1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd September 11, 2014 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory or 74.Ao Ar dir Ac Ns Pa /rc.conf.d 75directories specified in 76.Va local_startup , 77which will be included by the 78.Va load_rc_config 79function. 80For jail configurations you could use the file 81.Pa /etc/rc.conf.d/jail 82to store jail specific configuration options. 83If 84.Va local_startup 85contains 86.Pa /usr/local/etc/rc.d 87and 88.Pa /opt/conf , 89.Pa /usr/local/rc.conf.d/jail 90and 91.Pa /opt/conf/rc.conf.d/jail 92will be loaded. 93If 94.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 95is a directory, 96all of files in the directory will be loaded. 97Also see the 98.Va rc_conf_files 99variable below. 100.Pp 101Options are set with 102.Dq Ar name Ns Li = Ns Ar value 103assignments that use 104.Xr sh 1 105syntax. 106The following list provides a name and short description for each 107variable that can be set in the 108.Nm 109file: 110.Bl -tag -width indent-two 111.It Va rc_debug 112.Pq Vt bool 113If set to 114.Dq Li YES , 115enable output of debug messages from rc scripts. 116This variable can be helpful in diagnosing mistakes when 117editing or integrating new scripts. 118Beware that this produces copious output to the terminal and 119.Xr syslog 3 . 120.It Va rc_info 121.Pq Vt bool 122If set to 123.Dq Li NO , 124disable informational messages from the rc scripts. 125Informational messages are displayed when 126a condition that is not serious enough to warrant a warning or 127an error occurs. 128.It Va rc_startmsgs 129.Pq Vt bool 130If set to 131.Dq Li YES , 132show 133.Dq Starting foo: 134when faststart is used (e.g., at boot time). 135.It Va early_late_divider 136.Pq Vt str 137The name of the script that should be used as the 138delimiter between the 139.Dq early 140and 141.Dq late 142stages of the boot process. 143The early stage should contain all the services needed to 144get the disks (local or remote) mounted so that the late 145stage can include scripts contained in the directories 146listed in the 147.Va local_startup 148variable (see below). 149Thus, the two likely candidates for this value are 150.Pa mountcritlocal 151for the typical system, and 152.Pa mountcritremote 153if the system needs remote file 154systems mounted to get access to the 155.Va local_startup 156directories; for example when 157.Pa /usr/local 158is NFS mounted. 159For 160.Pa rc.conf 161within a 162.Xr jail 8 163.Pa NETWORKING 164is likely to be an appropriate value. 165Extreme care should be taken when changing this value, 166and before changing it one should ensure that there are 167adequate provisions to recover from a failed boot 168(such as physical contact with the machine, 169or reliable remote console access). 170.It Va always_force_depends 171.Pq Vt bool 172Various 173.Pa rc.d 174scripts use the force_depend function to check whether required 175services are already running, and to start them if necessary. 176By default during boot time this check is bypassed if the 177required service is enabled in 178.Pa /etc/rc.conf[.local] . 179Setting this option will bypass that check at boot time and 180always test whether or not the service is actually running. 181Enabling this option is likely to increase your boot time if 182services are enabled that utilize the force_depend check. 183.It Ao Ar name Ac Ns Va _chroot 184.Pq Vt str 185.Xr chroot 186to this directory before running the service. 187.It Ao Ar name Ac Ns Va _user 188.Pq Vt str 189Run the service under this user account. 190.It Ao Ar name Ac Ns Va _group 191.Pq Vt str 192Run the chrooted service under this system group. Unlike the _user 193setting, this setting has no effect if the service is not chrooted. 194.It Ao Ar name Ac Ns Va _fib 195.Pq Vt int 196The 197.Xr setfib 1 198value to run the service under. 199.It Ao Ar name Ac Ns Va _nice 200.Pq Vt int 201The 202.Xr nice 1 203value to run the service under. 204.It Va apm_enable 205.Pq Vt bool 206If set to 207.Dq Li YES , 208enable support for Automatic Power Management with 209the 210.Xr apm 8 211command. 212.It Va apmd_enable 213.Pq Vt bool 214Run 215.Xr apmd 8 216to handle APM event from userland. 217This also enables support for APM. 218.It Va apmd_flags 219.Pq Vt str 220If 221.Va apmd_enable 222is set to 223.Dq Li YES , 224these are the flags to pass to the 225.Xr apmd 8 226daemon. 227.It Va devd_enable 228.Pq Vt bool 229Run 230.Xr devd 8 231to handle device added, removed or unknown events from the kernel. 232.It Va ddb_enable 233.Pq Vt bool 234Run 235.Xr ddb 8 236to install 237.Xr ddb 4 238scripts at boot time. 239.It Va ddb_config 240.Pq Vt str 241Configuration file for 242.Xr ddb 8 . 243Default 244.Pa /etc/ddb.conf . 245.It Va kld_list 246.Pq Vt str 247A list of kernel modules to load right after the local 248disks are mounted. 249Loading modules at this point in the boot process is 250much faster than doing it via 251.Pa /boot/loader.conf 252for those modules not necessary for mounting local disk. 253.It Va kldxref_enable 254.Pq Vt bool 255Set to 256.Dq Li NO 257by default. 258Set to 259.Dq Li YES 260to automatically rebuild 261.Pa linker.hints 262files with 263.Xr kldxref 8 264at boot time. 265.It Va kldxref_clobber 266.Pq Vt bool 267Set to 268.Dq Li NO 269by default. 270If 271.Va kldxref_enable 272is true, 273setting to 274.Dq Li YES 275will overwrite existing 276.Pa linker.hints 277files at boot time. 278Otherwise, 279only missing 280.Pa linker.hints 281files are generated. 282.It Va kldxref_module_path 283.Pq Vt str 284Empty by default. 285A semi-colon 286.Pq Ql \&; 287delimited list of paths containing 288.Xr kld 4 289modules. 290If empty, 291the contents of the 292.Va kern.module_path 293.Xr sysctl 8 294are used. 295.It Va powerd_enable 296.Pq Vt bool 297If set to 298.Dq Li YES , 299enable the system power control facility with the 300.Xr powerd 8 301daemon. 302.It Va powerd_flags 303.Pq Vt str 304If 305.Va powerd_enable 306is set to 307.Dq Li YES , 308these are the flags to pass to the 309.Xr powerd 8 310daemon. 311.It Va tmpmfs 312Controls the creation of a 313.Pa /tmp 314memory file system. 315Always happens if set to 316.Dq Li YES 317and never happens if set to 318.Dq Li NO . 319If set to anything else, a memory file system is created if 320.Pa /tmp 321is not writable. 322.It Va tmpsize 323Controls the size of a created 324.Pa /tmp 325memory file system. 326.It Va tmpmfs_flags 327Extra options passed to the 328.Xr mdmfs 8 329utility when the memory file system for 330.Pa /tmp 331is created. 332The default is 333.Dq Li "-S" , 334which inhibits the use of softupdates on 335.Pa /tmp 336so that file system space is freed without delay 337after file truncation or deletion. 338See 339.Xr mdmfs 8 340for other options you can use in 341.Va tmpmfs_flags . 342.It Va varmfs 343Controls the creation of a 344.Pa /var 345memory file system. 346Always happens if set to 347.Dq Li YES 348and never happens if set to 349.Dq Li NO . 350If set to anything else, a memory file system is created if 351.Pa /var 352is not writable. 353.It Va varsize 354Controls the size of a created 355.Pa /var 356memory file system. 357.It Va varmfs_flags 358Extra options passed to the 359.Xr mdmfs 8 360utility when the memory file system for 361.Pa /var 362is created. 363The default is 364.Dq Li "-S" , 365which inhibits the use of softupdates on 366.Pa /var 367so that file system space is freed without delay 368after file truncation or deletion. 369See 370.Xr mdmfs 8 371for other options you can use in 372.Va varmfs_flags . 373.It Va populate_var 374Controls the automatic population of the 375.Pa /var 376file system. 377Always happens if set to 378.Dq Li YES 379and never happens if set to 380.Dq Li NO . 381If set to anything else, a memory file system is created if 382.Pa /var 383is not writable. 384Note that this process requires access to certain commands in 385.Pa /usr 386before 387.Pa /usr 388is mounted on normal systems. 389.It Va cleanvar_enable 390.Pq Vt bool 391Clean the 392.Pa /var 393directory. 394.It Va local_startup 395.Pq Vt str 396List of directories to search for startup script files. 397.It Va script_name_sep 398.Pq Vt str 399The field separator to use for breaking down the list of startup script files 400into individual filenames. 401The default is a space. 402It is not necessary to change this unless there are startup scripts with names 403containing spaces. 404.It Va hostapd_enable 405.Pq Vt bool 406Set to 407.Dq Li YES 408to start 409.Xr hostapd 8 410at system boot time. 411.It Va hostname 412.Pq Vt str 413The fully qualified domain name (FQDN) of this host on the network. 414This should almost certainly be set to something meaningful, even if 415there is no network connection. 416If 417.Xr dhclient 8 418is used to set the hostname via DHCP, 419this variable should be set to an empty string. 420If this value remains unset when the system is done booting 421your console login will display the default hostname of 422.Dq Amnesiac . 423.It Va nisdomainname 424.Pq Vt str 425The NIS domain name of this host, or 426.Dq Li NO 427if NIS is not used. 428.It Va dhclient_program 429.Pq Vt str 430Path to the DHCP client program 431.Pa ( /sbin/dhclient , 432the 433.Ox 434DHCP client, 435is the default). 436.It Va dhclient_flags 437.Pq Vt str 438Additional flags to pass to the DHCP client program. 439For the 440.Ox 441DHCP client, see the 442.Xr dhclient 8 443manpage for a description of the command line options available. 444.It Va dhclient_flags_ Ns Aq Ar iface 445Additional flags to pass to the DHCP client program running on 446.Ar iface 447only. 448When specified, this variable overrides 449.Va dhclient_flags . 450.It Va background_dhclient 451.Pq Vt bool 452Set to 453.Dq Li YES 454to start the DHCP client in background. 455This can cause trouble with applications depending on 456a working network, but it will provide a faster startup 457in many cases. 458.It Va background_dhclient_ Ns Aq Ar iface 459When specified, this variable overrides the 460.Va background_dhclient 461variable for interface 462.Ar iface 463only. 464.It Va synchronous_dhclient 465.Pq Vt bool 466Set to 467.Dq Li YES 468to start 469.Xr dhclient 8 470synchronously at startup. 471This behavior can be overridden on a per-interface basis by replacing 472the 473.Dq Li DHCP 474keyword in the 475.Va ifconfig_ Ns Aq Ar interface 476variable with 477.Dq Li SYNCDHCP 478or 479.Dq Li NOSYNCDHCP . 480.It Va defaultroute_delay 481.Pq Vt int 482When set to a positive value, wait up to this long after configuring 483DHCP interfaces at startup to give the interfaces time to receive a lease. 484.It Va firewall_enable 485.Pq Vt bool 486Set to 487.Dq Li YES 488to load firewall rules at startup. 489If the kernel was not built with 490.Cd "options IPFIREWALL" , 491the 492.Pa ipfw.ko 493kernel module will be loaded. 494See also 495.Va ipfilter_enable . 496.It Va firewall_script 497.Pq Vt str 498This variable specifies the full path to the firewall script to run. 499The default is 500.Pa /etc/rc.firewall . 501.It Va firewall_type 502.Pq Vt str 503Names the firewall type from the selection in 504.Pa /etc/rc.firewall , 505or the file which contains the local firewall ruleset. 506Valid selections from 507.Pa /etc/rc.firewall 508are: 509.Pp 510.Bl -tag -width ".Li simple" -compact 511.It Li open 512unrestricted IP access 513.It Li closed 514all IP services disabled, except via 515.Dq Li lo0 516.It Li client 517basic protection for a workstation 518.It Li simple 519basic protection for a LAN. 520.El 521.Pp 522If a filename is specified, the full path 523must be given. 524.It Va firewall_quiet 525.Pq Vt bool 526Set to 527.Dq Li YES 528to disable the display of firewall rules on the console during boot. 529.It Va firewall_logging 530.Pq Vt bool 531Set to 532.Dq Li YES 533to enable firewall event logging. 534This is equivalent to the 535.Dv IPFIREWALL_VERBOSE 536kernel option. 537.It Va firewall_logif 538.Pq Vt bool 539Set to 540.Dq Li YES 541to create pseudo interface 542.Li ipfw0 543for logging. 544For more details, see 545.Xr ipfw 8 546manual page. 547.It Va firewall_flags 548.Pq Vt str 549Flags passed to 550.Xr ipfw 8 551if 552.Va firewall_type 553specifies a filename. 554.It Va firewall_coscripts 555.Pq Vt str 556List of executables and/or rc scripts to run after firewall starts/stops. 557Default is empty. 558.\" ----- firewall_nat_enable setting -------------------------------- 559.It Va firewall_nat_enable 560.Pq Vt bool 561The 562.Xr ipfw 8 563equivalent of 564.Va natd_enable . 565Setting this to 566.Dq Li YES 567enables kernel NAT. 568.Va firewall_enable 569must also be set to 570.Dq Li YES . 571.It Va firewall_nat_interface 572.Pq Vt str 573The 574.Xr ipfw 8 575equivalent of 576.Va natd_interface . 577This is the name of the public interface or IP address on which 578kernel NAT should run. 579.It Va firewall_nat_flags 580.Pq Vt str 581Additional configuration parameters for kernel NAT should be placed here. 582.It Va dummynet_enable 583.Pq Vt bool 584Setting this to 585.Dq Li YES 586will automatically load the 587.Xr dummynet 4 588module if 589.Va firewall_enable 590is also set to 591.Dq Li YES . 592.\" ------------------------------------------------------------------- 593.It Va natd_program 594.Pq Vt str 595Path to 596.Xr natd 8 . 597.It Va natd_enable 598.Pq Vt bool 599Set to 600.Dq Li YES 601to enable 602.Xr natd 8 . 603.Va firewall_enable 604must also be set to 605.Dq Li YES , 606and 607.Xr divert 4 608sockets must be enabled in the kernel. 609If the kernel was not built with 610.Cd "options IPDIVERT" , 611the 612.Pa ipdivert.ko 613kernel module will be loaded. 614.It Va natd_interface 615.Pq Vt str 616This is the name of the public interface on which 617.Xr natd 8 618should run. 619The interface may be given as an interface name or as an IP address. 620.It Va natd_flags 621.Pq Vt str 622Additional 623.Xr natd 8 624flags should be placed here. 625The 626.Fl n 627or 628.Fl a 629flag is automatically added with the above 630.Va natd_interface 631as an argument. 632.\" ----- ipfilter_enable setting -------------------------------- 633.It Va ipfilter_enable 634.Pq Vt bool 635Set to 636.Dq Li NO 637by default. 