1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd October 27, 2012 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory, which will be included by the 74.Va load_rc_config 75function. 76For jail configurations you could use the file 77.Pa /etc/rc.conf.d/jail 78to store jail specific configuration options. 79Also see the 80.Va rc_conf_files 81variable below. 82.Pp 83Options are set with 84.Dq Ar name Ns Li = Ns Ar value 85assignments that use 86.Xr sh 1 87syntax. 88The following list provides a name and short description for each 89variable that can be set in the 90.Nm 91file: 92.Bl -tag -width indent-two 93.It Va rc_debug 94.Pq Vt bool 95If set to 96.Dq Li YES , 97enable output of debug messages from rc scripts. 98This variable can be helpful in diagnosing mistakes when 99editing or integrating new scripts. 100Beware that this produces copious output to the terminal and 101.Xr syslog 3 . 102.It Va rc_info 103.Pq Vt bool 104If set to 105.Dq Li NO , 106disable informational messages from the rc scripts. 107Informational messages are displayed when 108a condition that is not serious enough to warrant a warning or 109an error occurs. 110.It Va rc_startmsgs 111.Pq Vt bool 112If set to 113.Dq Li YES , 114show 115.Dq Starting foo: 116when faststart is used (e.g., at boot time). 117.It Va early_late_divider 118.Pq Vt str 119The name of the script that should be used as the 120delimiter between the 121.Dq early 122and 123.Dq late 124stages of the boot process. 125The early stage should contain all the services needed to 126get the disks (local or remote) mounted so that the late 127stage can include scripts contained in the directories 128listed in the 129.Va local_startup 130variable (see below). 131Thus, the two likely candidates for this value are 132.Pa mountcritlocal 133for the typical system, and 134.Pa mountcritremote 135if the system needs remote file 136systems mounted to get access to the 137.Va local_startup 138directories; for example when 139.Pa /usr/local 140is NFS mounted. 141For 142.Pa rc.conf 143within a 144.Xr jail 8 145.Pa NETWORKING 146is likely to be an appropriate value. 147Extreme care should be taken when changing this value, 148and before changing it one should ensure that there are 149adequate provisions to recover from a failed boot 150(such as physical contact with the machine, 151or reliable remote console access). 152.It Va always_force_depends 153.Pq Vt bool 154Various 155.Pa rc.d 156scripts use the force_depend function to check whether required 157services are already running, and to start them if necessary. 158By default during boot time this check is bypassed if the 159required service is enabled in 160.Pa /etc/rc.conf[.local] . 161Setting this option will bypass that check at boot time and 162always test whether or not the service is actually running. 163Enabling this option is likely to increase your boot time if 164services are enabled that utilize the force_depend check. 165.It Va swapfile 166.Pq Vt str 167If set to 168.Dq Li NO , 169no swapfile is installed, otherwise the value is used as the full 170pathname to a file to use for additional swap space. 171.It Ao Ar name Ac Ns Va _chroot 172.Pq Vt str 173.Xr chroot 174to this directory before running the service. 175.It Ao Ar name Ac Ns Va _user 176.Pq Vt str 177Run the service under this user account. 178.It Ao Ar name Ac Ns Va _group 179.Pq Vt str 180Run the chrooted service under this system group. Unlike the _user 181setting, this setting has no effect if the service is not chrooted. 182.It Ao Ar name Ac Ns Va _fib 183.Pq Vt int 184The 185.Xr setfib 1 186value to run the service under. 187.It Ao Ar name Ac Ns Va _nice 188.Pq Vt int 189The 190.Xr nice 1 191value to run the service under. 192.It Va apm_enable 193.Pq Vt bool 194If set to 195.Dq Li YES , 196enable support for Automatic Power Management with 197the 198.Xr apm 8 199command. 200.It Va apmd_enable 201.Pq Vt bool 202Run 203.Xr apmd 8 204to handle APM event from userland. 205This also enables support for APM. 206.It Va apmd_flags 207.Pq Vt str 208If 209.Va apmd_enable 210is set to 211.Dq Li YES , 212these are the flags to pass to the 213.Xr apmd 8 214daemon. 215.It Va devd_enable 216.Pq Vt bool 217Run 218.Xr devd 8 219to handle device added, removed or unknown events from the kernel. 220.It Va ddb_enable 221.Pq Vt bool 222Run 223.Xr ddb 8 224to install 225.Xr ddb 4 226scripts at boot time. 227.It Va ddb_config 228.Pq Vt str 229Configuration file for 230.Xr ddb 8 . 231Default 232.Pa /etc/ddb.conf . 233.It Va kld_list 234.Pq Vt str 235A list of kernel modules to load right after the local 236disks are mounted. 237Loading modules at this point in the boot process is 238much faster than doing it via 239.Pa /boot/loader.conf 240for those modules not necessary for mounting local disk. 241.It Va kldxref_enable 242.Pq Vt bool 243Set to 244.Dq Li NO 245by default. 246Set to 247.Dq Li YES 248to automatically rebuild 249.Pa linker.hints 250files with 251.Xr kldxref 8 252at boot time. 253.It Va kldxref_clobber 254.Pq Vt bool 255Set to 256.Dq Li NO 257by default. 258If 259.Va kldxref_enable 260is true, 261setting to 262.Dq Li YES 263will overwrite existing 264.Pa linker.hints 265files at boot time. 266Otherwise, 267only missing 268.Pa linker.hints 269files are generated. 270.It Va kldxref_module_path 271.Pq Vt str 272Empty by default. 273A semi-colon 274.Pq Ql \&; 275delimited list of paths containing 276.Xr kld 4 277modules. 278If empty, 279the contents of the 280.Va kern.module_path 281.Xr sysctl 8 282are used. 283.It Va powerd_enable 284.Pq Vt bool 285If set to 286.Dq Li YES , 287enable the system power control facility with the 288.Xr powerd 8 289daemon. 290.It Va powerd_flags 291.Pq Vt str 292If 293.Va powerd_enable 294is set to 295.Dq Li YES , 296these are the flags to pass to the 297.Xr powerd 8 298daemon. 299.It Va tmpmfs 300Controls the creation of a 301.Pa /tmp 302memory file system. 303Always happens if set to 304.Dq Li YES 305and never happens if set to 306.Dq Li NO . 307If set to anything else, a memory file system is created if 308.Pa /tmp 309is not writable. 310.It Va tmpsize 311Controls the size of a created 312.Pa /tmp 313memory file system. 314.It Va tmpmfs_flags 315Extra options passed to the 316.Xr mdmfs 8 317utility when the memory file system for 318.Pa /tmp 319is created. 320The default is 321.Dq Li "-S" , 322which inhibits the use of softupdates on 323.Pa /tmp 324so that file system space is freed without delay 325after file truncation or deletion. 326See 327.Xr mdmfs 8 328for other options you can use in 329.Va tmpmfs_flags . 330.It Va varmfs 331Controls the creation of a 332.Pa /var 333memory file system. 334Always happens if set to 335.Dq Li YES 336and never happens if set to 337.Dq Li NO . 338If set to anything else, a memory file system is created if 339.Pa /var 340is not writable. 341.It Va varsize 342Controls the size of a created 343.Pa /var 344memory file system. 345.It Va varmfs_flags 346Extra options passed to the 347.Xr mdmfs 8 348utility when the memory file system for 349.Pa /var 350is created. 351The default is 352.Dq Li "-S" , 353which inhibits the use of softupdates on 354.Pa /var 355so that file system space is freed without delay 356after file truncation or deletion. 357See 358.Xr mdmfs 8 359for other options you can use in 360.Va varmfs_flags . 361.It Va populate_var 362Controls the automatic population of the 363.Pa /var 364file system. 365Always happens if set to 366.Dq Li YES 367and never happens if set to 368.Dq Li NO . 369If set to anything else, a memory file system is created if 370.Pa /var 371is not writable. 372Note that this process requires access to certain commands in 373.Pa /usr 374before 375.Pa /usr 376is mounted on normal systems. 377.It Va cleanvar_enable 378.Pq Vt bool 379Clean the 380.Pa /var 381directory. 382.It Va local_startup 383.Pq Vt str 384List of directories to search for startup script files. 385.It Va script_name_sep 386.Pq Vt str 387The field separator to use for breaking down the list of startup script files 388into individual filenames. 389The default is a space. 390It is not necessary to change this unless there are startup scripts with names 391containing spaces. 392.It Va hostapd_enable 393.Pq Vt bool 394Set to 395.Dq Li YES 396to start 397.Xr hostapd 8 398at system boot time. 399.It Va hostname 400.Pq Vt str 401The fully qualified domain name (FQDN) of this host on the network. 402This should almost certainly be set to something meaningful, even if 403there is no network connection. 404If 405.Xr dhclient 8 406is used to set the hostname via DHCP, 407this variable should be set to an empty string. 408If this value remains unset when the system is done booting 409your console login will display the default hostname of 410.Dq Amnesiac . 411.It Va nisdomainname 412.Pq Vt str 413The NIS domain name of this host, or 414.Dq Li NO 415if NIS is not used. 416.It Va dhclient_program 417.Pq Vt str 418Path to the DHCP client program 419.Pa ( /sbin/dhclient , 420the 421.Ox 422DHCP client, 423is the default). 424.It Va dhclient_flags 425.Pq Vt str 426Additional flags to pass to the DHCP client program. 427For the 428.Ox 429DHCP client, see the 430.Xr dhclient 8 431manpage for a description of the command line options available. 432.It Va dhclient_flags_ Ns Aq Ar iface 433Additional flags to pass to the DHCP client program running on 434.Ar iface 435only. 436When specified, this variable overrides 437.Va dhclient_flags . 438.It Va background_dhclient 439.Pq Vt bool 440Set to 441.Dq Li YES 442to start the DHCP client in background. 443This can cause trouble with applications depending on 444a working network, but it will provide a faster startup 445in many cases. 446.It Va background_dhclient_ Ns Aq Ar iface 447When specified, this variable overrides the 448.Va background_dhclient 449variable for interface 450.Ar iface 451only. 452.It Va synchronous_dhclient 453.Pq Vt bool 454Set to 455.Dq Li YES 456to start 457.Xr dhclient 8 458synchronously at startup. 459This behavior can be overridden on a per-interface basis by replacing 460the 461.Dq Li DHCP 462keyword in the 463.Va ifconfig_ Ns Aq Ar interface 464variable with 465.Dq Li SYNCDHCP 466or 467.Dq Li NOSYNCDHCP . 468.It Va defaultroute_delay 469.Pq Vt int 470When set to a positive value, wait up to this long after configuring 471DHCP interfaces at startup to give the interfaces time to receive a lease. 472.It Va firewall_enable 473.Pq Vt bool 474Set to 475.Dq Li YES 476to load firewall rules at startup. 477If the kernel was not built with 478.Cd "options IPFIREWALL" , 479the 480.Pa ipfw.ko 481kernel module will be loaded. 482See also 483.Va ipfilter_enable . 484.It Va firewall_script 485.Pq Vt str 486This variable specifies the full path to the firewall script to run. 487The default is 488.Pa /etc/rc.firewall . 489.It Va firewall_type 490.Pq Vt str 491Names the firewall type from the selection in 492.Pa /etc/rc.firewall , 493or the file which contains the local firewall ruleset. 494Valid selections from 495.Pa /etc/rc.firewall 496are: 497.Pp 498.Bl -tag -width ".Li simple" -compact 499.It Li open 500unrestricted IP access 501.It Li closed 502all IP services disabled, except via 503.Dq Li lo0 504.It Li client 505basic protection for a workstation 506.It Li simple 507basic protection for a LAN. 508.El 509.Pp 510If a filename is specified, the full path 511must be given. 512.It Va firewall_quiet 513.Pq Vt bool 514Set to 515.Dq Li YES 516to disable the display of firewall rules on the console during boot. 517.It Va firewall_logging 518.Pq Vt bool 519Set to 520.Dq Li YES 521to enable firewall event logging. 522This is equivalent to the 523.Dv IPFIREWALL_VERBOSE 524kernel option. 525.It Va firewall_logif 526.Pq Vt bool 527Set to 528.Dq Li YES 529to create pseudo interface 530.Li ipfw0 531for logging. 532For more details, see 533.Xr ipfw 8 534manual page. 535.It Va firewall_flags 536.Pq Vt str 537Flags passed to 538.Xr ipfw 8 539if 540.Va firewall_type 541specifies a filename. 542.It Va firewall_coscripts 543.Pq Vt str 544List of executables and/or rc scripts to run after firewall starts/stops. 545Default is empty. 546.\" ----- firewall_nat_enable setting -------------------------------- 547.It Va firewall_nat_enable 548.Pq Vt bool 549The 550.Xr ipfw 8 551equivalent of 552.Va natd_enable . 553Setting this to 554.Dq Li YES 555enables kernel NAT. 556.Va firewall_enable 557must also be set to 558.Dq Li YES . 559.It Va firewall_nat_interface 560.Pq Vt str 561The 562.Xr ipfw 8 563equivalent of 564.Va natd_interface . 565This is the name of the public interface or IP address on which 566kernel NAT should run. 567.It Va firewall_nat_flags 568.Pq Vt str 569Additional configuration parameters for kernel NAT should be placed here. 570.It Va dummynet_enable 571.Pq Vt bool 572Setting this to 573.Dq Li YES 574will automatically load the 575.Xr dummynet 4 576module if 577.Va firewall_enable 578is also set to 579.Dq Li YES . 580.\" ------------------------------------------------------------------- 581.It Va natd_program 582.Pq Vt str 583Path to 584.Xr natd 8 . 585.It Va natd_enable 586.Pq Vt bool 587Set to 588.Dq Li YES 589to enable 590.Xr natd 8 . 591.Va firewall_enable 592must also be set to 593.Dq Li YES , 594and 595.Xr divert 4 596sockets must be enabled in the kernel. 597If the kernel was not built with 598.Cd "options IPDIVERT" , 599the 600.Pa ipdivert.ko 601kernel module will be loaded. 602.It Va natd_interface 603.Pq Vt str 604This is the name of the public interface on which 605.Xr natd 8 606should run. 607The interface may be given as an interface name or as an IP address. 608.It Va natd_flags 609.Pq Vt str 610Additional 611.Xr natd 8 612flags should be placed here. 613The 614.Fl n 615or 616.Fl a 617flag is automatically added with the above 618.Va natd_interface 619as an argument. 620.\" ----- ipfilter_enable setting -------------------------------- 621.It Va ipfilter_enable 622.Pq Vt bool 623Set to 624.Dq Li NO 625by default. 626Setting this to 627.Dq Li YES 628enables 629.Xr ipf 8 630packet filtering. 631.Pp 632Typical usage will require putting 633.Bd -literal 634ipfilter_enable="YES" 635ipnat_enable="YES" 636ipmon_enable="YES" 637ipfs_enable="YES" 638.Ed 639.Pp 640into 641.Pa /etc/rc.conf 642and editing 643.Pa /etc/ipf.rules 644and 645.Pa /etc/ipnat.rules 646appropriately. 647.Pp 648Note that 649.Va ipfilter_enable 650and 651.Va ipnat_enable 652can be enabled independently. 653.Va ipmon_enable 654and 655.Va ipfs_enable 656both require at least one of 657.Va ipfilter_enable 658and 659.Va ipnat_enable 660to be enabled. 