1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd January 23, 2007 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va kldxref_enable 168.Pq Vt bool 169Set to 170.Dq Li NO 171by default. 172Set to 173.Dq Li YES 174to automatically rebuild 175.Pa linker.hints 176files with 177.Xr kldxref 8 178at boot time. 179.It Va kldxref_clobber 180.Pq Vt bool 181Set to 182.Dq Li NO 183by default. 184If 185.Va kldxref_enable 186is true, 187setting to 188.Dq Li YES 189will overwrite existing 190.Pa linker.hints 191files at boot time. 192Otherwise, 193only missing 194.Pa linker.hints 195files are generated. 196.It Va kldxref_module_path 197.Pq Vt str 198Empty by default. 199A semi-colon 200.Pq Ql \&; 201delimited list of paths containing 202.Xr kld 4 203modules. 204If empty, 205the contents of the 206.Va kern.module_path 207.Xr sysctl 8 208are used. 209.It Va powerd_enable 210.Pq Vt bool 211If set to 212.Dq Li YES , 213enable the system power control facility with the 214.Xr powerd 8 215daemon. 216.It Va powerd_flags 217.Pq Vt str 218If 219.Va powerd_enable 220is set to 221.Dq Li YES , 222these are the flags to pass to the 223.Xr powerd 8 224daemon. 225.It Va tmpmfs 226Controls the creation of a 227.Pa /tmp 228memory file system. 229Always happens if set to 230.Dq Li YES 231and never happens if set to 232.Dq Li NO . 233If set to anything else, a memory file system is created if 234.Pa /tmp 235is not writable. 236.It Va tmpsize 237Controls the size of a created 238.Pa /tmp 239memory file system. 240.It Va tmpmfs_flags 241Extra options passed to the 242.Xr mdmfs 8 243utility when the memory file system for 244.Pa /tmp 245is created. 246The default is 247.Dq Li "-S -M" , 248which inhibits the use of softupdates on 249.Pa /tmp 250to waste as little space as possible 251and creates a pure memory backed disk, which will never be swapped out, 252for maximum performance and system stability at low memory conditions. 253See 254.Xr mdmfs 8 255for other options you can use in 256.Va tmpmfs_flags . 257.It Va varmfs 258Controls the creation of a 259.Pa /var 260memory file system. 261Always happens if set to 262.Dq Li YES 263and never happens if set to 264.Dq Li NO . 265If set to anything else, a memory file system is created if 266.Pa /var 267is not writable. 268.It Va varsize 269Controls the size of a created 270.Pa /var 271memory file system. 272.It Va varmfs_flags 273Extra options passed to the 274.Xr mdmfs 8 275utility when the memory file system for 276.Pa /var 277is created. 278The default is 279.Dq Li "-S -M" , 280which inhibits the use of softupdates on 281.Pa /var 282to waste as little space as possible 283and creates a pure memory backed disk, which will never be swapped out, 284for maximum performance and system stability at low memory conditions. 285See 286.Xr mdmfs 8 287for other options you can use in 288.Va varmfs_flags . 289.It Va populate_var 290Controls the automatic population of the 291.Pa /var 292file system. 293Always happens if set to 294.Dq Li YES 295and never happens if set to 296.Dq Li NO . 297If set to anything else, a memory file system is created if 298.Pa /var 299is not writable. 300Note that this process requires access to certain commands in 301.Pa /usr 302before 303.Pa /usr 304is mounted on normal systems. 305.It Va cleanvar_enable 306.Pq Vt bool 307Clean the 308.Pa /var 309directory. 310.It Va local_startup 311.Pq Vt str 312List of directories to search for startup script files. 313.It Va script_name_sep 314.Pq Vt str 315The field separator to use for breaking down the list of startup script files 316into individual filenames. 317The default is a space. 318It is not necessary to change this unless there are startup scripts with names 319containing spaces. 320.It Va hostapd_enable 321.Pq Vt bool 322Set to 323.Dq Li YES 324to start 325.Xr hostapd 8 326at system boot time. 327.It Va hostname 328.Pq Vt str 329The fully qualified domain name (FQDN) of this host on the network. 330This should almost certainly be set to something meaningful, even if 331there is no network connection. 332If 333.Xr dhclient 8 334is used to set the hostname via DHCP, 335this variable should be set to an empty string. 336.It Va ipv6_enable 337.Pq Vt bool 338Enable support for IPv6 networking. 339Note that this requires that the kernel has been compiled with 340.Cd "options INET6" . 341.It Va nisdomainname 342.Pq Vt str 343The NIS domain name of this host, or 344.Dq Li NO 345if NIS is not used. 346.It Va dhclient_program 347.Pq Vt str 348Path to the DHCP client program 349.Pa ( /sbin/dhclient , 350the 351.Ox 352DHCP client, 353is the default). 354.It Va dhclient_flags 355.Pq Vt str 356Additional flags to pass to the DHCP client program. 357For the 358.Ox 359DHCP client, see the 360.Xr dhclient 8 361manpage for a description of the command line options available. 362.It Va dhclient_flags_ Ns Aq Ar iface 363Additional flags to pass to the DHCP client program running on 364.Ar iface 365only. 366When specified, this variable overrides 367.Va dhclient_flags . 368.It Va background_dhclient 369.Pq Vt bool 370Set to 371.Dq Li YES 372to start the DHCP client in background. 373This can cause trouble with applications depending on 374a working network, but it will provide a faster startup 375in many cases. 376.It Va background_dhclient_ Ns Aq Ar iface 377When specified, this variable overrides the 378.Va background_dhclient 379variable for interface 380.Ar iface 381only. 382.It Va synchronous_dhclient 383.Pq Bt bool 384Set to 385.Dq Li NO 386to start 387.Xr dhclient 8 388only in response to interface events and not synchronously at startup. 389This behavior can be overridden on a per-interface basis by replacing 390the 391.Dq Li DHCP 392keyword in the 393.Va ifconfig_ Ns Aq Ar interface 394variable with 395.Dq Li SYNCDHCP 396or 397.Dq Li NOSYNCDHCP . 398.It Va firewall_enable 399.Pq Vt bool 400Set to 401.Dq Li YES 402to load firewall rules at startup. 403If the kernel was not built with 404.Cd "options IPFIREWALL" , 405the 406.Pa ipfw.ko 407kernel module will be loaded. 408See also 409.Va ipfilter_enable . 410.It Va ipv6_firewall_enable 411.Pq Vt bool 412The IPv6 equivalent of 413.Va firewall_enable . 414Set to 415.Dq Li YES 416to load IPv6 firewall rules at startup. 417If the kernel was not built with 418.Cd "options IPV6FIREWALL" , 419the 420.Pa ipfw.ko 421kernel module will be loaded. 422.It Va firewall_script 423.Pq Vt str 424This variable specifies the full path to the firewall script to run. 425The default is 426.Pa /etc/rc.firewall . 427.It Va ipv6_firewall_script 428.Pq Vt str 429The IPv6 equivalent of 430.Va firewall_script . 431.It Va firewall_type 432.Pq Vt str 433Names the firewall type from the selection in 434.Pa /etc/rc.firewall , 435or the file which contains the local firewall ruleset. 436Valid selections from 437.Pa /etc/rc.firewall 438are: 439.Pp 440.Bl -tag -width ".Li simple" -compact 441.It Li open 442unrestricted IP access 443.It Li closed 444all IP services disabled, except via 445.Dq Li lo0 446.It Li client 447basic protection for a workstation 448.It Li simple 449basic protection for a LAN. 450.El 451.Pp 452If a filename is specified, the full path 453must be given. 454.It Va ipv6_firewall_type 455.Pq Vt str 456The IPv6 equivalent of 457.Va firewall_type . 458.It Va firewall_quiet 459.Pq Vt bool 460Set to 461.Dq Li YES 462to disable the display of firewall rules on the console during boot. 463.It Va ipv6_firewall_quiet 464.Pq Vt bool 465The IPv6 equivalent of 466.Va firewall_quiet . 467.It Va firewall_logging 468.Pq Vt bool 469Set to 470.Dq Li YES 471to enable firewall event logging. 472This is equivalent to the 473.Dv IPFIREWALL_VERBOSE 474kernel option. 475.It Va ipv6_firewall_logging 476.Pq Vt bool 477The IPv6 equivalent of 478.Va firewall_logging . 