xref: /freebsd/share/man/man5/rc.conf.5 (revision b89a7cc2ed6e4398d5be502f5bb5885d1ec6ff0f)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd December 19, 2018
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/rc.conf.local
63is used to override settings in
64.Pa /etc/rc.conf
65for historical reasons.
66.Pp
67The sysrc(8) command provides a scripting interface to modify system
68config files.
69.Pp
70In addition to
71.Pa /etc/rc.conf.local
72you can also place smaller configuration files for each
73.Xr rc 8
74script in the
75.Pa /etc/rc.conf.d
76directory or
77.Ao Ar dir Ac Ns Pa /rc.conf.d
78directories specified in
79.Va local_startup ,
80which will be included by the
81.Va load_rc_config
82function.
83For jail configurations you could use the file
84.Pa /etc/rc.conf.d/jail
85to store jail specific configuration options.
86If
87.Va local_startup
88contains
89.Pa /usr/local/etc/rc.d
90and
91.Pa /opt/conf ,
92.Pa /usr/local/rc.conf.d/jail
93and
94.Pa /opt/conf/rc.conf.d/jail
95will be loaded.
96If
97.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
98is a directory,
99all of files in the directory will be loaded.
100Also see the
101.Va rc_conf_files
102variable below.
103.Pp
104Options are set with
105.Dq Ar name Ns Li = Ns Ar value
106assignments that use
107.Xr sh 1
108syntax.
109The following list provides a name and short description for each
110variable that can be set in the
111.Nm
112file:
113.Bl -tag -width indent-two
114.It Va rc_debug
115.Pq Vt bool
116If set to
117.Dq Li YES ,
118enable output of debug messages from rc scripts.
119This variable can be helpful in diagnosing mistakes when
120editing or integrating new scripts.
121Beware that this produces copious output to the terminal and
122.Xr syslog 3 .
123.It Va rc_info
124.Pq Vt bool
125If set to
126.Dq Li NO ,
127disable informational messages from the rc scripts.
128Informational messages are displayed when
129a condition that is not serious enough to warrant a warning or
130an error occurs.
131.It Va rc_startmsgs
132.Pq Vt bool
133If set to
134.Dq Li YES ,
135show
136.Dq Starting foo:
137when faststart is used (e.g., at boot time).
138.It Va early_late_divider
139.Pq Vt str
140The name of the script that should be used as the
141delimiter between the
142.Dq early
143and
144.Dq late
145stages of the boot process.
146The early stage should contain all the services needed to
147get the disks (local or remote) mounted so that the late
148stage can include scripts contained in the directories
149listed in the
150.Va local_startup
151variable (see below).
152Thus, the two likely candidates for this value are
153.Pa mountcritlocal
154for the typical system, and
155.Pa mountcritremote
156if the system needs remote file
157systems mounted to get access to the
158.Va local_startup
159directories; for example when
160.Pa /usr/local
161is NFS mounted.
162For
163.Pa rc.conf
164within a
165.Xr jail 8
166.Pa NETWORKING
167is likely to be an appropriate value.
168Extreme care should be taken when changing this value,
169and before changing it one should ensure that there are
170adequate provisions to recover from a failed boot
171(such as physical contact with the machine,
172or reliable remote console access).
173.It Va always_force_depends
174.Pq Vt bool
175Various
176.Pa rc.d
177scripts use the force_depend function to check whether required
178services are already running, and to start them if necessary.
179By default during boot time this check is bypassed if the
180required service is enabled in
181.Pa /etc/rc.conf[.local] .
182Setting this option will bypass that check at boot time and
183always test whether or not the service is actually running.
184Enabling this option is likely to increase your boot time if
185services are enabled that utilize the force_depend check.
186.It Ao Ar name Ac Ns Va _chroot
187.Pq Vt str
188.Xr chroot 8
189to this directory before running the service.
190.It Ao Ar name Ac Ns Va _user
191.Pq Vt str
192Run the service under this user account.
193.It Ao Ar name Ac Ns Va _group
194.Pq Vt str
195Run the chrooted service under this system group.
196Unlike the _user
197setting, this setting has no effect if the service is not chrooted.
198.It Ao Ar name Ac Ns Va _fib
199.Pq Vt int
200The
201.Xr setfib 1
202value to run the service under.
203.It Ao Ar name Ac Ns Va _nice
204.Pq Vt int
205The
206.Xr nice 1
207value to run the service under.
208.It Va apm_enable
209.Pq Vt bool
210If set to
211.Dq Li YES ,
212enable support for Automatic Power Management with
213the
214.Xr apm 8
215command.
216.It Va apmd_enable
217.Pq Vt bool
218Run
219.Xr apmd 8
220to handle APM event from userland.
221This also enables support for APM.
222.It Va apmd_flags
223.Pq Vt str
224If
225.Va apmd_enable
226is set to
227.Dq Li YES ,
228these are the flags to pass to the
229.Xr apmd 8
230daemon.
231.It Va devd_enable
232.Pq Vt bool
233Run
234.Xr devd 8
235to handle device added, removed or unknown events from the kernel.
236.It Va ddb_enable
237.Pq Vt bool
238Run
239.Xr ddb 8
240to install
241.Xr ddb 4
242scripts at boot time.
243.It Va ddb_config
244.Pq Vt str
245Configuration file for
246.Xr ddb 8 .
247Default
248.Pa /etc/ddb.conf .
249.It Va kld_list
250.Pq Vt str
251A whitespace-separated list of kernel modules to load right after
252the local disks are mounted, without any
253.Pa .ko
254extension or path.
255Loading modules at this point in the boot process is
256much faster than doing it via
257.Pa /boot/loader.conf
258for those modules not necessary for mounting local disks.
259.It Va kldxref_enable
260.Pq Vt bool
261Set to
262.Dq Li NO
263by default.
264Set to
265.Dq Li YES
266to automatically rebuild
267.Pa linker.hints
268files with
269.Xr kldxref 8
270at boot time.
271.It Va kldxref_clobber
272.Pq Vt bool
273Set to
274.Dq Li NO
275by default.
276If
277.Va kldxref_enable
278is true,
279setting to
280.Dq Li YES
281will overwrite existing
282.Pa linker.hints
283files at boot time.
284Otherwise,
285only missing
286.Pa linker.hints
287files are generated.
288.It Va kldxref_module_path
289.Pq Vt str
290Empty by default.
291A semi-colon
292.Pq Ql \&;
293delimited list of paths containing
294.Xr kld 4
295modules.
296If empty,
297the contents of the
298.Va kern.module_path
299.Xr sysctl 8
300are used.
301.It Va powerd_enable
302.Pq Vt bool
303If set to
304.Dq Li YES ,
305enable the system power control facility with the
306.Xr powerd 8
307daemon.
308.It Va powerd_flags
309.Pq Vt str
310If
311.Va powerd_enable
312is set to
313.Dq Li YES ,
314these are the flags to pass to the
315.Xr powerd 8
316daemon.
317.It Va tmpmfs
318Controls the creation of a
319.Pa /tmp
320memory file system.
321Always happens if set to
322.Dq Li YES
323and never happens if set to
324.Dq Li NO .
325If set to anything else, a memory file system is created if
326.Pa /tmp
327is not writable.
328.It Va tmpsize
329Controls the size of a created
330.Pa /tmp
331memory file system.
332.It Va tmpmfs_flags
333Extra options passed to the
334.Xr mdmfs 8
335utility when the memory file system for
336.Pa /tmp
337is created.
338The default is
339.Dq Li "-S" ,
340which inhibits the use of softupdates on
341.Pa /tmp
342so that file system space is freed without delay
343after file truncation or deletion.
344See
345.Xr mdmfs 8
346for other options you can use in
347.Va tmpmfs_flags .
348.It Va varmfs
349Controls the creation of a
350.Pa /var
351memory file system.
352Always happens if set to
353.Dq Li YES
354and never happens if set to
355.Dq Li NO .
356If set to anything else, a memory file system is created if
357.Pa /var
358is not writable.
359.It Va varsize
360Controls the size of a created
361.Pa /var
362memory file system.
363.It Va varmfs_flags
364Extra options passed to the
365.Xr mdmfs 8
366utility when the memory file system for
367.Pa /var
368is created.
369The default is
370.Dq Li "-S" ,
371which inhibits the use of softupdates on
372.Pa /var
373so that file system space is freed without delay
374after file truncation or deletion.
375See
376.Xr mdmfs 8
377for other options you can use in
378.Va varmfs_flags .
379.It Va populate_var
380Controls the automatic population of the
381.Pa /var
382file system.
383Always happens if set to
384.Dq Li YES
385and never happens if set to
386.Dq Li NO .
387If set to anything else, a memory file system is created if
388.Pa /var
389is not writable.
390Note that this process requires access to certain commands in
391.Pa /usr
392before
393.Pa /usr
394is mounted on normal systems.
395.It Va cleanvar_enable
396.Pq Vt bool
397Clean the
398.Pa /var
399directory.
400.It Va local_startup
401.Pq Vt str
402List of directories to search for startup script files.
403.It Va script_name_sep
404.Pq Vt str
405The field separator to use for breaking down the list of startup script files
406into individual filenames.
407The default is a space.
408It is not necessary to change this unless there are startup scripts with names
409containing spaces.
410.It Va hostapd_enable
411.Pq Vt bool
412Set to
413.Dq Li YES
414to start
415.Xr hostapd 8
416at system boot time.
417.It Va hostname
418.Pq Vt str
419The fully qualified domain name (FQDN) of this host on the network.
420This should almost certainly be set to something meaningful, even if
421there is no network connection.
422If
423.Xr dhclient 8
424is used to set the hostname via DHCP,
425this variable should be set to an empty string.
426Within a
427.Xr jail 8
428the hostname is generally already set and this variable may absent.
429If this value remains unset when the system is done booting
430your console login will display the default hostname of
431.Dq Amnesiac .
432.It Va nisdomainname
433.Pq Vt str
434The NIS domain name of this host, or
435.Dq Li NO
436if NIS is not used.
437.It Va dhclient_program
438.Pq Vt str
439Path to the DHCP client program
440.Pa ( /sbin/dhclient ,
441the
442.Ox
443DHCP client,
444is the default).
445.It Va dhclient_flags
446.Pq Vt str
447Additional flags to pass to the DHCP client program.
448For the
449.Ox
450DHCP client, see the
451.Xr dhclient 8
452manpage for a description of the command line options available.
453.It Va dhclient_flags_ Ns Aq Ar iface
454Additional flags to pass to the DHCP client program running on
455.Ar iface
456only.
457When specified, this variable overrides
458.Va dhclient_flags .
459.It Va background_dhclient
460.Pq Vt bool
461Set to
462.Dq Li YES
463to start the DHCP client in background.
464This can cause trouble with applications depending on
465a working network, but it will provide a faster startup
466in many cases.
467.It Va background_dhclient_ Ns Aq Ar iface
468When specified, this variable overrides the
469.Va background_dhclient
470variable for interface
471.Ar iface
472only.
473.It Va synchronous_dhclient
474.Pq Vt bool
475Set to
476.Dq Li YES
477to start
478.Xr dhclient 8
479synchronously at startup.
480This behavior can be overridden on a per-interface basis by replacing
481the
482.Dq Li DHCP
483keyword in the
484.Va ifconfig_ Ns Aq Ar interface
485variable with
486.Dq Li SYNCDHCP
487or
488.Dq Li NOSYNCDHCP .
489.It Va defaultroute_delay
490.Pq Vt int
491When set to a positive value, wait up to this long after configuring
492DHCP interfaces at startup to give the interfaces time to receive a lease.
493.It Va firewall_enable
494.Pq Vt bool
495Set to
496.Dq Li YES
497to load firewall rules at startup.
498If the kernel was not built with
499.Cd "options IPFIREWALL" ,
500the
501.Pa ipfw.ko
502kernel module will be loaded.
503See also
504.Va ipfilter_enable .
505.It Va firewall_script
506.Pq Vt str
507This variable specifies the full path to the firewall script to run.
508The default is
509.Pa /etc/rc.firewall .
510.It Va firewall_type
511.Pq Vt str
512Names the firewall type from the selection in
513.Pa /etc/rc.firewall ,
514or the file which contains the local firewall ruleset.
515Valid selections from
516.Pa /etc/rc.firewall
517are:
518.Pp
519.Bl -tag -width ".Li simple" -compact
520.It Li open
521unrestricted IP access
522.It Li closed
523all IP services disabled, except via
524.Dq Li lo0
525.It Li client
526basic protection for a workstation
527.It Li simple
528basic protection for a LAN.
529.El
530.Pp
531If a filename is specified, the full path
532must be given.
533.It Va firewall_quiet
534.Pq Vt bool
535Set to
536.Dq Li YES
537to disable the display of firewall rules on the console during boot.
538.It Va firewall_logging
539.Pq Vt bool
540Set to
541.Dq Li YES
542to enable firewall event logging.
543This is equivalent to the
544.Dv IPFIREWALL_VERBOSE
545kernel option.
546.It Va firewall_logif
547.Pq Vt bool
548Set to
549.Dq Li YES
550to create pseudo interface
551.Li ipfw0
552for logging.
553For more details, see
554.Xr ipfw 8
555manual page.
556.It Va firewall_flags
557.Pq Vt str
558Flags passed to
559.Xr ipfw 8
560if
561.Va firewall_type
562specifies a filename.
563.It Va firewall_coscripts
564.Pq Vt str
565List of executables and/or rc scripts to run after firewall starts/stops.
566Default is empty.
567.\" ----- firewall_nat_enable setting --------------------------------
568.It Va firewall_nat_enable
569.Pq Vt bool
570The
571.Xr ipfw 8
572equivalent of
573.Va natd_enable .
574Setting this to
575.Dq Li YES
576enables kernel NAT.
577.Va firewall_enable
578must also be set to
579.Dq Li YES .
580.It Va firewall_nat_interface
581.Pq Vt str
582The
583.Xr ipfw 8
584equivalent of
585.Va natd_interface .
586This is the name of the public interface or IP address on which
587kernel NAT should run.
588.It Va firewall_nat_flags
589.Pq Vt str
590Additional configuration parameters for kernel NAT should be placed here.
591.It Va dummynet_enable
592.Pq Vt bool
593Setting this to
594.Dq Li YES
595will automatically load the
596.Xr dummynet 4
597module if
598.Va firewall_enable
599is also set to
600.Dq Li YES .
601.\" -------------------------------------------------------------------
602.It Va ipfw_netflow_enable
603.Pq Vt bool
604Setting this to
605.Dq Li YES
606will enable netflow logging via
607.Xr ng_netflow 4
608.Pp
609By default a ipfw rule is inserted and all packets are duplicated with
610the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
611port using protocol version 5.
612.It Va ipfw_netflow_hook
613.Pq Vt int
614netflow hook name, must be numerical
615(default
616.Pa 9995 ) .
617.It Va ipfw_netflow_rule
618.Pq Vt int
619ipfw rule number
620(default
621.Pa 1000 ) .
622.It Va ipfw_netflow_ip
623.Pq Vt str
624Destination server ip for receiving netflow data
625(default
626.Pa 127.0.0.1 ) .
627.It Va ipfw_netflow_port
628.Pq Vt int
629Destination server port for receiving netflow data
630(default
631.Pa 9995 ) .
632.It Va ipfw_netflow_version
633.Pq Vt int
634Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
635.It Va ipfw_netflow_fib
636.Pq Vt int
637Only match packet in FIB
638.Pa ipfw_netflow_fib
639(default is undefined meaning all FIBs).
640.It Va natd_program
641.Pq Vt str
642Path to
643.Xr natd 8 .
644.It Va natd_enable
645.Pq Vt bool
646Set to
647.Dq Li YES
648to enable
649.Xr natd 8 .
650.Va firewall_enable
651must also be set to
652.Dq Li YES ,
653and
654.Xr divert 4
655sockets must be enabled in the kernel.
656If the kernel was not built with
657.Cd "options IPDIVERT" ,
658the
659.Pa ipdivert.ko
660kernel module will be loaded.
