1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd January 27, 2009 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va ddb_enable 168.Pq Vt bool 169Run 170.Xr ddb 8 171to install 172.Xr ddb 4 173scripts at boot time. 174.It Va ddb_config 175.Pq Vt str 176Configuration file for 177.Xr ddb 8 . 178Default 179.Pa /etc/ddb.conf . 180.It Va kldxref_enable 181.Pq Vt bool 182Set to 183.Dq Li NO 184by default. 185Set to 186.Dq Li YES 187to automatically rebuild 188.Pa linker.hints 189files with 190.Xr kldxref 8 191at boot time. 192.It Va kldxref_clobber 193.Pq Vt bool 194Set to 195.Dq Li NO 196by default. 197If 198.Va kldxref_enable 199is true, 200setting to 201.Dq Li YES 202will overwrite existing 203.Pa linker.hints 204files at boot time. 205Otherwise, 206only missing 207.Pa linker.hints 208files are generated. 209.It Va kldxref_module_path 210.Pq Vt str 211Empty by default. 212A semi-colon 213.Pq Ql \&; 214delimited list of paths containing 215.Xr kld 4 216modules. 217If empty, 218the contents of the 219.Va kern.module_path 220.Xr sysctl 8 221are used. 222.It Va powerd_enable 223.Pq Vt bool 224If set to 225.Dq Li YES , 226enable the system power control facility with the 227.Xr powerd 8 228daemon. 229.It Va powerd_flags 230.Pq Vt str 231If 232.Va powerd_enable 233is set to 234.Dq Li YES , 235these are the flags to pass to the 236.Xr powerd 8 237daemon. 238.It Va tmpmfs 239Controls the creation of a 240.Pa /tmp 241memory file system. 242Always happens if set to 243.Dq Li YES 244and never happens if set to 245.Dq Li NO . 246If set to anything else, a memory file system is created if 247.Pa /tmp 248is not writable. 249.It Va tmpsize 250Controls the size of a created 251.Pa /tmp 252memory file system. 253.It Va tmpmfs_flags 254Extra options passed to the 255.Xr mdmfs 8 256utility when the memory file system for 257.Pa /tmp 258is created. 259The default is 260.Dq Li "-S" , 261which inhibits the use of softupdates on 262.Pa /tmp 263so that file system space is freed without delay 264after file truncation or deletion. 265See 266.Xr mdmfs 8 267for other options you can use in 268.Va tmpmfs_flags . 269.It Va varmfs 270Controls the creation of a 271.Pa /var 272memory file system. 273Always happens if set to 274.Dq Li YES 275and never happens if set to 276.Dq Li NO . 277If set to anything else, a memory file system is created if 278.Pa /var 279is not writable. 280.It Va varsize 281Controls the size of a created 282.Pa /var 283memory file system. 284.It Va varmfs_flags 285Extra options passed to the 286.Xr mdmfs 8 287utility when the memory file system for 288.Pa /var 289is created. 290The default is 291.Dq Li "-S" , 292which inhibits the use of softupdates on 293.Pa /var 294so that file system space is freed without delay 295after file truncation or deletion. 296See 297.Xr mdmfs 8 298for other options you can use in 299.Va varmfs_flags . 300.It Va populate_var 301Controls the automatic population of the 302.Pa /var 303file system. 304Always happens if set to 305.Dq Li YES 306and never happens if set to 307.Dq Li NO . 308If set to anything else, a memory file system is created if 309.Pa /var 310is not writable. 311Note that this process requires access to certain commands in 312.Pa /usr 313before 314.Pa /usr 315is mounted on normal systems. 316.It Va cleanvar_enable 317.Pq Vt bool 318Clean the 319.Pa /var 320directory. 321.It Va local_startup 322.Pq Vt str 323List of directories to search for startup script files. 324.It Va script_name_sep 325.Pq Vt str 326The field separator to use for breaking down the list of startup script files 327into individual filenames. 328The default is a space. 329It is not necessary to change this unless there are startup scripts with names 330containing spaces. 331.It Va hostapd_enable 332.Pq Vt bool 333Set to 334.Dq Li YES 335to start 336.Xr hostapd 8 337at system boot time. 338.It Va hostname 339.Pq Vt str 340The fully qualified domain name (FQDN) of this host on the network. 341This should almost certainly be set to something meaningful, even if 342there is no network connection. 343If 344.Xr dhclient 8 345is used to set the hostname via DHCP, 346this variable should be set to an empty string. 347.It Va ipv6_enable 348.Pq Vt bool 349Enable support for IPv6 networking. 350Note that this requires that the kernel has been compiled with 351.Cd "options INET6" . 352.It Va nisdomainname 353.Pq Vt str 354The NIS domain name of this host, or 355.Dq Li NO 356if NIS is not used. 357.It Va dhclient_program 358.Pq Vt str 359Path to the DHCP client program 360.Pa ( /sbin/dhclient , 361the 362.Ox 363DHCP client, 364is the default). 365.It Va dhclient_flags 366.Pq Vt str 367Additional flags to pass to the DHCP client program. 368For the 369.Ox 370DHCP client, see the 371.Xr dhclient 8 372manpage for a description of the command line options available. 373.It Va dhclient_flags_ Ns Aq Ar iface 374Additional flags to pass to the DHCP client program running on 375.Ar iface 376only. 377When specified, this variable overrides 378.Va dhclient_flags . 379.It Va background_dhclient 380.Pq Vt bool 381Set to 382.Dq Li YES 383to start the DHCP client in background. 384This can cause trouble with applications depending on 385a working network, but it will provide a faster startup 386in many cases. 387.It Va background_dhclient_ Ns Aq Ar iface 388When specified, this variable overrides the 389.Va background_dhclient 390variable for interface 391.Ar iface 392only. 393.It Va synchronous_dhclient 394.Pq Bt bool 395Set to 396.Dq Li YES 397to start 398.Xr dhclient 8 399synchronously at startup. 400This behavior can be overridden on a per-interface basis by replacing 401the 402.Dq Li DHCP 403keyword in the 404.Va ifconfig_ Ns Aq Ar interface 405variable with 406.Dq Li SYNCDHCP 407or 408.Dq Li NOSYNCDHCP . 409.It Va defaultroute_delay 410.Pq Vt int 411When set to a positive value, wait up to this long after configuring 412DHCP interfaces at startup to give the interfaces time to receive a lease. 413.It Va firewall_enable 414.Pq Vt bool 415Set to 416.Dq Li YES 417to load firewall rules at startup. 418If the kernel was not built with 419.Cd "options IPFIREWALL" , 420the 421.Pa ipfw.ko 422kernel module will be loaded. 423See also 424.Va ipfilter_enable . 425.It Va ipv6_firewall_enable 426.Pq Vt bool 427The IPv6 equivalent of 428.Va firewall_enable . 429Set to 430.Dq Li YES 431to load IPv6 firewall rules at startup. 432If the kernel was not built with 433.Cd "options IPV6FIREWALL" , 434the 435.Pa ipfw.ko 436kernel module will be loaded. 437.It Va firewall_script 438.Pq Vt str 439This variable specifies the full path to the firewall script to run. 440The default is 441.Pa /etc/rc.firewall . 442.It Va ipv6_firewall_script 443.Pq Vt str 444The IPv6 equivalent of 445.Va firewall_script . 446.It Va firewall_type 447.Pq Vt str 448Names the firewall type from the selection in 449.Pa /etc/rc.firewall , 450or the file which contains the local firewall ruleset. 451Valid selections from 452.Pa /etc/rc.firewall 453are: 454.Pp 455.Bl -tag -width ".Li simple" -compact 456.It Li open 457unrestricted IP access 458.It Li closed 459all IP services disabled, except via 460.Dq Li lo0 461.It Li client 462basic protection for a workstation 463.It Li simple 464basic protection for a LAN. 465.El 466.Pp 467If a filename is specified, the full path 468must be given. 469.It Va ipv6_firewall_type 470.Pq Vt str 471The IPv6 equivalent of 472.Va firewall_type . 473.It Va firewall_quiet 474.Pq Vt bool 475Set to 476.Dq Li YES 477to disable the display of firewall rules on the console during boot. 478.It Va ipv6_firewall_quiet 479.Pq Vt bool 480The IPv6 equivalent of 481.Va firewall_quiet . 482.It Va firewall_logging 483.Pq Vt bool 484Set to 485.Dq Li YES 486to enable firewall event logging. 487This is equivalent to the 488.Dv IPFIREWALL_VERBOSE 489kernel option. 490.It Va ipv6_firewall_logging 491.Pq Vt bool 492The IPv6 equivalent of 493.Va firewall_logging . 494.It Va firewall_flags 495.Pq Vt str 496Flags passed to 497.Xr ipfw 8 498if 499.Va firewall_type 500specifies a filename. 501.It Va ipv6_firewall_flags 502.Pq Vt str 503The IPv6 equivalent of 504.Va firewall_flags . 505.\" ----- firewall_nat_enable setting -------------------------------- 506.It Va firewall_nat_enable 507.Pq Vt bool 508The 509.Xr ipfw 8 510equivalent of 511.Va natd_enable . 512Setting this to 513.Dq Li YES 514enables kernel NAT. 515.Va firewall_enable 516must also be set to 517.Dq Li YES . 518.It Va firewall_nat_interface 519.Pq Vt str 520The 521.Xr ipfw 8 522equivalent of 523.Va natd_interface . 524This is the name of the public interface or IP address on which 525kernel NAT should run. 526.It Va firewall_nat_flags 527.Pq Vt str 528Additional configuration parameters for kernel NAT should be placed here. 529.It Va dummynet_enable 530.Pq Vt bool 531Setting this to 532.Dq Li YES 533will automatically load the 534.Xr dummynet 4 535module if 536.Va firewall_enable 537is also set to 538.Dq Li YES . 539.\" ------------------------------------------------------------------- 540.It Va natd_program 541.Pq Vt str 542Path to 543.Xr natd 8 . 544.It Va natd_enable 545.Pq Vt bool 546Set to 547.Dq Li YES 548to enable 549.Xr natd 8 . 550.Va firewall_enable 551must also be set to 552.Dq Li YES , 553and 554.Xr divert 4 555sockets must be enabled in the kernel. 556If the kernel was not built with 557.Cd "options IPDIVERT" , 558the 559.Pa ipdivert.ko 560kernel module will be loaded. 561.It Va natd_interface 562.Pq Vt str 563This is the name of the public interface on which 564.Xr natd 8 565should run. 566The interface may be given as an interface name or as an IP address. 567.It Va natd_flags 568.Pq Vt str 569Additional 570.Xr natd 8 571flags should be placed here. 572The 573.Fl n 574or 575.Fl a 576flag is automatically added with the above 577.Va natd_interface 578as an argument. 579.\" ----- ipfilter_enable setting -------------------------------- 580.It Va ipfilter_enable 581.Pq Vt bool 582Set to 583.Dq Li NO 584by default. 585Setting this to 586.Dq Li YES 587enables 588.Xr ipf 8 589packet filtering. 590.Pp 591Typical usage will require putting 592.Bd -literal 593ipfilter_enable="YES" 594ipnat_enable="YES" 595ipmon_enable="YES" 596ipfs_enable="YES" 597.Ed 598.Pp 599into 600.Pa /etc/rc.conf 601and editing 602.Pa /etc/ipf.rules 603and 604.Pa /etc/ipnat.rules 605appropriately. 606.Pp 607Note that 608.Va ipfilter_enable 609and 610.Va ipnat_enable 611can be enabled independently. 612.Va ipmon_enable 613and 614.Va ipfs_enable 615both require at least one of 616.Va ipfilter_enable 617and 618.Va ipnat_enable 619to be enabled. 620.Pp 621Having 622.Bd -literal 623options IPFILTER 624options IPFILTER_LOG 625options IPFILTER_DEFAULT_BLOCK 626.Ed 627.Pp 628in the kernel configuration file is a good idea, too. 629.\" ----- ipfilter_program setting ------------------------------ 630.It Va ipfilter_program 631.Pq Vt str 632Path to 633.Xr ipf 8 634(default 635.Pa /sbin/ipf ) . 636.\" ----- ipfilter_rules setting -------------------------------- 637.It Va ipfilter_rules 638.Pq Vt str 639Set to 640.Pa /etc/ipf.rules 641by default. 642This variable contains the name of the filter rule definition file. 643The file is expected to be readable for the 644.Xr ipf 8 645command to execute. 646.\" ----- ipv6_ipfilter_rules setting --------------------------- 647.It Va ipv6_ipfilter_rules 648.Pq Vt str 649Set to 650.Pa /etc/ipf6.rules 651by default. 652This variable contains the IPv6 filter rule definition file. 653The file is expected to be readable for the 654.Xr ipf 8 655command to execute. 656.\" ----- ipfilter_flags setting -------------------------------- 657.It Va ipfilter_flags 658.Pq Vt str 659Empty by default. 660This variable contains flags passed to the 661.Xr ipf 8 662program. 663.\" ----- ipnat_enable setting ---------------------------------- 664.It Va ipnat_enable 665.Pq Vt bool 666Set to 667.Dq Li NO 668by default. 669Set it to 670.Dq Li YES 671to enable 672.Xr ipnat 8 673network address translation. 674See 675.Va ipfilter_enable 676for a detailed discussion. 677.