479.It Va firewall_flags 480.Pq Vt str 481Flags passed to 482.Xr ipfw 8 483if 484.Va firewall_type 485specifies a filename. 486.It Va ipv6_firewall_flags 487.Pq Vt str 488The IPv6 equivalent of 489.Va firewall_flags . 490.It Va natd_program 491.Pq Vt str 492Path to 493.Xr natd 8 . 494.It Va natd_enable 495.Pq Vt bool 496Set to 497.Dq Li YES 498to enable 499.Xr natd 8 . 500.Va firewall_enable 501must also be set to 502.Dq Li YES , 503and 504.Xr divert 4 505sockets must be enabled in the kernel. 506If the kernel was not built with 507.Cd "options IPDIVERT" , 508the 509.Pa ipdivert.ko 510kernel module will be loaded. 511.It Va natd_interface 512.Pq Vt str 513This is the name of the public interface on which 514.Xr natd 8 515should run. 516The interface may be given as an interface name or as an IP address. 517.It Va natd_flags 518.Pq Vt str 519Additional 520.Xr natd 8 521flags should be placed here. 522The 523.Fl n 524or 525.Fl a 526flag is automatically added with the above 527.Va natd_interface 528as an argument. 529.\" ----- ipfilter_enable setting -------------------------------- 530.It Va ipfilter_enable 531.Pq Vt bool 532Set to 533.Dq Li NO 534by default. 535Setting this to 536.Dq Li YES 537enables 538.Xr ipf 8 539packet filtering. 540.Pp 541Typical usage will require putting 542.Bd -literal 543ipfilter_enable="YES" 544ipnat_enable="YES" 545ipmon_enable="YES" 546ipfs_enable="YES" 547.Ed 548.Pp 549into 550.Pa /etc/rc.conf 551and editing 552.Pa /etc/ipf.rules 553and 554.Pa /etc/ipnat.rules 555appropriately. 556.Pp 557Note that 558.Va ipfilter_enable 559and 560.Va ipnat_enable 561can be enabled independently. 562.Va ipmon_enable 563and 564.Va ipfs_enable 565both require at least one of 566.Va ipfilter_enable 567and 568.Va ipnat_enable 569to be enabled. 570.Pp 571Having 572.Bd -literal 573options IPFILTER 574options IPFILTER_LOG 575options IPFILTER_DEFAULT_BLOCK 576.Ed 577.Pp 578in the kernel configuration file is a good idea, too. 579.\" ----- ipfilter_program setting ------------------------------ 580.It Va ipfilter_program 581.Pq Vt str 582Path to 583.Xr ipf 8 584(default 585.Pa /sbin/ipf ) . 586.\" ----- ipfilter_rules setting -------------------------------- 587.It Va ipfilter_rules 588.Pq Vt str 589Set to 590.Pa /etc/ipf.rules 591by default. 592This variable contains the name of the filter rule definition file. 593The file is expected to be readable for the 594.Xr ipf 8 595command to execute. 596.\" ----- ipv6_ipfilter_rules setting --------------------------- 597.It Va ipv6_ipfilter_rules 598.Pq Vt str 599Set to 600.Pa /etc/ipf6.rules 601by default. 602This variable contains the IPv6 filter rule definition file. 603The file is expected to be readable for the 604.Xr ipf 8 605command to execute. 606.\" ----- ipfilter_flags setting -------------------------------- 607.It Va ipfilter_flags 608.Pq Vt str 609Empty by default. 610This variable contains flags passed to the 611.Xr ipf 8 612program. 613.\" ----- ipnat_enable setting ---------------------------------- 614.It Va ipnat_enable 615.Pq Vt bool 616Set to 617.Dq Li NO 618by default. 619Set it to 620.Dq Li YES 621to enable 622.Xr ipnat 8 623network address translation. 624See 625.Va ipfilter_enable 626for a detailed discussion. 627.\" ----- ipnat_program setting --------------------------------- 628.It Va ipnat_program 629.Pq Vt str 630Path to 631.Xr ipnat 8 632(default 633.Pa /sbin/ipnat ) . 634.\" ----- ipnat_rules setting ----------------------------------- 635.It Va ipnat_rules 636.Pq Vt str 637Set to 638.Pa /etc/ipnat.rules 639by default. 640This variable contains the name of the file 641holding the network address translation definition. 642This file is expected to be readable for the 643.Xr ipnat 8 644command to execute. 645.\" ----- ipnat_flags setting ----------------------------------- 646.It Va ipnat_flags 647.Pq Vt str 648Empty by default. 649This variable contains flags passed to the 650.Xr ipnat 8 651program. 652.\" ----- ipmon_enable setting ---------------------------------- 653.It Va ipmon_enable 654.Pq Vt bool 655Set to 656.Dq Li NO 657by default. 658Set it to 659.Dq Li YES 660to enable 661.Xr ipmon 8 662monitoring (logging 663.Xr ipf 8 664and 665.Xr ipnat 8 666events). 667Setting this variable needs setting 668.Va ipfilter_enable 669or 670.Va ipnat_enable 671too. 672See 673.Va ipfilter_enable 674for a detailed discussion. 675.\" ----- ipmon_program setting --------------------------------- 676.It Va ipmon_program 677.Pq Vt str 678Path to 679.Xr ipmon 8 680(default 681.Pa /sbin/ipmon ) . 682.\" ----- ipmon_flags setting ----------------------------------- 683.It Va ipmon_flags 684.Pq Vt str 685Set to 686.Dq Li -Ds 687by default. 688This variable contains flags passed to the 689.Xr ipmon 8 690program. 691Another typical example would be 692.Dq Fl D Pa /var/log/ipflog 693to have 694.Xr ipmon 8 695log directly to a file bypassing 696.Xr syslogd 8 . 697Make sure to adjust 698.Pa /etc/newsyslog.conf 699in such case like this: 700.Bd -literal 701/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 702.Ed 703.\" ----- ipfs_enable setting ----------------------------------- 704.It Va ipfs_enable 705.Pq Vt bool 706Set to 707.Dq Li NO 708by default. 709Set it to 710.Dq Li YES 711to enable 712.Xr ipfs 8 713saving the filter and NAT state tables during shutdown 714and reloading them during startup again. 715Setting this variable needs setting 716.Va ipfilter_enable 717or 718.Va ipnat_enable 719to 720.Dq Li YES 721too. 722See 723.Va ipfilter_enable 724for a detailed discussion. 725Note that if 726.Va kern_securelevel 727is set to 3, 728.Va ipfs_enable 729cannot be used 730because the raised securelevel will prevent 731.Xr ipfs 8 732from saving the state tables at shutdown time. 733.\" ----- ipfs_program setting ---------------------------------- 734.It Va ipfs_program 735.Pq Vt str 736Path to 737.Xr ipfs 8 738(default 739.Pa /sbin/ipfs ) . 740.\" ----- ipfs_flags setting ------------------------------------ 741.It Va ipfs_flags 742.Pq Vt str 743Empty by default. 744This variable contains flags passed to the 745.Xr ipfs 8 746program. 747.\" ----- end of added ipf hook --------------------------------- 748.It Va pf_enable 749.Pq Vt bool 750Set to 751.Dq Li NO 752by default. 753Setting this to 754.Dq Li YES 755enables 756.Xr pf 4 757packet filtering. 758.Pp 759Typical usage will require putting 760.Pp 761.Dl pf_enable="YES" 762.Pp 763into 764.Pa /etc/rc.conf 765and editing 766.Pa /etc/pf.conf 767appropriately. 768.Pp 769.Dl "device pf" 770.Pp 771builds 772.Xr pf 4 773into the kernel. 774Otherwise it is loaded from a module. 775.It Va pf_rules 776.Pq Vt str 777Path to 778.Xr pf 4 779ruleset configuration file 780(default 781.Pa /etc/pf.conf ) . 782.It Va pf_program 783.Pq Vt str 784Path to 785.Xr pfctl 8 786(default 787.Pa /sbin/pfctl ) . 788.It Va pf_flags 789.Pq Vt str 790If 791.Va pf_enable 792is set to 793.Dq Li YES , 794these flags are passed to the 795.Xr pfctl 8 796program when loading the ruleset. 797.It Va pflog_enable 798.Pq Vt bool 799Set to 800.Dq Li NO 801by default. 802Setting this to 803.Dq Li YES 804enables 805.Xr pflogd 8 806which logs packets from the 807.Xr pf 4 808packet filter. 809.It Va pflog_logfile 810.Pq Vt str 811If 812.Va pflog_enable 813is set to 814.Dq Li YES 815this controls where 816.Xr pflogd 8 817stores the logfile 818(default 819.Pa /var/log/pflog ) . 820Check 821.Pa /etc/newsyslog.conf 822to adjust logfile rotation for this. 823.It Va pflog_program 824.Pq Vt str 825Path to 826.Xr pflogd 8 827(default 828.Pa /sbin/pflogd ) . 829.It Va pflog_flags 830.Pq Vt str 831Empty by default. 832This variable contains additional flags passed to the 833.Xr pflogd 8 834program. 835.It Va pfsync_enable 836.Pq Vt bool 837Set to 838.Dq Li NO 839by default. 