xref: /freebsd/share/man/man5/rc.conf.5 (revision c6db8143eda5c775467145ac73e8ebec47afdd8f)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd September 11, 2014
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/rc.conf.local
63is used to override settings in
64.Pa /etc/rc.conf
65for historical reasons.
66.Pp
67In addition to
68.Pa /etc/rc.conf.local
69you can also place smaller configuration files for each
70.Xr rc 8
71script in the
72.Pa /etc/rc.conf.d
73directory or
74.Ao Ar dir Ac Ns Pa /rc.conf.d
75directories specified in
76.Va local_startup ,
77which will be included by the
78.Va load_rc_config
79function.
80For jail configurations you could use the file
81.Pa /etc/rc.conf.d/jail
82to store jail specific configuration options.
83If
84.Va local_startup
85contains
86.Pa /usr/local/etc/rc.d
87and
88.Pa /opt/conf ,
89.Pa /usr/local/rc.conf.d/jail
90and
91.Pa /opt/conf/rc.conf.d/jail
92will be loaded.
93If
94.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
95is a directory,
96all of files in the directory will be loaded.
97Also see the
98.Va rc_conf_files
99variable below.
100.Pp
101Options are set with
102.Dq Ar name Ns Li = Ns Ar value
103assignments that use
104.Xr sh 1
105syntax.
106The following list provides a name and short description for each
107variable that can be set in the
108.Nm
109file:
110.Bl -tag -width indent-two
111.It Va rc_debug
112.Pq Vt bool
113If set to
114.Dq Li YES ,
115enable output of debug messages from rc scripts.
116This variable can be helpful in diagnosing mistakes when
117editing or integrating new scripts.
118Beware that this produces copious output to the terminal and
119.Xr syslog 3 .
120.It Va rc_info
121.Pq Vt bool
122If set to
123.Dq Li NO ,
124disable informational messages from the rc scripts.
125Informational messages are displayed when
126a condition that is not serious enough to warrant a warning or
127an error occurs.
128.It Va rc_startmsgs
129.Pq Vt bool
130If set to
131.Dq Li YES ,
132show
133.Dq Starting foo:
134when faststart is used (e.g., at boot time).
135.It Va early_late_divider
136.Pq Vt str
137The name of the script that should be used as the
138delimiter between the
139.Dq early
140and
141.Dq late
142stages of the boot process.
143The early stage should contain all the services needed to
144get the disks (local or remote) mounted so that the late
145stage can include scripts contained in the directories
146listed in the
147.Va local_startup
148variable (see below).
149Thus, the two likely candidates for this value are
150.Pa mountcritlocal
151for the typical system, and
152.Pa mountcritremote
153if the system needs remote file
154systems mounted to get access to the
155.Va local_startup
156directories; for example when
157.Pa /usr/local
158is NFS mounted.
159For
160.Pa rc.conf
161within a
162.Xr jail 8
163.Pa NETWORKING
164is likely to be an appropriate value.
165Extreme care should be taken when changing this value,
166and before changing it one should ensure that there are
167adequate provisions to recover from a failed boot
168(such as physical contact with the machine,
169or reliable remote console access).
170.It Va always_force_depends
171.Pq Vt bool
172Various
173.Pa rc.d
174scripts use the force_depend function to check whether required
175services are already running, and to start them if necessary.
176By default during boot time this check is bypassed if the
177required service is enabled in
178.Pa /etc/rc.conf[.local] .
179Setting this option will bypass that check at boot time and
180always test whether or not the service is actually running.
181Enabling this option is likely to increase your boot time if
182services are enabled that utilize the force_depend check.
183.It Ao Ar name Ac Ns Va _chroot
184.Pq Vt str
185.Xr chroot
186to this directory before running the service.
187.It Ao Ar name Ac Ns Va _user
188.Pq Vt str
189Run the service under this user account.
190.It Ao Ar name Ac Ns Va _group
191.Pq Vt str
192Run the chrooted service under this system group. Unlike the _user
193setting, this setting has no effect if the service is not chrooted.
194.It Ao Ar name Ac Ns Va _fib
195.Pq Vt int
196The
197.Xr setfib 1
198value to run the service under.
199.It Ao Ar name Ac Ns Va _nice
200.Pq Vt int
201The
202.Xr nice 1
203value to run the service under.
204.It Va apm_enable
205.Pq Vt bool
206If set to
207.Dq Li YES ,
208enable support for Automatic Power Management with
209the
210.Xr apm 8
211command.
212.It Va apmd_enable
213.Pq Vt bool
214Run
215.Xr apmd 8
216to handle APM event from userland.
217This also enables support for APM.
218.It Va apmd_flags
219.Pq Vt str
220If
221.Va apmd_enable
222is set to
223.Dq Li YES ,
224these are the flags to pass to the
225.Xr apmd 8
226daemon.
227.It Va devd_enable
228.Pq Vt bool
229Run
230.Xr devd 8
231to handle device added, removed or unknown events from the kernel.
232.It Va ddb_enable
233.Pq Vt bool
234Run
235.Xr ddb 8
236to install
237.Xr ddb 4
238scripts at boot time.
239.It Va ddb_config
240.Pq Vt str
241Configuration file for
242.Xr ddb 8 .
243Default
244.Pa /etc/ddb.conf .
245.It Va kld_list
246.Pq Vt str
247A list of kernel modules to load right after the local
248disks are mounted.
249Loading modules at this point in the boot process is
250much faster than doing it via
251.Pa /boot/loader.conf
252for those modules not necessary for mounting local disk.
253.It Va kldxref_enable
254.Pq Vt bool
255Set to
256.Dq Li NO
257by default.
258Set to
259.Dq Li YES
260to automatically rebuild
261.Pa linker.hints
262files with
263.Xr kldxref 8
264at boot time.
265.It Va kldxref_clobber
266.Pq Vt bool
267Set to
268.Dq Li NO
269by default.
270If
271.Va kldxref_enable
272is true,
273setting to
274.Dq Li YES
275will overwrite existing
276.Pa linker.hints
277files at boot time.
278Otherwise,
279only missing
280.Pa linker.hints
281files are generated.
282.It Va kldxref_module_path
283.Pq Vt str
284Empty by default.
285A semi-colon
286.Pq Ql \&;
287delimited list of paths containing
288.Xr kld 4
289modules.
290If empty,
291the contents of the
292.Va kern.module_path
293.Xr sysctl 8
294are used.
295.It Va powerd_enable
296.Pq Vt bool
297If set to
298.Dq Li YES ,
299enable the system power control facility with the
300.Xr powerd 8
301daemon.
302.It Va powerd_flags
303.Pq Vt str
304If
305.Va powerd_enable
306is set to
307.Dq Li YES ,
308these are the flags to pass to the
309.Xr powerd 8
310daemon.
311.It Va tmpmfs
312Controls the creation of a
313.Pa /tmp
314memory file system.
315Always happens if set to
316.Dq Li YES
317and never happens if set to
318.Dq Li NO .
319If set to anything else, a memory file system is created if
320.Pa /tmp
321is not writable.
322.It Va tmpsize
323Controls the size of a created
324.Pa /tmp
325memory file system.
326.It Va tmpmfs_flags
327Extra options passed to the
328.Xr mdmfs 8
329utility when the memory file system for
330.Pa /tmp
331is created.
332The default is
333.Dq Li "-S" ,
334which inhibits the use of softupdates on
335.Pa /tmp
336so that file system space is freed without delay
337after file truncation or deletion.
338See
339.Xr mdmfs 8
340for other options you can use in
341.Va tmpmfs_flags .
342.It Va varmfs
343Controls the creation of a
344.Pa /var
345memory file system.
346Always happens if set to
347.Dq Li YES
348and never happens if set to
349.Dq Li NO .
350If set to anything else, a memory file system is created if
351.Pa /var
352is not writable.
353.It Va varsize
354Controls the size of a created
355.Pa /var
356memory file system.
357.It Va varmfs_flags
358Extra options passed to the
359.Xr mdmfs 8
360utility when the memory file system for
361.Pa /var
362is created.
363The default is
364.Dq Li "-S" ,
365which inhibits the use of softupdates on
366.Pa /var
367so that file system space is freed without delay
368after file truncation or deletion.
369See
370.Xr mdmfs 8
371for other options you can use in
372.Va varmfs_flags .
373.It Va populate_var
374Controls the automatic population of the
375.Pa /var
376file system.
377Always happens if set to
378.Dq Li YES
379and never happens if set to
380.Dq Li NO .
381If set to anything else, a memory file system is created if
382.Pa /var
383is not writable.
384Note that this process requires access to certain commands in
385.Pa /usr
386before
387.Pa /usr
388is mounted on normal systems.
389.It Va cleanvar_enable
390.Pq Vt bool
391Clean the
392.Pa /var
393directory.
394.It Va local_startup
395.Pq Vt str
396List of directories to search for startup script files.
397.It Va script_name_sep
398.Pq Vt str
399The field separator to use for breaking down the list of startup script files
400into individual filenames.
401The default is a space.
402It is not necessary to change this unless there are startup scripts with names
403containing spaces.
404.It Va hostapd_enable
405.Pq Vt bool
406Set to
407.Dq Li YES
408to start
409.Xr hostapd 8
410at system boot time.
411.It Va hostname
412.Pq Vt str
413The fully qualified domain name (FQDN) of this host on the network.
414This should almost certainly be set to something meaningful, even if
415there is no network connection.
416If
417.Xr dhclient 8
418is used to set the hostname via DHCP,
419this variable should be set to an empty string.
420If this value remains unset when the system is done booting
421your console login will display the default hostname of
422.Dq Amnesiac .
423.It Va nisdomainname
424.Pq Vt str
425The NIS domain name of this host, or
426.Dq Li NO
427if NIS is not used.
428.It Va dhclient_program
429.Pq Vt str
430Path to the DHCP client program
431.Pa ( /sbin/dhclient ,
432the
433.Ox
434DHCP client,
435is the default).
436.It Va dhclient_flags
437.Pq Vt str
438Additional flags to pass to the DHCP client program.
439For the
440.Ox
441DHCP client, see the
442.Xr dhclient 8
443manpage for a description of the command line options available.
444.It Va dhclient_flags_ Ns Aq Ar iface
445Additional flags to pass to the DHCP client program running on
446.Ar iface
447only.
448When specified, this variable overrides
449.Va dhclient_flags .
450.It Va background_dhclient
451.Pq Vt bool
452Set to
453.Dq Li YES
454to start the DHCP client in background.
455This can cause trouble with applications depending on
456a working network, but it will provide a faster startup
457in many cases.
458.It Va background_dhclient_ Ns Aq Ar iface
459When specified, this variable overrides the
460.Va background_dhclient
461variable for interface
462.Ar iface
463only.
464.It Va synchronous_dhclient
465.Pq Vt bool
466Set to
467.Dq Li YES
468to start
469.Xr dhclient 8
470synchronously at startup.
471This behavior can be overridden on a per-interface basis by replacing
472the
473.Dq Li DHCP
474keyword in the
475.Va ifconfig_ Ns Aq Ar interface
476variable with
477.Dq Li SYNCDHCP
478or
479.Dq Li NOSYNCDHCP .
480.It Va defaultroute_delay
481.Pq Vt int
482When set to a positive value, wait up to this long after configuring
483DHCP interfaces at startup to give the interfaces time to receive a lease.
484.It Va firewall_enable
485.Pq Vt bool
486Set to
487.Dq Li YES
488to load firewall rules at startup.
489If the kernel was not built with
490.Cd "options IPFIREWALL" ,
491the
492.Pa ipfw.ko
493kernel module will be loaded.
494See also
495.Va ipfilter_enable .
496.It Va firewall_script
497.Pq Vt str
498This variable specifies the full path to the firewall script to run.
499The default is
500.Pa /etc/rc.firewall .
501.It Va firewall_type
502.Pq Vt str
503Names the firewall type from the selection in
504.Pa /etc/rc.firewall ,
505or the file which contains the local firewall ruleset.
506Valid selections from
507.Pa /etc/rc.firewall
508are:
509.Pp
510.Bl -tag -width ".Li simple" -compact
511.It Li open
512unrestricted IP access
513.It Li closed
514all IP services disabled, except via
515.Dq Li lo0
516.It Li client
517basic protection for a workstation
518.It Li simple
519basic protection for a LAN.
520.El
521.Pp
522If a filename is specified, the full path
523must be given.
524.It Va firewall_quiet
525.Pq Vt bool
526Set to
527.Dq Li YES
528to disable the display of firewall rules on the console during boot.
529.It Va firewall_logging
530.Pq Vt bool
531Set to
532.Dq Li YES
533to enable firewall event logging.
534This is equivalent to the
535.Dv IPFIREWALL_VERBOSE
536kernel option.
537.It Va firewall_logif
538.Pq Vt bool
539Set to
540.Dq Li YES
541to create pseudo interface
542.Li ipfw0
543for logging.
544For more details, see
545.Xr ipfw 8
546manual page.
547.It Va firewall_flags
548.Pq Vt str
549Flags passed to
550.Xr ipfw 8
551if
552.Va firewall_type
553specifies a filename.
554.It Va firewall_coscripts
555.Pq Vt str
556List of executables and/or rc scripts to run after firewall starts/stops.
557Default is empty.
558.\" ----- firewall_nat_enable setting --------------------------------
559.It Va firewall_nat_enable
560.Pq Vt bool
561The
562.Xr ipfw 8
563equivalent of
564.Va natd_enable .
565Setting this to
566.Dq Li YES
567enables kernel NAT.
568.Va firewall_enable
569must also be set to
570.Dq Li YES .
571.It Va firewall_nat_interface
572.Pq Vt str
573The
574.Xr ipfw 8
575equivalent of
576.Va natd_interface .
577This is the name of the public interface or IP address on which
578kernel NAT should run.
579.It Va firewall_nat_flags
580.Pq Vt str
581Additional configuration parameters for kernel NAT should be placed here.
582.It Va dummynet_enable
583.Pq Vt bool
584Setting this to
585.Dq Li YES
586will automatically load the
587.Xr dummynet 4
588module if
589.Va firewall_enable
590is also set to
591.Dq Li YES .
592.\" -------------------------------------------------------------------
593.It Va natd_program
594.Pq Vt str
595Path to
596.Xr natd 8 .
597.It Va natd_enable
598.Pq Vt bool
599Set to
600.Dq Li YES
601to enable
602.Xr natd 8 .
603.Va firewall_enable
604must also be set to
605.Dq Li YES ,
606and
607.Xr divert 4
608sockets must be enabled in the kernel.
609If the kernel was not built with
610.Cd "options IPDIVERT" ,
611the
612.Pa ipdivert.ko
613kernel module will be loaded.
614.It Va natd_interface
615.Pq Vt str
616This is the name of the public interface on which
617.Xr natd 8
618should run.
619The interface may be given as an interface name or as an IP address.
620.It Va natd_flags
621.Pq Vt str
622Additional
623.Xr natd 8
624flags should be placed here.
625The
626.Fl n
627or
628.Fl a
629flag is automatically added with the above
630.Va natd_interface
631as an argument.
632.\" ----- ipfilter_enable setting --------------------------------
633.It Va ipfilter_enable
634.Pq Vt bool
635Set to
636.Dq Li NO
637by default.
638Setting this to
639.Dq Li YES
640enables
641.Xr ipf 8
642packet filtering.
643.Pp
644Typical usage will require putting
645.Bd -literal
646ipfilter_enable="YES"
647ipnat_enable="YES"
648ipmon_enable="YES"
649ipfs_enable="YES"
650.Ed
651.Pp
652into
653.Pa /etc/rc.conf
654and editing
655.Pa /etc/ipf.rules
656and
657.Pa /etc/ipnat.rules
658appropriately.
659.Pp
660Note that
661.Va ipfilter_enable
662and
663.Va ipnat_enable
664can be enabled independently.
665.Va ipmon_enable
666and
667.Va ipfs_enable
668both require at least one of
669.Va ipfilter_enable
670and
671.Va ipnat_enable
672to be enabled.