661.It Va natd_interface
662.Pq Vt str
663This is the name of the public interface on which
664.Xr natd 8
665should run.
666The interface may be given as an interface name or as an IP address.
667.It Va natd_flags
668.Pq Vt str
669Additional
670.Xr natd 8
671flags should be placed here.
672The
673.Fl n
674or
675.Fl a
676flag is automatically added with the above
677.Va natd_interface
678as an argument.
679.\" ----- ipfilter_enable setting --------------------------------
680.It Va ipfilter_enable
681.Pq Vt bool
682Set to
683.Dq Li NO
684by default.
685Setting this to
686.Dq Li YES
687enables
688.Xr ipf 8
689packet filtering.
690.Pp
691Typical usage will require putting
692.Bd -literal
693ipfilter_enable="YES"
694ipnat_enable="YES"
695ipmon_enable="YES"
696ipfs_enable="YES"
697.Ed
698.Pp
699into
700.Pa /etc/rc.conf
701and editing
702.Pa /etc/ipf.rules
703and
704.Pa /etc/ipnat.rules
705appropriately.
706.Pp
707Note that
708.Va ipfilter_enable
709and
710.Va ipnat_enable
711can be enabled independently.
712.Va ipmon_enable
713and
714.Va ipfs_enable
715both require at least one of
716.Va ipfilter_enable
717and
718.Va ipnat_enable
719to be enabled.
720.Pp
721Having
722.Bd -literal
723options IPFILTER
724options IPFILTER_LOG
725options IPFILTER_DEFAULT_BLOCK
726.Ed
727.Pp
728in the kernel configuration file is a good idea, too.
729.\" ----- ipfilter_program setting ------------------------------
730.It Va ipfilter_program
731.Pq Vt str
732Path to
733.Xr ipf 8
734(default
735.Pa /sbin/ipf ) .
736.\" ----- ipfilter_rules setting --------------------------------
737.It Va ipfilter_rules
738.Pq Vt str
739Set to
740.Pa /etc/ipf.rules
741by default.
742This variable contains the name of the filter rule definition file.
743The file is expected to be readable for the
744.Xr ipf 8
745command to execute.
746.\" ----- ipv6_ipfilter_rules setting ---------------------------
747.It Va ipv6_ipfilter_rules
748.Pq Vt str
749Set to
750.Pa /etc/ipf6.rules
751by default.
752This variable contains the IPv6 filter rule definition file.
753The file is expected to be readable for the
754.Xr ipf 8
755command to execute.
756.\" ----- ipfilter_flags setting --------------------------------
757.It Va ipfilter_flags
758.Pq Vt str
759Empty by default.
760This variable contains flags passed to the
761.Xr ipf 8
762program.
763.\" ----- ipnat_enable setting ----------------------------------
764.It Va ipnat_enable
765.Pq Vt bool
766Set to
767.Dq Li NO
768by default.
769Set it to
770.Dq Li YES
771to enable
772.Xr ipnat 8
773network address translation.
774See
775.Va ipfilter_enable
776for a detailed discussion.
777.\" ----- ipnat_program setting ---------------------------------
778.It Va ipnat_program
779.Pq Vt str
780Path to
781.Xr ipnat 8
782(default
783.Pa /sbin/ipnat ) .
784.\" ----- ipnat_rules setting -----------------------------------
785.It Va ipnat_rules
786.Pq Vt str
787Set to
788.Pa /etc/ipnat.rules
789by default.
790This variable contains the name of the file
791holding the network address translation definition.
792This file is expected to be readable for the
793.Xr ipnat 8
794command to execute.
795.\" ----- ipnat_flags setting -----------------------------------
796.It Va ipnat_flags
797.Pq Vt str
798Empty by default.
799This variable contains flags passed to the
800.Xr ipnat 8
801program.
802.\" ----- ipmon_enable setting ----------------------------------
803.It Va ipmon_enable
804.Pq Vt bool
805Set to
806.Dq Li NO
807by default.
808Set it to
809.Dq Li YES
810to enable
811.Xr ipmon 8
812monitoring (logging
813.Xr ipf 8
814and
815.Xr ipnat 8
816events).
817Setting this variable needs setting
818.Va ipfilter_enable
819or
820.Va ipnat_enable
821too.
822See
823.Va ipfilter_enable
824for a detailed discussion.
825.\" ----- ipmon_program setting ---------------------------------
826.It Va ipmon_program
827.Pq Vt str
828Path to
829.Xr ipmon 8
830(default
831.Pa /sbin/ipmon ) .
832.\" ----- ipmon_flags setting -----------------------------------
833.It Va ipmon_flags
834.Pq Vt str
835Set to
836.Dq Li -Ds
837by default.
838This variable contains flags passed to the
839.Xr ipmon 8
840program.
841Another typical example would be
842.Dq Fl D Pa /var/log/ipflog
843to have
844.Xr ipmon 8
845log directly to a file bypassing
846.Xr syslogd 8 .
847Make sure to adjust
848.Pa /etc/newsyslog.conf
849in such case like this:
850.Bd -literal
851/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
852.Ed
853.\" ----- ipfs_enable setting -----------------------------------
854.It Va ipfs_enable
855.Pq Vt bool
856Set to
857.Dq Li NO
858by default.
859Set it to
860.Dq Li YES
861to enable
862.Xr ipfs 8
863saving the filter and NAT state tables during shutdown
864and reloading them during startup again.
865Setting this variable needs setting
866.Va ipfilter_enable
867or
868.Va ipnat_enable
869to
870.Dq Li YES
871too.
872See
873.Va ipfilter_enable
874for a detailed discussion.
875Note that if
876.Va kern_securelevel
877is set to 3,
878.Va ipfs_enable
879cannot be used
880because the raised securelevel will prevent
881.Xr ipfs 8
882from saving the state tables at shutdown time.
883.\" ----- ipfs_program setting ----------------------------------
884.It Va ipfs_program
885.Pq Vt str
886Path to
887.Xr ipfs 8
888(default
889.Pa /sbin/ipfs ) .
890.\" ----- ipfs_flags setting ------------------------------------
891.It Va ipfs_flags
892.Pq Vt str
893Empty by default.
894This variable contains flags passed to the
895.Xr ipfs 8
896program.
897.\" ----- end of added ipf hook ---------------------------------
898.It Va pf_enable
899.Pq Vt bool
900Set to
901.Dq Li NO
902by default.
903Setting this to
904.Dq Li YES
905enables
906.Xr pf 4
907packet filtering.
908.Pp
909Typical usage will require putting
910.Pp
911.Dl pf_enable="YES"
912.Pp
913into
914.Pa /etc/rc.conf
915and editing
916.Pa /etc/pf.conf
917appropriately.
918Adding
919.Pp
920.Dl "device pf"
921.Pp
922builds support for
923.Xr pf 4
924into the kernel, otherwise the
925kernel module will be loaded.
926.It Va pf_rules
927.Pq Vt str
928Path to
929.Xr pf 4
930ruleset configuration file
931(default
932.Pa /etc/pf.conf ) .
933.It Va pf_program
934.Pq Vt str
935Path to
936.Xr pfctl 8
937(default
938.Pa /sbin/pfctl ) .
939.It Va pf_flags
940.Pq Vt str
941If
942.Va pf_enable
943is set to
944.Dq Li YES ,
945these flags are passed to the
946.Xr pfctl 8
947program when loading the ruleset.
948.It Va pflog_enable
949.Pq Vt bool
950Set to
951.Dq Li NO
952by default.
953Setting this to
954.Dq Li YES
955enables
956.Xr pflogd 8
957which logs packets from the
958.Xr pf 4
959packet filter.
960.It Va pflog_logfile
961.Pq Vt str
962If
963.Va pflog_enable
964is set to
965.Dq Li YES
966this controls where
967.Xr pflogd 8
968stores the logfile
969(default
970.Pa /var/log/pflog ) .
971Check
972.Pa /etc/newsyslog.conf
973to adjust logfile rotation for this.
974.It Va pflog_program
975.Pq Vt str
976Path to
977.Xr pflogd 8
978(default
979.Pa /sbin/pflogd ) .
980.It Va pflog_flags
981.Pq Vt str
982Empty by default.
983This variable contains additional flags passed to the
984.Xr pflogd 8
985program.
986.It Va pflog_instances
987.Pq Vt str
988If logging to more than one
989.Xr pflog 4
990interface is desired,
991.Va pflog_instances
992is set to the list of
993.Xr pflogd 8
994instances that should be started at system boot time.
995If
996.Va pflog_instances
997is set, for each whitespace-separated
998.Ar element
999in the list,
1000.Ao Ar element Ac Ns Va _dev
1001and
1002.Ao Ar element Ac Ns Va _logfile
1003elements are assumed to exist.
1004.Ao Ar element Ac Ns Va _dev
1005must contain the
1006.Xr pflog 4
1007interface to be watched by the named
1008.Xr pflogd 8
1009instance.
1010.Ao Ar element Ac Ns Va _logfile
1011must contain the name of the logfile that will be used by the
1012.Xr pflogd 8
1013instance.
1014.It Va ftpproxy_enable
1015.Pq Vt bool
1016Set to
1017.Dq Li NO
1018by default.
1019Setting this to
1020.Dq Li YES
1021enables
1022.Xr ftp-proxy 8
1023which supports the
1024.Xr pf 4
1025packet filter in translating ftp connections.
1026.It Va ftpproxy_flags
1027.Pq Vt str
1028Empty by default.
1029This variable contains additional flags passed to the
1030.Xr ftp-proxy 8
1031program.
1032.It Va ftpproxy_instances
1033.Pq Vt str
1034Empty by default.
1035If multiple instances of
1036.Xr ftp-proxy 8
1037are desired at boot time,
1038.Va ftpproxy_instances
1039should contain a whitespace-separated list of instance names.
1040For each
1041.Ar element
1042in the list, a variable named
1043.Ao Ar element Ac Ns Va _flags
1044should be defined, containing the command-line flags to be passed to the
1045.Xr ftp-proxy 8
1046instance.
1047.It Va pfsync_enable
1048.Pq Vt bool
1049Set to
1050.Dq Li NO
1051by default.
1052Setting this to
1053.Dq Li YES
1054enables exposing
1055.Xr pf 4
1056state changes to other hosts over the network by means of
1057.Xr pfsync 4 .
1058The
1059.Va pfsync_syncdev
1060variable
1061must also be set then.
1062.It Va pfsync_syncdev
1063.Pq Vt str
1064Empty by default.
1065This variable specifies the name of the network interface
1066.Xr pfsync 4
1067should operate through.
1068It must be set accordingly if
1069.Va pfsync_enable
1070is set to
1071.Dq Li YES .
1072.It Va pfsync_syncpeer
1073.Pq Vt str
1074Empty by default.
1075This variable is optional.
1076By default, state change messages are sent out on the synchronisation
1077interface using IP multicast packets.
1078The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1079224.0.0.240.
1080When a peer address is specified using the
1081.Va pfsync_syncpeer
1082option, the peer address is used as a destination for the pfsync
1083traffic, and the traffic can then be protected using
1084.Xr ipsec 4 .
1085See the
1086.Xr pfsync 4
1087manpage for more details about using
1088.Xr ipsec 4
1089with
1090.Xr pfsync 4
1091interfaces.
1092.It Va pfsync_ifconfig
1093.Pq Vt str
1094Empty by default.
1095This variable can contain additional options to be passed to the
1096.Xr ifconfig 8
1097command used to set up
1098.Xr pfsync 4 .
1099.It Va tcp_extensions
1100.Pq Vt bool
1101Set to
1102.Dq Li YES
1103by default.
1104Setting this to
1105.Dq Li NO
1106disables certain TCP options as described by
1107.Rs
1108.%T "RFC 1323"
1109.Re
1110Setting this to
1111.Dq Li NO
1112might help remedy such problems with connections as randomly hanging
1113or other weird behavior.
1114Some network devices are known
1115to be broken with respect to these options.
1116.It Va log_in_vain
1117.Pq Vt int
1118Set to 0 by default.
1119The
1120.Xr sysctl 8
1121variables,
1122.Va net.inet.tcp.log_in_vain
1123and
1124.Va net.inet.udp.log_in_vain ,
1125as described in
1126.Xr tcp 4
1127and
1128.Xr udp 4 ,
1129are set to the given value.
1130.It Va tcp_keepalive
1131.Pq Vt bool
1132Set to
1133.Dq Li YES
1134by default.
1135Setting to
1136.Dq Li NO
1137will disable probing idle TCP connections to verify that the
1138peer is still up and reachable.
1139.It Va tcp_drop_synfin
1140.Pq Vt bool
1141Set to
1142.Dq Li NO
1143by default.
1144Setting to
1145.Dq Li YES
1146will cause the kernel to ignore TCP frames that have both
1147the SYN and FIN flags set.
1148This prevents OS fingerprinting, but may
1149break some legitimate applications.
1150.It Va icmp_drop_redirect
1151.Pq Vt bool
1152Set to
1153.Dq Li NO
1154by default.
1155Setting to
1156.Dq Li YES
1157will cause the kernel to ignore ICMP REDIRECT packets.
1158Refer to
1159.Xr icmp 4
1160for more information.
1161.It Va icmp_log_redirect
1162.Pq Vt bool
1163Set to
1164.Dq Li NO
1165by default.
1166Setting to
1167.Dq Li YES
1168will cause the kernel to log ICMP REDIRECT packets.
1169Note that
1170the log messages are not rate-limited, so this option should only be used
1171for troubleshooting networks.
1172Refer to
1173.Xr icmp 4
1174for more information.
1175.It Va icmp_bmcastecho
1176.Pq Vt bool
1177Set to
1178.Dq Li YES
1179to respond to broadcast or multicast ICMP ping packets.
1180Refer to
1181.Xr icmp 4
1182for more information.
1183.It Va ip_portrange_first
1184.Pq Vt int
1185If not set to
1186.Dq Li NO ,
1187this is the first port in the default portrange.
1188Refer to
1189.Xr ip 4
1190for more information.
1191.It Va ip_portrange_last
1192.Pq Vt int
1193If not set to
1194.Dq Li NO ,
1195this is the last port in the default portrange.
1196Refer to
1197.Xr ip 4
1198for more information.
1199.It Va network_interfaces
1200.Pq Vt str
1201Set to the list of network interfaces to configure on this host or
1202.Dq Li AUTO
1203(the default) for all current interfaces.
1204Setting the
1205.Va network_interfaces
1206variable to anything other than the default is deprecated.
1207Interfaces that the administrator wishes to store configuration for,
1208but not start at boot should be configured with the
1209.Dq Li NOAUTO
1210keyword in their
1211.Va ifconfig_ Ns Aq Ar interface
1212variables as described below.
1213.Pp
1214An
1215.Va ifconfig_ Ns Aq Ar interface
1216variable is also assumed to exist for each value of
1217.Ar interface .
1218When an interface name contains any of the characters
1219.Dq Li .-/+
1220they are translated to
1221.Dq Li _
1222before lookup.
1223The variable can contain arguments to
1224.Xr ifconfig 8 ,
1225as well as special case-insensitive keywords described below.
1226Such keywords are removed before passing the value to
1227.Xr ifconfig 8
1228while the order of the other arguments is preserved.
1229.Pp
1230It is possible to add IP alias entries using
1231.Xr ifconfig 8
1232syntax with the address family keyword such as
1233.Li inet .
1234Assuming that the interface in question was
1235.Li ed0 ,
1236it might look something like this:
1237.Bd -literal
1238ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1239ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1240.Ed
1241.Pp
1242It also possible to configure multiple IP addresses in Classless
1243Inter-Domain Routing
1244.Pq CIDR
1245address notation,
1246whose each address component can be a range like
1247.Li inet 192.0.2.5-23/24
1248or
1249.Li inet6 2001:db8:1-f::1/64 .
1250This notation allows address and prefix length part only,
1251not the other address modifiers.
1252Note that the maximum number of the generated addresses from a range
1253specification is limited to an integer value specified in
1254.Va netif_ipexpand_max
1255in
1256.Nm
1257because a small typo can unexpectedly generate a large number of addresses.