840Setting this to 841.Dq Li YES 842enables exposing 843.Xr pf 4 844state changes to other hosts over the network by means of 845.Xr pfsync 4 . 846The 847.Va pfsync_syncdev 848variable 849must also be set then. 850.It Va pfsync_syncdev 851.Pq Vt str 852Empty by default. 853This variable specifies the name of the network interface 854.Xr pfsync 4 855should operate through. 856It must be set accordingly if 857.Va pfsync_enable 858is set to 859.Dq Li YES . 860.It Va pfsync_ifconfig 861.Pq Vt str 862Empty by default. 863This variable can contain additional options to be passed to the 864.Xr ifconfig 8 865command used to set up 866.Xr pfsync 4 . 867.It Va tcp_extensions 868.Pq Vt bool 869Set to 870.Dq Li YES 871by default. 872Setting this to 873.Dq Li NO 874disables certain TCP options as described by 875.Rs 876.%T "RFC 1323" 877.Re 878Setting this to 879.Dq Li NO 880might help remedy such problems with connections as randomly hanging 881or other weird behavior. 882Some network devices are known 883to be broken with respect to these options. 884.It Va log_in_vain 885.Pq Vt int 886Set to 0 by default. 887The 888.Xr sysctl 8 889variables, 890.Va net.inet.tcp.log_in_vain 891and 892.Va net.inet.udp.log_in_vain , 893as described in 894.Xr tcp 4 895and 896.Xr udp 4 , 897are set to the given value. 898.It Va tcp_keepalive 899.Pq Vt bool 900Set to 901.Dq Li YES 902by default. 903Setting to 904.Dq Li NO 905will disable probing idle TCP connections to verify that the 906peer is still up and reachable. 907.It Va tcp_drop_synfin 908.Pq Vt bool 909Set to 910.Dq Li NO 911by default. 912Setting to 913.Dq Li YES 914will cause the kernel to ignore TCP frames that have both 915the SYN and FIN flags set. 916This prevents OS fingerprinting, but may 917break some legitimate applications. 918This option is only available if the 919kernel was built with the 920.Dv TCP_DROP_SYNFIN 921option. 922.It Va icmp_drop_redirect 923.Pq Vt bool 924Set to 925.Dq Li NO 926by default. 927Setting to 928.Dq Li YES 929will cause the kernel to ignore ICMP REDIRECT packets. 930Refer to 931.Xr icmp 4 932for more information. 933.It Va icmp_log_redirect 934.Pq Vt bool 935Set to 936.Dq Li NO 937by default. 938Setting to 939.Dq Li YES 940will cause the kernel to log ICMP REDIRECT packets. 941Note that 942the log messages are not rate-limited, so this option should only be used 943for troubleshooting networks. 944Refer to 945.Xr icmp 4 946for more information. 947.It Va icmp_bmcastecho 948.Pq Vt bool 949Set to 950.Dq Li YES 951to respond to broadcast or multicast ICMP ping packets. 952Refer to 953.Xr icmp 4 954for more information. 955.It Va ip_portrange_first 956.Pq Vt int 957If not set to 958.Dq Li NO , 959this is the first port in the default portrange. 960Refer to 961.Xr ip 4 962for more information. 963.It Va ip_portrange_last 964.Pq Vt int 965If not set to 966.Dq Li NO , 967this is the last port in the default portrange. 968Refer to 969.Xr ip 4 970for more information. 971.It Va network_interfaces 972.Pq Vt str 973Set to the list of network interfaces to configure on this host or 974.Dq Li AUTO 975(the default) for all current interfaces. 976Setting the 977.Va network_interfaces 978variable to anything other than the default is deprecated. 979Interfaces that the administrator wishes to store configuration for, 980but not start at boot should be configured with the 981.Dq Li NOAUTO 982keyword in their 983.Va ifconfig_ Ns Aq Ar interface 984variables as described below. 985.Pp 986An 987.Va ifconfig_ Ns Aq Ar interface 988variable is also assumed to exist for each value of 989.Ar interface . 990When an interface name contains any of the characters 991.Dq Li .-/+ 992they are translated to 993.Dq Li _ 994before lookup. 995The variable can contain arguments to 996.Xr ifconfig 8 , 997as well as special case-insensitive keywords described below. 998Such keywords are removed before passing the value to 999.Xr ifconfig 8 1000while the order of the other arguments is preserved. 1001.Pp 1002One can configure more than one IPv4 address with the 1003.Va ipv4_addrs_ Ns Aq Ar interface 1004variable. 1005One or more IP addresses must be provided in Classless Inter-Domain 1006Routing (CIDR) address notation, whose last byte can be a range like 1007192.168.0.5-23/24. 1008In this case the address 192.168.0.5 will be configured with the 1009netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with 1010the non-conflicting netmask /32 as explained in the 1011.Xr ifconfig 8 1012alias section. 1013With the interface in question being 1014.Li ed0 , 1015an example could look like: 1016.Bd -literal 1017ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28" 1018.Ed 1019.Pp 1020It is also possible to add IP alias entries using 1021.Xr ifconfig 8 1022syntax. 1023Assuming that the interface in question was 1024.Li ed0 , 1025it might look 1026something like this: 1027.Bd -literal 1028ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1029ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1030.Ed 1031.Pp 1032And so on. 1033For each 1034.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1035entry that is found, 1036its contents are passed to 1037.Xr ifconfig 8 . 1038Execution stops at the first unsuccessful access, so if 1039something like this is present: 1040.Bd -literal 1041ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1042ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1043ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1044ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1045.Ed 1046.Pp 1047Then note that alias4 would 1048.Em not 1049be added since the search would 1050stop with the missing 1051.Dq Li alias3 1052entry. 1053Due to this difficult to manage behavior, the 1054.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1055form is deprecated. 1056.Pp 1057If the 1058.Pa /etc/start_if. Ns Aq Ar interface 1059file is present, it is read and executed by the 1060.Xr sh 1 1061interpreter 1062before configuring the interface as specified in the 1063.Va ifconfig_ Ns Aq Ar interface 1064and 1065.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1066variables. 1067.Pp 1068If the 1069.Va ifconfig_ Ns Aq Ar interface 1070contains the keyword 1071.Dq Li NOAUTO 1072then the interface will not be configured 1073at boot or by 1074.Pa /etc/pccard_ether 1075when 1076.Va network_interfaces 1077is set to 1078.Dq Li AUTO . 1079.Pp 1080It is possible to bring up an interface with DHCP by adding 1081.Dq Li DHCP 1082to the 1083.Va ifconfig_ Ns Aq Ar interface 1084variable. 1085For instance, to initialize the 1086.Li ed0 1087device via DHCP, 1088it is possible to use something like: 1089.Bd -literal 1090ifconfig_ed0="DHCP" 1091.Ed 1092.Pp 1093Also, if your interface needs WPA authentication, it is possible to add 1094.Dq Li WPA 1095to the 1096.Va ifconfig_ Ns Aq Ar interface 1097variable. 1098.Pp 1099Finally, you can add 1100.Xr ifconfig 8 1101options in this variable, in addition to the 1102.Pa /etc/start_if. Ns Aq Ar interface 1103file. 1104For instance, to initialize the 1105.Li wi0 1106device via DHCP, using WPA authentication and 802.11b mode, it is 1107possible to use something like: 1108.Bd -literal 1109ifconfig_wi0="DHCP WPA mode 11b" 1110.Ed 1111.Pp 1112In addition to the 1113.Va ifconfig_ Ns Aq Ar interface 1114form, a fallback variable 1115.Va ifconfig_DEFAULT 1116may be configured. 1117It will be used for all interfaces with no 1118.Va ifconfig_ Ns Aq Ar interface 1119variable. 1120This is intended to replace the no longer supported 1121.Va pccard_ifconfig 1122variable. 1123.Pp 1124It is also possible to rename interface by doing: 1125.Bd -literal 1126ifconfig_ed0_name="net0" 1127ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000" 1128.Ed 1129.It Va ipv6_network_interfaces 1130.Pq Vt str 1131This is the IPv6 equivalent of 1132.Va network_interfaces . 