638Setting this to 639.Dq Li YES 640enables 641.Xr ipf 8 642packet filtering. 643.Pp 644Typical usage will require putting 645.Bd -literal 646ipfilter_enable="YES" 647ipnat_enable="YES" 648ipmon_enable="YES" 649ipfs_enable="YES" 650.Ed 651.Pp 652into 653.Pa /etc/rc.conf 654and editing 655.Pa /etc/ipf.rules 656and 657.Pa /etc/ipnat.rules 658appropriately. 659.Pp 660Note that 661.Va ipfilter_enable 662and 663.Va ipnat_enable 664can be enabled independently. 665.Va ipmon_enable 666and 667.Va ipfs_enable 668both require at least one of 669.Va ipfilter_enable 670and 671.Va ipnat_enable 672to be enabled. 673.Pp 674Having 675.Bd -literal 676options IPFILTER 677options IPFILTER_LOG 678options IPFILTER_DEFAULT_BLOCK 679.Ed 680.Pp 681in the kernel configuration file is a good idea, too. 682.\" ----- ipfilter_program setting ------------------------------ 683.It Va ipfilter_program 684.Pq Vt str 685Path to 686.Xr ipf 8 687(default 688.Pa /sbin/ipf ) . 689.\" ----- ipfilter_rules setting -------------------------------- 690.It Va ipfilter_rules 691.Pq Vt str 692Set to 693.Pa /etc/ipf.rules 694by default. 695This variable contains the name of the filter rule definition file. 696The file is expected to be readable for the 697.Xr ipf 8 698command to execute. 699.\" ----- ipv6_ipfilter_rules setting --------------------------- 700.It Va ipv6_ipfilter_rules 701.Pq Vt str 702Set to 703.Pa /etc/ipf6.rules 704by default. 705This variable contains the IPv6 filter rule definition file. 706The file is expected to be readable for the 707.Xr ipf 8 708command to execute. 709.\" ----- ipfilter_flags setting -------------------------------- 710.It Va ipfilter_flags 711.Pq Vt str 712Empty by default. 713This variable contains flags passed to the 714.Xr ipf 8 715program. 716.\" ----- ipnat_enable setting ---------------------------------- 717.It Va ipnat_enable 718.Pq Vt bool 719Set to 720.Dq Li NO 721by default. 722Set it to 723.Dq Li YES 724to enable 725.Xr ipnat 8 726network address translation. 727See 728.Va ipfilter_enable 729for a detailed discussion. 730.\" ----- ipnat_program setting --------------------------------- 731.It Va ipnat_program 732.Pq Vt str 733Path to 734.Xr ipnat 8 735(default 736.Pa /sbin/ipnat ) . 737.\" ----- ipnat_rules setting ----------------------------------- 738.It Va ipnat_rules 739.Pq Vt str 740Set to 741.Pa /etc/ipnat.rules 742by default. 743This variable contains the name of the file 744holding the network address translation definition. 745This file is expected to be readable for the 746.Xr ipnat 8 747command to execute. 748.\" ----- ipnat_flags setting ----------------------------------- 749.It Va ipnat_flags 750.Pq Vt str 751Empty by default. 752This variable contains flags passed to the 753.Xr ipnat 8 754program. 755.\" ----- ipmon_enable setting ---------------------------------- 756.It Va ipmon_enable 757.Pq Vt bool 758Set to 759.Dq Li NO 760by default. 761Set it to 762.Dq Li YES 763to enable 764.Xr ipmon 8 765monitoring (logging 766.Xr ipf 8 767and 768.Xr ipnat 8 769events). 770Setting this variable needs setting 771.Va ipfilter_enable 772or 773.Va ipnat_enable 774too. 775See 776.Va ipfilter_enable 777for a detailed discussion. 778.\" ----- ipmon_program setting --------------------------------- 779.It Va ipmon_program 780.Pq Vt str 781Path to 782.Xr ipmon 8 783(default 784.Pa /sbin/ipmon ) . 785.\" ----- ipmon_flags setting ----------------------------------- 786.It Va ipmon_flags 787.Pq Vt str 788Set to 789.Dq Li -Ds 790by default. 791This variable contains flags passed to the 792.Xr ipmon 8 793program. 794Another typical example would be 795.Dq Fl D Pa /var/log/ipflog 796to have 797.Xr ipmon 8 798log directly to a file bypassing 799.Xr syslogd 8 . 800Make sure to adjust 801.Pa /etc/newsyslog.conf 802in such case like this: 803.Bd -literal 804/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 805.Ed 806.\" ----- ipfs_enable setting ----------------------------------- 807.It Va ipfs_enable 808.Pq Vt bool 809Set to 810.Dq Li NO 811by default. 812Set it to 813.Dq Li YES 814to enable 815.Xr ipfs 8 816saving the filter and NAT state tables during shutdown 817and reloading them during startup again. 818Setting this variable needs setting 819.Va ipfilter_enable 820or 821.Va ipnat_enable 822to 823.Dq Li YES 824too. 825See 826.Va ipfilter_enable 827for a detailed discussion. 828Note that if 829.Va kern_securelevel 830is set to 3, 831.Va ipfs_enable 832cannot be used 833because the raised securelevel will prevent 834.Xr ipfs 8 835from saving the state tables at shutdown time. 836.\" ----- ipfs_program setting ---------------------------------- 837.It Va ipfs_program 838.Pq Vt str 839Path to 840.Xr ipfs 8 841(default 842.Pa /sbin/ipfs ) . 843.\" ----- ipfs_flags setting ------------------------------------ 844.It Va ipfs_flags 845.Pq Vt str 846Empty by default. 847This variable contains flags passed to the 848.Xr ipfs 8 849program. 850.\" ----- end of added ipf hook --------------------------------- 851.It Va pf_enable 852.Pq Vt bool 853Set to 854.Dq Li NO 855by default. 856Setting this to 857.Dq Li YES 858enables 859.Xr pf 4 860packet filtering. 861.Pp 862Typical usage will require putting 863.Pp 864.Dl pf_enable="YES" 865.Pp 866into 867.Pa /etc/rc.conf 868and editing 869.Pa /etc/pf.conf 870appropriately. 871Adding 872.Pp 873.Dl "device pf" 874.Pp 875builds support for 876.Xr pf 4 877into the kernel, otherwise the 878kernel module will be loaded. 879.It Va pf_rules 880.Pq Vt str 881Path to 882.Xr pf 4 883ruleset configuration file 884(default 885.Pa /etc/pf.conf ) . 886.It Va pf_program 887.Pq Vt str 888Path to 889.Xr pfctl 8 890(default 891.Pa /sbin/pfctl ) . 892.It Va pf_flags 893.Pq Vt str 894If 895.Va pf_enable 896is set to 897.Dq Li YES , 898these flags are passed to the 899.Xr pfctl 8 900program when loading the ruleset. 901.It Va pflog_enable 902.Pq Vt bool 903Set to 904.Dq Li NO 905by default. 906Setting this to 907.Dq Li YES 908enables 909.Xr pflogd 8 910which logs packets from the 911.Xr pf 4 912packet filter. 913.It Va pflog_logfile 914.Pq Vt str 915If 916.Va pflog_enable 917is set to 918.Dq Li YES 919this controls where 920.Xr pflogd 8 921stores the logfile 922(default 923.Pa /var/log/pflog ) . 924Check 925.Pa /etc/newsyslog.conf 926to adjust logfile rotation for this. 927.It Va pflog_program 928.Pq Vt str 929Path to 930.Xr pflogd 8 931(default 932.Pa /sbin/pflogd ) . 933.It Va pflog_flags 934.Pq Vt str 935Empty by default. 936This variable contains additional flags passed to the 937.Xr pflogd 8 938program. 939.It Va pflog_instances 940.Pq Vt str 941If logging to more than one 942.Xr pflog 4 943interface is desired, 944.Va pflog_instances 945is set to the list of 946.Xr pflogd 8 947instances that should be started at system boot time. If 948.Va pflog_instances 949is set, for each whitespace-seperated 950.Ar element 951in the list, 952.Ao Ar element Ac Ns Va _dev 953and 954.Ao Ar element Ac Ns Va _logfile 955elements are assumed to exist. 956.Ao Ar element Ac Ns Va _dev 957must contain the 958.Xr pflog 4 959interface to be watched by the named 960.Xr pflogd 8 961instance. 962.Ao Ar element Ac Ns Va _logfile 963must contain the name of the logfile that will be used by the 964.Xr pflogd 8 965instance. 966.It Va ftpproxy_enable 967.Pq Vt bool 968Set to 969.Dq Li NO 970by default. 971Setting this to 972.Dq Li YES 973enables 974.Xr ftp-proxy 8 975which supports the 976.Xr pf 4 977packet filter in translating ftp connections. 978.It Va ftpproxy_flags 979.Pq Vt str 980Empty by default. 981This variable contains additional flags passed to the 982.Xr ftp-proxy 8 983program. 984.It Va ftpproxy_instances 985.Pq Vt str 986Empty by default. If multiple instances of 987.Xr ftp-proxy 8 988are desired at boot time, 989.Va ftpproxy_instances 990should contain a whitespace-seperated list of instance names. For each 991.Ar element 992in the list, a variable named 993.Ao Ar element Ac Ns Va _flags 994should be defined, containing the command-line flags to be passed to the 995.Xr ftp-proxy 8 996instance. 997.It Va pfsync_enable 998.Pq Vt bool 999Set to 1000.Dq Li NO 1001by default. 1002Setting this to 1003.Dq Li YES 1004enables exposing 1005.Xr pf 4 1006state changes to other hosts over the network by means of 1007.Xr pfsync 4 . 1008The 1009.Va pfsync_syncdev 1010variable 1011must also be set then. 1012.It Va pfsync_syncdev 1013.Pq Vt str 1014Empty by default. 1015This variable specifies the name of the network interface 1016.Xr pfsync 4 1017should operate through. 1018It must be set accordingly if 1019.Va pfsync_enable 1020is set to 1021.Dq Li YES . 1022.It Va pfsync_syncpeer 1023.Pq Vt str 1024Empty by default. 1025This variable is optional. 1026By default, state change messages are sent out on the synchronisation 1027interface using IP multicast packets. 1028The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1029224.0.0.240. 1030When a peer address is specified using the 1031.Va pfsync_syncpeer 1032option, the peer address is used as a destination for the pfsync 1033traffic, and the traffic can then be protected using 1034.Xr ipsec 4 . 1035See the 1036.Xr pfsync 4 1037manpage for more details about using 1038.Xr ipsec 4 1039with 1040.Xr pfsync 4 1041interfaces. 1042.It Va pfsync_ifconfig 1043.Pq Vt str 1044Empty by default. 1045This variable can contain additional options to be passed to the 1046.Xr ifconfig 8 1047command used to set up 1048.Xr pfsync 4 . 1049.It Va tcp_extensions 1050.Pq Vt bool 1051Set to 1052.Dq Li YES 1053by default. 1054Setting this to 1055.Dq Li NO 1056disables certain TCP options as described by 1057.Rs 1058.%T "RFC 1323" 1059.Re 1060Setting this to 1061.Dq Li NO 1062might help remedy such problems with connections as randomly hanging 1063or other weird behavior. 1064Some network devices are known 1065to be broken with respect to these options. 1066.It Va log_in_vain 1067.Pq Vt int 1068Set to 0 by default. 1069The 1070.Xr sysctl 8 1071variables, 1072.Va net.inet.tcp.log_in_vain 1073and 1074.Va net.inet.udp.log_in_vain , 1075as described in 1076.Xr tcp 4 1077and 1078.Xr udp 4 , 1079are set to the given value. 1080.It Va tcp_keepalive 1081.Pq Vt bool 1082Set to 1083.Dq Li YES 1084by default. 1085Setting to 1086.Dq Li NO 1087will disable probing idle TCP connections to verify that the 1088peer is still up and reachable. 1089.It Va tcp_drop_synfin 1090.Pq Vt bool 1091Set to 1092.Dq Li NO 1093by default. 1094Setting to 1095.Dq Li YES 1096will cause the kernel to ignore TCP frames that have both 1097the SYN and FIN flags set. 1098This prevents OS fingerprinting, but may 1099break some legitimate applications. 1100.It Va icmp_drop_redirect 1101.Pq Vt bool 1102Set to 1103.Dq Li NO 1104by default. 1105Setting to 1106.Dq Li YES 1107will cause the kernel to ignore ICMP REDIRECT packets. 1108Refer to 1109.Xr icmp 4 1110for more information. 1111.It Va icmp_log_redirect 1112.Pq Vt bool 1113Set to 1114.Dq Li NO 1115by default. 1116Setting to 1117.Dq Li YES 1118will cause the kernel to log ICMP REDIRECT packets. 1119Note that 1120the log messages are not rate-limited, so this option should only be used 1121for troubleshooting networks. 1122Refer to 1123.Xr icmp 4 1124for more information. 1125.It Va icmp_bmcastecho 1126.Pq Vt bool 1127Set to 1128.Dq Li YES 1129to respond to broadcast or multicast ICMP ping packets. 1130Refer to 1131.Xr icmp 4 1132for more information. 1133.It Va ip_portrange_first 1134.Pq Vt int 1135If not set to 1136.Dq Li NO , 1137this is the first port in the default portrange. 1138Refer to 1139.Xr ip 4 1140for more information. 1141.It Va ip_portrange_last 1142.Pq Vt int 1143If not set to 1144.Dq Li NO , 1145this is the last port in the default portrange. 1146Refer to 1147.Xr ip 4 1148for more information. 1149.It Va network_interfaces 1150.Pq Vt str 1151Set to the list of network interfaces to configure on this host or 1152.Dq Li AUTO 1153(the default) for all current interfaces. 1154Setting the 1155.Va network_interfaces 1156variable to anything other than the default is deprecated. 1157Interfaces that the administrator wishes to store configuration for, 1158but not start at boot should be configured with the 1159.Dq Li NOAUTO 1160keyword in their 1161.Va ifconfig_ Ns Aq Ar interface 1162variables as described below. 1163.Pp 1164An 1165.Va ifconfig_ Ns Aq Ar interface 1166variable is also assumed to exist for each value of 1167.Ar interface . 1168When an interface name contains any of the characters 1169.Dq Li .-/+ 1170they are translated to 1171.Dq Li _ 1172before lookup. 1173The variable can contain arguments to 1174.Xr ifconfig 8 , 1175as well as special case-insensitive keywords described below. 1176Such keywords are removed before passing the value to 1177.Xr ifconfig 8 1178while the order of the other arguments is preserved. 1179.Pp 1180It is possible to add IP alias entries using 1181.Xr ifconfig 8 1182syntax with the address family keyword such as 1183.Li inet . 1184Assuming that the interface in question was 1185.Li ed0 , 1186it might look something like this: 1187.Bd -literal 1188ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1189ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1190.Ed 1191.Pp 1192It also possible to configure multiple IP addresses in Classless 1193Inter-Domain Routing 1194.Pq CIDR 1195address notation, 1196whose each address component can be a range like 1197.Li inet 192.0.2.5-23/24 1198or 1199.Li inet6 2001:db8:1-f::1/64 . 1200This notation allows address and prefix length part only, 1201not the other address modifiers. 1202Note that the maximum number of the generated addresses from a range 1203specification is limited to an integer value specified in 1204.Va netif_ipexpand_max 1205in 1206.Xr rc.conf 5 1207because a small typo can unexpectedly generate a large number of addresses. 1208The default value is 1209.Li 2048 . 1210It can be increased by adding the following line into 1211.Xr rc.conf 5 : 1212.Bd -literal 1213netif_ipexpand_max="4096" 1214.Ed 1215.Pp 1216In the case of 1217.Li 192.0.2.5-23/24 , 1218the address 192.0.2.5 will be configured with the 1219netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1220the non-conflicting netmask /32 as explained in the 1221.Xr ifconfig 8 1222alias section. 