\" ----- ipnat_program setting --------------------------------- 678.It Va ipnat_program 679.Pq Vt str 680Path to 681.Xr ipnat 8 682(default 683.Pa /sbin/ipnat ) . 684.\" ----- ipnat_rules setting ----------------------------------- 685.It Va ipnat_rules 686.Pq Vt str 687Set to 688.Pa /etc/ipnat.rules 689by default. 690This variable contains the name of the file 691holding the network address translation definition. 692This file is expected to be readable for the 693.Xr ipnat 8 694command to execute. 695.\" ----- ipnat_flags setting ----------------------------------- 696.It Va ipnat_flags 697.Pq Vt str 698Empty by default. 699This variable contains flags passed to the 700.Xr ipnat 8 701program. 702.\" ----- ipmon_enable setting ---------------------------------- 703.It Va ipmon_enable 704.Pq Vt bool 705Set to 706.Dq Li NO 707by default. 708Set it to 709.Dq Li YES 710to enable 711.Xr ipmon 8 712monitoring (logging 713.Xr ipf 8 714and 715.Xr ipnat 8 716events). 717Setting this variable needs setting 718.Va ipfilter_enable 719or 720.Va ipnat_enable 721too. 722See 723.Va ipfilter_enable 724for a detailed discussion. 725.\" ----- ipmon_program setting --------------------------------- 726.It Va ipmon_program 727.Pq Vt str 728Path to 729.Xr ipmon 8 730(default 731.Pa /sbin/ipmon ) . 732.\" ----- ipmon_flags setting ----------------------------------- 733.It Va ipmon_flags 734.Pq Vt str 735Set to 736.Dq Li -Ds 737by default. 738This variable contains flags passed to the 739.Xr ipmon 8 740program. 741Another typical example would be 742.Dq Fl D Pa /var/log/ipflog 743to have 744.Xr ipmon 8 745log directly to a file bypassing 746.Xr syslogd 8 . 747Make sure to adjust 748.Pa /etc/newsyslog.conf 749in such case like this: 750.Bd -literal 751/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 752.Ed 753.\" ----- ipfs_enable setting ----------------------------------- 754.It Va ipfs_enable 755.Pq Vt bool 756Set to 757.Dq Li NO 758by default. 759Set it to 760.Dq Li YES 761to enable 762.Xr ipfs 8 763saving the filter and NAT state tables during shutdown 764and reloading them during startup again. 765Setting this variable needs setting 766.Va ipfilter_enable 767or 768.Va ipnat_enable 769to 770.Dq Li YES 771too. 772See 773.Va ipfilter_enable 774for a detailed discussion. 775Note that if 776.Va kern_securelevel 777is set to 3, 778.Va ipfs_enable 779cannot be used 780because the raised securelevel will prevent 781.Xr ipfs 8 782from saving the state tables at shutdown time. 783.\" ----- ipfs_program setting ---------------------------------- 784.It Va ipfs_program 785.Pq Vt str 786Path to 787.Xr ipfs 8 788(default 789.Pa /sbin/ipfs ) . 790.\" ----- ipfs_flags setting ------------------------------------ 791.It Va ipfs_flags 792.Pq Vt str 793Empty by default. 794This variable contains flags passed to the 795.Xr ipfs 8 796program. 797.\" ----- end of added ipf hook --------------------------------- 798.It Va pf_enable 799.Pq Vt bool 800Set to 801.Dq Li NO 802by default. 803Setting this to 804.Dq Li YES 805enables 806.Xr pf 4 807packet filtering. 808.Pp 809Typical usage will require putting 810.Pp 811.Dl pf_enable="YES" 812.Pp 813into 814.Pa /etc/rc.conf 815and editing 816.Pa /etc/pf.conf 817appropriately. 818Adding 819.Pp 820.Dl "device pf" 821.Pp 822builds support for 823.Xr pf 4 824into the kernel, otherwise the 825kernel module will be loaded. 826.It Va pf_rules 827.Pq Vt str 828Path to 829.Xr pf 4 830ruleset configuration file 831(default 832.Pa /etc/pf.conf ) . 833.It Va pf_program 834.Pq Vt str 835Path to 836.Xr pfctl 8 837(default 838.Pa /sbin/pfctl ) . 839.It Va pf_flags 840.Pq Vt str 841If 842.Va pf_enable 843is set to 844.Dq Li YES , 845these flags are passed to the 846.Xr pfctl 8 847program when loading the ruleset. 848.It Va pflog_enable 849.Pq Vt bool 850Set to 851.Dq Li NO 852by default. 853Setting this to 854.Dq Li YES 855enables 856.Xr pflogd 8 857which logs packets from the 858.Xr pf 4 859packet filter. 860.It Va pflog_logfile 861.Pq Vt str 862If 863.Va pflog_enable 864is set to 865.Dq Li YES 866this controls where 867.Xr pflogd 8 868stores the logfile 869(default 870.Pa /var/log/pflog ) . 871Check 872.Pa /etc/newsyslog.conf 873to adjust logfile rotation for this. 874.It Va pflog_program 875.Pq Vt str 876Path to 877.Xr pflogd 8 878(default 879.Pa /sbin/pflogd ) . 880.It Va pflog_flags 881.Pq Vt str 882Empty by default. 883This variable contains additional flags passed to the 884.Xr pflogd 8 885program. 886.It Va ftpproxy_enable 887.Pq Vt bool 888Set to 889.Dq Li NO 890by default. 891Setting this to 892.Dq Li YES 893enables 894.Xr ftp-proxy 8 895which supports the 896.Xr pf 4 897packet filter in translating ftp connections. 898.It Va ftpproxy_flags 899.Pq Vt str 900Empty by default. 901This variable contains additional flags passed to the 902.Xr ftp-proxy 8 903program. 904.It Va pfsync_enable 905.Pq Vt bool 906Set to 907.Dq Li NO 908by default. 909Setting this to 910.Dq Li YES 911enables exposing 912.Xr pf 4 913state changes to other hosts over the network by means of 914.Xr pfsync 4 . 915The 916.Va pfsync_syncdev 917variable 918must also be set then. 919.It Va pfsync_syncdev 920.Pq Vt str 921Empty by default. 922This variable specifies the name of the network interface 923.Xr pfsync 4 924should operate through. 925It must be set accordingly if 926.Va pfsync_enable 927is set to 928.Dq Li YES . 929.It Va pfsync_syncpeer 930.Pq Vt str 931Empty by default. 932This variable is optional. 933By default, state change messages are sent out on the synchronisation 934interface using IP multicast packets. 935The protocol is IP protocol 240, PFSYNC, and the multicast group used is 936224.0.0.240. 937When a peer address is specified using the 938.Va pfsync_syncpeer 939option, the peer address is used as a destination for the pfsync 940traffic, and the traffic can then be protected using 941.Xr ipsec 4 . 942See the 943.Xr pfsync 4 944manpage for more details about using 945.Xr ipsec 4 946with 947.Xr pfsync 4 948interfaces. 949.It Va pfsync_ifconfig 950.Pq Vt str 951Empty by default. 952This variable can contain additional options to be passed to the 953.Xr ifconfig 8 954command used to set up 955.Xr pfsync 4 . 956.It Va tcp_extensions 957.Pq Vt bool 958Set to 959.Dq Li YES 960by default. 961Setting this to 962.Dq Li NO 963disables certain TCP options as described by 964.Rs 965.%T "RFC 1323" 966.Re 967Setting this to 968.Dq Li NO 969might help remedy such problems with connections as randomly hanging 970or other weird behavior. 971Some network devices are known 972to be broken with respect to these options. 973.It Va log_in_vain 974.Pq Vt int 975Set to 0 by default. 976The 977.Xr sysctl 8 978variables, 979.Va net.inet.tcp.log_in_vain 980and 981.Va net.inet.udp.log_in_vain , 982as described in 983.Xr tcp 4 984and 985.Xr udp 4 , 986are set to the given value. 987.It Va tcp_keepalive 988.Pq Vt bool 989Set to 990.Dq Li YES 991by default. 992Setting to 993.Dq Li NO 994will disable probing idle TCP connections to verify that the 995peer is still up and reachable. 996.It Va tcp_drop_synfin 997.Pq Vt bool 998Set to 999.Dq Li NO 1000by default. 1001Setting to 1002.Dq Li YES 1003will cause the kernel to ignore TCP frames that have both 1004the SYN and FIN flags set. 1005This prevents OS fingerprinting, but may 1006break some legitimate applications. 1007.It Va icmp_drop_redirect 1008.Pq Vt bool 1009Set to 1010.Dq Li NO 1011by default. 1012Setting to 1013.Dq Li YES 1014will cause the kernel to ignore ICMP REDIRECT packets. 1015Refer to 1016.Xr icmp 4 1017for more information. 1018.It Va icmp_log_redirect 1019.Pq Vt bool 1020Set to 1021.Dq Li NO 1022by default. 1023Setting to 1024.Dq Li YES 1025will cause the kernel to log ICMP REDIRECT packets. 1026Note that 1027the log messages are not rate-limited, so this option should only be used 1028for troubleshooting networks. 1029Refer to 1030.Xr icmp 4 1031for more information. 1032.It Va icmp_bmcastecho 1033.Pq Vt bool 1034Set to 1035.Dq Li YES 1036to respond to broadcast or multicast ICMP ping packets. 1037Refer to 1038.Xr icmp 4 1039for more information. 1040.It Va ip_portrange_first 1041.Pq Vt int 1042If not set to 1043.Dq Li NO , 1044this is the first port in the default portrange. 1045Refer to 1046.Xr ip 4 1047for more information. 1048.It Va ip_portrange_last 1049.Pq Vt int 1050If not set to 1051.Dq Li NO , 1052this is the last port in the default portrange. 1053Refer to 1054.Xr ip 4 1055for more information. 1056.It Va network_interfaces 1057.Pq Vt str 1058Set to the list of network interfaces to configure on this host or 1059.Dq Li AUTO 1060(the default) for all current interfaces. 1061Setting the 1062.Va network_interfaces 1063variable to anything other than the default is deprecated. 1064Interfaces that the administrator wishes to store configuration for, 1065but not start at boot should be configured with the 1066.Dq Li NOAUTO 1067keyword in their 1068.Va ifconfig_ Ns Aq Ar interface 1069variables as described below. 1070.Pp 1071An 1072.Va ifconfig_ Ns Aq Ar interface 1073variable is also assumed to exist for each value of 1074.Ar interface . 1075When an interface name contains any of the characters 1076.Dq Li .-/+ 1077they are translated to 1078.Dq Li _ 1079before lookup. 1080The variable can contain arguments to 1081.Xr ifconfig 8 , 1082as well as special case-insensitive keywords described below. 1083Such keywords are removed before passing the value to 1084.Xr ifconfig 8 1085while the order of the other arguments is preserved. 1086.Pp 1087One can configure more than one IPv4 address with the 1088.Va ipv4_addrs_ Ns Aq Ar interface 1089variable. 1090One or more IP addresses must be provided in Classless Inter-Domain 1091Routing (CIDR) address notation, whose last byte can be a range like 1092192.0.2.5-23/24. 1093In this case the address 192.0.2.5 will be configured with the 1094netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1095the non-conflicting netmask /32 as explained in the 1096.Xr ifconfig 8 1097alias section. 1098With the interface in question being 1099.Li ed0 , 1100an example could look like: 1101.Bd -literal 1102ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28" 1103.Ed 1104.Pp 1105It is also possible to add IP alias entries using 1106.Xr ifconfig 8 1107syntax. 1108Assuming that the interface in question was 1109.Li ed0 , 1110it might look 1111something like this: 1112.Bd -literal 1113ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1114ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1115.Ed 1116.Pp 1117And so on. 1118For each 1119.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1120entry that is found, 1121its contents are passed to 1122.Xr ifconfig 8 . 1123Execution stops at the first unsuccessful access, so if 1124something like this is present: 1125.Bd -literal 1126ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1127ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1128ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1129ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1130.Ed 1131.Pp 1132Then note that alias4 would 1133.Em not 1134be added since the search would 1135stop with the missing 1136.Dq Li alias3 1137entry. 1138Due to this difficult to manage behavior, the 1139.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1140form is deprecated. 1141.Pp 1142If the 1143.Pa /etc/start_if. Ns Aq Ar interface 1144file is present, it is read and executed by the 1145.Xr sh 1 1146interpreter 1147before configuring the interface as specified in the 1148.Va ifconfig_ Ns Aq Ar interface 1149and 1150.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1151variables. 1152.Pp 1153If a 1154.Va wlans_ Ns Aq Ar interface 1155variable is set, 1156an 1157.Xr wlan 4 1158interface will be created for each item in the list with the 1159.Ar wlandev 1160argument set to 1161.Ar interface . 1162Further wlan cloning arguments may be passed to the 1163.Xr ifconfig 8 1164.Cm create 1165command by setting the 1166.Va create_args_ Ns Aq Ar interface 1167variable. 1168One or more 1169.Xr wlan 4 1170devices must be created for each wireless devices as of 1171.Fx 8.0 . 