1133Instead of setting the ifconfig variables as 1134.Va ifconfig_ Ns Aq Ar interface 1135they should be set as 1136.Va ipv6_ifconfig_ Ns Aq Ar interface . 1137Aliases should be set as 1138.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1139.Va ipv6_prefix_ Ns Aq Ar interface 1140does something. 1141Interfaces that do not have a 1142.Va ipv6_ifconfig_ Ns Aq Ar interface 1143setting will be auto configured by 1144.Xr rtsol 8 1145if the 1146.Va ipv6_gateway_enable 1147is set to 1148.Dq Li NO . 1149Note that the IPv6 networking code does not support the 1150.Pa /etc/start_if. Ns Aq Ar interface 1151files. 1152.It Va ipv6_default_interface 1153.Pq Vt str 1154If not set to 1155.Dq Li NO , 1156this is the default output interface for scoped addresses. 1157Now this works only for IPv6 link local multicast addresses. 1158.It Va cloned_interfaces 1159.Pq Vt str 1160Set to the list of clonable network interfaces to create on this host. 1161Entries in 1162.Va cloned_interfaces 1163are automatically appended to 1164.Va network_interfaces 1165for configuration. 1166.It Va gif_interfaces 1167.Pq Vt str 1168Set to the list of 1169.Xr gif 4 1170tunnel interfaces to configure on this host. 1171A 1172.Va gifconfig_ Ns Aq Ar interface 1173variable is assumed to exist for each value of 1174.Ar interface . 1175The value of this variable is used to configure the link layer of the 1176tunnel according to the syntax of the 1177.Cm tunnel 1178option to 1179.Xr ifconfig 8 . 1180Additionally, this option ensures that each listed interface is created 1181via the 1182.Cm create 1183option to 1184.Xr ifconfig 8 1185before attempting to configure it. 1186.It Va sppp_interfaces 1187.Pq Vt str 1188Set to the list of 1189.Xr sppp 4 1190interfaces to configure on this host. 1191A 1192.Va spppconfig_ Ns Aq Ar interface 1193variable is assumed to exist for each value of 1194.Ar interface . 1195Each interface should also be configured by a general 1196.Va ifconfig_ Ns Aq Ar interface 1197setting. 1198Refer to 1199.Xr spppcontrol 8 1200for more information about available options. 1201.It Va ppp_enable 1202.Pq Vt bool 1203If set to 1204.Dq Li YES , 1205run the 1206.Xr ppp 8 1207daemon. 1208.It Va ppp_mode 1209.Pq Vt str 1210Mode in which to run the 1211.Xr ppp 8 1212daemon. 1213Accepted modes are 1214.Dq Li auto , 1215.Dq Li ddial , 1216.Dq Li direct 1217and 1218.Dq Li dedicated . 1219See the manual for a full description. 1220.It Va ppp_nat 1221.Pq Vt bool 1222If set to 1223.Dq Li YES , 1224enables network address translation. 1225Used in conjunction with 1226.Va gateway_enable 1227allows hosts on private network addresses access to the Internet using 1228this host as a network address translating router. 1229.It Va ppp_profile 1230.Pq Vt str 1231The name of the profile to use from 1232.Pa /etc/ppp/ppp.conf . 1233.It Va ppp_user 1234.Pq Vt str 1235The name of the user under which 1236.Xr ppp 8 1237should be started. 1238By 1239default, 1240.Xr ppp 8 1241is started as 1242.Dq Li root . 1243.It Va rc_conf_files 1244.Pq Vt str 1245This option is used to specify a list of files that will override 1246the settings in 1247.Pa /etc/defaults/rc.conf . 1248The files will be read in the order in which they are specified and should 1249include the full path to the file. 1250By default, the files specified are 1251.Pa /etc/rc.conf 1252and 1253.Pa /etc/rc.conf.local 1254.It Va gbde_autoattach_all 1255.Pq Vt bool 1256If set to 1257.Dq Li YES , 1258.Pa /etc/rc.d/gbde 1259will attempt to automatically initialize your .bde devices in 1260.Pa /etc/fstab . 1261.It Va gbde_devices 1262.Pq Vt str 1263List the devices that the script should try to attach, 1264or 1265.Dq Li AUTO . 1266.It Va gbde_lockdir 1267.Pq Vt str 1268The directory where the 1269.Xr gbde 4 1270lockfiles are located. 1271The default lockfile directory is 1272.Pa /etc . 1273.Pp 1274The lockfile for each individual 1275.Xr gbde 4 1276device can be overridden by setting the variable 1277.Va gbde_lock_ Ns Aq Ar device , 1278where 1279.Ar device 1280is the encrypted device without the 1281.Dq Pa /dev/ 1282and 1283.Dq Pa .bde 1284parts. 1285.It Va gbde_attach_attempts 1286.Pq Vt int 1287Number of times to attempt attaching to a 1288.Xr gbde 4 1289device, i.e., how many times the user is asked for the pass-phrase. 1290Default is 3. 1291.It Va geli_devices 1292.Pq Vt str 1293List of devices to automatically attach on boot. 1294Note that .eli devices from 1295.Pa /etc/fstab 1296are automatically appended to this list. 1297.It Va geli_tries 1298.Pq Vt int 1299Number of times user is asked for the pass-phrase. 1300If empty, it will be taken from 1301.Va kern.geom.eli.tries 1302sysctl variable. 1303.It Va geli_default_flags 1304.Pq Vt str 1305Default flags to use by 1306.Xr geli 8 1307when configuring disk encryption. 1308Flags can be configured for every device separately by defining 1309.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1310variable. 1311.It Va geli_autodetach 1312.Pq Vt str 1313Specifies if GELI devices should be marked for detach on last close after 1314file systems are mounted. 1315Default is 1316.Dq Li YES . 1317This can be changed for every device separately by defining 1318.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1319variable. 1320.It Va geli_swap_flags 1321Options passed to the 1322.Xr geli 8 1323utility when encrypted GEOM providers for swap partitions are created. 1324The default is 1325.Dq Li "-a aes -l 256 -s 4096 -d" . 1326.It Va root_rw_mount 1327.Pq Vt bool 1328Set to 1329.Dq Li YES 1330by default. 1331After the file systems are checked at boot time, the root file system 1332is remounted as read-write if this is set to 1333.Dq Li YES . 1334Diskless systems that mount their root file system from a read-only remote 1335NFS share should set this to 1336.Dq Li NO 1337in their 1338.Pa rc.conf . 1339.It Va fsck_y_enable 1340.Pq Vt bool 1341If set to 1342.Dq Li YES , 1343.Xr fsck 8 1344will be run with the 1345.Fl y 1346flag if the initial preen 1347of the file systems fails. 1348.It Va background_fsck 1349.Pq Vt bool 1350If set to 1351.Dq Li YES , 1352the system will attempt to run 1353.Xr fsck 8 1354in the background where possible. 1355.It Va background_fsck_delay 1356.Pq Vt int 1357The amount of time in seconds to sleep before starting a background 1358.Xr fsck 8 . 1359It defaults to sixty seconds to allow large applications such as 1360the X server to start before disk I/O bandwidth is monopolized by 1361.Xr fsck 8 . 1362.It Va netfs_types 1363.Pq Vt str 1364List of file system types that are network-based. 1365This list should generally not be modified by end users. 1366Use 1367.Va extra_netfs_types 1368instead. 1369.It Va extra_netfs_types 1370.Pq Vt str 1371If set to something other than 1372.Dq Li NO 1373(the default), 1374this variable extends the list of file system types 1375for which automatic mounting at startup by 1376.Xr rc 8 1377should be delayed until the network is initialized. 1378It should contain 1379a whitespace-separated list of network file system descriptor pairs, 1380each consisting of a file system type as passed to 1381.Xr mount 8 1382and a human-readable, one-word description, 1383joined with a colon 1384.Pq Ql \&: . 1385Extending the default list in this way is only necessary 1386when third party file system types are used. 1387.It Va syslogd_enable 1388.Pq Vt bool 1389If set to 1390.Dq Li YES , 1391run the 1392.Xr syslogd 8 1393daemon. 1394.It Va syslogd_program 1395.Pq Vt str 1396Path to 1397.Xr syslogd 8 1398(default 1399.Pa /usr/sbin/syslogd ) . 1400.It Va syslogd_flags 1401.Pq Vt str 1402If 1403.Va syslogd_enable 1404is set to 1405.Dq Li YES , 1406these are the flags to pass to 1407.Xr syslogd 8 . 