661.Pp 662Having 663.Bd -literal 664options IPFILTER 665options IPFILTER_LOG 666options IPFILTER_DEFAULT_BLOCK 667.Ed 668.Pp 669in the kernel configuration file is a good idea, too. 670.\" ----- ipfilter_program setting ------------------------------ 671.It Va ipfilter_program 672.Pq Vt str 673Path to 674.Xr ipf 8 675(default 676.Pa /sbin/ipf ) . 677.\" ----- ipfilter_rules setting -------------------------------- 678.It Va ipfilter_rules 679.Pq Vt str 680Set to 681.Pa /etc/ipf.rules 682by default. 683This variable contains the name of the filter rule definition file. 684The file is expected to be readable for the 685.Xr ipf 8 686command to execute. 687.\" ----- ipv6_ipfilter_rules setting --------------------------- 688.It Va ipv6_ipfilter_rules 689.Pq Vt str 690Set to 691.Pa /etc/ipf6.rules 692by default. 693This variable contains the IPv6 filter rule definition file. 694The file is expected to be readable for the 695.Xr ipf 8 696command to execute. 697.\" ----- ipfilter_flags setting -------------------------------- 698.It Va ipfilter_flags 699.Pq Vt str 700Empty by default. 701This variable contains flags passed to the 702.Xr ipf 8 703program. 704.\" ----- ipnat_enable setting ---------------------------------- 705.It Va ipnat_enable 706.Pq Vt bool 707Set to 708.Dq Li NO 709by default. 710Set it to 711.Dq Li YES 712to enable 713.Xr ipnat 8 714network address translation. 715See 716.Va ipfilter_enable 717for a detailed discussion. 718.\" ----- ipnat_program setting --------------------------------- 719.It Va ipnat_program 720.Pq Vt str 721Path to 722.Xr ipnat 8 723(default 724.Pa /sbin/ipnat ) . 725.\" ----- ipnat_rules setting ----------------------------------- 726.It Va ipnat_rules 727.Pq Vt str 728Set to 729.Pa /etc/ipnat.rules 730by default. 731This variable contains the name of the file 732holding the network address translation definition. 733This file is expected to be readable for the 734.Xr ipnat 8 735command to execute. 736.\" ----- ipnat_flags setting ----------------------------------- 737.It Va ipnat_flags 738.Pq Vt str 739Empty by default. 740This variable contains flags passed to the 741.Xr ipnat 8 742program. 743.\" ----- ipmon_enable setting ---------------------------------- 744.It Va ipmon_enable 745.Pq Vt bool 746Set to 747.Dq Li NO 748by default. 749Set it to 750.Dq Li YES 751to enable 752.Xr ipmon 8 753monitoring (logging 754.Xr ipf 8 755and 756.Xr ipnat 8 757events). 758Setting this variable needs setting 759.Va ipfilter_enable 760or 761.Va ipnat_enable 762too. 763See 764.Va ipfilter_enable 765for a detailed discussion. 766.\" ----- ipmon_program setting --------------------------------- 767.It Va ipmon_program 768.Pq Vt str 769Path to 770.Xr ipmon 8 771(default 772.Pa /sbin/ipmon ) . 773.\" ----- ipmon_flags setting ----------------------------------- 774.It Va ipmon_flags 775.Pq Vt str 776Set to 777.Dq Li -Ds 778by default. 779This variable contains flags passed to the 780.Xr ipmon 8 781program. 782Another typical example would be 783.Dq Fl D Pa /var/log/ipflog 784to have 785.Xr ipmon 8 786log directly to a file bypassing 787.Xr syslogd 8 . 788Make sure to adjust 789.Pa /etc/newsyslog.conf 790in such case like this: 791.Bd -literal 792/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 793.Ed 794.\" ----- ipfs_enable setting ----------------------------------- 795.It Va ipfs_enable 796.Pq Vt bool 797Set to 798.Dq Li NO 799by default. 800Set it to 801.Dq Li YES 802to enable 803.Xr ipfs 8 804saving the filter and NAT state tables during shutdown 805and reloading them during startup again. 806Setting this variable needs setting 807.Va ipfilter_enable 808or 809.Va ipnat_enable 810to 811.Dq Li YES 812too. 813See 814.Va ipfilter_enable 815for a detailed discussion. 816Note that if 817.Va kern_securelevel 818is set to 3, 819.Va ipfs_enable 820cannot be used 821because the raised securelevel will prevent 822.Xr ipfs 8 823from saving the state tables at shutdown time. 824.\" ----- ipfs_program setting ---------------------------------- 825.It Va ipfs_program 826.Pq Vt str 827Path to 828.Xr ipfs 8 829(default 830.Pa /sbin/ipfs ) . 831.\" ----- ipfs_flags setting ------------------------------------ 832.It Va ipfs_flags 833.Pq Vt str 834Empty by default. 835This variable contains flags passed to the 836.Xr ipfs 8 837program. 838.\" ----- end of added ipf hook --------------------------------- 839.It Va pf_enable 840.Pq Vt bool 841Set to 842.Dq Li NO 843by default. 844Setting this to 845.Dq Li YES 846enables 847.Xr pf 4 848packet filtering. 849.Pp 850Typical usage will require putting 851.Pp 852.Dl pf_enable="YES" 853.Pp 854into 855.Pa /etc/rc.conf 856and editing 857.Pa /etc/pf.conf 858appropriately. 859Adding 860.Pp 861.Dl "device pf" 862.Pp 863builds support for 864.Xr pf 4 865into the kernel, otherwise the 866kernel module will be loaded. 867.It Va pf_rules 868.Pq Vt str 869Path to 870.Xr pf 4 871ruleset configuration file 872(default 873.Pa /etc/pf.conf ) . 874.It Va pf_program 875.Pq Vt str 876Path to 877.Xr pfctl 8 878(default 879.Pa /sbin/pfctl ) . 880.It Va pf_flags 881.Pq Vt str 882If 883.Va pf_enable 884is set to 885.Dq Li YES , 886these flags are passed to the 887.Xr pfctl 8 888program when loading the ruleset. 889.It Va pflog_enable 890.Pq Vt bool 891Set to 892.Dq Li NO 893by default. 894Setting this to 895.Dq Li YES 896enables 897.Xr pflogd 8 898which logs packets from the 899.Xr pf 4 900packet filter. 901.It Va pflog_logfile 902.Pq Vt str 903If 904.Va pflog_enable 905is set to 906.Dq Li YES 907this controls where 908.Xr pflogd 8 909stores the logfile 910(default 911.Pa /var/log/pflog ) . 912Check 913.Pa /etc/newsyslog.conf 914to adjust logfile rotation for this. 915.It Va pflog_program 916.Pq Vt str 917Path to 918.Xr pflogd 8 919(default 920.Pa /sbin/pflogd ) . 921.It Va pflog_flags 922.Pq Vt str 923Empty by default. 924This variable contains additional flags passed to the 925.Xr pflogd 8 926program. 927.It Va ftpproxy_enable 928.Pq Vt bool 929Set to 930.Dq Li NO 931by default. 932Setting this to 933.Dq Li YES 934enables 935.Xr ftp-proxy 8 936which supports the 937.Xr pf 4 938packet filter in translating ftp connections. 939.It Va ftpproxy_flags 940.Pq Vt str 941Empty by default. 942This variable contains additional flags passed to the 943.Xr ftp-proxy 8 944program. 945.It Va pfsync_enable 946.Pq Vt bool 947Set to 948.Dq Li NO 949by default. 950Setting this to 951.Dq Li YES 952enables exposing 953.Xr pf 4 954state changes to other hosts over the network by means of 955.Xr pfsync 4 . 956The 957.Va pfsync_syncdev 958variable 959must also be set then. 960.It Va pfsync_syncdev 961.Pq Vt str 962Empty by default. 963This variable specifies the name of the network interface 964.Xr pfsync 4 965should operate through. 966It must be set accordingly if 967.Va pfsync_enable 968is set to 969.Dq Li YES . 970.It Va pfsync_syncpeer 971.Pq Vt str 972Empty by default. 973This variable is optional. 974By default, state change messages are sent out on the synchronisation 975interface using IP multicast packets. 976The protocol is IP protocol 240, PFSYNC, and the multicast group used is 977224.0.0.240. 978When a peer address is specified using the 979.Va pfsync_syncpeer 980option, the peer address is used as a destination for the pfsync 981traffic, and the traffic can then be protected using 982.Xr ipsec 4 . 983See the 984.Xr pfsync 4 985manpage for more details about using 986.Xr ipsec 4 987with 988.Xr pfsync 4 989interfaces. 990.It Va pfsync_ifconfig 991.Pq Vt str 992Empty by default. 993This variable can contain additional options to be passed to the 994.Xr ifconfig 8 995command used to set up 996.Xr pfsync 4 . 997.It Va tcp_extensions 998.Pq Vt bool 999Set to 1000.Dq Li YES 1001by default. 1002Setting this to 1003.Dq Li NO 1004disables certain TCP options as described by 1005.Rs 1006.%T "RFC 1323" 1007.Re 1008Setting this to 1009.Dq Li NO 1010might help remedy such problems with connections as randomly hanging 1011or other weird behavior. 1012Some network devices are known 1013to be broken with respect to these options. 1014.It Va log_in_vain 1015.Pq Vt int 1016Set to 0 by default. 1017The 1018.Xr sysctl 8 1019variables, 1020.Va net.inet.tcp.log_in_vain 1021and 1022.Va net.inet.udp.log_in_vain , 1023as described in 1024.Xr tcp 4 1025and 1026.Xr udp 4 , 1027are set to the given value. 1028.It Va tcp_keepalive 1029.Pq Vt bool 1030Set to 1031.Dq Li YES 1032by default. 1033Setting to 1034.Dq Li NO 1035will disable probing idle TCP connections to verify that the 1036peer is still up and reachable. 1037.It Va tcp_drop_synfin 1038.Pq Vt bool 1039Set to 1040.Dq Li NO 1041by default. 1042Setting to 1043.Dq Li YES 1044will cause the kernel to ignore TCP frames that have both 1045the SYN and FIN flags set. 1046This prevents OS fingerprinting, but may 1047break some legitimate applications. 1048.It Va icmp_drop_redirect 1049.Pq Vt bool 1050Set to 1051.Dq Li NO 1052by default. 1053Setting to 1054.Dq Li YES 1055will cause the kernel to ignore ICMP REDIRECT packets. 1056Refer to 1057.Xr icmp 4 1058for more information. 1059.It Va icmp_log_redirect 1060.Pq Vt bool 1061Set to 1062.Dq Li NO 1063by default. 1064Setting to 1065.Dq Li YES 1066will cause the kernel to log ICMP REDIRECT packets. 1067Note that 1068the log messages are not rate-limited, so this option should only be used 1069for troubleshooting networks. 1070Refer to 1071.Xr icmp 4 1072for more information. 1073.It Va icmp_bmcastecho 1074.Pq Vt bool 1075Set to 1076.Dq Li YES 1077to respond to broadcast or multicast ICMP ping packets. 1078Refer to 1079.Xr icmp 4 1080for more information. 1081.It Va ip_portrange_first 1082.Pq Vt int 1083If not set to 1084.Dq Li NO , 1085this is the first port in the default portrange. 1086Refer to 1087.Xr ip 4 1088for more information. 1089.It Va ip_portrange_last 1090.Pq Vt int 1091If not set to 1092.Dq Li NO , 1093this is the last port in the default portrange. 1094Refer to 1095.Xr ip 4 1096for more information. 1097.It Va network_interfaces 1098.Pq Vt str 1099Set to the list of network interfaces to configure on this host or 1100.Dq Li AUTO 1101(the default) for all current interfaces. 1102Setting the 1103.Va network_interfaces 1104variable to anything other than the default is deprecated. 1105Interfaces that the administrator wishes to store configuration for, 1106but not start at boot should be configured with the 1107.Dq Li NOAUTO 1108keyword in their 1109.Va ifconfig_ Ns Aq Ar interface 1110variables as described below. 1111.Pp 1112An 1113.Va ifconfig_ Ns Aq Ar interface 1114variable is also assumed to exist for each value of 1115.Ar interface . 1116When an interface name contains any of the characters 1117.Dq Li .-/+ 1118they are translated to 1119.Dq Li _ 1120before lookup. 1121The variable can contain arguments to 1122.Xr ifconfig 8 , 1123as well as special case-insensitive keywords described below. 1124Such keywords are removed before passing the value to 1125.Xr ifconfig 8 1126while the order of the other arguments is preserved. 1127.Pp 1128One can configure more than one IPv4 address with the 1129.Va ipv4_addrs_ Ns Aq Ar interface 1130variable. 1131One or more IP addresses must be provided in Classless Inter-Domain 1132Routing (CIDR) address notation, whose last byte can be a range like 1133192.0.2.5-23/24. 1134In this case the address 192.0.2.5 will be configured with the 1135netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1136the non-conflicting netmask /32 as explained in the 1137.Xr ifconfig 8 1138alias section. 1139With the interface in question being 1140.Li ed0 , 1141an example could look like: 1142.Bd -literal 1143ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28" 1144.Ed 1145.Pp 1146It is also possible to add IP alias entries using 1147.Xr ifconfig 8 1148syntax with the 1149.Dq Li inet 1150keyword. 1151Assuming that the interface in question was 1152.Li ed0 , 1153it might look 1154something like this: 1155.Bd -literal 1156ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1157ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1158.Ed 1159.Pp 1160And so on. 1161For each 1162.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1163entry with the 1164.Dq Li inet 1165keyword that is found, 1166its contents are passed to 1167.Xr ifconfig 8 . 1168Execution stops at the first unsuccessful access, so if 1169something like this is present: 1170.Bd -literal 1171ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1172ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1173ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1174ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1175.Ed 1176.Pp 1177Then note that alias4 would 1178.Em not 1179be added since the search would 1180stop with the missing 1181.Dq Li alias3 1182entry. 1183Due to this difficult to manage behavior, the 1184.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1185form is deprecated. 1186.Pp 1187If the 1188.Pa /etc/start_if. Ns Aq Ar interface 1189file is present, it is read and executed by the 1190.Xr sh 1 1191interpreter 1192before configuring the interface as specified in the 1193.Va ifconfig_ Ns Aq Ar interface 1194and 1195.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1196variables. 1197.Pp 1198If a 1199.Va vlans_ Ns Aq Ar interface 1200variable is set, 1201a 1202.Xr vlan 4 1203interface will be created for each item in the list with the 1204.Ar vlandev 1205argument set to 1206.Ar interface . 1207If a vlan interface's name is a number, 1208then that number is used as the vlan tag and the new vlan interface is 1209named 1210.Ar interface . Ns Ar tag . 1211Otherwise, 1212the vlan tag must be specified via a 1213.Va vlan 1214parameter in the 1215.Va create_args_ Ns Aq Ar interface 1216variable. 1217.Pp 1218To create a vlan device named 1219.Li em0.101 1220on 1221.Li em0 1222with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1223.Bd -literal 1224vlans_em0="101" 1225ifconfig_em0_101="inet 192.0.2.1/24" 1226.Ed 1227.Pp 1228To create a vlan device named 1229.Li myvlan 1230on 1231.Li em0 1232with the vlan tag 102: 1233.Bd -literal 1234vlans_em0="myvlan" 1235create_args_myvlan="vlan 102" 1236.Ed 1237.Pp 1238If a 1239.Va wlans_ Ns Aq Ar interface 1240variable is set, 1241an 1242.Xr wlan 4 1243interface will be created for each item in the list with the 1244.Ar wlandev 1245argument set to 1246.Ar interface . 1247Further wlan cloning arguments may be passed to the 1248.Xr ifconfig 8 1249.Cm create 1250command by setting the 1251.Va create_args_ Ns Aq Ar interface 1252variable. 