1172Debugging flags for 1173.Xr wlan 4 1174devices as set by 1175.Xr wlandebug 8 1176may be specified with an 1177.Va wlandebug_ Ns Aq Ar interface 1178variable. 1179The contents of this variable will be passed directly to 1180.Xr wlandebug 8 . 1181.Pp 1182If the 1183.Va ifconfig_ Ns Aq Ar interface 1184contains the keyword 1185.Dq Li NOAUTO 1186then the interface will not be configured 1187at boot or by 1188.Pa /etc/pccard_ether 1189when 1190.Va network_interfaces 1191is set to 1192.Dq Li AUTO . 1193.Pp 1194It is possible to bring up an interface with DHCP by adding 1195.Dq Li DHCP 1196to the 1197.Va ifconfig_ Ns Aq Ar interface 1198variable. 1199For instance, to initialize the 1200.Li ed0 1201device via DHCP, 1202it is possible to use something like: 1203.Bd -literal 1204ifconfig_ed0="DHCP" 1205.Ed 1206.Pp 1207Also, if you want to configure your wireless interface with 1208.Xr wpa_supplicant 8 1209for use with WPA, EAP/LEAP or WEP, you need to add 1210.Dq Li WPA 1211to the 1212.Va ifconfig_ Ns Aq Ar interface 1213variable. 1214.Pp 1215Finally, you can add 1216.Xr ifconfig 8 1217options in this variable, in addition to the 1218.Pa /etc/start_if. Ns Aq Ar interface 1219file. 1220For instance, configure an 1221.Xr ath 4 1222wireless device in station mode with an address obtained 1223via DHCP, using WPA authentication and 802.11b mode, it is 1224possible to use something like: 1225.Bd -literal 1226wlans_ath0="wlan0" 1227ifconfig_wlan0="DHCP WPA mode 11b" 1228.Ed 1229.Pp 1230In addition to the 1231.Va ifconfig_ Ns Aq Ar interface 1232form, a fallback variable 1233.Va ifconfig_DEFAULT 1234may be configured. 1235It will be used for all interfaces with no 1236.Va ifconfig_ Ns Aq Ar interface 1237variable. 1238This is intended to replace the no longer supported 1239.Va pccard_ifconfig 1240variable. 1241.Pp 1242It is also possible to rename interface by doing: 1243.Bd -literal 1244ifconfig_ed0_name="net0" 1245ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1246.Ed 1247.It Va ipv6_network_interfaces 1248.Pq Vt str 1249This is the IPv6 equivalent of 1250.Va network_interfaces . 1251Instead of setting the ifconfig variables as 1252.Va ifconfig_ Ns Aq Ar interface 1253they should be set as 1254.Va ipv6_ifconfig_ Ns Aq Ar interface . 1255Aliases should be set as 1256.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1257.Va ipv6_prefix_ Ns Aq Ar interface 1258does something. 1259Interfaces that do not have a 1260.Va ipv6_ifconfig_ Ns Aq Ar interface 1261setting will be auto configured by 1262.Xr rtsol 8 1263if the 1264.Va ipv6_gateway_enable 1265is set to 1266.Dq Li NO . 1267Note that the IPv6 networking code does not support the 1268.Pa /etc/start_if. Ns Aq Ar interface 1269files. 1270.It Va ipv6_default_interface 1271.Pq Vt str 1272If not set to 1273.Dq Li NO , 1274this is the default output interface for scoped addresses. 1275Now this works only for IPv6 link local multicast addresses. 1276.It Va cloned_interfaces 1277.Pq Vt str 1278Set to the list of clonable network interfaces to create on this host. 1279Entries in 1280.Va cloned_interfaces 1281are automatically appended to 1282.Va network_interfaces 1283for configuration. 1284.It Va fec_interfaces 1285.Pq Vt str 1286Set to the list of 1287.Xr ng_fec 4 1288Fast EtherChannel interfaces to configure on this host. 1289A 1290.Va fecconfig_ Ns Aq Ar interface 1291variable is assumed to exist for each value of 1292.Ar interface . 1293The value of this variable is used to configure link aggregated interfaces 1294according to the syntax of the 1295.Cm NGM_FEC_ADD_IFACE 1296to 1297.Xr ngctl 8 1298msg. 1299Additionally, this option ensures that each listed interface is created 1300via the 1301.Cm mkpeer 1302command to 1303.Xr ngctl 8 1304before attempting to configure it. 1305For example: 1306.Bd -literal 1307fec_interfaces="fec0" 1308fecconfig_fec0="em0 em1" 1309ifconfig_fec0="DHCP" 1310.Ed 1311.It Va gif_interfaces 1312.Pq Vt str 1313Set to the list of 1314.Xr gif 4 1315tunnel interfaces to configure on this host. 1316A 1317.Va gifconfig_ Ns Aq Ar interface 1318variable is assumed to exist for each value of 1319.Ar interface . 1320The value of this variable is used to configure the link layer of the 1321tunnel according to the syntax of the 1322.Cm tunnel 1323option to 1324.Xr ifconfig 8 . 1325Additionally, this option ensures that each listed interface is created 1326via the 1327.Cm create 1328option to 1329.Xr ifconfig 8 1330before attempting to configure it. 1331.It Va sppp_interfaces 1332.Pq Vt str 1333Set to the list of 1334.Xr sppp 4 1335interfaces to configure on this host. 1336A 1337.Va spppconfig_ Ns Aq Ar interface 1338variable is assumed to exist for each value of 1339.Ar interface . 1340Each interface should also be configured by a general 1341.Va ifconfig_ Ns Aq Ar interface 1342setting. 1343Refer to 1344.Xr spppcontrol 8 1345for more information about available options. 1346.It Va ppp_enable 1347.Pq Vt bool 1348If set to 1349.Dq Li YES , 1350run the 1351.Xr ppp 8 1352daemon. 1353.It Va ppp_profile 1354.Pq Vt str 1355The name of the profile to use from 1356.Pa /etc/ppp/ppp.conf . 1357Also used for per-profile overrides of 1358.Va ppp_mode 1359and 1360.Va ppp_nat , 1361and 1362.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1363When the profile name contains any of the characters 1364.Dq Li .-/+ 1365they are translated to 1366.Dq Li _ 1367for the proposes of the override variable names. 1368.It Va ppp_mode 1369.Pq Vt str 1370Mode in which to run the 1371.Xr ppp 8 1372daemon. 1373.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1374.Pq Vt str 1375Overrides the global 1376.Va ppp_mode 1377for 1378.Ar profile . 1379Accepted modes are 1380.Dq Li auto , 1381.Dq Li ddial , 1382.Dq Li direct 1383and 1384.Dq Li dedicated . 1385See the manual for a full description. 1386.It Va ppp_nat 1387.Pq Vt bool 1388If set to 1389.Dq Li YES , 1390enables network address translation. 1391Used in conjunction with 1392.Va gateway_enable 1393allows hosts on private network addresses access to the Internet using 1394this host as a network address translating router. 1395.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1396.Pq Vt str 1397Overrides the global 1398.Va ppp_nat 1399for 1400.Ar profile . 1401.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1402.Pq Vt int 1403Set the unit number to be used for this profile. 1404See the manual description of 1405.Fl unit Ns Ar N 1406for details. 1407.It Va ppp_user 1408.Pq Vt str 1409The name of the user under which 1410.Xr ppp 8 1411should be started. 1412By 1413default, 1414.Xr ppp 8 1415is started as 1416.Dq Li root . 1417.It Va rc_conf_files 1418.Pq Vt str 1419This option is used to specify a list of files that will override 1420the settings in 1421.Pa /etc/defaults/rc.conf . 1422The files will be read in the order in which they are specified and should 1423include the full path to the file. 1424By default, the files specified are 1425.Pa /etc/rc.conf 1426and 1427.Pa /etc/rc.conf.local 1428.It Va zfs_enable 1429.Pq Vt bool 1430If set to 1431.Dq Li YES , 1432.Pa /etc/rc.d/zfs 1433will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1434(ZVOLs). 1435.It Va gbde_autoattach_all 1436.Pq Vt bool 1437If set to 1438.Dq Li YES , 1439.Pa /etc/rc.d/gbde 1440will attempt to automatically initialize your .bde devices in 1441.Pa /etc/fstab . 1442.It Va gbde_devices 1443.Pq Vt str 1444List the devices that the script should try to attach, 1445or 1446.Dq Li AUTO . 1447.It Va gbde_lockdir 1448.Pq Vt str 1449The directory where the 1450.Xr gbde 4 1451lockfiles are located. 1452The default lockfile directory is 1453.Pa /etc . 1454.Pp 1455The lockfile for each individual 1456.Xr gbde 4 1457device can be overridden by setting the variable 1458.Va gbde_lock_ Ns Aq Ar device , 1459where 1460.Ar device 1461is the encrypted device without the 1462.Dq Pa /dev/ 1463and 1464.Dq Pa .bde 1465parts. 1466.It Va gbde_attach_attempts 1467.Pq Vt int 1468Number of times to attempt attaching to a 1469.Xr gbde 4 1470device, i.e., how many times the user is asked for the pass-phrase. 1471Default is 3. 1472.It Va geli_devices 1473.Pq Vt str 1474List of devices to automatically attach on boot. 1475Note that .eli devices from 1476.Pa /etc/fstab 1477are automatically appended to this list. 1478.It Va geli_tries 1479.Pq Vt int 1480Number of times user is asked for the pass-phrase. 1481If empty, it will be taken from 1482.Va kern.geom.eli.tries 1483sysctl variable. 1484.It Va geli_default_flags 1485.Pq Vt str 1486Default flags to use by 1487.Xr geli 8 1488when configuring disk encryption. 1489Flags can be configured for every device separately by defining 1490.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1491variable. 1492.It Va geli_autodetach 1493.Pq Vt str 1494Specifies if GELI devices should be marked for detach on last close after 1495file systems are mounted. 1496Default is 1497.Dq Li YES . 1498This can be changed for every device separately by defining 1499.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1500variable. 1501.It Va geli_swap_flags 1502Options passed to the 1503.Xr geli 8 1504utility when encrypted GEOM providers for swap partitions are created. 1505The default is 1506.Dq Li "-a aes -l 256 -s 4096 -d" . 1507.It Va root_rw_mount 1508.Pq Vt bool 1509Set to 1510.Dq Li YES 1511by default. 1512After the file systems are checked at boot time, the root file system 1513is remounted as read-write if this is set to 1514.Dq Li YES . 1515Diskless systems that mount their root file system from a read-only remote 1516NFS share should set this to 1517.Dq Li NO 1518in their 1519.Pa rc.conf . 1520.It Va fsck_y_enable 1521.Pq Vt bool 1522If set to 1523.Dq Li YES , 1524.Xr fsck 8 1525will be run with the 1526.Fl y 1527flag if the initial preen 1528of the file systems fails. 1529.It Va background_fsck 1530.Pq Vt bool 1531If set to 1532.Dq Li YES , 1533the system will attempt to run 1534.Xr fsck 8 1535in the background where possible. 1536.It Va background_fsck_delay 1537.Pq Vt int 1538The amount of time in seconds to sleep before starting a background 1539.Xr fsck 8 . 1540It defaults to sixty seconds to allow large applications such as 1541the X server to start before disk I/O bandwidth is monopolized by 1542.Xr fsck 8 . 1543If set to a negative number, the background file system check will be 1544delayed indefinitely to allow the administrator to run it at a more 1545convenient time. 1546For example it may be run from 1547.Xr cron 8 1548by adding a line like 1549.Pp 1550.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1551.Pp 1552to 1553.Pa /etc/crontab . 1554.It Va netfs_types 1555.Pq Vt str 1556List of file system types that are network-based. 1557This list should generally not be modified by end users. 1558Use 1559.Va extra_netfs_types 1560instead. 1561.It Va extra_netfs_types 1562.Pq Vt str 1563If set to something other than 1564.Dq Li NO 1565(the default), 1566this variable extends the list of file system types 1567for which automatic mounting at startup by 1568.Xr rc 8 1569should be delayed until the network is initialized. 1570It should contain 1571a whitespace-separated list of network file system descriptor pairs, 1572each consisting of a file system type as passed to 1573.Xr mount 8 1574and a human-readable, one-word description, 1575joined with a colon 1576.Pq Ql \&: . 1577Extending the default list in this way is only necessary 1578when third party file system types are used. 1579.It Va syslogd_enable 1580.Pq Vt bool 1581If set to 1582.Dq Li YES , 1583run the 1584.Xr syslogd 8 1585daemon. 1586.It Va syslogd_program 1587.Pq Vt str 1588Path to 1589.Xr syslogd 8 1590(default 1591.Pa /usr/sbin/syslogd ) . 1592.It Va syslogd_flags 1593.Pq Vt str 1594If 1595.Va syslogd_enable 1596is set to 1597.Dq Li YES , 1598these are the flags to pass to 1599.Xr syslogd 8 . 1600.It Va inetd_enable 1601.Pq Vt bool 1602If set to 1603.Dq Li YES , 1604run the 1605.Xr inetd 8 1606daemon. 1607.It Va inetd_program 1608.Pq Vt str 1609Path to 1610.Xr inetd 8 1611(default 1612.Pa /usr/sbin/inetd ) . 