1408.It Va inetd_enable 1409.Pq Vt bool 1410If set to 1411.Dq Li YES , 1412run the 1413.Xr inetd 8 1414daemon. 1415.It Va inetd_program 1416.Pq Vt str 1417Path to 1418.Xr inetd 8 1419(default 1420.Pa /usr/sbin/inetd ) . 1421.It Va inetd_flags 1422.Pq Vt str 1423If 1424.Va inetd_enable 1425is set to 1426.Dq Li YES , 1427these are the flags to pass to 1428.Xr inetd 8 . 1429.It Va named_enable 1430.Pq Vt bool 1431If set to 1432.Dq Li YES , 1433run the 1434.Xr named 8 1435daemon. 1436.It Va named_program 1437.Pq Vt str 1438Path to 1439.Xr named 8 1440(default 1441.Pa /usr/sbin/named ) . 1442.It Va named_flags 1443.Pq Vt str 1444If 1445.Va named_enable 1446is set to 1447.Dq Li YES , 1448these are the flags to pass to 1449.Xr named 8 . 1450.It Va named_pidfile 1451.Pq Vt str 1452This is the default path to the 1453.Xr named 8 1454daemon's PID file. 1455This must match the location in 1456.Xr named.conf 5 . 1457.It Va named_uid 1458.Pq Vt str 1459The user that the 1460.Xr named 8 1461process should be run as. 1462.It Va named_chrootdir 1463.Pq Vt str 1464The root directory for a name server run in a 1465.Xr chroot 8 1466environment (default 1467.Pa /var/named ) . 1468If left empty 1469.Xr named 8 1470will not be run in a 1471.Xr chroot 8 1472environment. 1473.It Va named_chroot_autoupdate 1474.Pq Vt bool 1475Set to 1476.Dq Li NO 1477to disable automatic update of the 1478.Xr chroot 8 1479environment. 1480.It Va named_symlink_enable 1481.Pq Vt bool 1482Set to 1483.Dq Li NO 1484to disable symlinking of 1485daemon's PID file 1486into the 1487.Xr chroot 8 1488environment. 1489.It Va kerberos5_server_enable 1490.Pq Vt bool 1491Set to 1492.Dq Li YES 1493to start a Kerberos 5 authentication server 1494at boot time. 1495.It Va kerberos5_server 1496.Pq Vt str 1497If 1498.Va kerberos5_server_enable 1499is set to 1500.Dq Li YES 1501this is the path to Kerberos 5 Authentication Server. 1502.It Va kerberos5_server_flags 1503.Pq Vt str 1504Empty by default. 1505This variable contains additional flags to be passed to the Kerberos 5 1506authentication server. 1507.It Va kadmind5_server_enable 1508.Pq Vt bool 1509Set to 1510.Dq Li YES 1511to start 1512.Xr kadmind 8 , 1513the Kerberos 5 Administration Daemon; set to 1514.Dq Li NO 1515on a slave server. 1516.It Va kadmind5_server 1517.Pq Vt str 1518If 1519.Va kadmind5_server_enable 1520is set to 1521.Dq Li YES 1522this is the path to Kerberos 5 Administration Daemon. 1523.It Va kpasswdd_server_enable 1524.Pq Vt bool 1525Set to 1526.Dq Li YES 1527to start 1528.Xr kpasswdd 8 , 1529the Kerberos 5 Password-Changing Daemon; set to 1530.Dq Li NO 1531on a slave server. 1532.It Va kpasswdd_server 1533.Pq Vt str 1534If 1535.Va kpasswdd_server_enable 1536is set to 1537.Dq Li YES 1538this is the path to Kerberos 5 Password-Changing Daemon. 1539.It Va rwhod_enable 1540.Pq Vt bool 1541If set to 1542.Dq Li YES , 1543run the 1544.Xr rwhod 8 1545daemon at boot time. 1546.It Va rwhod_flags 1547.Pq Vt str 1548If 1549.Va rwhod_enable 1550is set to 1551.Dq Li YES , 1552these are the flags to pass to it. 1553.It Va amd_enable 1554.Pq Vt bool 1555If set to 1556.Dq Li YES , 1557run the 1558.Xr amd 8 1559daemon at boot time. 1560.It Va amd_flags 1561.Pq Vt str 1562If 1563.Va amd_enable 1564is set to 1565.Dq Li YES , 1566these are the flags to pass to it. 1567See the 1568.Xr amd 8 1569manpage for more information. 1570.It Va amd_map_program 1571.Pq Vt str 1572If set, 1573the specified program is run to get the list of 1574.Xr amd 8 1575maps. 1576For example, if the 1577.Xr amd 8 1578maps are stored in NIS, one can set this to 1579run 1580.Xr ypcat 1 1581to get a list of 1582.Xr amd 8 1583maps from the 1584.Pa amd.master 1585NIS map. 1586.It Va update_motd 1587.Pq Vt bool 1588If set to 1589.Dq Li YES , 1590.Pa /etc/motd 1591will be updated at boot time to reflect the kernel release 1592being run. 1593If set to 1594.Dq Li NO , 1595.Pa /etc/motd 1596will not be updated. 1597.It Va nfs_client_enable 1598.Pq Vt bool 1599If set to 1600.Dq Li YES , 1601run the NFS client daemons at boot time. 1602.It Va nfs_access_cache 1603.Pq Vt int 1604If 1605.Va nfs_client_enable 1606is set to 1607.Dq Li YES , 1608this can be set to 1609.Dq Li 0 1610to disable NFS ACCESS RPC caching, or to the number of seconds for which 1611NFS ACCESS 1612results should be cached. 1613A value of 2-10 seconds will substantially reduce network 1614traffic for many NFS operations. 1615.It Va nfs_server_enable 1616.Pq Vt bool 1617If set to 1618.Dq Li YES , 1619run the NFS server daemons at boot time. 1620.It Va nfs_server_flags 1621.Pq Vt str 1622If 1623.Va nfs_server_enable 1624is set to 1625.Dq Li YES , 1626these are the flags to pass to the 1627.Xr nfsd 8 1628daemon. 1629.It Va idmapd_enable 1630.Pq Vt bool 1631If set to 1632.Dq Li YES , 1633run the ID mapping daemon for NFS version 4. 1634.It Va idmapd_flags 1635.Pq Vt str 1636If 1637.Va idmapd_enable 1638is set to 1639.Dq Li YES , 1640these are the flags to pass to the 1641.Xr idmapd 8 1642daemon. 1643.It Va mountd_enable 1644.Pq Vt bool 1645If set to 1646.Dq Li YES , 1647and no 1648.Va nfs_server_enable 1649is set, start 1650.Xr mountd 8 , 1651but not 1652.Xr nfsd 8 1653daemon. 1654It is commonly needed to run CFS without real NFS used. 1655.It Va mountd_flags 1656.Pq Vt str 1657If 1658.Va mountd_enable 1659is set to 1660.Dq Li YES , 1661these are the flags to pass to the 1662.Xr mountd 8 1663daemon. 1664.It Va weak_mountd_authentication 1665.Pq Vt bool 1666If set to 1667.Dq Li YES , 1668allow services like PCNFSD to make non-privileged mount 1669requests. 1670.It Va nfs_reserved_port_only 1671.Pq Vt bool 1672If set to 1673.Dq Li YES , 1674provide NFS services only on a secure port. 1675.It Va nfs_bufpackets 1676.Pq Vt int 1677If set to a number, indicates the number of packets worth of 1678socket buffer space to reserve on an NFS client. 1679The kernel default is typically 4. 1680Using a higher number may be 1681useful on gigabit networks to improve performance. 1682The minimum value is 16832 and the maximum is 64. 1684.It Va rpc_lockd_enable 1685.Pq Vt bool 1686If set to 1687.Dq Li YES 1688and also an NFS server or client, run 1689.Xr rpc.lockd 8 1690at boot time. 1691.It Va rpc_statd_enable 1692.Pq Vt bool 1693If set to 1694.Dq Li YES 1695and also an NFS server or client, run 1696.Xr rpc.statd 8 1697at boot time. 1698.It Va rpcbind_program 1699.Pq Vt str 1700Path to 1701.Xr rpcbind 8 1702(default 1703.Pa /usr/sbin/rpcbind ) . 1704.It Va rpcbind_enable 1705.Pq Vt bool 1706If set to 1707.Dq Li YES , 1708run the 1709.Xr rpcbind 8 1710service at boot time. 1711.It Va rpcbind_flags 1712.Pq Vt str 1713If 1714.Va rpcbind_enable 1715is set to 1716.Dq Li YES , 1717these are the flags to pass to the 1718.Xr rpcbind 8 1719daemon. 1720.It Va keyserv_enable 1721.Pq Vt bool 1722If set to 1723.Dq Li YES , 1724run the 1725.Xr keyserv 8 1726daemon on boot for running Secure RPC. 1727.It Va keyserv_flags 1728.Pq Vt str 1729If 1730.Va keyserv_enable 1731is set to 1732.Dq Li YES , 1733these are the flags to pass to 1734.Xr keyserv 8 1735daemon. 1736.It Va pppoed_enable 1737.Pq Vt bool 1738If set to 1739.Dq Li YES , 1740run the 1741.Xr pppoed 8 1742daemon at boot time to provide PPP over Ethernet services. 1743.It Va pppoed_ Ns Aq Ar provider 1744.Pq Vt str 1745.Xr pppoed 8 1746listens to requests to this 1747.Ar provider 1748and ultimately runs 1749.Xr ppp 8 1750with a 1751.Ar system 1752argument of the same name. 1753.It Va pppoed_flags 1754.Pq Vt str 1755Additional flags to pass to 1756.Xr pppoed 8 . 1757.It Va pppoed_interface 1758.Pq Vt str 1759The network interface to run 1760.Xr pppoed 8 1761on. 1762This is mandatory when 1763.Va pppoed_enable 1764is set to 1765.Dq Li YES . 