1258The default value is
1259.Li 2048 .
1260It can be increased by adding the following line into
1261.Nm :
1262.Bd -literal
1263netif_ipexpand_max="4096"
1264.Ed
1265.Pp
1266In the case of
1267.Li 192.0.2.5-23/24 ,
1268the address 192.0.2.5 will be configured with the
1269netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1270the non-conflicting netmask /32 as explained in the
1271.Xr ifconfig 8
1272alias section.
1273Note that this special netmask handling is only for
1274.Li inet ,
1275not for the other address families such as
1276.Li inet6 .
1277.Pp
1278With the interface in question being
1279.Li ed0 ,
1280an example could look like:
1281.Bd -literal
1282ifconfig_ed0_alias2="inet 192.0.2.129/27"
1283ifconfig_ed0_alias3="inet 192.0.2.1-5/28"
1284.Ed
1285.Pp
1286and so on.
1287.Pp
1288Note that
1289.Va ipv4_addrs_ Ns Aq Ar interface
1290variable was supported for IPv4 CIDR address notation.
1291It is now deprecated because the functionality was integrated into
1292.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1293though
1294.Va ipv4_addrs_ Ns Aq Ar interface
1295is still supported for backward compatibility.
1296.Pp
1297For each
1298.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1299entry with an address family keyword,
1300its contents are passed to
1301.Xr ifconfig 8 .
1302Execution stops at the first unsuccessful access, so if
1303something like this is present:
1304.Bd -literal
1305ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1306ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1307ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1308ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1309.Ed
1310.Pp
1311Then note that alias4 would
1312.Em not
1313be added since the search would
1314stop with the missing
1315.Dq Li alias3
1316entry.
1317Because of this difficult to manage behavior,
1318there is
1319.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1320variable, which has the same functionality as
1321.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1322and can have all of entries in a variable like the following:
1323.Bd -literal
1324ifconfig_ed0_aliases="\\
1325	inet 127.0.0.251 netmask 0xffffffff \\
1326	inet 127.0.0.252 netmask 0xffffffff \\
1327	inet 127.0.0.253 netmask 0xffffffff \\
1328	inet 127.0.0.254 netmask 0xffffffff"
1329.Ed
1330.Pp
1331It also supports CIDR notation.
1332.Pp
1333If the
1334.Pa /etc/start_if. Ns Aq Ar interface
1335file is present, it is read and executed by the
1336.Xr sh 1
1337interpreter
1338before configuring the interface as specified in the
1339.Va ifconfig_ Ns Aq Ar interface
1340and
1341.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1342variables.
1343.Pp
1344If a
1345.Va vlans_ Ns Aq Ar interface
1346variable is set,
1347a
1348.Xr vlan 4
1349interface will be created for each item in the list with the
1350.Ar vlandev
1351argument set to
1352.Ar interface .
1353If a vlan interface's name is a number,
1354then that number is used as the vlan tag and the new vlan interface is
1355named
1356.Ar interface . Ns Ar tag .
1357Otherwise,
1358the vlan tag must be specified via a
1359.Va vlan
1360parameter in the
1361.Va create_args_ Ns Aq Ar interface
1362variable.
1363.Pp
1364To create a vlan device named
1365.Li em0.101
1366on
1367.Li em0
1368with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1369.Bd -literal
1370vlans_em0="101"
1371ifconfig_em0_101="inet 192.0.2.1/24"
1372.Ed
1373.Pp
1374To create a vlan device named
1375.Li myvlan
1376on
1377.Li em0
1378with the vlan tag 102:
1379.Bd -literal
1380vlans_em0="myvlan"
1381create_args_myvlan="vlan 102"
1382.Ed
1383.Pp
1384If a
1385.Va wlans_ Ns Aq Ar interface
1386variable is set,
1387an
1388.Xr wlan 4
1389interface will be created for each item in the list with the
1390.Ar wlandev
1391argument set to
1392.Ar interface .
1393Further wlan cloning arguments may be passed to the
1394.Xr ifconfig 8
1395.Cm create
1396command by setting the
1397.Va create_args_ Ns Aq Ar interface
1398variable.
1399One or more
1400.Xr wlan 4
1401devices must be created for each wireless devices as of
1402.Fx 8.0 .
1403Debugging flags for
1404.Xr wlan 4
1405devices as set by
1406.Xr wlandebug 8
1407may be specified with an
1408.Va wlandebug_ Ns Aq Ar interface
1409variable.
1410The contents of this variable will be passed directly to
1411.Xr wlandebug 8 .
1412.Pp
1413If the
1414.Va ifconfig_ Ns Aq Ar interface
1415contains the keyword
1416.Dq Li NOAUTO
1417then the interface will not be configured
1418at boot or by
1419.Pa /etc/pccard_ether
1420when
1421.Va network_interfaces
1422is set to
1423.Dq Li AUTO .
1424.Pp
1425It is possible to bring up an interface with DHCP by adding
1426.Dq Li DHCP
1427to the
1428.Va ifconfig_ Ns Aq Ar interface
1429variable.
1430For instance, to initialize the
1431.Li ed0
1432device via DHCP,
1433it is possible to use something like:
1434.Bd -literal
1435ifconfig_ed0="DHCP"
1436.Ed
1437.Pp
1438If you want to configure your wireless interface with
1439.Xr wpa_supplicant 8
1440for use with WPA, EAP/LEAP or WEP, you need to add
1441.Dq Li WPA
1442to the
1443.Va ifconfig_ Ns Aq Ar interface
1444variable.
1445.Pp
1446On the other hand, if you want to configure your wireless interface with
1447.Xr hostapd 8 ,
1448you need to add
1449.Dq Li HOSTAP
1450to the
1451.Va ifconfig_ Ns Aq Ar interface
1452variable.
1453.Xr hostapd 8
1454will use the settings from
1455.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1456.Pp
1457Finally, you can add
1458.Xr ifconfig 8
1459options in this variable, in addition to the
1460.Pa /etc/start_if. Ns Aq Ar interface
1461file.
1462For instance, to configure an
1463.Xr ath 4
1464wireless device in station mode with an address obtained
1465via DHCP, using WPA authentication and 802.11b mode, it is
1466possible to use something like:
1467.Bd -literal
1468wlans_ath0="wlan0"
1469ifconfig_wlan0="DHCP WPA mode 11b"
1470.Ed
1471.Pp
1472In addition to the
1473.Va ifconfig_ Ns Aq Ar interface
1474form, a fallback variable
1475.Va ifconfig_DEFAULT
1476may be configured.
1477It will be used for all interfaces with no
1478.Va ifconfig_ Ns Aq Ar interface
1479variable.
1480This is intended to replace the no longer supported
1481.Va pccard_ifconfig
1482variable.
1483.Pp
1484It is also possible to rename an interface by doing:
1485.Bd -literal
1486ifconfig_ed0_name="net0"
1487ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1488.Ed
1489.It Va ipv6_enable
1490.Pq Vt bool
1491This variable is deprecated.
1492Use
1493.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1494and
1495.Va ipv6_activate_all_interfaces
1496if necessary.
1497.Pp
1498If the variable is
1499.Dq Li YES ,
1500.Dq Li inet6 accept_rtadv
1501is added to all of
1502.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1503and the
1504.Va ipv6_activate_all_interfaces
1505is defined as
1506.Dq Li YES .
1507.It Va ipv6_prefer
1508.Pq Vt bool
1509This variable is deprecated.
1510Use
1511.Va ip6addrctl_policy
1512instead.
1513.Pp
1514If the variable is
1515.Dq Li YES ,
1516the default address selection policy table set by
1517.Xr ip6addrctl 8
1518will be IPv6-preferred.
1519.Pp
1520If the variable is
1521.Dq Li NO ,
1522the default address selection policy table set by
1523.Xr ip6addrctl 8
1524will be IPv4-preferred.
1525.It Va ipv6_activate_all_interfaces
1526.Pq Vt bool
1527This controls initial configuration on IPv6-capable
1528interfaces with no corresponding
1529.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1530variable.
1531Note that it is not always necessary to set this variable to
1532.Dq YES
1533to use IPv6 functionality on
1534.Fx .
1535In most cases, just configuring
1536.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1537variables works.
1538.Pp
1539If the variable is
1540.Dq Li NO ,
1541all interfaces which do not have a corresponding
1542.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1543variable will be marked as
1544.Dq Li IFDISABLED
1545at creation.
1546This means that all of IPv6 functionality on that interface
1547is completely disabled to enforce a security policy.
1548If the variable is set to
1549.Dq YES ,
1550the flag will be cleared on all of the interfaces.
1551.Pp
1552In most cases, just defining an
1553.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1554for an IPv6-capable interface should be sufficient.
1555However, if an interface is added dynamically
1556.Pq by some tunneling protocols such as PPP, for example ,
1557it is often difficult to define the variable in advance.
1558In such a case, configuring the
1559.Dq Li IFDISABLED
1560flag can be disabled by setting this variable to
1561.Dq YES .
1562.Pp
1563For more details of the
1564.Dq Li IFDISABLED
1565flag and keywords
1566.Dq Li inet6 ifdisabled ,
1567see
1568.Xr ifconfig 8 .
1569.Pp
1570Default is
1571.Dq Li NO .
1572.It Va ipv6_privacy
1573.Pq Vt bool
1574If the variable is
1575.Dq Li YES
1576privacy addresses will be generated for each IPv6
1577interface as described in RFC 4941.
1578.It Va ipv6_network_interfaces
1579.Pq Vt str
1580This is the IPv6 equivalent of
1581.Va network_interfaces .
1582Normally manual configuration of this variable is not needed.
1583.It Va ipv6_cpe_wanif
1584.Pq Vt str
1585If the variable is set to an interface name,
1586the
1587.Xr ifconfig 8
1588options
1589.Dq inet6 -no_radr accept_rtadv
1590will be added to the specified interface automatically before evaluating
1591.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1592and two
1593.Xr sysctl 8
1594variables
1595.Va net.inet6.ip6.rfc6204w3
1596and
1597.Va net.inet6.ip6.no_radr
1598will be set to 1.
1599.Pp
1600This means the specified interface will accept ICMPv6 Router
1601Advertisement messages on that link and add the discovered
1602routers into the Default Router List.
1603While the other interfaces can still accept RA messages if the
1604.Dq inet6 accept_rtadv
1605option is specified, adding
1606routes into the Default Router List will be disabled by
1607.Dq inet6 no_radr
1608option by default.
1609See
1610.Xr ifconfig 8
1611for more details.
1612.Pp
1613Note that ICMPv6 Router Advertisement messages will be
1614accepted even when
1615.Va net.inet6.ip6.forwarding
1616is 1
1617.Pq packet forwarding is enabled
1618when
1619.Va net.inet6.ip6.rfc6204w3
1620is set to 1.
1621.Pp
1622Default is
1623.Dq Li NO .
1624.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1625.Pq Vt str
1626This assigns arbitrary description to an interface.
1627The
1628.Xr sysctl 8
1629variable
1630.Va net.ifdescr_maxlen
1631limits its length.
1632This static setting may be overridden by commands
1633started with dynamic interface configuration utilities
1634like
1635.Xr dhclient 8
1636hooks. The description can be seen with
1637.Xr ifconfig 8
1638command and it may be exported with
1639.Xr bsnmpd 1
1640daemon using its MIB-2 module.
1641.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1642.Pq Vt str
1643IPv6 functionality on an interface should be configured by
1644.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1645instead of setting ifconfig parameters in
1646.Va ifconfig_ Ns Aq Ar interface .
1647If this variable is empty, all of IPv6 configurations on the
1648specified interface by other variables such as
1649.Va ipv6_prefix_ Ns Ao Ar interface Ac
1650will be ignored.
1651.Pp
1652Aliases should be set by
1653.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1654with
1655.Dq Li inet6
1656keyword.
1657For example:
1658.Bd -literal
1659ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1660ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1661.Ed
1662.Pp
1663Interfaces that have an
1664.Dq Li inet6 accept_rtadv
1665keyword in
1666.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1667setting will be automatically configured by SLAAC
1668.Pq StateLess Address AutoConfiguration
1669described in
1670.Rs
1671.%T "RFC 4862"
1672.Re
1673.Pp
1674Note that a link-local address will be automatically configured in
1675addition to the configured global-scope addresses because the IPv6
1676specifications require it on each link.
1677The address is calculated from the MAC address by using an algorithm
1678defined in
1679.Rs
1680.%T "RFC 4862"
1681.%O "Section 5.3"
1682.Re
1683.Pp
1684If only a link-local address is needed on the interface,
1685the following configuration can be used:
1686.Bd -literal
1687ifconfig_ed0_ipv6="inet6 auto_linklocal"
1688.Ed
1689.Pp
1690A link-local address can also be configured manually.
1691This is useful for the default router address of an IPv6 router
1692so that it does not change when the network interface
1693card is replaced.
1694For example:
1695.Bd -literal
1696ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"
1697.Ed
1698.It Va ipv6_prefix_ Ns Aq Ar interface
1699.Pq Vt str
1700If one or more prefixes are defined in
1701.Va ipv6_prefix_ Ns Aq Ar interface
1702addresses based on each prefix and the EUI-64 interface index will be
1703configured on that interface.
1704Note that this variable will be ignored when
1705.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1706is empty.
1707.Pp
1708For example, the following configuration
1709.Bd -literal
1710ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"
1711.Ed
1712.Pp
1713is equivalent to the following:
1714.Bd -literal
1715ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1716ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1717ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1718ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1719.Ed
1720.Pp
1721These Subnet-Router anycast addresses will be added only when
1722.Va ipv6_gateway_enable
1723is YES.
1724.It Va ipv6_default_interface
1725.Pq Vt str
1726If not set to
1727.Dq Li NO ,
1728this is the default output interface for scoped addresses.
1729This works only with ipv6_gateway_enable="NO".
1730.It Va ip6addrctl_enable
1731.Pq Vt bool
1732This variable is to enable configuring default address selection policy table
1733.Pq RFC 3484 .
1734The table can be specified in another variable
1735.Va ip6addrctl_policy .
1736For
1737.Va ip6addrctl_policy
1738the following keywords can be specified:
1739.Dq Li ipv4_prefer ,
1740.Dq Li ipv6_prefer ,
1741or
1742.Dq Li AUTO .
1743.Pp
1744If
1745.Dq Li ipv4_prefer
1746or
1747.Dq Li ipv6_prefer
1748is specified,
1749.Xr ip6addrctl 8
1750installs a pre-defined policy table described in Section 2.1
1751.Pq IPv6-preferred
1752or 10.3
1753.Pq IPv4-preferred
1754of RFC 3484.
1755.Pp
1756If
1757.Dq Li AUTO
1758is specified, it attempts to read a file
1759.Pa /etc/ip6addrctl.conf
1760first.
1761If this file is found,
1762.Xr ip6addrctl 8
1763reads and installs it.
1764If not found, a policy is automatically set
1765according to
1766.Va ipv6_activate_all_interfaces
1767variable; if the variable is set to
1768.Dq Li YES
1769the IPv6-preferred one is used.
1770Otherwise IPv4-preferred.
1771.Pp
1772The default value of
1773.Va ip6addrctl_enable
1774and
1775.Va ip6addrctl_policy
1776are
1777.Dq Li YES
1778and
1779.Dq Li AUTO ,
1780respectively.
1781.It Va cloned_interfaces
1782.Pq Vt str
1783Set to the list of clonable network interfaces to create on this host.
1784Further cloning arguments may be passed to the
1785.Xr ifconfig 8
1786.Cm create
1787command for each interface by setting the
1788.Va create_args_ Ns Aq Ar interface
1789variable.
1790If an interface name is specified with
1791.Dq :sticky
1792keyword,
1793the interface will not be destroyed even when
1794.Pa rc.d/netif
1795script is invoked with
1796.Dq stop
1797argument.
1798This is useful when reconfiguring the interface without destroying it.
1799Entries in
1800.Va cloned_interfaces
1801are automatically appended to
1802.Va network_interfaces
1803for configuration.