1613.It Va inetd_flags 1614.Pq Vt str 1615If 1616.Va inetd_enable 1617is set to 1618.Dq Li YES , 1619these are the flags to pass to 1620.Xr inetd 8 . 1621.It Va named_enable 1622.Pq Vt bool 1623If set to 1624.Dq Li YES , 1625run the 1626.Xr named 8 1627daemon. 1628.It Va named_program 1629.Pq Vt str 1630Path to 1631.Xr named 8 1632(default 1633.Pa /usr/sbin/named ) . 1634.It Va named_flags 1635.Pq Vt str 1636If 1637.Va named_enable 1638is set to 1639.Dq Li YES , 1640these are the flags to pass to 1641.Xr named 8 . 1642.It Va named_pidfile 1643.Pq Vt str 1644This is the default path to the 1645.Xr named 8 1646daemon's PID file. 1647This must match the location in 1648.Xr named.conf 5 . 1649.It Va named_uid 1650.Pq Vt str 1651The user that the 1652.Xr named 8 1653process should be run as. 1654.It Va named_chrootdir 1655.Pq Vt str 1656The root directory for a name server run in a 1657.Xr chroot 8 1658environment (default 1659.Pa /var/named ) . 1660If left empty 1661.Xr named 8 1662will not be run in a 1663.Xr chroot 8 1664environment. 1665.It Va named_chroot_autoupdate 1666.Pq Vt bool 1667Set to 1668.Dq Li NO 1669to disable automatic update of the 1670.Xr chroot 8 1671environment. 1672.It Va named_symlink_enable 1673.Pq Vt bool 1674Set to 1675.Dq Li NO 1676to disable symlinking of 1677daemon's PID file 1678into the 1679.Xr chroot 8 1680environment. 1681.It Va kerberos5_server_enable 1682.Pq Vt bool 1683Set to 1684.Dq Li YES 1685to start a Kerberos 5 authentication server 1686at boot time. 1687.It Va kerberos5_server 1688.Pq Vt str 1689If 1690.Va kerberos5_server_enable 1691is set to 1692.Dq Li YES 1693this is the path to Kerberos 5 Authentication Server. 1694.It Va kerberos5_server_flags 1695.Pq Vt str 1696Empty by default. 1697This variable contains additional flags to be passed to the Kerberos 5 1698authentication server. 1699.It Va kadmind5_server_enable 1700.Pq Vt bool 1701Set to 1702.Dq Li YES 1703to start 1704.Xr kadmind 8 , 1705the Kerberos 5 Administration Daemon; set to 1706.Dq Li NO 1707on a slave server. 1708.It Va kadmind5_server 1709.Pq Vt str 1710If 1711.Va kadmind5_server_enable 1712is set to 1713.Dq Li YES 1714this is the path to Kerberos 5 Administration Daemon. 1715.It Va kpasswdd_server_enable 1716.Pq Vt bool 1717Set to 1718.Dq Li YES 1719to start 1720.Xr kpasswdd 8 , 1721the Kerberos 5 Password-Changing Daemon; set to 1722.Dq Li NO 1723on a slave server. 1724.It Va kpasswdd_server 1725.Pq Vt str 1726If 1727.Va kpasswdd_server_enable 1728is set to 1729.Dq Li YES 1730this is the path to Kerberos 5 Password-Changing Daemon. 1731.It Va rwhod_enable 1732.Pq Vt bool 1733If set to 1734.Dq Li YES , 1735run the 1736.Xr rwhod 8 1737daemon at boot time. 1738.It Va rwhod_flags 1739.Pq Vt str 1740If 1741.Va rwhod_enable 1742is set to 1743.Dq Li YES , 1744these are the flags to pass to it. 1745.It Va amd_enable 1746.Pq Vt bool 1747If set to 1748.Dq Li YES , 1749run the 1750.Xr amd 8 1751daemon at boot time. 1752.It Va amd_flags 1753.Pq Vt str 1754If 1755.Va amd_enable 1756is set to 1757.Dq Li YES , 1758these are the flags to pass to it. 1759See the 1760.Xr amd 8 1761manpage for more information. 1762.It Va amd_map_program 1763.Pq Vt str 1764If set, 1765the specified program is run to get the list of 1766.Xr amd 8 1767maps. 1768For example, if the 1769.Xr amd 8 1770maps are stored in NIS, one can set this to 1771run 1772.Xr ypcat 1 1773to get a list of 1774.Xr amd 8 1775maps from the 1776.Pa amd.master 1777NIS map. 1778.It Va update_motd 1779.Pq Vt bool 1780If set to 1781.Dq Li YES , 1782.Pa /etc/motd 1783will be updated at boot time to reflect the kernel release 1784being run. 1785If set to 1786.Dq Li NO , 1787.Pa /etc/motd 1788will not be updated. 1789.It Va nfs_client_enable 1790.Pq Vt bool 1791If set to 1792.Dq Li YES , 1793run the NFS client daemons at boot time. 1794.It Va nfs_access_cache 1795.Pq Vt int 1796If 1797.Va nfs_client_enable 1798is set to 1799.Dq Li YES , 1800this can be set to 1801.Dq Li 0 1802to disable NFS ACCESS RPC caching, or to the number of seconds for which 1803NFS ACCESS 1804results should be cached. 1805A value of 2-10 seconds will substantially reduce network 1806traffic for many NFS operations. 1807.It Va nfs_server_enable 1808.Pq Vt bool 1809If set to 1810.Dq Li YES , 1811run the NFS server daemons at boot time. 1812.It Va nfs_server_flags 1813.Pq Vt str 1814If 1815.Va nfs_server_enable 1816is set to 1817.Dq Li YES , 1818these are the flags to pass to the 1819.Xr nfsd 8 1820daemon. 1821.It Va idmapd_enable 1822.Pq Vt bool 1823If set to 1824.Dq Li YES , 1825run the ID mapping daemon for NFS version 4. 1826.It Va idmapd_flags 1827.Pq Vt str 1828If 1829.Va idmapd_enable 1830is set to 1831.Dq Li YES , 1832these are the flags to pass to the 1833.Xr idmapd 8 1834daemon. 1835.It Va mountd_enable 1836.Pq Vt bool 1837If set to 1838.Dq Li YES , 1839and no 1840.Va nfs_server_enable 1841is set, start 1842.Xr mountd 8 , 1843but not 1844.Xr nfsd 8 1845daemon. 1846It is commonly needed to run CFS without real NFS used. 1847.It Va mountd_flags 1848.Pq Vt str 1849If 1850.Va mountd_enable 1851is set to 1852.Dq Li YES , 1853these are the flags to pass to the 1854.Xr mountd 8 1855daemon. 1856.It Va weak_mountd_authentication 1857.Pq Vt bool 1858If set to 1859.Dq Li YES , 1860allow services like PCNFSD to make non-privileged mount 1861requests. 1862.It Va nfs_reserved_port_only 1863.Pq Vt bool 1864If set to 1865.Dq Li YES , 1866provide NFS services only on a secure port. 1867.It Va nfs_bufpackets 1868.Pq Vt int 1869If set to a number, indicates the number of packets worth of 1870socket buffer space to reserve on an NFS client. 1871The kernel default is typically 4. 1872Using a higher number may be 1873useful on gigabit networks to improve performance. 1874The minimum value is 18752 and the maximum is 64. 1876.It Va rpc_lockd_enable 1877.Pq Vt bool 1878If set to 1879.Dq Li YES 1880and also an NFS server or client, run 1881.Xr rpc.lockd 8 1882at boot time. 1883.It Va rpc_lockd_flags 1884.Pq Vt str 1885If 1886.Va rpc_lockd_enable 1887is set to 1888.Dq Li YES , 1889these are the flags to pass to the 1890.Xr rpc.lockd 8 1891daemon. 1892.It Va rpc_statd_enable 1893.Pq Vt bool 1894If set to 1895.Dq Li YES 1896and also an NFS server or client, run 1897.Xr rpc.statd 8 1898at boot time. 1899.It Va rpc_statd_flags 1900.Pq Vt str 1901If 1902.Va rpc_statd_enable 1903is set to 1904.Dq Li YES , 1905these are the flags to pass to the 1906.Xr rpc.statd 8 1907daemon. 1908.It Va rpcbind_program 1909.Pq Vt str 1910Path to 1911.Xr rpcbind 8 1912(default 1913.Pa /usr/sbin/rpcbind ) . 1914.It Va rpcbind_enable 1915.Pq Vt bool 1916If set to 1917.Dq Li YES , 1918run the 1919.Xr rpcbind 8 1920service at boot time. 1921.It Va rpcbind_flags 1922.Pq Vt str 1923If 1924.Va rpcbind_enable 1925is set to 1926.Dq Li YES , 1927these are the flags to pass to the 1928.Xr rpcbind 8 1929daemon. 1930.It Va keyserv_enable 1931.Pq Vt bool 1932If set to 1933.Dq Li YES , 1934run the 1935.Xr keyserv 8 1936daemon on boot for running Secure RPC. 1937.It Va keyserv_flags 1938.Pq Vt str 1939If 1940.Va keyserv_enable 1941is set to 1942.Dq Li YES , 1943these are the flags to pass to 1944.Xr keyserv 8 1945daemon. 1946.It Va pppoed_enable 1947.Pq Vt bool 1948If set to 1949.Dq Li YES , 1950run the 1951.Xr pppoed 8 1952daemon at boot time to provide PPP over Ethernet services. 1953.It Va pppoed_ Ns Aq Ar provider 1954.Pq Vt str 1955.Xr pppoed 8 1956listens to requests to this 1957.Ar provider 1958and ultimately runs 1959.Xr ppp 8 1960with a 1961.Ar system 1962argument of the same name. 1963.It Va pppoed_flags 1964.Pq Vt str 1965Additional flags to pass to 1966.Xr pppoed 8 . 1967.It Va pppoed_interface 1968.Pq Vt str 1969The network interface to run 1970.Xr pppoed 8 1971on. 1972This is mandatory when 1973.Va pppoed_enable 1974is set to 1975.Dq Li YES . 1976.It Va timed_enable 1977.Pq Vt bool 1978If set to 1979.Dq Li YES , 1980run the 1981.Xr timed 8 1982service at boot time. 1983This command is intended for networks of 1984machines where a consistent 1985.Dq "network time" 1986for all hosts must be established. 1987This is often useful in large NFS 1988environments where time stamps on files are expected to be consistent 1989network-wide. 1990.It Va timed_flags 1991.Pq Vt str 1992If 1993.Va timed_enable 1994is set to 1995.Dq Li YES , 1996these are the flags to pass to the 1997.Xr timed 8 1998service. 1999.It Va ntpdate_enable 2000.Pq Vt bool 2001If set to 2002.Dq Li YES , 2003run 2004.Xr ntpdate 8 2005at system startup. 2006This command is intended to 2007synchronize the system clock only 2008.Em once 2009from some standard reference. 2010An option to set this up initially 2011(from a list of known servers) is also provided by the 2012.Xr sysinstall 8 2013program when the system is first installed. 2014.It Va ntpdate_config 2015.Pq Vt str 2016Configuration file for 2017.Xr ntpdate 8 . 2018Default 2019.Pa /etc/ntp.conf . 2020.It Va ntpdate_hosts 2021.Pq Vt str 2022A whitespace-separated list of NTP servers to synchronize with at startup. 2023The default is to use the servers listed in 2024.Va ntpdate_config , 2025if that file exists. 2026.It Va ntpdate_program 2027.Pq Vt str 2028Path to 2029.Xr ntpdate 8 2030(default 2031.Pa /usr/sbin/ntpdate ) . 2032.It Va ntpdate_flags 2033.Pq Vt str 2034If 2035.Va ntpdate_enable 2036is set to 2037.Dq Li YES , 2038these are the flags to pass to the 2039.Xr ntpdate 8 2040command (typically a hostname). 2041.It Va ntpd_enable 2042.Pq Vt bool 2043If set to 2044.Dq Li YES , 2045run the 2046.Xr ntpd 8 2047command at boot time. 2048.It Va ntpd_program 2049.Pq Vt str 2050Path to 2051.Xr ntpd 8 2052(default 2053.Pa /usr/sbin/ntpd ) . 2054.It Va ntpd_config 2055.Pq Vt str 2056Path to 2057.Xr ntpd 8 2058configuration file. 2059Default 2060.Pa /etc/ntp.conf . 2061.It Va ntpd_flags 2062.Pq Vt str 2063If 2064.Va ntpd_enable 2065is set to 2066.Dq Li YES , 2067these are the flags to pass to the 2068.Xr ntpd 8 2069daemon. 2070.It Va ntpd_sync_on_start 2071.Pq Vt bool 2072If set to 2073.Dq Li YES , 2074.Xr ntpd 8 2075is run with the 2076.Fl g 2077flag, which syncs the system's clock on startup. 2078See 2079.Xr ntpd 8 2080for more information regarding the 2081.Fl g 2082option. 2083This is a preferred alternative to using 2084.Xr ntpdate 8 2085or specifying the 2086.Va ntpdate_enable 2087variable. 2088.It Va nis_client_enable 2089.Pq Vt bool 2090If set to 2091.Dq Li YES , 2092run the 2093.Xr ypbind 8 2094service at system boot time. 2095.It Va nis_client_flags 2096.Pq Vt str 2097If 2098.Va nis_client_enable 2099is set to 2100.Dq Li YES , 2101these are the flags to pass to the 2102.Xr ypbind 8 2103service. 2104.It Va nis_ypset_enable 2105.Pq Vt bool 2106If set to 2107.Dq Li YES , 2108run the 2109.Xr ypset 8 2110daemon at system boot time. 2111.It Va nis_ypset_flags 2112.Pq Vt str 2113If 2114.Va nis_ypset_enable 2115is set to 2116.Dq Li YES , 2117these are the flags to pass to the 2118.Xr ypset 8 2119daemon. 2120.It Va nis_server_enable 2121.Pq Vt bool 2122If set to 2123.Dq Li YES , 2124run the 2125.Xr ypserv 8 2126daemon at system boot time. 2127.It Va nis_server_flags 2128.Pq Vt str 2129If 2130.Va nis_server_enable 2131is set to 2132.Dq Li YES , 2133these are the flags to pass to the 2134.Xr ypserv 8 2135daemon. 2136.It Va nis_ypxfrd_enable 2137.Pq Vt bool 2138If set to 2139.Dq Li YES , 2140run the 2141.Xr rpc.ypxfrd 8 2142daemon at system boot time. 2143.It Va nis_ypxfrd_flags 2144.Pq Vt str 2145If 2146.Va nis_ypxfrd_enable 2147is set to 2148.Dq Li YES , 2149these are the flags to pass to the 2150.Xr rpc.ypxfrd 8 2151daemon. 2152.It Va nis_yppasswdd_enable 2153.Pq Vt bool 2154If set to 2155.Dq Li YES , 2156run the 2157.Xr rpc.yppasswdd 8 2158daemon at system boot time. 2159.It Va nis_yppasswdd_flags 2160.Pq Vt str 2161If 2162.Va nis_yppasswdd_enable 2163is set to 2164.Dq Li YES , 2165these are the flags to pass to the 2166.Xr rpc.yppasswdd 8 2167daemon. 