPv6 networking code does not support the 1187.Pa /etc/start_if. Ns Aq Ar interface 1188files. 1189.It Va ipv6_default_interface 1190.Pq Vt str 1191If not set to 1192.Dq Li NO , 1193this is the default output interface for scoped addresses. 1194Now this works only for IPv6 link local multicast addresses. 1195.It Va cloned_interfaces 1196.Pq Vt str 1197Set to the list of clonable network interfaces to create on this host. 1198Entries in 1199.Va cloned_interfaces 1200are automatically appended to 1201.Va network_interfaces 1202for configuration. 1203.It Va fec_interfaces 1204.Pq Vt str 1205Set to the list of 1206.Xr ng_fec 4 1207Fast EtherChannel interfaces to configure on this host. 1208A 1209.Va fecconfig_ Ns Aq Ar interface 1210variable is assumed to exist for each value of 1211.Ar interface . 1212The value of this variable is used to configure link aggregated interfaces 1213according to the syntax of the 1214.Cm NGM_FEC_ADD_IFACE 1215to 1216.Xr ngctl 8 1217msg. 1218Additionally, this option ensures that each listed interface is created 1219via the 1220.Cm mkpeer 1221command to 1222.Xr ngctl 8 1223before attempting to configure it. 1224For example: 1225.Bd -literal 1226fec_interfaces="fec0" 1227fecconfig_fec0="em0 em1" 1228ifconfig_fec0="DHCP" 1229.Ed 1230.It Va gif_interfaces 1231.Pq Vt str 1232Set to the list of 1233.Xr gif 4 1234tunnel interfaces to configure on this host. 1235A 1236.Va gifconfig_ Ns Aq Ar interface 1237variable is assumed to exist for each value of 1238.Ar interface . 1239The value of this variable is used to configure the link layer of the 1240tunnel according to the syntax of the 1241.Cm tunnel 1242option to 1243.Xr ifconfig 8 . 1244Additionally, this option ensures that each listed interface is created 1245via the 1246.Cm create 1247option to 1248.Xr ifconfig 8 1249before attempting to configure it. 1250.It Va sppp_interfaces 1251.Pq Vt str 1252Set to the list of 1253.Xr sppp 4 1254interfaces to configure on this host. 1255A 1256.Va spppconfig_ Ns Aq Ar interface 1257variable is assumed to exist for each value of 1258.Ar interface . 1259Each interface should also be configured by a general 1260.Va ifconfig_ Ns Aq Ar interface 1261setting. 1262Refer to 1263.Xr spppcontrol 8 1264for more information about available options. 1265.It Va ppp_enable 1266.Pq Vt bool 1267If set to 1268.Dq Li YES , 1269run the 1270.Xr ppp 8 1271daemon. 1272.It Va ppp_mode 1273.Pq Vt str 1274Mode in which to run the 1275.Xr ppp 8 1276daemon. 1277Accepted modes are 1278.Dq Li auto , 1279.Dq Li ddial , 1280.Dq Li direct 1281and 1282.Dq Li dedicated . 1283See the manual for a full description. 1284.It Va ppp_nat 1285.Pq Vt bool 1286If set to 1287.Dq Li YES , 1288enables network address translation. 1289Used in conjunction with 1290.Va gateway_enable 1291allows hosts on private network addresses access to the Internet using 1292this host as a network address translating router. 1293.It Va ppp_profile 1294.Pq Vt str 1295The name of the profile to use from 1296.Pa /etc/ppp/ppp.conf . 1297.It Va ppp_user 1298.Pq Vt str 1299The name of the user under which 1300.Xr ppp 8 1301should be started. 1302By 1303default, 1304.Xr ppp 8 1305is started as 1306.Dq Li root . 1307.It Va rc_conf_files 1308.Pq Vt str 1309This option is used to specify a list of files that will override 1310the settings in 1311.Pa /etc/defaults/rc.conf . 1312The files will be read in the order in which they are specified and should 1313include the full path to the file. 1314By default, the files specified are 1315.Pa /etc/rc.conf 1316and 1317.Pa /etc/rc.conf.local 1318.It Va zfs_enable 1319.Pq Vt bool 1320If set to 1321.Dq Li YES , 1322.Pa /etc/rc.d/zfs 1323will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1324(ZVOLs). 1325.It Va gbde_autoattach_all 1326.Pq Vt bool 1327If set to 1328.Dq Li YES , 1329.Pa /etc/rc.d/gbde 1330will attempt to automatically initialize your .bde devices in 1331.Pa /etc/fstab . 1332.It Va gbde_devices 1333.Pq Vt str 1334List the devices that the script should try to attach, 1335or 1336.Dq Li AUTO . 1337.It Va gbde_lockdir 1338.Pq Vt str 1339The directory where the 1340.Xr gbde 4 1341lockfiles are located. 1342The default lockfile directory is 1343.Pa /etc . 1344.Pp 1345The lockfile for each individual 1346.Xr gbde 4 1347device can be overridden by setting the variable 1348.Va gbde_lock_ Ns Aq Ar device , 1349where 1350.Ar device 1351is the encrypted device without the 1352.Dq Pa /dev/ 1353and 1354.Dq Pa .bde 1355parts. 1356.It Va gbde_attach_attempts 1357.Pq Vt int 1358Number of times to attempt attaching to a 1359.Xr gbde 4 1360device, i.e., how many times the user is asked for the pass-phrase. 1361Default is 3. 1362.It Va geli_devices 1363.Pq Vt str 1364List of devices to automatically attach on boot. 1365Note that .eli devices from 1366.Pa /etc/fstab 1367are automatically appended to this list. 1368.It Va geli_tries 1369.Pq Vt int 1370Number of times user is asked for the pass-phrase. 1371If empty, it will be taken from 1372.Va kern.geom.eli.tries 1373sysctl variable. 1374.It Va geli_default_flags 1375.Pq Vt str 1376Default flags to use by 1377.Xr geli 8 1378when configuring disk encryption. 1379Flags can be configured for every device separately by defining 1380.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1381variable. 1382.It Va geli_autodetach 1383.Pq Vt str 1384Specifies if GELI devices should be marked for detach on last close after 1385file systems are mounted. 1386Default is 1387.Dq Li YES . 1388This can be changed for every device separately by defining 1389.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1390variable. 1391.It Va geli_swap_flags 1392Options passed to the 1393.Xr geli 8 1394utility when encrypted GEOM providers for swap partitions are created. 1395The default is 1396.Dq Li "-a aes -l 256 -s 4096 -d" . 1397.It Va root_rw_mount 1398.Pq Vt bool 1399Set to 1400.Dq Li YES 1401by default. 1402After the file systems are checked at boot time, the root file system 1403is remounted as read-write if this is set to 1404.Dq Li YES . 1405Diskless systems that mount their root file system from a read-only remote 1406NFS share should set this to 1407.Dq Li NO 1408in their 1409.Pa rc.conf . 1410.It Va fsck_y_enable 1411.Pq Vt bool 1412If set to 1413.Dq Li YES , 1414.Xr fsck 8 1415will be run with the 1416.Fl y 1417flag if the initial preen 1418of the file systems fails. 1419.It Va background_fsck 1420.Pq Vt bool 1421If set to 1422.Dq Li YES , 1423the system will attempt to run 1424.Xr fsck 8 1425in the background where possible. 1426.It Va background_fsck_delay 1427.Pq Vt int 1428The amount of time in seconds to sleep before starting a background 1429.Xr fsck 8 . 1430It defaults to sixty seconds to allow large applications such as 1431the X server to start before disk I/O bandwidth is monopolized by 1432.Xr fsck 8 . 1433If set to a negative number, the background file system check will be 1434delayed indefinitely to allow the administrator to run it at a more 1435convenient time. 1436For example it may be run from 1437.Xr cron 8 1438by adding a line like 1439.Pp 1440.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1441.Pp 1442to 1443.Pa /etc/crontab . 1444.It Va netfs_types 1445.Pq Vt str 1446List of file system types that are network-based. 1447This list should generally not be modified by end users. 1448Use 1449.Va extra_netfs_types 1450instead. 1451.It Va extra_netfs_types 1452.Pq Vt str 1453If set to something other than 1454.Dq Li NO 1455(the default), 1456this variable extends the list of file system types 1457for which automatic mounting at startup by 1458.Xr rc 8 1459should be delayed until the network is initialized. 1460It should contain 1461a whitespace-separated list of network file system descriptor pairs, 1462each consisting of a file system type as passed to 1463.Xr mount 8 1464and a human-readable, one-word description, 1465joined with a colon 1466.Pq Ql \&: . 1467Extending the default list in this way is only necessary 1468when third party file system types are used. 1469.It Va syslogd_enable 1470.Pq Vt bool 1471If set to 1472.Dq Li YES , 1473run the 1474.Xr syslogd 8 1475daemon. 1476.It Va syslogd_program 1477.Pq Vt str 1478Path to 1479.Xr syslogd 8 1480(default 1481.Pa /usr/sbin/syslogd ) . 