1804.It Va cloned_interfaces_sticky
1805.Pq Vt bool
1806This variable is to globally enable functionality of
1807.Dq :sticky
1808keyword in
1809.Va cloned_interfaces
1810for all interfaces.
1811The default value is
1812.Dq NO .
1813Even if this variable is specified to
1814.Dq YES ,
1815.Dq :nosticky
1816keyword can be used to override it on per interface basis.
1817.It Va gif_interfaces
1818.Pq Vt str
1819This variable is deprecated in favor of
1820.Va cloned_interfaces .
1821Set to the list of
1822.Xr gif 4
1823tunnel interfaces to configure on this host.
1824For each
1825.Xr gif
1826tunnel interface, set a variable named
1827.Va ifconfig_ Ns Aq Ar interface
1828with the parameters for the
1829.Xr ifconfig 8
1830command to configure the link level for
1831.Ar interface
1832with the
1833.Cm tunnel
1834option.
1835The value of this variable is used to configure the link layer of the
1836tunnel using the
1837.Cm tunnel
1838option to
1839.Xr ifconfig .
1840For example, configure two
1841.Xr gif
1842interfaces with:
1843.Bd -literal -offset indent
1844gif_interfaces="gif0 gif1"
1845ifconfig_gif0="tunnel src_addr0 dst_addr0"
1846ifconfig_gif1="tunnel src_addr1 dst_addr1"
1847.Ed
1848.Pp
1849Additionally, this option ensures that each listed interface is created
1850via the
1851.Cm create
1852option to
1853.Xr ifconfig .
1854This example also works with
1855.Va cloned_interfaces
1856instead of
1857.Va gif_interfaces .
1858.It Va sppp_interfaces
1859.Pq Vt str
1860Set to the list of
1861.Xr sppp 4
1862interfaces to configure on this host.
1863A
1864.Va spppconfig_ Ns Aq Ar interface
1865variable is assumed to exist for each value of
1866.Ar interface .
1867Each interface should also be configured by a general
1868.Va ifconfig_ Ns Aq Ar interface
1869setting.
1870Refer to
1871.Xr spppcontrol 8
1872for more information about available options.
1873.It Va ppp_enable
1874.Pq Vt bool
1875If set to
1876.Dq Li YES ,
1877run the
1878.Xr ppp 8
1879daemon.
1880.It Va ppp_profile
1881.Pq Vt str
1882The name of the profile to use from
1883.Pa /etc/ppp/ppp.conf .
1884Also used for per-profile overrides of
1885.Va ppp_mode
1886and
1887.Va ppp_nat ,
1888and
1889.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1890When the profile name contains any of the characters
1891.Dq Li .-/+
1892they are translated to
1893.Dq Li _
1894for the proposes of the override variable names.
1895.It Va ppp_mode
1896.Pq Vt str
1897Mode in which to run the
1898.Xr ppp 8
1899daemon.
1900.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1901.Pq Vt str
1902Overrides the global
1903.Va ppp_mode
1904for
1905.Ar profile .
1906Accepted modes are
1907.Dq Li auto ,
1908.Dq Li ddial ,
1909.Dq Li direct
1910and
1911.Dq Li dedicated .
1912See the manual for a full description.
1913.It Va ppp_nat
1914.Pq Vt bool
1915If set to
1916.Dq Li YES ,
1917enables network address translation.
1918Used in conjunction with
1919.Va gateway_enable
1920allows hosts on private network addresses access to the Internet using
1921this host as a network address translating router.
1922.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1923.Pq Vt str
1924Overrides the global
1925.Va ppp_nat
1926for
1927.Ar profile .
1928.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1929.Pq Vt int
1930Set the unit number to be used for this profile.
1931See the manual description of
1932.Fl unit Ns Ar N
1933for details.
1934.It Va ppp_user
1935.Pq Vt str
1936The name of the user under which
1937.Xr ppp 8
1938should be started.
1939By
1940default,
1941.Xr ppp 8
1942is started as
1943.Dq Li root .
1944.It Va rc_conf_files
1945.Pq Vt str
1946This option is used to specify a list of files that will override
1947the settings in
1948.Pa /etc/defaults/rc.conf .
1949The files will be read in the order in which they are specified and should
1950include the full path to the file.
1951By default, the files specified are
1952.Pa /etc/rc.conf
1953and
1954.Pa /etc/rc.conf.local
1955.It Va zfs_enable
1956.Pq Vt bool
1957If set to
1958.Dq Li YES ,
1959.Pa /etc/rc.d/zfs
1960will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1961(ZVOLs).
1962.It Va gptboot_enable
1963.Pq Vt bool
1964If set to
1965.Dq Li YES ,
1966.Pa /etc/rc.d/gptboot
1967will log if the system successfully (or not) booted from a GPT partition,
1968which had the
1969.Ar bootonce
1970attribute set using
1971.Xr gpart 8
1972utility.
1973.It Va gbde_autoattach_all
1974.Pq Vt bool
1975If set to
1976.Dq Li YES ,
1977.Pa /etc/rc.d/gbde
1978will attempt to automatically initialize your .bde devices in
1979.Pa /etc/fstab .
1980.It Va gbde_devices
1981.Pq Vt str
1982List the devices that the script should try to attach,
1983or
1984.Dq Li AUTO .
1985.It Va gbde_lockdir
1986.Pq Vt str
1987The directory where the
1988.Xr gbde 4
1989lockfiles are located.
1990The default lockfile directory is
1991.Pa /etc .
1992.Pp
1993The lockfile for each individual
1994.Xr gbde 4
1995device can be overridden by setting the variable
1996.Va gbde_lock_ Ns Aq Ar device ,
1997where
1998.Ar device
1999is the encrypted device without the
2000.Dq Pa /dev/
2001and
2002.Dq Pa .bde
2003parts.
2004.It Va gbde_attach_attempts
2005.Pq Vt int
2006Number of times to attempt attaching to a
2007.Xr gbde 4
2008device, i.e., how many times the user is asked for the pass-phrase.
2009Default is 3.
2010.It Va geli_devices
2011.Pq Vt str
2012List of devices to automatically attach on boot.
2013Note that .eli devices from
2014.Pa /etc/fstab
2015are automatically appended to this list.
2016.It Va geli_groups
2017.Pq Vt str
2018List of groups containing devices to automatically attach on boot with the same
2019keyfiles and passphrase.
2020This must be accompanied with a corresponding
2021.Va geli_ Ns Ao Ar group Ac Ns Va _devices
2022variable.
2023.It Va geli_tries
2024.Pq Vt int
2025Number of times user is asked for the pass-phrase.
2026If empty, it will be taken from
2027.Va kern.geom.eli.tries
2028sysctl variable.
2029.It Va geli_default_flags
2030.Pq Vt str
2031Default flags to use by
2032.Xr geli 8
2033when configuring disk encryption.
2034Flags can be configured for every device separately by defining the
2035.Va geli_ Ns Ao Ar device Ac Ns Va _flags
2036variable, and for every group separately by defining the
2037.Va geli_ Ns Ao Ar group Ac Ns Va _flags
2038variable.
2039.It Va geli_autodetach
2040.Pq Vt str
2041Specifies if GELI devices should be marked for detach on last close after
2042file systems are mounted.
2043Default is
2044.Dq Li YES .
2045This can be changed for every device separately by defining the
2046.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2047variable.
2048.It Va root_rw_mount
2049.Pq Vt bool
2050Set to
2051.Dq Li YES
2052by default.
2053After the file systems are checked at boot time, the root file system
2054is remounted as read-write if this is set to
2055.Dq Li YES .
2056Diskless systems that mount their root file system from a read-only remote
2057NFS share should set this to
2058.Dq Li NO
2059in their
2060.Pa rc.conf .
2061.It Va fsck_y_enable
2062.Pq Vt bool
2063If set to
2064.Dq Li YES ,
2065.Xr fsck 8
2066will be run with the
2067.Fl y
2068flag if the initial preen
2069of the file systems fails.
2070.It Va background_fsck
2071.Pq Vt bool
2072If set to
2073.Dq Li NO ,
2074the system will not attempt to run
2075.Xr fsck 8
2076in the background where possible.
2077.It Va background_fsck_delay
2078.Pq Vt int
2079The amount of time in seconds to sleep before starting a background
2080.Xr fsck 8 .
2081It defaults to sixty seconds to allow large applications such as
2082the X server to start before disk I/O bandwidth is monopolized by
2083.Xr fsck 8 .
2084If set to a negative number, the background file system check will be
2085delayed indefinitely to allow the administrator to run it at a more
2086convenient time.
2087For example it may be run from
2088.Xr cron 8
2089by adding a line like
2090.Pp
2091.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2092.Pp
2093to
2094.Pa /etc/crontab .
2095.It Va netfs_types
2096.Pq Vt str
2097List of file system types that are network-based.
2098This list should generally not be modified by end users.
2099Use
2100.Va extra_netfs_types
2101instead.
2102.It Va extra_netfs_types
2103.Pq Vt str
2104If set to something other than
2105.Dq Li NO
2106(the default),
2107this variable extends the list of file system types
2108for which automatic mounting at startup by
2109.Xr rc 8
2110should be delayed until the network is initialized.
2111It should contain
2112a whitespace-separated list of network file system descriptor pairs,
2113each consisting of a file system type as passed to
2114.Xr mount 8
2115and a human-readable, one-word description,
2116joined with a colon
2117.Pq Ql \&: .
2118Extending the default list in this way is only necessary
2119when third party file system types are used.
2120.It Va syslogd_enable
2121.Pq Vt bool
2122If set to
2123.Dq Li YES ,
2124run the
2125.Xr syslogd 8
2126daemon.
2127.It Va syslogd_program
2128.Pq Vt str
2129Path to
2130.Xr syslogd 8
2131(default
2132.Pa /usr/sbin/syslogd ) .
2133.It Va syslogd_flags
2134.Pq Vt str
2135If
2136.Va syslogd_enable
2137is set to
2138.Dq Li YES ,
2139these are the flags to pass to
2140.Xr syslogd 8 .
2141.It Va inetd_enable
2142.Pq Vt bool
2143If set to
2144.Dq Li YES ,
2145run the
2146.Xr inetd 8
2147daemon.
2148.It Va inetd_program
2149.Pq Vt str
2150Path to
2151.Xr inetd 8
2152(default
2153.Pa /usr/sbin/inetd ) .
2154.It Va inetd_flags
2155.Pq Vt str
2156If
2157.Va inetd_enable
2158is set to
2159.Dq Li YES ,
2160these are the flags to pass to
2161.Xr inetd 8 .
2162.It Va hastd_enable
2163.Pq Vt bool
2164If set to
2165.Dq Li YES ,
2166run the
2167.Xr hastd 8
2168daemon.
2169.It Va hastd_program
2170.Pq Vt str
2171Path to
2172.Xr hastd 8
2173(default
2174.Pa /sbin/hastd ) .
2175.It Va hastd_flags
2176.Pq Vt str
2177If
2178.Va hastd_enable
2179is set to
2180.Dq Li YES ,
2181these are the flags to pass to
2182.Xr hastd 8 .
2183.It Va local_unbound_enable
2184.Pq Vt bool
2185If set to
2186.Dq Li YES ,
2187run the
2188.Xr unbound 8
2189daemon as a local caching resolver.
2190.It Va kdc_enable
2191.Pq Vt bool
2192Set to
2193.Dq Li YES
2194to start a Kerberos 5 authentication server
2195at boot time.
2196.It Va kdc_program
2197.Pq Vt str
2198If
2199.Va kdc_enable
2200is set to
2201.Dq Li YES
2202this is the path to Kerberos 5 Authentication Server.
2203.It Va kdc_flags
2204.Pq Vt str
2205Empty by default.
2206This variable contains additional flags to be passed to the Kerberos 5
2207authentication server.
2208.It Va kadmind_enable
2209.Pq Vt bool
2210Set to
2211.Dq Li YES
2212to start
2213.Xr kadmind 8 ,
2214the Kerberos 5 Administration Daemon; set to
2215.Dq Li NO
2216on a slave server.
2217.It Va kadmind_program
2218.Pq Vt str
2219If
2220.Va kadmind_enable
2221is set to
2222.Dq Li YES
2223this is the path to Kerberos 5 Administration Daemon.
2224.It Va kpasswdd_enable
2225.Pq Vt bool
2226Set to
2227.Dq Li YES
2228to start
2229.Xr kpasswdd 8 ,
2230the Kerberos 5 Password-Changing Daemon; set to
2231.Dq Li NO
2232on a slave server.
2233.It Va kpasswdd_program
2234.Pq Vt str
2235If
2236.Va kpasswdd_enable
2237is set to
2238.Dq Li YES
2239this is the path to Kerberos 5 Password-Changing Daemon.
2240.It Va kfd_enable
2241.Pq Vt bool
2242Set to
2243.Dq Li YES
2244to start
2245.Xr kfd 8 ,
2246the Kerberos 5 ticket forwarding daemon, at the boot time.
2247.It Va kfd_program
2248.Pq Vt str
2249Path to
2250.Xr kfd 8
2251(default
2252.Pa /usr/libexec/kfd ) .
2253.It Va rwhod_enable
2254.Pq Vt bool
2255If set to
2256.Dq Li YES ,
2257run the
2258.Xr rwhod 8
2259daemon at boot time.
2260.It Va rwhod_flags
2261.Pq Vt str
2262If
2263.Va rwhod_enable
2264is set to
2265.Dq Li YES ,
2266these are the flags to pass to it.
2267.It Va amd_enable
2268.Pq Vt bool
2269If set to
2270.Dq Li YES ,
2271run the
2272.Xr amd 8
2273daemon at boot time.
2274.It Va amd_flags
2275.Pq Vt str
2276If
2277.Va amd_enable
2278is set to
2279.Dq Li YES ,
2280these are the flags to pass to it.
2281See the
2282.Xr amd 8
2283manpage for more information.
2284.It Va amd_map_program
2285.Pq Vt str
2286If set,
2287the specified program is run to get the list of
2288.Xr amd 8
2289maps.
2290For example, if the
2291.Xr amd 8
2292maps are stored in NIS, one can set this to
2293run
2294.Xr ypcat 1
2295to get a list of
2296.Xr amd 8
2297maps from the
2298.Pa amd.master
2299NIS map.
2300.It Va update_motd
2301.Pq Vt bool
2302If set to
2303.Dq Li YES ,
2304.Pa /etc/motd
2305will be updated at boot time to reflect the kernel release
2306being run.
2307If set to
2308.Dq Li NO ,
2309.Pa /etc/motd
2310will not be updated.
2311.It Va nfs_client_enable
2312.Pq Vt bool
2313If set to
2314.Dq Li YES ,
2315run the NFS client daemons at boot time.
2316.It Va nfs_access_cache
2317.Pq Vt int
2318If
2319.Va nfs_client_enable
2320is set to
2321.Dq Li YES ,
2322this can be set to
2323.Dq Li 0
2324to disable NFS ACCESS RPC caching, or to the number of seconds for which
2325NFS ACCESS
2326results should be cached.
2327A value of 2-10 seconds will substantially reduce network
2328traffic for many NFS operations.
2329.It Va nfs_server_enable
2330.Pq Vt bool
2331If set to
2332.Dq Li YES ,
2333run the NFS server daemons at boot time.
2334.It Va nfs_server_flags
2335.Pq Vt str
2336If
2337.Va nfs_server_enable
2338is set to
2339.Dq Li YES ,
2340these are the flags to pass to the
2341.Xr nfsd 8
2342daemon.
2343.It Va nfsv4_server_enable
2344.Pq Vt bool
2345If
2346.Va nfs_server_enable
2347is set to
2348.Dq Li YES
2349and
2350.Va nfsv4_server_enable
2351are set to
2352.Dq Li YES ,
2353enable the server for NFSv4 as well as NFSv2 and NFSv3.
2354.It Va nfsuserd_enable
2355.Pq Vt bool
2356If
2357.Va nfsuserd_enable
2358is set to
2359.Dq Li YES ,
2360run the nfsuserd daemon, which is needed for NFSv4 in order
2361to map between user/group names vs uid/gid numbers.