1253One or more 1254.Xr wlan 4 1255devices must be created for each wireless devices as of 1256.Fx 8.0 . 1257Debugging flags for 1258.Xr wlan 4 1259devices as set by 1260.Xr wlandebug 8 1261may be specified with an 1262.Va wlandebug_ Ns Aq Ar interface 1263variable. 1264The contents of this variable will be passed directly to 1265.Xr wlandebug 8 . 1266.Pp 1267If the 1268.Va ifconfig_ Ns Aq Ar interface 1269contains the keyword 1270.Dq Li NOAUTO 1271then the interface will not be configured 1272at boot or by 1273.Pa /etc/pccard_ether 1274when 1275.Va network_interfaces 1276is set to 1277.Dq Li AUTO . 1278.Pp 1279It is possible to bring up an interface with DHCP by adding 1280.Dq Li DHCP 1281to the 1282.Va ifconfig_ Ns Aq Ar interface 1283variable. 1284For instance, to initialize the 1285.Li ed0 1286device via DHCP, 1287it is possible to use something like: 1288.Bd -literal 1289ifconfig_ed0="DHCP" 1290.Ed 1291.Pp 1292Also, if you want to configure your wireless interface with 1293.Xr wpa_supplicant 8 1294for use with WPA, EAP/LEAP or WEP, you need to add 1295.Dq Li WPA 1296to the 1297.Va ifconfig_ Ns Aq Ar interface 1298variable. 1299.Pp 1300Finally, you can add 1301.Xr ifconfig 8 1302options in this variable, in addition to the 1303.Pa /etc/start_if. Ns Aq Ar interface 1304file. 1305For instance, to configure an 1306.Xr ath 4 1307wireless device in station mode with an address obtained 1308via DHCP, using WPA authentication and 802.11b mode, it is 1309possible to use something like: 1310.Bd -literal 1311wlans_ath0="wlan0" 1312ifconfig_wlan0="DHCP WPA mode 11b" 1313.Ed 1314.Pp 1315In addition to the 1316.Va ifconfig_ Ns Aq Ar interface 1317form, a fallback variable 1318.Va ifconfig_DEFAULT 1319may be configured. 1320It will be used for all interfaces with no 1321.Va ifconfig_ Ns Aq Ar interface 1322variable. 1323This is intended to replace the no longer supported 1324.Va pccard_ifconfig 1325variable. 1326.Pp 1327It is also possible to rename an interface by doing: 1328.Bd -literal 1329ifconfig_ed0_name="net0" 1330ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1331.Ed 1332.It Va ipv6_enable 1333.Pq Vt bool 1334This variable is deprecated. 1335Use 1336.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1337and 1338.Va ipv6_activate_all_interfaces 1339if necessary. 1340.Pp 1341If the variable is 1342.Dq Li YES , 1343.Dq Li inet6 accept_rtadv 1344is added to all of 1345.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1346and the 1347.Va ipv6_activate_all_interfaces 1348is defined as 1349.Dq Li YES . 1350.It Va ipv6_prefer 1351.Pq Vt bool 1352This variable is deprecated. 1353Use 1354.Va ip6addrctl_policy 1355instead. 1356.Pp 1357If the variable is 1358.Dq Li YES , 1359the default address selection policy table set by 1360.Xr ip6addrctl 8 1361will be IPv6-preferred. 1362.Pp 1363If the variable is 1364.Dq Li NO , 1365the default address selection policy table set by 1366.Xr ip6addrctl 8 1367will be IPv4-preferred. 1368.It Va ipv6_activate_all_interfaces 1369.Pq Vt bool 1370This controls initial configuration on IPv6-capable 1371interfaces with no corresponding 1372.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1373variable. 1374Note that it is not always necessary to set this variable to 1375.Dq YES 1376to use IPv6 functionality on 1377.Fx . 1378In most cases, just configuring 1379.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1380variables works. 1381.Pp 1382If the variable is 1383.Dq Li NO , 1384all interfaces which do not have a corresponding 1385.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1386variable will be marked as 1387.Dq Li IFDISABLED 1388at creation. 1389This means that all of IPv6 functionality on that interface 1390is completely disabled to enforce a security policy. 1391If the variable is set to 1392.Dq YES , 1393the flag will be cleared on all of the interfaces. 1394.Pp 1395In most cases, just defining an 1396.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1397for an IPv6-capable interface should be sufficient. 1398However, if an interface is added dynamically 1399.Pq by some tunneling protocols such as PPP, for example , 1400it is often difficult to define the variable in advance. 1401In such a case, configuring the 1402.Dq Li IFDISABLED 1403flag can be disabled by setting this variable to 1404.Dq YES . 1405.Pp 1406For more details of the 1407.Dq Li IFDISABLED 1408flag and keywords 1409.Dq Li inet6 ifdisabled , 1410see 1411.Xr ifconfig 8 . 1412.Pp 1413Default is 1414.Dq Li NO . 1415.It Va ipv6_privacy 1416.Pq Vt bool 1417If the variable is 1418.Dq Li YES 1419privacy addresses will be generated for each IPv6 1420interface as described in RFC 4941. 1421.It Va ipv6_network_interfaces 1422.Pq Vt str 1423This is the IPv6 equivalent of 1424.Va network_interfaces . 1425Normally manual configuration of this variable is not needed. 1426.Pp 1427.It Va ipv6_cpe_wanif 1428.Pq Vt str 1429If the variable is set to an interface name, 1430the 1431.Xr ifconfig 8 1432options 1433.Dq inet6 -no_radr accept_rtadv 1434will be added to the specified interface automatically before evaluating 1435.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1436and two 1437.Xr sysctl 8 1438variables 1439.Va net.inet6.ip6.rfc6204w3 1440and 1441.Va net.inet6.ip6.no_radr 1442will be set to 1. 1443.Pp 1444This means the specified interface will accept ICMPv6 Router 1445Advertisement messages on that link and add the discovered 1446routers into the Default Router List. 1447While the other interfaces can still accept RA messages if the 1448.Dq inet6 accept_rtadv 1449option is specified, adding 1450routes into the Default Router List will be disabled by 1451.Dq inet6 no_radr 1452option by default. 1453See 1454.Xr ifconfig 8 1455for more details. 1456.Pp 1457Note that ICMPv6 Router Advertisement messages will be 1458accepted even when 1459.Va net.inet6.ip6.forwarding 1460is 1 1461.Pq packet forwarding is enabled 1462when 1463.Va net.inet6.ip6.rfc6204w3 1464is set to 1. 1465.Pp 1466Default is 1467.Dq Li NO . 1468.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1469.Pq Vt str 1470IPv6 functionality on an interface should be configured by 1471.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1472instead of setting ifconfig parameters in 1473.Va ifconfig_ Ns Aq Ar interface . 1474If this variable is empty, all of IPv6 configurations on the 1475specified interface by other variables such as 1476.Va ipv6_prefix_ Ns Ao Ar interface Ac 1477will be ignored. 1478.Pp 1479Aliases should be set by 1480.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1481with 1482.Dq Li inet6 1483keyword. 1484For example: 1485.Bd -literal 1486ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1487ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1488.Ed 1489.Pp 1490Interfaces that have an 1491.Dq Li inet6 accept_rtadv 1492keyword in 1493.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1494setting will be automatically configured by SLAAC 1495.Pq StateLess Address AutoConfiguration 1496described in 1497.Rs 1498.%T "RFC 4862" 1499.Re 1500.Pp 1501Note that a link-local address will be automatically configured in 1502addition to the configured global-scope addresses because the IPv6 1503specifications require it on each link. 1504The address is calculated from the MAC address by using an algorithm 1505defined in 1506.Rs 1507.%T "RFC 4862" 1508.%O "Section 5.3" 1509.Re 1510.Pp 1511If only a link-local address is needed on the interface, 1512the following configuration can be used: 1513.Bd -literal 1514ifconfig_ed0_ipv6="inet6 auto_linklocal" 1515.Ed 1516.Pp 1517A link-local address can also be configured manually. 1518This is useful for the default router address of an IPv6 router 1519so that it does not change when the network interface 1520card is replaced. 1521For example: 1522.Bd -literal 1523ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1524.Ed 1525.It Va ipv6_prefix_ Ns Aq Ar interface 1526.Pq Vt str 1527If one or more prefixes are defined in 1528.Va ipv6_prefix_ Ns Aq Ar interface 1529addresses based on each prefix and the EUI-64 interface index will be 1530configured on that interface. 1531Note that this variable will be ignored when 1532.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1533is empty. 1534.Pp 1535For example, the following configuration 1536.Bd -literal 1537ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1538.Ed 1539.Pp 1540is equivalent to the following: 1541.Bd -literal 1542ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1543ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1544ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1545ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1546.Ed 1547.Pp 1548These Subnet-Router anycast addresses will be added only when 1549.Va ipv6_gateway_enable 1550is YES. 1551.It Va ipv6_default_interface 1552.Pq Vt str 1553If not set to 1554.Dq Li NO , 1555this is the default output interface for scoped addresses. 1556This works only with ipv6_gateway_enable="NO". 1557.It Va ip6addrctl_enable 1558.Pq Vt bool 1559This variable is to enable configuring default address selection policy table 1560.Pq RFC 3484 . 1561The table can be specified in another variable 1562.Va ip6addrctl_policy . 1563For 1564.Va ip6addrctl_policy 1565the following keywords can be specified: 1566.Dq Li ipv4_prefer , 1567.Dq Li ipv6_prefer , 1568or 1569.Dq Li AUTO . 1570.Pp 1571If 1572.Dq Li ipv4_prefer 1573or 1574.Dq Li ipv6_prefer 1575is specified, 1576.Xr ip6addrctl 8 1577installs a pre-defined policy table described in Section 2.1 1578.Pq IPv6-preferred 1579or 10.3 1580.Pq IPv4-preferred 1581of RFC 3484. 1582.Pp 1583If 1584.Dq Li AUTO 1585is specified, it attempts to read a file 1586.Pa /etc/ip6addrctl.conf 1587first. 1588If this file is found, 1589.Xr ip6addrctl 8 1590reads and installs it. 1591If not found, a policy is automatically set 1592according to 1593.Va ipv6_activate_all_interfaces 1594variable; if the variable is set to 1595.Dq Li YES 1596the IPv6-preferred one is used. 1597Otherwise IPv4-preferred. 1598.Pp 1599The default value of 1600.Va ip6addrctl_enable 1601and 1602.Va ip6addrctl_policy 1603are 1604.Dq Li YES 1605and 1606.Dq Li AUTO , 1607respectively. 1608.It Va cloned_interfaces 1609.Pq Vt str 1610Set to the list of clonable network interfaces to create on this host. 1611Further cloning arguments may be passed to the 1612.Xr ifconfig 8 1613.Cm create 1614command for each interface by setting the 1615.Va create_args_ Ns Aq Ar interface 1616variable. 1617Entries in 1618.Va cloned_interfaces 1619are automatically appended to 1620.Va network_interfaces 1621for configuration. 1622.It Va fec_interfaces 1623.Pq Vt str 1624Set to the list of 1625.Xr ng_fec 4 1626Fast EtherChannel interfaces to configure on this host. 1627A 1628.Va fecconfig_ Ns Aq Ar interface 1629variable is assumed to exist for each value of 1630.Ar interface . 1631The value of this variable is used to configure link aggregated interfaces 1632according to the syntax of the 1633.Cm NGM_FEC_ADD_IFACE 1634to 1635.Xr ngctl 8 1636msg. 1637Additionally, this option ensures that each listed interface is created 1638via the 1639.Cm mkpeer 1640command to 1641.Xr ngctl 8 1642before attempting to configure it. 1643For example: 1644.Bd -literal 1645fec_interfaces="fec0" 1646fecconfig_fec0="em0 em1" 1647ifconfig_fec0="DHCP" 1648.Ed 1649.It Va gif_interfaces 1650.Pq Vt str 1651Set to the list of 1652.Xr gif 4 1653tunnel interfaces to configure on this host. 1654A 1655.Va gifconfig_ Ns Aq Ar interface 1656variable is assumed to exist for each value of 1657.Ar interface . 1658The value of this variable is used to configure the link layer of the 1659tunnel according to the syntax of the 1660.Cm tunnel 1661option to 1662.Xr ifconfig 8 . 1663Additionally, this option ensures that each listed interface is created 1664via the 1665.Cm create 1666option to 1667.Xr ifconfig 8 1668before attempting to configure it. 1669.It Va sppp_interfaces 1670.Pq Vt str 1671Set to the list of 1672.Xr sppp 4 1673interfaces to configure on this host. 1674A 1675.Va spppconfig_ Ns Aq Ar interface 1676variable is assumed to exist for each value of 1677.Ar interface . 1678Each interface should also be configured by a general 1679.Va ifconfig_ Ns Aq Ar interface 1680setting. 1681Refer to 1682.Xr spppcontrol 8 1683for more information about available options. 1684.It Va ppp_enable 1685.Pq Vt bool 1686If set to 1687.Dq Li YES , 1688run the 1689.Xr ppp 8 1690daemon. 1691.It Va ppp_profile 1692.Pq Vt str 1693The name of the profile to use from 1694.Pa /etc/ppp/ppp.conf . 1695Also used for per-profile overrides of 1696.Va ppp_mode 1697and 1698.Va ppp_nat , 1699and 1700.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1701When the profile name contains any of the characters 1702.Dq Li .-/+ 1703they are translated to 1704.Dq Li _ 1705for the proposes of the override variable names. 1706.It Va ppp_mode 1707.Pq Vt str 1708Mode in which to run the 1709.Xr ppp 8 1710daemon. 1711.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1712.Pq Vt str 1713Overrides the global 1714.Va ppp_mode 1715for 1716.Ar profile . 1717Accepted modes are 1718.Dq Li auto , 1719.Dq Li ddial , 1720.Dq Li direct 1721and 1722.Dq Li dedicated . 1723See the manual for a full description. 1724.It Va ppp_nat 1725.Pq Vt bool 1726If set to 1727.Dq Li YES , 1728enables network address translation. 1729Used in conjunction with 1730.Va gateway_enable 1731allows hosts on private network addresses access to the Internet using 1732this host as a network address translating router. 1733.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1734.Pq Vt str 1735Overrides the global 1736.Va ppp_nat 1737for 1738.Ar profile . 1739.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1740.Pq Vt int 1741Set the unit number to be used for this profile. 1742See the manual description of 1743.Fl unit Ns Ar N 1744for details. 1745.It Va ppp_user 1746.Pq Vt str 1747The name of the user under which 1748.Xr ppp 8 1749should be started. 1750By 1751default, 1752.Xr ppp 8 1753is started as 1754.Dq Li root . 1755.It Va rc_conf_files 1756.Pq Vt str 1757This option is used to specify a list of files that will override 1758the settings in 1759.Pa /etc/defaults/rc.conf . 1760The files will be read in the order in which they are specified and should 1761include the full path to the file. 1762By default, the files specified are 1763.Pa /etc/rc.conf 1764and 1765.Pa /etc/rc.conf.local 1766.It Va zfs_enable 1767.Pq Vt bool 1768If set to 1769.Dq Li YES , 1770.Pa /etc/rc.d/zfs 1771will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1772(ZVOLs). 