1223Note that this special netmask handling is only for 1224.Li inet , 1225not for the other address families such as 1226.Li inet6 . 1227.Pp 1228With the interface in question being 1229.Li ed0 , 1230an example could look like: 1231.Bd -literal 1232ifconfig_ed0_alias2="inet 192.0.2.129/27" 1233ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1234.Ed 1235.Pp 1236and so on. 1237.Pp 1238Note that 1239.Va ipv4_addrs_ Ns Aq Ar interface 1240variable was supported for IPv4 CIDR address notation. 1241It is now deprecated because the functionality was integrated into 1242.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1243though 1244.Va ipv4_addrs_ Ns Aq Ar interface 1245is still supported for backward compatibility. 1246.Pp 1247For each 1248.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1249entry with an address family keyword, 1250its contents are passed to 1251.Xr ifconfig 8 . 1252Execution stops at the first unsuccessful access, so if 1253something like this is present: 1254.Bd -literal 1255ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1256ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1257ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1258ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1259.Ed 1260.Pp 1261Then note that alias4 would 1262.Em not 1263be added since the search would 1264stop with the missing 1265.Dq Li alias3 1266entry. 1267Because of this difficult to manage behavior, 1268there is 1269.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1270variable, which has the same functionality as 1271.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1272and can have all of entries in a variable like the following: 1273.Bd -literal 1274ifconfig_ed0_aliases="\\ 1275 inet 127.0.0.251 netmask 0xffffffff \\ 1276 inet 127.0.0.252 netmask 0xffffffff \\ 1277 inet 127.0.0.253 netmask 0xffffffff \\ 1278 inet 127.0.0.254 netmask 0xffffffff" 1279.Ed 1280.Pp 1281It also supports CIDR notation. 1282.Pp 1283If the 1284.Pa /etc/start_if. Ns Aq Ar interface 1285file is present, it is read and executed by the 1286.Xr sh 1 1287interpreter 1288before configuring the interface as specified in the 1289.Va ifconfig_ Ns Aq Ar interface 1290and 1291.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1292variables. 1293.Pp 1294If a 1295.Va vlans_ Ns Aq Ar interface 1296variable is set, 1297a 1298.Xr vlan 4 1299interface will be created for each item in the list with the 1300.Ar vlandev 1301argument set to 1302.Ar interface . 1303If a vlan interface's name is a number, 1304then that number is used as the vlan tag and the new vlan interface is 1305named 1306.Ar interface . Ns Ar tag . 1307Otherwise, 1308the vlan tag must be specified via a 1309.Va vlan 1310parameter in the 1311.Va create_args_ Ns Aq Ar interface 1312variable. 1313.Pp 1314To create a vlan device named 1315.Li em0.101 1316on 1317.Li em0 1318with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1319.Bd -literal 1320vlans_em0="101" 1321ifconfig_em0_101="inet 192.0.2.1/24" 1322.Ed 1323.Pp 1324To create a vlan device named 1325.Li myvlan 1326on 1327.Li em0 1328with the vlan tag 102: 1329.Bd -literal 1330vlans_em0="myvlan" 1331create_args_myvlan="vlan 102" 1332.Ed 1333.Pp 1334If a 1335.Va wlans_ Ns Aq Ar interface 1336variable is set, 1337an 1338.Xr wlan 4 1339interface will be created for each item in the list with the 1340.Ar wlandev 1341argument set to 1342.Ar interface . 1343Further wlan cloning arguments may be passed to the 1344.Xr ifconfig 8 1345.Cm create 1346command by setting the 1347.Va create_args_ Ns Aq Ar interface 1348variable. 1349One or more 1350.Xr wlan 4 1351devices must be created for each wireless devices as of 1352.Fx 8.0 . 1353Debugging flags for 1354.Xr wlan 4 1355devices as set by 1356.Xr wlandebug 8 1357may be specified with an 1358.Va wlandebug_ Ns Aq Ar interface 1359variable. 1360The contents of this variable will be passed directly to 1361.Xr wlandebug 8 . 1362.Pp 1363If the 1364.Va ifconfig_ Ns Aq Ar interface 1365contains the keyword 1366.Dq Li NOAUTO 1367then the interface will not be configured 1368at boot or by 1369.Pa /etc/pccard_ether 1370when 1371.Va network_interfaces 1372is set to 1373.Dq Li AUTO . 1374.Pp 1375It is possible to bring up an interface with DHCP by adding 1376.Dq Li DHCP 1377to the 1378.Va ifconfig_ Ns Aq Ar interface 1379variable. 1380For instance, to initialize the 1381.Li ed0 1382device via DHCP, 1383it is possible to use something like: 1384.Bd -literal 1385ifconfig_ed0="DHCP" 1386.Ed 1387.Pp 1388If you want to configure your wireless interface with 1389.Xr wpa_supplicant 8 1390for use with WPA, EAP/LEAP or WEP, you need to add 1391.Dq Li WPA 1392to the 1393.Va ifconfig_ Ns Aq Ar interface 1394variable. 1395.Pp 1396On the other hand, if you want to configure your wireless interface with 1397.Xr hostapd 8 , 1398you need to add 1399.Dq Li HOSTAP 1400to the 1401.Va ifconfig_ Ns Aq Ar interface 1402variable. 1403.Xr hostapd 8 1404will use the settings from 1405.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1406.Pp 1407Finally, you can add 1408.Xr ifconfig 8 1409options in this variable, in addition to the 1410.Pa /etc/start_if. Ns Aq Ar interface 1411file. 1412For instance, to configure an 1413.Xr ath 4 1414wireless device in station mode with an address obtained 1415via DHCP, using WPA authentication and 802.11b mode, it is 1416possible to use something like: 1417.Bd -literal 1418wlans_ath0="wlan0" 1419ifconfig_wlan0="DHCP WPA mode 11b" 1420.Ed 1421.Pp 1422In addition to the 1423.Va ifconfig_ Ns Aq Ar interface 1424form, a fallback variable 1425.Va ifconfig_DEFAULT 1426may be configured. 1427It will be used for all interfaces with no 1428.Va ifconfig_ Ns Aq Ar interface 1429variable. 1430This is intended to replace the no longer supported 1431.Va pccard_ifconfig 1432variable. 1433.Pp 1434It is also possible to rename an interface by doing: 1435.Bd -literal 1436ifconfig_ed0_name="net0" 1437ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1438.Ed 1439.It Va ipv6_enable 1440.Pq Vt bool 1441This variable is deprecated. 1442Use 1443.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1444and 1445.Va ipv6_activate_all_interfaces 1446if necessary. 1447.Pp 1448If the variable is 1449.Dq Li YES , 1450.Dq Li inet6 accept_rtadv 1451is added to all of 1452.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1453and the 1454.Va ipv6_activate_all_interfaces 1455is defined as 1456.Dq Li YES . 1457.It Va ipv6_prefer 1458.Pq Vt bool 1459This variable is deprecated. 1460Use 1461.Va ip6addrctl_policy 1462instead. 1463.Pp 1464If the variable is 1465.Dq Li YES , 1466the default address selection policy table set by 1467.Xr ip6addrctl 8 1468will be IPv6-preferred. 1469.Pp 1470If the variable is 1471.Dq Li NO , 1472the default address selection policy table set by 1473.Xr ip6addrctl 8 1474will be IPv4-preferred. 1475.It Va ipv6_activate_all_interfaces 1476.Pq Vt bool 1477This controls initial configuration on IPv6-capable 1478interfaces with no corresponding 1479.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1480variable. 1481Note that it is not always necessary to set this variable to 1482.Dq YES 1483to use IPv6 functionality on 1484.Fx . 1485In most cases, just configuring 1486.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1487variables works. 1488.Pp 1489If the variable is 1490.Dq Li NO , 1491all interfaces which do not have a corresponding 1492.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1493variable will be marked as 1494.Dq Li IFDISABLED 1495at creation. 1496This means that all of IPv6 functionality on that interface 1497is completely disabled to enforce a security policy. 1498If the variable is set to 1499.Dq YES , 1500the flag will be cleared on all of the interfaces. 1501.Pp 1502In most cases, just defining an 1503.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1504for an IPv6-capable interface should be sufficient. 1505However, if an interface is added dynamically 1506.Pq by some tunneling protocols such as PPP, for example , 1507it is often difficult to define the variable in advance. 1508In such a case, configuring the 1509.Dq Li IFDISABLED 1510flag can be disabled by setting this variable to 1511.Dq YES . 1512.Pp 1513For more details of the 1514.Dq Li IFDISABLED 1515flag and keywords 1516.Dq Li inet6 ifdisabled , 1517see 1518.Xr ifconfig 8 . 1519.Pp 1520Default is 1521.Dq Li NO . 1522.It Va ipv6_privacy 1523.Pq Vt bool 1524If the variable is 1525.Dq Li YES 1526privacy addresses will be generated for each IPv6 1527interface as described in RFC 4941. 1528.It Va ipv6_network_interfaces 1529.Pq Vt str 1530This is the IPv6 equivalent of 1531.Va network_interfaces . 1532Normally manual configuration of this variable is not needed. 1533.It Va ipv6_cpe_wanif 1534.Pq Vt str 1535If the variable is set to an interface name, 1536the 1537.Xr ifconfig 8 1538options 1539.Dq inet6 -no_radr accept_rtadv 1540will be added to the specified interface automatically before evaluating 1541.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1542and two 1543.Xr sysctl 8 1544variables 1545.Va net.inet6.ip6.rfc6204w3 1546and 1547.Va net.inet6.ip6.no_radr 1548will be set to 1. 1549.Pp 1550This means the specified interface will accept ICMPv6 Router 1551Advertisement messages on that link and add the discovered 1552routers into the Default Router List. 1553While the other interfaces can still accept RA messages if the 1554.Dq inet6 accept_rtadv 1555option is specified, adding 1556routes into the Default Router List will be disabled by 1557.Dq inet6 no_radr 1558option by default. 1559See 1560.Xr ifconfig 8 1561for more details. 1562.Pp 1563Note that ICMPv6 Router Advertisement messages will be 1564accepted even when 1565.Va net.inet6.ip6.forwarding 1566is 1 1567.Pq packet forwarding is enabled 1568when 1569.Va net.inet6.ip6.rfc6204w3 1570is set to 1. 1571.Pp 1572Default is 1573.Dq Li NO . 1574.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1575.Pq Vt str 1576IPv6 functionality on an interface should be configured by 1577.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1578instead of setting ifconfig parameters in 1579.Va ifconfig_ Ns Aq Ar interface . 1580If this variable is empty, all of IPv6 configurations on the 1581specified interface by other variables such as 1582.Va ipv6_prefix_ Ns Ao Ar interface Ac 1583will be ignored. 1584.Pp 1585Aliases should be set by 1586.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1587with 1588.Dq Li inet6 1589keyword. 1590For example: 1591.Bd -literal 1592ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1593ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1594.Ed 1595.Pp 1596Interfaces that have an 1597.Dq Li inet6 accept_rtadv 1598keyword in 1599.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1600setting will be automatically configured by SLAAC 1601.Pq StateLess Address AutoConfiguration 1602described in 1603.Rs 1604.%T "RFC 4862" 1605.Re 1606.Pp 1607Note that a link-local address will be automatically configured in 1608addition to the configured global-scope addresses because the IPv6 1609specifications require it on each link. 1610The address is calculated from the MAC address by using an algorithm 1611defined in 1612.Rs 1613.%T "RFC 4862" 1614.%O "Section 5.3" 1615.Re 1616.Pp 1617If only a link-local address is needed on the interface, 1618the following configuration can be used: 1619.Bd -literal 1620ifconfig_ed0_ipv6="inet6 auto_linklocal" 1621.Ed 1622.Pp 1623A link-local address can also be configured manually. 1624This is useful for the default router address of an IPv6 router 1625so that it does not change when the network interface 1626card is replaced. 1627For example: 1628.Bd -literal 1629ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1630.Ed 1631.It Va ipv6_prefix_ Ns Aq Ar interface 1632.Pq Vt str 1633If one or more prefixes are defined in 1634.Va ipv6_prefix_ Ns Aq Ar interface 1635addresses based on each prefix and the EUI-64 interface index will be 1636configured on that interface. 1637Note that this variable will be ignored when 1638.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1639is empty. 1640.Pp 1641For example, the following configuration 1642.Bd -literal 1643ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1644.Ed 1645.Pp 1646is equivalent to the following: 1647.Bd -literal 1648ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1649ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1650ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1651ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1652.Ed 1653.Pp 1654These Subnet-Router anycast addresses will be added only when 1655.Va ipv6_gateway_enable 1656is YES. 1657.It Va ipv6_default_interface 1658.Pq Vt str 1659If not set to 1660.Dq Li NO , 1661this is the default output interface for scoped addresses. 1662This works only with ipv6_gateway_enable="NO". 1663.It Va ip6addrctl_enable 1664.Pq Vt bool 1665This variable is to enable configuring default address selection policy table 1666.Pq RFC 3484 . 1667The table can be specified in another variable 1668.Va ip6addrctl_policy . 1669For 1670.Va ip6addrctl_policy 1671the following keywords can be specified: 1672.Dq Li ipv4_prefer , 1673.Dq Li ipv6_prefer , 1674or 1675.Dq Li AUTO . 1676.Pp 1677If 1678.Dq Li ipv4_prefer 1679or 1680.Dq Li ipv6_prefer 1681is specified, 1682.Xr ip6addrctl 8 1683installs a pre-defined policy table described in Section 2.1 1684.Pq IPv6-preferred 1685or 10.3 1686.Pq IPv4-preferred 1687of RFC 3484. 1688.Pp 1689If 1690.Dq Li AUTO 1691is specified, it attempts to read a file 1692.Pa /etc/ip6addrctl.conf 1693first. 1694If this file is found, 1695.Xr ip6addrctl 8 1696reads and installs it. 1697If not found, a policy is automatically set 1698according to 1699.Va ipv6_activate_all_interfaces 1700variable; if the variable is set to 1701.Dq Li YES 1702the IPv6-preferred one is used. 1703Otherwise IPv4-preferred. 1704.Pp 1705The default value of 1706.Va ip6addrctl_enable 1707and 1708.Va ip6addrctl_policy 1709are 1710.Dq Li YES 1711and 1712.Dq Li AUTO , 1713respectively. 1714.It Va cloned_interfaces 1715.Pq Vt str 1716Set to the list of clonable network interfaces to create on this host. 1717Further cloning arguments may be passed to the 1718.Xr ifconfig 8 1719.Cm create 1720command for each interface by setting the 1721.Va create_args_ Ns Aq Ar interface 1722variable. 