2362If
2363.Va nfsv4_server_enable
2364is set to
2365.Dq Li YES ,
2366this will be forced enabled.
2367.It Va nfsuserd_flags
2368.Pq Vt str
2369If
2370.Va nfsuserd_enable
2371is set to
2372.Dq Li YES ,
2373these are the flags to pass to the
2374.Xr nfsuserd 8
2375daemon.
2376.It Va nfscbd_enable
2377.Pq Vt bool
2378If
2379.Va nfscbd_enable
2380is set to
2381.Dq Li YES ,
2382run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2383.It Va nfscbd_flags
2384.Pq Vt str
2385If
2386.Va nfscbd_enable
2387is set to
2388.Dq Li YES ,
2389these are the flags to pass to the
2390.Xr nfscbd 8
2391daemon.
2392.It Va mountd_enable
2393.Pq Vt bool
2394If set to
2395.Dq Li YES ,
2396and no
2397.Va nfs_server_enable
2398is set, start
2399.Xr mountd 8 ,
2400but not
2401.Xr nfsd 8
2402daemon.
2403It is commonly needed to run CFS without real NFS used.
2404.It Va mountd_flags
2405.Pq Vt str
2406If
2407.Va mountd_enable
2408is set to
2409.Dq Li YES ,
2410these are the flags to pass to the
2411.Xr mountd 8
2412daemon.
2413.It Va weak_mountd_authentication
2414.Pq Vt bool
2415If set to
2416.Dq Li YES ,
2417allow services like PCNFSD to make non-privileged mount
2418requests.
2419.It Va nfs_reserved_port_only
2420.Pq Vt bool
2421If set to
2422.Dq Li YES ,
2423provide NFS services only on a secure port.
2424.It Va nfs_bufpackets
2425.Pq Vt int
2426If set to a number, indicates the number of packets worth of
2427socket buffer space to reserve on an NFS client.
2428The kernel default is typically 4.
2429Using a higher number may be
2430useful on gigabit networks to improve performance.
2431The minimum value is
24322 and the maximum is 64.
2433.It Va rpc_lockd_enable
2434.Pq Vt bool
2435If set to
2436.Dq Li YES
2437and also an NFS server or client, run
2438.Xr rpc.lockd 8
2439at boot time.
2440.It Va rpc_lockd_flags
2441.Pq Vt str
2442If
2443.Va rpc_lockd_enable
2444is set to
2445.Dq Li YES ,
2446these are the flags to pass to the
2447.Xr rpc.lockd 8
2448daemon.
2449.It Va rpc_statd_enable
2450.Pq Vt bool
2451If set to
2452.Dq Li YES
2453and also an NFS server or client, run
2454.Xr rpc.statd 8
2455at boot time.
2456.It Va rpc_statd_flags
2457.Pq Vt str
2458If
2459.Va rpc_statd_enable
2460is set to
2461.Dq Li YES ,
2462these are the flags to pass to the
2463.Xr rpc.statd 8
2464daemon.
2465.It Va rpcbind_program
2466.Pq Vt str
2467Path to
2468.Xr rpcbind 8
2469(default
2470.Pa /usr/sbin/rpcbind ) .
2471.It Va rpcbind_enable
2472.Pq Vt bool
2473If set to
2474.Dq Li YES ,
2475run the
2476.Xr rpcbind 8
2477service at boot time.
2478.It Va rpcbind_flags
2479.Pq Vt str
2480If
2481.Va rpcbind_enable
2482is set to
2483.Dq Li YES ,
2484these are the flags to pass to the
2485.Xr rpcbind 8
2486daemon.
2487.It Va keyserv_enable
2488.Pq Vt bool
2489If set to
2490.Dq Li YES ,
2491run the
2492.Xr keyserv 8
2493daemon on boot for running Secure RPC.
2494.It Va keyserv_flags
2495.Pq Vt str
2496If
2497.Va keyserv_enable
2498is set to
2499.Dq Li YES ,
2500these are the flags to pass to
2501.Xr keyserv 8
2502daemon.
2503.It Va pppoed_enable
2504.Pq Vt bool
2505If set to
2506.Dq Li YES ,
2507run the
2508.Xr pppoed 8
2509daemon at boot time to provide PPP over Ethernet services.
2510.It Va pppoed_ Ns Aq Ar provider
2511.Pq Vt str
2512.Xr pppoed 8
2513listens to requests to this
2514.Ar provider
2515and ultimately runs
2516.Xr ppp 8
2517with a
2518.Ar system
2519argument of the same name.
2520.It Va pppoed_flags
2521.Pq Vt str
2522Additional flags to pass to
2523.Xr pppoed 8 .
2524.It Va pppoed_interface
2525.Pq Vt str
2526The network interface to run
2527.Xr pppoed 8
2528on.
2529This is mandatory when
2530.Va pppoed_enable
2531is set to
2532.Dq Li YES .
2533.It Va timed_enable
2534.Pq Vt bool
2535If set to
2536.Dq Li YES ,
2537run the
2538.Xr timed 8
2539service at boot time.
2540This command is intended for networks of
2541machines where a consistent
2542.Dq "network time"
2543for all hosts must be established.
2544This is often useful in large NFS
2545environments where time stamps on files are expected to be consistent
2546network-wide.
2547.It Va timed_flags
2548.Pq Vt str
2549If
2550.Va timed_enable
2551is set to
2552.Dq Li YES ,
2553these are the flags to pass to the
2554.Xr timed 8
2555service.
2556.It Va ntpdate_enable
2557.Pq Vt bool
2558If set to
2559.Dq Li YES ,
2560run
2561.Xr ntpdate 8
2562at system startup.
2563This command is intended to
2564synchronize the system clock only
2565.Em once
2566from some standard reference.
2567.Pp
2568Note that the use of the
2569.Va ntpd_sync_on_start
2570variable is a preferred alternative to the
2571.Xr ntpdate 8
2572utility as
2573.Xr ntpdate 8
2574is to be retired from the NTP distribution.
2575.It Va ntpdate_config
2576.Pq Vt str
2577Configuration file for
2578.Xr ntpdate 8 .
2579Default
2580.Pa /etc/ntp.conf .
2581.It Va ntpdate_hosts
2582.Pq Vt str
2583A whitespace-separated list of NTP servers to synchronize with at startup.
2584The default is to use the servers listed in
2585.Va ntpdate_config ,
2586if that file exists.
2587.It Va ntpdate_program
2588.Pq Vt str
2589Path to
2590.Xr ntpdate 8
2591(default
2592.Pa /usr/sbin/ntpdate ) .
2593.It Va ntpdate_flags
2594.Pq Vt str
2595If
2596.Va ntpdate_enable
2597is set to
2598.Dq Li YES ,
2599these are the flags to pass to the
2600.Xr ntpdate 8
2601command (typically a hostname).
2602.It Va ntpd_enable
2603.Pq Vt bool
2604If set to
2605.Dq Li YES ,
2606run the
2607.Xr ntpd 8
2608command at boot time.
2609.It Va ntpd_program
2610.Pq Vt str
2611Path to
2612.Xr ntpd 8
2613(default
2614.Pa /usr/sbin/ntpd ) .
2615.It Va ntpd_config
2616.Pq Vt str
2617Path to
2618.Xr ntpd 8
2619configuration file.
2620Default
2621.Pa /etc/ntp.conf .
2622.It Va ntpd_flags
2623.Pq Vt str
2624If
2625.Va ntpd_enable
2626is set to
2627.Dq Li YES ,
2628these are the flags to pass to the
2629.Xr ntpd 8
2630daemon.
2631.It Va ntpd_sync_on_start
2632.Pq Vt bool
2633If set to
2634.Dq Li YES ,
2635.Xr ntpd 8
2636is run with the
2637.Fl g
2638flag, which syncs the system's clock on startup.
2639See
2640.Xr ntpd 8
2641for more information regarding the
2642.Fl g
2643option.
2644This is a preferred alternative to using
2645.Xr ntpdate 8
2646or specifying the
2647.Va ntpdate_enable
2648variable.
2649.It Va nis_client_enable
2650.Pq Vt bool
2651If set to
2652.Dq Li YES ,
2653run the
2654.Xr ypbind 8
2655service at system boot time.
2656.It Va nis_client_flags
2657.Pq Vt str
2658If
2659.Va nis_client_enable
2660is set to
2661.Dq Li YES ,
2662these are the flags to pass to the
2663.Xr ypbind 8
2664service.
2665.It Va nis_ypldap_enable
2666.Pq Vt bool
2667If set to
2668.Dq Li YES ,
2669run the
2670.Xr ypldap 8
2671daemon at system boot time.
2672.It Va nis_ypldap_flags
2673.Pq Vt str
2674If
2675.Va nis.ypldap_enable
2676is set to
2677.Dq Li YES ,
2678these are the flags to pass to the
2679.Xr ypldap 8
2680daemon.
2681.It Va nis_ypset_enable
2682.Pq Vt bool
2683If set to
2684.Dq Li YES ,
2685run the
2686.Xr ypset 8
2687daemon at system boot time.
2688.It Va nis_ypset_flags
2689.Pq Vt str
2690If
2691.Va nis_ypset_enable
2692is set to
2693.Dq Li YES ,
2694these are the flags to pass to the
2695.Xr ypset 8
2696daemon.
2697.It Va nis_server_enable
2698.Pq Vt bool
2699If set to
2700.Dq Li YES ,
2701run the
2702.Xr ypserv 8
2703daemon at system boot time.
2704.It Va nis_server_flags
2705.Pq Vt str
2706If
2707.Va nis_server_enable
2708is set to
2709.Dq Li YES ,
2710these are the flags to pass to the
2711.Xr ypserv 8
2712daemon.
2713.It Va nis_ypxfrd_enable
2714.Pq Vt bool
2715If set to
2716.Dq Li YES ,
2717run the
2718.Xr rpc.ypxfrd 8
2719daemon at system boot time.
2720.It Va nis_ypxfrd_flags
2721.Pq Vt str
2722If
2723.Va nis_ypxfrd_enable
2724is set to
2725.Dq Li YES ,
2726these are the flags to pass to the
2727.Xr rpc.ypxfrd 8
2728daemon.
2729.It Va nis_yppasswdd_enable
2730.Pq Vt bool
2731If set to
2732.Dq Li YES ,
2733run the
2734.Xr rpc.yppasswdd 8
2735daemon at system boot time.
2736.It Va nis_yppasswdd_flags
2737.Pq Vt str
2738If
2739.Va nis_yppasswdd_enable
2740is set to
2741.Dq Li YES ,
2742these are the flags to pass to the
2743.Xr rpc.yppasswdd 8
2744daemon.
2745.It Va rpc_ypupdated_enable
2746.Pq Vt bool
2747If set to
2748.Dq Li YES ,
2749run the
2750.Nm rpc.ypupdated
2751daemon at system boot time.
2752.It Va bsnmpd_enable
2753.Pq Vt bool
2754If set to
2755.Dq Li YES ,
2756run the
2757.Xr bsnmpd 1
2758daemon at system boot time.
2759Be sure to understand the security implications of running SNMP daemon
2760on your host.
2761.It Va bsnmpd_flags
2762.Pq Vt str
2763If
2764.Va bsnmpd_enable
2765is set to
2766.Dq Li YES ,
2767these are the flags to pass to the
2768.Xr bsnmpd 1
2769daemon.
2770.It Va defaultrouter
2771.Pq Vt str
2772If not set to
2773.Dq Li NO ,
2774create a default route to this host name or IP address
2775(use an IP address if this router is also required to get to the
2776name server!).
2777.It Va ipv6_defaultrouter
2778.Pq Vt str
2779The IPv6 equivalent of
2780.Va defaultrouter .
2781.It Va static_arp_pairs
2782.Pq Vt str
2783Set to the list of static ARP pairs that are to be added at system
2784boot time.
2785For each whitespace separated
2786.Ar element
2787in the value, a
2788.Va static_arp_ Ns Aq Ar element
2789variable is assumed to exist whose contents will later be passed to a
2790.Dq Nm arp Cm -S
2791operation.
2792For example
2793.Bd -literal
2794static_arp_pairs="gw"
2795static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2796.Ed
2797.It Va static_ndp_pairs
2798.Pq Vt str
2799Set to the list of static NDP pairs that are to be added at system
2800boot time.
2801For each whitespace separated
2802.Ar element
2803in the value, a
2804.Va static_ndp_ Ns Aq Ar element
2805variable is assumed to exist whose contents will later be passed to a
2806.Dq Nm ndp Cm -s
2807operation.
2808For example
2809.Bd -literal
2810static_ndp_pairs="gw"
2811static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2812.Ed
2813.It Va static_routes
2814.Pq Vt str
2815Set to the list of static routes that are to be added at system
2816boot time.
2817If not set to
2818.Dq Li NO
2819then for each whitespace separated
2820.Ar element
2821in the value, a
2822.Va route_ Ns Aq Ar element
2823variable is assumed to exist
2824whose contents will later be passed to a
2825.Dq Nm route Cm add
2826operation.
2827For example:
2828.Bd -literal
2829static_routes="ext mcast:gif0 gif0local:gif0"
2830route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2831route_mcast="-net 224.0.0.0/4 -iface gif0"
2832route_gif0local="-host 169.254.1.1 -iface lo0"
2833.Ed
2834.Pp
2835When an
2836.Ar element
2837is in the form of
2838.Li name:ifname ,
2839the route is specific to the interface
2840.Li ifname .
2841.It Va ipv6_static_routes
2842.Pq Vt str
2843The IPv6 equivalent of
2844.Va static_routes .
2845If not set to
2846.Dq Li NO
2847then for each whitespace separated
2848.Ar element
2849in the value, a
2850.Va ipv6_route_ Ns Aq Ar element
2851variable is assumed to exist
2852whose contents will later be passed to a
2853.Dq Nm route Cm add Fl inet6
2854operation.
2855.It Va gateway_enable
2856.Pq Vt bool
2857If set to
2858.Dq Li YES ,
2859configure host to act as an IP router, e.g.\& to forward packets
2860between interfaces.
2861.It Va ipv6_gateway_enable
2862.Pq Vt bool
2863The IPv6 equivalent of
2864.Va gateway_enable .
2865.It Va routed_enable
2866.Pq Vt bool
2867If set to
2868.Dq Li YES ,
2869run a routing daemon of some sort, based on the
2870settings of
2871.Va routed_program
2872and
2873.Va routed_flags .
2874.It Va route6d_enable
2875.Pq Vt bool
2876The IPv6 equivalent of
2877.Va routed_enable .
2878If set to
2879.Dq Li YES ,
2880run a routing daemon of some sort, based on the
2881settings of
2882.Va route6d_program
2883and
2884.Va route6d_flags .
2885.It Va routed_program
2886.Pq Vt str
2887If
2888.Va routed_enable
2889is set to
2890.Dq Li YES ,
2891this is the name of the routing daemon to use.
2892.It Va route6d_program
2893.Pq Vt str
2894The IPv6 equivalent of
2895.Va routed_program .
2896.It Va routed_flags
2897.Pq Vt str
2898If
2899.Va routed_enable
2900is set to
2901.Dq Li YES ,
2902these are the flags to pass to the routing daemon.
2903.It Va route6d_flags
2904.Pq Vt str
2905The IPv6 equivalent of
2906.Va routed_flags .
2907.It Va rtadvd_enable
2908.Pq Vt bool
2909If set to
2910.Dq Li YES ,
2911run the
2912.Xr rtadvd 8
2913daemon at boot time.
2914The
2915.Xr rtadvd 8
2916utility sends ICMPv6 Router Advertisement messages to
2917the interfaces specified in
2918.Va rtadvd_interfaces .
2919This should only be enabled with great care.
2920You may want to fine-tune
2921.Xr rtadvd.conf 5 .
2922.It Va rtadvd_interfaces
2923.Pq Vt str
2924If
2925.Va rtadvd_enable
2926is set to
2927.Dq Li YES
2928this is the list of interfaces to use.