1482.It Va syslogd_flags 1483.Pq Vt str 1484If 1485.Va syslogd_enable 1486is set to 1487.Dq Li YES , 1488these are the flags to pass to 1489.Xr syslogd 8 . 1490.It Va inetd_enable 1491.Pq Vt bool 1492If set to 1493.Dq Li YES , 1494run the 1495.Xr inetd 8 1496daemon. 1497.It Va inetd_program 1498.Pq Vt str 1499Path to 1500.Xr inetd 8 1501(default 1502.Pa /usr/sbin/inetd ) . 1503.It Va inetd_flags 1504.Pq Vt str 1505If 1506.Va inetd_enable 1507is set to 1508.Dq Li YES , 1509these are the flags to pass to 1510.Xr inetd 8 . 1511.It Va named_enable 1512.Pq Vt bool 1513If set to 1514.Dq Li YES , 1515run the 1516.Xr named 8 1517daemon. 1518.It Va named_program 1519.Pq Vt str 1520Path to 1521.Xr named 8 1522(default 1523.Pa /usr/sbin/named ) . 1524.It Va named_flags 1525.Pq Vt str 1526If 1527.Va named_enable 1528is set to 1529.Dq Li YES , 1530these are the flags to pass to 1531.Xr named 8 . 1532.It Va named_pidfile 1533.Pq Vt str 1534This is the default path to the 1535.Xr named 8 1536daemon's PID file. 1537This must match the location in 1538.Xr named.conf 5 . 1539.It Va named_uid 1540.Pq Vt str 1541The user that the 1542.Xr named 8 1543process should be run as. 1544.It Va named_chrootdir 1545.Pq Vt str 1546The root directory for a name server run in a 1547.Xr chroot 8 1548environment (default 1549.Pa /var/named ) . 1550If left empty 1551.Xr named 8 1552will not be run in a 1553.Xr chroot 8 1554environment. 1555.It Va named_chroot_autoupdate 1556.Pq Vt bool 1557Set to 1558.Dq Li NO 1559to disable automatic update of the 1560.Xr chroot 8 1561environment. 1562.It Va named_symlink_enable 1563.Pq Vt bool 1564Set to 1565.Dq Li NO 1566to disable symlinking of 1567daemon's PID file 1568into the 1569.Xr chroot 8 1570environment. 1571.It Va kerberos5_server_enable 1572.Pq Vt bool 1573Set to 1574.Dq Li YES 1575to start a Kerberos 5 authentication server 1576at boot time. 1577.It Va kerberos5_server 1578.Pq Vt str 1579If 1580.Va kerberos5_server_enable 1581is set to 1582.Dq Li YES 1583this is the path to Kerberos 5 Authentication Server. 1584.It Va kerberos5_server_flags 1585.Pq Vt str 1586Empty by default. 1587This variable contains additional flags to be passed to the Kerberos 5 1588authentication server. 1589.It Va kadmind5_server_enable 1590.Pq Vt bool 1591Set to 1592.Dq Li YES 1593to start 1594.Xr kadmind 8 , 1595the Kerberos 5 Administration Daemon; set to 1596.Dq Li NO 1597on a slave server. 1598.It Va kadmind5_server 1599.Pq Vt str 1600If 1601.Va kadmind5_server_enable 1602is set to 1603.Dq Li YES 1604this is the path to Kerberos 5 Administration Daemon. 1605.It Va kpasswdd_server_enable 1606.Pq Vt bool 1607Set to 1608.Dq Li YES 1609to start 1610.Xr kpasswdd 8 , 1611the Kerberos 5 Password-Changing Daemon; set to 1612.Dq Li NO 1613on a slave server. 1614.It Va kpasswdd_server 1615.Pq Vt str 1616If 1617.Va kpasswdd_server_enable 1618is set to 1619.Dq Li YES 1620this is the path to Kerberos 5 Password-Changing Daemon. 1621.It Va rwhod_enable 1622.Pq Vt bool 1623If set to 1624.Dq Li YES , 1625run the 1626.Xr rwhod 8 1627daemon at boot time. 1628.It Va rwhod_flags 1629.Pq Vt str 1630If 1631.Va rwhod_enable 1632is set to 1633.Dq Li YES , 1634these are the flags to pass to it. 1635.It Va amd_enable 1636.Pq Vt bool 1637If set to 1638.Dq Li YES , 1639run the 1640.Xr amd 8 1641daemon at boot time. 1642.It Va amd_flags 1643.Pq Vt str 1644If 1645.Va amd_enable 1646is set to 1647.Dq Li YES , 1648these are the flags to pass to it. 1649See the 1650.Xr amd 8 1651manpage for more information. 1652.It Va amd_map_program 1653.Pq Vt str 1654If set, 1655the specified program is run to get the list of 1656.Xr amd 8 1657maps. 1658For example, if the 1659.Xr amd 8 1660maps are stored in NIS, one can set this to 1661run 1662.Xr ypcat 1 1663to get a list of 1664.Xr amd 8 1665maps from the 1666.Pa amd.master 1667NIS map. 1668.It Va update_motd 1669.Pq Vt bool 1670If set to 1671.Dq Li YES , 1672.Pa /etc/motd 1673will be updated at boot time to reflect the kernel release 1674being run. 1675If set to 1676.Dq Li NO , 1677.Pa /etc/motd 1678will not be updated. 1679.It Va nfs_client_enable 1680.Pq Vt bool 1681If set to 1682.Dq Li YES , 1683run the NFS client daemons at boot time. 1684.It Va nfs_access_cache 1685.Pq Vt int 1686If 1687.Va nfs_client_enable 1688is set to 1689.Dq Li YES , 1690this can be set to 1691.Dq Li 0 1692to disable NFS ACCESS RPC caching, or to the number of seconds for which 1693NFS ACCESS 1694results should be cached. 1695A value of 2-10 seconds will substantially reduce network 1696traffic for many NFS operations. 1697.It Va nfs_server_enable 1698.Pq Vt bool 1699If set to 1700.Dq Li YES , 1701run the NFS server daemons at boot time. 1702.It Va nfs_server_flags 1703.Pq Vt str 1704If 1705.Va nfs_server_enable 1706is set to 1707.Dq Li YES , 1708these are the flags to pass to the 1709.Xr nfsd 8 1710daemon. 1711.It Va idmapd_enable 1712.Pq Vt bool 1713If set to 1714.Dq Li YES , 1715run the ID mapping daemon for NFS version 4. 1716.It Va idmapd_flags 1717.Pq Vt str 1718If 1719.Va idmapd_enable 1720is set to 1721.Dq Li YES , 1722these are the flags to pass to the 1723.Xr idmapd 8 1724daemon. 1725.It Va mountd_enable 1726.Pq Vt bool 1727If set to 1728.Dq Li YES , 1729and no 1730.Va nfs_server_enable 1731is set, start 1732.Xr mountd 8 , 1733but not 1734.Xr nfsd 8 1735daemon. 1736It is commonly needed to run CFS without real NFS used. 1737.It Va mountd_flags 1738.Pq Vt str 1739If 1740.Va mountd_enable 1741is set to 1742.Dq Li YES , 1743these are the flags to pass to the 1744.Xr mountd 8 1745daemon. 1746.It Va weak_mountd_authentication 1747.Pq Vt bool 1748If set to 1749.Dq Li YES , 1750allow services like PCNFSD to make non-privileged mount 1751requests. 1752.It Va nfs_reserved_port_only 1753.Pq Vt bool 1754If set to 1755.Dq Li YES , 1756provide NFS services only on a secure port. 1757.It Va nfs_bufpackets 1758.Pq Vt int 1759If set to a number, indicates the number of packets worth of 1760socket buffer space to reserve on an NFS client. 1761The kernel default is typically 4. 1762Using a higher number may be 1763useful on gigabit networks to improve performance. 1764The minimum value is 17652 and the maximum is 64. 1766.It Va rpc_lockd_enable 1767.Pq Vt bool 1768If set to 1769.Dq Li YES 1770and also an NFS server or client, run 1771.Xr rpc.lockd 8 1772at boot time. 1773.It Va rpc_lockd_flags 1774.Pq Vt str 1775If 1776.Va rpc_lockd_enable 1777is set to 1778.Dq Li YES , 1779these are the flags to pass to the 1780.Xr rpc.lockd 8 1781daemon. 1782.It Va rpc_statd_enable 1783.Pq Vt bool 1784If set to 1785.Dq Li YES 1786and also an NFS server or client, run 1787.Xr rpc.statd 8 1788at boot time. 1789.It Va rpc_statd_flags 1790.Pq Vt str 1791If 1792.Va rpc_statd_enable 1793is set to 1794.Dq Li YES , 1795these are the flags to pass to the 1796.Xr rpc.statd 8 1797daemon. 1798.It Va rpcbind_program 1799.Pq Vt str 1800Path to 1801.Xr rpcbind 8 1802(default 1803.Pa /usr/sbin/rpcbind ) . 1804.It Va rpcbind_enable 1805.Pq Vt bool 1806If set to 1807.Dq Li YES , 1808run the 1809.Xr rpcbind 8 1810service at boot time. 1811.It Va rpcbind_flags 1812.Pq Vt str 1813If 1814.Va rpcbind_enable 1815is set to 1816.Dq Li YES , 1817these are the flags to pass to the 1818.Xr rpcbind 8 1819daemon. 1820.It Va keyserv_enable 1821.Pq Vt bool 1822If set to 1823.Dq Li YES , 1824run the 1825.Xr keyserv 8 1826daemon on boot for running Secure RPC. 1827.It Va keyserv_flags 1828.Pq Vt str 1829If 1830.Va keyserv_enable 1831is set to 1832.Dq Li YES , 1833these are the flags to pass to 1834.Xr keyserv 8 1835daemon. 1836.It Va pppoed_enable 1837.Pq Vt bool 1838If set to 1839.Dq Li YES , 1840run the 1841.Xr pppoed 8 1842daemon at boot time to provide PPP over Ethernet services. 1843.It Va pppoed_ Ns Aq Ar provider 1844.Pq Vt str 1845.Xr pppoed 8 1846listens to requests to this 1847.Ar provider 1848and ultimately runs 1849.Xr ppp 8 1850with a 1851.Ar system 1852argument of the same name. 1853.It Va pppoed_flags 1854.Pq Vt str 1855Additional flags to pass to 1856.Xr pppoed 8 . 1857.It Va pppoed_interface 1858.Pq Vt str 1859The network interface to run 1860.Xr pppoed 8 1861on. 1862This is mandatory when 1863.Va pppoed_enable 1864is set to 1865.Dq Li YES . 