1723If an interface name is specified with 1724.Dq :sticky 1725keyword, 1726the interface will not be destroyed even when 1727.Pa rc.d/netif 1728script is invoked with 1729.Dq stop 1730argument. 1731This is useful when reconfiguring the interface without destroying it. 1732Entries in 1733.Va cloned_interfaces 1734are automatically appended to 1735.Va network_interfaces 1736for configuration. 1737.It Va cloned_interfaces_sticky 1738.Pq Vt bool 1739This variable is to globally enable functionality of 1740.Dq :sticky 1741keyword in 1742.Va cloned_interfaces 1743for all interfaces. 1744The default value is 1745.Dq NO . 1746Even if this variable is specified to 1747.Dq YES , 1748.Dq :nosticky 1749keyword can be used to override it on per interface basis. 1750.It Va gif_interfaces 1751.Pq Vt str 1752This variable is deprecated in favor of 1753.Va cloned_interfaces . 1754Set to the list of 1755.Xr gif 4 1756tunnel interfaces to configure on this host. 1757A 1758.Va gifconfig_ Ns Aq Ar interface 1759variable is assumed to exist for each value of 1760.Ar interface . 1761The value of this variable is used to configure the link layer of the 1762tunnel according to the syntax of the 1763.Cm tunnel 1764option to 1765.Xr ifconfig 8 . 1766Additionally, this option ensures that each listed interface is created 1767via the 1768.Cm create 1769option to 1770.Xr ifconfig 8 1771before attempting to configure it. 1772.It Va sppp_interfaces 1773.Pq Vt str 1774Set to the list of 1775.Xr sppp 4 1776interfaces to configure on this host. 1777A 1778.Va spppconfig_ Ns Aq Ar interface 1779variable is assumed to exist for each value of 1780.Ar interface . 1781Each interface should also be configured by a general 1782.Va ifconfig_ Ns Aq Ar interface 1783setting. 1784Refer to 1785.Xr spppcontrol 8 1786for more information about available options. 1787.It Va ppp_enable 1788.Pq Vt bool 1789If set to 1790.Dq Li YES , 1791run the 1792.Xr ppp 8 1793daemon. 1794.It Va ppp_profile 1795.Pq Vt str 1796The name of the profile to use from 1797.Pa /etc/ppp/ppp.conf . 1798Also used for per-profile overrides of 1799.Va ppp_mode 1800and 1801.Va ppp_nat , 1802and 1803.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1804When the profile name contains any of the characters 1805.Dq Li .-/+ 1806they are translated to 1807.Dq Li _ 1808for the proposes of the override variable names. 1809.It Va ppp_mode 1810.Pq Vt str 1811Mode in which to run the 1812.Xr ppp 8 1813daemon. 1814.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1815.Pq Vt str 1816Overrides the global 1817.Va ppp_mode 1818for 1819.Ar profile . 1820Accepted modes are 1821.Dq Li auto , 1822.Dq Li ddial , 1823.Dq Li direct 1824and 1825.Dq Li dedicated . 1826See the manual for a full description. 1827.It Va ppp_nat 1828.Pq Vt bool 1829If set to 1830.Dq Li YES , 1831enables network address translation. 1832Used in conjunction with 1833.Va gateway_enable 1834allows hosts on private network addresses access to the Internet using 1835this host as a network address translating router. 1836.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1837.Pq Vt str 1838Overrides the global 1839.Va ppp_nat 1840for 1841.Ar profile . 1842.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1843.Pq Vt int 1844Set the unit number to be used for this profile. 1845See the manual description of 1846.Fl unit Ns Ar N 1847for details. 1848.It Va ppp_user 1849.Pq Vt str 1850The name of the user under which 1851.Xr ppp 8 1852should be started. 1853By 1854default, 1855.Xr ppp 8 1856is started as 1857.Dq Li root . 1858.It Va rc_conf_files 1859.Pq Vt str 1860This option is used to specify a list of files that will override 1861the settings in 1862.Pa /etc/defaults/rc.conf . 1863The files will be read in the order in which they are specified and should 1864include the full path to the file. 1865By default, the files specified are 1866.Pa /etc/rc.conf 1867and 1868.Pa /etc/rc.conf.local 1869.It Va zfs_enable 1870.Pq Vt bool 1871If set to 1872.Dq Li YES , 1873.Pa /etc/rc.d/zfs 1874will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1875(ZVOLs). 1876.It Va gptboot_enable 1877.Pq Vt bool 1878If set to 1879.Dq Li YES , 1880.Pa /etc/rc.d/gptboot 1881will log if the system successfully (or not) booted from a GPT partition, 1882which had the 1883.Ar bootonce 1884attribute set using 1885.Xr gpart 8 1886utility. 1887.It Va gbde_autoattach_all 1888.Pq Vt bool 1889If set to 1890.Dq Li YES , 1891.Pa /etc/rc.d/gbde 1892will attempt to automatically initialize your .bde devices in 1893.Pa /etc/fstab . 1894.It Va gbde_devices 1895.Pq Vt str 1896List the devices that the script should try to attach, 1897or 1898.Dq Li AUTO . 1899.It Va gbde_lockdir 1900.Pq Vt str 1901The directory where the 1902.Xr gbde 4 1903lockfiles are located. 1904The default lockfile directory is 1905.Pa /etc . 1906.Pp 1907The lockfile for each individual 1908.Xr gbde 4 1909device can be overridden by setting the variable 1910.Va gbde_lock_ Ns Aq Ar device , 1911where 1912.Ar device 1913is the encrypted device without the 1914.Dq Pa /dev/ 1915and 1916.Dq Pa .bde 1917parts. 1918.It Va gbde_attach_attempts 1919.Pq Vt int 1920Number of times to attempt attaching to a 1921.Xr gbde 4 1922device, i.e., how many times the user is asked for the pass-phrase. 1923Default is 3. 1924.It Va geli_devices 1925.Pq Vt str 1926List of devices to automatically attach on boot. 1927Note that .eli devices from 1928.Pa /etc/fstab 1929are automatically appended to this list. 1930.It Va geli_tries 1931.Pq Vt int 1932Number of times user is asked for the pass-phrase. 1933If empty, it will be taken from 1934.Va kern.geom.eli.tries 1935sysctl variable. 1936.It Va geli_default_flags 1937.Pq Vt str 1938Default flags to use by 1939.Xr geli 8 1940when configuring disk encryption. 1941Flags can be configured for every device separately by defining 1942.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1943variable. 1944.It Va geli_autodetach 1945.Pq Vt str 1946Specifies if GELI devices should be marked for detach on last close after 1947file systems are mounted. 1948Default is 1949.Dq Li YES . 1950This can be changed for every device separately by defining 1951.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1952variable. 1953.It Va root_rw_mount 1954.Pq Vt bool 1955Set to 1956.Dq Li YES 1957by default. 1958After the file systems are checked at boot time, the root file system 1959is remounted as read-write if this is set to 1960.Dq Li YES . 1961Diskless systems that mount their root file system from a read-only remote 1962NFS share should set this to 1963.Dq Li NO 1964in their 1965.Pa rc.conf . 1966.It Va fsck_y_enable 1967.Pq Vt bool 1968If set to 1969.Dq Li YES , 1970.Xr fsck 8 1971will be run with the 1972.Fl y 1973flag if the initial preen 1974of the file systems fails. 1975.It Va background_fsck 1976.Pq Vt bool 1977If set to 1978.Dq Li YES , 1979the system will attempt to run 1980.Xr fsck 8 1981in the background where possible. 1982.It Va background_fsck_delay 1983.Pq Vt int 1984The amount of time in seconds to sleep before starting a background 1985.Xr fsck 8 . 1986It defaults to sixty seconds to allow large applications such as 1987the X server to start before disk I/O bandwidth is monopolized by 1988.Xr fsck 8 . 1989If set to a negative number, the background file system check will be 1990delayed indefinitely to allow the administrator to run it at a more 1991convenient time. 1992For example it may be run from 1993.Xr cron 8 1994by adding a line like 1995.Pp 1996.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1997.Pp 1998to 1999.Pa /etc/crontab . 2000.It Va netfs_types 2001.Pq Vt str 2002List of file system types that are network-based. 2003This list should generally not be modified by end users. 2004Use 2005.Va extra_netfs_types 2006instead. 2007.It Va extra_netfs_types 2008.Pq Vt str 2009If set to something other than 2010.Dq Li NO 2011(the default), 2012this variable extends the list of file system types 2013for which automatic mounting at startup by 2014.Xr rc 8 2015should be delayed until the network is initialized. 2016It should contain 2017a whitespace-separated list of network file system descriptor pairs, 2018each consisting of a file system type as passed to 2019.Xr mount 8 2020and a human-readable, one-word description, 2021joined with a colon 2022.Pq Ql \&: . 2023Extending the default list in this way is only necessary 2024when third party file system types are used. 2025.It Va syslogd_enable 2026.Pq Vt bool 2027If set to 2028.Dq Li YES , 2029run the 2030.Xr syslogd 8 2031daemon. 2032.It Va syslogd_program 2033.Pq Vt str 2034Path to 2035.Xr syslogd 8 2036(default 2037.Pa /usr/sbin/syslogd ) . 2038.It Va syslogd_flags 2039.Pq Vt str 2040If 2041.Va syslogd_enable 2042is set to 2043.Dq Li YES , 2044these are the flags to pass to 2045.Xr syslogd 8 . 2046.It Va inetd_enable 2047.Pq Vt bool 2048If set to 2049.Dq Li YES , 2050run the 2051.Xr inetd 8 2052daemon. 2053.It Va inetd_program 2054.Pq Vt str 2055Path to 2056.Xr inetd 8 2057(default 2058.Pa /usr/sbin/inetd ) . 2059.It Va inetd_flags 2060.Pq Vt str 2061If 2062.Va inetd_enable 2063is set to 2064.Dq Li YES , 2065these are the flags to pass to 2066.Xr inetd 8 . 2067.It Va hastd_enable 2068.Pq Vt bool 2069If set to 2070.Dq Li YES , 2071run the 2072.Xr hastd 8 2073daemon. 2074.It Va hastd_program 2075.Pq Vt str 2076Path to 2077.Xr hastd 8 2078(default 2079.Pa /sbin/hastd ) . 2080.It Va hastd_flags 2081.Pq Vt str 2082If 2083.Va hastd_enable 2084is set to 2085.Dq Li YES , 2086these are the flags to pass to 2087.Xr hastd 8 . 2088.It Va local_unbound_enable 2089.Pq Vt bool 2090If set to 2091.Dq Li YES , 2092run the 2093.Xr unbound 8 2094daemon as a local caching resolver. 2095.It Va kerberos5_server_enable 2096.Pq Vt bool 2097Set to 2098.Dq Li YES 2099to start a Kerberos 5 authentication server 2100at boot time. 2101.It Va kerberos5_server 2102.Pq Vt str 2103If 2104.Va kerberos5_server_enable 2105is set to 2106.Dq Li YES 2107this is the path to Kerberos 5 Authentication Server. 2108.It Va kerberos5_server_flags 2109.Pq Vt str 2110Empty by default. 2111This variable contains additional flags to be passed to the Kerberos 5 2112authentication server. 2113.It Va kadmind5_server_enable 2114.Pq Vt bool 2115Set to 2116.Dq Li YES 2117to start 2118.Xr kadmind 8 , 2119the Kerberos 5 Administration Daemon; set to 2120.Dq Li NO 2121on a slave server. 2122.It Va kadmind5_server 2123.Pq Vt str 2124If 2125.Va kadmind5_server_enable 2126is set to 2127.Dq Li YES 2128this is the path to Kerberos 5 Administration Daemon. 2129.It Va kpasswdd_server_enable 2130.Pq Vt bool 2131Set to 2132.Dq Li YES 2133to start 2134.Xr kpasswdd 8 , 2135the Kerberos 5 Password-Changing Daemon; set to 2136.Dq Li NO 2137on a slave server. 2138.It Va kpasswdd_server 2139.Pq Vt str 2140If 2141.Va kpasswdd_server_enable 2142is set to 2143.Dq Li YES 2144this is the path to Kerberos 5 Password-Changing Daemon. 2145.It Va kfd_enable 2146.Pq Vt bool 2147Set to 2148.Dq Li YES 2149to start 2150.Xr kfd 8 , 2151the Kerberos 5 ticket forwarding daemon, at the boot time. 2152.It Va kfd_program 2153.Pq Vt str 2154Path to 2155.Xr kfd 8 2156(default 2157.Pa /usr/libexec/kfd ) . 2158.It Va rwhod_enable 2159.Pq Vt bool 2160If set to 2161.Dq Li YES , 2162run the 2163.Xr rwhod 8 2164daemon at boot time. 2165.It Va rwhod_flags 2166.Pq Vt str 2167If 2168.Va rwhod_enable 2169is set to 2170.Dq Li YES , 2171these are the flags to pass to it. 2172.It Va amd_enable 2173.Pq Vt bool 2174If set to 2175.Dq Li YES , 2176run the 2177.Xr amd 8 2178daemon at boot time. 2179.It Va amd_flags 2180.Pq Vt str 2181If 2182.Va amd_enable 2183is set to 2184.Dq Li YES , 2185these are the flags to pass to it. 2186See the 2187.Xr amd 8 2188manpage for more information. 2189.It Va amd_map_program 2190.Pq Vt str 2191If set, 2192the specified program is run to get the list of 2193.Xr amd 8 2194maps. 2195For example, if the 2196.Xr amd 8 2197maps are stored in NIS, one can set this to 2198run 2199.Xr ypcat 1 2200to get a list of 2201.Xr amd 8 2202maps from the 2203.Pa amd.master 2204NIS map. 2205.It Va update_motd 2206.Pq Vt bool 2207If set to 2208.Dq Li YES , 2209.Pa /etc/motd 2210will be updated at boot time to reflect the kernel release 2211being run. 2212If set to 2213.Dq Li NO , 2214.Pa /etc/motd 2215will not be updated. 2216.It Va nfs_client_enable 2217.Pq Vt bool 2218If set to 2219.Dq Li YES , 2220run the NFS client daemons at boot time. 2221.It Va nfs_access_cache 2222.Pq Vt int 2223If 2224.Va nfs_client_enable 2225is set to 2226.Dq Li YES , 2227this can be set to 2228.Dq Li 0 2229to disable NFS ACCESS RPC caching, or to the number of seconds for which 2230NFS ACCESS 2231results should be cached. 2232A value of 2-10 seconds will substantially reduce network 2233traffic for many NFS operations. 2234.It Va nfs_server_enable 2235.Pq Vt bool 2236If set to 2237.Dq Li YES , 2238run the NFS server daemons at boot time. 2239.It Va nfs_server_flags 2240.Pq Vt str 2241If 2242.Va nfs_server_enable 2243is set to 2244.Dq Li YES , 2245these are the flags to pass to the 2246.Xr nfsd 8 2247daemon. 2248.It Va nfsv4_server_enable 2249.Pq Vt bool 2250If 2251.Va nfs_server_enable 2252is set to 2253.Dq Li YES 2254and 2255.Va nfsv4_server_enable 2256are set to 2257.Dq Li YES , 2258enable the server for NFSv4 as well as NFSv2 and NFSv3. 2259.It Va nfsuserd_enable 2260.Pq Vt bool 2261If 2262.Va nfsuserd_enable 2263is set to 2264.Dq Li YES , 2265run the nfsuserd daemon, which is needed for NFSv4 in order 2266to map between user/group names vs uid/gid numbers. 2267If 2268.Va nfsv4_server_enable 2269is set to 2270.Dq Li YES , 2271this will be forced enabled. 2272.It Va nfsuserd_flags 2273.Pq Vt str 2274If 2275.Va nfsuserd_enable 2276is set to 2277.Dq Li YES , 2278these are the flags to pass to the 2279.Xr nfsuserd 8 2280daemon. 2281.It Va nfscbd_enable 2282.Pq Vt bool 2283If 2284.Va nfscbd_enable 2285is set to 2286.Dq Li YES , 2287run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2288.It Va nfscbd_flags 2289.Pq Vt str 2290If 2291.Va nfscbd_enable 2292is set to 2293.Dq Li YES , 2294these are the flags to pass to the 2295.Xr nfscbd 8 2296daemon. 