673.Pp
674Having
675.Bd -literal
676options IPFILTER
677options IPFILTER_LOG
678options IPFILTER_DEFAULT_BLOCK
679.Ed
680.Pp
681in the kernel configuration file is a good idea, too.
682.\" ----- ipfilter_program setting ------------------------------
683.It Va ipfilter_program
684.Pq Vt str
685Path to
686.Xr ipf 8
687(default
688.Pa /sbin/ipf ) .
689.\" ----- ipfilter_rules setting --------------------------------
690.It Va ipfilter_rules
691.Pq Vt str
692Set to
693.Pa /etc/ipf.rules
694by default.
695This variable contains the name of the filter rule definition file.
696The file is expected to be readable for the
697.Xr ipf 8
698command to execute.
699.\" ----- ipv6_ipfilter_rules setting ---------------------------
700.It Va ipv6_ipfilter_rules
701.Pq Vt str
702Set to
703.Pa /etc/ipf6.rules
704by default.
705This variable contains the IPv6 filter rule definition file.
706The file is expected to be readable for the
707.Xr ipf 8
708command to execute.
709.\" ----- ipfilter_flags setting --------------------------------
710.It Va ipfilter_flags
711.Pq Vt str
712Empty by default.
713This variable contains flags passed to the
714.Xr ipf 8
715program.
716.\" ----- ipnat_enable setting ----------------------------------
717.It Va ipnat_enable
718.Pq Vt bool
719Set to
720.Dq Li NO
721by default.
722Set it to
723.Dq Li YES
724to enable
725.Xr ipnat 8
726network address translation.
727See
728.Va ipfilter_enable
729for a detailed discussion.
730.\" ----- ipnat_program setting ---------------------------------
731.It Va ipnat_program
732.Pq Vt str
733Path to
734.Xr ipnat 8
735(default
736.Pa /sbin/ipnat ) .
737.\" ----- ipnat_rules setting -----------------------------------
738.It Va ipnat_rules
739.Pq Vt str
740Set to
741.Pa /etc/ipnat.rules
742by default.
743This variable contains the name of the file
744holding the network address translation definition.
745This file is expected to be readable for the
746.Xr ipnat 8
747command to execute.
748.\" ----- ipnat_flags setting -----------------------------------
749.It Va ipnat_flags
750.Pq Vt str
751Empty by default.
752This variable contains flags passed to the
753.Xr ipnat 8
754program.
755.\" ----- ipmon_enable setting ----------------------------------
756.It Va ipmon_enable
757.Pq Vt bool
758Set to
759.Dq Li NO
760by default.
761Set it to
762.Dq Li YES
763to enable
764.Xr ipmon 8
765monitoring (logging
766.Xr ipf 8
767and
768.Xr ipnat 8
769events).
770Setting this variable needs setting
771.Va ipfilter_enable
772or
773.Va ipnat_enable
774too.
775See
776.Va ipfilter_enable
777for a detailed discussion.
778.\" ----- ipmon_program setting ---------------------------------
779.It Va ipmon_program
780.Pq Vt str
781Path to
782.Xr ipmon 8
783(default
784.Pa /sbin/ipmon ) .
785.\" ----- ipmon_flags setting -----------------------------------
786.It Va ipmon_flags
787.Pq Vt str
788Set to
789.Dq Li -Ds
790by default.
791This variable contains flags passed to the
792.Xr ipmon 8
793program.
794Another typical example would be
795.Dq Fl D Pa /var/log/ipflog
796to have
797.Xr ipmon 8
798log directly to a file bypassing
799.Xr syslogd 8 .
800Make sure to adjust
801.Pa /etc/newsyslog.conf
802in such case like this:
803.Bd -literal
804/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
805.Ed
806.\" ----- ipfs_enable setting -----------------------------------
807.It Va ipfs_enable
808.Pq Vt bool
809Set to
810.Dq Li NO
811by default.
812Set it to
813.Dq Li YES
814to enable
815.Xr ipfs 8
816saving the filter and NAT state tables during shutdown
817and reloading them during startup again.
818Setting this variable needs setting
819.Va ipfilter_enable
820or
821.Va ipnat_enable
822to
823.Dq Li YES
824too.
825See
826.Va ipfilter_enable
827for a detailed discussion.
828Note that if
829.Va kern_securelevel
830is set to 3,
831.Va ipfs_enable
832cannot be used
833because the raised securelevel will prevent
834.Xr ipfs 8
835from saving the state tables at shutdown time.
836.\" ----- ipfs_program setting ----------------------------------
837.It Va ipfs_program
838.Pq Vt str
839Path to
840.Xr ipfs 8
841(default
842.Pa /sbin/ipfs ) .
843.\" ----- ipfs_flags setting ------------------------------------
844.It Va ipfs_flags
845.Pq Vt str
846Empty by default.
847This variable contains flags passed to the
848.Xr ipfs 8
849program.
850.\" ----- end of added ipf hook ---------------------------------
851.It Va pf_enable
852.Pq Vt bool
853Set to
854.Dq Li NO
855by default.
856Setting this to
857.Dq Li YES
858enables
859.Xr pf 4
860packet filtering.
861.Pp
862Typical usage will require putting
863.Pp
864.Dl pf_enable="YES"
865.Pp
866into
867.Pa /etc/rc.conf
868and editing
869.Pa /etc/pf.conf
870appropriately.
871Adding
872.Pp
873.Dl "device pf"
874.Pp
875builds support for
876.Xr pf 4
877into the kernel, otherwise the
878kernel module will be loaded.
879.It Va pf_rules
880.Pq Vt str
881Path to
882.Xr pf 4
883ruleset configuration file
884(default
885.Pa /etc/pf.conf ) .
886.It Va pf_program
887.Pq Vt str
888Path to
889.Xr pfctl 8
890(default
891.Pa /sbin/pfctl ) .
892.It Va pf_flags
893.Pq Vt str
894If
895.Va pf_enable
896is set to
897.Dq Li YES ,
898these flags are passed to the
899.Xr pfctl 8
900program when loading the ruleset.
901.It Va pflog_enable
902.Pq Vt bool
903Set to
904.Dq Li NO
905by default.
906Setting this to
907.Dq Li YES
908enables
909.Xr pflogd 8
910which logs packets from the
911.Xr pf 4
912packet filter.
913.It Va pflog_logfile
914.Pq Vt str
915If
916.Va pflog_enable
917is set to
918.Dq Li YES
919this controls where
920.Xr pflogd 8
921stores the logfile
922(default
923.Pa /var/log/pflog ) .
924Check
925.Pa /etc/newsyslog.conf
926to adjust logfile rotation for this.
927.It Va pflog_program
928.Pq Vt str
929Path to
930.Xr pflogd 8
931(default
932.Pa /sbin/pflogd ) .
933.It Va pflog_flags
934.Pq Vt str
935Empty by default.
936This variable contains additional flags passed to the
937.Xr pflogd 8
938program.
939.It Va pflog_instances
940.Pq Vt str
941If logging to more than one
942.Xr pflog 4
943interface is desired,
944.Va pflog_instances
945is set to the list of
946.Xr pflogd 8
947instances that should be started at system boot time. If
948.Va pflog_instances
949is set, for each whitespace-seperated
950.Ar element
951in the list,
952.Ao Ar element Ac Ns Va _dev
953and
954.Ao Ar element Ac Ns Va _logfile
955elements are assumed to exist.
956.Ao Ar element Ac Ns Va _dev
957must contain the
958.Xr pflog 4
959interface to be watched by the named
960.Xr pflogd 8
961instance.
962.Ao Ar element Ac Ns Va _logfile
963must contain the name of the logfile that will be used by the
964.Xr pflogd 8
965instance.
966.It Va ftpproxy_enable
967.Pq Vt bool
968Set to
969.Dq Li NO
970by default.
971Setting this to
972.Dq Li YES
973enables
974.Xr ftp-proxy 8
975which supports the
976.Xr pf 4
977packet filter in translating ftp connections.
978.It Va ftpproxy_flags
979.Pq Vt str
980Empty by default.
981This variable contains additional flags passed to the
982.Xr ftp-proxy 8
983program.
984.It Va ftpproxy_instances
985.Pq Vt str
986Empty by default. If multiple instances of
987.Xr ftp-proxy 8
988are desired at boot time,
989.Va ftpproxy_instances
990should contain a whitespace-seperated list of instance names. For each
991.Ar element
992in the list, a variable named
993.Ao Ar element Ac Ns Va _flags
994should be defined, containing the command-line flags to be passed to the
995.Xr ftp-proxy 8
996instance.
997.It Va pfsync_enable
998.Pq Vt bool
999Set to
1000.Dq Li NO
1001by default.
1002Setting this to
1003.Dq Li YES
1004enables exposing
1005.Xr pf 4
1006state changes to other hosts over the network by means of
1007.Xr pfsync 4 .
1008The
1009.Va pfsync_syncdev
1010variable
1011must also be set then.
1012.It Va pfsync_syncdev
1013.Pq Vt str
1014Empty by default.
1015This variable specifies the name of the network interface
1016.Xr pfsync 4
1017should operate through.
1018It must be set accordingly if
1019.Va pfsync_enable
1020is set to
1021.Dq Li YES .
1022.It Va pfsync_syncpeer
1023.Pq Vt str
1024Empty by default.
1025This variable is optional.
1026By default, state change messages are sent out on the synchronisation
1027interface using IP multicast packets.
1028The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1029224.0.0.240.
1030When a peer address is specified using the
1031.Va pfsync_syncpeer
1032option, the peer address is used as a destination for the pfsync
1033traffic, and the traffic can then be protected using
1034.Xr ipsec 4 .
1035See the
1036.Xr pfsync 4
1037manpage for more details about using
1038.Xr ipsec 4
1039with
1040.Xr pfsync 4
1041interfaces.
1042.It Va pfsync_ifconfig
1043.Pq Vt str
1044Empty by default.
1045This variable can contain additional options to be passed to the
1046.Xr ifconfig 8
1047command used to set up
1048.Xr pfsync 4 .
1049.It Va tcp_extensions
1050.Pq Vt bool
1051Set to
1052.Dq Li YES
1053by default.
1054Setting this to
1055.Dq Li NO
1056disables certain TCP options as described by
1057.Rs
1058.%T "RFC 1323"
1059.Re
1060Setting this to
1061.Dq Li NO
1062might help remedy such problems with connections as randomly hanging
1063or other weird behavior.
1064Some network devices are known
1065to be broken with respect to these options.
1066.It Va log_in_vain
1067.Pq Vt int
1068Set to 0 by default.
1069The
1070.Xr sysctl 8
1071variables,
1072.Va net.inet.tcp.log_in_vain
1073and
1074.Va net.inet.udp.log_in_vain ,
1075as described in
1076.Xr tcp 4
1077and
1078.Xr udp 4 ,
1079are set to the given value.
1080.It Va tcp_keepalive
1081.Pq Vt bool
1082Set to
1083.Dq Li YES
1084by default.
1085Setting to
1086.Dq Li NO
1087will disable probing idle TCP connections to verify that the
1088peer is still up and reachable.
1089.It Va tcp_drop_synfin
1090.Pq Vt bool
1091Set to
1092.Dq Li NO
1093by default.
1094Setting to
1095.Dq Li YES
1096will cause the kernel to ignore TCP frames that have both
1097the SYN and FIN flags set.
1098This prevents OS fingerprinting, but may
1099break some legitimate applications.
1100.It Va icmp_drop_redirect
1101.Pq Vt bool
1102Set to
1103.Dq Li NO
1104by default.
1105Setting to
1106.Dq Li YES
1107will cause the kernel to ignore ICMP REDIRECT packets.
1108Refer to
1109.Xr icmp 4
1110for more information.
1111.It Va icmp_log_redirect
1112.Pq Vt bool
1113Set to
1114.Dq Li NO
1115by default.
1116Setting to
1117.Dq Li YES
1118will cause the kernel to log ICMP REDIRECT packets.
1119Note that
1120the log messages are not rate-limited, so this option should only be used
1121for troubleshooting networks.
1122Refer to
1123.Xr icmp 4
1124for more information.
1125.It Va icmp_bmcastecho
1126.Pq Vt bool
1127Set to
1128.Dq Li YES
1129to respond to broadcast or multicast ICMP ping packets.
1130Refer to
1131.Xr icmp 4
1132for more information.
1133.It Va ip_portrange_first
1134.Pq Vt int
1135If not set to
1136.Dq Li NO ,
1137this is the first port in the default portrange.
1138Refer to
1139.Xr ip 4
1140for more information.
1141.It Va ip_portrange_last
1142.Pq Vt int
1143If not set to
1144.Dq Li NO ,
1145this is the last port in the default portrange.
1146Refer to
1147.Xr ip 4
1148for more information.
1149.It Va network_interfaces
1150.Pq Vt str
1151Set to the list of network interfaces to configure on this host or
1152.Dq Li AUTO
1153(the default) for all current interfaces.
1154Setting the
1155.Va network_interfaces
1156variable to anything other than the default is deprecated.
1157Interfaces that the administrator wishes to store configuration for,
1158but not start at boot should be configured with the
1159.Dq Li NOAUTO
1160keyword in their
1161.Va ifconfig_ Ns Aq Ar interface
1162variables as described below.
1163.Pp
1164An
1165.Va ifconfig_ Ns Aq Ar interface
1166variable is also assumed to exist for each value of
1167.Ar interface .
1168When an interface name contains any of the characters
1169.Dq Li .-/+
1170they are translated to
1171.Dq Li _
1172before lookup.
1173The variable can contain arguments to
1174.Xr ifconfig 8 ,
1175as well as special case-insensitive keywords described below.
1176Such keywords are removed before passing the value to
1177.Xr ifconfig 8
1178while the order of the other arguments is preserved.
1179.Pp
1180It is possible to add IP alias entries using
1181.Xr ifconfig 8
1182syntax with the address family keyword such as
1183.Li inet .
1184Assuming that the interface in question was
1185.Li ed0 ,
1186it might look something like this:
1187.Bd -literal
1188ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1189ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1190.Ed
1191.Pp
1192It also possible to configure multiple IP addresses in Classless
1193Inter-Domain Routing
1194.Pq CIDR
1195address notation,
1196whose each address component can be a range like
1197.Li inet 192.0.2.5-23/24
1198or
1199.Li inet6 2001:db8:1-f::1/64 .
1200This notation allows address and prefix length part only,
1201not the other address modifiers.
1202Note that the maximum number of the generated addresses from a range
1203specification is limited to an integer value specified in
1204.Va netif_ipexpand_max
1205in
1206.Xr rc.conf 5
1207because a small typo can unexpectedly generate a large number of addresses.
1208The default value is
1209.Li 2048 .
1210It can be increased by adding the following line into
1211.Xr rc.conf 5 :
1212.Bd -literal
1213netif_ipexpand_max="4096"
1214.Ed
1215.Pp
1216In the case of
1217.Li 192.0.2.5-23/24 ,
1218the address 192.0.2.5 will be configured with the
1219netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1220the non-conflicting netmask /32 as explained in the
1221.Xr ifconfig 8
1222alias section.
1223Note that this special netmask handling is only for
1224.Li inet ,
1225not for the other address families such as
1226.Li inet6 .
1227.Pp
1228With the interface in question being
1229.Li ed0 ,
1230an example could look like:
1231.Bd -literal
1232ifconfig_ed0_alias2="inet 192.0.2.129/27"
1233ifconfig_ed0_alias3="inet 192.0.2.1-5/28"
1234.Ed
1235.Pp
1236and so on.
1237.Pp
1238Note that
1239.Va ipv4_addrs_ Ns Aq Ar interface
1240variable was supported for IPv4 CIDR address notation.
1241It is now deprecated because the functionality was integrated into
1242.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1243though
1244.Va ipv4_addrs_ Ns Aq Ar interface
1245is still supported for backward compatibility.
1246.Pp
1247For each
1248.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1249entry with an address family keyword,
1250its contents are passed to
1251.Xr ifconfig 8 .