1866.It Va timed_enable 1867.Pq Vt bool 1868If set to 1869.Dq Li YES , 1870run the 1871.Xr timed 8 1872service at boot time. 1873This command is intended for networks of 1874machines where a consistent 1875.Dq "network time" 1876for all hosts must be established. 1877This is often useful in large NFS 1878environments where time stamps on files are expected to be consistent 1879network-wide. 1880.It Va timed_flags 1881.Pq Vt str 1882If 1883.Va timed_enable 1884is set to 1885.Dq Li YES , 1886these are the flags to pass to the 1887.Xr timed 8 1888service. 1889.It Va ntpdate_enable 1890.Pq Vt bool 1891If set to 1892.Dq Li YES , 1893run 1894.Xr ntpdate 8 1895at system startup. 1896This command is intended to 1897synchronize the system clock only 1898.Em once 1899from some standard reference. 1900An option to set this up initially 1901(from a list of known servers) is also provided by the 1902.Xr sysinstall 8 1903program when the system is first installed. 1904.It Va ntpdate_config 1905.Pq Vt str 1906Configuration file for 1907.Xr ntpdate 8 . 1908Default 1909.Pa /etc/ntp.conf . 1910.It Va ntpdate_hosts 1911.Pq Vt str 1912A whitespace-separated list of NTP servers to synchronize with at startup. 1913The default is to use the servers listed in 1914.Va ntpdate_config , 1915if that file exists. 1916.It Va ntpdate_program 1917.Pq Vt str 1918Path to 1919.Xr ntpdate 8 1920(default 1921.Pa /usr/sbin/ntpdate ) . 1922.It Va ntpdate_flags 1923.Pq Vt str 1924If 1925.Va ntpdate_enable 1926is set to 1927.Dq Li YES , 1928these are the flags to pass to the 1929.Xr ntpdate 8 1930command (typically a hostname). 1931.It Va ntpd_enable 1932.Pq Vt bool 1933If set to 1934.Dq Li YES , 1935run the 1936.Xr ntpd 8 1937command at boot time. 1938.It Va ntpd_program 1939.Pq Vt str 1940Path to 1941.Xr ntpd 8 1942(default 1943.Pa /usr/sbin/ntpd ) . 1944.It Va ntpd_config 1945.Pq Vt str 1946Path to 1947.Xr ntpd 8 1948configuration file. 1949Default 1950.Pa /etc/ntp.conf . 1951.It Va ntpd_flags 1952.Pq Vt str 1953If 1954.Va ntpd_enable 1955is set to 1956.Dq Li YES , 1957these are the flags to pass to the 1958.Xr ntpd 8 1959daemon. 1960.It Va ntpd_sync_on_start 1961.Pq Vt bool 1962If set to 1963.Dq Li YES , 1964.Xr ntpd 8 1965is run with the 1966.Fl g 1967flag, which syncs the system's clock on startup. 1968See 1969.Xr ntpd 8 1970for more information regarding the 1971.Fl g 1972option. 1973This is a preferred alternative to using 1974.Xr ntpdate 8 1975or specifying the 1976.Va ntpdate_enable 1977variable. 1978.It Va nis_client_enable 1979.Pq Vt bool 1980If set to 1981.Dq Li YES , 1982run the 1983.Xr ypbind 8 1984service at system boot time. 1985.It Va nis_client_flags 1986.Pq Vt str 1987If 1988.Va nis_client_enable 1989is set to 1990.Dq Li YES , 1991these are the flags to pass to the 1992.Xr ypbind 8 1993service. 1994.It Va nis_ypset_enable 1995.Pq Vt bool 1996If set to 1997.Dq Li YES , 1998run the 1999.Xr ypset 8 2000daemon at system boot time. 2001.It Va nis_ypset_flags 2002.Pq Vt str 2003If 2004.Va nis_ypset_enable 2005is set to 2006.Dq Li YES , 2007these are the flags to pass to the 2008.Xr ypset 8 2009daemon. 2010.It Va nis_server_enable 2011.Pq Vt bool 2012If set to 2013.Dq Li YES , 2014run the 2015.Xr ypserv 8 2016daemon at system boot time. 2017.It Va nis_server_flags 2018.Pq Vt str 2019If 2020.Va nis_server_enable 2021is set to 2022.Dq Li YES , 2023these are the flags to pass to the 2024.Xr ypserv 8 2025daemon. 2026.It Va nis_ypxfrd_enable 2027.Pq Vt bool 2028If set to 2029.Dq Li YES , 2030run the 2031.Xr rpc.ypxfrd 8 2032daemon at system boot time. 2033.It Va nis_ypxfrd_flags 2034.Pq Vt str 2035If 2036.Va nis_ypxfrd_enable 2037is set to 2038.Dq Li YES , 2039these are the flags to pass to the 2040.Xr rpc.ypxfrd 8 2041daemon. 2042.It Va nis_yppasswdd_enable 2043.Pq Vt bool 2044If set to 2045.Dq Li YES , 2046run the 2047.Xr rpc.yppasswdd 8 2048daemon at system boot time. 2049.It Va nis_yppasswdd_flags 2050.Pq Vt str 2051If 2052.Va nis_yppasswdd_enable 2053is set to 2054.Dq Li YES , 2055these are the flags to pass to the 2056.Xr rpc.yppasswdd 8 2057daemon. 2058.It Va rpc_ypupdated_enable 2059.Pq Vt bool 2060If set to 2061.Dq Li YES , 2062run the 2063.Nm rpc.ypupdated 2064daemon at system boot time. 2065.It Va bsnmpd_enable 2066.Pq Vt bool 2067If set to 2068.Dq Li YES , 2069run the 2070.Xr bsnmpd 1 2071daemon at system boot time. 2072Be sure to understand the security implications of running SNMP daemon 2073on your host. 2074.It Va bsnmpd_flags 2075.Pq Vt str 2076If 2077.Va bsnmpd_enable 2078is set to 2079.Dq Li YES , 2080these are the flags to pass to the 2081.Xr bsnmpd 1 2082daemon. 2083.It Va defaultrouter 2084.Pq Vt str 2085If not set to 2086.Dq Li NO , 2087create a default route to this host name or IP address 2088(use an IP address if this router is also required to get to the 2089name server!). 2090.It Va ipv6_defaultrouter 2091.Pq Vt str 2092The IPv6 equivalent of 2093.Va defaultrouter . 2094.It Va static_routes 2095.Pq Vt str 2096Set to the list of static routes that are to be added at system 2097boot time. 2098If not set to 2099.Dq Li NO 2100then for each whitespace separated 2101.Ar element 2102in the value, a 2103.Va route_ Ns Aq Ar element 2104variable is assumed to exist 2105whose contents will later be passed to a 2106.Dq Nm route Cm add 2107operation. 2108For example: 2109.Bd -literal 2110static_routes="mcast gif0local" 2111route_mcast="-net 224.0.0.0/4 -iface gif0" 2112route_gif0local="-host 169.254.1.1 -iface lo0" 2113.Ed 2114.It Va ipv6_static_routes 2115.Pq Vt str 2116The IPv6 equivalent of 2117.Va static_routes . 2118If not set to 2119.Dq Li NO 2120then for each whitespace separated 2121.Ar element 2122in the value, a 2123.Va ipv6_route_ Ns Aq Ar element 2124variable is assumed to exist 2125whose contents will later be passed to a 2126.Dq Nm route Cm add Fl inet6 2127operation. 2128.It Va natm_static_routes 2129.Pq Vt str 2130The 2131.Xr natmip 4 2132equivalent of 2133.Va static_routes . 2134If not empty then for each whitespace separated 2135.Ar element 2136in the value, a 2137.Va route_ Ns Aq Ar element 2138variable is assumed to exist whose contents will later be passed to a 2139.Dq Nm atmconfig Cm natm Cm add 2140operation. 2141.It Va gateway_enable 2142.Pq Vt bool 2143If set to 2144.Dq Li YES , 2145configure host to act as an IP router, e.g.\& to forward packets 2146between interfaces. 2147.It Va ipv6_gateway_enable 2148.Pq Vt bool 2149The IPv6 equivalent of 2150.Va gateway_enable . 2151.It Va router_enable 2152.Pq Vt bool 2153If set to 2154.Dq Li YES , 2155run a routing daemon of some sort, based on the 2156settings of 2157.Va router 2158and 2159.Va router_flags . 2160.It Va ipv6_router_enable 2161.Pq Vt bool 2162The IPv6 equivalent of 2163.Va router_enable . 2164If set to 2165.Dq Li YES , 2166run a routing daemon of some sort, based on the 2167settings of 2168.Va ipv6_router 2169and 2170.Va ipv6_router_flags . 2171.It Va router 2172.Pq Vt str 2173If 2174.Va router_enable 2175is set to 2176.Dq Li YES , 2177this is the name of the routing daemon to use. 2178.It Va ipv6_router 2179.Pq Vt str 2180The IPv6 equivalent of 2181.Va router . 2182.It Va router_flags 2183.Pq Vt str 2184If 2185.Va router_enable 2186is set to 2187.Dq Li YES , 2188these are the flags to pass to the routing daemon. 2189.It Va ipv6_router_flags 2190.Pq Vt str 2191The IPv6 equivalent of 2192.Va router_flags . 2193.It Va mrouted_enable 2194.Pq Vt bool 2195If set to 2196.Dq Li YES , 2197run the multicast routing daemon, 2198.Xr mrouted 8 . 2199.It Va mroute6d_enable 2200.Pq Vt bool 2201The IPv6 equivalent of 2202.Va mrouted_enable . 2203If set to 2204.Dq Li YES , 2205run the IPv6 multicast routing daemon. 2206.Pp 2207Note that multicast routing daemons are no longer included in the 2208.Fx 2209base system, however, both 2210.Xr mrouted 8 2211and 2212.Xr pim6dd 8 2213may be installed from the 2214.Fx 2215Ports Collection. 2216.It Va mrouted_flags 2217.Pq Vt str 2218If 2219.Va mrouted_enable 2220is set to 2221.Dq Li YES , 2222these are the flags to pass to the 2223.Xr mrouted 8 2224daemon. 2225.It Va mroute6d_flags 2226.Pq Vt str 2227The IPv6 equivalent of 2228.Va mrouted_flags . 2229If 2230.Va mroute6d_enable 2231is set to 2232.Dq Li YES , 2233these are the flags passed to the IPv6 multicast routing daemon. 