2297.It Va oldnfs_server_enable 2298.Pq Vt bool 2299If 2300.Va oldnfs_server_enable 2301is set to 2302.Dq Li YES , 2303force the NFS server daemons to run the old NFS server code 2304that does not support NFSv4. 2305.It Va mountd_enable 2306.Pq Vt bool 2307If set to 2308.Dq Li YES , 2309and no 2310.Va nfs_server_enable 2311is set, start 2312.Xr mountd 8 , 2313but not 2314.Xr nfsd 8 2315daemon. 2316It is commonly needed to run CFS without real NFS used. 2317.It Va mountd_flags 2318.Pq Vt str 2319If 2320.Va mountd_enable 2321is set to 2322.Dq Li YES , 2323these are the flags to pass to the 2324.Xr mountd 8 2325daemon. 2326.It Va weak_mountd_authentication 2327.Pq Vt bool 2328If set to 2329.Dq Li YES , 2330allow services like PCNFSD to make non-privileged mount 2331requests. 2332.It Va nfs_reserved_port_only 2333.Pq Vt bool 2334If set to 2335.Dq Li YES , 2336provide NFS services only on a secure port. 2337.It Va nfs_bufpackets 2338.Pq Vt int 2339If set to a number, indicates the number of packets worth of 2340socket buffer space to reserve on an NFS client. 2341The kernel default is typically 4. 2342Using a higher number may be 2343useful on gigabit networks to improve performance. 2344The minimum value is 23452 and the maximum is 64. 2346.It Va rpc_lockd_enable 2347.Pq Vt bool 2348If set to 2349.Dq Li YES 2350and also an NFS server or client, run 2351.Xr rpc.lockd 8 2352at boot time. 2353.It Va rpc_lockd_flags 2354.Pq Vt str 2355If 2356.Va rpc_lockd_enable 2357is set to 2358.Dq Li YES , 2359these are the flags to pass to the 2360.Xr rpc.lockd 8 2361daemon. 2362.It Va rpc_statd_enable 2363.Pq Vt bool 2364If set to 2365.Dq Li YES 2366and also an NFS server or client, run 2367.Xr rpc.statd 8 2368at boot time. 2369.It Va rpc_statd_flags 2370.Pq Vt str 2371If 2372.Va rpc_statd_enable 2373is set to 2374.Dq Li YES , 2375these are the flags to pass to the 2376.Xr rpc.statd 8 2377daemon. 2378.It Va rpcbind_program 2379.Pq Vt str 2380Path to 2381.Xr rpcbind 8 2382(default 2383.Pa /usr/sbin/rpcbind ) . 2384.It Va rpcbind_enable 2385.Pq Vt bool 2386If set to 2387.Dq Li YES , 2388run the 2389.Xr rpcbind 8 2390service at boot time. 2391.It Va rpcbind_flags 2392.Pq Vt str 2393If 2394.Va rpcbind_enable 2395is set to 2396.Dq Li YES , 2397these are the flags to pass to the 2398.Xr rpcbind 8 2399daemon. 2400.It Va keyserv_enable 2401.Pq Vt bool 2402If set to 2403.Dq Li YES , 2404run the 2405.Xr keyserv 8 2406daemon on boot for running Secure RPC. 2407.It Va keyserv_flags 2408.Pq Vt str 2409If 2410.Va keyserv_enable 2411is set to 2412.Dq Li YES , 2413these are the flags to pass to 2414.Xr keyserv 8 2415daemon. 2416.It Va pppoed_enable 2417.Pq Vt bool 2418If set to 2419.Dq Li YES , 2420run the 2421.Xr pppoed 8 2422daemon at boot time to provide PPP over Ethernet services. 2423.It Va pppoed_ Ns Aq Ar provider 2424.Pq Vt str 2425.Xr pppoed 8 2426listens to requests to this 2427.Ar provider 2428and ultimately runs 2429.Xr ppp 8 2430with a 2431.Ar system 2432argument of the same name. 2433.It Va pppoed_flags 2434.Pq Vt str 2435Additional flags to pass to 2436.Xr pppoed 8 . 2437.It Va pppoed_interface 2438.Pq Vt str 2439The network interface to run 2440.Xr pppoed 8 2441on. 2442This is mandatory when 2443.Va pppoed_enable 2444is set to 2445.Dq Li YES . 2446.It Va timed_enable 2447.Pq Vt bool 2448If set to 2449.Dq Li YES , 2450run the 2451.Xr timed 8 2452service at boot time. 2453This command is intended for networks of 2454machines where a consistent 2455.Dq "network time" 2456for all hosts must be established. 2457This is often useful in large NFS 2458environments where time stamps on files are expected to be consistent 2459network-wide. 2460.It Va timed_flags 2461.Pq Vt str 2462If 2463.Va timed_enable 2464is set to 2465.Dq Li YES , 2466these are the flags to pass to the 2467.Xr timed 8 2468service. 2469.It Va ntpdate_enable 2470.Pq Vt bool 2471If set to 2472.Dq Li YES , 2473run 2474.Xr ntpdate 8 2475at system startup. 2476This command is intended to 2477synchronize the system clock only 2478.Em once 2479from some standard reference. 2480.It Va ntpdate_config 2481.Pq Vt str 2482Configuration file for 2483.Xr ntpdate 8 . 2484Default 2485.Pa /etc/ntp.conf . 2486.It Va ntpdate_hosts 2487.Pq Vt str 2488A whitespace-separated list of NTP servers to synchronize with at startup. 2489The default is to use the servers listed in 2490.Va ntpdate_config , 2491if that file exists. 2492.It Va ntpdate_program 2493.Pq Vt str 2494Path to 2495.Xr ntpdate 8 2496(default 2497.Pa /usr/sbin/ntpdate ) . 2498.It Va ntpdate_flags 2499.Pq Vt str 2500If 2501.Va ntpdate_enable 2502is set to 2503.Dq Li YES , 2504these are the flags to pass to the 2505.Xr ntpdate 8 2506command (typically a hostname). 2507.It Va ntpd_enable 2508.Pq Vt bool 2509If set to 2510.Dq Li YES , 2511run the 2512.Xr ntpd 8 2513command at boot time. 2514.It Va ntpd_program 2515.Pq Vt str 2516Path to 2517.Xr ntpd 8 2518(default 2519.Pa /usr/sbin/ntpd ) . 2520.It Va ntpd_config 2521.Pq Vt str 2522Path to 2523.Xr ntpd 8 2524configuration file. 2525Default 2526.Pa /etc/ntp.conf . 2527.It Va ntpd_flags 2528.Pq Vt str 2529If 2530.Va ntpd_enable 2531is set to 2532.Dq Li YES , 2533these are the flags to pass to the 2534.Xr ntpd 8 2535daemon. 2536.It Va ntpd_sync_on_start 2537.Pq Vt bool 2538If set to 2539.Dq Li YES , 2540.Xr ntpd 8 2541is run with the 2542.Fl g 2543flag, which syncs the system's clock on startup. 2544See 2545.Xr ntpd 8 2546for more information regarding the 2547.Fl g 2548option. 2549This is a preferred alternative to using 2550.Xr ntpdate 8 2551or specifying the 2552.Va ntpdate_enable 2553variable. 2554.It Va nis_client_enable 2555.Pq Vt bool 2556If set to 2557.Dq Li YES , 2558run the 2559.Xr ypbind 8 2560service at system boot time. 2561.It Va nis_client_flags 2562.Pq Vt str 2563If 2564.Va nis_client_enable 2565is set to 2566.Dq Li YES , 2567these are the flags to pass to the 2568.Xr ypbind 8 2569service. 2570.It Va nis_ypset_enable 2571.Pq Vt bool 2572If set to 2573.Dq Li YES , 2574run the 2575.Xr ypset 8 2576daemon at system boot time. 2577.It Va nis_ypset_flags 2578.Pq Vt str 2579If 2580.Va nis_ypset_enable 2581is set to 2582.Dq Li YES , 2583these are the flags to pass to the 2584.Xr ypset 8 2585daemon. 2586.It Va nis_server_enable 2587.Pq Vt bool 2588If set to 2589.Dq Li YES , 2590run the 2591.Xr ypserv 8 2592daemon at system boot time. 2593.It Va nis_server_flags 2594.Pq Vt str 2595If 2596.Va nis_server_enable 2597is set to 2598.Dq Li YES , 2599these are the flags to pass to the 2600.Xr ypserv 8 2601daemon. 2602.It Va nis_ypxfrd_enable 2603.Pq Vt bool 2604If set to 2605.Dq Li YES , 2606run the 2607.Xr rpc.ypxfrd 8 2608daemon at system boot time. 2609.It Va nis_ypxfrd_flags 2610.Pq Vt str 2611If 2612.Va nis_ypxfrd_enable 2613is set to 2614.Dq Li YES , 2615these are the flags to pass to the 2616.Xr rpc.ypxfrd 8 2617daemon. 2618.It Va nis_yppasswdd_enable 2619.Pq Vt bool 2620If set to 2621.Dq Li YES , 2622run the 2623.Xr rpc.yppasswdd 8 2624daemon at system boot time. 2625.It Va nis_yppasswdd_flags 2626.Pq Vt str 2627If 2628.Va nis_yppasswdd_enable 2629is set to 2630.Dq Li YES , 2631these are the flags to pass to the 2632.Xr rpc.yppasswdd 8 2633daemon. 2634.It Va rpc_ypupdated_enable 2635.Pq Vt bool 2636If set to 2637.Dq Li YES , 2638run the 2639.Nm rpc.ypupdated 2640daemon at system boot time. 2641.It Va bsnmpd_enable 2642.Pq Vt bool 2643If set to 2644.Dq Li YES , 2645run the 2646.Xr bsnmpd 1 2647daemon at system boot time. 2648Be sure to understand the security implications of running SNMP daemon 2649on your host. 2650.It Va bsnmpd_flags 2651.Pq Vt str 2652If 2653.Va bsnmpd_enable 2654is set to 2655.Dq Li YES , 2656these are the flags to pass to the 2657.Xr bsnmpd 1 2658daemon. 2659.It Va defaultrouter 2660.Pq Vt str 2661If not set to 2662.Dq Li NO , 2663create a default route to this host name or IP address 2664(use an IP address if this router is also required to get to the 2665name server!). 2666.It Va ipv6_defaultrouter 2667.Pq Vt str 2668The IPv6 equivalent of 2669.Va defaultrouter . 2670.It Va static_arp_pairs 2671.Pq Vt str 2672Set to the list of static ARP pairs that are to be added at system 2673boot time. 2674For each whitespace separated 2675.Ar element 2676in the value, a 2677.Va static_arp_ Ns Aq Ar element 2678variable is assumed to exist whose contents will later be passed to a 2679.Dq Nm arp Cm -S 2680operation. 2681For example 2682.Bd -literal 2683static_arp_pairs="gw" 2684static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2685.Ed 2686.It Va static_ndp_pairs 2687.Pq Vt str 2688Set to the list of static NDP pairs that are to be added at system 2689boot time. 2690For each whitespace separated 2691.Ar element 2692in the value, a 2693.Va static_ndp_ Ns Aq Ar element 2694variable is assumed to exist whose contents will later be passed to a 2695.Dq Nm ndp Cm -s 2696operation. 2697For example 2698.Bd -literal 2699static_ndp_pairs="gw" 2700static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2701.Ed 2702.It Va static_routes 2703.Pq Vt str 2704Set to the list of static routes that are to be added at system 2705boot time. 2706If not set to 2707.Dq Li NO 2708then for each whitespace separated 2709.Ar element 2710in the value, a 2711.Va route_ Ns Aq Ar element 2712variable is assumed to exist 2713whose contents will later be passed to a 2714.Dq Nm route Cm add 2715operation. 2716For example: 2717.Bd -literal 2718static_routes="ext mcast:gif0 gif0local:gif0" 2719route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2720route_mcast="-net 224.0.0.0/4 -iface gif0" 2721route_gif0local="-host 169.254.1.1 -iface lo0" 2722.Ed 2723.Pp 2724When an 2725.Ar element 2726is in the form of 2727.Li name:ifname , 2728the route is specific to the interface 2729.Li ifname . 2730.It Va ipv6_static_routes 2731.Pq Vt str 2732The IPv6 equivalent of 2733.Va static_routes . 2734If not set to 2735.Dq Li NO 2736then for each whitespace separated 2737.Ar element 2738in the value, a 2739.Va ipv6_route_ Ns Aq Ar element 2740variable is assumed to exist 2741whose contents will later be passed to a 2742.Dq Nm route Cm add Fl inet6 2743operation. 2744.It Va natm_static_routes 2745.Pq Vt str 2746The 2747.Xr natmip 4 2748equivalent of 2749.Va static_routes . 2750If not empty then for each whitespace separated 2751.Ar element 2752in the value, a 2753.Va route_ Ns Aq Ar element 2754variable is assumed to exist whose contents will later be passed to a 2755.Dq Nm atmconfig Cm natm Cm add 2756operation. 2757.It Va gateway_enable 2758.Pq Vt bool 2759If set to 2760.Dq Li YES , 2761configure host to act as an IP router, e.g.\& to forward packets 2762between interfaces. 2763.It Va ipv6_gateway_enable 2764.Pq Vt bool 2765The IPv6 equivalent of 2766.Va gateway_enable . 2767.It Va routed_enable 2768.Pq Vt bool 2769If set to 2770.Dq Li YES , 2771run a routing daemon of some sort, based on the 2772settings of 2773.Va routed_program 2774and 2775.Va routed_flags . 2776.It Va route6d_enable 2777.Pq Vt bool 2778The IPv6 equivalent of 2779.Va routed_enable . 2780If set to 2781.Dq Li YES , 2782run a routing daemon of some sort, based on the 2783settings of 2784.Va route6d_program 2785and 2786.Va route6d_flags . 2787.It Va routed_program 2788.Pq Vt str 2789If 2790.Va routed_enable 2791is set to 2792.Dq Li YES , 2793this is the name of the routing daemon to use. 2794.It Va route6d_program 2795.Pq Vt str 2796The IPv6 equivalent of 2797.Va routed_program . 2798.It Va routed_flags 2799.Pq Vt str 2800If 2801.Va routed_enable 2802is set to 2803.Dq Li YES , 2804these are the flags to pass to the routing daemon. 2805.It Va route6d_flags 2806.Pq Vt str 2807The IPv6 equivalent of 2808.Va routed_flags . 2809.It Va mrouted_enable 2810.Pq Vt bool 2811If set to 2812.Dq Li YES , 2813run the multicast routing daemon, 2814.Xr mrouted 8 . 2815.It Va mroute6d_enable 2816.Pq Vt bool 2817The IPv6 equivalent of 2818.Va mrouted_enable . 2819If set to 2820.Dq Li YES , 2821run the IPv6 multicast routing daemon. 2822.Pp 2823Note that multicast routing daemons are no longer included in the 2824.Fx 2825base system, however, both 2826.Xr mrouted 8 2827and 2828.Xr pim6dd 8 2829may be installed from the 2830.Fx 2831Ports Collection. 2832.It Va mrouted_flags 2833.Pq Vt str 2834If 2835.Va mrouted_enable 2836is set to 2837.Dq Li YES , 2838these are the flags to pass to the 2839.Xr mrouted 8 2840daemon. 2841.It Va mroute6d_flags 2842.Pq Vt str 2843The IPv6 equivalent of 2844.Va mrouted_flags . 2845If 2846.Va mroute6d_enable 2847is set to 2848.Dq Li YES , 2849these are the flags passed to the IPv6 multicast routing daemon. 2850.It Va mroute6d_program 2851.Pq Vt str 2852If 2853.Va mroute6d_enable 2854is set to 2855.Dq Li YES , 2856this is the path to the IPv6 multicast routing daemon. 2857.It Va rtadvd_enable 2858.Pq Vt bool 2859If set to 2860.Dq Li YES , 2861run the 2862.Xr rtadvd 8 2863daemon at boot time. 2864The 2865.Xr rtadvd 8 2866utility sends ICMPv6 Router Advertisement messages to 2867the interfaces specified in 2868.Va rtadvd_interfaces . 2869This should only be enabled with great care. 2870You may want to fine-tune 2871.Xr rtadvd.conf 5 . 2872.It Va rtadvd_interfaces 2873.Pq Vt str 2874If 2875.Va rtadvd_enable 2876is set to 2877.Dq Li YES 2878this is the list of interfaces to use. 2879.It Va arpproxy_all 2880.Pq Vt bool 2881If set to 2882.Dq Li YES , 2883enable global proxy ARP. 2884.It Va forward_sourceroute 2885.Pq Vt bool 2886If set to 2887.Dq Li YES 2888and 2889.Va gateway_enable 2890is also set to 2891.Dq Li YES , 2892source-routed packets are forwarded. 2893.It Va accept_sourceroute 2894.Pq Vt bool 2895If set to 2896.Dq Li YES , 2897the system will accept source-routed packets directed at it. 2898.It Va rarpd_enable 2899.Pq Vt bool 2900If set to 2901.Dq Li YES , 2902run the 2903.Xr rarpd 8 2904daemon at system boot time. 2905.It Va rarpd_flags 2906.Pq Vt str 2907If 2908.Va rarpd_enable 2909is set to 2910.Dq Li YES , 2911these are the flags to pass to the 2912.Xr rarpd 8 2913daemon. 2914.It Va bootparamd_enable 2915.Pq Vt bool 2916If set to 2917.Dq Li YES , 2918run the 2919.Xr bootparamd 8 2920daemon at system boot time. 2921.It Va bootparamd_flags 2922.Pq Vt str 2923If 2924.Va bootparamd_enable 2925is set to 2926.Dq Li YES , 2927these are the flags to pass to the 2928.Xr bootparamd 8 2929daemon. 