1766.It Va timed_enable 1767.Pq Vt bool 1768If set to 1769.Dq Li YES , 1770run the 1771.Xr timed 8 1772service at boot time. 1773This command is intended for networks of 1774machines where a consistent 1775.Dq "network time" 1776for all hosts must be established. 1777This is often useful in large NFS 1778environments where time stamps on files are expected to be consistent 1779network-wide. 1780.It Va timed_flags 1781.Pq Vt str 1782If 1783.Va timed_enable 1784is set to 1785.Dq Li YES , 1786these are the flags to pass to the 1787.Xr timed 8 1788service. 1789.It Va ntpdate_enable 1790.Pq Vt bool 1791If set to 1792.Dq Li YES , 1793run 1794.Xr ntpdate 8 1795at system startup. 1796This command is intended to 1797synchronize the system clock only 1798.Em once 1799from some standard reference. 1800An option to set this up initially 1801(from a list of known servers) is also provided by the 1802.Xr sysinstall 8 1803program when the system is first installed. 1804.It Va ntpdate_config 1805.Pq Vt str 1806Configuration file for 1807.Xr ntpdate 8 . 1808Default 1809.Pa /etc/ntp.conf . 1810.It Va ntpdate_hosts 1811.Pq Vt str 1812A whitespace-separated list of NTP servers to synchronize with at startup. 1813The default is to use the servers listed in 1814.Va ntpdate_config , 1815if that file exists. 1816.It Va ntpdate_program 1817.Pq Vt str 1818Path to 1819.Xr ntpdate 8 1820(default 1821.Pa /usr/sbin/ntpdate ) . 1822.It Va ntpdate_flags 1823.Pq Vt str 1824If 1825.Va ntpdate_enable 1826is set to 1827.Dq Li YES , 1828these are the flags to pass to the 1829.Xr ntpdate 8 1830command (typically a hostname). 1831.It Va ntpd_enable 1832.Pq Vt bool 1833If set to 1834.Dq Li YES , 1835run the 1836.Xr ntpd 8 1837command at boot time. 1838.It Va ntpd_program 1839.Pq Vt str 1840Path to 1841.Xr ntpd 8 1842(default 1843.Pa /usr/sbin/ntpd ) . 1844.It Va ntpd_config 1845.Pq Vt str 1846Path to 1847.Xr ntpd 8 1848configuration file. 1849Default 1850.Pa /etc/ntp.conf . 1851.It Va ntpd_flags 1852.Pq Vt str 1853If 1854.Va ntpd_enable 1855is set to 1856.Dq Li YES , 1857these are the flags to pass to the 1858.Xr ntpd 8 1859daemon. 1860.It Va ntpd_sync_on_start 1861.Pq Vt bool 1862If set to 1863.Dq Li YES , 1864.Xr ntpd 8 1865is run with the 1866.Fl g 1867flag, which syncs the system's clock on startup. 1868See 1869.Xr ntpd 8 1870for more information regarding the 1871.Fl g 1872option. 1873This is a preferred alternative to using 1874.Xr ntpdate 8 1875or specifying the 1876.Va ntpdate_enable 1877variable. 1878.It Va nis_client_enable 1879.Pq Vt bool 1880If set to 1881.Dq Li YES , 1882run the 1883.Xr ypbind 8 1884service at system boot time. 1885.It Va nis_client_flags 1886.Pq Vt str 1887If 1888.Va nis_client_enable 1889is set to 1890.Dq Li YES , 1891these are the flags to pass to the 1892.Xr ypbind 8 1893service. 1894.It Va nis_ypset_enable 1895.Pq Vt bool 1896If set to 1897.Dq Li YES , 1898run the 1899.Xr ypset 8 1900daemon at system boot time. 1901.It Va nis_ypset_flags 1902.Pq Vt str 1903If 1904.Va nis_ypset_enable 1905is set to 1906.Dq Li YES , 1907these are the flags to pass to the 1908.Xr ypset 8 1909daemon. 1910.It Va nis_server_enable 1911.Pq Vt bool 1912If set to 1913.Dq Li YES , 1914run the 1915.Xr ypserv 8 1916daemon at system boot time. 1917.It Va nis_server_flags 1918.Pq Vt str 1919If 1920.Va nis_server_enable 1921is set to 1922.Dq Li YES , 1923these are the flags to pass to the 1924.Xr ypserv 8 1925daemon. 1926.It Va nis_ypxfrd_enable 1927.Pq Vt bool 1928If set to 1929.Dq Li YES , 1930run the 1931.Xr rpc.ypxfrd 8 1932daemon at system boot time. 1933.It Va nis_ypxfrd_flags 1934.Pq Vt str 1935If 1936.Va nis_ypxfrd_enable 1937is set to 1938.Dq Li YES , 1939these are the flags to pass to the 1940.Xr rpc.ypxfrd 8 1941daemon. 1942.It Va nis_yppasswdd_enable 1943.Pq Vt bool 1944If set to 1945.Dq Li YES , 1946run the 1947.Xr rpc.yppasswdd 8 1948daemon at system boot time. 1949.It Va nis_yppasswdd_flags 1950.Pq Vt str 1951If 1952.Va nis_yppasswdd_enable 1953is set to 1954.Dq Li YES , 1955these are the flags to pass to the 1956.Xr rpc.yppasswdd 8 1957daemon. 1958.It Va rpc_ypupdated_enable 1959.Pq Vt bool 1960If set to 1961.Dq Li YES , 1962run the 1963.Nm rpc.ypupdated 1964daemon at system boot time. 1965.It Va bsnmpd_enable 1966.Pq Vt bool 1967If set to 1968.Dq Li YES , 1969run the 1970.Xr bsnmpd 1 1971daemon at system boot time. 1972Be sure to understand the security implications of running SNMP daemon 1973on your host. 1974.It Va bsnmpd_flags 1975.Pq Vt str 1976If 1977.Va bsnmpd_enable 1978is set to 1979.Dq Li YES , 1980these are the flags to pass to the 1981.Xr bsnmpd 1 1982daemon. 1983.It Va defaultrouter 1984.Pq Vt str 1985If not set to 1986.Dq Li NO , 1987create a default route to this host name or IP address 1988(use an IP address if this router is also required to get to the 1989name server!). 1990.It Va ipv6_defaultrouter 1991.Pq Vt str 1992The IPv6 equivalent of 1993.Va defaultrouter . 1994.It Va static_routes 1995.Pq Vt str 1996Set to the list of static routes that are to be added at system 1997boot time. 1998If not set to 1999.Dq Li NO 2000then for each whitespace separated 2001.Ar element 2002in the value, a 2003.Va route_ Ns Aq Ar element 2004variable is assumed to exist 2005whose contents will later be passed to a 2006.Dq Nm route Cm add 2007operation. 2008For example: 2009.Bd -literal 2010static_routes="mcast gif0local" 2011route_mcast="-net 224.0.0.0/4 -iface gif0" 2012route_gif0local="-host 169.254.1.1 -iface lo0" 2013.Ed 2014.It Va ipv6_static_routes 2015.Pq Vt str 2016The IPv6 equivalent of 2017.Va static_routes . 2018If not set to 2019.Dq Li NO 2020then for each whitespace separated 2021.Ar element 2022in the value, a 2023.Va ipv6_route_ Ns Aq Ar element 2024variable is assumed to exist 2025whose contents will later be passed to a 2026.Dq Nm route Cm add Fl inet6 2027operation. 2028.It Va natm_static_routes 2029.Pq Vt str 2030The 2031.Xr natmip 4 2032equivalent of 2033.Va static_routes . 2034If not empty then for each whitespace separated 2035.Ar element 2036in the value, a 2037.Va route_ Ns Aq Ar element 2038variable is assumed to exist whose contents will later be passed to a 2039.Dq Nm atmconfig Cm natm Cm add 2040operation. 2041.It Va gateway_enable 2042.Pq Vt bool 2043If set to 2044.Dq Li YES , 2045configure host to act as an IP router, e.g.\& to forward packets 2046between interfaces. 2047.It Va ipv6_gateway_enable 2048.Pq Vt bool 2049The IPv6 equivalent of 2050.Va gateway_enable . 2051.It Va router_enable 2052.Pq Vt bool 2053If set to 2054.Dq Li YES , 2055run a routing daemon of some sort, based on the 2056settings of 2057.Va router 2058and 2059.Va router_flags . 2060.It Va ipv6_router_enable 2061.Pq Vt bool 2062The IPv6 equivalent of 2063.Va router_enable . 2064If set to 2065.Dq Li YES , 2066run a routing daemon of some sort, based on the 2067settings of 2068.Va ipv6_router 2069and 2070.Va ipv6_router_flags . 2071.It Va router 2072.Pq Vt str 2073If 2074.Va router_enable 2075is set to 2076.Dq Li YES , 2077this is the name of the routing daemon to use. 2078.It Va ipv6_router 2079.Pq Vt str 2080The IPv6 equivalent of 2081.Va router . 2082.It Va router_flags 2083.Pq Vt str 2084If 2085.Va router_enable 2086is set to 2087.Dq Li YES , 2088these are the flags to pass to the routing daemon. 2089.It Va ipv6_router_flags 2090.Pq Vt str 2091The IPv6 equivalent of 2092.Va router_flags . 2093.It Va mrouted_enable 2094.Pq Vt bool 2095If set to 2096.Dq Li YES , 2097run the multicast routing daemon, 2098.Xr mrouted 8 . 2099.It Va mroute6d_enable 2100.Pq Vt bool 2101The IPv6 equivalent of 2102.Va mrouted_enable . 2103If set to 2104.Dq Li YES , 2105run the IPv6 multicast routing daemon. 2106.Pp 2107Note that multicast routing daemons are no longer included in the 2108.Fx 2109base system, however, both 2110.Xr mrouted 8 2111and 2112.Xr pim6dd 8 2113may be installed from the 2114.Fx 2115Ports Collection. 