2234.It Va mroute6d_program 2235.Pq Vt str 2236If 2237.Va mroute6d_enable 2238is set to 2239.Dq Li YES , 2240this is the path to the IPv6 multicast routing daemon. 2241.It Va rtadvd_enable 2242.Pq Vt bool 2243If set to 2244.Dq Li YES , 2245run the 2246.Xr rtadvd 8 2247daemon at boot time. 2248.Xr rtadvd 8 2249will only run if 2250.Va ipv6_gateway_enable 2251is also set to 2252.Dq Li YES . 2253The 2254.Xr rtadvd 8 2255utility sends router advertisement packets to the interfaces specified in 2256.Va rtadvd_interfaces 2257and should only be enabled with great care. 2258You may want to fine-tune 2259.Xr rtadvd.conf 5 . 2260.It Va rtadvd_interfaces 2261.Pq Vt str 2262If 2263.Va rtadvd_enable 2264is set to 2265.Dq Li YES 2266this is the list of interfaces to use. 2267.It Va ipxgateway_enable 2268.Pq Vt bool 2269If set to 2270.Dq Li YES , 2271enable the routing of IPX traffic. 2272.It Va ipxrouted_enable 2273.Pq Vt bool 2274If set to 2275.Dq Li YES , 2276run the 2277.Xr IPXrouted 8 2278daemon at system boot time. 2279.It Va ipxrouted_flags 2280.Pq Vt str 2281If 2282.Va ipxrouted_enable 2283is set to 2284.Dq Li YES , 2285these are the flags to pass to the 2286.Xr IPXrouted 8 2287daemon. 2288.It Va arpproxy_all 2289.Pq Vt bool 2290If set to 2291.Dq Li YES , 2292enable global proxy ARP. 2293.It Va forward_sourceroute 2294.Pq Vt bool 2295If set to 2296.Dq Li YES 2297and 2298.Va gateway_enable 2299is also set to 2300.Dq Li YES , 2301source-routed packets are forwarded. 2302.It Va accept_sourceroute 2303.Pq Vt bool 2304If set to 2305.Dq Li YES , 2306the system will accept source-routed packets directed at it. 2307.It Va rarpd_enable 2308.Pq Vt bool 2309If set to 2310.Dq Li YES , 2311run the 2312.Xr rarpd 8 2313daemon at system boot time. 2314.It Va rarpd_flags 2315.Pq Vt str 2316If 2317.Va rarpd_enable 2318is set to 2319.Dq Li YES , 2320these are the flags to pass to the 2321.Xr rarpd 8 2322daemon. 2323.It Va bootparamd_enable 2324.Pq Vt bool 2325If set to 2326.Dq Li YES , 2327run the 2328.Xr bootparamd 8 2329daemon at system boot time. 2330.It Va bootparamd_flags 2331.Pq Vt str 2332If 2333.Va bootparamd_enable 2334is set to 2335.Dq Li YES , 2336these are the flags to pass to the 2337.Xr bootparamd 8 2338daemon. 2339.It Va stf_interface_ipv4addr 2340.Pq Vt str 2341If not set to 2342.Dq Li NO , 2343this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2344interface). 2345Specify this entry to enable the 6to4 interface. 2346.It Va stf_interface_ipv4plen 2347.Pq Vt int 2348Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2349An effective value is 0-31. 2350.It Va stf_interface_ipv6_ifid 2351.Pq Vt str 2352IPv6 interface ID for 2353.Xr stf 4 . 2354This can be set to 2355.Dq Li AUTO . 2356.It Va stf_interface_ipv6_slaid 2357.Pq Vt str 2358IPv6 Site Level Aggregator for 2359.Xr stf 4 . 2360.It Va ipv6_faith_prefix 2361.Pq Vt str 2362If not set to 2363.Dq Li NO , 2364this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2365translator. 2366You also need 2367.Xr faithd 8 2368setup. 2369.It Va ipv6_ipv4mapping 2370.Pq Vt bool 2371If set to 2372.Dq Li YES 2373this enables IPv4 mapped IPv6 address communication (like 2374.Li ::ffff:a.b.c.d ) . 2375.It Va atm_enable 2376.Pq Vt bool 2377Set to 2378.Dq Li YES 2379to enable the configuration of ATM interfaces at system boot time. 2380For all of the ATM variables described below, please refer to the 2381.Xr atm 8 2382manual page for further details on the available command parameters. 2383Also refer to the files in 2384.Pa /usr/share/examples/atm 2385for more detailed configuration information. 2386.It Va atm_load 2387.Pq Vt str 2388This is a list of physical ATM interface drivers to load. 2389Typical values are 2390.Dq Li hfa_pci 2391and/or 2392.Dq Li hea_pci . 2393.It Va atm_netif_ Ns Aq Ar intf 2394.Pq Vt str 2395For the ATM physical interface 2396.Ar intf , 2397this variable defines the name prefix and count for the ATM network 2398interfaces to be created. 2399The value will be passed as the parameters of an 2400.Dq Nm atm Cm "set netif" Ar intf 2401command. 2402.It Va atm_sigmgr_ Ns Aq Ar intf 2403.Pq Vt str 2404For the ATM physical interface 2405.Ar intf , 2406this variable defines the ATM signalling manager to be used. 2407The value will be passed as the parameters of an 2408.Dq Nm atm Cm attach Ar intf 2409command. 2410.It Va atm_prefix_ Ns Aq Ar intf 2411.Pq Vt str 2412For the ATM physical interface 2413.Ar intf , 2414this variable defines the NSAP prefix for interfaces using a UNI signalling 2415manager. 2416If set to 2417.Dq Li ILMI , 2418the prefix will automatically be set via the 2419.Xr ilmid 8 2420daemon. 2421Otherwise, the value will be passed as the parameters of an 2422.Dq Nm atm Cm "set prefix" Ar intf 2423command. 2424.It Va atm_macaddr_ Ns Aq Ar intf 2425.Pq Vt str 2426For the ATM physical interface 2427.Ar intf , 2428this variable defines the MAC address for interfaces using a UNI signalling 2429manager. 2430If set to 2431.Dq Li NO , 2432the hardware MAC address contained in the ATM interface card will be used. 2433Otherwise, the value will be passed as the parameters of an 2434.Dq Nm atm Cm "set mac" Ar intf 2435command. 2436.It Va atm_arpserver_ Ns Aq Ar netif 2437.Pq Vt str 2438For the ATM network interface 2439.Ar netif , 2440this variable defines the ATM address for a host which is to provide ATMARP 2441service. 2442This variable is only applicable to interfaces using a UNI signalling 2443manager. 2444If set to 2445.Dq Li local , 2446this host will become an ATMARP server. 2447The value will be passed as the parameters of an 2448.Dq Nm atm Cm "set arpserver" Ar netif 2449command. 2450.It Va atm_scsparp_ Ns Aq Ar netif 2451.Pq Vt bool 2452If set to 2453.Dq Li YES , 2454SCSP/ATMARP service for the network interface 2455.Ar netif 2456will be initiated using the 2457.Xr scspd 8 2458and 2459.Xr atmarpd 8 2460daemons. 2461This variable is only applicable if 2462.Va atm_arpserver_ Ns Aq Ar netif 2463is set to 2464.Dq Li local . 2465.It Va atm_pvcs 2466.Pq Vt str 2467Set to the list of ATM PVCs to be added at system 2468boot time. 2469For each whitespace separated 2470.Ar element 2471in the value, an 2472.Va atm_pvc_ Ns Aq Ar element 2473variable is assumed to exist. 2474The value of each of these variables 2475will be passed as the parameters of an 2476.Dq Nm atm Cm "add pvc" 2477command. 2478.It Va atm_arps 2479.Pq Vt str 2480Set to the list of permanent ATM ARP entries to be added 2481at system boot time. 2482For each whitespace separated 2483.Ar element 2484in the value, an 2485.Va atm_arp_ Ns Aq Ar element 2486variable is assumed to exist. 2487The value of each of these variables 2488will be passed as the parameters of an 2489.Dq Nm atm Cm "add arp" 2490command. 2491.It Va natm_interfaces 2492.Pq Vt str 2493Set to the list of 2494.Xr natm 4 2495interfaces that will also be used for HARP through 2496.Xr harp 4 . 2497If this list is not empty all interfaces in the list will be brought up 2498with 2499.Xr ifconfig 8 2500and 2501.Xr harp 4 2502will be loaded. 2503For this to work the interface drivers must be either compiled into the 2504kernel or must reside on the root partition. 2505.It Va keybell 2506.Pq Vt str 2507The keyboard bell sound. 2508Set to 2509.Dq Li normal , 2510.Dq Li visual , 2511.Dq Li off , 2512or 2513.Dq Li NO 2514if the default behavior is desired. 2515For details, refer to the 2516.Xr kbdcontrol 1 2517manpage. 2518.It Va keyboard 2519.Pq Vt str 2520If set to a non-null string, the virtual console's keyboard input is 2521set to this device. 2522.It Va keymap 2523.Pq Vt str 2524If set to 2525.Dq Li NO , 2526no keymap is installed, otherwise the value is used to install 2527the keymap file in 2528.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2529.It Va keyrate 2530.Pq Vt str 2531The keyboard repeat speed. 2532Set to 2533.Dq Li slow , 2534.Dq Li normal , 2535.Dq Li fast , 2536or 2537.Dq Li NO 2538if the default behavior is desired. 2539.It Va keychange 2540.Pq Vt str 2541If not set to 2542.Dq Li NO , 2543attempt to program the function keys with the value. 2544The value should 2545be a single string of the form: 2546.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2547.It Va cursor 2548.Pq Vt str 2549Can be set to the value of 2550.Dq Li normal , 2551.Dq Li blink , 2552.Dq Li destructive , 2553or 2554.Dq Li NO 2555to set the cursor behavior explicitly or choose the default behavior. 