2930.It Va stf_interface_ipv4addr 2931.Pq Vt str 2932If not set to 2933.Dq Li NO , 2934this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2935interface). 2936Specify this entry to enable the 6to4 interface. 2937.It Va stf_interface_ipv4plen 2938.Pq Vt int 2939Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2940An effective value is 0-31. 2941.It Va stf_interface_ipv6_ifid 2942.Pq Vt str 2943IPv6 interface ID for 2944.Xr stf 4 . 2945This can be set to 2946.Dq Li AUTO . 2947.It Va stf_interface_ipv6_slaid 2948.Pq Vt str 2949IPv6 Site Level Aggregator for 2950.Xr stf 4 . 2951.It Va ipv6_ipv4mapping 2952.Pq Vt bool 2953If set to 2954.Dq Li YES 2955this enables IPv4 mapped IPv6 address communication (like 2956.Li ::ffff:a.b.c.d ) . 2957.It Va rtsold_enable 2958.Pq Vt bool 2959Set to 2960.Dq Li YES 2961to enable the 2962.Xr rtsold 8 2963daemon to send ICMPv6 Router Solicitation messages. 2964.It Va rtsold_flags 2965.Pq Vt str 2966If 2967.Va rtsold_enable 2968is set to 2969.Dq Li YES , 2970these are the flags to pass to 2971.Xr rtsold 8 . 2972.It Va rtsol_flags 2973.Pq Vt str 2974For interfaces configured with the 2975.Dq Li inet6 accept_rtadv 2976keyword, these are the flags to pass to 2977.Xr rtsol 8 . 2978.Pp 2979Note that 2980.Va rtsold_enable 2981is mutually exclusive to 2982.Va rtsol_flags ; 2983.Va rtsold_enable 2984takes precedence. 2985.It Va atm_enable 2986.Pq Vt bool 2987Set to 2988.Dq Li YES 2989to enable the configuration of ATM interfaces at system boot time. 2990For all of the ATM variables described below, please refer to the 2991.Xr atm 8 2992manual page for further details on the available command parameters. 2993Also refer to the files in 2994.Pa /usr/share/examples/atm 2995for more detailed configuration information. 2996.It Va atm_load 2997.Pq Vt str 2998This is a list of physical ATM interface drivers to load. 2999Typical values are 3000.Dq Li hfa_pci 3001and/or 3002.Dq Li hea_pci . 3003.It Va atm_netif_ Ns Aq Ar intf 3004.Pq Vt str 3005For the ATM physical interface 3006.Ar intf , 3007this variable defines the name prefix and count for the ATM network 3008interfaces to be created. 3009The value will be passed as the parameters of an 3010.Dq Nm atm Cm "set netif" Ar intf 3011command. 3012.It Va atm_sigmgr_ Ns Aq Ar intf 3013.Pq Vt str 3014For the ATM physical interface 3015.Ar intf , 3016this variable defines the ATM signalling manager to be used. 3017The value will be passed as the parameters of an 3018.Dq Nm atm Cm attach Ar intf 3019command. 3020.It Va atm_prefix_ Ns Aq Ar intf 3021.Pq Vt str 3022For the ATM physical interface 3023.Ar intf , 3024this variable defines the NSAP prefix for interfaces using a UNI signalling 3025manager. 3026If set to 3027.Dq Li ILMI , 3028the prefix will automatically be set via the 3029.Xr ilmid 8 3030daemon. 3031Otherwise, the value will be passed as the parameters of an 3032.Dq Nm atm Cm "set prefix" Ar intf 3033command. 3034.It Va atm_macaddr_ Ns Aq Ar intf 3035.Pq Vt str 3036For the ATM physical interface 3037.Ar intf , 3038this variable defines the MAC address for interfaces using a UNI signalling 3039manager. 3040If set to 3041.Dq Li NO , 3042the hardware MAC address contained in the ATM interface card will be used. 3043Otherwise, the value will be passed as the parameters of an 3044.Dq Nm atm Cm "set mac" Ar intf 3045command. 3046.It Va atm_arpserver_ Ns Aq Ar netif 3047.Pq Vt str 3048For the ATM network interface 3049.Ar netif , 3050this variable defines the ATM address for a host which is to provide ATMARP 3051service. 3052This variable is only applicable to interfaces using a UNI signalling 3053manager. 3054If set to 3055.Dq Li local , 3056this host will become an ATMARP server. 3057The value will be passed as the parameters of an 3058.Dq Nm atm Cm "set arpserver" Ar netif 3059command. 3060.It Va atm_scsparp_ Ns Aq Ar netif 3061.Pq Vt bool 3062If set to 3063.Dq Li YES , 3064SCSP/ATMARP service for the network interface 3065.Ar netif 3066will be initiated using the 3067.Xr scspd 8 3068and 3069.Xr atmarpd 8 3070daemons. 3071This variable is only applicable if 3072.Va atm_arpserver_ Ns Aq Ar netif 3073is set to 3074.Dq Li local . 3075.It Va atm_pvcs 3076.Pq Vt str 3077Set to the list of ATM PVCs to be added at system 3078boot time. 3079For each whitespace separated 3080.Ar element 3081in the value, an 3082.Va atm_pvc_ Ns Aq Ar element 3083variable is assumed to exist. 3084The value of each of these variables 3085will be passed as the parameters of an 3086.Dq Nm atm Cm "add pvc" 3087command. 3088.It Va atm_arps 3089.Pq Vt str 3090Set to the list of permanent ATM ARP entries to be added 3091at system boot time. 3092For each whitespace separated 3093.Ar element 3094in the value, an 3095.Va atm_arp_ Ns Aq Ar element 3096variable is assumed to exist. 3097The value of each of these variables 3098will be passed as the parameters of an 3099.Dq Nm atm Cm "add arp" 3100command. 3101.It Va natm_interfaces 3102.Pq Vt str 3103Set to the list of 3104.Xr natm 4 3105interfaces that will also be used for HARP through 3106.Xr harp 4 . 3107If this list is not empty all interfaces in the list will be brought up 3108with 3109.Xr ifconfig 8 3110and 3111.Xr harp 4 3112will be loaded. 3113For this to work the interface drivers must be either compiled into the 3114kernel or must reside on the root partition. 3115.It Va keybell 3116.Pq Vt str 3117The keyboard bell sound. 3118Set to 3119.Dq Li normal , 3120.Dq Li visual , 3121.Dq Li off , 3122or 3123.Dq Li NO 3124if the default behavior is desired. 3125For details, refer to the 3126.Xr kbdcontrol 1 3127manpage. 3128.It Va keyboard 3129.Pq Vt str 3130If set to a non-null string, the virtual console's keyboard input is 3131set to this device. 3132.It Va keymap 3133.Pq Vt str 3134If set to 3135.Dq Li NO , 3136no keymap is installed, otherwise the value is used to install 3137the keymap file found in 3138.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3139(if using 3140.Xr syscons 4 ) or 3141.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3142(if using 3143.Xr vt 4 ) . 3144.It Va keyrate 3145.Pq Vt str 3146The keyboard repeat speed. 3147Set to 3148.Dq Li slow , 3149.Dq Li normal , 3150.Dq Li fast , 3151or 3152.Dq Li NO 3153if the default behavior is desired. 3154.It Va keychange 3155.Pq Vt str 3156If not set to 3157.Dq Li NO , 3158attempt to program the function keys with the value. 3159The value should 3160be a single string of the form: 3161.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3162.It Va cursor 3163.Pq Vt str 3164Can be set to the value of 3165.Dq Li normal , 3166.Dq Li blink , 3167.Dq Li destructive , 3168or 3169.Dq Li NO 3170to set the cursor behavior explicitly or choose the default behavior. 3171.It Va scrnmap 3172.Pq Vt str 3173If set to 3174.Dq Li NO , 3175no screen map is installed, otherwise the value is used to install 3176the screen map file in 3177.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3178This parameter is ignored when using 3179.Xr vt 4 3180as the console driver. 3181.It Va font8x16 3182.Pq Vt str 3183If set to 3184.Dq Li NO , 3185the default 8x16 font value is used for screen size requests, otherwise 3186the value in 3187.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3188or 3189.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3190is used (depending on the console driver being used). 3191.It Va font8x14 3192.Pq Vt str 3193If set to 3194.Dq Li NO , 3195the default 8x14 font value is used for screen size requests, otherwise 3196the value in 3197.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3198or 3199.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3200is used (depending on the console driver being used). 3201.It Va font8x8 3202.Pq Vt str 3203If set to 3204.Dq Li NO , 3205the default 8x8 font value is used for screen size requests, otherwise 3206the value in 3207.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3208or 3209.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3210is used (depending on the console driver being used). 3211.It Va blanktime 3212.Pq Vt int 3213If set to 3214.Dq Li NO , 3215the default screen blanking interval is used, otherwise it is set 3216to 3217.Ar value 3218seconds. 3219.It Va saver 3220.Pq Vt str 3221If not set to 3222.Dq Li NO , 3223this is the actual screen saver to use 3224.Li ( blank , snake , daemon , 3225etc). 3226.It Va moused_nondefault_enable 3227.Pq Vt str 3228If set to 3229.Dq Li NO , 3230the mouse device specified on 3231the command line is not automatically treated as enabled by the 3232.Pa /etc/rc.d/moused 3233script. 3234Having this variable set to 3235.Dq Li YES 3236allows a 3237.Xr usb 4 3238mouse, 3239for example, 3240to be enabled as soon as it is plugged in. 3241.It Va moused_enable 3242.Pq Vt str 3243If set to 3244.Dq Li YES , 3245the 3246.Xr moused 8 3247daemon is started for doing cut/paste selection on the console. 3248.It Va moused_type 3249.Pq Vt str 3250This is the protocol type of the mouse connected to this host. 3251This variable must be set if 3252.Va moused_enable 3253is set to 3254.Dq Li YES . 3255The 3256.Xr moused 8 3257daemon 3258is able to detect the appropriate mouse type automatically in many cases. 3259Set this variable to 3260.Dq Li auto 3261to let the daemon detect it, or 3262select one from the following list if the automatic detection fails. 3263.Pp 3264If the mouse is attached to the PS/2 mouse port, choose 3265.Dq Li auto 3266or 3267.Dq Li ps/2 , 3268regardless of the brand and model of the mouse. 3269Likewise, if the 3270mouse is attached to the bus mouse port, choose 3271.Dq Li auto 3272or 3273.Dq Li busmouse . 3274All other protocols are for serial mice and will not work with 3275the PS/2 and bus mice. 3276If this is a USB mouse, 3277.Dq Li auto 3278is the only protocol type which will work. 3279.Pp 3280.Bl -tag -width ".Li x10mouseremote" -compact 3281.It Li microsoft 3282Microsoft mouse (serial) 3283.It Li intellimouse 3284Microsoft IntelliMouse (serial) 3285.It Li mousesystems 3286Mouse systems Corp.\& mouse (serial) 3287.It Li mmseries 3288MM Series mouse (serial) 3289.It Li logitech 3290Logitech mouse (serial) 3291.It Li busmouse 3292A bus mouse 3293.It Li mouseman 3294Logitech MouseMan and TrackMan (serial) 3295.It Li glidepoint 3296ALPS GlidePoint (serial) 3297.It Li thinkingmouse 3298Kensington ThinkingMouse (serial) 3299.It Li ps/2 3300PS/2 mouse 3301.It Li mmhittab 3302MM HitTablet (serial) 3303.It Li x10mouseremote 3304X10 MouseRemote (serial) 3305.It Li versapad 3306Interlink VersaPad (serial) 3307.El 3308.Pp 3309Even if the mouse is not in the above list, it may be compatible 3310with one in the list. 3311Refer to the manual page for 3312.Xr moused 8 3313for compatibility information. 3314.Pp 3315It should also be noted that while this is enabled, any 3316other client of the mouse (such as an X server) should access 3317the mouse through the virtual mouse device, 3318.Pa /dev/sysmouse , 3319and configure it as a 3320.Dq Li sysmouse 3321type mouse, since all 3322mouse data is converted to this single canonical format when 3323using 3324.Xr moused 8 . 3325If the client program does not support the 3326.Dq Li sysmouse 3327type, 3328specify the 3329.Dq Li mousesystems 3330type. 3331It is the second preferred type. 3332.It Va moused_port 3333.Pq Vt str 3334If 3335.Va moused_enable 3336is set to 3337.Dq Li YES , 3338this is the actual port the mouse is on. 3339It might be 3340.Pa /dev/cuau0 3341for a COM1 serial mouse, 3342.Pa /dev/psm0 3343for a PS/2 mouse or 3344.Pa /dev/mse0 3345for a bus mouse, for example. 3346.It Va moused_flags 3347.Pq Vt str 3348If 3349.Va moused_flags 3350is set, its value is used as an additional set of flags to pass to the 3351.Xr moused 8 3352daemon. 3353.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3354When 3355.Va moused_nondefault_enable 3356is enabled, and a 3357.Xr moused 8 3358daemon is started for a non-default port, the 3359.Va "moused_" Ns Ar XXX Ns Va "_flags" 3360set of options has precedence over and replaces the default 3361.Va moused_flags 3362(where 3363.Ar XXX 3364is the name of the non-default port, i.e.,\& 3365.Ar ums0 ) . 3366By setting 3367.Va "moused_" Ns Ar XXX Ns Va "_flags" 3368it is possible to set up a different set of default flags for each 3369.Xr moused 8 3370instance. 3371For example, you can use 3372.Dq Li "-3" 3373for the default 3374.Va moused_flags 3375to make your laptop's touchpad more comfortable to use, 3376but an empty set of options for 3377.Va moused_ums0_flags 3378when your 3379.Xr usb 4 3380mouse has three or more buttons. 3381.It Va mousechar_start 3382.Pq Vt int 3383If set to 3384.Dq Li NO , 3385the default mouse cursor character range 3386.Li 0xd0 Ns - Ns Li 0xd3 3387is used, 3388otherwise the range start is set 3389to 3390.Ar value 3391character, see 3392.Xr vidcontrol 1 . 3393Use if the default range is occupied in the language code table. 3394.It Va allscreens_flags 3395.Pq Vt str 3396If set, 3397.Xr vidcontrol 1 3398is run with these options for each of the virtual terminals 3399.Pq Pa /dev/ttyv* . 3400For example, 3401.Dq Fl m Cm on 3402will enable the mouse pointer on all virtual terminals 3403if 3404.Va moused_enable 3405is set to 3406.Dq Li YES . 3407.It Va allscreens_kbdflags 3408.Pq Vt str 3409If set, 3410.Xr kbdcontrol 1 3411is run with these options for each of the virtual terminals 3412.Pq Pa /dev/ttyv* . 3413For example, 3414.Dq Fl h Li 200 3415will set the 3416.Xr syscons 4 3417or 3418.Xr vt 4 3419scrollback (history) buffer to 200 lines. 3420.It Va cron_enable 3421.Pq Vt bool 3422If set to 3423.Dq Li YES , 3424run the 3425.Xr cron 8 3426daemon at system boot time. 3427.It Va cron_program 3428.Pq Vt str 3429Path to 3430.Xr cron 8 3431(default 3432.Pa /usr/sbin/cron ) . 3433.It Va cron_flags 3434.Pq Vt str 3435If 3436.Va cron_enable 3437is set to 3438.Dq Li YES , 3439these are the flags to pass to 3440.Xr cron 8 . 3441.It Va cron_dst 3442.Pq Vt bool 3443If set to 3444.Dq Li YES , 3445enable the special handling of transitions to and from the 3446Daylight Saving Time in 3447.Xr cron 8 3448(equivalent to using the flag 3449.Fl s ) . 3450.It Va lpd_program 3451.Pq Vt str 3452Path to 3453.Xr lpd 8 3454(default 3455.Pa /usr/sbin/lpd ) . 