1252Execution stops at the first unsuccessful access, so if
1253something like this is present:
1254.Bd -literal
1255ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1256ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1257ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1258ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1259.Ed
1260.Pp
1261Then note that alias4 would
1262.Em not
1263be added since the search would
1264stop with the missing
1265.Dq Li alias3
1266entry.
1267Because of this difficult to manage behavior,
1268there is
1269.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1270variable, which has the same functionality as
1271.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1272and can have all of entries in a variable like the following:
1273.Bd -literal
1274ifconfig_ed0_aliases="\\
1275	inet 127.0.0.251 netmask 0xffffffff \\
1276	inet 127.0.0.252 netmask 0xffffffff \\
1277	inet 127.0.0.253 netmask 0xffffffff \\
1278	inet 127.0.0.254 netmask 0xffffffff"
1279.Ed
1280.Pp
1281It also supports CIDR notation.
1282.Pp
1283If the
1284.Pa /etc/start_if. Ns Aq Ar interface
1285file is present, it is read and executed by the
1286.Xr sh 1
1287interpreter
1288before configuring the interface as specified in the
1289.Va ifconfig_ Ns Aq Ar interface
1290and
1291.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1292variables.
1293.Pp
1294If a
1295.Va vlans_ Ns Aq Ar interface
1296variable is set,
1297a
1298.Xr vlan 4
1299interface will be created for each item in the list with the
1300.Ar vlandev
1301argument set to
1302.Ar interface .
1303If a vlan interface's name is a number,
1304then that number is used as the vlan tag and the new vlan interface is
1305named
1306.Ar interface . Ns Ar tag .
1307Otherwise,
1308the vlan tag must be specified via a
1309.Va vlan
1310parameter in the
1311.Va create_args_ Ns Aq Ar interface
1312variable.
1313.Pp
1314To create a vlan device named
1315.Li em0.101
1316on
1317.Li em0
1318with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1319.Bd -literal
1320vlans_em0="101"
1321ifconfig_em0_101="inet 192.0.2.1/24"
1322.Ed
1323.Pp
1324To create a vlan device named
1325.Li myvlan
1326on
1327.Li em0
1328with the vlan tag 102:
1329.Bd -literal
1330vlans_em0="myvlan"
1331create_args_myvlan="vlan 102"
1332.Ed
1333.Pp
1334If a
1335.Va wlans_ Ns Aq Ar interface
1336variable is set,
1337an
1338.Xr wlan 4
1339interface will be created for each item in the list with the
1340.Ar wlandev
1341argument set to
1342.Ar interface .
1343Further wlan cloning arguments may be passed to the
1344.Xr ifconfig 8
1345.Cm create
1346command by setting the
1347.Va create_args_ Ns Aq Ar interface
1348variable.
1349One or more
1350.Xr wlan 4
1351devices must be created for each wireless devices as of
1352.Fx 8.0 .
1353Debugging flags for
1354.Xr wlan 4
1355devices as set by
1356.Xr wlandebug 8
1357may be specified with an
1358.Va wlandebug_ Ns Aq Ar interface
1359variable.
1360The contents of this variable will be passed directly to
1361.Xr wlandebug 8 .
1362.Pp
1363If the
1364.Va ifconfig_ Ns Aq Ar interface
1365contains the keyword
1366.Dq Li NOAUTO
1367then the interface will not be configured
1368at boot or by
1369.Pa /etc/pccard_ether
1370when
1371.Va network_interfaces
1372is set to
1373.Dq Li AUTO .
1374.Pp
1375It is possible to bring up an interface with DHCP by adding
1376.Dq Li DHCP
1377to the
1378.Va ifconfig_ Ns Aq Ar interface
1379variable.
1380For instance, to initialize the
1381.Li ed0
1382device via DHCP,
1383it is possible to use something like:
1384.Bd -literal
1385ifconfig_ed0="DHCP"
1386.Ed
1387.Pp
1388If you want to configure your wireless interface with
1389.Xr wpa_supplicant 8
1390for use with WPA, EAP/LEAP or WEP, you need to add
1391.Dq Li WPA
1392to the
1393.Va ifconfig_ Ns Aq Ar interface
1394variable.
1395.Pp
1396On the other hand, if you want to configure your wireless interface with
1397.Xr hostapd 8 ,
1398you need to add
1399.Dq Li HOSTAP
1400to the
1401.Va ifconfig_ Ns Aq Ar interface
1402variable.
1403.Xr hostapd 8
1404will use the settings from
1405.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1406.Pp
1407Finally, you can add
1408.Xr ifconfig 8
1409options in this variable, in addition to the
1410.Pa /etc/start_if. Ns Aq Ar interface
1411file.
1412For instance, to configure an
1413.Xr ath 4
1414wireless device in station mode with an address obtained
1415via DHCP, using WPA authentication and 802.11b mode, it is
1416possible to use something like:
1417.Bd -literal
1418wlans_ath0="wlan0"
1419ifconfig_wlan0="DHCP WPA mode 11b"
1420.Ed
1421.Pp
1422In addition to the
1423.Va ifconfig_ Ns Aq Ar interface
1424form, a fallback variable
1425.Va ifconfig_DEFAULT
1426may be configured.
1427It will be used for all interfaces with no
1428.Va ifconfig_ Ns Aq Ar interface
1429variable.
1430This is intended to replace the no longer supported
1431.Va pccard_ifconfig
1432variable.
1433.Pp
1434It is also possible to rename an interface by doing:
1435.Bd -literal
1436ifconfig_ed0_name="net0"
1437ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1438.Ed
1439.It Va ipv6_enable
1440.Pq Vt bool
1441This variable is deprecated.
1442Use
1443.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1444and
1445.Va ipv6_activate_all_interfaces
1446if necessary.
1447.Pp
1448If the variable is
1449.Dq Li YES ,
1450.Dq Li inet6 accept_rtadv
1451is added to all of
1452.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1453and the
1454.Va ipv6_activate_all_interfaces
1455is defined as
1456.Dq Li YES .
1457.It Va ipv6_prefer
1458.Pq Vt bool
1459This variable is deprecated.
1460Use
1461.Va ip6addrctl_policy
1462instead.
1463.Pp
1464If the variable is
1465.Dq Li YES ,
1466the default address selection policy table set by
1467.Xr ip6addrctl 8
1468will be IPv6-preferred.
1469.Pp
1470If the variable is
1471.Dq Li NO ,
1472the default address selection policy table set by
1473.Xr ip6addrctl 8
1474will be IPv4-preferred.
1475.It Va ipv6_activate_all_interfaces
1476.Pq Vt bool
1477This controls initial configuration on IPv6-capable
1478interfaces with no corresponding
1479.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1480variable.
1481Note that it is not always necessary to set this variable to
1482.Dq YES
1483to use IPv6 functionality on
1484.Fx .
1485In most cases, just configuring
1486.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1487variables works.
1488.Pp
1489If the variable is
1490.Dq Li NO ,
1491all interfaces which do not have a corresponding
1492.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1493variable will be marked as
1494.Dq Li IFDISABLED
1495at creation.
1496This means that all of IPv6 functionality on that interface
1497is completely disabled to enforce a security policy.
1498If the variable is set to
1499.Dq YES ,
1500the flag will be cleared on all of the interfaces.
1501.Pp
1502In most cases, just defining an
1503.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1504for an IPv6-capable interface should be sufficient.
1505However, if an interface is added dynamically
1506.Pq by some tunneling protocols such as PPP, for example ,
1507it is often difficult to define the variable in advance.
1508In such a case, configuring the
1509.Dq Li IFDISABLED
1510flag can be disabled by setting this variable to
1511.Dq YES .
1512.Pp
1513For more details of the
1514.Dq Li IFDISABLED
1515flag and keywords
1516.Dq Li inet6 ifdisabled ,
1517see
1518.Xr ifconfig 8 .
1519.Pp
1520Default is
1521.Dq Li NO .
1522.It Va ipv6_privacy
1523.Pq Vt bool
1524If the variable is
1525.Dq Li YES
1526privacy addresses will be generated for each IPv6
1527interface as described in RFC 4941.
1528.It Va ipv6_network_interfaces
1529.Pq Vt str
1530This is the IPv6 equivalent of
1531.Va network_interfaces .
1532Normally manual configuration of this variable is not needed.
1533.It Va ipv6_cpe_wanif
1534.Pq Vt str
1535If the variable is set to an interface name,
1536the
1537.Xr ifconfig 8
1538options
1539.Dq inet6 -no_radr accept_rtadv
1540will be added to the specified interface automatically before evaluating
1541.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1542and two
1543.Xr sysctl 8
1544variables
1545.Va net.inet6.ip6.rfc6204w3
1546and
1547.Va net.inet6.ip6.no_radr
1548will be set to 1.
1549.Pp
1550This means the specified interface will accept ICMPv6 Router
1551Advertisement messages on that link and add the discovered
1552routers into the Default Router List.
1553While the other interfaces can still accept RA messages if the
1554.Dq inet6 accept_rtadv
1555option is specified, adding
1556routes into the Default Router List will be disabled by
1557.Dq inet6 no_radr
1558option by default.
1559See
1560.Xr ifconfig 8
1561for more details.
1562.Pp
1563Note that ICMPv6 Router Advertisement messages will be
1564accepted even when
1565.Va net.inet6.ip6.forwarding
1566is 1
1567.Pq packet forwarding is enabled
1568when
1569.Va net.inet6.ip6.rfc6204w3
1570is set to 1.
1571.Pp
1572Default is
1573.Dq Li NO .
1574.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1575.Pq Vt str
1576IPv6 functionality on an interface should be configured by
1577.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1578instead of setting ifconfig parameters in
1579.Va ifconfig_ Ns Aq Ar interface .
1580If this variable is empty, all of IPv6 configurations on the
1581specified interface by other variables such as
1582.Va ipv6_prefix_ Ns Ao Ar interface Ac
1583will be ignored.
1584.Pp
1585Aliases should be set by
1586.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1587with
1588.Dq Li inet6
1589keyword.
1590For example:
1591.Bd -literal
1592ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1593ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1594.Ed
1595.Pp
1596Interfaces that have an
1597.Dq Li inet6 accept_rtadv
1598keyword in
1599.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1600setting will be automatically configured by SLAAC
1601.Pq StateLess Address AutoConfiguration
1602described in
1603.Rs
1604.%T "RFC 4862"
1605.Re
1606.Pp
1607Note that a link-local address will be automatically configured in
1608addition to the configured global-scope addresses because the IPv6
1609specifications require it on each link.
1610The address is calculated from the MAC address by using an algorithm
1611defined in
1612.Rs
1613.%T "RFC 4862"
1614.%O "Section 5.3"
1615.Re
1616.Pp
1617If only a link-local address is needed on the interface,
1618the following configuration can be used:
1619.Bd -literal
1620ifconfig_ed0_ipv6="inet6 auto_linklocal"
1621.Ed
1622.Pp
1623A link-local address can also be configured manually.
1624This is useful for the default router address of an IPv6 router
1625so that it does not change when the network interface
1626card is replaced.
1627For example:
1628.Bd -literal
1629ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"
1630.Ed
1631.It Va ipv6_prefix_ Ns Aq Ar interface
1632.Pq Vt str
1633If one or more prefixes are defined in
1634.Va ipv6_prefix_ Ns Aq Ar interface
1635addresses based on each prefix and the EUI-64 interface index will be
1636configured on that interface.
1637Note that this variable will be ignored when
1638.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1639is empty.
1640.Pp
1641For example, the following configuration
1642.Bd -literal
1643ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"
1644.Ed
1645.Pp
1646is equivalent to the following:
1647.Bd -literal
1648ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1649ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1650ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1651ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1652.Ed
1653.Pp
1654These Subnet-Router anycast addresses will be added only when
1655.Va ipv6_gateway_enable
1656is YES.
1657.It Va ipv6_default_interface
1658.Pq Vt str
1659If not set to
1660.Dq Li NO ,
1661this is the default output interface for scoped addresses.
1662This works only with ipv6_gateway_enable="NO".
1663.It Va ip6addrctl_enable
1664.Pq Vt bool
1665This variable is to enable configuring default address selection policy table
1666.Pq RFC 3484 .
1667The table can be specified in another variable
1668.Va ip6addrctl_policy .
1669For
1670.Va ip6addrctl_policy
1671the following keywords can be specified:
1672.Dq Li ipv4_prefer ,
1673.Dq Li ipv6_prefer ,
1674or
1675.Dq Li AUTO .
1676.Pp
1677If
1678.Dq Li ipv4_prefer
1679or
1680.Dq Li ipv6_prefer
1681is specified,
1682.Xr ip6addrctl 8
1683installs a pre-defined policy table described in Section 2.1
1684.Pq IPv6-preferred
1685or 10.3
1686.Pq IPv4-preferred
1687of RFC 3484.
1688.Pp
1689If
1690.Dq Li AUTO
1691is specified, it attempts to read a file
1692.Pa /etc/ip6addrctl.conf
1693first.
1694If this file is found,
1695.Xr ip6addrctl 8
1696reads and installs it.
1697If not found, a policy is automatically set
1698according to
1699.Va ipv6_activate_all_interfaces
1700variable; if the variable is set to
1701.Dq Li YES
1702the IPv6-preferred one is used.
1703Otherwise IPv4-preferred.
1704.Pp
1705The default value of
1706.Va ip6addrctl_enable
1707and
1708.Va ip6addrctl_policy
1709are
1710.Dq Li YES
1711and
1712.Dq Li AUTO ,
1713respectively.
1714.It Va cloned_interfaces
1715.Pq Vt str
1716Set to the list of clonable network interfaces to create on this host.
1717Further cloning arguments may be passed to the
1718.Xr ifconfig 8
1719.Cm create
1720command for each interface by setting the
1721.Va create_args_ Ns Aq Ar interface
1722variable.
1723If an interface name is specified with
1724.Dq :sticky
1725keyword,
1726the interface will not be destroyed even when
1727.Pa rc.d/netif
1728script is invoked with
1729.Dq stop
1730argument.
1731This is useful when reconfiguring the interface without destroying it.
1732Entries in
1733.Va cloned_interfaces
1734are automatically appended to
1735.Va network_interfaces
1736for configuration.
1737.It Va cloned_interfaces_sticky
1738.Pq Vt bool
1739This variable is to globally enable functionality of
1740.Dq :sticky
1741keyword in
1742.Va cloned_interfaces
1743for all interfaces.
1744The default value is
1745.Dq NO .
1746Even if this variable is specified to
1747.Dq YES ,
1748.Dq :nosticky
1749keyword can be used to override it on per interface basis.
1750.It Va gif_interfaces
1751.Pq Vt str
1752This variable is deprecated in favor of
1753.Va cloned_interfaces .
1754Set to the list of
1755.Xr gif 4
1756tunnel interfaces to configure on this host.
1757A
1758.Va gifconfig_ Ns Aq Ar interface
1759variable is assumed to exist for each value of
1760.Ar interface .
1761The value of this variable is used to configure the link layer of the
1762tunnel according to the syntax of the
1763.Cm tunnel
1764option to
1765.Xr ifconfig 8 .
1766Additionally, this option ensures that each listed interface is created
1767via the
1768.Cm create
1769option to
1770.Xr ifconfig 8
1771before attempting to configure it.
1772.It Va sppp_interfaces
1773.Pq Vt str
1774Set to the list of
1775.Xr sppp 4
1776interfaces to configure on this host.
1777A
1778.Va spppconfig_ Ns Aq Ar interface
1779variable is assumed to exist for each value of
1780.Ar interface .
1781Each interface should also be configured by a general
1782.Va ifconfig_ Ns Aq Ar interface
1783setting.
1784Refer to
1785.Xr spppcontrol 8
1786for more information about available options.
1787.It Va ppp_enable
1788.Pq Vt bool
1789If set to
1790.Dq Li YES ,
1791run the
1792.Xr ppp 8
1793daemon.
1794.It Va ppp_profile
1795.Pq Vt str
1796The name of the profile to use from
1797.Pa /etc/ppp/ppp.conf .