1773.It Va gptboot_enable 1774.Pq Vt bool 1775If set to 1776.Dq Li YES , 1777.Pa /etc/rc.d/gptboot 1778will log if the system successfully (or not) booted from a GPT partition, 1779which had the 1780.Ar bootonce 1781attribute set using 1782.Xr gpart 8 1783utility. 1784.It Va gbde_autoattach_all 1785.Pq Vt bool 1786If set to 1787.Dq Li YES , 1788.Pa /etc/rc.d/gbde 1789will attempt to automatically initialize your .bde devices in 1790.Pa /etc/fstab . 1791.It Va gbde_devices 1792.Pq Vt str 1793List the devices that the script should try to attach, 1794or 1795.Dq Li AUTO . 1796.It Va gbde_lockdir 1797.Pq Vt str 1798The directory where the 1799.Xr gbde 4 1800lockfiles are located. 1801The default lockfile directory is 1802.Pa /etc . 1803.Pp 1804The lockfile for each individual 1805.Xr gbde 4 1806device can be overridden by setting the variable 1807.Va gbde_lock_ Ns Aq Ar device , 1808where 1809.Ar device 1810is the encrypted device without the 1811.Dq Pa /dev/ 1812and 1813.Dq Pa .bde 1814parts. 1815.It Va gbde_attach_attempts 1816.Pq Vt int 1817Number of times to attempt attaching to a 1818.Xr gbde 4 1819device, i.e., how many times the user is asked for the pass-phrase. 1820Default is 3. 1821.It Va geli_devices 1822.Pq Vt str 1823List of devices to automatically attach on boot. 1824Note that .eli devices from 1825.Pa /etc/fstab 1826are automatically appended to this list. 1827.It Va geli_tries 1828.Pq Vt int 1829Number of times user is asked for the pass-phrase. 1830If empty, it will be taken from 1831.Va kern.geom.eli.tries 1832sysctl variable. 1833.It Va geli_default_flags 1834.Pq Vt str 1835Default flags to use by 1836.Xr geli 8 1837when configuring disk encryption. 1838Flags can be configured for every device separately by defining 1839.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1840variable. 1841.It Va geli_autodetach 1842.Pq Vt str 1843Specifies if GELI devices should be marked for detach on last close after 1844file systems are mounted. 1845Default is 1846.Dq Li YES . 1847This can be changed for every device separately by defining 1848.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1849variable. 1850.It Va geli_swap_flags 1851Options passed to the 1852.Xr geli 8 1853utility when encrypted GEOM providers for swap partitions are created. 1854The default is 1855.Dq Li "-e aes -l 256 -s 4096 -d" . 1856.It Va root_rw_mount 1857.Pq Vt bool 1858Set to 1859.Dq Li YES 1860by default. 1861After the file systems are checked at boot time, the root file system 1862is remounted as read-write if this is set to 1863.Dq Li YES . 1864Diskless systems that mount their root file system from a read-only remote 1865NFS share should set this to 1866.Dq Li NO 1867in their 1868.Pa rc.conf . 1869.It Va fsck_y_enable 1870.Pq Vt bool 1871If set to 1872.Dq Li YES , 1873.Xr fsck 8 1874will be run with the 1875.Fl y 1876flag if the initial preen 1877of the file systems fails. 1878.It Va background_fsck 1879.Pq Vt bool 1880If set to 1881.Dq Li YES , 1882the system will attempt to run 1883.Xr fsck 8 1884in the background where possible. 1885.It Va background_fsck_delay 1886.Pq Vt int 1887The amount of time in seconds to sleep before starting a background 1888.Xr fsck 8 . 1889It defaults to sixty seconds to allow large applications such as 1890the X server to start before disk I/O bandwidth is monopolized by 1891.Xr fsck 8 . 1892If set to a negative number, the background file system check will be 1893delayed indefinitely to allow the administrator to run it at a more 1894convenient time. 1895For example it may be run from 1896.Xr cron 8 1897by adding a line like 1898.Pp 1899.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1900.Pp 1901to 1902.Pa /etc/crontab . 1903.It Va netfs_types 1904.Pq Vt str 1905List of file system types that are network-based. 1906This list should generally not be modified by end users. 1907Use 1908.Va extra_netfs_types 1909instead. 1910.It Va extra_netfs_types 1911.Pq Vt str 1912If set to something other than 1913.Dq Li NO 1914(the default), 1915this variable extends the list of file system types 1916for which automatic mounting at startup by 1917.Xr rc 8 1918should be delayed until the network is initialized. 1919It should contain 1920a whitespace-separated list of network file system descriptor pairs, 1921each consisting of a file system type as passed to 1922.Xr mount 8 1923and a human-readable, one-word description, 1924joined with a colon 1925.Pq Ql \&: . 1926Extending the default list in this way is only necessary 1927when third party file system types are used. 1928.It Va syslogd_enable 1929.Pq Vt bool 1930If set to 1931.Dq Li YES , 1932run the 1933.Xr syslogd 8 1934daemon. 1935.It Va syslogd_program 1936.Pq Vt str 1937Path to 1938.Xr syslogd 8 1939(default 1940.Pa /usr/sbin/syslogd ) . 1941.It Va syslogd_flags 1942.Pq Vt str 1943If 1944.Va syslogd_enable 1945is set to 1946.Dq Li YES , 1947these are the flags to pass to 1948.Xr syslogd 8 . 1949.It Va inetd_enable 1950.Pq Vt bool 1951If set to 1952.Dq Li YES , 1953run the 1954.Xr inetd 8 1955daemon. 1956.It Va inetd_program 1957.Pq Vt str 1958Path to 1959.Xr inetd 8 1960(default 1961.Pa /usr/sbin/inetd ) . 1962.It Va inetd_flags 1963.Pq Vt str 1964If 1965.Va inetd_enable 1966is set to 1967.Dq Li YES , 1968these are the flags to pass to 1969.Xr inetd 8 . 1970.It Va hastd_enable 1971.Pq Vt bool 1972If set to 1973.Dq Li YES , 1974run the 1975.Xr hastd 8 1976daemon. 1977.It Va hastd_program 1978.Pq Vt str 1979Path to 1980.Xr hastd 8 1981(default 1982.Pa /sbin/hastd ) . 1983.It Va hastd_flags 1984.Pq Vt str 1985If 1986.Va hastd_enable 1987is set to 1988.Dq Li YES , 1989these are the flags to pass to 1990.Xr hastd 8 . 1991.It Va named_enable 1992.Pq Vt bool 1993If set to 1994.Dq Li YES , 1995run the 1996.Xr named 8 1997daemon. 1998.It Va named_program 1999.Pq Vt str 2000Path to 2001.Xr named 8 2002(default 2003.Pa /usr/sbin/named ) . 2004.It Va named_conf 2005.Pq Vt str 2006Path to 2007.Xr named 8 2008configuration file, (default 2009.Pa /etc/namedb/named.conf ) . 2010.It Va named_flags 2011.Pq Vt str 2012If 2013.Va named_enable 2014is set to 2015.Dq Li YES , 2016these are the flags to pass to 2017.Xr named 8 . 2018.It Va named_uid 2019.Pq Vt str 2020The user that the 2021.Xr named 8 2022process should be run as. 2023.It Va named_chrootdir 2024.Pq Vt str 2025The root directory for a name server run in a 2026.Xr chroot 8 2027environment (default 2028.Pa /var/named ) . 2029If left empty 2030.Xr named 8 2031will not be run in a 2032.Xr chroot 8 2033environment. 2034.It Va named_chroot_autoupdate 2035.Pq Vt bool 2036Set to 2037.Dq Li NO 2038to disable automatic update of the 2039.Xr chroot 8 2040environment. 2041.It Va named_symlink_enable 2042.Pq Vt bool 2043Set to 2044.Dq Li NO 2045to disable symlinking of 2046daemon's PID file 2047into the 2048.Xr chroot 8 2049environment. 2050.It Va named_wait 2051.Pq Vt bool 2052Set to have 2053.Pa /etc/rc.d/named 2054loop until working name service is established. 2055.It Va named_wait_host 2056.Pq Vt str 2057Name of host to lookup for the named_wait option. 2058(Default localhost) 2059.It Va named_auto_forward 2060.Pq Vt bool 2061Set to enable automatic creation of a forwarder 2062configuration file derived from 2063.Pa /etc/resolv.conf . 2064.It Va named_auto_forward_only 2065.Pq Vt bool 2066Set to change the default forwarder configuration from 2067.Dq forward first 2068to 2069.Dq forward only . 2070.It Va kerberos5_server_enable 2071.Pq Vt bool 2072Set to 2073.Dq Li YES 2074to start a Kerberos 5 authentication server 2075at boot time. 2076.It Va kerberos5_server 2077.Pq Vt str 2078If 2079.Va kerberos5_server_enable 2080is set to 2081.Dq Li YES 2082this is the path to Kerberos 5 Authentication Server. 2083.It Va kerberos5_server_flags 2084.Pq Vt str 2085Empty by default. 2086This variable contains additional flags to be passed to the Kerberos 5 2087authentication server. 2088.It Va kadmind5_server_enable 2089.Pq Vt bool 2090Set to 2091.Dq Li YES 2092to start 2093.Xr kadmind 8 , 2094the Kerberos 5 Administration Daemon; set to 2095.Dq Li NO 2096on a slave server. 2097.It Va kadmind5_server 2098.Pq Vt str 2099If 2100.Va kadmind5_server_enable 2101is set to 2102.Dq Li YES 2103this is the path to Kerberos 5 Administration Daemon. 2104.It Va kpasswdd_server_enable 2105.Pq Vt bool 2106Set to 2107.Dq Li YES 2108to start 2109.Xr kpasswdd 8 , 2110the Kerberos 5 Password-Changing Daemon; set to 2111.Dq Li NO 2112on a slave server. 2113.It Va kpasswdd_server 2114.Pq Vt str 2115If 2116.Va kpasswdd_server_enable 2117is set to 2118.Dq Li YES 2119this is the path to Kerberos 5 Password-Changing Daemon. 2120.It Va kfd_enable 2121.Pq Vt bool 2122Set to 2123.Dq Li YES 2124to start 2125.Xr kfd 8 , 2126the Kerberos 5 ticket forwarding daemon, at the boot time. 2127.It Va kfd_program 2128.Pq Vt str 2129Path to 2130.Xr kfd 8 2131(default 2132.Pa /usr/libexec/kfd ) . 2133.It Va rwhod_enable 2134.Pq Vt bool 2135If set to 2136.Dq Li YES , 2137run the 2138.Xr rwhod 8 2139daemon at boot time. 2140.It Va rwhod_flags 2141.Pq Vt str 2142If 2143.Va rwhod_enable 2144is set to 2145.Dq Li YES , 2146these are the flags to pass to it. 2147.It Va amd_enable 2148.Pq Vt bool 2149If set to 2150.Dq Li YES , 2151run the 2152.Xr amd 8 2153daemon at boot time. 2154.It Va amd_flags 2155.Pq Vt str 2156If 2157.Va amd_enable 2158is set to 2159.Dq Li YES , 2160these are the flags to pass to it. 2161See the 2162.Xr amd 8 2163manpage for more information. 2164.It Va amd_map_program 2165.Pq Vt str 2166If set, 2167the specified program is run to get the list of 2168.Xr amd 8 2169maps. 2170For example, if the 2171.Xr amd 8 2172maps are stored in NIS, one can set this to 2173run 2174.Xr ypcat 1 2175to get a list of 2176.Xr amd 8 2177maps from the 2178.Pa amd.master 2179NIS map. 2180.It Va update_motd 2181.Pq Vt bool 2182If set to 2183.Dq Li YES , 2184.Pa /etc/motd 2185will be updated at boot time to reflect the kernel release 2186being run. 2187If set to 2188.Dq Li NO , 2189.Pa /etc/motd 2190will not be updated. 2191.It Va nfs_client_enable 2192.Pq Vt bool 2193If set to 2194.Dq Li YES , 2195run the NFS client daemons at boot time. 2196.It Va nfs_access_cache 2197.Pq Vt int 2198If 2199.Va nfs_client_enable 2200is set to 2201.Dq Li YES , 2202this can be set to 2203.Dq Li 0 2204to disable NFS ACCESS RPC caching, or to the number of seconds for which 2205NFS ACCESS 2206results should be cached. 2207A value of 2-10 seconds will substantially reduce network 2208traffic for many NFS operations. 2209.It Va nfs_server_enable 2210.Pq Vt bool 2211If set to 2212.Dq Li YES , 2213run the NFS server daemons at boot time. 2214.It Va nfs_server_flags 2215.Pq Vt str 2216If 2217.Va nfs_server_enable 2218is set to 2219.Dq Li YES , 2220these are the flags to pass to the 2221.Xr nfsd 8 2222daemon. 2223.It Va nfsv4_server_enable 2224.Pq Vt bool 2225If 2226.Va nfs_server_enable 2227is set to 2228.Dq Li YES 2229and 2230.Va nfsv4_server_enable 2231are set to 2232.Dq Li YES , 2233enable the server for NFSv4 as well as NFSv2 and NFSv3. 2234.It Va nfsuserd_enable 2235.Pq Vt bool 2236If 2237.Va nfsuserd_enable 2238is set to 2239.Dq Li YES , 2240run the nfsuserd daemon, which is needed for NFSv4 in order 2241to map between user/group names vs uid/gid numbers. 2242If 2243.Va nfsv4_server_enable 2244is set to 2245.Dq Li YES , 2246this will be forced enabled. 2247.It Va nfsuserd_flags 2248.Pq Vt str 2249If 2250.Va nfsuserd_enable 2251is set to 2252.Dq Li YES , 2253these are the flags to pass to the 2254.Xr nfsuserd 8 2255daemon. 2256.It Va nfscbd_enable 2257.Pq Vt bool 2258If 2259.Va nfscbd_enable 2260is set to 2261.Dq Li YES , 2262run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2263.It Va nfscbd_flags 2264.Pq Vt str 2265If 2266.Va nfscbd_enable 2267is set to 2268.Dq Li YES , 2269these are the flags to pass to the 2270.Xr nfscbd 8 2271daemon. 2272.It Va oldnfs_server_enable 2273.Pq Vt bool 2274If 2275.Va oldnfs_server_enable 2276is set to 2277.Dq Li YES , 2278force the NFS server daemons to run the old NFS server code 2279that does not support NFSv4. 2280.It Va mountd_enable 2281.Pq Vt bool 2282If set to 2283.Dq Li YES , 2284and no 2285.Va nfs_server_enable 2286is set, start 2287.Xr mountd 8 , 2288but not 2289.Xr nfsd 8 2290daemon. 2291It is commonly needed to run CFS without real NFS used. 2292.It Va mountd_flags 2293.Pq Vt str 2294If 2295.Va mountd_enable 2296is set to 2297.Dq Li YES , 2298these are the flags to pass to the 2299.Xr mountd 8 2300daemon. 2301.It Va weak_mountd_authentication 2302.Pq Vt bool 2303If set to 2304.Dq Li YES , 2305allow services like PCNFSD to make non-privileged mount 2306requests. 2307.It Va nfs_reserved_port_only 2308.Pq Vt bool 2309If set to 2310.Dq Li YES , 2311provide NFS services only on a secure port. 2312.It Va nfs_bufpackets 2313.Pq Vt int 2314If set to a number, indicates the number of packets worth of 2315socket buffer space to reserve on an NFS client. 2316The kernel default is typically 4. 2317Using a higher number may be 2318useful on gigabit networks to improve performance. 2319The minimum value is 23202 and the maximum is 64. 2321.It Va rpc_lockd_enable 2322.Pq Vt bool 2323If set to 2324.Dq Li YES 2325and also an NFS server or client, run 2326.Xr rpc.lockd 8 2327at boot time. 2328.It Va rpc_lockd_flags 2329.Pq Vt str 2330If 2331.Va rpc_lockd_enable 2332is set to 2333.Dq Li YES , 2334these are the flags to pass to the 2335.Xr rpc.lockd 8 2336daemon. 2337.It Va rpc_statd_enable 2338.Pq Vt bool 2339If set to 2340.Dq Li YES 2341and also an NFS server or client, run 2342.Xr rpc.statd 8 2343at boot time. 2344.It Va rpc_statd_flags 2345.Pq Vt str 2346If 2347.Va rpc_statd_enable 2348is set to 2349.Dq Li YES , 2350these are the flags to pass to the 2351.Xr rpc.statd 8 2352daemon. 2353.It Va rpcbind_program 2354.Pq Vt str 2355Path to 2356.Xr rpcbind 8 2357(default 2358.Pa /usr/sbin/rpcbind ) . 2359.It Va rpcbind_enable 2360.Pq Vt bool 2361If set to 2362.Dq Li YES , 2363run the 2364.Xr rpcbind 8 2365service at boot time. 2366.It Va rpcbind_flags 2367.Pq Vt str 2368If 2369.Va rpcbind_enable 2370is set to 2371.Dq Li YES , 2372these are the flags to pass to the 2373.Xr rpcbind 8 2374daemon. 2375.It Va keyserv_enable 2376.Pq Vt bool 2377If set to 2378.Dq Li YES , 2379run the 2380.Xr keyserv 8 2381daemon on boot for running Secure RPC. 2382.It Va keyserv_flags 2383.Pq Vt str 2384If 2385.Va keyserv_enable 2386is set to 2387.Dq Li YES , 2388these are the flags to pass to 2389.Xr keyserv 8 2390daemon. 2391.It Va pppoed_enable 2392.Pq Vt bool 2393If set to 2394.Dq Li YES , 2395run the 2396.Xr pppoed 8 2397daemon at boot time to provide PPP over Ethernet services. 