2929.It Va arpproxy_all
2930.Pq Vt bool
2931If set to
2932.Dq Li YES ,
2933enable global proxy ARP.
2934.It Va forward_sourceroute
2935.Pq Vt bool
2936If set to
2937.Dq Li YES
2938and
2939.Va gateway_enable
2940is also set to
2941.Dq Li YES ,
2942source-routed packets are forwarded.
2943.It Va accept_sourceroute
2944.Pq Vt bool
2945If set to
2946.Dq Li YES ,
2947the system will accept source-routed packets directed at it.
2948.It Va rarpd_enable
2949.Pq Vt bool
2950If set to
2951.Dq Li YES ,
2952run the
2953.Xr rarpd 8
2954daemon at system boot time.
2955.It Va rarpd_flags
2956.Pq Vt str
2957If
2958.Va rarpd_enable
2959is set to
2960.Dq Li YES ,
2961these are the flags to pass to the
2962.Xr rarpd 8
2963daemon.
2964.It Va bootparamd_enable
2965.Pq Vt bool
2966If set to
2967.Dq Li YES ,
2968run the
2969.Xr bootparamd 8
2970daemon at system boot time.
2971.It Va bootparamd_flags
2972.Pq Vt str
2973If
2974.Va bootparamd_enable
2975is set to
2976.Dq Li YES ,
2977these are the flags to pass to the
2978.Xr bootparamd 8
2979daemon.
2980.It Va stf_interface_ipv4addr
2981.Pq Vt str
2982If not set to
2983.Dq Li NO ,
2984this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2985interface).
2986Specify this entry to enable the 6to4 interface.
2987.It Va stf_interface_ipv4plen
2988.Pq Vt int
2989Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2990An effective value is 0-31.
2991.It Va stf_interface_ipv6_ifid
2992.Pq Vt str
2993IPv6 interface ID for
2994.Xr stf 4 .
2995This can be set to
2996.Dq Li AUTO .
2997.It Va stf_interface_ipv6_slaid
2998.Pq Vt str
2999IPv6 Site Level Aggregator for
3000.Xr stf 4 .
3001.It Va ipv6_ipv4mapping
3002.Pq Vt bool
3003If set to
3004.Dq Li YES
3005this enables IPv4 mapped IPv6 address communication (like
3006.Li ::ffff:a.b.c.d ) .
3007.It Va rtsold_enable
3008.Pq Vt bool
3009Set to
3010.Dq Li YES
3011to enable the
3012.Xr rtsold 8
3013daemon to send ICMPv6 Router Solicitation messages.
3014.It Va rtsold_flags
3015.Pq Vt str
3016If
3017.Va rtsold_enable
3018is set to
3019.Dq Li YES ,
3020these are the flags to pass to
3021.Xr rtsold 8 .
3022.It Va rtsol_flags
3023.Pq Vt str
3024For interfaces configured with the
3025.Dq Li inet6 accept_rtadv
3026keyword, these are the flags to pass to
3027.Xr rtsol 8 .
3028.Pp
3029Note that
3030.Va rtsold_enable
3031is mutually exclusive to
3032.Va rtsol_flags ;
3033.Va rtsold_enable
3034takes precedence.
3035.It Va keybell
3036.Pq Vt str
3037The keyboard bell sound.
3038Set to
3039.Dq Li normal ,
3040.Dq Li visual ,
3041.Dq Li off ,
3042or
3043.Dq Li NO
3044if the default behavior is desired.
3045For details, refer to the
3046.Xr kbdcontrol 1
3047manpage.
3048.It Va keyboard
3049.Pq Vt str
3050If set to a non-null string, the virtual console's keyboard input is
3051set to this device.
3052.It Va keymap
3053.Pq Vt str
3054If set to
3055.Dq Li NO ,
3056no keymap is installed, otherwise the value is used to install
3057the keymap file found in
3058.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3059(if using
3060.Xr syscons 4 ) or
3061.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3062(if using
3063.Xr vt 4 ) .
3064.It Va keyrate
3065.Pq Vt str
3066The keyboard repeat speed.
3067Set to
3068.Dq Li slow ,
3069.Dq Li normal ,
3070.Dq Li fast ,
3071or
3072.Dq Li NO
3073if the default behavior is desired.
3074.It Va keychange
3075.Pq Vt str
3076If not set to
3077.Dq Li NO ,
3078attempt to program the function keys with the value.
3079The value should
3080be a single string of the form:
3081.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3082.It Va cursor
3083.Pq Vt str
3084Can be set to the value of
3085.Dq Li normal ,
3086.Dq Li blink ,
3087.Dq Li destructive ,
3088or
3089.Dq Li NO
3090to set the cursor behavior explicitly or choose the default behavior.
3091.It Va scrnmap
3092.Pq Vt str
3093If set to
3094.Dq Li NO ,
3095no screen map is installed, otherwise the value is used to install
3096the screen map file in
3097.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3098This parameter is ignored when using
3099.Xr vt 4
3100as the console driver.
3101.It Va font8x16
3102.Pq Vt str
3103If set to
3104.Dq Li NO ,
3105the default 8x16 font value is used for screen size requests, otherwise
3106the value in
3107.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3108or
3109.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3110is used (depending on the console driver being used).
3111.It Va font8x14
3112.Pq Vt str
3113If set to
3114.Dq Li NO ,
3115the default 8x14 font value is used for screen size requests, otherwise
3116the value in
3117.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3118or
3119.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3120is used (depending on the console driver being used).
3121.It Va font8x8
3122.Pq Vt str
3123If set to
3124.Dq Li NO ,
3125the default 8x8 font value is used for screen size requests, otherwise
3126the value in
3127.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3128or
3129.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3130is used (depending on the console driver being used).
3131.It Va blanktime
3132.Pq Vt int
3133If set to
3134.Dq Li NO ,
3135the default screen blanking interval is used, otherwise it is set
3136to
3137.Ar value
3138seconds.
3139.It Va saver
3140.Pq Vt str
3141If not set to
3142.Dq Li NO ,
3143this is the actual screen saver to use
3144.Li ( blank , snake , daemon ,
3145etc).
3146.It Va moused_nondefault_enable
3147.Pq Vt str
3148If set to
3149.Dq Li NO ,
3150the mouse device specified on
3151the command line is not automatically treated as enabled by the
3152.Pa /etc/rc.d/moused
3153script.
3154Having this variable set to
3155.Dq Li YES
3156allows a
3157.Xr usb 4
3158mouse,
3159for example,
3160to be enabled as soon as it is plugged in.
3161.It Va moused_enable
3162.Pq Vt str
3163If set to
3164.Dq Li YES ,
3165the
3166.Xr moused 8
3167daemon is started for doing cut/paste selection on the console.
3168.It Va moused_type
3169.Pq Vt str
3170This is the protocol type of the mouse connected to this host.
3171This variable must be set if
3172.Va moused_enable
3173is set to
3174.Dq Li YES .
3175The
3176.Xr moused 8
3177daemon
3178is able to detect the appropriate mouse type automatically in many cases.
3179Set this variable to
3180.Dq Li auto
3181to let the daemon detect it, or
3182select one from the following list if the automatic detection fails.
3183.Pp
3184If the mouse is attached to the PS/2 mouse port, choose
3185.Dq Li auto
3186or
3187.Dq Li ps/2 ,
3188regardless of the brand and model of the mouse.
3189Likewise, if the
3190mouse is attached to the bus mouse port, choose
3191.Dq Li auto
3192or
3193.Dq Li busmouse .
3194All other protocols are for serial mice and will not work with
3195the PS/2 and bus mice.
3196If this is a USB mouse,
3197.Dq Li auto
3198is the only protocol type which will work.
3199.Pp
3200.Bl -tag -width ".Li x10mouseremote" -compact
3201.It Li microsoft
3202Microsoft mouse (serial)
3203.It Li intellimouse
3204Microsoft IntelliMouse (serial)
3205.It Li mousesystems
3206Mouse systems Corp.\& mouse (serial)
3207.It Li mmseries
3208MM Series mouse (serial)
3209.It Li logitech
3210Logitech mouse (serial)
3211.It Li busmouse
3212A bus mouse
3213.It Li mouseman
3214Logitech MouseMan and TrackMan (serial)
3215.It Li glidepoint
3216ALPS GlidePoint (serial)
3217.It Li thinkingmouse
3218Kensington ThinkingMouse (serial)
3219.It Li ps/2
3220PS/2 mouse
3221.It Li mmhittab
3222MM HitTablet (serial)
3223.It Li x10mouseremote
3224X10 MouseRemote (serial)
3225.It Li versapad
3226Interlink VersaPad (serial)
3227.El
3228.Pp
3229Even if the mouse is not in the above list, it may be compatible
3230with one in the list.
3231Refer to the manual page for
3232.Xr moused 8
3233for compatibility information.
3234.Pp
3235It should also be noted that while this is enabled, any
3236other client of the mouse (such as an X server) should access
3237the mouse through the virtual mouse device,
3238.Pa /dev/sysmouse ,
3239and configure it as a
3240.Dq Li sysmouse
3241type mouse, since all
3242mouse data is converted to this single canonical format when
3243using
3244.Xr moused 8 .
3245If the client program does not support the
3246.Dq Li sysmouse
3247type,
3248specify the
3249.Dq Li mousesystems
3250type.
3251It is the second preferred type.
3252.It Va moused_port
3253.Pq Vt str
3254If
3255.Va moused_enable
3256is set to
3257.Dq Li YES ,
3258this is the actual port the mouse is on.
3259It might be
3260.Pa /dev/cuau0
3261for a COM1 serial mouse, or
3262.Pa /dev/psm0
3263for a PS/2 mouse, for example.
3264.It Va moused_flags
3265.Pq Vt str
3266If
3267.Va moused_flags
3268is set, its value is used as an additional set of flags to pass to the
3269.Xr moused 8
3270daemon.
3271.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3272When
3273.Va moused_nondefault_enable
3274is enabled, and a
3275.Xr moused 8
3276daemon is started for a non-default port, the
3277.Va "moused_" Ns Ar XXX Ns Va "_flags"
3278set of options has precedence over and replaces the default
3279.Va moused_flags
3280(where
3281.Ar XXX
3282is the name of the non-default port, i.e.,\&
3283.Ar ums0 ) .
3284By setting
3285.Va "moused_" Ns Ar XXX Ns Va "_flags"
3286it is possible to set up a different set of default flags for each
3287.Xr moused 8
3288instance.
3289For example, you can use
3290.Dq Li "-3"
3291for the default
3292.Va moused_flags
3293to make your laptop's touchpad more comfortable to use,
3294but an empty set of options for
3295.Va moused_ums0_flags
3296when your
3297.Xr usb 4
3298mouse has three or more buttons.
3299.It Va mousechar_start
3300.Pq Vt int
3301If set to
3302.Dq Li NO ,
3303the default mouse cursor character range
3304.Li 0xd0 Ns - Ns Li 0xd3
3305is used,
3306otherwise the range start is set
3307to
3308.Ar value
3309character, see
3310.Xr vidcontrol 1 .
3311Use if the default range is occupied in the language code table.
3312.It Va allscreens_flags
3313.Pq Vt str
3314If set,
3315.Xr vidcontrol 1
3316is run with these options for each of the virtual terminals
3317.Pq Pa /dev/ttyv* .
3318For example,
3319.Dq Fl m Cm on
3320will enable the mouse pointer on all virtual terminals
3321if
3322.Va moused_enable
3323is set to
3324.Dq Li YES .
3325.It Va allscreens_kbdflags
3326.Pq Vt str
3327If set,
3328.Xr kbdcontrol 1
3329is run with these options for each of the virtual terminals
3330.Pq Pa /dev/ttyv* .
3331For example,
3332.Dq Fl h Li 200
3333will set the
3334.Xr syscons 4
3335or
3336.Xr vt 4
3337scrollback (history) buffer to 200 lines.
3338.It Va cron_enable
3339.Pq Vt bool
3340If set to
3341.Dq Li YES ,
3342run the
3343.Xr cron 8
3344daemon at system boot time.
3345.It Va cron_program
3346.Pq Vt str
3347Path to
3348.Xr cron 8
3349(default
3350.Pa /usr/sbin/cron ) .
3351.It Va cron_flags
3352.Pq Vt str
3353If
3354.Va cron_enable
3355is set to
3356.Dq Li YES ,
3357these are the flags to pass to
3358.Xr cron 8 .
3359.It Va cron_dst
3360.Pq Vt bool
3361If set to
3362.Dq Li YES ,
3363enable the special handling of transitions to and from the
3364Daylight Saving Time in
3365.Xr cron 8
3366(equivalent to using the flag
3367.Fl s ) .
3368.It Va lpd_program
3369.Pq Vt str
3370Path to
3371.Xr lpd 8
3372(default
3373.Pa /usr/sbin/lpd ) .
3374.It Va lpd_enable
3375.Pq Vt bool
3376If set to
3377.Dq Li YES ,
3378run the
3379.Xr lpd 8
3380daemon at system boot time.
3381.It Va lpd_flags
3382.Pq Vt str
3383If
3384.Va lpd_enable
3385is set to
3386.Dq Li YES ,
3387these are the flags to pass to the
3388.Xr lpd 8
3389daemon.
3390.It Va chkprintcap_enable
3391.Pq Vt bool
3392If set to
3393.Dq Li YES ,
3394run the
3395.Xr chkprintcap 8
3396command before starting the
3397.Xr lpd 8
3398daemon.
3399.It Va chkprintcap_flags
3400.Pq Vt str
3401If
3402.Va lpd_enable
3403and
3404.Va chkprintcap_enable
3405are set to
3406.Dq Li YES ,
3407these are the flags to pass to the
3408.Xr chkprintcap 8
3409program.
3410The default is
3411.Dq Li -d ,
3412which causes missing directories to be created.
3413.It Va mta_start_script
3414.Pq Vt str
3415This variable specifies the full path to the script to run to start
3416a mail transfer agent.
3417The default is
3418.Pa /etc/rc.sendmail .
3419The
3420.Va sendmail_*
3421variables which
3422.Pa /etc/rc.sendmail
3423uses are documented in the
3424.Xr rc.sendmail 8
3425manual page.
3426.It Va dumpdev
3427.Pq Vt str
3428Indicates the device (usually a swap partition) to which a crash dump
3429should be written in the event of a system crash.
3430If the value of this variable is
3431.Dq Li AUTO ,
3432the first suitable swap device listed in
3433.Pa /etc/fstab
3434will be used as dump device.
3435Otherwise, the value of this variable is passed as the argument to
3436.Xr dumpon 8 .
3437To disable crash dumps, set this variable to
3438.Dq Li NO .
3439.It Va dumpon_flags
3440.Pq Vt str
3441Flags to pass to
3442.Xr dumpon 8
3443when configuring
3444.Va dumpdev
3445as the system dump device.
3446.It Va dumpdir
3447.Pq Vt str
3448When the system reboots after a crash and a crash dump is found on the
3449device specified by the
3450.Va dumpdev
3451variable,
3452.Xr savecore 8
3453will save that crash dump and a copy of the kernel to the directory
3454specified by the
3455.Va dumpdir
3456variable.
3457The default value is
3458.Pa /var/crash .
3459Set to
3460.Dq Li NO
3461to not run
3462.Xr savecore 8
3463at boot time when
3464.Va dumpdir
3465is set.
3466.It Va savecore_enable
3467.Pq Vt bool
3468If set to
3469.Dq Li NO ,
3470disable automatic extraction of the crash dump from the
3471.Va dumpdev .
3472.It Va savecore_flags
3473.Pq Vt str
3474If crash dumps are enabled, these are the flags to pass to the
3475.Xr savecore 8
3476utility.
3477.It Va quota_enable
3478.Pq Vt bool
3479Set to
3480.Dq Li YES
3481to turn on user and group disk quotas on system startup via the
3482.Xr quotaon 8
3483command for all file systems marked as having quotas enabled in
3484.Pa /etc/fstab .