1798Also used for per-profile overrides of
1799.Va ppp_mode
1800and
1801.Va ppp_nat ,
1802and
1803.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1804When the profile name contains any of the characters
1805.Dq Li .-/+
1806they are translated to
1807.Dq Li _
1808for the proposes of the override variable names.
1809.It Va ppp_mode
1810.Pq Vt str
1811Mode in which to run the
1812.Xr ppp 8
1813daemon.
1814.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1815.Pq Vt str
1816Overrides the global
1817.Va ppp_mode
1818for
1819.Ar profile .
1820Accepted modes are
1821.Dq Li auto ,
1822.Dq Li ddial ,
1823.Dq Li direct
1824and
1825.Dq Li dedicated .
1826See the manual for a full description.
1827.It Va ppp_nat
1828.Pq Vt bool
1829If set to
1830.Dq Li YES ,
1831enables network address translation.
1832Used in conjunction with
1833.Va gateway_enable
1834allows hosts on private network addresses access to the Internet using
1835this host as a network address translating router.
1836.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1837.Pq Vt str
1838Overrides the global
1839.Va ppp_nat
1840for
1841.Ar profile .
1842.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1843.Pq Vt int
1844Set the unit number to be used for this profile.
1845See the manual description of
1846.Fl unit Ns Ar N
1847for details.
1848.It Va ppp_user
1849.Pq Vt str
1850The name of the user under which
1851.Xr ppp 8
1852should be started.
1853By
1854default,
1855.Xr ppp 8
1856is started as
1857.Dq Li root .
1858.It Va rc_conf_files
1859.Pq Vt str
1860This option is used to specify a list of files that will override
1861the settings in
1862.Pa /etc/defaults/rc.conf .
1863The files will be read in the order in which they are specified and should
1864include the full path to the file.
1865By default, the files specified are
1866.Pa /etc/rc.conf
1867and
1868.Pa /etc/rc.conf.local
1869.It Va zfs_enable
1870.Pq Vt bool
1871If set to
1872.Dq Li YES ,
1873.Pa /etc/rc.d/zfs
1874will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1875(ZVOLs).
1876.It Va gptboot_enable
1877.Pq Vt bool
1878If set to
1879.Dq Li YES ,
1880.Pa /etc/rc.d/gptboot
1881will log if the system successfully (or not) booted from a GPT partition,
1882which had the
1883.Ar bootonce
1884attribute set using
1885.Xr gpart 8
1886utility.
1887.It Va gbde_autoattach_all
1888.Pq Vt bool
1889If set to
1890.Dq Li YES ,
1891.Pa /etc/rc.d/gbde
1892will attempt to automatically initialize your .bde devices in
1893.Pa /etc/fstab .
1894.It Va gbde_devices
1895.Pq Vt str
1896List the devices that the script should try to attach,
1897or
1898.Dq Li AUTO .
1899.It Va gbde_lockdir
1900.Pq Vt str
1901The directory where the
1902.Xr gbde 4
1903lockfiles are located.
1904The default lockfile directory is
1905.Pa /etc .
1906.Pp
1907The lockfile for each individual
1908.Xr gbde 4
1909device can be overridden by setting the variable
1910.Va gbde_lock_ Ns Aq Ar device ,
1911where
1912.Ar device
1913is the encrypted device without the
1914.Dq Pa /dev/
1915and
1916.Dq Pa .bde
1917parts.
1918.It Va gbde_attach_attempts
1919.Pq Vt int
1920Number of times to attempt attaching to a
1921.Xr gbde 4
1922device, i.e., how many times the user is asked for the pass-phrase.
1923Default is 3.
1924.It Va geli_devices
1925.Pq Vt str
1926List of devices to automatically attach on boot.
1927Note that .eli devices from
1928.Pa /etc/fstab
1929are automatically appended to this list.
1930.It Va geli_tries
1931.Pq Vt int
1932Number of times user is asked for the pass-phrase.
1933If empty, it will be taken from
1934.Va kern.geom.eli.tries
1935sysctl variable.
1936.It Va geli_default_flags
1937.Pq Vt str
1938Default flags to use by
1939.Xr geli 8
1940when configuring disk encryption.
1941Flags can be configured for every device separately by defining
1942.Va geli_ Ns Ao Ar device Ac Ns Va _flags
1943variable.
1944.It Va geli_autodetach
1945.Pq Vt str
1946Specifies if GELI devices should be marked for detach on last close after
1947file systems are mounted.
1948Default is
1949.Dq Li YES .
1950This can be changed for every device separately by defining
1951.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1952variable.
1953.It Va root_rw_mount
1954.Pq Vt bool
1955Set to
1956.Dq Li YES
1957by default.
1958After the file systems are checked at boot time, the root file system
1959is remounted as read-write if this is set to
1960.Dq Li YES .
1961Diskless systems that mount their root file system from a read-only remote
1962NFS share should set this to
1963.Dq Li NO
1964in their
1965.Pa rc.conf .
1966.It Va fsck_y_enable
1967.Pq Vt bool
1968If set to
1969.Dq Li YES ,
1970.Xr fsck 8
1971will be run with the
1972.Fl y
1973flag if the initial preen
1974of the file systems fails.
1975.It Va background_fsck
1976.Pq Vt bool
1977If set to
1978.Dq Li YES ,
1979the system will attempt to run
1980.Xr fsck 8
1981in the background where possible.
1982.It Va background_fsck_delay
1983.Pq Vt int
1984The amount of time in seconds to sleep before starting a background
1985.Xr fsck 8 .
1986It defaults to sixty seconds to allow large applications such as
1987the X server to start before disk I/O bandwidth is monopolized by
1988.Xr fsck 8 .
1989If set to a negative number, the background file system check will be
1990delayed indefinitely to allow the administrator to run it at a more
1991convenient time.
1992For example it may be run from
1993.Xr cron 8
1994by adding a line like
1995.Pp
1996.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1997.Pp
1998to
1999.Pa /etc/crontab .
2000.It Va netfs_types
2001.Pq Vt str
2002List of file system types that are network-based.
2003This list should generally not be modified by end users.
2004Use
2005.Va extra_netfs_types
2006instead.
2007.It Va extra_netfs_types
2008.Pq Vt str
2009If set to something other than
2010.Dq Li NO
2011(the default),
2012this variable extends the list of file system types
2013for which automatic mounting at startup by
2014.Xr rc 8
2015should be delayed until the network is initialized.
2016It should contain
2017a whitespace-separated list of network file system descriptor pairs,
2018each consisting of a file system type as passed to
2019.Xr mount 8
2020and a human-readable, one-word description,
2021joined with a colon
2022.Pq Ql \&: .
2023Extending the default list in this way is only necessary
2024when third party file system types are used.
2025.It Va syslogd_enable
2026.Pq Vt bool
2027If set to
2028.Dq Li YES ,
2029run the
2030.Xr syslogd 8
2031daemon.
2032.It Va syslogd_program
2033.Pq Vt str
2034Path to
2035.Xr syslogd 8
2036(default
2037.Pa /usr/sbin/syslogd ) .
2038.It Va syslogd_flags
2039.Pq Vt str
2040If
2041.Va syslogd_enable
2042is set to
2043.Dq Li YES ,
2044these are the flags to pass to
2045.Xr syslogd 8 .
2046.It Va inetd_enable
2047.Pq Vt bool
2048If set to
2049.Dq Li YES ,
2050run the
2051.Xr inetd 8
2052daemon.
2053.It Va inetd_program
2054.Pq Vt str
2055Path to
2056.Xr inetd 8
2057(default
2058.Pa /usr/sbin/inetd ) .
2059.It Va inetd_flags
2060.Pq Vt str
2061If
2062.Va inetd_enable
2063is set to
2064.Dq Li YES ,
2065these are the flags to pass to
2066.Xr inetd 8 .
2067.It Va hastd_enable
2068.Pq Vt bool
2069If set to
2070.Dq Li YES ,
2071run the
2072.Xr hastd 8
2073daemon.
2074.It Va hastd_program
2075.Pq Vt str
2076Path to
2077.Xr hastd 8
2078(default
2079.Pa /sbin/hastd ) .
2080.It Va hastd_flags
2081.Pq Vt str
2082If
2083.Va hastd_enable
2084is set to
2085.Dq Li YES ,
2086these are the flags to pass to
2087.Xr hastd 8 .
2088.It Va local_unbound_enable
2089.Pq Vt bool
2090If set to
2091.Dq Li YES ,
2092run the
2093.Xr unbound 8
2094daemon as a local caching resolver.
2095.It Va kerberos5_server_enable
2096.Pq Vt bool
2097Set to
2098.Dq Li YES
2099to start a Kerberos 5 authentication server
2100at boot time.
2101.It Va kerberos5_server
2102.Pq Vt str
2103If
2104.Va kerberos5_server_enable
2105is set to
2106.Dq Li YES
2107this is the path to Kerberos 5 Authentication Server.
2108.It Va kerberos5_server_flags
2109.Pq Vt str
2110Empty by default.
2111This variable contains additional flags to be passed to the Kerberos 5
2112authentication server.
2113.It Va kadmind5_server_enable
2114.Pq Vt bool
2115Set to
2116.Dq Li YES
2117to start
2118.Xr kadmind 8 ,
2119the Kerberos 5 Administration Daemon; set to
2120.Dq Li NO
2121on a slave server.
2122.It Va kadmind5_server
2123.Pq Vt str
2124If
2125.Va kadmind5_server_enable
2126is set to
2127.Dq Li YES
2128this is the path to Kerberos 5 Administration Daemon.
2129.It Va kpasswdd_server_enable
2130.Pq Vt bool
2131Set to
2132.Dq Li YES
2133to start
2134.Xr kpasswdd 8 ,
2135the Kerberos 5 Password-Changing Daemon; set to
2136.Dq Li NO
2137on a slave server.
2138.It Va kpasswdd_server
2139.Pq Vt str
2140If
2141.Va kpasswdd_server_enable
2142is set to
2143.Dq Li YES
2144this is the path to Kerberos 5 Password-Changing Daemon.
2145.It Va kfd_enable
2146.Pq Vt bool
2147Set to
2148.Dq Li YES
2149to start
2150.Xr kfd 8 ,
2151the Kerberos 5 ticket forwarding daemon, at the boot time.
2152.It Va kfd_program
2153.Pq Vt str
2154Path to
2155.Xr kfd 8
2156(default
2157.Pa /usr/libexec/kfd ) .
2158.It Va rwhod_enable
2159.Pq Vt bool
2160If set to
2161.Dq Li YES ,
2162run the
2163.Xr rwhod 8
2164daemon at boot time.
2165.It Va rwhod_flags
2166.Pq Vt str
2167If
2168.Va rwhod_enable
2169is set to
2170.Dq Li YES ,
2171these are the flags to pass to it.
2172.It Va amd_enable
2173.Pq Vt bool
2174If set to
2175.Dq Li YES ,
2176run the
2177.Xr amd 8
2178daemon at boot time.
2179.It Va amd_flags
2180.Pq Vt str
2181If
2182.Va amd_enable
2183is set to
2184.Dq Li YES ,
2185these are the flags to pass to it.
2186See the
2187.Xr amd 8
2188manpage for more information.
2189.It Va amd_map_program
2190.Pq Vt str
2191If set,
2192the specified program is run to get the list of
2193.Xr amd 8
2194maps.
2195For example, if the
2196.Xr amd 8
2197maps are stored in NIS, one can set this to
2198run
2199.Xr ypcat 1
2200to get a list of
2201.Xr amd 8
2202maps from the
2203.Pa amd.master
2204NIS map.
2205.It Va update_motd
2206.Pq Vt bool
2207If set to
2208.Dq Li YES ,
2209.Pa /etc/motd
2210will be updated at boot time to reflect the kernel release
2211being run.
2212If set to
2213.Dq Li NO ,
2214.Pa /etc/motd
2215will not be updated.
2216.It Va nfs_client_enable
2217.Pq Vt bool
2218If set to
2219.Dq Li YES ,
2220run the NFS client daemons at boot time.
2221.It Va nfs_access_cache
2222.Pq Vt int
2223If
2224.Va nfs_client_enable
2225is set to
2226.Dq Li YES ,
2227this can be set to
2228.Dq Li 0
2229to disable NFS ACCESS RPC caching, or to the number of seconds for which
2230NFS ACCESS
2231results should be cached.
2232A value of 2-10 seconds will substantially reduce network
2233traffic for many NFS operations.
2234.It Va nfs_server_enable
2235.Pq Vt bool
2236If set to
2237.Dq Li YES ,
2238run the NFS server daemons at boot time.
2239.It Va nfs_server_flags
2240.Pq Vt str
2241If
2242.Va nfs_server_enable
2243is set to
2244.Dq Li YES ,
2245these are the flags to pass to the
2246.Xr nfsd 8
2247daemon.
2248.It Va nfsv4_server_enable
2249.Pq Vt bool
2250If
2251.Va nfs_server_enable
2252is set to
2253.Dq Li YES
2254and
2255.Va nfsv4_server_enable
2256are set to
2257.Dq Li YES ,
2258enable the server for NFSv4 as well as NFSv2 and NFSv3.
2259.It Va nfsuserd_enable
2260.Pq Vt bool
2261If
2262.Va nfsuserd_enable
2263is set to
2264.Dq Li YES ,
2265run the nfsuserd daemon, which is needed for NFSv4 in order
2266to map between user/group names vs uid/gid numbers.
2267If
2268.Va nfsv4_server_enable
2269is set to
2270.Dq Li YES ,
2271this will be forced enabled.
2272.It Va nfsuserd_flags
2273.Pq Vt str
2274If
2275.Va nfsuserd_enable
2276is set to
2277.Dq Li YES ,
2278these are the flags to pass to the
2279.Xr nfsuserd 8
2280daemon.
2281.It Va nfscbd_enable
2282.Pq Vt bool
2283If
2284.Va nfscbd_enable
2285is set to
2286.Dq Li YES ,
2287run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2288.It Va nfscbd_flags
2289.Pq Vt str
2290If
2291.Va nfscbd_enable
2292is set to
2293.Dq Li YES ,
2294these are the flags to pass to the
2295.Xr nfscbd 8
2296daemon.
2297.It Va oldnfs_server_enable
2298.Pq Vt bool
2299If
2300.Va oldnfs_server_enable
2301is set to
2302.Dq Li YES ,
2303force the NFS server daemons to run the old NFS server code
2304that does not support NFSv4.
2305.It Va mountd_enable
2306.Pq Vt bool
2307If set to
2308.Dq Li YES ,
2309and no
2310.Va nfs_server_enable
2311is set, start
2312.Xr mountd 8 ,
2313but not
2314.Xr nfsd 8
2315daemon.
2316It is commonly needed to run CFS without real NFS used.
2317.It Va mountd_flags
2318.Pq Vt str
2319If
2320.Va mountd_enable
2321is set to
2322.Dq Li YES ,
2323these are the flags to pass to the
2324.Xr mountd 8
2325daemon.
2326.It Va weak_mountd_authentication
2327.Pq Vt bool
2328If set to
2329.Dq Li YES ,
2330allow services like PCNFSD to make non-privileged mount
2331requests.
2332.It Va nfs_reserved_port_only
2333.Pq Vt bool
2334If set to
2335.Dq Li YES ,
2336provide NFS services only on a secure port.
2337.It Va nfs_bufpackets
2338.Pq Vt int
2339If set to a number, indicates the number of packets worth of
2340socket buffer space to reserve on an NFS client.
2341The kernel default is typically 4.
2342Using a higher number may be
2343useful on gigabit networks to improve performance.
2344The minimum value is
23452 and the maximum is 64.
2346.It Va rpc_lockd_enable
2347.Pq Vt bool
2348If set to
2349.Dq Li YES
2350and also an NFS server or client, run
2351.Xr rpc.lockd 8
2352at boot time.
2353.It Va rpc_lockd_flags
2354.Pq Vt str
2355If
2356.Va rpc_lockd_enable
2357is set to
2358.Dq Li YES ,
2359these are the flags to pass to the
2360.Xr rpc.lockd 8
2361daemon.