2398.It Va pppoed_ Ns Aq Ar provider 2399.Pq Vt str 2400.Xr pppoed 8 2401listens to requests to this 2402.Ar provider 2403and ultimately runs 2404.Xr ppp 8 2405with a 2406.Ar system 2407argument of the same name. 2408.It Va pppoed_flags 2409.Pq Vt str 2410Additional flags to pass to 2411.Xr pppoed 8 . 2412.It Va pppoed_interface 2413.Pq Vt str 2414The network interface to run 2415.Xr pppoed 8 2416on. 2417This is mandatory when 2418.Va pppoed_enable 2419is set to 2420.Dq Li YES . 2421.It Va timed_enable 2422.Pq Vt bool 2423If set to 2424.Dq Li YES , 2425run the 2426.Xr timed 8 2427service at boot time. 2428This command is intended for networks of 2429machines where a consistent 2430.Dq "network time" 2431for all hosts must be established. 2432This is often useful in large NFS 2433environments where time stamps on files are expected to be consistent 2434network-wide. 2435.It Va timed_flags 2436.Pq Vt str 2437If 2438.Va timed_enable 2439is set to 2440.Dq Li YES , 2441these are the flags to pass to the 2442.Xr timed 8 2443service. 2444.It Va ntpdate_enable 2445.Pq Vt bool 2446If set to 2447.Dq Li YES , 2448run 2449.Xr ntpdate 8 2450at system startup. 2451This command is intended to 2452synchronize the system clock only 2453.Em once 2454from some standard reference. 2455An option to set this up initially 2456(from a list of known servers) is also provided by the 2457.Xr sysinstall 8 2458program when the system is first installed. 2459.It Va ntpdate_config 2460.Pq Vt str 2461Configuration file for 2462.Xr ntpdate 8 . 2463Default 2464.Pa /etc/ntp.conf . 2465.It Va ntpdate_hosts 2466.Pq Vt str 2467A whitespace-separated list of NTP servers to synchronize with at startup. 2468The default is to use the servers listed in 2469.Va ntpdate_config , 2470if that file exists. 2471.It Va ntpdate_program 2472.Pq Vt str 2473Path to 2474.Xr ntpdate 8 2475(default 2476.Pa /usr/sbin/ntpdate ) . 2477.It Va ntpdate_flags 2478.Pq Vt str 2479If 2480.Va ntpdate_enable 2481is set to 2482.Dq Li YES , 2483these are the flags to pass to the 2484.Xr ntpdate 8 2485command (typically a hostname). 2486.It Va ntpd_enable 2487.Pq Vt bool 2488If set to 2489.Dq Li YES , 2490run the 2491.Xr ntpd 8 2492command at boot time. 2493.It Va ntpd_program 2494.Pq Vt str 2495Path to 2496.Xr ntpd 8 2497(default 2498.Pa /usr/sbin/ntpd ) . 2499.It Va ntpd_config 2500.Pq Vt str 2501Path to 2502.Xr ntpd 8 2503configuration file. 2504Default 2505.Pa /etc/ntp.conf . 2506.It Va ntpd_flags 2507.Pq Vt str 2508If 2509.Va ntpd_enable 2510is set to 2511.Dq Li YES , 2512these are the flags to pass to the 2513.Xr ntpd 8 2514daemon. 2515.It Va ntpd_sync_on_start 2516.Pq Vt bool 2517If set to 2518.Dq Li YES , 2519.Xr ntpd 8 2520is run with the 2521.Fl g 2522flag, which syncs the system's clock on startup. 2523See 2524.Xr ntpd 8 2525for more information regarding the 2526.Fl g 2527option. 2528This is a preferred alternative to using 2529.Xr ntpdate 8 2530or specifying the 2531.Va ntpdate_enable 2532variable. 2533.It Va nis_client_enable 2534.Pq Vt bool 2535If set to 2536.Dq Li YES , 2537run the 2538.Xr ypbind 8 2539service at system boot time. 2540.It Va nis_client_flags 2541.Pq Vt str 2542If 2543.Va nis_client_enable 2544is set to 2545.Dq Li YES , 2546these are the flags to pass to the 2547.Xr ypbind 8 2548service. 2549.It Va nis_ypset_enable 2550.Pq Vt bool 2551If set to 2552.Dq Li YES , 2553run the 2554.Xr ypset 8 2555daemon at system boot time. 2556.It Va nis_ypset_flags 2557.Pq Vt str 2558If 2559.Va nis_ypset_enable 2560is set to 2561.Dq Li YES , 2562these are the flags to pass to the 2563.Xr ypset 8 2564daemon. 2565.It Va nis_server_enable 2566.Pq Vt bool 2567If set to 2568.Dq Li YES , 2569run the 2570.Xr ypserv 8 2571daemon at system boot time. 2572.It Va nis_server_flags 2573.Pq Vt str 2574If 2575.Va nis_server_enable 2576is set to 2577.Dq Li YES , 2578these are the flags to pass to the 2579.Xr ypserv 8 2580daemon. 2581.It Va nis_ypxfrd_enable 2582.Pq Vt bool 2583If set to 2584.Dq Li YES , 2585run the 2586.Xr rpc.ypxfrd 8 2587daemon at system boot time. 2588.It Va nis_ypxfrd_flags 2589.Pq Vt str 2590If 2591.Va nis_ypxfrd_enable 2592is set to 2593.Dq Li YES , 2594these are the flags to pass to the 2595.Xr rpc.ypxfrd 8 2596daemon. 2597.It Va nis_yppasswdd_enable 2598.Pq Vt bool 2599If set to 2600.Dq Li YES , 2601run the 2602.Xr rpc.yppasswdd 8 2603daemon at system boot time. 2604.It Va nis_yppasswdd_flags 2605.Pq Vt str 2606If 2607.Va nis_yppasswdd_enable 2608is set to 2609.Dq Li YES , 2610these are the flags to pass to the 2611.Xr rpc.yppasswdd 8 2612daemon. 2613.It Va rpc_ypupdated_enable 2614.Pq Vt bool 2615If set to 2616.Dq Li YES , 2617run the 2618.Nm rpc.ypupdated 2619daemon at system boot time. 2620.It Va bsnmpd_enable 2621.Pq Vt bool 2622If set to 2623.Dq Li YES , 2624run the 2625.Xr bsnmpd 1 2626daemon at system boot time. 2627Be sure to understand the security implications of running SNMP daemon 2628on your host. 2629.It Va bsnmpd_flags 2630.Pq Vt str 2631If 2632.Va bsnmpd_enable 2633is set to 2634.Dq Li YES , 2635these are the flags to pass to the 2636.Xr bsnmpd 1 2637daemon. 2638.It Va defaultrouter 2639.Pq Vt str 2640If not set to 2641.Dq Li NO , 2642create a default route to this host name or IP address 2643(use an IP address if this router is also required to get to the 2644name server!). 2645.It Va ipv6_defaultrouter 2646.Pq Vt str 2647The IPv6 equivalent of 2648.Va defaultrouter . 2649.It Va static_arp_pairs 2650.Pq Vt str 2651Set to the list of static ARP pairs that are to be added at system 2652boot time. 2653For each whitespace separated 2654.Ar element 2655in the value, a 2656.Va static_arp_ Ns Aq Ar element 2657variable is assumed to exist whose contents will later be passed to a 2658.Dq Nm arp Cm -S 2659operation. 2660For example 2661.Bd -literal 2662static_arp_pairs="gw" 2663static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2664.Ed 2665.It Va static_ndp_pairs 2666.Pq Vt str 2667Set to the list of static NDP pairs that are to be added at system 2668boot time. 2669For each whitespace separated 2670.Ar element 2671in the value, a 2672.Va static_ndp_ Ns Aq Ar element 2673variable is assumed to exist whose contents will later be passed to a 2674.Dq Nm ndp Cm -s 2675operation. 2676For example 2677.Bd -literal 2678static_ndp_pairs="gw" 2679static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2680.Ed 2681.It Va static_routes 2682.Pq Vt str 2683Set to the list of static routes that are to be added at system 2684boot time. 2685If not set to 2686.Dq Li NO 2687then for each whitespace separated 2688.Ar element 2689in the value, a 2690.Va route_ Ns Aq Ar element 2691variable is assumed to exist 2692whose contents will later be passed to a 2693.Dq Nm route Cm add 2694operation. 2695For example: 2696.Bd -literal 2697static_routes="mcast gif0local" 2698route_mcast="-net 224.0.0.0/4 -iface gif0" 2699route_gif0local="-host 169.254.1.1 -iface lo0" 2700.Ed 2701.It Va ipv6_static_routes 2702.Pq Vt str 2703The IPv6 equivalent of 2704.Va static_routes . 2705If not set to 2706.Dq Li NO 2707then for each whitespace separated 2708.Ar element 2709in the value, a 2710.Va ipv6_route_ Ns Aq Ar element 2711variable is assumed to exist 2712whose contents will later be passed to a 2713.Dq Nm route Cm add Fl inet6 2714operation. 2715.It Va natm_static_routes 2716.Pq Vt str 2717The 2718.Xr natmip 4 2719equivalent of 2720.Va static_routes . 2721If not empty then for each whitespace separated 2722.Ar element 2723in the value, a 2724.Va route_ Ns Aq Ar element 2725variable is assumed to exist whose contents will later be passed to a 2726.Dq Nm atmconfig Cm natm Cm add 2727operation. 2728.It Va gateway_enable 2729.Pq Vt bool 2730If set to 2731.Dq Li YES , 2732configure host to act as an IP router, e.g.\& to forward packets 2733between interfaces. 2734.It Va ipv6_gateway_enable 2735.Pq Vt bool 2736The IPv6 equivalent of 2737.Va gateway_enable . 2738.It Va routed_enable 2739.Pq Vt bool 2740If set to 2741.Dq Li YES , 2742run a routing daemon of some sort, based on the 2743settings of 2744.Va routed_program 2745and 2746.Va routed_flags . 2747.It Va route6d_enable 2748.Pq Vt bool 2749The IPv6 equivalent of 2750.Va routed_enable . 2751If set to 2752.Dq Li YES , 2753run a routing daemon of some sort, based on the 2754settings of 2755.Va route6d_program 2756and 2757.Va route6d_flags . 2758.It Va routed_program 2759.Pq Vt str 2760If 2761.Va routed_enable 2762is set to 2763.Dq Li YES , 2764this is the name of the routing daemon to use. 2765.It Va route6d_program 2766.Pq Vt str 2767The IPv6 equivalent of 2768.Va routed_program . 2769.It Va routed_flags 2770.Pq Vt str 2771If 2772.Va routed_enable 2773is set to 2774.Dq Li YES , 2775these are the flags to pass to the routing daemon. 2776.It Va route6d_flags 2777.Pq Vt str 2778The IPv6 equivalent of 2779.Va routed_flags . 2780.It Va mrouted_enable 2781.Pq Vt bool 2782If set to 2783.Dq Li YES , 2784run the multicast routing daemon, 2785.Xr mrouted 8 . 2786.It Va mroute6d_enable 2787.Pq Vt bool 2788The IPv6 equivalent of 2789.Va mrouted_enable . 2790If set to 2791.Dq Li YES , 2792run the IPv6 multicast routing daemon. 2793.Pp 2794Note that multicast routing daemons are no longer included in the 2795.Fx 2796base system, however, both 2797.Xr mrouted 8 2798and 2799.Xr pim6dd 8 2800may be installed from the 2801.Fx 2802Ports Collection. 2803.It Va mrouted_flags 2804.Pq Vt str 2805If 2806.Va mrouted_enable 2807is set to 2808.Dq Li YES , 2809these are the flags to pass to the 2810.Xr mrouted 8 2811daemon. 2812.It Va mroute6d_flags 2813.Pq Vt str 2814The IPv6 equivalent of 2815.Va mrouted_flags . 2816If 2817.Va mroute6d_enable 2818is set to 2819.Dq Li YES , 2820these are the flags passed to the IPv6 multicast routing daemon. 2821.It Va mroute6d_program 2822.Pq Vt str 2823If 2824.Va mroute6d_enable 2825is set to 2826.Dq Li YES , 2827this is the path to the IPv6 multicast routing daemon. 2828.It Va rtadvd_enable 2829.Pq Vt bool 2830If set to 2831.Dq Li YES , 2832run the 2833.Xr rtadvd 8 2834daemon at boot time. 2835The 2836.Xr rtadvd 8 2837utility sends ICMPv6 Router Advertisement messages to 2838the interfaces specified in 2839.Va rtadvd_interfaces . 2840This should only be enabled with great care. 2841You may want to fine-tune 2842.Xr rtadvd.conf 5 . 2843.It Va rtadvd_interfaces 2844.Pq Vt str 2845If 2846.Va rtadvd_enable 2847is set to 2848.Dq Li YES 2849this is the list of interfaces to use. 2850.It Va ipxgateway_enable 2851.Pq Vt bool 2852If set to 2853.Dq Li YES , 2854enable the routing of IPX traffic. 2855.It Va ipxrouted_enable 2856.Pq Vt bool 2857If set to 2858.Dq Li YES , 2859run the 2860.Xr IPXrouted 8 2861daemon at system boot time. 2862.It Va ipxrouted_flags 2863.Pq Vt str 2864If 2865.Va ipxrouted_enable 2866is set to 2867.Dq Li YES , 2868these are the flags to pass to the 2869.Xr IPXrouted 8 2870daemon. 2871.It Va arpproxy_all 2872.Pq Vt bool 2873If set to 2874.Dq Li YES , 2875enable global proxy ARP. 2876.It Va forward_sourceroute 2877.Pq Vt bool 2878If set to 2879.Dq Li YES 2880and 2881.Va gateway_enable 2882is also set to 2883.Dq Li YES , 2884source-routed packets are forwarded. 2885.It Va accept_sourceroute 2886.Pq Vt bool 2887If set to 2888.Dq Li YES , 2889the system will accept source-routed packets directed at it. 2890.It Va rarpd_enable 2891.Pq Vt bool 2892If set to 2893.Dq Li YES , 2894run the 2895.Xr rarpd 8 2896daemon at system boot time. 2897.It Va rarpd_flags 2898.Pq Vt str 2899If 2900.Va rarpd_enable 2901is set to 2902.Dq Li YES , 2903these are the flags to pass to the 2904.Xr rarpd 8 2905daemon. 2906.It Va bootparamd_enable 2907.Pq Vt bool 2908If set to 2909.Dq Li YES , 2910run the 2911.Xr bootparamd 8 2912daemon at system boot time. 2913.It Va bootparamd_flags 2914.Pq Vt str 2915If 2916.Va bootparamd_enable 2917is set to 2918.Dq Li YES , 2919these are the flags to pass to the 2920.Xr bootparamd 8 2921daemon. 2922.It Va stf_interface_ipv4addr 2923.Pq Vt str 2924If not set to 2925.Dq Li NO , 2926this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2927interface). 2928Specify this entry to enable the 6to4 interface. 2929.It Va stf_interface_ipv4plen 2930.Pq Vt int 2931Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2932An effective value is 0-31. 2933.It Va stf_interface_ipv6_ifid 2934.Pq Vt str 2935IPv6 interface ID for 2936.Xr stf 4 . 2937This can be set to 2938.Dq Li AUTO . 2939.It Va stf_interface_ipv6_slaid 2940.Pq Vt str 2941IPv6 Site Level Aggregator for 2942.Xr stf 4 . 2943.It Va ipv6_faith_prefix 2944.Pq Vt str 2945If not set to 2946.Dq Li NO , 2947this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2948translator. 2949You also need 2950.Xr faithd 8 2951setup. 2952.It Va ipv6_ipv4mapping 2953.Pq Vt bool 2954If set to 2955.Dq Li YES 2956this enables IPv4 mapped IPv6 address communication (like 2957.Li ::ffff:a.b.c.d ) . 2958.It Va rtsold_enable 2959.Pq Vt bool 2960Set to 2961.Dq Li YES 2962to enable the 2963.Xr rtsold 8 2964daemon to send ICMPv6 Router Solicitation messages. 2965.It Va rtsold_flags 2966.Pq Vt str 2967If 2968.Va rtsold_enable 2969is set to 2970.Dq Li YES , 2971these are the flags to pass to 2972.Xr rtsold 8 . 2973.It Va rtsol_flags 2974.Pq Vt str 2975For interfaces configured with the 2976.Dq Li inet6 accept_rtadv 2977keyword, these are the flags to pass to 2978.Xr rtsol 8 . 2979.Pp 2980Note that 2981.Va rtsold_enable 2982is mutually exclusive to 2983.Va rtsol_flags ; 2984.Va rtsold_enable 2985takes precedence. 2986.It Va atm_enable 2987.Pq Vt bool 2988Set to 2989.Dq Li YES 2990to enable the configuration of ATM interfaces at system boot time. 2991For all of the ATM variables described below, please refer to the 2992.Xr atm 8 2993manual page for further details on the available command parameters. 2994Also refer to the files in 2995.Pa /usr/share/examples/atm 2996for more detailed configuration information. 2997.It Va atm_load 2998.Pq Vt str 2999This is a list of physical ATM interface drivers to load. 3000Typical values are 3001.Dq Li hfa_pci 3002and/or 3003.Dq Li hea_pci . 3004.It Va atm_netif_ Ns Aq Ar intf 3005.Pq Vt str 3006For the ATM physical interface 3007.Ar intf , 3008this variable defines the name prefix and count for the ATM network 3009interfaces to be created. 3010The value will be passed as the parameters of an 3011.Dq Nm atm Cm "set netif" Ar intf 3012command. 3013.It Va atm_sigmgr_ Ns Aq Ar intf 3014.Pq Vt str 3015For the ATM physical interface 3016.Ar intf , 3017this variable defines the ATM signalling manager to be used. 3018The value will be passed as the parameters of an 3019.Dq Nm atm Cm attach Ar intf 3020command. 