2556.It Va scrnmap 2557.Pq Vt str 2558If set to 2559.Dq Li NO , 2560no screen map is installed, otherwise the value is used to install 2561the screen map file in 2562.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2563.It Va font8x16 2564.Pq Vt str 2565If set to 2566.Dq Li NO , 2567the default 8x16 font value is used for screen size requests, otherwise 2568the value in 2569.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2570is used. 2571.It Va font8x14 2572.Pq Vt str 2573If set to 2574.Dq Li NO , 2575the default 8x14 font value is used for screen size requests, otherwise 2576the value in 2577.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2578is used. 2579.It Va font8x8 2580.Pq Vt str 2581If set to 2582.Dq Li NO , 2583the default 8x8 font value is used for screen size requests, otherwise 2584the value in 2585.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2586is used. 2587.It Va blanktime 2588.Pq Vt int 2589If set to 2590.Dq Li NO , 2591the default screen blanking interval is used, otherwise it is set 2592to 2593.Ar value 2594seconds. 2595.It Va saver 2596.Pq Vt str 2597If not set to 2598.Dq Li NO , 2599this is the actual screen saver to use 2600.Li ( blank , snake , daemon , 2601etc). 2602.It Va moused_nondefault_enable 2603.Pq Vt str 2604If set to 2605.Dq Li NO , 2606the mouse device specified on 2607the command line is not automatically treated as enabled by the 2608.Pa /etc/rc.d/moused 2609script. 2610Having this variable set to 2611.Dq Li YES 2612allows a 2613.Xr usb 4 2614mouse, 2615for example, 2616to be enabled as soon as it is plugged in. 2617.It Va moused_enable 2618.Pq Vt str 2619If set to 2620.Dq Li YES , 2621the 2622.Xr moused 8 2623daemon is started for doing cut/paste selection on the console. 2624.It Va moused_type 2625.Pq Vt str 2626This is the protocol type of the mouse connected to this host. 2627This variable must be set if 2628.Va moused_enable 2629is set to 2630.Dq Li YES . 2631The 2632.Xr moused 8 2633daemon 2634is able to detect the appropriate mouse type automatically in many cases. 2635Set this variable to 2636.Dq Li auto 2637to let the daemon detect it, or 2638select one from the following list if the automatic detection fails. 2639.Pp 2640If the mouse is attached to the PS/2 mouse port, choose 2641.Dq Li auto 2642or 2643.Dq Li ps/2 , 2644regardless of the brand and model of the mouse. 2645Likewise, if the 2646mouse is attached to the bus mouse port, choose 2647.Dq Li auto 2648or 2649.Dq Li busmouse . 2650All other protocols are for serial mice and will not work with 2651the PS/2 and bus mice. 2652If this is a USB mouse, 2653.Dq Li auto 2654is the only protocol type which will work. 2655.Pp 2656.Bl -tag -width ".Li x10mouseremote" -compact 2657.It Li microsoft 2658Microsoft mouse (serial) 2659.It Li intellimouse 2660Microsoft IntelliMouse (serial) 2661.It Li mousesystems 2662Mouse systems Corp.\& mouse (serial) 2663.It Li mmseries 2664MM Series mouse (serial) 2665.It Li logitech 2666Logitech mouse (serial) 2667.It Li busmouse 2668A bus mouse 2669.It Li mouseman 2670Logitech MouseMan and TrackMan (serial) 2671.It Li glidepoint 2672ALPS GlidePoint (serial) 2673.It Li thinkingmouse 2674Kensington ThinkingMouse (serial) 2675.It Li ps/2 2676PS/2 mouse 2677.It Li mmhittab 2678MM HitTablet (serial) 2679.It Li x10mouseremote 2680X10 MouseRemote (serial) 2681.It Li versapad 2682Interlink VersaPad (serial) 2683.El 2684.Pp 2685Even if the mouse is not in the above list, it may be compatible 2686with one in the list. 2687Refer to the manual page for 2688.Xr moused 8 2689for compatibility information. 2690.Pp 2691It should also be noted that while this is enabled, any 2692other client of the mouse (such as an X server) should access 2693the mouse through the virtual mouse device, 2694.Pa /dev/sysmouse , 2695and configure it as a 2696.Dq Li sysmouse 2697type mouse, since all 2698mouse data is converted to this single canonical format when 2699using 2700.Xr moused 8 . 2701If the client program does not support the 2702.Dq Li sysmouse 2703type, 2704specify the 2705.Dq Li mousesystems 2706type. 2707It is the second preferred type. 2708.It Va moused_port 2709.Pq Vt str 2710If 2711.Va moused_enable 2712is set to 2713.Dq Li YES , 2714this is the actual port the mouse is on. 2715It might be 2716.Pa /dev/cuad0 2717for a COM1 serial mouse, 2718.Pa /dev/psm0 2719for a PS/2 mouse or 2720.Pa /dev/mse0 2721for a bus mouse, for example. 2722.It Va moused_flags 2723.Pq Vt str 2724If 2725.Va moused_flags 2726is set, its value is used as an additional set of flags to pass to the 2727.Xr moused 8 2728daemon. 2729.It Va "moused_" Ns Ar XXX Ns Va "_flags" 2730When 2731.Va moused_nondefault_enable 2732is enabled, and a 2733.Xr moused 8 2734daemon is started for a non-default port, the 2735.Va "moused_" Ns Ar XXX Ns Va "_flags" 2736set of options has precedence over and replaces the default 2737.Va moused_flags (where 2738.Ar XXX 2739is the name of the non-default port, i.e.\& 2740.Ar ums0 ) . 2741By setting 2742.Va "moused_" Ns Ar XXX Ns Va "_flags" 2743it is possible to set up a different set of default flags for each 2744.Xr moused 8 2745instance. 2746For example, you can use 2747.Dq Li "-3" 2748for the default 2749.Va moused_flags 2750to make your laptop's touchpad more comfortable to use, 2751but an empty set of options for 2752.Va moused_ums0_flags 2753when your 2754.Xr usb 4 2755mouse has three or more buttons. 2756.It Va mousechar_start 2757.Pq Vt int 2758If set to 2759.Dq Li NO , 2760the default mouse cursor character range 2761.Li 0xd0 Ns - Ns Li 0xd3 2762is used, 2763otherwise the range start is set 2764to 2765.Ar value 2766character, see 2767.Xr vidcontrol 1 . 2768Use if the default range is occupied in the language code table. 2769.It Va allscreens_flags 2770.Pq Vt str 2771If set, 2772.Xr vidcontrol 1 2773is run with these options for each of the virtual terminals 2774.Pq Pa /dev/ttyv* . 2775For example, 2776.Dq Fl m Cm on 2777will enable the mouse pointer on all virtual terminals 2778if 2779.Va moused_enable 2780is set to 2781.Dq Li YES . 2782.It Va allscreens_kbdflags 2783.Pq Vt str 2784If set, 2785.Xr kbdcontrol 1 2786is run with these options for each of the virtual terminals 2787.Pq Pa /dev/ttyv* . 2788For example, 2789.Dq Fl h Li 200 2790will set the 2791.Xr syscons 4 2792scrollback (history) buffer to 200 lines. 2793.It Va cron_enable 2794.Pq Vt bool 2795If set to 2796.Dq Li YES , 2797run the 2798.Xr cron 8 2799daemon at system boot time. 2800.It Va cron_program 2801.Pq Vt str 2802Path to 2803.Xr cron 8 2804(default 2805.Pa /usr/sbin/cron ) . 2806.It Va cron_flags 2807.Pq Vt str 2808If 2809.Va cron_enable 2810is set to 2811.Dq Li YES , 2812these are the flags to pass to 2813.Xr cron 8 . 2814.It Va cron_dst 2815.Pq Vt bool 2816If set to 2817.Dq Li YES , 2818enable the special handling of transitions to and from the 2819Daylight Saving Time in 2820.Xr cron 8 2821(equivalent to using the flag 2822.Fl s ) . 2823.It Va lpd_program 2824.Pq Vt str 2825Path to 2826.Xr lpd 8 2827(default 2828.Pa /usr/sbin/lpd ) . 2829.It Va lpd_enable 2830.Pq Vt bool 2831If set to 2832.Dq Li YES , 2833run the 2834.Xr lpd 8 2835daemon at system boot time. 2836.It Va lpd_flags 2837.Pq Vt str 2838If 2839.Va lpd_enable 2840is set to 2841.Dq Li YES , 2842these are the flags to pass to the 2843.Xr lpd 8 2844daemon. 2845.It Va chkprintcap_enable 2846.Pq Vt bool 2847If set to 2848.Dq Li YES , 2849run the 2850.Xr chkprintcap 8 2851command before starting the 2852.Xr lpd 8 2853daemon. 2854.It Va chkprintcap_flags 2855.Pq Vt str 2856If 2857.Va lpd_enable 2858and 2859.Va chkprintcap_enable 2860are set to 2861.Dq Li YES , 2862these are the flags to pass to the 2863.Xr chkprintcap 8 2864program. 2865The default is 2866.Dq Li -d , 2867which causes missing directories to be created. 2868.It Va mta_start_script 2869.Pq Vt str 2870This variable specifies the full path to the script to run to start 2871a mail transfer agent. 2872The default is 2873.Pa /etc/rc.sendmail . 2874The 2875.Va sendmail_* 2876variables which 2877.Pa /etc/rc.sendmail 2878uses are documented in the 2879.Xr rc.sendmail 8 2880manual page. 2881.It Va dumpdev 2882.Pq Vt str 2883Indicates the device (usually a swap partition) to which a crash dump 2884should be written in the event of a system crash. 