2362.It Va rpc_statd_enable
2363.Pq Vt bool
2364If set to
2365.Dq Li YES
2366and also an NFS server or client, run
2367.Xr rpc.statd 8
2368at boot time.
2369.It Va rpc_statd_flags
2370.Pq Vt str
2371If
2372.Va rpc_statd_enable
2373is set to
2374.Dq Li YES ,
2375these are the flags to pass to the
2376.Xr rpc.statd 8
2377daemon.
2378.It Va rpcbind_program
2379.Pq Vt str
2380Path to
2381.Xr rpcbind 8
2382(default
2383.Pa /usr/sbin/rpcbind ) .
2384.It Va rpcbind_enable
2385.Pq Vt bool
2386If set to
2387.Dq Li YES ,
2388run the
2389.Xr rpcbind 8
2390service at boot time.
2391.It Va rpcbind_flags
2392.Pq Vt str
2393If
2394.Va rpcbind_enable
2395is set to
2396.Dq Li YES ,
2397these are the flags to pass to the
2398.Xr rpcbind 8
2399daemon.
2400.It Va keyserv_enable
2401.Pq Vt bool
2402If set to
2403.Dq Li YES ,
2404run the
2405.Xr keyserv 8
2406daemon on boot for running Secure RPC.
2407.It Va keyserv_flags
2408.Pq Vt str
2409If
2410.Va keyserv_enable
2411is set to
2412.Dq Li YES ,
2413these are the flags to pass to
2414.Xr keyserv 8
2415daemon.
2416.It Va pppoed_enable
2417.Pq Vt bool
2418If set to
2419.Dq Li YES ,
2420run the
2421.Xr pppoed 8
2422daemon at boot time to provide PPP over Ethernet services.
2423.It Va pppoed_ Ns Aq Ar provider
2424.Pq Vt str
2425.Xr pppoed 8
2426listens to requests to this
2427.Ar provider
2428and ultimately runs
2429.Xr ppp 8
2430with a
2431.Ar system
2432argument of the same name.
2433.It Va pppoed_flags
2434.Pq Vt str
2435Additional flags to pass to
2436.Xr pppoed 8 .
2437.It Va pppoed_interface
2438.Pq Vt str
2439The network interface to run
2440.Xr pppoed 8
2441on.
2442This is mandatory when
2443.Va pppoed_enable
2444is set to
2445.Dq Li YES .
2446.It Va timed_enable
2447.Pq Vt bool
2448If set to
2449.Dq Li YES ,
2450run the
2451.Xr timed 8
2452service at boot time.
2453This command is intended for networks of
2454machines where a consistent
2455.Dq "network time"
2456for all hosts must be established.
2457This is often useful in large NFS
2458environments where time stamps on files are expected to be consistent
2459network-wide.
2460.It Va timed_flags
2461.Pq Vt str
2462If
2463.Va timed_enable
2464is set to
2465.Dq Li YES ,
2466these are the flags to pass to the
2467.Xr timed 8
2468service.
2469.It Va ntpdate_enable
2470.Pq Vt bool
2471If set to
2472.Dq Li YES ,
2473run
2474.Xr ntpdate 8
2475at system startup.
2476This command is intended to
2477synchronize the system clock only
2478.Em once
2479from some standard reference.
2480.It Va ntpdate_config
2481.Pq Vt str
2482Configuration file for
2483.Xr ntpdate 8 .
2484Default
2485.Pa /etc/ntp.conf .
2486.It Va ntpdate_hosts
2487.Pq Vt str
2488A whitespace-separated list of NTP servers to synchronize with at startup.
2489The default is to use the servers listed in
2490.Va ntpdate_config ,
2491if that file exists.
2492.It Va ntpdate_program
2493.Pq Vt str
2494Path to
2495.Xr ntpdate 8
2496(default
2497.Pa /usr/sbin/ntpdate ) .
2498.It Va ntpdate_flags
2499.Pq Vt str
2500If
2501.Va ntpdate_enable
2502is set to
2503.Dq Li YES ,
2504these are the flags to pass to the
2505.Xr ntpdate 8
2506command (typically a hostname).
2507.It Va ntpd_enable
2508.Pq Vt bool
2509If set to
2510.Dq Li YES ,
2511run the
2512.Xr ntpd 8
2513command at boot time.
2514.It Va ntpd_program
2515.Pq Vt str
2516Path to
2517.Xr ntpd 8
2518(default
2519.Pa /usr/sbin/ntpd ) .
2520.It Va ntpd_config
2521.Pq Vt str
2522Path to
2523.Xr ntpd 8
2524configuration file.
2525Default
2526.Pa /etc/ntp.conf .
2527.It Va ntpd_flags
2528.Pq Vt str
2529If
2530.Va ntpd_enable
2531is set to
2532.Dq Li YES ,
2533these are the flags to pass to the
2534.Xr ntpd 8
2535daemon.
2536.It Va ntpd_sync_on_start
2537.Pq Vt bool
2538If set to
2539.Dq Li YES ,
2540.Xr ntpd 8
2541is run with the
2542.Fl g
2543flag, which syncs the system's clock on startup.
2544See
2545.Xr ntpd 8
2546for more information regarding the
2547.Fl g
2548option.
2549This is a preferred alternative to using
2550.Xr ntpdate 8
2551or specifying the
2552.Va ntpdate_enable
2553variable.
2554.It Va nis_client_enable
2555.Pq Vt bool
2556If set to
2557.Dq Li YES ,
2558run the
2559.Xr ypbind 8
2560service at system boot time.
2561.It Va nis_client_flags
2562.Pq Vt str
2563If
2564.Va nis_client_enable
2565is set to
2566.Dq Li YES ,
2567these are the flags to pass to the
2568.Xr ypbind 8
2569service.
2570.It Va nis_ypset_enable
2571.Pq Vt bool
2572If set to
2573.Dq Li YES ,
2574run the
2575.Xr ypset 8
2576daemon at system boot time.
2577.It Va nis_ypset_flags
2578.Pq Vt str
2579If
2580.Va nis_ypset_enable
2581is set to
2582.Dq Li YES ,
2583these are the flags to pass to the
2584.Xr ypset 8
2585daemon.
2586.It Va nis_server_enable
2587.Pq Vt bool
2588If set to
2589.Dq Li YES ,
2590run the
2591.Xr ypserv 8
2592daemon at system boot time.
2593.It Va nis_server_flags
2594.Pq Vt str
2595If
2596.Va nis_server_enable
2597is set to
2598.Dq Li YES ,
2599these are the flags to pass to the
2600.Xr ypserv 8
2601daemon.
2602.It Va nis_ypxfrd_enable
2603.Pq Vt bool
2604If set to
2605.Dq Li YES ,
2606run the
2607.Xr rpc.ypxfrd 8
2608daemon at system boot time.
2609.It Va nis_ypxfrd_flags
2610.Pq Vt str
2611If
2612.Va nis_ypxfrd_enable
2613is set to
2614.Dq Li YES ,
2615these are the flags to pass to the
2616.Xr rpc.ypxfrd 8
2617daemon.
2618.It Va nis_yppasswdd_enable
2619.Pq Vt bool
2620If set to
2621.Dq Li YES ,
2622run the
2623.Xr rpc.yppasswdd 8
2624daemon at system boot time.
2625.It Va nis_yppasswdd_flags
2626.Pq Vt str
2627If
2628.Va nis_yppasswdd_enable
2629is set to
2630.Dq Li YES ,
2631these are the flags to pass to the
2632.Xr rpc.yppasswdd 8
2633daemon.
2634.It Va rpc_ypupdated_enable
2635.Pq Vt bool
2636If set to
2637.Dq Li YES ,
2638run the
2639.Nm rpc.ypupdated
2640daemon at system boot time.
2641.It Va bsnmpd_enable
2642.Pq Vt bool
2643If set to
2644.Dq Li YES ,
2645run the
2646.Xr bsnmpd 1
2647daemon at system boot time.
2648Be sure to understand the security implications of running SNMP daemon
2649on your host.
2650.It Va bsnmpd_flags
2651.Pq Vt str
2652If
2653.Va bsnmpd_enable
2654is set to
2655.Dq Li YES ,
2656these are the flags to pass to the
2657.Xr bsnmpd 1
2658daemon.
2659.It Va defaultrouter
2660.Pq Vt str
2661If not set to
2662.Dq Li NO ,
2663create a default route to this host name or IP address
2664(use an IP address if this router is also required to get to the
2665name server!).
2666.It Va ipv6_defaultrouter
2667.Pq Vt str
2668The IPv6 equivalent of
2669.Va defaultrouter .
2670.It Va static_arp_pairs
2671.Pq Vt str
2672Set to the list of static ARP pairs that are to be added at system
2673boot time.
2674For each whitespace separated
2675.Ar element
2676in the value, a
2677.Va static_arp_ Ns Aq Ar element
2678variable is assumed to exist whose contents will later be passed to a
2679.Dq Nm arp Cm -S
2680operation.
2681For example
2682.Bd -literal
2683static_arp_pairs="gw"
2684static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2685.Ed
2686.It Va static_ndp_pairs
2687.Pq Vt str
2688Set to the list of static NDP pairs that are to be added at system
2689boot time.
2690For each whitespace separated
2691.Ar element
2692in the value, a
2693.Va static_ndp_ Ns Aq Ar element
2694variable is assumed to exist whose contents will later be passed to a
2695.Dq Nm ndp Cm -s
2696operation.
2697For example
2698.Bd -literal
2699static_ndp_pairs="gw"
2700static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2701.Ed
2702.It Va static_routes
2703.Pq Vt str
2704Set to the list of static routes that are to be added at system
2705boot time.
2706If not set to
2707.Dq Li NO
2708then for each whitespace separated
2709.Ar element
2710in the value, a
2711.Va route_ Ns Aq Ar element
2712variable is assumed to exist
2713whose contents will later be passed to a
2714.Dq Nm route Cm add
2715operation.
2716For example:
2717.Bd -literal
2718static_routes="ext mcast:gif0 gif0local:gif0"
2719route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2720route_mcast="-net 224.0.0.0/4 -iface gif0"
2721route_gif0local="-host 169.254.1.1 -iface lo0"
2722.Ed
2723.Pp
2724When an
2725.Ar element
2726is in the form of
2727.Li name:ifname ,
2728the route is specific to the interface
2729.Li ifname .
2730.It Va ipv6_static_routes
2731.Pq Vt str
2732The IPv6 equivalent of
2733.Va static_routes .
2734If not set to
2735.Dq Li NO
2736then for each whitespace separated
2737.Ar element
2738in the value, a
2739.Va ipv6_route_ Ns Aq Ar element
2740variable is assumed to exist
2741whose contents will later be passed to a
2742.Dq Nm route Cm add Fl inet6
2743operation.
2744.It Va natm_static_routes
2745.Pq Vt str
2746The
2747.Xr natmip 4
2748equivalent of
2749.Va static_routes .
2750If not empty then for each whitespace separated
2751.Ar element
2752in the value, a
2753.Va route_ Ns Aq Ar element
2754variable is assumed to exist whose contents will later be passed to a
2755.Dq Nm atmconfig Cm natm Cm add
2756operation.
2757.It Va gateway_enable
2758.Pq Vt bool
2759If set to
2760.Dq Li YES ,
2761configure host to act as an IP router, e.g.\& to forward packets
2762between interfaces.
2763.It Va ipv6_gateway_enable
2764.Pq Vt bool
2765The IPv6 equivalent of
2766.Va gateway_enable .
2767.It Va routed_enable
2768.Pq Vt bool
2769If set to
2770.Dq Li YES ,
2771run a routing daemon of some sort, based on the
2772settings of
2773.Va routed_program
2774and
2775.Va routed_flags .
2776.It Va route6d_enable
2777.Pq Vt bool
2778The IPv6 equivalent of
2779.Va routed_enable .
2780If set to
2781.Dq Li YES ,
2782run a routing daemon of some sort, based on the
2783settings of
2784.Va route6d_program
2785and
2786.Va route6d_flags .
2787.It Va routed_program
2788.Pq Vt str
2789If
2790.Va routed_enable
2791is set to
2792.Dq Li YES ,
2793this is the name of the routing daemon to use.
2794.It Va route6d_program
2795.Pq Vt str
2796The IPv6 equivalent of
2797.Va routed_program .
2798.It Va routed_flags
2799.Pq Vt str
2800If
2801.Va routed_enable
2802is set to
2803.Dq Li YES ,
2804these are the flags to pass to the routing daemon.
2805.It Va route6d_flags
2806.Pq Vt str
2807The IPv6 equivalent of
2808.Va routed_flags .
2809.It Va mrouted_enable
2810.Pq Vt bool
2811If set to
2812.Dq Li YES ,
2813run the multicast routing daemon,
2814.Xr mrouted 8 .
2815.It Va mroute6d_enable
2816.Pq Vt bool
2817The IPv6 equivalent of
2818.Va mrouted_enable .
2819If set to
2820.Dq Li YES ,
2821run the IPv6 multicast routing daemon.
2822.Pp
2823Note that multicast routing daemons are no longer included in the
2824.Fx
2825base system, however, both
2826.Xr mrouted 8
2827and
2828.Xr pim6dd 8
2829may be installed from the
2830.Fx
2831Ports Collection.
2832.It Va mrouted_flags
2833.Pq Vt str
2834If
2835.Va mrouted_enable
2836is set to
2837.Dq Li YES ,
2838these are the flags to pass to the
2839.Xr mrouted 8
2840daemon.
2841.It Va mroute6d_flags
2842.Pq Vt str
2843The IPv6 equivalent of
2844.Va mrouted_flags .
2845If
2846.Va mroute6d_enable
2847is set to
2848.Dq Li YES ,
2849these are the flags passed to the IPv6 multicast routing daemon.
2850.It Va mroute6d_program
2851.Pq Vt str
2852If
2853.Va mroute6d_enable
2854is set to
2855.Dq Li YES ,
2856this is the path to the IPv6 multicast routing daemon.
2857.It Va rtadvd_enable
2858.Pq Vt bool
2859If set to
2860.Dq Li YES ,
2861run the
2862.Xr rtadvd 8
2863daemon at boot time.
2864The
2865.Xr rtadvd 8
2866utility sends ICMPv6 Router Advertisement messages to
2867the interfaces specified in
2868.Va rtadvd_interfaces .
2869This should only be enabled with great care.
2870You may want to fine-tune
2871.Xr rtadvd.conf 5 .
2872.It Va rtadvd_interfaces
2873.Pq Vt str
2874If
2875.Va rtadvd_enable
2876is set to
2877.Dq Li YES
2878this is the list of interfaces to use.
2879.It Va arpproxy_all
2880.Pq Vt bool
2881If set to
2882.Dq Li YES ,
2883enable global proxy ARP.
2884.It Va forward_sourceroute
2885.Pq Vt bool
2886If set to
2887.Dq Li YES
2888and
2889.Va gateway_enable
2890is also set to
2891.Dq Li YES ,
2892source-routed packets are forwarded.
2893.It Va accept_sourceroute
2894.Pq Vt bool
2895If set to
2896.Dq Li YES ,
2897the system will accept source-routed packets directed at it.
2898.It Va rarpd_enable
2899.Pq Vt bool
2900If set to
2901.Dq Li YES ,
2902run the
2903.Xr rarpd 8
2904daemon at system boot time.
2905.It Va rarpd_flags
2906.Pq Vt str
2907If
2908.Va rarpd_enable
2909is set to
2910.Dq Li YES ,
2911these are the flags to pass to the
2912.Xr rarpd 8
2913daemon.
2914.It Va bootparamd_enable
2915.Pq Vt bool
2916If set to
2917.Dq Li YES ,
2918run the
2919.Xr bootparamd 8
2920daemon at system boot time.
2921.It Va bootparamd_flags
2922.Pq Vt str
2923If
2924.Va bootparamd_enable
2925is set to
2926.Dq Li YES ,
2927these are the flags to pass to the
2928.Xr bootparamd 8
2929daemon.