3021.It Va atm_prefix_ Ns Aq Ar intf 3022.Pq Vt str 3023For the ATM physical interface 3024.Ar intf , 3025this variable defines the NSAP prefix for interfaces using a UNI signalling 3026manager. 3027If set to 3028.Dq Li ILMI , 3029the prefix will automatically be set via the 3030.Xr ilmid 8 3031daemon. 3032Otherwise, the value will be passed as the parameters of an 3033.Dq Nm atm Cm "set prefix" Ar intf 3034command. 3035.It Va atm_macaddr_ Ns Aq Ar intf 3036.Pq Vt str 3037For the ATM physical interface 3038.Ar intf , 3039this variable defines the MAC address for interfaces using a UNI signalling 3040manager. 3041If set to 3042.Dq Li NO , 3043the hardware MAC address contained in the ATM interface card will be used. 3044Otherwise, the value will be passed as the parameters of an 3045.Dq Nm atm Cm "set mac" Ar intf 3046command. 3047.It Va atm_arpserver_ Ns Aq Ar netif 3048.Pq Vt str 3049For the ATM network interface 3050.Ar netif , 3051this variable defines the ATM address for a host which is to provide ATMARP 3052service. 3053This variable is only applicable to interfaces using a UNI signalling 3054manager. 3055If set to 3056.Dq Li local , 3057this host will become an ATMARP server. 3058The value will be passed as the parameters of an 3059.Dq Nm atm Cm "set arpserver" Ar netif 3060command. 3061.It Va atm_scsparp_ Ns Aq Ar netif 3062.Pq Vt bool 3063If set to 3064.Dq Li YES , 3065SCSP/ATMARP service for the network interface 3066.Ar netif 3067will be initiated using the 3068.Xr scspd 8 3069and 3070.Xr atmarpd 8 3071daemons. 3072This variable is only applicable if 3073.Va atm_arpserver_ Ns Aq Ar netif 3074is set to 3075.Dq Li local . 3076.It Va atm_pvcs 3077.Pq Vt str 3078Set to the list of ATM PVCs to be added at system 3079boot time. 3080For each whitespace separated 3081.Ar element 3082in the value, an 3083.Va atm_pvc_ Ns Aq Ar element 3084variable is assumed to exist. 3085The value of each of these variables 3086will be passed as the parameters of an 3087.Dq Nm atm Cm "add pvc" 3088command. 3089.It Va atm_arps 3090.Pq Vt str 3091Set to the list of permanent ATM ARP entries to be added 3092at system boot time. 3093For each whitespace separated 3094.Ar element 3095in the value, an 3096.Va atm_arp_ Ns Aq Ar element 3097variable is assumed to exist. 3098The value of each of these variables 3099will be passed as the parameters of an 3100.Dq Nm atm Cm "add arp" 3101command. 3102.It Va natm_interfaces 3103.Pq Vt str 3104Set to the list of 3105.Xr natm 4 3106interfaces that will also be used for HARP through 3107.Xr harp 4 . 3108If this list is not empty all interfaces in the list will be brought up 3109with 3110.Xr ifconfig 8 3111and 3112.Xr harp 4 3113will be loaded. 3114For this to work the interface drivers must be either compiled into the 3115kernel or must reside on the root partition. 3116.It Va keybell 3117.Pq Vt str 3118The keyboard bell sound. 3119Set to 3120.Dq Li normal , 3121.Dq Li visual , 3122.Dq Li off , 3123or 3124.Dq Li NO 3125if the default behavior is desired. 3126For details, refer to the 3127.Xr kbdcontrol 1 3128manpage. 3129.It Va keyboard 3130.Pq Vt str 3131If set to a non-null string, the virtual console's keyboard input is 3132set to this device. 3133.It Va keymap 3134.Pq Vt str 3135If set to 3136.Dq Li NO , 3137no keymap is installed, otherwise the value is used to install 3138the keymap file in 3139.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3140.It Va keyrate 3141.Pq Vt str 3142The keyboard repeat speed. 3143Set to 3144.Dq Li slow , 3145.Dq Li normal , 3146.Dq Li fast , 3147or 3148.Dq Li NO 3149if the default behavior is desired. 3150.It Va keychange 3151.Pq Vt str 3152If not set to 3153.Dq Li NO , 3154attempt to program the function keys with the value. 3155The value should 3156be a single string of the form: 3157.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3158.It Va cursor 3159.Pq Vt str 3160Can be set to the value of 3161.Dq Li normal , 3162.Dq Li blink , 3163.Dq Li destructive , 3164or 3165.Dq Li NO 3166to set the cursor behavior explicitly or choose the default behavior. 3167.It Va scrnmap 3168.Pq Vt str 3169If set to 3170.Dq Li NO , 3171no screen map is installed, otherwise the value is used to install 3172the screen map file in 3173.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3174.It Va font8x16 3175.Pq Vt str 3176If set to 3177.Dq Li NO , 3178the default 8x16 font value is used for screen size requests, otherwise 3179the value in 3180.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3181is used. 3182.It Va font8x14 3183.Pq Vt str 3184If set to 3185.Dq Li NO , 3186the default 8x14 font value is used for screen size requests, otherwise 3187the value in 3188.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3189is used. 3190.It Va font8x8 3191.Pq Vt str 3192If set to 3193.Dq Li NO , 3194the default 8x8 font value is used for screen size requests, otherwise 3195the value in 3196.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3197is used. 3198.It Va blanktime 3199.Pq Vt int 3200If set to 3201.Dq Li NO , 3202the default screen blanking interval is used, otherwise it is set 3203to 3204.Ar value 3205seconds. 3206.It Va saver 3207.Pq Vt str 3208If not set to 3209.Dq Li NO , 3210this is the actual screen saver to use 3211.Li ( blank , snake , daemon , 3212etc). 3213.It Va moused_nondefault_enable 3214.Pq Vt str 3215If set to 3216.Dq Li NO , 3217the mouse device specified on 3218the command line is not automatically treated as enabled by the 3219.Pa /etc/rc.d/moused 3220script. 3221Having this variable set to 3222.Dq Li YES 3223allows a 3224.Xr usb 4 3225mouse, 3226for example, 3227to be enabled as soon as it is plugged in. 3228.It Va moused_enable 3229.Pq Vt str 3230If set to 3231.Dq Li YES , 3232the 3233.Xr moused 8 3234daemon is started for doing cut/paste selection on the console. 3235.It Va moused_type 3236.Pq Vt str 3237This is the protocol type of the mouse connected to this host. 3238This variable must be set if 3239.Va moused_enable 3240is set to 3241.Dq Li YES . 3242The 3243.Xr moused 8 3244daemon 3245is able to detect the appropriate mouse type automatically in many cases. 3246Set this variable to 3247.Dq Li auto 3248to let the daemon detect it, or 3249select one from the following list if the automatic detection fails. 3250.Pp 3251If the mouse is attached to the PS/2 mouse port, choose 3252.Dq Li auto 3253or 3254.Dq Li ps/2 , 3255regardless of the brand and model of the mouse. 3256Likewise, if the 3257mouse is attached to the bus mouse port, choose 3258.Dq Li auto 3259or 3260.Dq Li busmouse . 3261All other protocols are for serial mice and will not work with 3262the PS/2 and bus mice. 3263If this is a USB mouse, 3264.Dq Li auto 3265is the only protocol type which will work. 3266.Pp 3267.Bl -tag -width ".Li x10mouseremote" -compact 3268.It Li microsoft 3269Microsoft mouse (serial) 3270.It Li intellimouse 3271Microsoft IntelliMouse (serial) 3272.It Li mousesystems 3273Mouse systems Corp.\& mouse (serial) 3274.It Li mmseries 3275MM Series mouse (serial) 3276.It Li logitech 3277Logitech mouse (serial) 3278.It Li busmouse 3279A bus mouse 3280.It Li mouseman 3281Logitech MouseMan and TrackMan (serial) 3282.It Li glidepoint 3283ALPS GlidePoint (serial) 3284.It Li thinkingmouse 3285Kensington ThinkingMouse (serial) 3286.It Li ps/2 3287PS/2 mouse 3288.It Li mmhittab 3289MM HitTablet (serial) 3290.It Li x10mouseremote 3291X10 MouseRemote (serial) 3292.It Li versapad 3293Interlink VersaPad (serial) 3294.El 3295.Pp 3296Even if the mouse is not in the above list, it may be compatible 3297with one in the list. 3298Refer to the manual page for 3299.Xr moused 8 3300for compatibility information. 3301.Pp 3302It should also be noted that while this is enabled, any 3303other client of the mouse (such as an X server) should access 3304the mouse through the virtual mouse device, 3305.Pa /dev/sysmouse , 3306and configure it as a 3307.Dq Li sysmouse 3308type mouse, since all 3309mouse data is converted to this single canonical format when 3310using 3311.Xr moused 8 . 3312If the client program does not support the 3313.Dq Li sysmouse 3314type, 3315specify the 3316.Dq Li mousesystems 3317type. 3318It is the second preferred type. 3319.It Va moused_port 3320.Pq Vt str 3321If 3322.Va moused_enable 3323is set to 3324.Dq Li YES , 3325this is the actual port the mouse is on. 3326It might be 3327.Pa /dev/cuau0 3328for a COM1 serial mouse, 3329.Pa /dev/psm0 3330for a PS/2 mouse or 3331.Pa /dev/mse0 3332for a bus mouse, for example. 3333.It Va moused_flags 3334.Pq Vt str 3335If 3336.Va moused_flags 3337is set, its value is used as an additional set of flags to pass to the 3338.Xr moused 8 3339daemon. 3340.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3341When 3342.Va moused_nondefault_enable 3343is enabled, and a 3344.Xr moused 8 3345daemon is started for a non-default port, the 3346.Va "moused_" Ns Ar XXX Ns Va "_flags" 3347set of options has precedence over and replaces the default 3348.Va moused_flags 3349(where 3350.Ar XXX 3351is the name of the non-default port, i.e.,\& 3352.Ar ums0 ) . 3353By setting 3354.Va "moused_" Ns Ar XXX Ns Va "_flags" 3355it is possible to set up a different set of default flags for each 3356.Xr moused 8 3357instance. 3358For example, you can use 3359.Dq Li "-3" 3360for the default 3361.Va moused_flags 3362to make your laptop's touchpad more comfortable to use, 3363but an empty set of options for 3364.Va moused_ums0_flags 3365when your 3366.Xr usb 4 3367mouse has three or more buttons. 3368.It Va mousechar_start 3369.Pq Vt int 3370If set to 3371.Dq Li NO , 3372the default mouse cursor character range 3373.Li 0xd0 Ns - Ns Li 0xd3 3374is used, 3375otherwise the range start is set 3376to 3377.Ar value 3378character, see 3379.Xr vidcontrol 1 . 3380Use if the default range is occupied in the language code table. 3381.It Va allscreens_flags 3382.Pq Vt str 3383If set, 3384.Xr vidcontrol 1 3385is run with these options for each of the virtual terminals 3386.Pq Pa /dev/ttyv* . 3387For example, 3388.Dq Fl m Cm on 3389will enable the mouse pointer on all virtual terminals 3390if 3391.Va moused_enable 3392is set to 3393.Dq Li YES . 3394.It Va allscreens_kbdflags 3395.Pq Vt str 3396If set, 3397.Xr kbdcontrol 1 3398is run with these options for each of the virtual terminals 3399.Pq Pa /dev/ttyv* . 3400For example, 3401.Dq Fl h Li 200 3402will set the 3403.Xr syscons 4 3404scrollback (history) buffer to 200 lines. 3405.It Va cron_enable 3406.Pq Vt bool 3407If set to 3408.Dq Li YES , 3409run the 3410.Xr cron 8 3411daemon at system boot time. 3412.It Va cron_program 3413.Pq Vt str 3414Path to 3415.Xr cron 8 3416(default 3417.Pa /usr/sbin/cron ) . 3418.It Va cron_flags 3419.Pq Vt str 3420If 3421.Va cron_enable 3422is set to 3423.Dq Li YES , 3424these are the flags to pass to 3425.Xr cron 8 . 3426.It Va cron_dst 3427.Pq Vt bool 3428If set to 3429.Dq Li YES , 3430enable the special handling of transitions to and from the 3431Daylight Saving Time in 3432.Xr cron 8 3433(equivalent to using the flag 3434.Fl s ) . 3435.It Va lpd_program 3436.Pq Vt str 3437Path to 3438.Xr lpd 8 3439(default 3440.Pa /usr/sbin/lpd ) . 3441.It Va lpd_enable 3442.Pq Vt bool 3443If set to 3444.Dq Li YES , 3445run the 3446.Xr lpd 8 3447daemon at system boot time. 3448.It Va lpd_flags 3449.Pq Vt str 3450If 3451.Va lpd_enable 3452is set to 3453.Dq Li YES , 3454these are the flags to pass to the 3455.Xr lpd 8 3456daemon. 3457.It Va chkprintcap_enable 3458.Pq Vt bool 3459If set to 3460.Dq Li YES , 3461run the 3462.Xr chkprintcap 8 3463command before starting the 3464.Xr lpd 8 3465daemon. 3466.It Va chkprintcap_flags 3467.Pq Vt str 3468If 3469.Va lpd_enable 3470and 3471.Va chkprintcap_enable 3472are set to 3473.Dq Li YES , 3474these are the flags to pass to the 3475.Xr chkprintcap 8 3476program. 3477The default is 3478.Dq Li -d , 3479which causes missing directories to be created. 3480.It Va mta_start_script 3481.Pq Vt str 3482This variable specifies the full path to the script to run to start 3483a mail transfer agent. 3484The default is 3485.Pa /etc/rc.sendmail . 3486The 3487.Va sendmail_* 3488variables which 3489.Pa /etc/rc.sendmail 3490uses are documented in the 3491.Xr rc.sendmail 8 3492manual page. 3493.It Va dumpdev 3494.Pq Vt str 3495Indicates the device (usually a swap partition) to which a crash dump 3496should be written in the event of a system crash. 3497If the value of this variable is 3498.Dq Li AUTO , 3499the first suitable swap device listed in 3500.Pa /etc/fstab 3501will be used as dump device. 3502Otherwise, the value of this variable is passed as the argument to 3503.Xr dumpon 8 . 3504To disable crash dumps, set this variable to 3505.Dq Li NO . 3506.It Va dumpdir 3507.Pq Vt str 3508When the system reboots after a crash and a crash dump is found on the 3509device specified by the 3510.Va dumpdev 3511variable, 3512.Xr savecore 8 3513will save that crash dump and a copy of the kernel to the directory 3514specified by the 3515.Va dumpdir 3516variable. 3517The default value is 3518.Pa /var/crash . 3519Set to 3520.Dq Li NO 3521to not run 3522.Xr savecore 8 3523at boot time when 3524.Va dumpdir 3525is set. 3526.It Va savecore_flags 3527.Pq Vt str 3528If crash dumps are enabled, these are the flags to pass to the 3529.Xr savecore 8 3530utility. 3531.It Va quota_enable 3532.Pq Vt bool 3533Set to 3534.Dq Li YES 3535to turn on user and group disk quotas on system startup via the 3536.Xr quotaon 8 3537command for all file systems marked as having quotas enabled in 3538.Pa /etc/fstab . 3539The kernel must be built with 3540.Cd "options QUOTA" 3541for disk quotas to function. 3542.It Va check_quotas 3543.Pq Vt bool 3544Set to 3545.Dq Li YES 3546to enable user and group disk quota checking via the 3547.Xr quotacheck 8 3548command. 3549.It Va quotacheck_flags 3550.Pq Vt str 3551If 3552.Va quota_enable 3553is set to 3554.Dq Li YES , 3555and 3556.Va check_quotas 3557is set to 3558.Dq Li YES , 3559these are the flags to pass to the 3560.Xr quotacheck 8 3561utility. 3562The default is 3563.Dq Li "-a" , 3564which checks quotas for all file systems with quotas enabled in 3565.Pa /etc/fstab . 3566.It Va quotaon_flags 3567.Pq Vt str 3568If 3569.Va quota_enable 3570is set to 3571.Dq Li YES , 3572these are the flags to pass to the 3573.Xr quotaon 8 3574utility. 3575The default is 3576.Dq Li "-a" , 3577which enables quotas for all file systems with quotas enabled in 3578.Pa /etc/fstab . 