2116.It Va mrouted_flags 2117.Pq Vt str 2118If 2119.Va mrouted_enable 2120is set to 2121.Dq Li YES , 2122these are the flags to pass to the 2123.Xr mrouted 8 2124daemon. 2125.It Va mroute6d_flags 2126.Pq Vt str 2127The IPv6 equivalent of 2128.Va mrouted_flags . 2129If 2130.Va mroute6d_enable 2131is set to 2132.Dq Li YES , 2133these are the flags passed to the IPv6 multicast routing daemon. 2134.It Va mroute6d_program 2135.Pq Vt str 2136If 2137.Va mroute6d_enable 2138is set to 2139.Dq Li YES , 2140this is the path to the IPv6 multicast routing daemon. 2141.It Va rtadvd_enable 2142.Pq Vt bool 2143If set to 2144.Dq Li YES , 2145run the 2146.Xr rtadvd 8 2147daemon at boot time. 2148.Xr rtadvd 8 2149will only run if 2150.Va ipv6_gateway_enable 2151is also set to 2152.Dq Li YES . 2153The 2154.Xr rtadvd 8 2155utility sends router advertisement packets to the interfaces specified in 2156.Va rtadvd_interfaces 2157and should only be enabled with great care. 2158You may want to fine-tune 2159.Xr rtadvd.conf 5 . 2160.It Va rtadvd_interfaces 2161.Pq Vt str 2162If 2163.Va rtadvd_enable 2164is set to 2165.Dq Li YES 2166this is the list of interfaces to use. 2167.It Va ipxgateway_enable 2168.Pq Vt bool 2169If set to 2170.Dq Li YES , 2171enable the routing of IPX traffic. 2172.It Va ipxrouted_enable 2173.Pq Vt bool 2174If set to 2175.Dq Li YES , 2176run the 2177.Xr IPXrouted 8 2178daemon at system boot time. 2179.It Va ipxrouted_flags 2180.Pq Vt str 2181If 2182.Va ipxrouted_enable 2183is set to 2184.Dq Li YES , 2185these are the flags to pass to the 2186.Xr IPXrouted 8 2187daemon. 2188.It Va arpproxy_all 2189.Pq Vt bool 2190If set to 2191.Dq Li YES , 2192enable global proxy ARP. 2193.It Va forward_sourceroute 2194.Pq Vt bool 2195If set to 2196.Dq Li YES 2197and 2198.Va gateway_enable 2199is also set to 2200.Dq Li YES , 2201source-routed packets are forwarded. 2202.It Va accept_sourceroute 2203.Pq Vt bool 2204If set to 2205.Dq Li YES , 2206the system will accept source-routed packets directed at it. 2207.It Va rarpd_enable 2208.Pq Vt bool 2209If set to 2210.Dq Li YES , 2211run the 2212.Xr rarpd 8 2213daemon at system boot time. 2214.It Va rarpd_flags 2215.Pq Vt str 2216If 2217.Va rarpd_enable 2218is set to 2219.Dq Li YES , 2220these are the flags to pass to the 2221.Xr rarpd 8 2222daemon. 2223.It Va bootparamd_enable 2224.Pq Vt bool 2225If set to 2226.Dq Li YES , 2227run the 2228.Xr bootparamd 8 2229daemon at system boot time. 2230.It Va bootparamd_flags 2231.Pq Vt str 2232If 2233.Va bootparamd_enable 2234is set to 2235.Dq Li YES , 2236these are the flags to pass to the 2237.Xr bootparamd 8 2238daemon. 2239.It Va stf_interface_ipv4addr 2240.Pq Vt str 2241If not set to 2242.Dq Li NO , 2243this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2244interface). 2245Specify this entry to enable the 6to4 interface. 2246.It Va stf_interface_ipv4plen 2247.Pq Vt int 2248Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2249An effective value is 0-31. 2250.It Va stf_interface_ipv6_ifid 2251.Pq Vt str 2252IPv6 interface ID for 2253.Xr stf 4 . 2254This can be set to 2255.Dq Li AUTO . 2256.It Va stf_interface_ipv6_slaid 2257.Pq Vt str 2258IPv6 Site Level Aggregator for 2259.Xr stf 4 . 2260.It Va ipv6_faith_prefix 2261.Pq Vt str 2262If not set to 2263.Dq Li NO , 2264this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2265translator. 2266You also need 2267.Xr faithd 8 2268setup. 2269.It Va ipv6_ipv4mapping 2270.Pq Vt bool 2271If set to 2272.Dq Li YES 2273this enables IPv4 mapped IPv6 address communication (like 2274.Li ::ffff:a.b.c.d ) . 2275.It Va atm_enable 2276.Pq Vt bool 2277Set to 2278.Dq Li YES 2279to enable the configuration of ATM interfaces at system boot time. 2280For all of the ATM variables described below, please refer to the 2281.Xr atm 8 2282manual page for further details on the available command parameters. 2283Also refer to the files in 2284.Pa /usr/share/examples/atm 2285for more detailed configuration information. 2286.It Va atm_load 2287.Pq Vt str 2288This is a list of physical ATM interface drivers to load. 2289Typical values are 2290.Dq Li hfa_pci 2291and/or 2292.Dq Li hea_pci . 2293.It Va atm_netif_ Ns Aq Ar intf 2294.Pq Vt str 2295For the ATM physical interface 2296.Ar intf , 2297this variable defines the name prefix and count for the ATM network 2298interfaces to be created. 2299The value will be passed as the parameters of an 2300.Dq Nm atm Cm "set netif" Ar intf 2301command. 2302.It Va atm_sigmgr_ Ns Aq Ar intf 2303.Pq Vt str 2304For the ATM physical interface 2305.Ar intf , 2306this variable defines the ATM signalling manager to be used. 2307The value will be passed as the parameters of an 2308.Dq Nm atm Cm attach Ar intf 2309command. 2310.It Va atm_prefix_ Ns Aq Ar intf 2311.Pq Vt str 2312For the ATM physical interface 2313.Ar intf , 2314this variable defines the NSAP prefix for interfaces using a UNI signalling 2315manager. 2316If set to 2317.Dq Li ILMI , 2318the prefix will automatically be set via the 2319.Xr ilmid 8 2320daemon. 2321Otherwise, the value will be passed as the parameters of an 2322.Dq Nm atm Cm "set prefix" Ar intf 2323command. 2324.It Va atm_macaddr_ Ns Aq Ar intf 2325.Pq Vt str 2326For the ATM physical interface 2327.Ar intf , 2328this variable defines the MAC address for interfaces using a UNI signalling 2329manager. 2330If set to 2331.Dq Li NO , 2332the hardware MAC address contained in the ATM interface card will be used. 2333Otherwise, the value will be passed as the parameters of an 2334.Dq Nm atm Cm "set mac" Ar intf 2335command. 2336.It Va atm_arpserver_ Ns Aq Ar netif 2337.Pq Vt str 2338For the ATM network interface 2339.Ar netif , 2340this variable defines the ATM address for a host which is to provide ATMARP 2341service. 2342This variable is only applicable to interfaces using a UNI signalling 2343manager. 2344If set to 2345.Dq Li local , 2346this host will become an ATMARP server. 2347The value will be passed as the parameters of an 2348.Dq Nm atm Cm "set arpserver" Ar netif 2349command. 2350.It Va atm_scsparp_ Ns Aq Ar netif 2351.Pq Vt bool 2352If set to 2353.Dq Li YES , 2354SCSP/ATMARP service for the network interface 2355.Ar netif 2356will be initiated using the 2357.Xr scspd 8 2358and 2359.Xr atmarpd 8 2360daemons. 2361This variable is only applicable if 2362.Va atm_arpserver_ Ns Aq Ar netif 2363is set to 2364.Dq Li local . 2365.It Va atm_pvcs 2366.Pq Vt str 2367Set to the list of ATM PVCs to be added at system 2368boot time. 2369For each whitespace separated 2370.Ar element 2371in the value, an 2372.Va atm_pvc_ Ns Aq Ar element 2373variable is assumed to exist. 2374The value of each of these variables 2375will be passed as the parameters of an 2376.Dq Nm atm Cm "add pvc" 2377command. 2378.It Va atm_arps 2379.Pq Vt str 2380Set to the list of permanent ATM ARP entries to be added 2381at system boot time. 2382For each whitespace separated 2383.Ar element 2384in the value, an 2385.Va atm_arp_ Ns Aq Ar element 2386variable is assumed to exist. 2387The value of each of these variables 2388will be passed as the parameters of an 2389.Dq Nm atm Cm "add arp" 2390command. 2391.It Va natm_interfaces 2392.Pq Vt str 2393Set to the list of 2394.Xr natm 4 2395interfaces that will also be used for HARP through 2396.Xr harp 4 . 2397If this list is not empty all interfaces in the list will be brought up 2398with 2399.Xr ifconfig 8 2400and 2401.Xr harp 4 2402will be loaded. 2403For this to work the interface drivers must be either compiled into the 2404kernel or must reside on the root partition. 2405.It Va keybell 2406.Pq Vt str 2407The keyboard bell sound. 2408Set to 2409.Dq Li normal , 2410.Dq Li visual , 2411.Dq Li off , 2412or 2413.Dq Li NO 2414if the default behavior is desired. 