2885If the value of this variable is 2886.Dq Li AUTO , 2887the first suitable swap device listed in 2888.Pa /etc/fstab 2889will be used as dump device. 2890Otherwise, the value of this variable is passed as the argument to 2891.Xr dumpon 8 . 2892To disable crash dumps, set this variable to 2893.Dq Li NO . 2894.It Va dumpdir 2895.Pq Vt str 2896When the system reboots after a crash and a crash dump is found on the 2897device specified by the 2898.Va dumpdev 2899variable, 2900.Xr savecore 8 2901will save that crash dump and a copy of the kernel to the directory 2902specified by the 2903.Va dumpdir 2904variable. 2905The default value is 2906.Pa /var/crash . 2907Set to 2908.Dq Li NO 2909to not run 2910.Xr savecore 8 2911at boot time when 2912.Va dumpdir 2913is set. 2914.It Va savecore_flags 2915.Pq Vt str 2916If crash dumps are enabled, these are the flags to pass to the 2917.Xr savecore 8 2918utility. 2919.It Va enable_quotas 2920.Pq Vt bool 2921Set to 2922.Dq Li YES 2923to turn on user and group disk quotas on system startup via the 2924.Xr quotaon 8 2925command for all file systems marked as having quotas enabled in 2926.Pa /etc/fstab . 2927The kernel must be built with 2928.Cd "options QUOTA" 2929for disk quotas to function. 2930.It Va check_quotas 2931.Pq Vt bool 2932Set to 2933.Dq Li YES 2934to enable user and group disk quota checking via the 2935.Xr quotacheck 8 2936command. 2937.It Va quotacheck_flags 2938.Pq Vt str 2939If 2940.Va enable_quotas 2941is set to 2942.Dq Li YES , 2943and 2944.Va check_quotas 2945is set to 2946.Dq Li YES , 2947these are the flags to pass to the 2948.Xr quotacheck 8 2949utility. 2950The default is 2951.Dq Li "-a" , 2952which checks quotas for all file systems with quotas enabled in 2953.Pa /etc/fstab . 2954.It Va quotaon_flags 2955.Pq Vt str 2956If 2957.Va enable_quotas 2958is set to 2959.Dq Li YES , 2960these are the flags to pass to the 2961.Xr quotaon 8 2962utility. 2963The default is 2964.Dq Li "-a" , 2965which enables quotas for all file systems with quotas enabled in 2966.Pa /etc/fstab . 2967.It Va quotaoff_flags 2968.Pq Vt str 2969If 2970.Va enable_quotas 2971is set to 2972.Dq Li YES , 2973these are the flags to pass to the 2974.Xr quotaoff 8 2975utility when shutting down the quota system. 2976The default is 2977.Dq Li "-a" , 2978which disables quotas for all file systems with quotas enabled in 2979.Pa /etc/fstab . 2980.It Va accounting_enable 2981.Pq Vt bool 2982Set to 2983.Dq Li YES 2984to enable system accounting through the 2985.Xr accton 8 2986facility. 2987.It Va ibcs2_enable 2988.Pq Vt bool 2989Set to 2990.Dq Li YES 2991to enable iBCS2 (SCO) binary emulation at system initial boot 2992time. 2993.It Va ibcs2_loaders 2994.Pq Vt str 2995If not set to 2996.Dq Li NO 2997and if 2998.Va ibcs2_enable 2999is set to 3000.Dq Li YES , 3001this specifies a list of additional iBCS2 loaders to enable. 3002.It Va linux_enable 3003.Pq Vt bool 3004Set to 3005.Dq Li YES 3006to enable Linux/ELF binary emulation at system initial 3007boot time. 3008.It Va svr4_enable 3009.Pq Vt bool 3010If set to 3011.Dq Li YES , 3012enable SysVR4 emulation at boot time. 3013.It Va sysvipc_enable 3014.Pq Vt bool 3015If set to 3016.Dq Li YES , 3017load System V IPC primitives at boot time. 3018.It Va clear_tmp_enable 3019.Pq Vt bool 3020Set to 3021.Dq Li YES 3022to have 3023.Pa /tmp 3024cleaned at startup. 3025.It Va clear_tmp_X 3026.Pq Vt bool 3027Set to 3028.Dq Li NO 3029to disable removing of X11 lock files, 3030and the removal and (secure) recreation 3031of the various socket directories for X11 3032related programs. 3033.It Va ldconfig_paths 3034.Pq Vt str 3035Set to the list of shared library paths to use with 3036.Xr ldconfig 8 . 3037NOTE: 3038.Pa /usr/lib 3039will always be added first, so it need not appear in this list. 3040.It Va ldconfig32_paths 3041.Pq Vt str 3042Set to the list of 32-bit compatibility shared library paths to 3043use with 3044.Xr ldconfig 8 . 3045.It Va ldconfig_paths_aout 3046.Pq Vt str 3047Set to the list of shared library paths to use with 3048.Xr ldconfig 8 3049legacy 3050.Xr a.out 5 3051support. 3052.It Va ldconfig_insecure 3053.Pq Vt bool 3054The 3055.Xr ldconfig 8 3056utility normally refuses to use directories 3057which are writable by anyone except root. 3058Set this variable to 3059.Dq Li YES 3060to disable that security check during system startup. 3061.It Va ldconfig_local_dirs 3062.Pq Vt str 3063Set to the list of local 3064.Xr ldconfig 8 3065directories. 3066The names of all files in the directories listed will be 3067passed as arguments to 3068.Xr ldconfig 8 . 3069.It Va ldconfig_local32_dirs 3070.Pq Vt str 3071Set to the list of local 32-bit compatibility 3072.Xr ldconfig 8 3073directories. 3074The names of all files in the directories listed will be 3075passed as arguments to 3076.Dq Nm ldconfig Fl 32 . 3077.It Va kern_securelevel_enable 3078.Pq Vt bool 3079Set to 3080.Dq Li YES 3081to set the kernel security level at system startup. 3082.It Va kern_securelevel 3083.Pq Vt int 3084The kernel security level to set at startup. 3085The allowed range of 3086.Ar value 3087ranges from \-1 (the compile time default) to 3 (the 3088most secure). 3089See 3090.Xr init 8 3091for the list of possible security levels and their effect 3092on system operation. 3093.It Va sshd_program 3094.Pq Vt str 3095Path to the SSH server program 3096.Pa ( /usr/sbin/sshd 3097is the default). 3098.It Va sshd_enable 3099.Pq Vt bool 3100Set to 3101.Dq Li YES 3102to start 3103.Xr sshd 8 3104at system boot time. 3105.It Va sshd_flags 3106.Pq Vt str 3107If 3108.Va sshd_enable 3109is set to 3110.Dq Li YES , 3111these are the flags to pass to the 3112.Xr sshd 8 3113daemon. 3114.It Va ftpd_program 3115.Pq Vt str 3116Path to the FTP server program 3117.Pa ( /usr/libexec/ftpd 3118is the default). 3119.It Va ftpd_enable 3120.Pq Vt bool 3121Set to 3122.Dq Li YES 3123to start 3124.Xr ftpd 8 3125as a stand-alone daemon at system boot time. 3126.It Va ftpd_flags 3127.Pq Vt str 3128If 3129.Va ftpd_enable 3130is set to 3131.Dq Li YES , 3132these are the additional flags to pass to the 3133.Xr ftpd 8 3134daemon. 3135.It Va watchdogd_enable 3136.Pq Vt bool 3137If set to 3138.Dq Li YES , 3139start the 3140.Xr watchdogd 8 3141daemon at boot time. 3142This requires that the kernel have been compiled with a 3143.Xr watchdog 4 3144compatible device. 3145.It Va watchdogd_flags 3146.Pq Vt str 3147If 3148.Va watchdogd_enable 3149is set to 3150.Dq Li YES , 3151these are the flags passed to the 3152.Xr watchdogd 8 3153daemon. 3154.It Va performance_cx_lowest 3155.Pq Vt str 3156CPU idle state to use while on AC power. 3157The string 3158.Dq Li LOW 3159indicates that 3160.Xr acpi 4 3161should use the lowest power state available while 3162.Dq Li HIGH 3163indicates that the lowest latency state (less power savings) should be used. 3164.It Va performance_cpu_freq 3165.Pq Vt str 3166CPU clock frequency to use while on AC power. 3167The string 3168.Dq Li LOW 3169indicates that 3170.Xr cpufreq 4 3171should use the lowest frequency available while 3172.Dq Li HIGH 3173indicates that the highest frequency (less power savings) should be used. 3174.It Va economy_cx_lowest 3175.Pq Vt str 3176CPU idle state to use when off AC power. 3177The string 3178.Dq Li LOW 3179indicates that 3180.Xr acpi 4 3181should use the lowest power state available while 3182.Dq Li HIGH 3183indicates that the lowest latency state (less power savings) should be used. 3184.It Va economy_cpu_freq 3185.Pq Vt str 3186CPU clock frequency to use when off AC power. 3187The string 3188.Dq Li LOW 3189indicates that 3190.Xr cpufreq 4 3191should use the lowest frequency available while 3192.Dq Li HIGH 3193indicates that the highest frequency (less power savings) should be used. 3194.It Va jail_enable 3195.Pq Vt bool 3196If set to 3197.Dq Li NO , 3198any configured jails will not be started. 3199.It Va jail_list 3200.Pq Vt str 3201A space separated list of names for jails. 3202This is purely a configuration aid to help identify and 3203configure multiple jails. 