2930.It Va stf_interface_ipv4addr
2931.Pq Vt str
2932If not set to
2933.Dq Li NO ,
2934this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2935interface).
2936Specify this entry to enable the 6to4 interface.
2937.It Va stf_interface_ipv4plen
2938.Pq Vt int
2939Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2940An effective value is 0-31.
2941.It Va stf_interface_ipv6_ifid
2942.Pq Vt str
2943IPv6 interface ID for
2944.Xr stf 4 .
2945This can be set to
2946.Dq Li AUTO .
2947.It Va stf_interface_ipv6_slaid
2948.Pq Vt str
2949IPv6 Site Level Aggregator for
2950.Xr stf 4 .
2951.It Va ipv6_ipv4mapping
2952.Pq Vt bool
2953If set to
2954.Dq Li YES
2955this enables IPv4 mapped IPv6 address communication (like
2956.Li ::ffff:a.b.c.d ) .
2957.It Va rtsold_enable
2958.Pq Vt bool
2959Set to
2960.Dq Li YES
2961to enable the
2962.Xr rtsold 8
2963daemon to send ICMPv6 Router Solicitation messages.
2964.It Va rtsold_flags
2965.Pq Vt str
2966If
2967.Va rtsold_enable
2968is set to
2969.Dq Li YES ,
2970these are the flags to pass to
2971.Xr rtsold 8 .
2972.It Va rtsol_flags
2973.Pq Vt str
2974For interfaces configured with the
2975.Dq Li inet6 accept_rtadv
2976keyword, these are the flags to pass to
2977.Xr rtsol 8 .
2978.Pp
2979Note that
2980.Va rtsold_enable
2981is mutually exclusive to
2982.Va rtsol_flags ;
2983.Va rtsold_enable
2984takes precedence.
2985.It Va atm_enable
2986.Pq Vt bool
2987Set to
2988.Dq Li YES
2989to enable the configuration of ATM interfaces at system boot time.
2990For all of the ATM variables described below, please refer to the
2991.Xr atm 8
2992manual page for further details on the available command parameters.
2993Also refer to the files in
2994.Pa /usr/share/examples/atm
2995for more detailed configuration information.
2996.It Va atm_load
2997.Pq Vt str
2998This is a list of physical ATM interface drivers to load.
2999Typical values are
3000.Dq Li hfa_pci
3001and/or
3002.Dq Li hea_pci .
3003.It Va atm_netif_ Ns Aq Ar intf
3004.Pq Vt str
3005For the ATM physical interface
3006.Ar intf ,
3007this variable defines the name prefix and count for the ATM network
3008interfaces to be created.
3009The value will be passed as the parameters of an
3010.Dq Nm atm Cm "set netif" Ar intf
3011command.
3012.It Va atm_sigmgr_ Ns Aq Ar intf
3013.Pq Vt str
3014For the ATM physical interface
3015.Ar intf ,
3016this variable defines the ATM signalling manager to be used.
3017The value will be passed as the parameters of an
3018.Dq Nm atm Cm attach Ar intf
3019command.
3020.It Va atm_prefix_ Ns Aq Ar intf
3021.Pq Vt str
3022For the ATM physical interface
3023.Ar intf ,
3024this variable defines the NSAP prefix for interfaces using a UNI signalling
3025manager.
3026If set to
3027.Dq Li ILMI ,
3028the prefix will automatically be set via the
3029.Xr ilmid 8
3030daemon.
3031Otherwise, the value will be passed as the parameters of an
3032.Dq Nm atm Cm "set prefix" Ar intf
3033command.
3034.It Va atm_macaddr_ Ns Aq Ar intf
3035.Pq Vt str
3036For the ATM physical interface
3037.Ar intf ,
3038this variable defines the MAC address for interfaces using a UNI signalling
3039manager.
3040If set to
3041.Dq Li NO ,
3042the hardware MAC address contained in the ATM interface card will be used.
3043Otherwise, the value will be passed as the parameters of an
3044.Dq Nm atm Cm "set mac" Ar intf
3045command.
3046.It Va atm_arpserver_ Ns Aq Ar netif
3047.Pq Vt str
3048For the ATM network interface
3049.Ar netif ,
3050this variable defines the ATM address for a host which is to provide ATMARP
3051service.
3052This variable is only applicable to interfaces using a UNI signalling
3053manager.
3054If set to
3055.Dq Li local ,
3056this host will become an ATMARP server.
3057The value will be passed as the parameters of an
3058.Dq Nm atm Cm "set arpserver" Ar netif
3059command.
3060.It Va atm_scsparp_ Ns Aq Ar netif
3061.Pq Vt bool
3062If set to
3063.Dq Li YES ,
3064SCSP/ATMARP service for the network interface
3065.Ar netif
3066will be initiated using the
3067.Xr scspd 8
3068and
3069.Xr atmarpd 8
3070daemons.
3071This variable is only applicable if
3072.Va atm_arpserver_ Ns Aq Ar netif
3073is set to
3074.Dq Li local .
3075.It Va atm_pvcs
3076.Pq Vt str
3077Set to the list of ATM PVCs to be added at system
3078boot time.
3079For each whitespace separated
3080.Ar element
3081in the value, an
3082.Va atm_pvc_ Ns Aq Ar element
3083variable is assumed to exist.
3084The value of each of these variables
3085will be passed as the parameters of an
3086.Dq Nm atm Cm "add pvc"
3087command.
3088.It Va atm_arps
3089.Pq Vt str
3090Set to the list of permanent ATM ARP entries to be added
3091at system boot time.
3092For each whitespace separated
3093.Ar element
3094in the value, an
3095.Va atm_arp_ Ns Aq Ar element
3096variable is assumed to exist.
3097The value of each of these variables
3098will be passed as the parameters of an
3099.Dq Nm atm Cm "add arp"
3100command.
3101.It Va natm_interfaces
3102.Pq Vt str
3103Set to the list of
3104.Xr natm 4
3105interfaces that will also be used for HARP through
3106.Xr harp 4 .
3107If this list is not empty all interfaces in the list will be brought up
3108with
3109.Xr ifconfig 8
3110and
3111.Xr harp 4
3112will be loaded.
3113For this to work the interface drivers must be either compiled into the
3114kernel or must reside on the root partition.
3115.It Va keybell
3116.Pq Vt str
3117The keyboard bell sound.
3118Set to
3119.Dq Li normal ,
3120.Dq Li visual ,
3121.Dq Li off ,
3122or
3123.Dq Li NO
3124if the default behavior is desired.
3125For details, refer to the
3126.Xr kbdcontrol 1
3127manpage.
3128.It Va keyboard
3129.Pq Vt str
3130If set to a non-null string, the virtual console's keyboard input is
3131set to this device.
3132.It Va keymap
3133.Pq Vt str
3134If set to
3135.Dq Li NO ,
3136no keymap is installed, otherwise the value is used to install
3137the keymap file found in
3138.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3139(if using
3140.Xr syscons 4 ) or
3141.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3142(if using
3143.Xr vt 4 ) .
3144.It Va keyrate
3145.Pq Vt str
3146The keyboard repeat speed.
3147Set to
3148.Dq Li slow ,
3149.Dq Li normal ,
3150.Dq Li fast ,
3151or
3152.Dq Li NO
3153if the default behavior is desired.
3154.It Va keychange
3155.Pq Vt str
3156If not set to
3157.Dq Li NO ,
3158attempt to program the function keys with the value.
3159The value should
3160be a single string of the form:
3161.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3162.It Va cursor
3163.Pq Vt str
3164Can be set to the value of
3165.Dq Li normal ,
3166.Dq Li blink ,
3167.Dq Li destructive ,
3168or
3169.Dq Li NO
3170to set the cursor behavior explicitly or choose the default behavior.
3171.It Va scrnmap
3172.Pq Vt str
3173If set to
3174.Dq Li NO ,
3175no screen map is installed, otherwise the value is used to install
3176the screen map file in
3177.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3178This parameter is ignored when using
3179.Xr vt 4
3180as the console driver.
3181.It Va font8x16
3182.Pq Vt str
3183If set to
3184.Dq Li NO ,
3185the default 8x16 font value is used for screen size requests, otherwise
3186the value in
3187.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3188or
3189.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3190is used (depending on the console driver being used).
3191.It Va font8x14
3192.Pq Vt str
3193If set to
3194.Dq Li NO ,
3195the default 8x14 font value is used for screen size requests, otherwise
3196the value in
3197.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3198or
3199.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3200is used (depending on the console driver being used).
3201.It Va font8x8
3202.Pq Vt str
3203If set to
3204.Dq Li NO ,
3205the default 8x8 font value is used for screen size requests, otherwise
3206the value in
3207.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3208or
3209.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3210is used (depending on the console driver being used).
3211.It Va blanktime
3212.Pq Vt int
3213If set to
3214.Dq Li NO ,
3215the default screen blanking interval is used, otherwise it is set
3216to
3217.Ar value
3218seconds.
3219.It Va saver
3220.Pq Vt str
3221If not set to
3222.Dq Li NO ,
3223this is the actual screen saver to use
3224.Li ( blank , snake , daemon ,
3225etc).
3226.It Va moused_nondefault_enable
3227.Pq Vt str
3228If set to
3229.Dq Li NO ,
3230the mouse device specified on
3231the command line is not automatically treated as enabled by the
3232.Pa /etc/rc.d/moused
3233script.
3234Having this variable set to
3235.Dq Li YES
3236allows a
3237.Xr usb 4
3238mouse,
3239for example,
3240to be enabled as soon as it is plugged in.
3241.It Va moused_enable
3242.Pq Vt str
3243If set to
3244.Dq Li YES ,
3245the
3246.Xr moused 8
3247daemon is started for doing cut/paste selection on the console.
3248.It Va moused_type
3249.Pq Vt str
3250This is the protocol type of the mouse connected to this host.
3251This variable must be set if
3252.Va moused_enable
3253is set to
3254.Dq Li YES .
3255The
3256.Xr moused 8
3257daemon
3258is able to detect the appropriate mouse type automatically in many cases.
3259Set this variable to
3260.Dq Li auto
3261to let the daemon detect it, or
3262select one from the following list if the automatic detection fails.
3263.Pp
3264If the mouse is attached to the PS/2 mouse port, choose
3265.Dq Li auto
3266or
3267.Dq Li ps/2 ,
3268regardless of the brand and model of the mouse.
3269Likewise, if the
3270mouse is attached to the bus mouse port, choose
3271.Dq Li auto
3272or
3273.Dq Li busmouse .
3274All other protocols are for serial mice and will not work with
3275the PS/2 and bus mice.
3276If this is a USB mouse,
3277.Dq Li auto
3278is the only protocol type which will work.
3279.Pp
3280.Bl -tag -width ".Li x10mouseremote" -compact
3281.It Li microsoft
3282Microsoft mouse (serial)
3283.It Li intellimouse
3284Microsoft IntelliMouse (serial)
3285.It Li mousesystems
3286Mouse systems Corp.\& mouse (serial)
3287.It Li mmseries
3288MM Series mouse (serial)
3289.It Li logitech
3290Logitech mouse (serial)
3291.It Li busmouse
3292A bus mouse
3293.It Li mouseman
3294Logitech MouseMan and TrackMan (serial)
3295.It Li glidepoint
3296ALPS GlidePoint (serial)
3297.It Li thinkingmouse
3298Kensington ThinkingMouse (serial)
3299.It Li ps/2
3300PS/2 mouse
3301.It Li mmhittab
3302MM HitTablet (serial)
3303.It Li x10mouseremote
3304X10 MouseRemote (serial)
3305.It Li versapad
3306Interlink VersaPad (serial)
3307.El
3308.Pp
3309Even if the mouse is not in the above list, it may be compatible
3310with one in the list.
3311Refer to the manual page for
3312.Xr moused 8
3313for compatibility information.
3314.Pp
3315It should also be noted that while this is enabled, any
3316other client of the mouse (such as an X server) should access
3317the mouse through the virtual mouse device,
3318.Pa /dev/sysmouse ,
3319and configure it as a
3320.Dq Li sysmouse
3321type mouse, since all
3322mouse data is converted to this single canonical format when
3323using
3324.Xr moused 8 .
3325If the client program does not support the
3326.Dq Li sysmouse
3327type,
3328specify the
3329.Dq Li mousesystems
3330type.
3331It is the second preferred type.
3332.It Va moused_port
3333.Pq Vt str
3334If
3335.Va moused_enable
3336is set to
3337.Dq Li YES ,
3338this is the actual port the mouse is on.
3339It might be
3340.Pa /dev/cuau0
3341for a COM1 serial mouse,
3342.Pa /dev/psm0
3343for a PS/2 mouse or
3344.Pa /dev/mse0
3345for a bus mouse, for example.
3346.It Va moused_flags
3347.Pq Vt str
3348If
3349.Va moused_flags
3350is set, its value is used as an additional set of flags to pass to the
3351.Xr moused 8
3352daemon.
3353.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3354When
3355.Va moused_nondefault_enable
3356is enabled, and a
3357.Xr moused 8
3358daemon is started for a non-default port, the
3359.Va "moused_" Ns Ar XXX Ns Va "_flags"
3360set of options has precedence over and replaces the default
3361.Va moused_flags
3362(where
3363.Ar XXX
3364is the name of the non-default port, i.e.,\&
3365.Ar ums0 ) .
3366By setting
3367.Va "moused_" Ns Ar XXX Ns Va "_flags"
3368it is possible to set up a different set of default flags for each
3369.Xr moused 8
3370instance.
3371For example, you can use
3372.Dq Li "-3"
3373for the default
3374.Va moused_flags
3375to make your laptop's touchpad more comfortable to use,
3376but an empty set of options for
3377.Va moused_ums0_flags
3378when your
3379.Xr usb 4
3380mouse has three or more buttons.
3381.It Va mousechar_start
3382.Pq Vt int
3383If set to
3384.Dq Li NO ,
3385the default mouse cursor character range
3386.Li 0xd0 Ns - Ns Li 0xd3
3387is used,
3388otherwise the range start is set
3389to
3390.Ar value
3391character, see
3392.Xr vidcontrol 1 .
3393Use if the default range is occupied in the language code table.
3394.It Va allscreens_flags
3395.Pq Vt str
3396If set,
3397.Xr vidcontrol 1
3398is run with these options for each of the virtual terminals
3399.Pq Pa /dev/ttyv* .
3400For example,
3401.Dq Fl m Cm on
3402will enable the mouse pointer on all virtual terminals
3403if
3404.Va moused_enable
3405is set to
3406.Dq Li YES .
3407.It Va allscreens_kbdflags
3408.Pq Vt str
3409If set,
3410.Xr kbdcontrol 1
3411is run with these options for each of the virtual terminals
3412.Pq Pa /dev/ttyv* .
3413For example,
3414.Dq Fl h Li 200
3415will set the
3416.Xr syscons 4
3417or
3418.Xr vt 4
3419scrollback (history) buffer to 200 lines.
3420.It Va cron_enable
3421.Pq Vt bool
3422If set to
3423.Dq Li YES ,
3424run the
3425.Xr cron 8
3426daemon at system boot time.
3427.It Va cron_program
3428.Pq Vt str
3429Path to
3430.Xr cron 8
3431(default
3432.Pa /usr/sbin/cron ) .
3433.It Va cron_flags
3434.Pq Vt str
3435If
3436.Va cron_enable
3437is set to
3438.Dq Li YES ,
3439these are the flags to pass to
3440.Xr cron 8 .
3441.It Va cron_dst
3442.Pq Vt bool
3443If set to
3444.Dq Li YES ,
3445enable the special handling of transitions to and from the
3446Daylight Saving Time in
3447.Xr cron 8
3448(equivalent to using the flag
3449.Fl s ) .
3450.It Va lpd_program
3451.Pq Vt str
3452Path to
3453.Xr lpd 8
3454(default
3455.Pa /usr/sbin/lpd ) .
3456.It Va lpd_enable
3457.Pq Vt bool
3458If set to
3459.Dq Li YES ,
3460run the
3461.Xr lpd 8
3462daemon at system boot time.