2168.It Va rpc_ypupdated_enable 2169.Pq Vt bool 2170If set to 2171.Dq Li YES , 2172run the 2173.Nm rpc.ypupdated 2174daemon at system boot time. 2175.It Va bsnmpd_enable 2176.Pq Vt bool 2177If set to 2178.Dq Li YES , 2179run the 2180.Xr bsnmpd 1 2181daemon at system boot time. 2182Be sure to understand the security implications of running SNMP daemon 2183on your host. 2184.It Va bsnmpd_flags 2185.Pq Vt str 2186If 2187.Va bsnmpd_enable 2188is set to 2189.Dq Li YES , 2190these are the flags to pass to the 2191.Xr bsnmpd 1 2192daemon. 2193.It Va defaultrouter 2194.Pq Vt str 2195If not set to 2196.Dq Li NO , 2197create a default route to this host name or IP address 2198(use an IP address if this router is also required to get to the 2199name server!). 2200.It Va ipv6_defaultrouter 2201.Pq Vt str 2202The IPv6 equivalent of 2203.Va defaultrouter . 2204.It Va static_routes 2205.Pq Vt str 2206Set to the list of static routes that are to be added at system 2207boot time. 2208If not set to 2209.Dq Li NO 2210then for each whitespace separated 2211.Ar element 2212in the value, a 2213.Va route_ Ns Aq Ar element 2214variable is assumed to exist 2215whose contents will later be passed to a 2216.Dq Nm route Cm add 2217operation. 2218For example: 2219.Bd -literal 2220static_routes="mcast gif0local" 2221route_mcast="-net 224.0.0.0/4 -iface gif0" 2222route_gif0local="-host 169.254.1.1 -iface lo0" 2223.Ed 2224.It Va ipv6_static_routes 2225.Pq Vt str 2226The IPv6 equivalent of 2227.Va static_routes . 2228If not set to 2229.Dq Li NO 2230then for each whitespace separated 2231.Ar element 2232in the value, a 2233.Va ipv6_route_ Ns Aq Ar element 2234variable is assumed to exist 2235whose contents will later be passed to a 2236.Dq Nm route Cm add Fl inet6 2237operation. 2238.It Va natm_static_routes 2239.Pq Vt str 2240The 2241.Xr natmip 4 2242equivalent of 2243.Va static_routes . 2244If not empty then for each whitespace separated 2245.Ar element 2246in the value, a 2247.Va route_ Ns Aq Ar element 2248variable is assumed to exist whose contents will later be passed to a 2249.Dq Nm atmconfig Cm natm Cm add 2250operation. 2251.It Va gateway_enable 2252.Pq Vt bool 2253If set to 2254.Dq Li YES , 2255configure host to act as an IP router, e.g.\& to forward packets 2256between interfaces. 2257.It Va ipv6_gateway_enable 2258.Pq Vt bool 2259The IPv6 equivalent of 2260.Va gateway_enable . 2261.It Va router_enable 2262.Pq Vt bool 2263If set to 2264.Dq Li YES , 2265run a routing daemon of some sort, based on the 2266settings of 2267.Va router 2268and 2269.Va router_flags . 2270.It Va ipv6_router_enable 2271.Pq Vt bool 2272The IPv6 equivalent of 2273.Va router_enable . 2274If set to 2275.Dq Li YES , 2276run a routing daemon of some sort, based on the 2277settings of 2278.Va ipv6_router 2279and 2280.Va ipv6_router_flags . 2281.It Va router 2282.Pq Vt str 2283If 2284.Va router_enable 2285is set to 2286.Dq Li YES , 2287this is the name of the routing daemon to use. 2288.It Va ipv6_router 2289.Pq Vt str 2290The IPv6 equivalent of 2291.Va router . 2292.It Va router_flags 2293.Pq Vt str 2294If 2295.Va router_enable 2296is set to 2297.Dq Li YES , 2298these are the flags to pass to the routing daemon. 2299.It Va ipv6_router_flags 2300.Pq Vt str 2301The IPv6 equivalent of 2302.Va router_flags . 2303.It Va mrouted_enable 2304.Pq Vt bool 2305If set to 2306.Dq Li YES , 2307run the multicast routing daemon, 2308.Xr mrouted 8 . 2309.It Va mroute6d_enable 2310.Pq Vt bool 2311The IPv6 equivalent of 2312.Va mrouted_enable . 2313If set to 2314.Dq Li YES , 2315run the IPv6 multicast routing daemon. 2316.Pp 2317Note that multicast routing daemons are no longer included in the 2318.Fx 2319base system, however, both 2320.Xr mrouted 8 2321and 2322.Xr pim6dd 8 2323may be installed from the 2324.Fx 2325Ports Collection. 2326.It Va mrouted_flags 2327.Pq Vt str 2328If 2329.Va mrouted_enable 2330is set to 2331.Dq Li YES , 2332these are the flags to pass to the 2333.Xr mrouted 8 2334daemon. 2335.It Va mroute6d_flags 2336.Pq Vt str 2337The IPv6 equivalent of 2338.Va mrouted_flags . 2339If 2340.Va mroute6d_enable 2341is set to 2342.Dq Li YES , 2343these are the flags passed to the IPv6 multicast routing daemon. 2344.It Va mroute6d_program 2345.Pq Vt str 2346If 2347.Va mroute6d_enable 2348is set to 2349.Dq Li YES , 2350this is the path to the IPv6 multicast routing daemon. 2351.It Va rtadvd_enable 2352.Pq Vt bool 2353If set to 2354.Dq Li YES , 2355run the 2356.Xr rtadvd 8 2357daemon at boot time. 2358.Xr rtadvd 8 2359will only run if 2360.Va ipv6_gateway_enable 2361is also set to 2362.Dq Li YES . 2363The 2364.Xr rtadvd 8 2365utility sends router advertisement packets to the interfaces specified in 2366.Va rtadvd_interfaces 2367and should only be enabled with great care. 2368You may want to fine-tune 2369.Xr rtadvd.conf 5 . 2370.It Va rtadvd_interfaces 2371.Pq Vt str 2372If 2373.Va rtadvd_enable 2374is set to 2375.Dq Li YES 2376this is the list of interfaces to use. 2377.It Va ipxgateway_enable 2378.Pq Vt bool 2379If set to 2380.Dq Li YES , 2381enable the routing of IPX traffic. 2382.It Va ipxrouted_enable 2383.Pq Vt bool 2384If set to 2385.Dq Li YES , 2386run the 2387.Xr IPXrouted 8 2388daemon at system boot time. 2389.It Va ipxrouted_flags 2390.Pq Vt str 2391If 2392.Va ipxrouted_enable 2393is set to 2394.Dq Li YES , 2395these are the flags to pass to the 2396.Xr IPXrouted 8 2397daemon. 2398.It Va arpproxy_all 2399.Pq Vt bool 2400If set to 2401.Dq Li YES , 2402enable global proxy ARP. 2403.It Va forward_sourceroute 2404.Pq Vt bool 2405If set to 2406.Dq Li YES 2407and 2408.Va gateway_enable 2409is also set to 2410.Dq Li YES , 2411source-routed packets are forwarded. 2412.It Va accept_sourceroute 2413.Pq Vt bool 2414If set to 2415.Dq Li YES , 2416the system will accept source-routed packets directed at it. 2417.It Va rarpd_enable 2418.Pq Vt bool 2419If set to 2420.Dq Li YES , 2421run the 2422.Xr rarpd 8 2423daemon at system boot time. 2424.It Va rarpd_flags 2425.Pq Vt str 2426If 2427.Va rarpd_enable 2428is set to 2429.Dq Li YES , 2430these are the flags to pass to the 2431.Xr rarpd 8 2432daemon. 2433.It Va bootparamd_enable 2434.Pq Vt bool 2435If set to 2436.Dq Li YES , 2437run the 2438.Xr bootparamd 8 2439daemon at system boot time. 2440.It Va bootparamd_flags 2441.Pq Vt str 2442If 2443.Va bootparamd_enable 2444is set to 2445.Dq Li YES , 2446these are the flags to pass to the 2447.Xr bootparamd 8 2448daemon. 2449.It Va stf_interface_ipv4addr 2450.Pq Vt str 2451If not set to 2452.Dq Li NO , 2453this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2454interface). 2455Specify this entry to enable the 6to4 interface. 2456.It Va stf_interface_ipv4plen 2457.Pq Vt int 2458Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2459An effective value is 0-31. 2460.It Va stf_interface_ipv6_ifid 2461.Pq Vt str 2462IPv6 interface ID for 2463.Xr stf 4 . 2464This can be set to 2465.Dq Li AUTO . 2466.It Va stf_interface_ipv6_slaid 2467.Pq Vt str 2468IPv6 Site Level Aggregator for 2469.Xr stf 4 . 2470.It Va ipv6_faith_prefix 2471.Pq Vt str 2472If not set to 2473.Dq Li NO , 2474this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2475translator. 2476You also need 2477.Xr faithd 8 2478setup. 2479.It Va ipv6_ipv4mapping 2480.Pq Vt bool 2481If set to 2482.Dq Li YES 2483this enables IPv4 mapped IPv6 address communication (like 2484.Li ::ffff:a.b.c.d ) . 2485.It Va atm_enable 2486.Pq Vt bool 2487Set to 2488.Dq Li YES 2489to enable the configuration of ATM interfaces at system boot time. 2490For all of the ATM variables described below, please refer to the 2491.Xr atm 8 2492manual page for further details on the available command parameters. 2493Also refer to the files in 2494.Pa /usr/share/examples/atm 2495for more detailed configuration information. 2496.It Va atm_load 2497.Pq Vt str 2498This is a list of physical ATM interface drivers to load. 2499Typical values are 2500.Dq Li hfa_pci 2501and/or 2502.Dq Li hea_pci . 2503.It Va atm_netif_ Ns Aq Ar intf 2504.Pq Vt str 2505For the ATM physical interface 2506.Ar intf , 2507this variable defines the name prefix and count for the ATM network 2508interfaces to be created. 2509The value will be passed as the parameters of an 2510.Dq Nm atm Cm "set netif" Ar intf 2511command. 2512.It Va atm_sigmgr_ Ns Aq Ar intf 2513.Pq Vt str 2514For the ATM physical interface 2515.Ar intf , 2516this variable defines the ATM signalling manager to be used. 2517The value will be passed as the parameters of an 2518.Dq Nm atm Cm attach Ar intf 2519command. 2520.It Va atm_prefix_ Ns Aq Ar intf 2521.Pq Vt str 2522For the ATM physical interface 2523.Ar intf , 2524this variable defines the NSAP prefix for interfaces using a UNI signalling 2525manager. 2526If set to 2527.Dq Li ILMI , 2528the prefix will automatically be set via the 2529.Xr ilmid 8 2530daemon. 2531Otherwise, the value will be passed as the parameters of an 2532.Dq Nm atm Cm "set prefix" Ar intf 2533command. 2534.It Va atm_macaddr_ Ns Aq Ar intf 2535.Pq Vt str 2536For the ATM physical interface 2537.Ar intf , 2538this variable defines the MAC address for interfaces using a UNI signalling 2539manager. 2540If set to 2541.Dq Li NO , 2542the hardware MAC address contained in the ATM interface card will be used. 2543Otherwise, the value will be passed as the parameters of an 2544.Dq Nm atm Cm "set mac" Ar intf 2545command. 2546.It Va atm_arpserver_ Ns Aq Ar netif 2547.Pq Vt str 2548For the ATM network interface 2549.Ar netif , 2550this variable defines the ATM address for a host which is to provide ATMARP 2551service. 2552This variable is only applicable to interfaces using a UNI signalling 2553manager. 2554If set to 2555.Dq Li local , 2556this host will become an ATMARP server. 2557The value will be passed as the parameters of an 2558.Dq Nm atm Cm "set arpserver" Ar netif 2559command. 2560.It Va atm_scsparp_ Ns Aq Ar netif 2561.Pq Vt bool 2562If set to 2563.Dq Li YES , 2564SCSP/ATMARP service for the network interface 2565.Ar netif 2566will be initiated using the 2567.Xr scspd 8 2568and 2569.Xr atmarpd 8 2570daemons. 2571This variable is only applicable if 2572.Va atm_arpserver_ Ns Aq Ar netif 2573is set to 2574.Dq Li local . 2575.It Va atm_pvcs 2576.Pq Vt str 2577Set to the list of ATM PVCs to be added at system 2578boot time. 2579For each whitespace separated 2580.Ar element 2581in the value, an 2582.Va atm_pvc_ Ns Aq Ar element 2583variable is assumed to exist. 2584The value of each of these variables 2585will be passed as the parameters of an 2586.Dq Nm atm Cm "add pvc" 2587command. 2588.It Va atm_arps 2589.Pq Vt str 2590Set to the list of permanent ATM ARP entries to be added 2591at system boot time. 2592For each whitespace separated 2593.Ar element 2594in the value, an 2595.Va atm_arp_ Ns Aq Ar element 2596variable is assumed to exist. 2597The value of each of these variables 2598will be passed as the parameters of an 2599.Dq Nm atm Cm "add arp" 2600command. 2601.It Va natm_interfaces 2602.Pq Vt str 2603Set to the list of 2604.Xr natm 4 2605interfaces that will also be used for HARP through 2606.Xr harp 4 . 2607If this list is not empty all interfaces in the list will be brought up 2608with 2609.Xr ifconfig 8 2610and 2611.Xr harp 4 2612will be loaded. 2613For this to work the interface drivers must be either compiled into the 2614kernel or must reside on the root partition. 2615.It Va keybell 2616.Pq Vt str 2617The keyboard bell sound. 2618Set to 2619.Dq Li normal , 2620.Dq Li visual , 2621.Dq Li off , 2622or 2623.Dq Li NO 2624if the default behavior is desired. 2625For details, refer to the 2626.Xr kbdcontrol 1 2627manpage. 2628.It Va keyboard 2629.Pq Vt str 2630If set to a non-null string, the virtual console's keyboard input is 2631set to this device. 2632.It Va keymap 2633.Pq Vt str 2634If set to 2635.Dq Li NO , 2636no keymap is installed, otherwise the value is used to install 2637the keymap file in 2638.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2639.It Va keyrate 2640.Pq Vt str 2641The keyboard repeat speed. 2642Set to 2643.Dq Li slow , 2644.Dq Li normal , 2645.Dq Li fast , 2646or 2647.Dq Li NO 2648if the default behavior is desired. 2649.It Va keychange 2650.Pq Vt str 2651If not set to 2652.Dq Li NO , 2653attempt to program the function keys with the value. 