3204The names specified in this list will be used to 3205identify settings common to an instance of a jail. 3206Assuming that the jail in question was named 3207.Li vjail , 3208you would have the following dependent variables: 3209.Bd -literal 3210jail_vjail_hostname="jail.example.com" 3211jail_vjail_ip="192.168.1.100" 3212jail_vjail_rootdir="/var/jails/vjail/root" 3213.Ed 3214.Pp 3215.It Va jail_flags 3216.Pq Vt str 3217Unset by default. 3218When set, use as default value for 3219.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3220for every jail in 3221.Va jail_list . 3222.It Va jail_interface 3223.Pq Vt str 3224Unset by default. 3225When set, use as default value for 3226.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3227for every jail in 3228.Va jail_list . 3229.It Va jail_fstab 3230.Pq Vt str 3231Unset by default. 3232When set, use as default value for 3233.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3234for every jail in 3235.Va jail_list . 3236.It Va jail_mount_enable 3237.Pq Vt bool 3238Set to 3239.Dq Li NO 3240by default. 3241When set to 3242.Dq Li YES , 3243sets 3244.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3245to 3246.Dq Li YES 3247by default for every jail in 3248.Va jail_list . 3249.It Va jail_devfs_ruleset 3250.Pq Vt str 3251Unset by default. 3252When set, sets 3253.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3254to given value for every jail in 3255.Va jail_list . 3256.It Va jail_devfs_enable 3257.Pq Vt bool 3258Set to 3259.Dq Li NO 3260by default. 3261When set to 3262.Dq Li YES , 3263sets 3264.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3265to 3266.Dq Li YES 3267by default for every jail in 3268.Va jail_list . 3269.It Va jail_fdescfs_enable 3270.Pq Vt bool 3271Set to 3272.Dq Li NO 3273by default. 3274When set to 3275.Dq Li YES , 3276sets 3277.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3278to 3279.Dq Li YES 3280by default for every jail in 3281.Va jail_list . 3282.It Va jail_procfs_enable 3283.Pq Vt bool 3284Set to 3285.Dq Li NO 3286by default. 3287When set to 3288.Dq Li YES , 3289sets 3290.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3291to 3292.Dq Li YES 3293by default for every jail in 3294.Va jail_list . 3295.It Va jail_exec_start 3296.Pq Vt str 3297Unset by default. 3298When set, use as default value for 3299.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3300for every jail in 3301.Va jail_list . 3302.It Va jail_exec_afterstart Ns Aq Ar N 3303.Pq Vt str 3304Unset by default. 3305When set, use as default value for 3306.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3307for every jail in 3308.Va jail_list . 3309.It Va jail_exec_stop 3310Unset by default. 3311When set, use as default value for 3312.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3313for every jail in 3314.Va jail_list . 3315.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3316.Pq Vt str 3317Unset by default. 3318Set to the root directory used by jail 3319.Va jname . 3320.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3321.Pq Vt str 3322Unset by default. 3323Set to the fully qualified domain name (FQDN) assigned to jail 3324.Va jname . 3325.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3326.Pq Vt str 3327Unset by default. 3328Set to the IP address assigned to jail 3329.Va jname . 3330.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3331.Pq Vt str 3332Set to 3333.Dq Li -l -U root 3334by default. 3335These are flags to pass to 3336.Xr jail . 3337.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3338.Pq Vt str 3339Unset by default. 3340When set, sets the interface to use when setting IP address alias. 3341Note that the alias is created at jail startup and removed at jail shutdown. 3342.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3343.Pq Vt str 3344Set to 3345.Pa /etc/fstab. Ns Aq Ar jname 3346by default. 3347This is the file system information file to use for jail 3348.Va jname . 3349.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3350.Pq Vt bool 3351Set to 3352.Dq Li NO 3353by default. 3354When set to 3355.Dq Li YES , 3356mount all file systems from 3357.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3358at jail startup. 3359.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3360.Pq Vt str 3361Unset by default. 3362When set, defines the device file system ruleset file to use for jail 3363.Va jname . 3364.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3365.Pq Vt bool 3366Set to 3367.Dq Li NO 3368by default. 3369When set to 3370.Dq Li YES , 3371mount the device file system inside jail 3372.Ar jname 3373at jail startup. 3374.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3375.Pq Vt bool 3376Set to 3377.Dq Li NO 3378by default. 3379When set to 3380.Dq Li YES , 3381mount the file-descriptor file system inside jail 3382.Ar jname 3383at jail startup. 3384.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3385.Pq Vt bool 3386Set to 3387.Dq Li NO 3388by default. 3389When set to 3390.Dq Li YES , 3391mount the process file system inside jail 3392.Ar jname 3393at jail startup. 3394.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3395.Pq Vt str 3396Set to 3397.Dq Li /bin/sh /etc/rc 3398by default. 3399This is the command executed at jail startup. 3400.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3401.Pq Vt str 3402Unset by default. 3403This is the command run as 3404.Ar N Ns 3405th command 3406after jail startup, where 3407.Ar N 3408is 1, 2, and so on. 3409.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3410.Pq Vt str 3411Set to 3412.Dq Li /bin/sh /etc/rc.shutdown 3413by default. 3414This is the command executed at jail shutdown. 3415.It Va jail_set_hostname_allow 3416.Pq Vt bool 3417If set to 3418.Dq Li NO , 3419do not allow the root user in a jail to set its hostname. 3420.It Va jail_socket_unixiproute_only 3421.Pq Vt bool 3422If set to 3423.Dq Li YES , 3424do not allow any sockets, 3425besides UNIX/IP/route sockets, 3426to be used within a jail. 3427.It Va jail_sysvipc_allow 3428.Pq Vt bool 3429If set to 3430.Dq Li YES , 3431allow applications within a jail to use System V IPC. 3432.\" ----- ISDN settings --------------------------------- 3433.It Va isdn_enable 3434.Pq Vt bool 3435Set to 3436.Dq Li NO 3437by default. 3438When set to 3439.Dq Li YES , 3440starts the 3441.Xr isdnd 8 3442daemon 3443at system boot time. 3444.It Va isdn_flags 3445.Pq Vt str 3446Set to 3447.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9 3448by default. 3449Additional flags to pass to 3450.Xr isdnd 8 3451(but see 3452.Va isdn_fsdev 3453and 3454.Va isdn_ttype 3455for certain tunable parameters). 3456.It Va isdn_ttype 3457.Pq Vt str 3458Set to 3459.Dq Li cons25 3460by default. 3461The terminal type of the output device when 3462.Xr isdnd 8 3463operates in full-screen mode. 3464.It Va isdn_screenflags 3465.Pq Vt str 3466Set to 3467.Dq Li NO 3468by default. 3469The video mode for full-screen mode (only for 3470.Xr syscons 4 3471console driver, see 3472.Xr vidcontrol 1 3473for valid modes). 3474.It Va isdn_fsdev 3475.Pq Vt str 3476Set to 3477.Dq Li NO 3478by default. 3479The output device for 3480.Xr isdnd 8 3481in full-screen mode (or 3482.Dq Li NO 3483for daemon mode). 3484.It Va isdn_trace 3485.Pq Vt bool 3486Set to 3487.Dq Li NO 3488by default. 3489When set to 3490.Dq Li YES , 3491enables the ISDN protocol trace utility 3492.Xr isdntrace 8 3493at system boot time. 3494.It Va isdn_traceflags 3495.Pq Vt str 3496Set to 3497.Dq Fl f Pa /var/tmp/isdntrace0 3498by default. 3499Flags for 3500.Xr isdntrace 8 . 3501.\" ----------------------------------------------------- 3502.It Va harvest_interrupt 3503.Pq Vt bool 3504Set to 3505.Dq Li YES 3506to use hardware interrupts as an entropy source. 3507Refer to 3508.Xr random 4 3509for more information. 3510.It Va harvest_ethernet 3511.Pq Vt bool 3512Set to 3513.Dq Li YES 3514to use LAN traffic as an entropy source. 3515Refer to 3516.Xr random 4 3517for more information. 3518.It Va harvest_p_to_p 3519.Pq Vt bool 3520Set to 3521.Dq Li YES 3522to use serial line traffic as an entropy source. 3523Refer to 3524.Xr random 4 3525for more information. 3526.It Va entropy_dir 3527.Pq Vt str 3528Set to 3529.Dq Li NO 3530to disable caching entropy via 3531.Xr cron 8 . 3532Otherwise set to the directory used to store entropy files in. 3533.It Va entropy_file 3534.Pq Vt str 3535Set to 3536.Dq Li NO 3537to disable caching entropy through reboots. 3538Otherwise set to the filename used to store cached entropy through 3539reboots. 