3463.It Va lpd_flags
3464.Pq Vt str
3465If
3466.Va lpd_enable
3467is set to
3468.Dq Li YES ,
3469these are the flags to pass to the
3470.Xr lpd 8
3471daemon.
3472.It Va chkprintcap_enable
3473.Pq Vt bool
3474If set to
3475.Dq Li YES ,
3476run the
3477.Xr chkprintcap 8
3478command before starting the
3479.Xr lpd 8
3480daemon.
3481.It Va chkprintcap_flags
3482.Pq Vt str
3483If
3484.Va lpd_enable
3485and
3486.Va chkprintcap_enable
3487are set to
3488.Dq Li YES ,
3489these are the flags to pass to the
3490.Xr chkprintcap 8
3491program.
3492The default is
3493.Dq Li -d ,
3494which causes missing directories to be created.
3495.It Va mta_start_script
3496.Pq Vt str
3497This variable specifies the full path to the script to run to start
3498a mail transfer agent.
3499The default is
3500.Pa /etc/rc.sendmail .
3501The
3502.Va sendmail_*
3503variables which
3504.Pa /etc/rc.sendmail
3505uses are documented in the
3506.Xr rc.sendmail 8
3507manual page.
3508.It Va dumpdev
3509.Pq Vt str
3510Indicates the device (usually a swap partition) to which a crash dump
3511should be written in the event of a system crash.
3512If the value of this variable is
3513.Dq Li AUTO ,
3514the first suitable swap device listed in
3515.Pa /etc/fstab
3516will be used as dump device.
3517Otherwise, the value of this variable is passed as the argument to
3518.Xr dumpon 8 .
3519To disable crash dumps, set this variable to
3520.Dq Li NO .
3521.It Va dumpdir
3522.Pq Vt str
3523When the system reboots after a crash and a crash dump is found on the
3524device specified by the
3525.Va dumpdev
3526variable,
3527.Xr savecore 8
3528will save that crash dump and a copy of the kernel to the directory
3529specified by the
3530.Va dumpdir
3531variable.
3532The default value is
3533.Pa /var/crash .
3534Set to
3535.Dq Li NO
3536to not run
3537.Xr savecore 8
3538at boot time when
3539.Va dumpdir
3540is set.
3541.It Va savecore_flags
3542.Pq Vt str
3543If crash dumps are enabled, these are the flags to pass to the
3544.Xr savecore 8
3545utility.
3546.It Va quota_enable
3547.Pq Vt bool
3548Set to
3549.Dq Li YES
3550to turn on user and group disk quotas on system startup via the
3551.Xr quotaon 8
3552command for all file systems marked as having quotas enabled in
3553.Pa /etc/fstab .
3554The kernel must be built with
3555.Cd "options QUOTA"
3556for disk quotas to function.
3557.It Va check_quotas
3558.Pq Vt bool
3559Set to
3560.Dq Li YES
3561to enable user and group disk quota checking via the
3562.Xr quotacheck 8
3563command.
3564.It Va quotacheck_flags
3565.Pq Vt str
3566If
3567.Va quota_enable
3568is set to
3569.Dq Li YES ,
3570and
3571.Va check_quotas
3572is set to
3573.Dq Li YES ,
3574these are the flags to pass to the
3575.Xr quotacheck 8
3576utility.
3577The default is
3578.Dq Li "-a" ,
3579which checks quotas for all file systems with quotas enabled in
3580.Pa /etc/fstab .
3581.It Va quotaon_flags
3582.Pq Vt str
3583If
3584.Va quota_enable
3585is set to
3586.Dq Li YES ,
3587these are the flags to pass to the
3588.Xr quotaon 8
3589utility.
3590The default is
3591.Dq Li "-a" ,
3592which enables quotas for all file systems with quotas enabled in
3593.Pa /etc/fstab .
3594.It Va quotaoff_flags
3595.Pq Vt str
3596If
3597.Va quota_enable
3598is set to
3599.Dq Li YES ,
3600these are the flags to pass to the
3601.Xr quotaoff 8
3602utility when shutting down the quota system.
3603The default is
3604.Dq Li "-a" ,
3605which disables quotas for all file systems with quotas enabled in
3606.Pa /etc/fstab .
3607.It Va accounting_enable
3608.Pq Vt bool
3609Set to
3610.Dq Li YES
3611to enable system accounting through the
3612.Xr accton 8
3613facility.
3614.It Va ibcs2_enable
3615.Pq Vt bool
3616Set to
3617.Dq Li YES
3618to enable iBCS2 (SCO) binary emulation at system initial boot
3619time.
3620.It Va ibcs2_loaders
3621.Pq Vt str
3622If not set to
3623.Dq Li NO
3624and if
3625.Va ibcs2_enable
3626is set to
3627.Dq Li YES ,
3628this specifies a list of additional iBCS2 loaders to enable.
3629.It Va firstboot_sentinel
3630.Pq Vt str
3631This variable specifies the full path to a
3632.Dq first boot
3633sentinel file.
3634If a file exists with this path,
3635.Pa rc.d
3636scripts with the
3637.Dq firstboot
3638keyword will be run on startup and the sentinel file will be deleted
3639after the boot process completes.
3640The sentinel file must be located on a writable file system which is
3641mounted no later than
3642.Va early_late_divider
3643to function properly.
3644The default is
3645.Pa /firstboot .
3646.It Va linux_enable
3647.Pq Vt bool
3648Set to
3649.Dq Li YES
3650to enable Linux/ELF binary emulation at system initial
3651boot time.
3652.It Va svr4_enable
3653.Pq Vt bool
3654If set to
3655.Dq Li YES ,
3656enable SysVR4 emulation at boot time.
3657.It Va sysvipc_enable
3658.Pq Vt bool
3659If set to
3660.Dq Li YES ,
3661load System V IPC primitives at boot time.
3662.It Va clear_tmp_enable
3663.Pq Vt bool
3664Set to
3665.Dq Li YES
3666to have
3667.Pa /tmp
3668cleaned at startup.
3669.It Va clear_tmp_X
3670.Pq Vt bool
3671Set to
3672.Dq Li NO
3673to disable removing of X11 lock files,
3674and the removal and (secure) recreation
3675of the various socket directories for X11
3676related programs.
3677.It Va ldconfig_paths
3678.Pq Vt str
3679Set to the list of shared library paths to use with
3680.Xr ldconfig 8 .
3681NOTE:
3682.Pa /usr/lib
3683will always be added first, so it need not appear in this list.
3684.It Va ldconfig32_paths
3685.Pq Vt str
3686Set to the list of 32-bit compatibility shared library paths to
3687use with
3688.Xr ldconfig 8 .
3689.It Va ldconfig_paths_aout
3690.Pq Vt str
3691Set to the list of shared library paths to use with
3692.Xr ldconfig 8
3693legacy
3694.Xr a.out 5
3695support.
3696.It Va ldconfig_insecure
3697.Pq Vt bool
3698The
3699.Xr ldconfig 8
3700utility normally refuses to use directories
3701which are writable by anyone except root.
3702Set this variable to
3703.Dq Li YES
3704to disable that security check during system startup.
3705.It Va ldconfig_local_dirs
3706.Pq Vt str
3707Set to the list of local
3708.Xr ldconfig 8
3709directories.
3710The names of all files in the directories listed will be
3711passed as arguments to
3712.Xr ldconfig 8 .
3713.It Va ldconfig_local32_dirs
3714.Pq Vt str
3715Set to the list of local 32-bit compatibility
3716.Xr ldconfig 8
3717directories.
3718The names of all files in the directories listed will be
3719passed as arguments to
3720.Dq Nm ldconfig Fl 32 .
3721.It Va kern_securelevel_enable
3722.Pq Vt bool
3723Set to
3724.Dq Li YES
3725to set the kernel security level at system startup.
3726.It Va kern_securelevel
3727.Pq Vt int
3728The kernel security level to set at startup.
3729The allowed range of
3730.Ar value
3731ranges from \-1 (the compile time default) to 3 (the
3732most secure).
3733See
3734.Xr security 7
3735for the list of possible security levels and their effect
3736on system operation.
3737.It Va sshd_program
3738.Pq Vt str
3739Path to the SSH server program
3740.Pa ( /usr/sbin/sshd
3741is the default).
3742.It Va sshd_enable
3743.Pq Vt bool
3744Set to
3745.Dq Li YES
3746to start
3747.Xr sshd 8
3748at system boot time.
3749.It Va sshd_flags
3750.Pq Vt str
3751If
3752.Va sshd_enable
3753is set to
3754.Dq Li YES ,
3755these are the flags to pass to the
3756.Xr sshd 8
3757daemon.
3758.It Va ftpd_program
3759.Pq Vt str
3760Path to the FTP server program
3761.Pa ( /usr/libexec/ftpd
3762is the default).
3763.It Va ftpd_enable
3764.Pq Vt bool
3765Set to
3766.Dq Li YES
3767to start
3768.Xr ftpd 8
3769as a stand-alone daemon at system boot time.
3770.It Va ftpd_flags
3771.Pq Vt str
3772If
3773.Va ftpd_enable
3774is set to
3775.Dq Li YES ,
3776these are the additional flags to pass to the
3777.Xr ftpd 8
3778daemon.
3779.It Va watchdogd_enable
3780.Pq Vt bool
3781If set to
3782.Dq Li YES ,
3783start the
3784.Xr watchdogd 8
3785daemon at boot time.
3786This requires that the kernel have been compiled with a
3787.Xr watchdog 4
3788compatible device.
3789.It Va watchdogd_flags
3790.Pq Vt str
3791If
3792.Va watchdogd_enable
3793is set to
3794.Dq Li YES ,
3795these are the flags passed to the
3796.Xr watchdogd 8
3797daemon.
3798.It Va devfs_rulesets
3799.Pq Vt str
3800List of files containing sets of rules for
3801.Xr devfs 8 .
3802.It Va devfs_system_ruleset
3803.Pq Vt str
3804Rule name(s) to apply to the system
3805.Pa /dev
3806itself.
3807.It Va devfs_set_rulesets
3808.Pq Vt str
3809Pairs of already-mounted
3810.Pa dev
3811directories and rulesets that should be applied to them.
3812For example: /mount/dev=ruleset_name
3813.It Va devfs_load_rulesets
3814.Pq Vt bool
3815If set, always load the default rulesets listed in
3816.Va devfs_rulesets .
3817.It Va performance_cx_lowest
3818.Pq Vt str
3819CPU idle state to use while on AC power.
3820The string
3821.Dq Li LOW
3822indicates that
3823.Xr acpi 4
3824should use the lowest power state available while
3825.Dq Li HIGH
3826indicates that the lowest latency state (less power savings) should be used.
3827.It Va performance_cpu_freq
3828.Pq Vt str
3829CPU clock frequency to use while on AC power.
3830The string
3831.Dq Li LOW
3832indicates that
3833.Xr cpufreq 4
3834should use the lowest frequency available while
3835.Dq Li HIGH
3836indicates that the highest frequency (less power savings) should be used.
3837.It Va economy_cx_lowest
3838.Pq Vt str
3839CPU idle state to use when off AC power.
3840The string
3841.Dq Li LOW
3842indicates that
3843.Xr acpi 4
3844should use the lowest power state available while
3845.Dq Li HIGH
3846indicates that the lowest latency state (less power savings) should be used.
3847.It Va economy_cpu_freq
3848.Pq Vt str
3849CPU clock frequency to use when off AC power.
3850The string
3851.Dq Li LOW
3852indicates that
3853.Xr cpufreq 4
3854should use the lowest frequency available while
3855.Dq Li HIGH
3856indicates that the highest frequency (less power savings) should be used.
3857.It Va jail_enable
3858.Pq Vt bool
3859If set to
3860.Dq Li NO ,
3861any configured jails will not be started.
3862.It Va jail_conf
3863.Pq Vt str
3864The configuration filename used by
3865.Xr jail 8
3866utility.
3867The default value is
3868.Pa /etc/jail.conf .
3869.It Va jail_parallel_start
3870.Pq Vt bool
3871If set to
3872.Dq Li YES ,
3873all configured jails will be started in the background (in parallel).
3874.It Va jail_flags
3875.Pq Vt str
3876Unset by default.
3877When set, use as default value for
3878.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3879for every jail in
3880.Va jail_list .
3881.It Va jail_list
3882.Pq Vt str
3883A space separated list of names for jails.
3884If this variable is empty,
3885all of
3886.Xr jail 8
3887instances in the configuration file will be configured.
3888This is purely a configuration aid to help identify and
3889configure multiple jails.
3890The names specified in this list will be used to
3891identify settings common to an instance of a jail,
3892and should contain alphanumeric characters only.
3893The literal jail name of
3894.Dq Li 0
3895.Pq zero
3896is not allowed.
3897.It Va jail_* variables
3898Note that older releases supported per-jail configuration via
3899.Xr rc.conf 5
3900variables.
3901For example,
3902hostname of a jail named
3903.Li vjail
3904was able to be set by
3905.Li jail_vjail_hostname .
3906These per-jail configuration variables are now obsolete in favor of
3907.Xr jail 8
3908configuration file.
3909For backward compatibility,
3910when per-jail configuration variables are defined,
3911.Xr jail 8
3912configuration files are created as
3913.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3914and used.
3915.Pp
3916The following per-jail parameters are handled by
3917.Pa rc.d/jail
3918script out of their corresponding
3919.Nm
3920variables.
3921In addition to them, parameters in
3922.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3923will be added to the configuration file.
3924They must be a semi-colon
3925.Pq Ql \&;
3926delimited list of
3927.Dq key=value .
3928For more details,
3929see
3930.Xr jail 8
3931manual page.
3932.Bl  -tag -width "host.hostname" -offset indent
3933.It Li path
3934set from
3935.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3936.It Li host.hostname
3937set from
3938.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3939.It Li exec.consolelog
3940set from
3941.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3942The default value is
3943.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3944.It Li interface
3945set from
3946.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3947.It Li vnet.interface
3948set from
3949.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3950This implies
3951.Li vnet
3952parameter will be enabled and cannot be specified with
3953.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3954.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3955and/or
3956.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3957at the same time.
3958.It Li fstab
3959set from
3960.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3961.It Li mount
3962set from
3963.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
3964.It Li exec.fib
3965set from
3966.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3967.It Li exec.start
3968set from
3969.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
3970The parameter name was
3971.Li command
3972in some older releases.
3973.It Li exec.prestart
3974set from
3975.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
3976.It Li exec.poststart
3977set from
3978.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
3979.It Li exec.stop
3980set from
3981.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3982.It Li exec.prestop
3983set from
3984.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
3985.It Li exec.poststop
3986set from
3987.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
3988.It Li ip4.addr
3989set if
3990.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3991or
3992.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3993contain IPv4 addresses
3994.It Li ip6.addr
3995set if
3996.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3997or
3998.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3999contain IPv6 addresses
4000.It Li allow.mount
4001set from
4002.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
4003.It Li mount.devfs
4004set from
4005.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
4006.It Li devfs_ruleset
4007set from
4008.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
4009This must be an integer,
4010not a string.
4011.It Li mount.fdescfs
4012set from
4013.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
4014.It Li allow.set_hostname
4015set from
4016.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4017.It Li allow.rawsocket
4018set from
4019.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4020.It Li allow.sysvipc
4021set from
4022.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4023.El
4024.\" -----------------------------------------------------
4025.It Va harvest_interrupt
4026.Pq Vt bool
4027Set to
4028.Dq Li YES
4029to use hardware interrupts as an entropy source.
4030Refer to
4031.Xr random 4
4032for more information.
4033.It Va harvest_ethernet
4034.Pq Vt bool
4035Set to
4036.Dq Li YES
4037to use LAN traffic as an entropy source.
4038Refer to
4039.Xr random 4
4040for more information.
4041.It Va harvest_p_to_p
4042.Pq Vt bool
4043Set to
4044.Dq Li YES
4045to use serial line traffic as an entropy source.
4046Refer to
4047.Xr random 4
4048for more information.