2654The value should 2655be a single string of the form: 2656.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2657.It Va cursor 2658.Pq Vt str 2659Can be set to the value of 2660.Dq Li normal , 2661.Dq Li blink , 2662.Dq Li destructive , 2663or 2664.Dq Li NO 2665to set the cursor behavior explicitly or choose the default behavior. 2666.It Va scrnmap 2667.Pq Vt str 2668If set to 2669.Dq Li NO , 2670no screen map is installed, otherwise the value is used to install 2671the screen map file in 2672.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2673.It Va font8x16 2674.Pq Vt str 2675If set to 2676.Dq Li NO , 2677the default 8x16 font value is used for screen size requests, otherwise 2678the value in 2679.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2680is used. 2681.It Va font8x14 2682.Pq Vt str 2683If set to 2684.Dq Li NO , 2685the default 8x14 font value is used for screen size requests, otherwise 2686the value in 2687.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2688is used. 2689.It Va font8x8 2690.Pq Vt str 2691If set to 2692.Dq Li NO , 2693the default 8x8 font value is used for screen size requests, otherwise 2694the value in 2695.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2696is used. 2697.It Va blanktime 2698.Pq Vt int 2699If set to 2700.Dq Li NO , 2701the default screen blanking interval is used, otherwise it is set 2702to 2703.Ar value 2704seconds. 2705.It Va saver 2706.Pq Vt str 2707If not set to 2708.Dq Li NO , 2709this is the actual screen saver to use 2710.Li ( blank , snake , daemon , 2711etc). 2712.It Va moused_nondefault_enable 2713.Pq Vt str 2714If set to 2715.Dq Li NO , 2716the mouse device specified on 2717the command line is not automatically treated as enabled by the 2718.Pa /etc/rc.d/moused 2719script. 2720Having this variable set to 2721.Dq Li YES 2722allows a 2723.Xr usb 4 2724mouse, 2725for example, 2726to be enabled as soon as it is plugged in. 2727.It Va moused_enable 2728.Pq Vt str 2729If set to 2730.Dq Li YES , 2731the 2732.Xr moused 8 2733daemon is started for doing cut/paste selection on the console. 2734.It Va moused_type 2735.Pq Vt str 2736This is the protocol type of the mouse connected to this host. 2737This variable must be set if 2738.Va moused_enable 2739is set to 2740.Dq Li YES . 2741The 2742.Xr moused 8 2743daemon 2744is able to detect the appropriate mouse type automatically in many cases. 2745Set this variable to 2746.Dq Li auto 2747to let the daemon detect it, or 2748select one from the following list if the automatic detection fails. 2749.Pp 2750If the mouse is attached to the PS/2 mouse port, choose 2751.Dq Li auto 2752or 2753.Dq Li ps/2 , 2754regardless of the brand and model of the mouse. 2755Likewise, if the 2756mouse is attached to the bus mouse port, choose 2757.Dq Li auto 2758or 2759.Dq Li busmouse . 2760All other protocols are for serial mice and will not work with 2761the PS/2 and bus mice. 2762If this is a USB mouse, 2763.Dq Li auto 2764is the only protocol type which will work. 2765.Pp 2766.Bl -tag -width ".Li x10mouseremote" -compact 2767.It Li microsoft 2768Microsoft mouse (serial) 2769.It Li intellimouse 2770Microsoft IntelliMouse (serial) 2771.It Li mousesystems 2772Mouse systems Corp.\& mouse (serial) 2773.It Li mmseries 2774MM Series mouse (serial) 2775.It Li logitech 2776Logitech mouse (serial) 2777.It Li busmouse 2778A bus mouse 2779.It Li mouseman 2780Logitech MouseMan and TrackMan (serial) 2781.It Li glidepoint 2782ALPS GlidePoint (serial) 2783.It Li thinkingmouse 2784Kensington ThinkingMouse (serial) 2785.It Li ps/2 2786PS/2 mouse 2787.It Li mmhittab 2788MM HitTablet (serial) 2789.It Li x10mouseremote 2790X10 MouseRemote (serial) 2791.It Li versapad 2792Interlink VersaPad (serial) 2793.El 2794.Pp 2795Even if the mouse is not in the above list, it may be compatible 2796with one in the list. 2797Refer to the manual page for 2798.Xr moused 8 2799for compatibility information. 2800.Pp 2801It should also be noted that while this is enabled, any 2802other client of the mouse (such as an X server) should access 2803the mouse through the virtual mouse device, 2804.Pa /dev/sysmouse , 2805and configure it as a 2806.Dq Li sysmouse 2807type mouse, since all 2808mouse data is converted to this single canonical format when 2809using 2810.Xr moused 8 . 2811If the client program does not support the 2812.Dq Li sysmouse 2813type, 2814specify the 2815.Dq Li mousesystems 2816type. 2817It is the second preferred type. 2818.It Va moused_port 2819.Pq Vt str 2820If 2821.Va moused_enable 2822is set to 2823.Dq Li YES , 2824this is the actual port the mouse is on. 2825It might be 2826.Pa /dev/cuad0 2827for a COM1 serial mouse, 2828.Pa /dev/psm0 2829for a PS/2 mouse or 2830.Pa /dev/mse0 2831for a bus mouse, for example. 2832.It Va moused_flags 2833.Pq Vt str 2834If 2835.Va moused_flags 2836is set, its value is used as an additional set of flags to pass to the 2837.Xr moused 8 2838daemon. 2839.It Va "moused_" Ns Ar XXX Ns Va "_flags" 2840When 2841.Va moused_nondefault_enable 2842is enabled, and a 2843.Xr moused 8 2844daemon is started for a non-default port, the 2845.Va "moused_" Ns Ar XXX Ns Va "_flags" 2846set of options has precedence over and replaces the default 2847.Va moused_flags (where 2848.Ar XXX 2849is the name of the non-default port, i.e.\& 2850.Ar ums0 ) . 2851By setting 2852.Va "moused_" Ns Ar XXX Ns Va "_flags" 2853it is possible to set up a different set of default flags for each 2854.Xr moused 8 2855instance. 2856For example, you can use 2857.Dq Li "-3" 2858for the default 2859.Va moused_flags 2860to make your laptop's touchpad more comfortable to use, 2861but an empty set of options for 2862.Va moused_ums0_flags 2863when your 2864.Xr usb 4 2865mouse has three or more buttons. 2866.It Va mousechar_start 2867.Pq Vt int 2868If set to 2869.Dq Li NO , 2870the default mouse cursor character range 2871.Li 0xd0 Ns - Ns Li 0xd3 2872is used, 2873otherwise the range start is set 2874to 2875.Ar value 2876character, see 2877.Xr vidcontrol 1 . 2878Use if the default range is occupied in the language code table. 2879.It Va allscreens_flags 2880.Pq Vt str 2881If set, 2882.Xr vidcontrol 1 2883is run with these options for each of the virtual terminals 2884.Pq Pa /dev/ttyv* . 2885For example, 2886.Dq Fl m Cm on 2887will enable the mouse pointer on all virtual terminals 2888if 2889.Va moused_enable 2890is set to 2891.Dq Li YES . 2892.It Va allscreens_kbdflags 2893.Pq Vt str 2894If set, 2895.Xr kbdcontrol 1 2896is run with these options for each of the virtual terminals 2897.Pq Pa /dev/ttyv* . 2898For example, 2899.Dq Fl h Li 200 2900will set the 2901.Xr syscons 4 2902scrollback (history) buffer to 200 lines. 2903.It Va cron_enable 2904.Pq Vt bool 2905If set to 2906.Dq Li YES , 2907run the 2908.Xr cron 8 2909daemon at system boot time. 2910.It Va cron_program 2911.Pq Vt str 2912Path to 2913.Xr cron 8 2914(default 2915.Pa /usr/sbin/cron ) . 2916.It Va cron_flags 2917.Pq Vt str 2918If 2919.Va cron_enable 2920is set to 2921.Dq Li YES , 2922these are the flags to pass to 2923.Xr cron 8 . 2924.It Va cron_dst 2925.Pq Vt bool 2926If set to 2927.Dq Li YES , 2928enable the special handling of transitions to and from the 2929Daylight Saving Time in 2930.Xr cron 8 2931(equivalent to using the flag 2932.Fl s ) . 2933.It Va lpd_program 2934.Pq Vt str 2935Path to 2936.Xr lpd 8 2937(default 2938.Pa /usr/sbin/lpd ) . 2939.It Va lpd_enable 2940.Pq Vt bool 2941If set to 2942.Dq Li YES , 2943run the 2944.Xr lpd 8 2945daemon at system boot time. 2946.It Va lpd_flags 2947.Pq Vt str 2948If 2949.Va lpd_enable 2950is set to 2951.Dq Li YES , 2952these are the flags to pass to the 2953.Xr lpd 8 2954daemon. 2955.It Va chkprintcap_enable 2956.Pq Vt bool 2957If set to 2958.Dq Li YES , 2959run the 2960.Xr chkprintcap 8 2961command before starting the 2962.Xr lpd 8 2963daemon. 2964.It Va chkprintcap_flags 2965.Pq Vt str 2966If 2967.Va lpd_enable 2968and 2969.Va chkprintcap_enable 2970are set to 2971.Dq Li YES , 2972these are the flags to pass to the 2973.Xr chkprintcap 8 2974program. 2975The default is 2976.Dq Li -d , 2977which causes missing directories to be created. 2978.It Va mta_start_script 2979.Pq Vt str 2980This variable specifies the full path to the script to run to start 2981a mail transfer agent. 2982The default is 2983.Pa /etc/rc.sendmail . 2984The 2985.Va sendmail_* 2986variables which 2987.Pa /etc/rc.sendmail 2988uses are documented in the 2989.Xr rc.sendmail 8 2990manual page. 2991.It Va dumpdev 2992.Pq Vt str 2993Indicates the device (usually a swap partition) to which a crash dump 2994should be written in the event of a system crash. 2995If the value of this variable is 2996.Dq Li AUTO , 2997the first suitable swap device listed in 2998.Pa /etc/fstab 2999will be used as dump device. 3000Otherwise, the value of this variable is passed as the argument to 3001.Xr dumpon 8 . 3002To disable crash dumps, set this variable to 3003.Dq Li NO . 3004.It Va dumpdir 3005.Pq Vt str 3006When the system reboots after a crash and a crash dump is found on the 3007device specified by the 3008.Va dumpdev 3009variable, 3010.Xr savecore 8 3011will save that crash dump and a copy of the kernel to the directory 3012specified by the 3013.Va dumpdir 3014variable. 3015The default value is 3016.Pa /var/crash . 3017Set to 3018.Dq Li NO 3019to not run 3020.Xr savecore 8 3021at boot time when 3022.Va dumpdir 3023is set. 3024.It Va savecore_flags 3025.Pq Vt str 3026If crash dumps are enabled, these are the flags to pass to the 3027.Xr savecore 8 3028utility. 3029.It Va quota_enable 3030.Pq Vt bool 3031Set to 3032.Dq Li YES 3033to turn on user and group disk quotas on system startup via the 3034.Xr quotaon 8 3035command for all file systems marked as having quotas enabled in 3036.Pa /etc/fstab . 3037The kernel must be built with 3038.Cd "options QUOTA" 3039for disk quotas to function. 3040.It Va check_quotas 3041.Pq Vt bool 3042Set to 3043.Dq Li YES 3044to enable user and group disk quota checking via the 3045.Xr quotacheck 8 3046command. 3047.It Va quotacheck_flags 3048.Pq Vt str 3049If 3050.Va quota_enable 3051is set to 3052.Dq Li YES , 3053and 3054.Va check_quotas 3055is set to 3056.Dq Li YES , 3057these are the flags to pass to the 3058.Xr quotacheck 8 3059utility. 3060The default is 3061.Dq Li "-a" , 3062which checks quotas for all file systems with quotas enabled in 3063.Pa /etc/fstab . 3064.It Va quotaon_flags 3065.Pq Vt str 3066If 3067.Va quota_enable 3068is set to 3069.Dq Li YES , 3070these are the flags to pass to the 3071.Xr quotaon 8 3072utility. 3073The default is 3074.Dq Li "-a" , 3075which enables quotas for all file systems with quotas enabled in 3076.Pa /etc/fstab . 3077.It Va quotaoff_flags 3078.Pq Vt str 3079If 3080.Va quota_enable 3081is set to 3082.Dq Li YES , 3083these are the flags to pass to the 3084.Xr quotaoff 8 3085utility when shutting down the quota system. 3086The default is 3087.Dq Li "-a" , 3088which disables quotas for all file systems with quotas enabled in 3089.Pa /etc/fstab . 3090.It Va accounting_enable 3091.Pq Vt bool 3092Set to 3093.Dq Li YES 3094to enable system accounting through the 3095.Xr accton 8 3096facility. 3097.It Va ibcs2_enable 3098.Pq Vt bool 3099Set to 3100.Dq Li YES 3101to enable iBCS2 (SCO) binary emulation at system initial boot 3102time. 3103.It Va ibcs2_loaders 3104.Pq Vt str 3105If not set to 3106.Dq Li NO 3107and if 3108.Va ibcs2_enable 3109is set to 3110.Dq Li YES , 3111this specifies a list of additional iBCS2 loaders to enable. 3112.It Va linux_enable 3113.Pq Vt bool 3114Set to 3115.Dq Li YES 3116to enable Linux/ELF binary emulation at system initial 3117boot time. 3118.It Va svr4_enable 3119.Pq Vt bool 3120If set to 3121.Dq Li YES , 3122enable SysVR4 emulation at boot time. 3123.It Va sysvipc_enable 3124.Pq Vt bool 3125If set to 3126.Dq Li YES , 3127load System V IPC primitives at boot time. 3128.It Va clear_tmp_enable 3129.Pq Vt bool 3130Set to 3131.Dq Li YES 3132to have 3133.Pa /tmp 3134cleaned at startup. 