3579.It Va quotaoff_flags 3580.Pq Vt str 3581If 3582.Va quota_enable 3583is set to 3584.Dq Li YES , 3585these are the flags to pass to the 3586.Xr quotaoff 8 3587utility when shutting down the quota system. 3588The default is 3589.Dq Li "-a" , 3590which disables quotas for all file systems with quotas enabled in 3591.Pa /etc/fstab . 3592.It Va accounting_enable 3593.Pq Vt bool 3594Set to 3595.Dq Li YES 3596to enable system accounting through the 3597.Xr accton 8 3598facility. 3599.It Va ibcs2_enable 3600.Pq Vt bool 3601Set to 3602.Dq Li YES 3603to enable iBCS2 (SCO) binary emulation at system initial boot 3604time. 3605.It Va ibcs2_loaders 3606.Pq Vt str 3607If not set to 3608.Dq Li NO 3609and if 3610.Va ibcs2_enable 3611is set to 3612.Dq Li YES , 3613this specifies a list of additional iBCS2 loaders to enable. 3614.It Va linux_enable 3615.Pq Vt bool 3616Set to 3617.Dq Li YES 3618to enable Linux/ELF binary emulation at system initial 3619boot time. 3620.It Va svr4_enable 3621.Pq Vt bool 3622If set to 3623.Dq Li YES , 3624enable SysVR4 emulation at boot time. 3625.It Va sysvipc_enable 3626.Pq Vt bool 3627If set to 3628.Dq Li YES , 3629load System V IPC primitives at boot time. 3630.It Va clear_tmp_enable 3631.Pq Vt bool 3632Set to 3633.Dq Li YES 3634to have 3635.Pa /tmp 3636cleaned at startup. 3637.It Va clear_tmp_X 3638.Pq Vt bool 3639Set to 3640.Dq Li NO 3641to disable removing of X11 lock files, 3642and the removal and (secure) recreation 3643of the various socket directories for X11 3644related programs. 3645.It Va ldconfig_paths 3646.Pq Vt str 3647Set to the list of shared library paths to use with 3648.Xr ldconfig 8 . 3649NOTE: 3650.Pa /usr/lib 3651will always be added first, so it need not appear in this list. 3652.It Va ldconfig32_paths 3653.Pq Vt str 3654Set to the list of 32-bit compatibility shared library paths to 3655use with 3656.Xr ldconfig 8 . 3657.It Va ldconfig_paths_aout 3658.Pq Vt str 3659Set to the list of shared library paths to use with 3660.Xr ldconfig 8 3661legacy 3662.Xr a.out 5 3663support. 3664.It Va ldconfig_insecure 3665.Pq Vt bool 3666The 3667.Xr ldconfig 8 3668utility normally refuses to use directories 3669which are writable by anyone except root. 3670Set this variable to 3671.Dq Li YES 3672to disable that security check during system startup. 3673.It Va ldconfig_local_dirs 3674.Pq Vt str 3675Set to the list of local 3676.Xr ldconfig 8 3677directories. 3678The names of all files in the directories listed will be 3679passed as arguments to 3680.Xr ldconfig 8 . 3681.It Va ldconfig_local32_dirs 3682.Pq Vt str 3683Set to the list of local 32-bit compatibility 3684.Xr ldconfig 8 3685directories. 3686The names of all files in the directories listed will be 3687passed as arguments to 3688.Dq Nm ldconfig Fl 32 . 3689.It Va kern_securelevel_enable 3690.Pq Vt bool 3691Set to 3692.Dq Li YES 3693to set the kernel security level at system startup. 3694.It Va kern_securelevel 3695.Pq Vt int 3696The kernel security level to set at startup. 3697The allowed range of 3698.Ar value 3699ranges from \-1 (the compile time default) to 3 (the 3700most secure). 3701See 3702.Xr security 7 3703for the list of possible security levels and their effect 3704on system operation. 3705.It Va sshd_program 3706.Pq Vt str 3707Path to the SSH server program 3708.Pa ( /usr/sbin/sshd 3709is the default). 3710.It Va sshd_enable 3711.Pq Vt bool 3712Set to 3713.Dq Li YES 3714to start 3715.Xr sshd 8 3716at system boot time. 3717.It Va sshd_flags 3718.Pq Vt str 3719If 3720.Va sshd_enable 3721is set to 3722.Dq Li YES , 3723these are the flags to pass to the 3724.Xr sshd 8 3725daemon. 3726.It Va ftpd_program 3727.Pq Vt str 3728Path to the FTP server program 3729.Pa ( /usr/libexec/ftpd 3730is the default). 3731.It Va ftpd_enable 3732.Pq Vt bool 3733Set to 3734.Dq Li YES 3735to start 3736.Xr ftpd 8 3737as a stand-alone daemon at system boot time. 3738.It Va ftpd_flags 3739.Pq Vt str 3740If 3741.Va ftpd_enable 3742is set to 3743.Dq Li YES , 3744these are the additional flags to pass to the 3745.Xr ftpd 8 3746daemon. 3747.It Va watchdogd_enable 3748.Pq Vt bool 3749If set to 3750.Dq Li YES , 3751start the 3752.Xr watchdogd 8 3753daemon at boot time. 3754This requires that the kernel have been compiled with a 3755.Xr watchdog 4 3756compatible device. 3757.It Va watchdogd_flags 3758.Pq Vt str 3759If 3760.Va watchdogd_enable 3761is set to 3762.Dq Li YES , 3763these are the flags passed to the 3764.Xr watchdogd 8 3765daemon. 3766.It Va devfs_rulesets 3767.Pq Vt str 3768List of files containing sets of rules for 3769.Xr devfs 8 . 3770.It Va devfs_system_ruleset 3771.Pq Vt str 3772Rule name(s) to apply to the system 3773.Pa /dev 3774itself. 3775.It Va devfs_set_rulesets 3776.Pq Vt str 3777Pairs of already-mounted 3778.Pa dev 3779directories and rulesets that should be applied to them. 3780For example: /mount/dev=ruleset_name 3781.It Va devfs_load_rulesets 3782.Pq Vt bool 3783If set, always load the default rulesets listed in 3784.Va devfs_rulesets . 3785.It Va performance_cx_lowest 3786.Pq Vt str 3787CPU idle state to use while on AC power. 3788The string 3789.Dq Li LOW 3790indicates that 3791.Xr acpi 4 3792should use the lowest power state available while 3793.Dq Li HIGH 3794indicates that the lowest latency state (less power savings) should be used. 3795.It Va performance_cpu_freq 3796.Pq Vt str 3797CPU clock frequency to use while on AC power. 3798The string 3799.Dq Li LOW 3800indicates that 3801.Xr cpufreq 4 3802should use the lowest frequency available while 3803.Dq Li HIGH 3804indicates that the highest frequency (less power savings) should be used. 3805.It Va economy_cx_lowest 3806.Pq Vt str 3807CPU idle state to use when off AC power. 3808The string 3809.Dq Li LOW 3810indicates that 3811.Xr acpi 4 3812should use the lowest power state available while 3813.Dq Li HIGH 3814indicates that the lowest latency state (less power savings) should be used. 3815.It Va economy_cpu_freq 3816.Pq Vt str 3817CPU clock frequency to use when off AC power. 3818The string 3819.Dq Li LOW 3820indicates that 3821.Xr cpufreq 4 3822should use the lowest frequency available while 3823.Dq Li HIGH 3824indicates that the highest frequency (less power savings) should be used. 3825.It Va jail_enable 3826.Pq Vt bool 3827If set to 3828.Dq Li NO , 3829any configured jails will not be started. 3830.It Va jail_parallel_start 3831.Pq Vt bool 3832If set to 3833.Dq Li YES , 3834all configured jails will be started in the background (in parallel). 3835.It Va jail_list 3836.Pq Vt str 3837A space separated list of names for jails. 3838This is purely a configuration aid to help identify and 3839configure multiple jails. 3840The names specified in this list will be used to 3841identify settings common to an instance of a jail, 3842and should contain alphanumeric characters only. 3843Assuming that the jail in question was named 3844.Li vjail , 3845you would have the following dependent variables: 3846.Bd -literal 3847jail_vjail_hostname="jail.example.com" 3848jail_vjail_ip="192.0.2.100" 3849jail_vjail_rootdir="/var/jails/vjail/root" 3850.Ed 3851.Pp 3852.It Va jail_flags 3853.Pq Vt str 3854Unset by default. 3855When set, use as default value for 3856.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3857for every jail in 3858.Va jail_list . 3859.It Va jail_interface 3860.Pq Vt str 3861Unset by default. 3862When set, use as default value for 3863.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3864for every jail in 3865.Va jail_list . 3866.It Va jail_fstab 3867.Pq Vt str 3868Unset by default. 3869When set, use as default value for 3870.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3871for every jail in 3872.Va jail_list . 3873.It Va jail_mount_enable 3874.Pq Vt bool 3875Set to 3876.Dq Li NO 3877by default. 3878When set to 3879.Dq Li YES , 3880sets 3881.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3882to 3883.Dq Li YES 3884by default for every jail in 3885.Va jail_list . 3886.It Va jail_devfs_ruleset 3887.Pq Vt str 3888Unset by default. 3889When set, sets 3890.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3891to given value for every jail in 3892.Va jail_list . 3893.It Va jail_devfs_enable 3894.Pq Vt bool 3895Set to 3896.Dq Li NO 3897by default. 3898When set to 3899.Dq Li YES , 3900sets 3901.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3902to 3903.Dq Li YES 3904by default for every jail in 3905.Va jail_list . 3906.It Va jail_fdescfs_enable 3907.Pq Vt bool 3908Set to 3909.Dq Li NO 3910by default. 3911When set to 3912.Dq Li YES , 3913sets 3914.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3915to 3916.Dq Li YES 3917by default for every jail in 3918.Va jail_list . 3919.It Va jail_procfs_enable 3920.Pq Vt bool 3921Set to 3922.Dq Li NO 3923by default. 3924When set to 3925.Dq Li YES , 3926sets 3927.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3928to 3929.Dq Li YES 3930by default for every jail in 3931.Va jail_list . 3932.It Va jail_exec_prestart Ns Aq Ar N 3933.Pq Vt str 3934Unset by default. 3935When set, use as default value for 3936.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3937for every jail in 3938.Va jail_list . 3939.It Va jail_exec_start 3940.Pq Vt str 3941Unset by default. 3942When set, use as default value for 3943.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3944for every jail in 3945.Va jail_list . 3946.It Va jail_exec_afterstart Ns Aq Ar N 3947.Pq Vt str 3948Unset by default. 3949When set, use as default value for 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3951for every jail in 3952.Va jail_list . 3953.It Va jail_exec_poststart Ns Aq Ar N 3954.Pq Vt str 3955Unset by default. 3956When set, use as default value for 3957.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 3958for every jail in 3959.Va jail_list . 3960.It Va jail_exec_prestop Ns Aq Ar N 3961.Pq Vt str 3962Unset by default. 3963When set, use as default value for 3964.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 3965for every jail in 3966.Va jail_list . 3967.It Va jail_exec_stop 3968Unset by default. 3969When set, use as default value for 3970.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3971for every jail in 3972.Va jail_list . 3973.It Va jail_exec_poststop Ns Aq Ar N 3974.Pq Vt str 3975Unset by default. 3976When set, use as default value for 3977.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 3978for every jail in 3979.Va jail_list . 3980.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3981.Pq Vt str 3982Unset by default. 3983Set to the root directory used by jail 3984.Va jname . 3985.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3986.Pq Vt str 3987Unset by default. 3988Set to the fully qualified domain name (FQDN) assigned to jail 3989.Va jname . 3990.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3991.Pq Vt str 3992Unset by default. 3993Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 3994The argument can be a sole address or a comma separated list of addresses. 3995Additionally each address can be prefixed by the name of an interface 3996followed by a pipe to overwrite 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3998or 3999.Va jail_interface 4000and/or suffixed by a netmask, prefixlen or prefix. 4001In case no netmask, prefixlen or prefix is given, 4002.Sq /32 4003will be used for IPv4 and 4004.Sq /128 4005will be used for an IPv6 address. 4006If no address is given for the jail then the jail will be started with 4007no networking support. 4008.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4009.Pq Vt str 4010Unset by default. 4011Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 4012The sequence starts with 4013.Dq Li _multi0 4014and the numbers have to be strictly ascending. 4015These entries follow the same syntax as their primary 4016.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4017entry. 4018The order of the entries can be important as the first address for 4019each address family found will be the primary address of the jail. 4020See 4021.Va ip-addresses 4022option in 4023.Xr jail 8 4024for more details. 4025.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4026.Pq Vt str 4027Set to 4028.Dq Li -l -U root 4029by default. 4030These are flags to pass to 4031.Xr jail 8 . 4032.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4033.Pq Vt str 4034Unset by default. 4035When set, sets the interface to use when setting IP address alias. 4036Note that the alias is created at jail startup and removed at jail shutdown. 4037.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4038.Pq Vt str 4039Unset by default. 4040When set, the jail is started with the specified forwarding table (sometimes 4041referred to as a routing table) via 4042.Xr setfib 1 . 4043.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4044.Pq Vt str 4045Set to 4046.Pa /etc/fstab. Ns Aq Ar jname 4047by default. 4048This is the file system information file to use for jail 4049.Va jname . 4050.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4051.Pq Vt bool 4052Set to 4053.Dq Li NO 4054by default. 4055When set to 4056.Dq Li YES , 4057mount all file systems from 4058.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4059at jail startup. 4060.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 4061.Pq Vt str 4062Unset by default. 4063When set, defines the device file system ruleset file to use for jail 4064.Va jname . 4065.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4066.Pq Vt bool 4067Set to 4068.Dq Li NO 4069by default. 4070When set to 4071.Dq Li YES , 4072mount the device file system inside jail 4073.Ar jname 4074at jail startup. 4075.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4076.Pq Vt bool 4077Set to 4078.Dq Li NO 4079by default. 4080When set to 4081.Dq Li YES , 4082mount the file-descriptor file system inside jail 4083.Ar jname 4084at jail startup. 4085.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 4086.Pq Vt bool 4087Set to 4088.Dq Li NO 4089by default. 4090When set to 4091.Dq Li YES , 4092mount the process file system inside jail 4093.Ar jname 4094at jail startup. 4095.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 4096.Pq Vt str 4097Unset by default. 4098This is the command run as 4099.Ar N Ns 4100th command 4101before jail startup, where 4102.Ar N 4103is 0, 1, and so on. 4104It is run outside the jail. 4105.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4106.Pq Vt str 4107Set to 4108.Dq Li /bin/sh /etc/rc 4109by default. 4110This is the command executed in a jail at jail startup. 4111.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4112.Pq Vt str 4113Unset by default. 