4049.It Va entropy_dir
4050.Pq Vt str
4051Set to
4052.Dq Li NO
4053to disable caching entropy via
4054.Xr cron 8 .
4055Otherwise set to the directory used to store entropy files in.
4056.It Va entropy_file
4057.Pq Vt str
4058Set to
4059.Dq Li NO
4060to disable caching entropy through reboots.
4061Otherwise set to the filename used to store cached entropy through
4062reboots.
4063This file should be located on the root file system to seed the
4064.Xr random 4
4065device as early as possible in the boot process.
4066.It Va entropy_save_sz
4067.Pq Vt int
4068Size of the entropy cache files saved by
4069.Nm save-entropy
4070periodically.
4071.It Va entropy_save_num
4072.Pq Vt int
4073Number of entropy cache files to save by
4074.Nm save-entropy
4075periodically.
4076.It Va ipsec_enable
4077.Pq Vt bool
4078Set to
4079.Dq Li YES
4080to run
4081.Xr setkey 8
4082on
4083.Va ipsec_file
4084at boot time.
4085.It Va ipsec_file
4086.Pq Vt str
4087Configuration file for
4088.Xr setkey 8 .
4089.It Va dmesg_enable
4090.Pq Vt bool
4091Set to
4092.Dq Li YES
4093to save
4094.Xr dmesg 8
4095to
4096.Pa /var/run/dmesg.boot
4097on boot.
4098.It Va rcshutdown_timeout
4099.Pq Vt int
4100If set, start a watchdog timer in the background which will terminate
4101.Pa rc.shutdown
4102if
4103.Xr shutdown 8
4104has not completed within the specified time (in seconds).
4105Notice that in addition to this soft timeout,
4106.Xr init 8
4107also applies a hard timeout for the execution of
4108.Pa rc.shutdown .
4109This is configured via
4110.Xr sysctl 8
4111variable
4112.Va kern.init_shutdown_timeout
4113and defaults to 120 seconds.
4114Setting the value of
4115.Va rcshutdown_timeout
4116to more than 120 seconds will have no effect until the
4117.Xr sysctl 8
4118variable
4119.Va kern.init_shutdown_timeout
4120is also increased.
4121.It Va virecover_enable
4122.Pq Vt bool
4123Set to
4124.Dq Li NO
4125to prevent the system from trying to
4126recover pre-maturely terminated
4127.Xr vi 1
4128sessions.
4129.It Va ugidfw_enable
4130.Pq Vt bool
4131Set to
4132.Dq Li YES
4133to load the
4134.Xr mac_bsdextended 4
4135module upon system initialization and load a default
4136ruleset file.
4137.It Va bsdextended_script
4138.Pq Vt str
4139The default
4140.Xr mac_bsdextended 4
4141ruleset file to load.
4142The default value of this variable is
4143.Pa /etc/rc.bsdextended .
4144.It Va newsyslog_enable
4145.Pq Vt bool
4146If set to
4147.Dq Li YES ,
4148run
4149.Xr newsyslog 8
4150command at startup.
4151.It Va newsyslog_flags
4152.Pq Vt str
4153If
4154.Va newsyslog_enable
4155is set to
4156.Dq Li YES ,
4157these are the flags to pass to the
4158.Xr newsyslog 8
4159program.
4160The default is
4161.Dq Li -CN ,
4162which causes log files flagged with a
4163.Cm C
4164to be created.
4165.It Va mdconfig_md Ns Aq Ar X
4166.Pq Vt str
4167Arguments to
4168.Xr mdconfig 8
4169for
4170.Xr md 4
4171device
4172.Ar X .
4173At minimum a
4174.Fl t Ar type
4175must be specified and either a
4176.Fl s Ar size
4177for malloc or swap backed
4178.Xr md 4
4179devices or a
4180.Fl f Ar file
4181for vnode backed
4182.Xr md 4
4183devices.
4184Note that
4185.Va mdconfig_md Ns Aq Ar X
4186variables are evaluated until one variable is unset or null.
4187.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4188.Pq Vt str
4189Optional arguments passed to
4190.Xr newfs 8
4191to initialize
4192.Xr md 4
4193device
4194.Ar X .
4195.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4196.Pq Vt str
4197An ownership specification passed to
4198.Xr chown 8
4199after the specified
4200.Xr md 4
4201device
4202.Ar X
4203has been mounted.
4204Both the
4205.Xr md 4
4206device and the mount point will be changed.
4207.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4208.Pq Vt str
4209A mode string passed to
4210.Xr chmod 1
4211after the specified
4212.Xr md 4
4213device
4214.Ar X
4215has been mounted.
4216Both the
4217.Xr md 4
4218device and the mount point will be changed.
4219.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4220.Pq Vt str
4221Files to be copied to the mount point of the
4222.Xr md 4
4223device
4224.Ar X
4225after it has been mounted.
4226.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4227.Pq Vt str
4228Command to execute after the specified
4229.Xr md 4
4230device
4231.Ar X
4232has been mounted.
4233Note that the command is passed to
4234.Ic eval
4235and that both
4236.Va _dev
4237and
4238.Va _mp
4239variables can be used to reference respectively the
4240.Xr md 4
4241device and the mount point.
4242Assuming that the
4243.Xr md 4
4244device is
4245.Li md0 ,
4246one could set the following:
4247.Bd -literal
4248mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4249.Ed
4250.It Va autobridge_interfaces
4251.Pq Vt str
4252Set to the list of bridge interfaces that will have newly arriving interfaces
4253checked against to be automatically added.
4254If not set to
4255.Dq Li NO
4256then for each whitespace separated
4257.Ar element
4258in the value, a
4259.Va autobridge_ Ns Aq Ar element
4260variable is assumed to exist which has a whitespace separated list of interface
4261names to match, these names can use wildcards.
4262For example:
4263.Bd -literal
4264autobridge_interfaces="bridge0"
4265autobridge_bridge0="tap* dc0 vlan[345]"
4266.Ed
4267.It Va mixer_enable
4268.Pq Vt bool
4269If set to
4270.Dq Li YES ,
4271enable support for sound mixer.
4272.It Va hcsecd_enable
4273.Pq Vt bool
4274If set to
4275.Dq Li YES ,
4276enable Bluetooth security daemon.
4277.It Va hcsecd_config
4278.Pq Vt str
4279Configuration file for
4280.Xr hcsecd 8 .
4281Default
4282.Pa /etc/bluetooth/hcsecd.conf .
4283.It Va sdpd_enable
4284.Pq Vt bool
4285If set to
4286.Dq Li YES ,
4287enable Bluetooth Service Discovery Protocol daemon.
4288.It Va sdpd_control
4289.Pq Vt str
4290Path to
4291.Xr sdpd 8
4292control socket.
4293Default
4294.Pa /var/run/sdp .
4295.It Va sdpd_groupname
4296.Pq Vt str
4297Sets
4298.Xr sdpd 8
4299group to run as after it initializes.
4300Default
4301.Dq Li nobody .
4302.It Va sdpd_username
4303.Pq Vt str
4304Sets
4305.Xr sdpd 8
4306user to run as after it initializes.
4307Default
4308.Dq Li nobody .
4309.It Va bthidd_enable
4310.Pq Vt bool
4311If set to
4312.Dq Li YES ,
4313enable Bluetooth Human Interface Device daemon.
4314.It Va bthidd_config
4315.Pq Vt str
4316Configuration file for
4317.Xr bthidd 8 .
4318Default
4319.Pa /etc/bluetooth/bthidd.conf .
4320.It Va bthidd_hids
4321.Pq Vt str
4322Path to a file, where
4323.Xr bthidd 8
4324will store information about known HID devices.
4325Default
4326.Pa /var/db/bthidd.hids .
4327.It Va rfcomm_pppd_server_enable
4328.Pq Vt bool
4329If set to
4330.Dq Li YES ,
4331enable Bluetooth RFCOMM PPP wrapper daemon.
4332.It Va rfcomm_pppd_server_profile
4333.Pq Vt str
4334The name of the profile to use from
4335.Pa /etc/ppp/ppp.conf .
4336Multiple profiles can be specified here.
4337Also used to specify per-profile overrides.
4338When the profile name contains any of the characters
4339.Dq Li .-/+
4340they are translated to
4341.Dq Li _
4342for the proposes of the override variable names.
4343.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4344.Pq Vt str
4345Overrides local address to listen on.
4346By default
4347.Xr rfcomm_pppd 8
4348will listen on
4349.Dq Li ANY
4350address.
4351The address can be specified as BD_ADDR or name.
4352.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4353.Pq Vt str
4354Overrides local RFCOMM channel to listen on.
4355By default
4356.Xr rfcomm_pppd 8
4357will listen on RFCOMM channel 1.
4358Must set properly if multiple profiles used in the same time.
4359.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4360.Pq Vt bool
4361Tells
4362.Xr rfcomm_pppd 8
4363if it should register Serial Port service on the specified RFCOMM channel.
4364Default
4365.Dq Li NO .
4366.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4367.Pq Vt bool
4368Tells
4369.Xr rfcomm_pppd 8
4370if it should register Dial-Up Networking service on the specified
4371RFCOMM channel.
4372Default
4373.Dq Li NO .
4374.It Va ubthidhci_enable
4375.Pq Vt bool
4376If set to
4377.Dq Li YES ,
4378change the USB Bluetooth controller from HID mode to HCI mode.
4379You also need to specify the location of USB Bluetooth controller with the
4380.Va ubthidhci_busnum
4381and
4382.Va ubthidhci_addr
4383variables.
4384.It Va ubthidhci_busnum
4385Bus number where the USB Bluetooth controller is located.
4386Check the output of
4387.Xr usbconfig 8
4388on your system to find this information.
4389.It Va ubthidhci_addr
4390Bus address of the USB Bluetooth controller.
4391Check the output of
4392.Xr usbconfig 8
4393on your system to find this information.
4394.It Va netwait_enable
4395.Pq Vt bool
4396If set to
4397.Dq Li YES ,
4398delays the start of network-reliant services until
4399.Va netwait_if
4400is up and ICMP packets to a destination defined in
4401.Va netwait_ip
4402are flowing.
4403Link state is examined first, followed by
4404.Dq Li pinging
4405an IP address to verify network usability.
4406If no destination can be reached or timeouts are exceeded,
4407network services are started anyway with no guarantee that
4408the network is usable.
4409Use of this variable requires both
4410.Va netwait_ip
4411and
4412.Va netwait_if
4413to be set.
4414.It Va netwait_ip
4415.Pq Vt str
4416Empty by default.
4417This variable contains a space-delimited list of IP addresses to
4418.Xr ping 8 .
4419DNS hostnames should not be used as resolution is not guaranteed
4420to be functional at this point.
4421If multiple IP addresses are specified,
4422each will be tried until one is successful or the list is exhausted.
4423.It Va netwait_timeout
4424.Pq Vt int
4425Indicates the total number of seconds to perform a
4426.Dq Li ping
4427against each IP address in
4428.Va netwait_ip ,
4429at a rate of one ping per second.
4430If any of the pings are successful,
4431full network connectivity is considered reliable.
4432The default is 60.
4433.It Va netwait_if
4434.Pq Vt str
4435Empty by default.
4436Defines the name of the network interface on which watch for link.
4437.Xr ifconfig 8
4438is used to monitor the interface, looking for
4439.Dq Li status: no carrier .
4440Once gone, the link is considered up.
4441This can be a
4442.Xr vlan 4
4443interface if desired.
4444.It Va netwait_if_timeout
4445.Pq Vt int
4446Defines the total number of seconds to wait for link to become usable,
4447polled at a 1-second interval.
4448The default is 30.
4449.It Va rctl_enable
4450.Pq Vt bool
4451Set to
4452.Dq Li YES
4453to load
4454.Xr rctl 8
4455rules from the defined ruleset.
4456The kernel must be built with
4457.Cd "options RACCT"
4458and
4459.Cd "options RCTL" .
4460.It Va rctl_rules
4461.Pq Vt str
4462Set to
4463.Pa /etc/rctl.conf
4464by default.
4465This variables contains the
4466.Xr rctl.conf 5
4467ruleset to load for
4468.Xr rctl 8 .
4469.El
4470.Sh FILES
4471.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4472.It Pa /etc/defaults/rc.conf
4473.It Pa /etc/rc.conf
4474.It Pa /etc/rc.conf.local
4475.El
4476.Sh SEE ALSO
4477.Xr catman 1 ,
4478.Xr chmod 1 ,
4479.Xr gdb 1 ,
4480.Xr info 1 ,
4481.Xr kbdcontrol 1 ,
4482.Xr makewhatis 1 ,
4483.Xr sh 1 ,
4484.Xr vi 1 ,
4485.Xr vidcontrol 1 ,
4486.Xr bridge 4 ,
4487.Xr dummynet 4 ,
4488.Xr ip 4 ,
4489.Xr ipf 4 ,
4490.Xr ipfw 4 ,
4491.Xr ipnat 4 ,
4492.Xr kld 4 ,
4493.Xr pf 4 ,
4494.Xr pflog 4 ,
4495.Xr pfsync 4 ,
4496.Xr tcp 4 ,
4497.Xr udp 4 ,
4498.Xr exports 5 ,
4499.Xr fstab 5 ,
4500.Xr ipf 5 ,
4501.Xr ipnat 5 ,
4502.Xr jail.conf 5 ,
4503.Xr motd 5 ,
4504.Xr newsyslog.conf 5 ,
4505.Xr pf.conf 5 ,
4506.Xr security 7 ,
4507.Xr accton 8 ,
4508.Xr amd 8 ,
4509.Xr apm 8 ,
4510.Xr atm 8 ,
4511.Xr bthidd 8 ,
4512.Xr chkprintcap 8 ,
4513.Xr chown 8 ,
4514.Xr cron 8 ,
4515.Xr devfs 8 ,
4516.Xr dhclient 8 ,
4517.Xr ftpd 8 ,
4518.Xr geli 8 ,
4519.Xr hcsecd 8 ,
4520.Xr ifconfig 8 ,
4521.Xr inetd 8 ,
4522.Xr ipf 8 ,
4523.Xr ipfw 8 ,
4524.Xr ipnat 8 ,
4525.Xr jail 8 ,
4526.Xr kldxref 8 ,
4527.Xr lpd 8 ,
4528.Xr mdconfig 8 ,
4529.Xr mdmfs 8 ,
4530.Xr mixer 8 ,
4531.Xr mountd 8 ,
4532.Xr moused 8 ,
4533.Xr mrouted 8 ,
4534.Xr newfs 8 ,
4535.Xr newsyslog 8 ,
4536.Xr nfsd 8 ,
4537.Xr ntpd 8 ,
4538.Xr ntpdate 8 ,
4539.Xr pfctl 8 ,
4540.Xr pflogd 8 ,
4541.Xr ping 8 ,
4542.Xr powerd 8 ,
4543.Xr quotacheck 8 ,
4544.Xr quotaon 8 ,
4545.Xr rc 8 ,
4546.Xr rc.sendmail 8 ,
4547.Xr rfcomm_pppd 8 ,
4548.Xr route 8 ,
4549.Xr routed 8 ,
4550.Xr rpcbind 8 ,
4551.Xr rpc.lockd 8 ,
4552.Xr rpc.statd 8 ,
4553.Xr rwhod 8 ,
4554.Xr savecore 8 ,
4555.Xr sdpd 8 ,
4556.Xr sshd 8 ,
4557.Xr swapon 8 ,
4558.Xr sysctl 8 ,
4559.Xr syslogd 8 ,
4560.Xr timed 8 ,
4561.Xr unbound 8 ,
4562.Xr usbconfig 8 ,
4563.Xr wlandebug 8 ,
4564.Xr yp 8 ,
4565.Xr ypbind 8 ,
4566.Xr ypserv 8 ,
4567.Xr ypset 8
4568.Sh HISTORY
4569The
4570.Nm
4571file appeared in
4572.Fx 2.2.2 .
4573.Sh AUTHORS
4574.An Jordan K. Hubbard .
4575