3456.It Va lpd_enable 3457.Pq Vt bool 3458If set to 3459.Dq Li YES , 3460run the 3461.Xr lpd 8 3462daemon at system boot time. 3463.It Va lpd_flags 3464.Pq Vt str 3465If 3466.Va lpd_enable 3467is set to 3468.Dq Li YES , 3469these are the flags to pass to the 3470.Xr lpd 8 3471daemon. 3472.It Va chkprintcap_enable 3473.Pq Vt bool 3474If set to 3475.Dq Li YES , 3476run the 3477.Xr chkprintcap 8 3478command before starting the 3479.Xr lpd 8 3480daemon. 3481.It Va chkprintcap_flags 3482.Pq Vt str 3483If 3484.Va lpd_enable 3485and 3486.Va chkprintcap_enable 3487are set to 3488.Dq Li YES , 3489these are the flags to pass to the 3490.Xr chkprintcap 8 3491program. 3492The default is 3493.Dq Li -d , 3494which causes missing directories to be created. 3495.It Va mta_start_script 3496.Pq Vt str 3497This variable specifies the full path to the script to run to start 3498a mail transfer agent. 3499The default is 3500.Pa /etc/rc.sendmail . 3501The 3502.Va sendmail_* 3503variables which 3504.Pa /etc/rc.sendmail 3505uses are documented in the 3506.Xr rc.sendmail 8 3507manual page. 3508.It Va dumpdev 3509.Pq Vt str 3510Indicates the device (usually a swap partition) to which a crash dump 3511should be written in the event of a system crash. 3512If the value of this variable is 3513.Dq Li AUTO , 3514the first suitable swap device listed in 3515.Pa /etc/fstab 3516will be used as dump device. 3517Otherwise, the value of this variable is passed as the argument to 3518.Xr dumpon 8 . 3519To disable crash dumps, set this variable to 3520.Dq Li NO . 3521.It Va dumpdir 3522.Pq Vt str 3523When the system reboots after a crash and a crash dump is found on the 3524device specified by the 3525.Va dumpdev 3526variable, 3527.Xr savecore 8 3528will save that crash dump and a copy of the kernel to the directory 3529specified by the 3530.Va dumpdir 3531variable. 3532The default value is 3533.Pa /var/crash . 3534Set to 3535.Dq Li NO 3536to not run 3537.Xr savecore 8 3538at boot time when 3539.Va dumpdir 3540is set. 3541.It Va savecore_flags 3542.Pq Vt str 3543If crash dumps are enabled, these are the flags to pass to the 3544.Xr savecore 8 3545utility. 3546.It Va quota_enable 3547.Pq Vt bool 3548Set to 3549.Dq Li YES 3550to turn on user and group disk quotas on system startup via the 3551.Xr quotaon 8 3552command for all file systems marked as having quotas enabled in 3553.Pa /etc/fstab . 3554The kernel must be built with 3555.Cd "options QUOTA" 3556for disk quotas to function. 3557.It Va check_quotas 3558.Pq Vt bool 3559Set to 3560.Dq Li YES 3561to enable user and group disk quota checking via the 3562.Xr quotacheck 8 3563command. 3564.It Va quotacheck_flags 3565.Pq Vt str 3566If 3567.Va quota_enable 3568is set to 3569.Dq Li YES , 3570and 3571.Va check_quotas 3572is set to 3573.Dq Li YES , 3574these are the flags to pass to the 3575.Xr quotacheck 8 3576utility. 3577The default is 3578.Dq Li "-a" , 3579which checks quotas for all file systems with quotas enabled in 3580.Pa /etc/fstab . 3581.It Va quotaon_flags 3582.Pq Vt str 3583If 3584.Va quota_enable 3585is set to 3586.Dq Li YES , 3587these are the flags to pass to the 3588.Xr quotaon 8 3589utility. 3590The default is 3591.Dq Li "-a" , 3592which enables quotas for all file systems with quotas enabled in 3593.Pa /etc/fstab . 3594.It Va quotaoff_flags 3595.Pq Vt str 3596If 3597.Va quota_enable 3598is set to 3599.Dq Li YES , 3600these are the flags to pass to the 3601.Xr quotaoff 8 3602utility when shutting down the quota system. 3603The default is 3604.Dq Li "-a" , 3605which disables quotas for all file systems with quotas enabled in 3606.Pa /etc/fstab . 3607.It Va accounting_enable 3608.Pq Vt bool 3609Set to 3610.Dq Li YES 3611to enable system accounting through the 3612.Xr accton 8 3613facility. 3614.It Va ibcs2_enable 3615.Pq Vt bool 3616Set to 3617.Dq Li YES 3618to enable iBCS2 (SCO) binary emulation at system initial boot 3619time. 3620.It Va ibcs2_loaders 3621.Pq Vt str 3622If not set to 3623.Dq Li NO 3624and if 3625.Va ibcs2_enable 3626is set to 3627.Dq Li YES , 3628this specifies a list of additional iBCS2 loaders to enable. 3629.It Va firstboot_sentinel 3630.Pq Vt str 3631This variable specifies the full path to a 3632.Dq first boot 3633sentinel file. 3634If a file exists with this path, 3635.Pa rc.d 3636scripts with the 3637.Dq firstboot 3638keyword will be run on startup and the sentinel file will be deleted 3639after the boot process completes. 3640The sentinel file must be located on a writable file system which is 3641mounted no later than 3642.Va early_late_divider 3643to function properly. 3644The default is 3645.Pa /firstboot . 3646.It Va linux_enable 3647.Pq Vt bool 3648Set to 3649.Dq Li YES 3650to enable Linux/ELF binary emulation at system initial 3651boot time. 3652.It Va svr4_enable 3653.Pq Vt bool 3654If set to 3655.Dq Li YES , 3656enable SysVR4 emulation at boot time. 3657.It Va sysvipc_enable 3658.Pq Vt bool 3659If set to 3660.Dq Li YES , 3661load System V IPC primitives at boot time. 3662.It Va clear_tmp_enable 3663.Pq Vt bool 3664Set to 3665.Dq Li YES 3666to have 3667.Pa /tmp 3668cleaned at startup. 3669.It Va clear_tmp_X 3670.Pq Vt bool 3671Set to 3672.Dq Li NO 3673to disable removing of X11 lock files, 3674and the removal and (secure) recreation 3675of the various socket directories for X11 3676related programs. 3677.It Va ldconfig_paths 3678.Pq Vt str 3679Set to the list of shared library paths to use with 3680.Xr ldconfig 8 . 3681NOTE: 3682.Pa /usr/lib 3683will always be added first, so it need not appear in this list. 3684.It Va ldconfig32_paths 3685.Pq Vt str 3686Set to the list of 32-bit compatibility shared library paths to 3687use with 3688.Xr ldconfig 8 . 3689.It Va ldconfig_paths_aout 3690.Pq Vt str 3691Set to the list of shared library paths to use with 3692.Xr ldconfig 8 3693legacy 3694.Xr a.out 5 3695support. 3696.It Va ldconfig_insecure 3697.Pq Vt bool 3698The 3699.Xr ldconfig 8 3700utility normally refuses to use directories 3701which are writable by anyone except root. 3702Set this variable to 3703.Dq Li YES 3704to disable that security check during system startup. 3705.It Va ldconfig_local_dirs 3706.Pq Vt str 3707Set to the list of local 3708.Xr ldconfig 8 3709directories. 3710The names of all files in the directories listed will be 3711passed as arguments to 3712.Xr ldconfig 8 . 3713.It Va ldconfig_local32_dirs 3714.Pq Vt str 3715Set to the list of local 32-bit compatibility 3716.Xr ldconfig 8 3717directories. 3718The names of all files in the directories listed will be 3719passed as arguments to 3720.Dq Nm ldconfig Fl 32 . 3721.It Va kern_securelevel_enable 3722.Pq Vt bool 3723Set to 3724.Dq Li YES 3725to set the kernel security level at system startup. 3726.It Va kern_securelevel 3727.Pq Vt int 3728The kernel security level to set at startup. 3729The allowed range of 3730.Ar value 3731ranges from \-1 (the compile time default) to 3 (the 3732most secure). 3733See 3734.Xr security 7 3735for the list of possible security levels and their effect 3736on system operation. 3737.It Va sshd_program 3738.Pq Vt str 3739Path to the SSH server program 3740.Pa ( /usr/sbin/sshd 3741is the default). 3742.It Va sshd_enable 3743.Pq Vt bool 3744Set to 3745.Dq Li YES 3746to start 3747.Xr sshd 8 3748at system boot time. 3749.It Va sshd_flags 3750.Pq Vt str 3751If 3752.Va sshd_enable 3753is set to 3754.Dq Li YES , 3755these are the flags to pass to the 3756.Xr sshd 8 3757daemon. 3758.It Va ftpd_program 3759.Pq Vt str 3760Path to the FTP server program 3761.Pa ( /usr/libexec/ftpd 3762is the default). 3763.It Va ftpd_enable 3764.Pq Vt bool 3765Set to 3766.Dq Li YES 3767to start 3768.Xr ftpd 8 3769as a stand-alone daemon at system boot time. 3770.It Va ftpd_flags 3771.Pq Vt str 3772If 3773.Va ftpd_enable 3774is set to 3775.Dq Li YES , 3776these are the additional flags to pass to the 3777.Xr ftpd 8 3778daemon. 3779.It Va watchdogd_enable 3780.Pq Vt bool 3781If set to 3782.Dq Li YES , 3783start the 3784.Xr watchdogd 8 3785daemon at boot time. 3786This requires that the kernel have been compiled with a 3787.Xr watchdog 4 3788compatible device. 3789.It Va watchdogd_flags 3790.Pq Vt str 3791If 3792.Va watchdogd_enable 3793is set to 3794.Dq Li YES , 3795these are the flags passed to the 3796.Xr watchdogd 8 3797daemon. 3798.It Va devfs_rulesets 3799.Pq Vt str 3800List of files containing sets of rules for 3801.Xr devfs 8 . 3802.It Va devfs_system_ruleset 3803.Pq Vt str 3804Rule name(s) to apply to the system 3805.Pa /dev 3806itself. 3807.It Va devfs_set_rulesets 3808.Pq Vt str 3809Pairs of already-mounted 3810.Pa dev 3811directories and rulesets that should be applied to them. 3812For example: /mount/dev=ruleset_name 3813.It Va devfs_load_rulesets 3814.Pq Vt bool 3815If set, always load the default rulesets listed in 3816.Va devfs_rulesets . 3817.It Va performance_cx_lowest 3818.Pq Vt str 3819CPU idle state to use while on AC power. 3820The string 3821.Dq Li LOW 3822indicates that 3823.Xr acpi 4 3824should use the lowest power state available while 3825.Dq Li HIGH 3826indicates that the lowest latency state (less power savings) should be used. 3827.It Va performance_cpu_freq 3828.Pq Vt str 3829CPU clock frequency to use while on AC power. 3830The string 3831.Dq Li LOW 3832indicates that 3833.Xr cpufreq 4 3834should use the lowest frequency available while 3835.Dq Li HIGH 3836indicates that the highest frequency (less power savings) should be used. 3837.It Va economy_cx_lowest 3838.Pq Vt str 3839CPU idle state to use when off AC power. 3840The string 3841.Dq Li LOW 3842indicates that 3843.Xr acpi 4 3844should use the lowest power state available while 3845.Dq Li HIGH 3846indicates that the lowest latency state (less power savings) should be used. 3847.It Va economy_cpu_freq 3848.Pq Vt str 3849CPU clock frequency to use when off AC power. 3850The string 3851.Dq Li LOW 3852indicates that 3853.Xr cpufreq 4 3854should use the lowest frequency available while 3855.Dq Li HIGH 3856indicates that the highest frequency (less power savings) should be used. 3857.It Va jail_enable 3858.Pq Vt bool 3859If set to 3860.Dq Li NO , 3861any configured jails will not be started. 3862.It Va jail_conf 3863.Pq Vt str 3864The configuration filename used by 3865.Xr jail 8 3866utility. 3867The default value is 3868.Pa /etc/jail.conf . 3869.It Va jail_parallel_start 3870.Pq Vt bool 3871If set to 3872.Dq Li YES , 3873all configured jails will be started in the background (in parallel). 3874.It Va jail_flags 3875.Pq Vt str 3876Unset by default. 3877When set, use as default value for 3878.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3879for every jail in 3880.Va jail_list . 3881.It Va jail_list 3882.Pq Vt str 3883A space separated list of names for jails. 3884If this variable is empty, 3885all of 3886.Xr jail 8 3887instances in the configuration file will be configured. 3888This is purely a configuration aid to help identify and 3889configure multiple jails. 3890The names specified in this list will be used to 3891identify settings common to an instance of a jail, 3892and should contain alphanumeric characters only. 3893The literal jail name of 3894.Dq Li 0 3895.Pq zero 3896is not allowed. 3897.It Va jail_* variables 3898Note that older releases supported per-jail configuration via 3899.Xr rc.conf 5 3900variables. 3901For example, 3902hostname of a jail named 3903.Li vjail 3904was able to be set by 3905.Li jail_vjail_hostname . 3906These per-jail configuration variables are now obsolete in favor of 3907.Xr jail 8 3908configuration file. 3909For backward compatibility, 3910when per-jail configuration variables are defined, 3911.Xr jail 8 3912configuration files are created as 3913.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3914and used. 3915.Pp 3916The following per-jail parameters are handled by 3917.Pa rc.d/jail 3918script out of their corresponding 3919.Nm 3920variables. 3921In addition to them, parameters in 3922.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3923will be added to the configuration file. 3924They must be a semi-colon 3925.Pq Ql \&; 3926delimited list of 3927.Dq key=value . 3928For more details, 3929see 3930.Xr jail 8 3931manual page. 3932.Bl -tag -width "host.hostname" -offset indent 3933.It Li path 3934set from 3935.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3936.It Li host.hostname 3937set from 3938.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3939.It Li exec.consolelog 3940set from 3941.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3942The default value is 3943.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3944.It Li interface 3945set from 3946.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3947.It Li vnet.interface 3948set from 3949.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3950This implies 3951.Li vnet 3952parameter will be enabled and cannot be specified with 3953.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3954.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3955and/or 3956.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3957at the same time. 3958.It Li fstab 3959set from 3960.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3961.It Li mount 3962set from 3963.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3964.It Li exec.fib 3965set from 3966.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3967.It Li exec.start 3968set from 3969.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3970The parameter name was 3971.Li command 3972in some older releases. 3973.It Li exec.prestart 3974set from 3975.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3976.It Li exec.poststart 3977set from 3978.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3979.It Li exec.stop 3980set from 3981.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3982.It Li exec.prestop 3983set from 3984.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3985.It Li exec.poststop 3986set from 3987.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3988.It Li ip4.addr 3989set if 3990.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3991or 3992.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3993contain IPv4 addresses 3994.It Li ip6.addr 3995set if 3996.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3997or 3998.