3485The kernel must be built with
3486.Cd "options QUOTA"
3487for disk quotas to function.
3488.It Va check_quotas
3489.Pq Vt bool
3490Set to
3491.Dq Li YES
3492to enable user and group disk quota checking via the
3493.Xr quotacheck 8
3494command.
3495.It Va quotacheck_flags
3496.Pq Vt str
3497If
3498.Va quota_enable
3499is set to
3500.Dq Li YES ,
3501and
3502.Va check_quotas
3503is set to
3504.Dq Li YES ,
3505these are the flags to pass to the
3506.Xr quotacheck 8
3507utility.
3508The default is
3509.Dq Li "-a" ,
3510which checks quotas for all file systems with quotas enabled in
3511.Pa /etc/fstab .
3512.It Va quotaon_flags
3513.Pq Vt str
3514If
3515.Va quota_enable
3516is set to
3517.Dq Li YES ,
3518these are the flags to pass to the
3519.Xr quotaon 8
3520utility.
3521The default is
3522.Dq Li "-a" ,
3523which enables quotas for all file systems with quotas enabled in
3524.Pa /etc/fstab .
3525.It Va quotaoff_flags
3526.Pq Vt str
3527If
3528.Va quota_enable
3529is set to
3530.Dq Li YES ,
3531these are the flags to pass to the
3532.Xr quotaoff 8
3533utility when shutting down the quota system.
3534The default is
3535.Dq Li "-a" ,
3536which disables quotas for all file systems with quotas enabled in
3537.Pa /etc/fstab .
3538.It Va accounting_enable
3539.Pq Vt bool
3540Set to
3541.Dq Li YES
3542to enable system accounting through the
3543.Xr accton 8
3544facility.
3545.It Va firstboot_sentinel
3546.Pq Vt str
3547This variable specifies the full path to a
3548.Dq first boot
3549sentinel file.
3550If a file exists with this path,
3551.Pa rc.d
3552scripts with the
3553.Dq firstboot
3554keyword will be run on startup and the sentinel file will be deleted
3555after the boot process completes.
3556The sentinel file must be located on a writable file system which is
3557mounted no later than
3558.Va early_late_divider
3559to function properly.
3560The default is
3561.Pa /firstboot .
3562.It Va linux_enable
3563.Pq Vt bool
3564Set to
3565.Dq Li YES
3566to enable Linux/ELF binary emulation at system initial
3567boot time.
3568.It Va sysvipc_enable
3569.Pq Vt bool
3570If set to
3571.Dq Li YES ,
3572load System V IPC primitives at boot time.
3573.It Va clear_tmp_enable
3574.Pq Vt bool
3575Set to
3576.Dq Li YES
3577to have
3578.Pa /tmp
3579cleaned at startup.
3580.It Va clear_tmp_X
3581.Pq Vt bool
3582Set to
3583.Dq Li NO
3584to disable removing of X11 lock files,
3585and the removal and (secure) recreation
3586of the various socket directories for X11
3587related programs.
3588.It Va ldconfig_paths
3589.Pq Vt str
3590Set to the list of shared library paths to use with
3591.Xr ldconfig 8 .
3592NOTE:
3593.Pa /usr/lib
3594will always be added first, so it need not appear in this list.
3595.It Va ldconfig32_paths
3596.Pq Vt str
3597Set to the list of 32-bit compatibility shared library paths to
3598use with
3599.Xr ldconfig 8 .
3600.It Va ldconfig_paths_aout
3601.Pq Vt str
3602Set to the list of shared library paths to use with
3603.Xr ldconfig 8
3604legacy
3605.Xr a.out 5
3606support.
3607.It Va ldconfig_insecure
3608.Pq Vt bool
3609The
3610.Xr ldconfig 8
3611utility normally refuses to use directories
3612which are writable by anyone except root.
3613Set this variable to
3614.Dq Li YES
3615to disable that security check during system startup.
3616.It Va ldconfig_local_dirs
3617.Pq Vt str
3618Set to the list of local
3619.Xr ldconfig 8
3620directories.
3621The names of all files in the directories listed will be
3622passed as arguments to
3623.Xr ldconfig 8 .
3624.It Va ldconfig_local32_dirs
3625.Pq Vt str
3626Set to the list of local 32-bit compatibility
3627.Xr ldconfig 8
3628directories.
3629The names of all files in the directories listed will be
3630passed as arguments to
3631.Dq Nm ldconfig Fl 32 .
3632.It Va kern_securelevel_enable
3633.Pq Vt bool
3634Set to
3635.Dq Li YES
3636to set the kernel security level at system startup.
3637.It Va kern_securelevel
3638.Pq Vt int
3639The kernel security level to set at startup.
3640The allowed range of
3641.Ar value
3642ranges from \-1 (the compile time default) to 3 (the
3643most secure).
3644See
3645.Xr security 7
3646for the list of possible security levels and their effect
3647on system operation.
3648.It Va sshd_program
3649.Pq Vt str
3650Path to the SSH server program
3651.Pa ( /usr/sbin/sshd
3652is the default).
3653.It Va sshd_enable
3654.Pq Vt bool
3655Set to
3656.Dq Li YES
3657to start
3658.Xr sshd 8
3659at system boot time.
3660.It Va sshd_flags
3661.Pq Vt str
3662If
3663.Va sshd_enable
3664is set to
3665.Dq Li YES ,
3666these are the flags to pass to the
3667.Xr sshd 8
3668daemon.
3669.It Va ftpd_program
3670.Pq Vt str
3671Path to the FTP server program
3672.Pa ( /usr/libexec/ftpd
3673is the default).
3674.It Va ftpd_enable
3675.Pq Vt bool
3676Set to
3677.Dq Li YES
3678to start
3679.Xr ftpd 8
3680as a stand-alone daemon at system boot time.
3681.It Va ftpd_flags
3682.Pq Vt str
3683If
3684.Va ftpd_enable
3685is set to
3686.Dq Li YES ,
3687these are the additional flags to pass to the
3688.Xr ftpd 8
3689daemon.
3690.It Va watchdogd_enable
3691.Pq Vt bool
3692If set to
3693.Dq Li YES ,
3694start the
3695.Xr watchdogd 8
3696daemon at boot time.
3697This requires that the kernel have been compiled with a
3698.Xr watchdog 4
3699compatible device.
3700.It Va watchdogd_flags
3701.Pq Vt str
3702If
3703.Va watchdogd_enable
3704is set to
3705.Dq Li YES ,
3706these are the flags passed to the
3707.Xr watchdogd 8
3708daemon.
3709.It Va devfs_rulesets
3710.Pq Vt str
3711List of files containing sets of rules for
3712.Xr devfs 8 .
3713.It Va devfs_system_ruleset
3714.Pq Vt str
3715Rule name(s) to apply to the system
3716.Pa /dev
3717itself.
3718.It Va devfs_set_rulesets
3719.Pq Vt str
3720Pairs of already-mounted
3721.Pa dev
3722directories and rulesets that should be applied to them.
3723For example: /mount/dev=ruleset_name
3724.It Va devfs_load_rulesets
3725.Pq Vt bool
3726If set, always load the default rulesets listed in
3727.Va devfs_rulesets .
3728.It Va performance_cx_lowest
3729.Pq Vt str
3730CPU idle state to use while on AC power.
3731The string
3732.Dq Li LOW
3733indicates that
3734.Xr acpi 4
3735should use the lowest power state available while
3736.Dq Li HIGH
3737indicates that the lowest latency state (less power savings) should be used.
3738.It Va performance_cpu_freq
3739.Pq Vt str
3740CPU clock frequency to use while on AC power.
3741The string
3742.Dq Li LOW
3743indicates that
3744.Xr cpufreq 4
3745should use the lowest frequency available while
3746.Dq Li HIGH
3747indicates that the highest frequency (less power savings) should be used.
3748.It Va economy_cx_lowest
3749.Pq Vt str
3750CPU idle state to use when off AC power.
3751The string
3752.Dq Li LOW
3753indicates that
3754.Xr acpi 4
3755should use the lowest power state available while
3756.Dq Li HIGH
3757indicates that the lowest latency state (less power savings) should be used.
3758.It Va economy_cpu_freq
3759.Pq Vt str
3760CPU clock frequency to use when off AC power.
3761The string
3762.Dq Li LOW
3763indicates that
3764.Xr cpufreq 4
3765should use the lowest frequency available while
3766.Dq Li HIGH
3767indicates that the highest frequency (less power savings) should be used.
3768.It Va jail_enable
3769.Pq Vt bool
3770If set to
3771.Dq Li NO ,
3772any configured jails will not be started.
3773.It Va jail_conf
3774.Pq Vt str
3775The configuration filename used by
3776.Xr jail 8
3777utility.
3778The default value is
3779.Pa /etc/jail.conf .
3780.It Va jail_parallel_start
3781.Pq Vt bool
3782If set to
3783.Dq Li YES ,
3784all configured jails will be started in the background (in parallel).
3785.It Va jail_flags
3786.Pq Vt str
3787Unset by default.
3788When set, use as default value for
3789.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3790for every jail in
3791.Va jail_list .
3792.It Va jail_list
3793.Pq Vt str
3794A space-delimited list of jail names.
3795When left empty, all of the
3796.Xr jail 8
3797instances defined in the configuration file are started.
3798The names specified in this list control the jail startup order.
3799.Xr jail 8
3800instances missing from
3801.Va jail_list
3802must be started manually.
3803Note that a jail's
3804.Va depend
3805parameter in the configuration file may override this list.
3806.It Va jail_reverse_stop
3807.Pq Vt bool
3808When set to
3809.Dq Li YES ,
3810all configured jails in
3811.Va jail_list
3812are stopped in reverse order.
3813.It Va jail_* variables
3814Note that older releases supported per-jail configuration via
3815.Nm
3816variables.
3817For example,
3818hostname of a jail named
3819.Li vjail
3820was able to be set by
3821.Li jail_vjail_hostname .
3822These per-jail configuration variables are now obsolete in favor of
3823.Xr jail 8
3824configuration file.
3825For backward compatibility,
3826when per-jail configuration variables are defined,
3827.Xr jail 8
3828configuration files are created as
3829.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3830and used.
3831.Pp
3832The following per-jail parameters are handled by
3833.Pa rc.d/jail
3834script out of their corresponding
3835.Nm
3836variables.
3837In addition to them, parameters in
3838.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3839will be added to the configuration file.
3840They must be a semi-colon
3841.Pq Ql \&;
3842delimited list of
3843.Dq key=value .
3844For more details,
3845see
3846.Xr jail 8
3847manual page.
3848.Bl  -tag -width "host.hostname" -offset indent
3849.It Li path
3850set from
3851.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3852.It Li host.hostname
3853set from
3854.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3855.It Li exec.consolelog
3856set from
3857.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3858The default value is
3859.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3860.It Li interface
3861set from
3862.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3863.It Li vnet.interface
3864set from
3865.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3866This implies
3867.Li vnet
3868parameter will be enabled and cannot be specified with
3869.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3870.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3871and/or
3872.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3873at the same time.
3874.It Li fstab
3875set from
3876.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3877.It Li mount
3878set from
3879.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
3880.It Li exec.fib
3881set from
3882.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3883.It Li exec.start
3884set from
3885.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
3886The parameter name was
3887.Li command
3888in some older releases.
3889.It Li exec.prestart
3890set from
3891.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
3892.It Li exec.poststart
3893set from
3894.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
3895.It Li exec.stop
3896set from
3897.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3898.It Li exec.prestop
3899set from
3900.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
3901.It Li exec.poststop
3902set from
3903.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
3904.It Li ip4.addr
3905set if
3906.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3907or
3908.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3909contain IPv4 addresses
3910.It Li ip6.addr
3911set if
3912.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3913or
3914.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3915contain IPv6 addresses
3916.It Li allow.mount
3917set from
3918.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3919.It Li mount.devfs
3920set from
3921.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3922.It Li devfs_ruleset
3923set from
3924.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
3925This must be an integer,
3926not a string.
3927.It Li mount.fdescfs
3928set from
3929.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3930.It Li allow.set_hostname
3931set from
3932.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
3933.It Li allow.rawsocket
3934set from
3935.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
3936.It Li allow.sysvipc
3937set from
3938.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
3939.El
3940.\" -----------------------------------------------------
3941.It Va harvest_mask
3942.Pq Vt int
3943Set to a bit-mask
3944representing the entropy sources
3945you wish to harvest.
3946Refer to
3947.Xr random 4
3948for more information.
3949.It Va entropy_dir
3950.Pq Vt str
3951Set to
3952.Dq Li NO
3953to disable caching entropy via
3954.Xr cron 8 .
3955Otherwise set to the directory
3956in which the entropy files are stored.
3957To be useful,
3958there must be
3959a system cron job
3960that regularly writes and rotates
3961files here.
3962All files found
3963will be used at boot time.
3964The default is
3965.Pa /var/db/entropy .
3966.It Va entropy_file
3967.Pq Vt str
3968Set to
3969.Dq Li NO
3970to disable caching entropy through reboots.
3971Otherwise set to the name
3972of a file used to store cached entropy.
3973This file should be located
3974on a file system that is readable
3975before all the volumes specified in
3976.Xr fstab 5
3977are mounted.
3978By default,
3979.Pa /entropy
3980is used,
3981but if
3982.Pa /var/db/entropy-file
3983is found it will also be used.
3984This will be of some use to
3985.Xr bsdinstall 8 .
3986.It Va entropy_boot_file
3987.Pq Vt str
3988Set to
3989.Dq Li NO
3990to disable
3991very early caching entropy
3992through reboots.
3993Otherwise set to the filename
3994used to read
3995very early reboot cached entropy.
3996This file should be located where
3997.Xr loader 8
3998can read it.
3999See also
4000.Xr loader.conf 5 .
4001The default location is
4002.Pa /boot/entropy .
4003.It Va entropy_save_sz
4004.Pq Vt int
4005Size of the entropy cache files saved by
4006.Nm save-entropy
4007periodically.
4008.It Va entropy_save_num
4009.Pq Vt int
4010Number of entropy cache files to save by
4011.Nm save-entropy
4012periodically.
4013.It Va ipsec_enable
4014.Pq Vt bool
4015Set to
4016.Dq Li YES
4017to run
4018.Xr setkey 8
4019on
4020.Va ipsec_file
4021at boot time.
4022.It Va ipsec_file
4023.Pq Vt str
4024Configuration file for
4025.Xr setkey 8 .
4026.It Va dmesg_enable
4027.Pq Vt bool
4028Set to
4029.Dq Li YES
4030to save
4031.Xr dmesg 8
4032to
4033.Pa /var/run/dmesg.boot
4034on boot.
4035.It Va rcshutdown_timeout
4036.Pq Vt int
4037If set, start a watchdog timer in the background which will terminate
4038.Pa rc.shutdown
4039if
4040.Xr shutdown 8
4041has not completed within the specified time (in seconds).
4042Notice that in addition to this soft timeout,
4043.Xr init 8
4044also applies a hard timeout for the execution of
4045.Pa rc.shutdown .
4046This is configured via
4047.Xr sysctl 8
4048variable
4049.Va kern.init_shutdown_timeout
4050and defaults to 120 seconds.
4051Setting the value of
4052.Va rcshutdown_timeout
4053to more than 120 seconds will have no effect until the
4054.Xr sysctl 8
4055variable
4056.Va kern.init_shutdown_timeout
4057is also increased.
4058.It Va virecover_enable
4059.Pq Vt bool
4060Set to
4061.Dq Li NO
4062to prevent the system from trying to
4063recover pre-maturely terminated
4064.Xr vi 1
4065sessions.
4066.It Va ugidfw_enable
4067.Pq Vt bool
4068Set to
4069.Dq Li YES
4070to load the
4071.Xr mac_bsdextended 4
4072module upon system initialization and load a default
4073ruleset file.
4074.It Va bsdextended_script
4075.Pq Vt str
4076The default
4077.Xr mac_bsdextended 4
4078ruleset file to load.
4079The default value of this variable is
4080.Pa /etc/rc.bsdextended .