3135.It Va clear_tmp_X 3136.Pq Vt bool 3137Set to 3138.Dq Li NO 3139to disable removing of X11 lock files, 3140and the removal and (secure) recreation 3141of the various socket directories for X11 3142related programs. 3143.It Va ldconfig_paths 3144.Pq Vt str 3145Set to the list of shared library paths to use with 3146.Xr ldconfig 8 . 3147NOTE: 3148.Pa /usr/lib 3149will always be added first, so it need not appear in this list. 3150.It Va ldconfig32_paths 3151.Pq Vt str 3152Set to the list of 32-bit compatibility shared library paths to 3153use with 3154.Xr ldconfig 8 . 3155.It Va ldconfig_paths_aout 3156.Pq Vt str 3157Set to the list of shared library paths to use with 3158.Xr ldconfig 8 3159legacy 3160.Xr a.out 5 3161support. 3162.It Va ldconfig_insecure 3163.Pq Vt bool 3164The 3165.Xr ldconfig 8 3166utility normally refuses to use directories 3167which are writable by anyone except root. 3168Set this variable to 3169.Dq Li YES 3170to disable that security check during system startup. 3171.It Va ldconfig_local_dirs 3172.Pq Vt str 3173Set to the list of local 3174.Xr ldconfig 8 3175directories. 3176The names of all files in the directories listed will be 3177passed as arguments to 3178.Xr ldconfig 8 . 3179.It Va ldconfig_local32_dirs 3180.Pq Vt str 3181Set to the list of local 32-bit compatibility 3182.Xr ldconfig 8 3183directories. 3184The names of all files in the directories listed will be 3185passed as arguments to 3186.Dq Nm ldconfig Fl 32 . 3187.It Va kern_securelevel_enable 3188.Pq Vt bool 3189Set to 3190.Dq Li YES 3191to set the kernel security level at system startup. 3192.It Va kern_securelevel 3193.Pq Vt int 3194The kernel security level to set at startup. 3195The allowed range of 3196.Ar value 3197ranges from \-1 (the compile time default) to 3 (the 3198most secure). 3199See 3200.Xr security 7 3201for the list of possible security levels and their effect 3202on system operation. 3203.It Va sshd_program 3204.Pq Vt str 3205Path to the SSH server program 3206.Pa ( /usr/sbin/sshd 3207is the default). 3208.It Va sshd_enable 3209.Pq Vt bool 3210Set to 3211.Dq Li YES 3212to start 3213.Xr sshd 8 3214at system boot time. 3215.It Va sshd_flags 3216.Pq Vt str 3217If 3218.Va sshd_enable 3219is set to 3220.Dq Li YES , 3221these are the flags to pass to the 3222.Xr sshd 8 3223daemon. 3224.It Va ftpd_program 3225.Pq Vt str 3226Path to the FTP server program 3227.Pa ( /usr/libexec/ftpd 3228is the default). 3229.It Va ftpd_enable 3230.Pq Vt bool 3231Set to 3232.Dq Li YES 3233to start 3234.Xr ftpd 8 3235as a stand-alone daemon at system boot time. 3236.It Va ftpd_flags 3237.Pq Vt str 3238If 3239.Va ftpd_enable 3240is set to 3241.Dq Li YES , 3242these are the additional flags to pass to the 3243.Xr ftpd 8 3244daemon. 3245.It Va watchdogd_enable 3246.Pq Vt bool 3247If set to 3248.Dq Li YES , 3249start the 3250.Xr watchdogd 8 3251daemon at boot time. 3252This requires that the kernel have been compiled with a 3253.Xr watchdog 4 3254compatible device. 3255.It Va watchdogd_flags 3256.Pq Vt str 3257If 3258.Va watchdogd_enable 3259is set to 3260.Dq Li YES , 3261these are the flags passed to the 3262.Xr watchdogd 8 3263daemon. 3264.It Va performance_cx_lowest 3265.Pq Vt str 3266CPU idle state to use while on AC power. 3267The string 3268.Dq Li LOW 3269indicates that 3270.Xr acpi 4 3271should use the lowest power state available while 3272.Dq Li HIGH 3273indicates that the lowest latency state (less power savings) should be used. 3274.It Va performance_cpu_freq 3275.Pq Vt str 3276CPU clock frequency to use while on AC power. 3277The string 3278.Dq Li LOW 3279indicates that 3280.Xr cpufreq 4 3281should use the lowest frequency available while 3282.Dq Li HIGH 3283indicates that the highest frequency (less power savings) should be used. 3284.It Va economy_cx_lowest 3285.Pq Vt str 3286CPU idle state to use when off AC power. 3287The string 3288.Dq Li LOW 3289indicates that 3290.Xr acpi 4 3291should use the lowest power state available while 3292.Dq Li HIGH 3293indicates that the lowest latency state (less power savings) should be used. 3294.It Va economy_cpu_freq 3295.Pq Vt str 3296CPU clock frequency to use when off AC power. 3297The string 3298.Dq Li LOW 3299indicates that 3300.Xr cpufreq 4 3301should use the lowest frequency available while 3302.Dq Li HIGH 3303indicates that the highest frequency (less power savings) should be used. 3304.It Va jail_enable 3305.Pq Vt bool 3306If set to 3307.Dq Li NO , 3308any configured jails will not be started. 3309.It Va jail_list 3310.Pq Vt str 3311A space separated list of names for jails. 3312This is purely a configuration aid to help identify and 3313configure multiple jails. 3314The names specified in this list will be used to 3315identify settings common to an instance of a jail. 3316Assuming that the jail in question was named 3317.Li vjail , 3318you would have the following dependent variables: 3319.Bd -literal 3320jail_vjail_hostname="jail.example.com" 3321jail_vjail_ip="192.0.2.100" 3322jail_vjail_rootdir="/var/jails/vjail/root" 3323.Ed 3324.Pp 3325.It Va jail_flags 3326.Pq Vt str 3327Unset by default. 3328When set, use as default value for 3329.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3330for every jail in 3331.Va jail_list . 3332.It Va jail_interface 3333.Pq Vt str 3334Unset by default. 3335When set, use as default value for 3336.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3337for every jail in 3338.Va jail_list . 3339.It Va jail_fstab 3340.Pq Vt str 3341Unset by default. 3342When set, use as default value for 3343.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3344for every jail in 3345.Va jail_list . 3346.It Va jail_mount_enable 3347.Pq Vt bool 3348Set to 3349.Dq Li NO 3350by default. 3351When set to 3352.Dq Li YES , 3353sets 3354.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3355to 3356.Dq Li YES 3357by default for every jail in 3358.Va jail_list . 3359.It Va jail_devfs_ruleset 3360.Pq Vt str 3361Unset by default. 3362When set, sets 3363.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3364to given value for every jail in 3365.Va jail_list . 3366.It Va jail_devfs_enable 3367.Pq Vt bool 3368Set to 3369.Dq Li NO 3370by default. 3371When set to 3372.Dq Li YES , 3373sets 3374.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3375to 3376.Dq Li YES 3377by default for every jail in 3378.Va jail_list . 3379.It Va jail_fdescfs_enable 3380.Pq Vt bool 3381Set to 3382.Dq Li NO 3383by default. 3384When set to 3385.Dq Li YES , 3386sets 3387.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3388to 3389.Dq Li YES 3390by default for every jail in 3391.Va jail_list . 3392.It Va jail_procfs_enable 3393.Pq Vt bool 3394Set to 3395.Dq Li NO 3396by default. 3397When set to 3398.Dq Li YES , 3399sets 3400.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3401to 3402.Dq Li YES 3403by default for every jail in 3404.Va jail_list . 3405.It Va jail_exec_start 3406.Pq Vt str 3407Unset by default. 3408When set, use as default value for 3409.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3410for every jail in 3411.Va jail_list . 3412.It Va jail_exec_afterstart Ns Aq Ar N 3413.Pq Vt str 3414Unset by default. 3415When set, use as default value for 3416.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3417for every jail in 3418.Va jail_list . 3419.It Va jail_exec_stop 3420Unset by default. 3421When set, use as default value for 3422.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3423for every jail in 3424.Va jail_list . 3425.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3426.Pq Vt str 3427Unset by default. 3428Set to the root directory used by jail 3429.Va jname . 3430.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3431.Pq Vt str 3432Unset by default. 3433Set to the fully qualified domain name (FQDN) assigned to jail 3434.Va jname . 3435.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3436.Pq Vt str 3437Unset by default. 3438Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 3439The argument can be a sole address or a comma separated list of addresses. 3440Additionally each address can be prefixed by the name of an interface 3441followed by a pipe to overwrite 3442.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3443or 3444.Va jail_interface 3445and/or suffixed by a netmask, prefixlen or prefix. 3446In case no netmask, prefixlen or prefix is given, 3447.Sq /32 3448will be used for IPv4 and 3449.Sq /128 3450will be used for an IPv6 address. 3451If no address is given for the jail then the jail will be started with 3452no networking support. 3453.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3454.Pq Vt str 3455Unset by default. 3456Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 3457The sequence starts with 3458.Dq Li _multi0 3459and the numbers have to be strictly ascending. 3460These entries follow the same syntax as their primary 3461.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3462entry. 3463The order of the entries can be important as the first address for 3464each address family found will be the primary address of the jail. 3465See 3466.Va ip-addresses 3467option in 3468.Xr jail 8 3469for more details. 3470.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3471.Pq Vt str 3472Set to 3473.Dq Li -l -U root 3474by default. 3475These are flags to pass to 3476.Xr jail . 3477.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3478.Pq Vt str 3479Unset by default. 3480When set, sets the interface to use when setting IP address alias. 3481Note that the alias is created at jail startup and removed at jail shutdown. 3482.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3483.Pq Vt str 3484Unset by default. 3485When set, the jail is started with the specified forwarding table (sometimes 3486referred to as a routing table) via 3487.Xr setfib 1 . 3488.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3489.Pq Vt str 3490Set to 3491.Pa /etc/fstab. Ns Aq Ar jname 3492by default. 3493This is the file system information file to use for jail 3494.Va jname . 3495.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3496.Pq Vt bool 3497Set to 3498.Dq Li NO 3499by default. 3500When set to 3501.Dq Li YES , 3502mount all file systems from 3503.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3504at jail startup. 3505.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3506.Pq Vt str 3507Unset by default. 3508When set, defines the device file system ruleset file to use for jail 3509.Va jname . 3510.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3511.Pq Vt bool 3512Set to 3513.Dq Li NO 3514by default. 3515When set to 3516.Dq Li YES , 3517mount the device file system inside jail 3518.Ar jname 3519at jail startup. 3520.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3521.Pq Vt bool 3522Set to 3523.Dq Li NO 3524by default. 3525When set to 3526.Dq Li YES , 3527mount the file-descriptor file system inside jail 3528.Ar jname 3529at jail startup. 3530.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3531.Pq Vt bool 3532Set to 3533.Dq Li NO 3534by default. 3535When set to 3536.Dq Li YES , 3537mount the process file system inside jail 3538.Ar jname 3539at jail startup. 3540.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3541.Pq Vt str 3542Set to 3543.Dq Li /bin/sh /etc/rc 3544by default. 3545This is the command executed at jail startup. 3546.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3547.Pq Vt str 3548Unset by default. 3549This is the command run as 3550.Ar N Ns 3551th command 3552after jail startup, where 3553.Ar N 3554is 1, 2, and so on. 3555.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3556.Pq Vt str 3557Set to 3558.Dq Li /bin/sh /etc/rc.shutdown 3559by default. 3560This is the command executed at jail shutdown. 3561.It Va jail_set_hostname_allow 3562.Pq Vt bool 3563If set to 3564.Dq Li NO , 3565do not allow the root user in a jail to set its hostname. 3566.It Va jail_socket_unixiproute_only 3567.Pq Vt bool 3568If set to 3569.Dq Li YES , 3570do not allow any sockets, 3571besides UNIX/IP/route sockets, 3572to be used within a jail. 3573.It Va jail_sysvipc_allow 3574.Pq Vt bool 3575If set to 3576.Dq Li YES , 3577allow applications within a jail to use System V IPC. 3578.