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3999contain IPv6 addresses 4000.It Li allow.mount 4001set from 4002.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4003.It Li mount.devfs 4004set from 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4006.It Li devfs_ruleset 4007set from 4008.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4009This must be an integer, 4010not a string. 4011.It Li mount.fdescfs 4012set from 4013.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4014.It Li allow.set_hostname 4015set from 4016.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4017.It Li allow.rawsocket 4018set from 4019.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4020.It Li allow.sysvipc 4021set from 4022.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4023.El 4024.\" ----------------------------------------------------- 4025.It Va harvest_interrupt 4026.Pq Vt bool 4027Set to 4028.Dq Li YES 4029to use hardware interrupts as an entropy source. 4030Refer to 4031.Xr random 4 4032for more information. 4033.It Va harvest_ethernet 4034.Pq Vt bool 4035Set to 4036.Dq Li YES 4037to use LAN traffic as an entropy source. 4038Refer to 4039.Xr random 4 4040for more information. 4041.It Va harvest_p_to_p 4042.Pq Vt bool 4043Set to 4044.Dq Li YES 4045to use serial line traffic as an entropy source. 4046Refer to 4047.Xr random 4 4048for more information. 4049.It Va entropy_dir 4050.Pq Vt str 4051Set to 4052.Dq Li NO 4053to disable caching entropy via 4054.Xr cron 8 . 4055Otherwise set to the directory used to store entropy files in. 4056.It Va entropy_file 4057.Pq Vt str 4058Set to 4059.Dq Li NO 4060to disable caching entropy through reboots. 4061Otherwise set to the filename used to store cached entropy through 4062reboots. 4063This file should be located on the root file system to seed the 4064.Xr random 4 4065device as early as possible in the boot process. 4066.It Va entropy_save_sz 4067.Pq Vt int 4068Size of the entropy cache files saved by 4069.Nm save-entropy 4070periodically. 4071.It Va entropy_save_num 4072.Pq Vt int 4073Number of entropy cache files to save by 4074.Nm save-entropy 4075periodically. 4076.It Va ipsec_enable 4077.Pq Vt bool 4078Set to 4079.Dq Li YES 4080to run 4081.Xr setkey 8 4082on 4083.Va ipsec_file 4084at boot time. 4085.It Va ipsec_file 4086.Pq Vt str 4087Configuration file for 4088.Xr setkey 8 . 4089.It Va dmesg_enable 4090.Pq Vt bool 4091Set to 4092.Dq Li YES 4093to save 4094.Xr dmesg 8 4095to 4096.Pa /var/run/dmesg.boot 4097on boot. 4098.It Va rcshutdown_timeout 4099.Pq Vt int 4100If set, start a watchdog timer in the background which will terminate 4101.Pa rc.shutdown 4102if 4103.Xr shutdown 8 4104has not completed within the specified time (in seconds). 4105Notice that in addition to this soft timeout, 4106.Xr init 8 4107also applies a hard timeout for the execution of 4108.Pa rc.shutdown . 4109This is configured via 4110.Xr sysctl 8 4111variable 4112.Va kern.init_shutdown_timeout 4113and defaults to 120 seconds. 4114Setting the value of 4115.Va rcshutdown_timeout 4116to more than 120 seconds will have no effect until the 4117.Xr sysctl 8 4118variable 4119.Va kern.init_shutdown_timeout 4120is also increased. 4121.It Va virecover_enable 4122.Pq Vt bool 4123Set to 4124.Dq Li NO 4125to prevent the system from trying to 4126recover pre-maturely terminated 4127.Xr vi 1 4128sessions. 4129.It Va ugidfw_enable 4130.Pq Vt bool 4131Set to 4132.Dq Li YES 4133to load the 4134.Xr mac_bsdextended 4 4135module upon system initialization and load a default 4136ruleset file. 4137.It Va bsdextended_script 4138.Pq Vt str 4139The default 4140.Xr mac_bsdextended 4 4141ruleset file to load. 4142The default value of this variable is 4143.Pa /etc/rc.bsdextended . 4144.It Va newsyslog_enable 4145.Pq Vt bool 4146If set to 4147.Dq Li YES , 4148run 4149.Xr newsyslog 8 4150command at startup. 4151.It Va newsyslog_flags 4152.Pq Vt str 4153If 4154.Va newsyslog_enable 4155is set to 4156.Dq Li YES , 4157these are the flags to pass to the 4158.Xr newsyslog 8 4159program. 4160The default is 4161.Dq Li -CN , 4162which causes log files flagged with a 4163.Cm C 4164to be created. 4165.It Va mdconfig_md Ns Aq Ar X 4166.Pq Vt str 4167Arguments to 4168.Xr mdconfig 8 4169for 4170.Xr md 4 4171device 4172.Ar X . 4173At minimum a 4174.Fl t Ar type 4175must be specified and either a 4176.Fl s Ar size 4177for malloc or swap backed 4178.Xr md 4 4179devices or a 4180.Fl f Ar file 4181for vnode backed 4182.Xr md 4 4183devices. 4184Note that 4185.Va mdconfig_md Ns Aq Ar X 4186variables are evaluated until one variable is unset or null. 4187.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4188.Pq Vt str 4189Optional arguments passed to 4190.Xr newfs 8 4191to initialize 4192.Xr md 4 4193device 4194.Ar X . 4195.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4196.Pq Vt str 4197An ownership specification passed to 4198.Xr chown 8 4199after the specified 4200.Xr md 4 4201device 4202.Ar X 4203has been mounted. 4204Both the 4205.Xr md 4 4206device and the mount point will be changed. 4207.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4208.Pq Vt str 4209A mode string passed to 4210.Xr chmod 1 4211after the specified 4212.Xr md 4 4213device 4214.Ar X 4215has been mounted. 4216Both the 4217.Xr md 4 4218device and the mount point will be changed. 4219.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4220.Pq Vt str 4221Files to be copied to the mount point of the 4222.Xr md 4 4223device 4224.Ar X 4225after it has been mounted. 4226.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4227.Pq Vt str 4228Command to execute after the specified 4229.Xr md 4 4230device 4231.Ar X 4232has been mounted. 4233Note that the command is passed to 4234.Ic eval 4235and that both 4236.Va _dev 4237and 4238.Va _mp 4239variables can be used to reference respectively the 4240.Xr md 4 4241device and the mount point. 4242Assuming that the 4243.Xr md 4 4244device is 4245.Li md0 , 4246one could set the following: 4247.Bd -literal 4248mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4249.Ed 4250.It Va autobridge_interfaces 4251.Pq Vt str 4252Set to the list of bridge interfaces that will have newly arriving interfaces 4253checked against to be automatically added. 4254If not set to 4255.Dq Li NO 4256then for each whitespace separated 4257.Ar element 4258in the value, a 4259.Va autobridge_ Ns Aq Ar element 4260variable is assumed to exist which has a whitespace separated list of interface 4261names to match, these names can use wildcards. 4262For example: 4263.Bd -literal 4264autobridge_interfaces="bridge0" 4265autobridge_bridge0="tap* dc0 vlan[345]" 4266.Ed 4267.It Va mixer_enable 4268.Pq Vt bool 4269If set to 4270.Dq Li YES , 4271enable support for sound mixer. 4272.It Va hcsecd_enable 4273.Pq Vt bool 4274If set to 4275.Dq Li YES , 4276enable Bluetooth security daemon. 4277.It Va hcsecd_config 4278.Pq Vt str 4279Configuration file for 4280.Xr hcsecd 8 . 4281Default 4282.Pa /etc/bluetooth/hcsecd.conf . 4283.It Va sdpd_enable 4284.Pq Vt bool 4285If set to 4286.Dq Li YES , 4287enable Bluetooth Service Discovery Protocol daemon. 4288.It Va sdpd_control 4289.Pq Vt str 4290Path to 4291.Xr sdpd 8 4292control socket. 4293Default 4294.Pa /var/run/sdp . 4295.It Va sdpd_groupname 4296.Pq Vt str 4297Sets 4298.Xr sdpd 8 4299group to run as after it initializes. 4300Default 4301.Dq Li nobody . 4302.It Va sdpd_username 4303.Pq Vt str 4304Sets 4305.Xr sdpd 8 4306user to run as after it initializes. 4307Default 4308.Dq Li nobody . 4309.It Va bthidd_enable 4310.Pq Vt bool 4311If set to 4312.Dq Li YES , 4313enable Bluetooth Human Interface Device daemon. 4314.It Va bthidd_config 4315.Pq Vt str 4316Configuration file for 4317.Xr bthidd 8 . 4318Default 4319.Pa /etc/bluetooth/bthidd.conf . 4320.It Va bthidd_hids 4321.Pq Vt str 4322Path to a file, where 4323.Xr bthidd 8 4324will store information about known HID devices. 4325Default 4326.Pa /var/db/bthidd.hids . 4327.It Va rfcomm_pppd_server_enable 4328.Pq Vt bool 4329If set to 4330.Dq Li YES , 4331enable Bluetooth RFCOMM PPP wrapper daemon. 4332.It Va rfcomm_pppd_server_profile 4333.Pq Vt str 4334The name of the profile to use from 4335.Pa /etc/ppp/ppp.conf . 4336Multiple profiles can be specified here. 4337Also used to specify per-profile overrides. 4338When the profile name contains any of the characters 4339.Dq Li .-/+ 4340they are translated to 4341.Dq Li _ 4342for the proposes of the override variable names. 4343.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4344.Pq Vt str 4345Overrides local address to listen on. 4346By default 4347.Xr rfcomm_pppd 8 4348will listen on 4349.Dq Li ANY 4350address. 4351The address can be specified as BD_ADDR or name. 4352.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4353.Pq Vt str 4354Overrides local RFCOMM channel to listen on. 4355By default 4356.Xr rfcomm_pppd 8 4357will listen on RFCOMM channel 1. 4358Must set properly if multiple profiles used in the same time. 4359.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4360.Pq Vt bool 4361Tells 4362.Xr rfcomm_pppd 8 4363if it should register Serial Port service on the specified RFCOMM channel. 4364Default 4365.Dq Li NO . 4366.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4367.Pq Vt bool 4368Tells 4369.Xr rfcomm_pppd 8 4370if it should register Dial-Up Networking service on the specified 4371RFCOMM channel. 4372Default 4373.Dq Li NO . 4374.It Va ubthidhci_enable 4375.Pq Vt bool 4376If set to 4377.Dq Li YES , 4378change the USB Bluetooth controller from HID mode to HCI mode. 4379You also need to specify the location of USB Bluetooth controller with the 4380.Va ubthidhci_busnum 4381and 4382.Va ubthidhci_addr 4383variables. 4384.It Va ubthidhci_busnum 4385Bus number where the USB Bluetooth controller is located. 4386Check the output of 4387.Xr usbconfig 8 4388on your system to find this information. 4389.It Va ubthidhci_addr 4390Bus address of the USB Bluetooth controller. 4391Check the output of 4392.Xr usbconfig 8 4393on your system to find this information. 4394.It Va netwait_enable 4395.Pq Vt bool 4396If set to 4397.Dq Li YES , 4398delays the start of network-reliant services until 4399.Va netwait_if 4400is up and ICMP packets to a destination defined in 4401.Va netwait_ip 4402are flowing. 4403Link state is examined first, followed by 4404.Dq Li pinging 4405an IP address to verify network usability. 4406If no destination can be reached or timeouts are exceeded, 4407network services are started anyway with no guarantee that 4408the network is usable. 4409Use of this variable requires both 4410.Va netwait_ip 4411and 4412.Va netwait_if 4413to be set. 4414.It Va netwait_ip 4415.Pq Vt str 4416Empty by default. 4417This variable contains a space-delimited list of IP addresses to 4418.Xr ping 8 . 4419DNS hostnames should not be used as resolution is not guaranteed 4420to be functional at this point. 4421If multiple IP addresses are specified, 4422each will be tried until one is successful or the list is exhausted. 4423.It Va netwait_timeout 4424.Pq Vt int 4425Indicates the total number of seconds to perform a 4426.Dq Li ping 4427against each IP address in 4428.Va netwait_ip , 4429at a rate of one ping per second. 4430If any of the pings are successful, 4431full network connectivity is considered reliable. 4432The default is 60. 4433.It Va netwait_if 4434.Pq Vt str 4435Empty by default. 4436Defines the name of the network interface on which watch for link. 4437.Xr ifconfig 8 4438is used to monitor the interface, looking for 4439.Dq Li status: no carrier . 4440Once gone, the link is considered up. 4441This can be a 4442.Xr vlan 4 4443interface if desired. 4444.It Va netwait_if_timeout 4445.Pq Vt int 4446Defines the total number of seconds to wait for link to become usable, 4447polled at a 1-second interval. 4448The default is 30. 4449.It Va rctl_enable 4450.Pq Vt bool 4451Set to 4452.Dq Li YES 4453to load 4454.Xr rctl 8 4455rules from the defined ruleset. 4456The kernel must be built with 4457.Cd "options RACCT" 4458and 4459.Cd "options RCTL" . 4460.It Va rctl_rules 4461.Pq Vt str 4462Set to 4463.Pa /etc/rctl.conf 4464by default. 4465This variables contains the 4466.Xr rctl.conf 5 4467ruleset to load for 4468.Xr rctl 8 . 4469.El 4470.Sh FILES 4471.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4472.It Pa /etc/defaults/rc.conf 4473.It Pa /etc/rc.conf 4474.It Pa /etc/rc.conf.local 4475.El 4476.Sh SEE ALSO 4477.Xr catman 1 , 4478.Xr chmod 1 , 4479.Xr gdb 1 , 4480.Xr info 1 , 4481.Xr kbdcontrol 1 , 4482.Xr makewhatis 1 , 4483.Xr sh 1 , 4484.Xr vi 1 , 4485.Xr vidcontrol 1 , 4486.Xr bridge 4 , 4487.Xr dummynet 4 , 4488.Xr ip 4 , 4489.Xr ipf 4 , 4490.Xr ipfw 4 , 4491.Xr ipnat 4 , 4492.Xr kld 4 , 4493.Xr pf 4 , 4494.Xr pflog 4 , 4495.Xr pfsync 4 , 4496.Xr tcp 4 , 4497.Xr udp 4 , 4498.Xr exports 5 , 4499.Xr fstab 5 , 4500.Xr ipf 5 , 4501.Xr ipnat 5 , 4502.Xr jail.conf 5 , 4503.Xr motd 5 , 4504.Xr newsyslog.conf 5 , 4505.Xr pf.conf 5 , 4506.Xr security 7 , 4507.Xr accton 8 , 4508.Xr amd 8 , 4509.Xr apm 8 , 4510.Xr atm 8 , 4511.Xr bthidd 8 , 4512.Xr chkprintcap 8 , 4513.Xr chown 8 , 4514.Xr cron 8 , 4515.Xr devfs 8 , 4516.Xr dhclient 8 , 4517.Xr ftpd 8 , 4518.Xr geli 8 , 4519.Xr hcsecd 8 , 4520.Xr ifconfig 8 , 4521.Xr inetd 8 , 4522.Xr ipf 8 , 4523.Xr ipfw 8 , 4524.Xr ipnat 8 , 4525.Xr jail 8 , 4526.Xr kldxref 8 , 4527.Xr lpd 8 , 4528.Xr mdconfig 8 , 4529.Xr mdmfs 8 , 4530.Xr mixer 8 , 4531.Xr mountd 8 , 4532.Xr moused 8 , 4533.Xr mrouted 8 , 4534.Xr newfs 8 , 4535.Xr newsyslog 8 , 4536.Xr nfsd 8 , 4537.Xr ntpd 8 , 4538.Xr ntpdate 8 , 4539.Xr pfctl 8 , 4540.Xr pflogd 8 , 4541.Xr ping 8 , 4542.Xr powerd 8 , 4543.Xr quotacheck 8 , 4544.Xr quotaon 8 , 4545.Xr rc 8 , 4546.Xr rc.sendmail 8 , 4547.Xr rfcomm_pppd 8 , 4548.Xr route 8 , 4549.Xr routed 8 , 4550.Xr rpcbind 8 , 4551.Xr rpc.lockd 8 , 4552.Xr rpc.statd 8 , 4553.Xr rwhod 8 , 4554.Xr savecore 8 , 4555.Xr sdpd 8 , 4556.Xr sshd 8 , 4557.Xr swapon 8 , 4558.Xr sysctl 8 , 4559.Xr syslogd 8 , 4560.Xr timed 8 , 4561.Xr unbound 8 , 4562.Xr usbconfig 8 , 4563.Xr wlandebug 8 , 4564.Xr yp 8 , 4565.Xr ypbind 8 , 4566.Xr ypserv 8 , 4567.Xr ypset 8 4568.Sh HISTORY 4569The 4570.Nm 4571file appeared in 4572.Fx 2.2.2 . 4573.Sh AUTHORS 4574.An Jordan K. Hubbard . 4575