4114This is the command run as 4115.Ar N Ns 4116th command 4117in a jail 4118after jail startup, where 4119.Ar N 4120is 1, 2, and so on. 4121.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4122.Pq Vt str 4123Unset by default. 4124This is the command run as 4125.Ar N Ns 4126th command 4127after jail startup, where 4128.Ar N 4129is 0, 1, and so on. 4130It is run outside the jail. 4131.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4132.Pq Vt str 4133Unset by default. 4134This is the command run as 4135.Ar N Ns 4136th command 4137before jail shutdown, where 4138.Ar N 4139is 0, 1, and so on. 4140It is run outside the jail. 4141.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4142.Pq Vt str 4143Set to 4144.Dq Li /bin/sh /etc/rc.shutdown 4145by default. 4146This is the command executed in a jail at jail shutdown. 4147.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4148.Pq Vt str 4149Unset by default. 4150This is the command run as 4151.Ar N Ns 4152th command 4153after jail shutdown, where 4154.Ar N 4155is 0, 1, and so on. 4156It is run outside the jail. 4157.It Va jail_set_hostname_allow 4158.Pq Vt bool 4159If set to 4160.Dq Li NO , 4161do not allow the root user in a jail to set its hostname. 4162.It Va jail_socket_unixiproute_only 4163.Pq Vt bool 4164If set to 4165.Dq Li YES , 4166do not allow any sockets, 4167besides UNIX/IP/route sockets, 4168to be used within a jail. 4169.It Va jail_sysvipc_allow 4170.Pq Vt bool 4171If set to 4172.Dq Li YES , 4173allow applications within a jail to use System V IPC. 4174.\" ----------------------------------------------------- 4175.It Va harvest_interrupt 4176.Pq Vt bool 4177Set to 4178.Dq Li YES 4179to use hardware interrupts as an entropy source. 4180Refer to 4181.Xr random 4 4182for more information. 4183.It Va harvest_ethernet 4184.Pq Vt bool 4185Set to 4186.Dq Li YES 4187to use LAN traffic as an entropy source. 4188Refer to 4189.Xr random 4 4190for more information. 4191.It Va harvest_p_to_p 4192.Pq Vt bool 4193Set to 4194.Dq Li YES 4195to use serial line traffic as an entropy source. 4196Refer to 4197.Xr random 4 4198for more information. 4199.It Va entropy_dir 4200.Pq Vt str 4201Set to 4202.Dq Li NO 4203to disable caching entropy via 4204.Xr cron 8 . 4205Otherwise set to the directory used to store entropy files in. 4206.It Va entropy_file 4207.Pq Vt str 4208Set to 4209.Dq Li NO 4210to disable caching entropy through reboots. 4211Otherwise set to the filename used to store cached entropy through 4212reboots. 4213This file should be located on the root file system to seed the 4214.Xr random 4 4215device as early as possible in the boot process. 4216.It Va entropy_save_sz 4217.Pq Vt int 4218Size of the entropy cache files saved by 4219.Nm save-entropy 4220periodically. 4221.It Va entropy_save_num 4222.Pq Vt int 4223Number of entropy cache files to save by 4224.Nm save-entropy 4225periodically. 4226.It Va ipsec_enable 4227.Pq Vt bool 4228Set to 4229.Dq Li YES 4230to run 4231.Xr setkey 8 4232on 4233.Va ipsec_file 4234at boot time. 4235.It Va ipsec_file 4236.Pq Vt str 4237Configuration file for 4238.Xr setkey 8 . 4239.It Va dmesg_enable 4240.Pq Vt bool 4241Set to 4242.Dq Li YES 4243to save 4244.Xr dmesg 8 4245to 4246.Pa /var/run/dmesg.boot 4247on boot. 4248.It Va rcshutdown_timeout 4249.Pq Vt int 4250If set, start a watchdog timer in the background which will terminate 4251.Pa rc.shutdown 4252if 4253.Xr shutdown 8 4254has not completed within the specified time (in seconds). 4255Notice that in addition to this soft timeout, 4256.Xr init 8 4257also applies a hard timeout for the execution of 4258.Pa rc.shutdown . 4259This is configured via 4260.Xr sysctl 8 4261variable 4262.Va kern.init_shutdown_timeout 4263and defaults to 120 seconds. 4264Setting the value of 4265.Va rcshutdown_timeout 4266to more than 120 seconds will have no effect until the 4267.Xr sysctl 8 4268variable 4269.Va kern.init_shutdown_timeout 4270is also increased. 4271.It Va virecover_enable 4272.Pq Vt bool 4273Set to 4274.Dq Li NO 4275to prevent the system from trying to 4276recover pre-maturely terminated 4277.Xr vi 1 4278sessions. 4279.It Va ugidfw_enable 4280.Pq Vt bool 4281Set to 4282.Dq Li YES 4283to load the 4284.Xr mac_bsdextended 4 4285module upon system initialization and load a default 4286ruleset file. 4287.It Va bsdextended_script 4288.Pq Vt str 4289The default 4290.Xr mac_bsdextended 4 4291ruleset file to load. 4292The default value of this variable is 4293.Pa /etc/rc.bsdextended . 4294.It Va newsyslog_enable 4295.Pq Vt bool 4296If set to 4297.Dq Li YES , 4298run 4299.Xr newsyslog 8 4300command at startup. 4301.It Va newsyslog_flags 4302.Pq Vt str 4303If 4304.Va newsyslog_enable 4305is set to 4306.Dq Li YES , 4307these are the flags to pass to the 4308.Xr newsyslog 8 4309program. 4310The default is 4311.Dq Li -CN , 4312which causes log files flagged with a 4313.Cm C 4314to be created. 4315.It Va mdconfig_md Ns Aq Ar X 4316.Pq Vt str 4317Arguments to 4318.Xr mdconfig 8 4319for 4320.Xr md 4 4321device 4322.Ar X . 4323At minimum a 4324.Fl t Ar type 4325must be specified and either a 4326.Fl s Ar size 4327for malloc or swap backed 4328.Xr md 4 4329devices or a 4330.Fl f Ar file 4331for vnode backed 4332.Xr md 4 4333devices. 4334Note that 4335.Va mdconfig_md Ns Aq Ar X 4336variables are evaluated until one variable is unset or null. 4337.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4338.Pq Vt str 4339Optional arguments passed to 4340.Xr newfs 8 4341to initialize 4342.Xr md 4 4343device 4344.Ar X . 4345.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4346.Pq Vt str 4347An ownership specification passed to 4348.Xr chown 8 4349after the specified 4350.Xr md 4 4351device 4352.Ar X 4353has been mounted. 4354Both the 4355.Xr md 4 4356device and the mount point will be changed. 4357.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4358.Pq Vt str 4359A mode string passed to 4360.Xr chmod 1 4361after the specified 4362.Xr md 4 4363device 4364.Ar X 4365has been mounted. 4366Both the 4367.Xr md 4 4368device and the mount point will be changed. 4369.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4370.Pq Vt str 4371Files to be copied to the mount point of the 4372.Xr md 4 4373device 4374.Ar X 4375after it has been mounted. 4376.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4377.Pq Vt str 4378Command to execute after the specified 4379.Xr md 4 4380device 4381.Ar X 4382has been mounted. 4383Note that the command is passed to 4384.Ic eval 4385and that both 4386.Va _dev 4387and 4388.Va _mp 4389variables can be used to reference respectively the 4390.Xr md 4 4391device and the mount point. 4392Assuming that the 4393.Xr md 4 4394device is 4395.Li md0 , 4396one could set the following: 4397.Bd -literal 4398mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4399.Ed 4400.It Va autobridge_interfaces 4401.Pq Vt str 4402Set to the list of bridge interfaces that will have newly arriving interfaces 4403checked against to be automatically added. 4404If not set to 4405.Dq Li NO 4406then for each whitespace separated 4407.Ar element 4408in the value, a 4409.Va autobridge_ Ns Aq Ar element 4410variable is assumed to exist which has a whitespace separated list of interface 4411names to match, these names can use wildcards. 4412For example: 4413.Bd -literal 4414autobridge_interfaces="bridge0" 4415autobridge_bridge0="tap* dc0 vlan[345]" 4416.Ed 4417.It Va mixer_enable 4418.Pq Vt bool 4419If set to 4420.Dq Li YES , 4421enable support for sound mixer. 4422.It Va hcsecd_enable 4423.Pq Vt bool 4424If set to 4425.Dq Li YES , 4426enable Bluetooth security daemon. 4427.It Va hcsecd_config 4428.Pq Vt str 4429Configuration file for 4430.Xr hcsecd 8 . 4431Default 4432.Pa /etc/bluetooth/hcsecd.conf . 4433.It Va sdpd_enable 4434.Pq Vt bool 4435If set to 4436.Dq Li YES , 4437enable Bluetooth Service Discovery Protocol daemon. 4438.It Va sdpd_control 4439.Pq Vt str 4440Path to 4441.Xr sdpd 8 4442control socket. 4443Default 4444.Pa /var/run/sdp . 4445.It Va sdpd_groupname 4446.Pq Vt str 4447Sets 4448.Xr sdpd 8 4449group to run as after it initializes. 4450Default 4451.Dq Li nobody . 4452.It Va sdpd_username 4453.Pq Vt str 4454Sets 4455.Xr sdpd 8 4456user to run as after it initializes. 4457Default 4458.Dq Li nobody . 4459.It Va bthidd_enable 4460.Pq Vt bool 4461If set to 4462.Dq Li YES , 4463enable Bluetooth Human Interface Device daemon. 4464.It Va bthidd_config 4465.Pq Vt str 4466Configuration file for 4467.Xr bthidd 8 . 4468Default 4469.Pa /etc/bluetooth/bthidd.conf . 4470.It Va bthidd_hids 4471.Pq Vt str 4472Path to a file, where 4473.Xr bthidd 8 4474will store information about known HID devices. 4475Default 4476.Pa /var/db/bthidd.hids . 4477.It Va rfcomm_pppd_server_enable 4478.Pq Vt bool 4479If set to 4480.Dq Li YES , 4481enable Bluetooth RFCOMM PPP wrapper daemon. 4482.It Va rfcomm_pppd_server_profile 4483.Pq Vt str 4484The name of the profile to use from 4485.Pa /etc/ppp/ppp.conf . 4486Multiple profiles can be specified here. 4487Also used to specify per-profile overrides. 4488When the profile name contains any of the characters 4489.Dq Li .-/+ 4490they are translated to 4491.Dq Li _ 4492for the proposes of the override variable names. 4493.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4494.Pq Vt str 4495Overrides local address to listen on. 4496By default 4497.Xr rfcomm_pppd 8 4498will listen on 4499.Dq Li ANY 4500address. 4501The address can be specified as BD_ADDR or name. 4502.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4503.Pq Vt str 4504Overrides local RFCOMM channel to listen on. 4505By default 4506.Xr rfcomm_pppd 8 4507will listen on RFCOMM channel 1. 4508Must set properly if multiple profiles used in the same time. 4509.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4510.Pq Vt bool 4511Tells 4512.Xr rfcomm_pppd 8 4513if it should register Serial Port service on the specified RFCOMM channel. 4514Default 4515.Dq Li NO . 4516.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4517.Pq Vt bool 4518Tells 4519.Xr rfcomm_pppd 8 4520if it should register Dial-Up Networking service on the specified 4521RFCOMM channel. 4522Default 4523.Dq Li NO . 4524.It Va ubthidhci_enable 4525.Pq Vt bool 4526If set to 4527.Dq Li YES , 4528change the USB Bluetooth controller from HID mode to HCI mode. 4529You also need to specify the location of USB Bluetooth controller with the 4530.Va ubthidhci_busnum 4531and 4532.Va ubthidhci_addr 4533variables. 4534.It Va ubthidhci_busnum 4535Bus number where the USB Bluetooth controller is located. 4536Check the output of 4537.Xr usbconfig 8 4538on your system to find this information. 4539.It Va ubthidhci_addr 4540Bus address of the USB Bluetooth controller. 4541Check the output of 4542.Xr usbconfig 8 4543on your system to find this information. 4544.It Va netwait_enable 4545.Pq Vt bool 4546If set to 4547.Dq Li YES , 4548delays the start of network-reliant services until 4549.Va netwait_if 4550is up and ICMP packets to a destination defined in 4551.Va netwait_ip 4552are flowing. 4553Link state is examined first, followed by 4554.Dq Li pinging 4555an IP address to verify network usability. 4556If no destination can be reached or timeouts are exceeded, 4557network services are started anyway with no guarantee that 4558the network is usable. 4559Use of this variable requires both 4560.Va netwait_ip 4561and 4562.Va netwait_if 4563to be set. 4564.It Va netwait_ip 4565.Pq Vt str 4566Empty by default. 4567This variable contains a space-delimited list of IP addresses to 4568.Xr ping 8 . 4569DNS hostnames should not be used as resolution is not guaranteed 4570to be functional at this point. 4571If multiple IP addresses are specified, 4572each will be tried until one is successful or the list is exhausted. 4573.It Va netwait_timeout 4574.Pq Vt int 4575Indicates the total number of seconds to perform a 4576.Dq Li ping 4577against each IP address in 4578.Va netwait_ip , 4579at a rate of one ping per second. 4580If any of the pings are successful, 4581full network connectivity is considered reliable. 4582The default is 60. 4583.It Va netwait_if 4584.Pq Vt str 4585Empty by default. 4586Defines the name of the network interface on which watch for link. 4587.Xr ifconfig 8 4588is used to monitor the interface, looking for 4589.Dq Li status: no carrier . 4590Once gone, the link is considered up. 4591This can be a 4592.Xr vlan 4 4593interface if desired. 4594.It Va netwait_if_timeout 4595.Pq Vt int 4596Defines the total number of seconds to wait for link to become usable, 4597polled at a 1-second interval. 4598The default is 30. 4599.El 4600.Sh FILES 4601.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4602.It Pa /etc/defaults/rc.conf 4603.It Pa /etc/rc.conf 4604.It Pa /etc/rc.conf.local 4605.El 4606.Sh SEE ALSO 4607.Xr catman 1 , 4608.Xr chmod 1 , 4609.Xr gdb 1 , 4610.Xr info 1 , 4611.Xr kbdcontrol 1 , 4612.Xr makewhatis 1 , 4613.Xr sh 1 , 4614.Xr vi 1 , 4615.Xr vidcontrol 1 , 4616.Xr bridge 4 , 4617.Xr dummynet 4 , 4618.Xr ip 4 , 4619.Xr ipf 4 , 4620.Xr ipfw 4 , 4621.Xr ipnat 4 , 4622.Xr kld 4 , 4623.Xr pf 4 , 4624.Xr pflog 4 , 4625.Xr pfsync 4 , 4626.Xr tcp 4 , 4627.Xr udp 4 , 4628.Xr exports 5 , 4629.Xr fstab 5 , 4630.Xr ipf 5 , 4631.Xr ipnat 5 , 4632.Xr motd 5 , 4633.Xr newsyslog.conf 5 , 4634.Xr pf.conf 5 , 4635.Xr security 7 , 4636.Xr accton 8 , 4637.Xr amd 8 , 4638.Xr apm 8 , 4639.Xr atm 8 , 4640.Xr bthidd 8 , 4641.Xr chkprintcap 8 , 4642.Xr chown 8 , 4643.Xr cron 8 , 4644.Xr devfs 8 , 4645.Xr dhclient 8 , 4646.Xr ftpd 8 , 4647.Xr geli 8 , 4648.Xr hcsecd 8 , 4649.Xr ifconfig 8 , 4650.Xr inetd 8 , 4651.Xr ipf 8 , 4652.Xr ipfw 8 , 4653.Xr ipnat 8 , 4654.Xr jail 8 , 4655.Xr kldxref 8 , 4656.Xr lpd 8 , 4657.Xr mdconfig 8 , 4658.Xr mdmfs 8 , 4659.Xr mixer 8 , 4660.Xr mountd 8 , 4661.Xr moused 8 , 4662.Xr mrouted 8 , 4663.Xr named 8 , 4664.Xr newfs 8 , 4665.Xr newsyslog 8 , 4666.Xr nfsd 8 , 4667.Xr ntpd 8 , 4668.Xr ntpdate 8 , 4669.Xr pfctl 8 , 4670.Xr pflogd 8 , 4671.Xr ping 8 , 4672.Xr powerd 8 , 4673.Xr quotacheck 8 , 4674.Xr quotaon 8 , 4675.Xr rc 8 , 4676.Xr rc.sendmail 8 , 4677.Xr rfcomm_pppd 8 , 4678.Xr route 8 , 4679.Xr routed 8 , 4680.Xr rpcbind 8 , 4681.Xr rpc.lockd 8 , 4682.Xr rpc.statd 8 , 4683.Xr rwhod 8 , 4684.Xr savecore 8 , 4685.Xr sdpd 8 , 4686.Xr sshd 8 , 4687.Xr swapon 8 , 4688.Xr sysctl 8 , 4689.Xr syslogd 8 , 4690.Xr timed 8 , 4691.Xr usbconfig 8 , 4692.Xr wlandebug 8 , 4693.Xr yp 8 , 4694.Xr ypbind 8 , 4695.Xr ypserv 8 , 4696.Xr ypset 8 4697.Sh HISTORY 4698The 4699.Nm 4700file appeared in 4701.Fx 2.2.2 . 4702.Sh AUTHORS 4703.An Jordan K. Hubbard . 4704