\" ----------------------------------------------------- 3579.It Va harvest_interrupt 3580.Pq Vt bool 3581Set to 3582.Dq Li YES 3583to use hardware interrupts as an entropy source. 3584Refer to 3585.Xr random 4 3586for more information. 3587.It Va harvest_ethernet 3588.Pq Vt bool 3589Set to 3590.Dq Li YES 3591to use LAN traffic as an entropy source. 3592Refer to 3593.Xr random 4 3594for more information. 3595.It Va harvest_p_to_p 3596.Pq Vt bool 3597Set to 3598.Dq Li YES 3599to use serial line traffic as an entropy source. 3600Refer to 3601.Xr random 4 3602for more information. 3603.It Va entropy_dir 3604.Pq Vt str 3605Set to 3606.Dq Li NO 3607to disable caching entropy via 3608.Xr cron 8 . 3609Otherwise set to the directory used to store entropy files in. 3610.It Va entropy_file 3611.Pq Vt str 3612Set to 3613.Dq Li NO 3614to disable caching entropy through reboots. 3615Otherwise set to the filename used to store cached entropy through 3616reboots. 3617This file should be located on the root file system to seed the 3618.Xr random 4 3619device as early as possible in the boot process. 3620.It Va entropy_save_sz 3621.Pq Vt int 3622Size of the entropy cache files saved by 3623.Nm save-entropy 3624periodically. 3625.It Va entropy_save_num 3626.Pq Vt int 3627Number of entropy cache files to save by 3628.Nm save-entropy 3629periodically. 3630.It Va ipsec_enable 3631.Pq Vt bool 3632Set to 3633.Dq Li YES 3634to run 3635.Xr setkey 8 3636on 3637.Va ipsec_file 3638at boot time. 3639.It Va ipsec_file 3640.Pq Vt str 3641Configuration file for 3642.Xr setkey 8 . 3643.It Va dmesg_enable 3644.Pq Vt bool 3645Set to 3646.Dq Li YES 3647to save 3648.Xr dmesg 8 3649to 3650.Pa /var/run/dmesg.boot 3651on boot. 3652.It Va rcshutdown_timeout 3653.Pq Vt int 3654If set, start a watchdog timer in the background which will terminate 3655.Pa rc.shutdown 3656if 3657.Xr shutdown 8 3658has not completed within the specified time (in seconds). 3659Notice that in addition to this soft timeout, 3660.Xr init 8 3661also applies a hard timeout for the execution of 3662.Pa rc.shutdown . 3663This is configured via 3664.Xr sysctl 8 3665variable 3666.Va kern.init_shutdown_timeout 3667and defaults to 120 seconds. 3668Setting the value of 3669.Va rcshutdown_timeout 3670to more than 120 seconds will have no effect until the 3671.Xr sysctl 8 3672variable 3673.Va kern.init_shutdown_timeout 3674is also increased. 3675.It Va virecover_enable 3676.Pq Vt bool 3677Set to 3678.Dq Li NO 3679to prevent the system from trying to 3680recover pre-maturely terminated 3681.Xr vi 1 3682sessions. 3683.It Va ugidfw_enable 3684.Pq Vt bool 3685Set to 3686.Dq Li YES 3687to load the 3688.Xr mac_bsdextended 4 3689module upon system initialization and load a default 3690ruleset file. 3691.It Va bsdextended_script 3692.Pq Vt str 3693The default 3694.Xr mac_bsdextended 4 3695ruleset file to load. 3696The default value of this variable is 3697.Pa /etc/rc.bsdextended . 3698.It Va newsyslog_enable 3699.Pq Vt bool 3700If set to 3701.Dq Li YES , 3702run 3703.Xr newsyslog 8 3704command at startup. 3705.It Va newsyslog_flags 3706.Pq Vt str 3707If 3708.Va newsyslog_enable 3709is set to 3710.Dq Li YES , 3711these are the flags to pass to the 3712.Xr newsyslog 8 3713program. 3714The default is 3715.Dq Li -CN , 3716which causes log files flagged with a 3717.Cm C 3718to be created. 3719.It Va mdconfig_md Ns Aq Ar X 3720.Pq Vt str 3721Arguments to 3722.Xr mdconfig 8 3723for 3724.Xr md 4 3725device 3726.Ar X . 3727At minimum a 3728.Fl t Ar type 3729must be specified and either a 3730.Fl s Ar size 3731for malloc or swap backed 3732.Xr md 4 3733devices or a 3734.Fl f Ar file 3735for vnode backed 3736.Xr md 4 3737devices. 3738Note that 3739.Va mdconfig_md Ns Aq Ar X 3740variables are evaluated until one variable is unset or null. 3741.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3742.Pq Vt str 3743Optional arguments passed to 3744.Xr newfs 8 3745to initialize 3746.Xr md 4 3747device 3748.Ar X . 3749.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3750.Pq Vt str 3751An ownership specification passed to 3752.Xr chown 8 3753after the specified 3754.Xr md 4 3755device 3756.Ar X 3757has been mounted. 3758Both the 3759.Xr md 4 3760device and the mount point will be changed. 3761.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3762.Pq Vt str 3763A mode string passed to 3764.Xr chmod 1 3765after the specified 3766.Xr md 4 3767device 3768.Ar X 3769has been mounted. 3770Both the 3771.Xr md 4 3772device and the mount point will be changed. 3773.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3774.Pq Vt str 3775Files to be copied to the mount point of the 3776.Xr md 4 3777device 3778.Ar X 3779after it has been mounted. 3780.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3781.Pq Vt str 3782Command to execute after the specified 3783.Xr md 4 3784device 3785.Ar X 3786has been mounted. 3787Note that the command is passed to 3788.Ic eval 3789and that both 3790.Va _dev 3791and 3792.Va _mp 3793variables can be used to reference respectively the 3794.Xr md 4 3795device and the mount point. 3796Assuming that the 3797.Xr md 4 3798device is 3799.Li md0 , 3800one could set the following: 3801.Bd -literal 3802mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3803.Ed 3804.It Va ramdisk_units 3805.Pq Vt str 3806A list of one or more ramdisk units to configure with 3807.Xr mdconfig 8 3808and 3809.Xr newfs 8 3810in time to be mounted from 3811.Xr fstab 5 . 3812Each listed unit 3813.Ar X 3814must specify at least a 3815.Ar type 3816in a 3817.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3818variable. 3819Note that this way to configure ramdisks has been deprecated 3820in favor of new 3821.Va mdconfig_md* 3822variables (see above). 3823.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3824.Pq Vt str 3825Arguments to 3826.Xr mdconfig 8 3827for ramdisk 3828.Ar X . 3829At minimum a 3830.Fl t Ar type 3831must be specified, where 3832.Ar type 3833must be one of 3834.Cm malloc 3835or 3836.Cm swap . 3837.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3838.Pq Vt str 3839Optional arguments passed to 3840.Xr newfs 8 3841to initialize ramdisk 3842.Ar X . 3843.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3844.Pq Vt str 3845An ownership specification passed to 3846.Xr chown 8 3847after the specified ramdisk unit 3848.Ar X 3849has been mounted. 3850Both the 3851.Xr md 4 3852device and the mount point will be changed. 3853.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3854.Pq Vt str 3855A mode string passed to 3856.Xr chmod 1 3857after the specified ramdisk unit 3858.Ar X 3859has been mounted. 3860Both the 3861.Xr md 4 3862device and the mount point will be changed. 3863.It Va autobridge_interfaces 3864.Pq Vt str 3865Set to the list of bridge interfaces that will have newly arriving interfaces 3866checked against to be automatically added. 3867If not set to 3868.Dq Li NO 3869then for each whitespace separated 3870.Ar element 3871in the value, a 3872.Va autobridge_ Ns Aq Ar element 3873variable is assumed to exist which has a whitespace separated list of interface 3874names to match, these names can use wildcards. 3875For example: 3876.Bd -literal 3877autobridge_interfaces="bridge0" 3878autobridge_bridge0="tap* dc0 vlan[345]" 3879.Ed 3880.It Va mixer_enable 3881.Pq Vt bool 3882If set to 3883.Dq Li YES , 3884enable support for sound mixer. 3885.It Va hcsecd_enable 3886.Pq Vt bool 3887If set to 3888.Dq Li YES , 3889enable Bluetooth security daemon. 3890.It Va hcsecd_config 3891.Pq Vt str 3892Configuration file for 3893.Xr hcsecd 8 . 3894Default 3895.Pa /etc/bluetooth/hcsecd.conf . 3896.It Va sdpd_enable 3897.Pq Vt bool 3898If set to 3899.Dq Li YES , 3900enable Bluetooth Service Discovery Protocol daemon. 3901.It Va sdpd_control 3902.Pq Vt str 3903Path to 3904.Xr sdpd 8 3905control socket. 3906Default 3907.Pa /var/run/sdp . 3908.It Va sdpd_groupname 3909.Pq Vt str 3910Sets 3911.Xr sdpd 8 3912group to run as after it initializes. 3913Default 3914.Dq Li nobody . 3915.It Va sdpd_username 3916.Pq Vt str 3917Sets 3918.Xr sdpd 8 3919user to run as after it initializes. 3920Default 3921.Dq Li nobody . 3922.It Va bthidd_enable 3923.Pq Vt bool 3924If set to 3925.Dq Li YES , 3926enable Bluetooth Human Interface Device daemon. 3927.It Va bthidd_config 3928.Pq Vt str 3929Configuration file for 3930.Xr bthidd 8 . 3931Default 3932.Pa /etc/bluetooth/bthidd.conf . 3933.It Va bthidd_hids 3934.Pq Vt str 3935Path to a file, where 3936.Xr bthidd 8 3937will store information about known HID devices. 3938Default 3939.Pa /var/db/bthidd.hids . 3940.It Va rfcomm_pppd_server_enable 3941.Pq Vt bool 3942If set to 3943.Dq Li YES , 3944enable Bluetooth RFCOMM PPP wrapper daemon. 3945.It Va rfcomm_pppd_server_profile 3946.Pq Vt str 3947The name of the profile to use from 3948.Pa /etc/ppp/ppp.conf . 3949Multiple profiles can be specified here. 3950Also used to specify per-profile overrides. 3951When the profile name contains any of the characters 3952.Dq Li .-/+ 3953they are translated to 3954.Dq Li _ 3955for the proposes of the override variable names. 3956.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 3957.Pq Vt str 3958Overrides local address to listen on. 3959By default 3960.Xr rfcomm_pppd 8 3961will listen on 3962.Dq Li ANY 3963address. 3964The address can be specified as BD_ADDR or name. 3965.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 3966.Pq Vt str 3967Overrides local RFCOMM channel to listen on. 3968By default 3969.Xr rfcomm_pppd 8 3970will listen on RFCOMM channel 1. 3971Must set properly if multiple profiles used in the same time. 3972.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 3973.Pq Vt bool 3974Tells 3975.Xr rfcomm_pppd 8 3976if it should register Serial Port service on the speficied RFCOMM channel. 3977Default 3978.Dq Li NO . 3979.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 3980.Pq Vt bool 3981Tells 3982.Xr rfcomm_pppd 8 3983if it should register Dial-Up Networking service on the speficied 3984RFCOMM channel. 3985Default 3986.Dq Li NO . 3987.El 3988.Sh FILES 3989.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 3990.It Pa /etc/defaults/rc.conf 3991.It Pa /etc/rc.conf 3992.It Pa /etc/rc.conf.local 3993.El 3994.Sh SEE ALSO 3995.Xr catman 1 , 3996.Xr chmod 1 , 3997.Xr gdb 1 , 3998.Xr info 1 , 3999.Xr kbdcontrol 1 , 4000.Xr makewhatis 1 , 4001.Xr sh 1 , 4002.Xr vi 1 , 4003.Xr vidcontrol 1 , 4004.Xr bridge 4 , 4005.Xr dummynet 4 , 4006.Xr ip 4 , 4007.Xr ipf 4 , 4008.Xr ipfw 4 , 4009.Xr ipnat 4 , 4010.Xr kld 4 , 4011.Xr pf 4 , 4012.Xr pflog 4 , 4013.Xr pfsync 4 , 4014.Xr tcp 4 , 4015.Xr udp 4 , 4016.Xr exports 5 , 4017.Xr fstab 5 , 4018.Xr ipf 5 , 4019.Xr ipnat 5 , 4020.Xr motd 5 , 4021.Xr newsyslog.conf 5 , 4022.Xr pf.conf 5 , 4023.Xr security 7 , 4024.Xr accton 8 , 4025.Xr amd 8 , 4026.Xr apm 8 , 4027.Xr atm 8 , 4028.Xr bthidd 8 , 4029.Xr chkprintcap 8 , 4030.Xr chown 8 , 4031.Xr cron 8 , 4032.Xr dhclient 8 , 4033.Xr ftpd 8 , 4034.Xr geli 8 , 4035.Xr hcsecd 8 , 4036.Xr ifconfig 8 , 4037.Xr inetd 8 , 4038.Xr ipf 8 , 4039.Xr ipfw 8 , 4040.Xr ipnat 8 , 4041.Xr jail 8 , 4042.Xr kldxref 8 , 4043.Xr lpd 8 , 4044.Xr mdconfig 8 , 4045.Xr mdmfs 8 , 4046.Xr mixer 8 , 4047.Xr mountd 8 , 4048.Xr moused 8 , 4049.Xr mrouted 8 , 4050.Xr named 8 , 4051.Xr newfs 8 , 4052.Xr newsyslog 8 , 4053.Xr nfsd 8 , 4054.Xr ntpd 8 , 4055.Xr ntpdate 8 , 4056.Xr pfctl 8 , 4057.Xr pflogd 8 , 4058.Xr powerd 8 , 4059.Xr quotacheck 8 , 4060.Xr quotaon 8 , 4061.Xr rc 8 , 4062.Xr rc.sendmail 8 , 4063.Xr rfcomm_pppd 8 , 4064.Xr route 8 , 4065.Xr routed 8 , 4066.Xr rpcbind 8 , 4067.Xr rpc.lockd 8 , 4068.Xr rpc.statd 8 , 4069.Xr rwhod 8 , 4070.Xr savecore 8 , 4071.Xr sdpd 8 , 4072.Xr sshd 8 , 4073.Xr swapon 8 , 4074.Xr sysctl 8 , 4075.Xr syslogd 8 , 4076.Xr timed 8 , 4077.Xr wlandebug 8 , 4078.Xr yp 8 , 4079.Xr ypbind 8 , 4080.Xr ypserv 8 , 4081.Xr ypset 8 4082.Sh HISTORY 4083The 4084.Nm 4085file appeared in 4086.Fx 2.2.2 . 4087.Sh AUTHORS 4088.An Jordan K. Hubbard . 4089