4081.It Va newsyslog_enable
4082.Pq Vt bool
4083If set to
4084.Dq Li YES ,
4085run
4086.Xr newsyslog 8
4087command at startup.
4088.It Va newsyslog_flags
4089.Pq Vt str
4090If
4091.Va newsyslog_enable
4092is set to
4093.Dq Li YES ,
4094these are the flags to pass to the
4095.Xr newsyslog 8
4096program.
4097The default is
4098.Dq Li -CN ,
4099which causes log files flagged with a
4100.Cm C
4101to be created.
4102.It Va mdconfig_md Ns Aq Ar X
4103.Pq Vt str
4104Arguments to
4105.Xr mdconfig 8
4106for
4107.Xr md 4
4108device
4109.Ar X .
4110At minimum a
4111.Fl t Ar type
4112must be specified and either a
4113.Fl s Ar size
4114for malloc or swap backed
4115.Xr md 4
4116devices or a
4117.Fl f Ar file
4118for vnode backed
4119.Xr md 4
4120devices.
4121Note that
4122.Va mdconfig_md Ns Aq Ar X
4123variables are evaluated until one variable is unset or null.
4124.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4125.Pq Vt str
4126Optional arguments passed to
4127.Xr newfs 8
4128to initialize
4129.Xr md 4
4130device
4131.Ar X .
4132.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4133.Pq Vt str
4134An ownership specification passed to
4135.Xr chown 8
4136after the specified
4137.Xr md 4
4138device
4139.Ar X
4140has been mounted.
4141Both the
4142.Xr md 4
4143device and the mount point will be changed.
4144.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4145.Pq Vt str
4146A mode string passed to
4147.Xr chmod 1
4148after the specified
4149.Xr md 4
4150device
4151.Ar X
4152has been mounted.
4153Both the
4154.Xr md 4
4155device and the mount point will be changed.
4156.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4157.Pq Vt str
4158Files to be copied to the mount point of the
4159.Xr md 4
4160device
4161.Ar X
4162after it has been mounted.
4163.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4164.Pq Vt str
4165Command to execute after the specified
4166.Xr md 4
4167device
4168.Ar X
4169has been mounted.
4170Note that the command is passed to
4171.Ic eval
4172and that both
4173.Va _dev
4174and
4175.Va _mp
4176variables can be used to reference respectively the
4177.Xr md 4
4178device and the mount point.
4179Assuming that the
4180.Xr md 4
4181device is
4182.Li md0 ,
4183one could set the following:
4184.Bd -literal
4185mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4186.Ed
4187.It Va autobridge_interfaces
4188.Pq Vt str
4189Set to the list of bridge interfaces that will have newly arriving interfaces
4190checked against to be automatically added.
4191If not set to
4192.Dq Li NO
4193then for each whitespace separated
4194.Ar element
4195in the value, a
4196.Va autobridge_ Ns Aq Ar element
4197variable is assumed to exist which has a whitespace separated list of interface
4198names to match, these names can use wildcards.
4199For example:
4200.Bd -literal
4201autobridge_interfaces="bridge0"
4202autobridge_bridge0="tap* dc0 vlan[345]"
4203.Ed
4204.It Va mixer_enable
4205.Pq Vt bool
4206If set to
4207.Dq Li YES ,
4208enable support for sound mixer.
4209.It Va hcsecd_enable
4210.Pq Vt bool
4211If set to
4212.Dq Li YES ,
4213enable Bluetooth security daemon.
4214.It Va hcsecd_config
4215.Pq Vt str
4216Configuration file for
4217.Xr hcsecd 8 .
4218Default
4219.Pa /etc/bluetooth/hcsecd.conf .
4220.It Va sdpd_enable
4221.Pq Vt bool
4222If set to
4223.Dq Li YES ,
4224enable Bluetooth Service Discovery Protocol daemon.
4225.It Va sdpd_control
4226.Pq Vt str
4227Path to
4228.Xr sdpd 8
4229control socket.
4230Default
4231.Pa /var/run/sdp .
4232.It Va sdpd_groupname
4233.Pq Vt str
4234Sets
4235.Xr sdpd 8
4236group to run as after it initializes.
4237Default
4238.Dq Li nobody .
4239.It Va sdpd_username
4240.Pq Vt str
4241Sets
4242.Xr sdpd 8
4243user to run as after it initializes.
4244Default
4245.Dq Li nobody .
4246.It Va bthidd_enable
4247.Pq Vt bool
4248If set to
4249.Dq Li YES ,
4250enable Bluetooth Human Interface Device daemon.
4251.It Va bthidd_config
4252.Pq Vt str
4253Configuration file for
4254.Xr bthidd 8 .
4255Default
4256.Pa /etc/bluetooth/bthidd.conf .
4257.It Va bthidd_hids
4258.Pq Vt str
4259Path to a file, where
4260.Xr bthidd 8
4261will store information about known HID devices.
4262Default
4263.Pa /var/db/bthidd.hids .
4264.It Va rfcomm_pppd_server_enable
4265.Pq Vt bool
4266If set to
4267.Dq Li YES ,
4268enable Bluetooth RFCOMM PPP wrapper daemon.
4269.It Va rfcomm_pppd_server_profile
4270.Pq Vt str
4271The name of the profile to use from
4272.Pa /etc/ppp/ppp.conf .
4273Multiple profiles can be specified here.
4274Also used to specify per-profile overrides.
4275When the profile name contains any of the characters
4276.Dq Li .-/+
4277they are translated to
4278.Dq Li _
4279for the proposes of the override variable names.
4280.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4281.Pq Vt str
4282Overrides local address to listen on.
4283By default
4284.Xr rfcomm_pppd 8
4285will listen on
4286.Dq Li ANY
4287address.
4288The address can be specified as BD_ADDR or name.
4289.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4290.Pq Vt str
4291Overrides local RFCOMM channel to listen on.
4292By default
4293.Xr rfcomm_pppd 8
4294will listen on RFCOMM channel 1.
4295Must set properly if multiple profiles used in the same time.
4296.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4297.Pq Vt bool
4298Tells
4299.Xr rfcomm_pppd 8
4300if it should register Serial Port service on the specified RFCOMM channel.
4301Default
4302.Dq Li NO .
4303.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4304.Pq Vt bool
4305Tells
4306.Xr rfcomm_pppd 8
4307if it should register Dial-Up Networking service on the specified
4308RFCOMM channel.
4309Default
4310.Dq Li NO .
4311.It Va ubthidhci_enable
4312.Pq Vt bool
4313If set to
4314.Dq Li YES ,
4315change the USB Bluetooth controller from HID mode to HCI mode.
4316You also need to specify the location of USB Bluetooth controller with the
4317.Va ubthidhci_busnum
4318and
4319.Va ubthidhci_addr
4320variables.
4321.It Va ubthidhci_busnum
4322Bus number where the USB Bluetooth controller is located.
4323Check the output of
4324.Xr usbconfig 8
4325on your system to find this information.
4326.It Va ubthidhci_addr
4327Bus address of the USB Bluetooth controller.
4328Check the output of
4329.Xr usbconfig 8
4330on your system to find this information.
4331.It Va netwait_enable
4332.Pq Vt bool
4333If set to
4334.Dq Li YES ,
4335delays the start of network-reliant services until
4336.Va netwait_if
4337is up and ICMP packets to a destination defined in
4338.Va netwait_ip
4339are flowing.
4340Link state is examined first, followed by
4341.Dq Li pinging
4342an IP address to verify network usability.
4343If no destination can be reached or timeouts are exceeded,
4344network services are started anyway with no guarantee that
4345the network is usable.
4346Use of this variable requires both
4347.Va netwait_ip
4348and
4349.Va netwait_if
4350to be set.
4351.It Va netwait_ip
4352.Pq Vt str
4353Empty by default.
4354This variable contains a space-delimited list of IP addresses to
4355.Xr ping 8 .
4356DNS hostnames should not be used as resolution is not guaranteed
4357to be functional at this point.
4358If multiple IP addresses are specified,
4359each will be tried until one is successful or the list is exhausted.
4360.It Va netwait_timeout
4361.Pq Vt int
4362Indicates the total number of seconds to perform a
4363.Dq Li ping
4364against each IP address in
4365.Va netwait_ip ,
4366at a rate of one ping per second.
4367If any of the pings are successful,
4368full network connectivity is considered reliable.
4369The default is 60.
4370.It Va netwait_if
4371.Pq Vt str
4372Empty by default.
4373Defines the name of the network interface on which watch for link.
4374.Xr ifconfig 8
4375is used to monitor the interface, looking for
4376.Dq Li status: no carrier .
4377Once gone, the link is considered up.
4378This can be a
4379.Xr vlan 4
4380interface if desired.
4381.It Va netwait_if_timeout
4382.Pq Vt int
4383Defines the total number of seconds to wait for link to become usable,
4384polled at a 1-second interval.
4385The default is 30.
4386.It Va rctl_enable
4387.Pq Vt bool
4388If set to
4389.Dq Li YES ,
4390load
4391.Xr rctl 8
4392rules from the defined ruleset.
4393The kernel must be built with
4394.Cd "options RACCT"
4395and
4396.Cd "options RCTL" .
4397.It Va rctl_rules
4398.Pq Vt str
4399Set to
4400.Pa /etc/rctl.conf
4401by default.
4402This variables contains the
4403.Xr rctl.conf 5
4404ruleset to load for
4405.Xr rctl 8 .
4406.It Va iovctl_files
4407.Pq Vt str
4408A space-separated list of configuration files used by
4409.Xr iovctl 8 .
4410The default value is an empty string.
4411.It Va autofs_enable
4412.Pq Vt bool
4413If set to
4414.Dq Li YES ,
4415start the
4416.Xr automount 8
4417utility and the
4418.Xr automountd 8
4419and
4420.Xr autounmountd 8
4421daemons at boot time.
4422.It Va automount_flags
4423.Pq Vt str
4424If
4425.Va autofs_enable
4426is set to
4427.Dq Li YES ,
4428these are the flags to pass to the
4429.Xr automount 8
4430program.
4431By default no flags are passed.
4432.It Va automountd_flags
4433.Pq Vt str
4434If
4435.Va autofs_enable
4436is set to
4437.Dq Li YES ,
4438these are the flags to pass to the
4439.Xr automountd 8
4440daemon.
4441By default no flags are passed.
4442.It Va autounmountd_flags
4443.Pq Vt str
4444If
4445.Va autofs_enable
4446is set to
4447.Dq Li YES ,
4448these are the flags to pass to the
4449.Xr autounmountd 8
4450daemon.
4451By default no flags are passed.
4452.It Va ctld_enable
4453.Pq Vt bool
4454If set to
4455.Dq Li YES ,
4456start the
4457.Xr ctld 8
4458daemon at boot time.
4459.It Va iscsid_enable
4460.Pq Vt bool
4461If set to
4462.Dq Li YES ,
4463start the
4464.Xr iscsid 8
4465daemon at boot time.
4466.It Va iscsictl_enable
4467.Pq Vt bool
4468If set to
4469.Dq Li YES ,
4470start the
4471.Xr iscsictl 8
4472utility at boot time.
4473.It Va iscsictl_flags
4474.Pq Vt str
4475If
4476.Va iscsictl_enable
4477is set to
4478.Dq Li YES ,
4479these are the flags to pass to the
4480.Xr iscsictl 8
4481program.
4482The default is
4483.Dq Li -Aa ,
4484which configures sessions based on the
4485.Pa /etc/iscsi.conf
4486configuration file.
4487.It Va cfumass_enable
4488.Pq Vt bool
4489If set to
4490.Dq Li YES ,
4491create and export an USB LUN using
4492.Xr cfumass 4
4493at boot time.
4494.It Va cfumass_dir
4495.Pq Vt str
4496The directory where the files exported by USB LUN are located.
4497The default directory is
4498.Pa /var/cfumass .
4499.It Va service_delete_empty
4500.Pq Vt bool
4501If set to
4502.Dq Li YES ,
4503.Ql Li service delete
4504removes empty
4505.Dq Li rc.conf.d
4506files.
4507.El
4508.Sh FILES
4509.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4510.It Pa /etc/defaults/rc.conf
4511.It Pa /etc/rc.conf
4512.It Pa /etc/rc.conf.local
4513.El
4514.Sh SEE ALSO
4515.Xr chmod 1 ,
4516.Xr gdb 1 ,
4517.Xr info 1 ,
4518.Xr kbdcontrol 1 ,
4519.Xr makewhatis 1 ,
4520.Xr sh 1 ,
4521.Xr vi 1 ,
4522.Xr vidcontrol 1 ,
4523.Xr bridge 4 ,
4524.Xr dummynet 4 ,
4525.Xr ip 4 ,
4526.Xr ipf 4 ,
4527.Xr ipfw 4 ,
4528.Xr ipnat 4 ,
4529.Xr kld 4 ,
4530.Xr pf 4 ,
4531.Xr pflog 4 ,
4532.Xr pfsync 4 ,
4533.Xr tcp 4 ,
4534.Xr udp 4 ,
4535.Xr exports 5 ,
4536.Xr fstab 5 ,
4537.Xr ipf 5 ,
4538.Xr ipnat 5 ,
4539.Xr jail.conf 5 ,
4540.Xr loader.conf 5 ,
4541.Xr motd 5 ,
4542.Xr newsyslog.conf 5 ,
4543.Xr pf.conf 5 ,
4544.Xr security 7 ,
4545.Xr accton 8 ,
4546.Xr amd 8 ,
4547.Xr apm 8 ,
4548.Xr bsdinstall 8 ,
4549.Xr bthidd 8 ,
4550.Xr chkprintcap 8 ,
4551.Xr chown 8 ,
4552.Xr cron 8 ,
4553.Xr devfs 8 ,
4554.Xr dhclient 8 ,
4555.Xr ftpd 8 ,
4556.Xr geli 8 ,
4557.Xr hcsecd 8 ,
4558.Xr ifconfig 8 ,
4559.Xr inetd 8 ,
4560.Xr iovctl 8 ,
4561.Xr ipf 8 ,
4562.Xr ipfw 8 ,
4563.Xr ipnat 8 ,
4564.Xr jail 8 ,
4565.Xr kldxref 8 ,
4566.Xr loader 8 ,
4567.Xr lpd 8 ,
4568.Xr mdconfig 8 ,
4569.Xr mdmfs 8 ,
4570.Xr mixer 8 ,
4571.Xr mountd 8 ,
4572.Xr moused 8 ,
4573.Xr newfs 8 ,
4574.Xr newsyslog 8 ,
4575.Xr nfsd 8 ,
4576.Xr ntpd 8 ,
4577.Xr ntpdate 8 ,
4578.Xr pfctl 8 ,
4579.Xr pflogd 8 ,
4580.Xr ping 8 ,
4581.Xr powerd 8 ,
4582.Xr quotacheck 8 ,
4583.Xr quotaon 8 ,
4584.Xr rc 8 ,
4585.Xr rc.sendmail 8 ,
4586.Xr rfcomm_pppd 8 ,
4587.Xr route 8 ,
4588.Xr routed 8 ,
4589.Xr rpc.lockd 8 ,
4590.Xr rpc.statd 8 ,
4591.Xr rpcbind 8 ,
4592.Xr rwhod 8 ,
4593.Xr savecore 8 ,
4594.Xr sdpd 8 ,
4595.Xr service 8 ,
4596.Xr sshd 8 ,
4597.Xr swapon 8 ,
4598.Xr sysctl 8 ,
4599.Xr syslogd 8 ,
4600.Xr sysrc 8 ,
4601.Xr timed 8 ,
4602.Xr unbound 8 ,
4603.Xr usbconfig 8 ,
4604.Xr wlandebug 8 ,
4605.Xr yp 8 ,
4606.Xr ypbind 8 ,
4607.Xr ypserv 8 ,
4608.Xr ypset 8
4609.Sh HISTORY
4610The
4611.Nm
4612file appeared in
4613.Fx 2.2.2 .
4614.Sh AUTHORS
4615.An Jordan K. Hubbard .
4616