3540This file should be located on the root file system to seed the 3541.Xr random 4 3542device as early as possible in the boot process. 3543.It Va entropy_save_sz 3544.Pq Vt int 3545Size of the entropy cache files saved by 3546.Nm save-entropy 3547periodically. 3548.It Va entropy_save_num 3549.Pq Vt int 3550Number of entropy cache files to save by 3551.Nm save-entropy 3552periodically. 3553.It Va ipsec_enable 3554.Pq Vt bool 3555Set to 3556.Dq Li YES 3557to run 3558.Xr setkey 8 3559on 3560.Va ipsec_file 3561at boot time. 3562.It Va ipsec_file 3563.Pq Vt str 3564Configuration file for 3565.Xr setkey 8 . 3566.It Va dmesg_enable 3567.Pq Vt bool 3568Set to 3569.Dq Li YES 3570to save 3571.Xr dmesg 8 3572to 3573.Pa /var/run/dmesg.boot 3574on boot. 3575.It Va rcshutdown_timeout 3576.Pq Vt int 3577If set, start a watchdog timer in the background which will terminate 3578.Pa rc.shutdown 3579if 3580.Xr shutdown 8 3581has not completed within the specified time (in seconds). 3582Notice that in addition to this soft timeout, 3583.Xr init 8 3584also applies a hard timeout for the execution of 3585.Pa rc.shutdown . 3586This is configured via 3587.Xr sysctl 8 3588variable 3589.Va kern.init_shutdown_timeout 3590and defaults to 120 seconds. 3591Setting the value of 3592.Va rcshutdown_timeout 3593to more than 120 seconds will have no effect until the 3594.Xr sysctl 8 3595variable 3596.Va kern.init_shutdown_timeout 3597is also increased. 3598.It Va virecover_enable 3599.Pq Vt bool 3600Set to 3601.Dq Li NO 3602to prevent the system from trying to 3603recover pre-maturely terminated 3604.Xr vi 1 3605sessions. 3606.It Va ugidfw_enable 3607.Pq Vt bool 3608Set to 3609.Dq Li YES 3610to load the 3611.Xr mac_bsdextended 4 3612module upon system initialization and load a default 3613ruleset file. 3614.It Va bsdextended_script 3615.Pq Vt str 3616The default 3617.Xr mac_bsdextended 4 3618ruleset file to load. 3619The default value of this variable is 3620.Pa /etc/rc.bsdextended . 3621.It Va newsyslog_enable 3622.Pq Vt bool 3623If set to 3624.Dq Li YES , 3625run 3626.Xr newsyslog 8 3627command at startup. 3628.It Va newsyslog_flags 3629.Pq Vt str 3630If 3631.Va newsyslog_enable 3632is set to 3633.Dq Li YES , 3634these are the flags to pass to the 3635.Xr newsyslog 8 3636program. 3637The default is 3638.Dq Li -CN , 3639which causes log files flagged with a 3640.Cm C 3641to be created. 3642.It Va mdconfig_md Ns Aq Ar X 3643.Pq Vt str 3644Arguments to 3645.Xr mdconfig 8 3646for 3647.Xr md 4 3648device 3649.Ar X . 3650At minimum a 3651.Fl t Ar type 3652must be specified and either a 3653.Fl s Ar size 3654for malloc or swap backed 3655.Xr md 4 3656devices or a 3657.Fl f Ar file 3658for vnode backed 3659.Xr md 4 3660devices. 3661Note that 3662.Va mdconfig_md Ns Aq Ar X 3663variables are evaluated until one variable is unset or null. 3664.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3665.Pq Vt str 3666Optional arguments passed to 3667.Xr newfs 8 3668to initialize 3669.Xr md 4 3670device 3671.Ar X . 3672.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3673.Pq Vt str 3674An ownership specification passed to 3675.Xr chown 8 3676after the specified 3677.Xr md 4 3678device 3679.Ar X 3680has been mounted. 3681Both the 3682.Xr md 4 3683device and the mount point will be changed. 3684.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3685.Pq Vt str 3686A mode string passed to 3687.Xr chmod 1 3688after the specified 3689.Xr md 4 3690device 3691.Ar X 3692has been mounted. 3693Both the 3694.Xr md 4 3695device and the mount point will be changed. 3696.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3697.Pq Vt str 3698Files to be copied to the mount point of the 3699.Xr md 4 3700device 3701.Ar X 3702after it has been mounted. 3703.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3704.Pq Vt str 3705Command to execute after the specified 3706.Xr md 4 3707device 3708.Ar X 3709has been mounted. 3710Note that the command is passed to 3711.Ic eval 3712and that both 3713.Va _dev 3714and 3715.Va _mp 3716variables can be used to reference respectively the 3717.Xr md 4 3718device and the mount point. 3719Assuming that the 3720.Xr md 4 3721device is 3722.Li md0 , 3723one could set the following: 3724.Bd -literal 3725mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3726.Ed 3727.It Va ramdisk_units 3728.Pq Vt str 3729A list of one or more ramdisk units to configure with 3730.Xr mdconfig 8 3731and 3732.Xr newfs 8 3733in time to be mounted from 3734.Xr fstab 5 . 3735Each listed unit 3736.Ar X 3737must specify at least a 3738.Ar type 3739in a 3740.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3741variable. 3742Note that this way to configure ramdisks has been deprecated 3743in favor of new 3744.Va mdconfig_md* 3745variables (see above). 3746.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3747.Pq Vt str 3748Arguments to 3749.Xr mdconfig 8 3750for ramdisk 3751.Ar X . 3752At minimum a 3753.Fl t Ar type 3754must be specified, where 3755.Ar type 3756must be one of 3757.Cm malloc 3758or 3759.Cm swap . 3760.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3761.Pq Vt str 3762Optional arguments passed to 3763.Xr newfs 8 3764to initialize ramdisk 3765.Ar X . 3766.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3767.Pq Vt str 3768An ownership specification passed to 3769.Xr chown 8 3770after the specified ramdisk unit 3771.Ar X 3772has been mounted. 3773Both the 3774.Xr md 4 3775device and the mount point will be changed. 3776.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3777.Pq Vt str 3778A mode string passed to 3779.Xr chmod 1 3780after the specified ramdisk unit 3781.Ar X 3782has been mounted. 3783Both the 3784.Xr md 4 3785device and the mount point will be changed. 3786.It Va autobridge_interfaces 3787.Pq Vt str 3788Set to the list of bridge interfaces that will have newly arriving interfaces 3789checked against to be automatically added. 3790If not set to 3791.Dq Li NO 3792then for each whitespace separated 3793.Ar element 3794in the value, a 3795.Va autobridge_ Ns Aq Ar element 3796variable is assumed to exist which has a whitespace separated list of interface 3797names to match, these names can use wildcards. 3798For example: 3799.Bd -literal 3800autobridge_interfaces="bridge0" 3801autobridge_bridge0="tap* dc0 vlan[345]" 3802.Ed 3803.It Va mixer_enable 3804.Pq Vt bool 3805If set to 3806.Dq Li YES , 3807enable support for sound mixer. 3808.El 3809.Sh FILES 3810.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 3811.It Pa /etc/defaults/rc.conf 3812.It Pa /etc/rc.conf 3813.It Pa /etc/rc.conf.local 3814.El 3815.Sh SEE ALSO 3816.Xr catman 1 , 3817.Xr chmod 1 , 3818.Xr gdb 1 , 3819.Xr info 1 , 3820.Xr kbdcontrol 1 , 3821.Xr makewhatis 1 , 3822.Xr sh 1 , 3823.Xr vi 1 , 3824.Xr vidcontrol 1 , 3825.Xr bridge 4 , 3826.Xr ip 4 , 3827.Xr ipf 4 , 3828.Xr ipfw 4 , 3829.Xr ipnat 4 , 3830.Xr kld 4 , 3831.Xr pf 4 , 3832.Xr pflog 4 , 3833.Xr pfsync 4 , 3834.Xr tcp 4 , 3835.Xr udp 4 , 3836.Xr exports 5 , 3837.Xr fstab 5 , 3838.Xr ipf 5 , 3839.Xr ipnat 5 , 3840.Xr motd 5 , 3841.Xr newsyslog.conf 5 , 3842.Xr pf.conf 5 , 3843.Xr accton 8 , 3844.Xr amd 8 , 3845.Xr apm 8 , 3846.Xr atm 8 , 3847.Xr chkprintcap 8 , 3848.Xr chown 8 , 3849.Xr cron 8 , 3850.Xr dhclient 8 , 3851.Xr ftpd 8 , 3852.Xr geli 8 , 3853.Xr ifconfig 8 , 3854.Xr inetd 8 , 3855.Xr ipf 8 , 3856.Xr ipfw 8 , 3857.Xr ipnat 8 , 3858.Xr isdnd 8 , 3859.Xr isdntrace 8 , 3860.Xr jail 8 , 3861.Xr kldxref 8 , 3862.Xr lpd 8 , 3863.Xr mdconfig 8 , 3864.Xr mdmfs 8 , 3865.Xr mixer 8 , 3866.Xr mountd 8 , 3867.Xr moused 8 , 3868.Xr mrouted 8 , 3869.Xr named 8 , 3870.Xr newfs 8 , 3871.Xr newsyslog 8 , 3872.Xr nfsd 8 , 3873.Xr ntpd 8 , 3874.Xr ntpdate 8 , 3875.Xr pfctl 8 , 3876.Xr pflogd 8 , 3877.Xr powerd 8 , 3878.Xr quotacheck 8 , 3879.Xr quotaon 8 , 3880.Xr rc 8 , 3881.Xr rc.sendmail 8 , 3882.Xr route 8 , 3883.Xr routed 8 , 3884.Xr rpcbind 8 , 3885.Xr rpc.lockd 8 , 3886.Xr rpc.statd 8 , 3887.Xr rwhod 8 , 3888.Xr savecore 8 , 3889.Xr sshd 8 , 3890.Xr swapon 8 , 3891.Xr sysctl 8 , 3892.Xr syslogd 8 , 3893.Xr timed 8 , 3894.Xr yp 8 , 3895.Xr ypbind 8 , 3896.Xr ypserv 8 , 3897.Xr ypset 8 3898.Sh HISTORY 3899The 3900.Nm 3901file appeared in 3902.Fx 2.2.2 . 3903.Sh AUTHORS 3904.An Jordan K. Hubbard . 3905