2415For details, refer to the 2416.Xr kbdcontrol 1 2417manpage. 2418.It Va keyboard 2419.Pq Vt str 2420If set to a non-null string, the virtual console's keyboard input is 2421set to this device. 2422.It Va keymap 2423.Pq Vt str 2424If set to 2425.Dq Li NO , 2426no keymap is installed, otherwise the value is used to install 2427the keymap file in 2428.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2429.It Va keyrate 2430.Pq Vt str 2431The keyboard repeat speed. 2432Set to 2433.Dq Li slow , 2434.Dq Li normal , 2435.Dq Li fast , 2436or 2437.Dq Li NO 2438if the default behavior is desired. 2439.It Va keychange 2440.Pq Vt str 2441If not set to 2442.Dq Li NO , 2443attempt to program the function keys with the value. 2444The value should 2445be a single string of the form: 2446.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2447.It Va cursor 2448.Pq Vt str 2449Can be set to the value of 2450.Dq Li normal , 2451.Dq Li blink , 2452.Dq Li destructive , 2453or 2454.Dq Li NO 2455to set the cursor behavior explicitly or choose the default behavior. 2456.It Va scrnmap 2457.Pq Vt str 2458If set to 2459.Dq Li NO , 2460no screen map is installed, otherwise the value is used to install 2461the screen map file in 2462.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2463.It Va font8x16 2464.Pq Vt str 2465If set to 2466.Dq Li NO , 2467the default 8x16 font value is used for screen size requests, otherwise 2468the value in 2469.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2470is used. 2471.It Va font8x14 2472.Pq Vt str 2473If set to 2474.Dq Li NO , 2475the default 8x14 font value is used for screen size requests, otherwise 2476the value in 2477.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2478is used. 2479.It Va font8x8 2480.Pq Vt str 2481If set to 2482.Dq Li NO , 2483the default 8x8 font value is used for screen size requests, otherwise 2484the value in 2485.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2486is used. 2487.It Va blanktime 2488.Pq Vt int 2489If set to 2490.Dq Li NO , 2491the default screen blanking interval is used, otherwise it is set 2492to 2493.Ar value 2494seconds. 2495.It Va saver 2496.Pq Vt str 2497If not set to 2498.Dq Li NO , 2499this is the actual screen saver to use 2500.Li ( blank , snake , daemon , 2501etc). 2502.It Va moused_nondefault_enable 2503.Pq Vt str 2504If set to 2505.Dq Li NO , 2506the mouse device specified on 2507the command line is not automatically treated as enabled by the 2508.Pa /etc/rc.d/moused 2509script. 2510Having this variable set to 2511.Dq Li YES 2512allows a 2513.Xr usb 4 2514mouse, 2515for example, 2516to be enabled as soon as it is plugged in. 2517.It Va moused_enable 2518.Pq Vt str 2519If set to 2520.Dq Li YES , 2521the 2522.Xr moused 8 2523daemon is started for doing cut/paste selection on the console. 2524.It Va moused_type 2525.Pq Vt str 2526This is the protocol type of the mouse connected to this host. 2527This variable must be set if 2528.Va moused_enable 2529is set to 2530.Dq Li YES . 2531The 2532.Xr moused 8 2533daemon 2534is able to detect the appropriate mouse type automatically in many cases. 2535Set this variable to 2536.Dq Li auto 2537to let the daemon detect it, or 2538select one from the following list if the automatic detection fails. 2539.Pp 2540If the mouse is attached to the PS/2 mouse port, choose 2541.Dq Li auto 2542or 2543.Dq Li ps/2 , 2544regardless of the brand and model of the mouse. 2545Likewise, if the 2546mouse is attached to the bus mouse port, choose 2547.Dq Li auto 2548or 2549.Dq Li busmouse . 2550All other protocols are for serial mice and will not work with 2551the PS/2 and bus mice. 2552If this is a USB mouse, 2553.Dq Li auto 2554is the only protocol type which will work. 2555.Pp 2556.Bl -tag -width ".Li x10mouseremote" -compact 2557.It Li microsoft 2558Microsoft mouse (serial) 2559.It Li intellimouse 2560Microsoft IntelliMouse (serial) 2561.It Li mousesystems 2562Mouse systems Corp.\& mouse (serial) 2563.It Li mmseries 2564MM Series mouse (serial) 2565.It Li logitech 2566Logitech mouse (serial) 2567.It Li busmouse 2568A bus mouse 2569.It Li mouseman 2570Logitech MouseMan and TrackMan (serial) 2571.It Li glidepoint 2572ALPS GlidePoint (serial) 2573.It Li thinkingmouse 2574Kensington ThinkingMouse (serial) 2575.It Li ps/2 2576PS/2 mouse 2577.It Li mmhittab 2578MM HitTablet (serial) 2579.It Li x10mouseremote 2580X10 MouseRemote (serial) 2581.It Li versapad 2582Interlink VersaPad (serial) 2583.El 2584.Pp 2585Even if the mouse is not in the above list, it may be compatible 2586with one in the list. 2587Refer to the manual page for 2588.Xr moused 8 2589for compatibility information. 2590.Pp 2591It should also be noted that while this is enabled, any 2592other client of the mouse (such as an X server) should access 2593the mouse through the virtual mouse device, 2594.Pa /dev/sysmouse , 2595and configure it as a 2596.Dq Li sysmouse 2597type mouse, since all 2598mouse data is converted to this single canonical format when 2599using 2600.Xr moused 8 . 2601If the client program does not support the 2602.Dq Li sysmouse 2603type, 2604specify the 2605.Dq Li mousesystems 2606type. 2607It is the second preferred type. 2608.It Va moused_port 2609.Pq Vt str 2610If 2611.Va moused_enable 2612is set to 2613.Dq Li YES , 2614this is the actual port the mouse is on. 2615It might be 2616.Pa /dev/cuad0 2617for a COM1 serial mouse, 2618.Pa /dev/psm0 2619for a PS/2 mouse or 2620.Pa /dev/mse0 2621for a bus mouse, for example. 2622.It Va moused_flags 2623.Pq Vt str 2624If 2625.Va moused_type 2626is set, these are the additional flags to pass to the 2627.Xr moused 8 2628daemon. 2629.It Va mousechar_start 2630.Pq Vt int 2631If set to 2632.Dq Li NO , 2633the default mouse cursor character range 2634.Li 0xd0 Ns - Ns Li 0xd3 2635is used, 2636otherwise the range start is set 2637to 2638.Ar value 2639character, see 2640.Xr vidcontrol 1 . 2641Use if the default range is occupied in the language code table. 2642.It Va allscreens_flags 2643.Pq Vt str 2644If set, 2645.Xr vidcontrol 1 2646is run with these options for each of the virtual terminals 2647.Pq Pa /dev/ttyv* . 2648For example, 2649.Dq Fl m Cm on 2650will enable the mouse pointer on all virtual terminals 2651if 2652.Va moused_enable 2653is set to 2654.Dq Li YES . 2655.It Va allscreens_kbdflags 2656.Pq Vt str 2657If set, 2658.Xr kbdcontrol 1 2659is run with these options for each of the virtual terminals 2660.Pq Pa /dev/ttyv* . 2661For example, 2662.Dq Fl h Li 200 2663will set the 2664.Xr syscons 4 2665scrollback (history) buffer to 200 lines. 2666.It Va cron_enable 2667.Pq Vt bool 2668If set to 2669.Dq Li YES , 2670run the 2671.Xr cron 8 2672daemon at system boot time. 2673.It Va cron_program 2674.Pq Vt str 2675Path to 2676.Xr cron 8 2677(default 2678.Pa /usr/sbin/cron ) . 2679.It Va cron_flags 2680.Pq Vt str 2681If 2682.Va cron_enable 2683is set to 2684.Dq Li YES , 2685these are the flags to pass to 2686.Xr cron 8 . 2687.It Va cron_dst 2688.Pq Vt bool 2689If set to 2690.Dq Li YES , 2691enable the special handling of transitions to and from the 2692Daylight Saving Time in 2693.Xr cron 8 2694(equivalent to using the flag 2695.Fl s ) . 2696.It Va lpd_program 2697.Pq Vt str 2698Path to 2699.Xr lpd 8 2700(default 2701.Pa /usr/sbin/lpd ) . 2702.It Va lpd_enable 2703.Pq Vt bool 2704If set to 2705.Dq Li YES , 2706run the 2707.Xr lpd 8 2708daemon at system boot time. 2709.It Va lpd_flags 2710.Pq Vt str 2711If 2712.Va lpd_enable 2713is set to 2714.Dq Li YES , 2715these are the flags to pass to the 2716.Xr lpd 8 2717daemon. 2718.It Va chkprintcap_enable 2719.Pq Vt bool 2720If set to 2721.Dq Li YES , 2722run the 2723.Xr chkprintcap 8 2724command before starting the 2725.Xr lpd 8 2726daemon. 2727.It Va chkprintcap_flags 2728.Pq Vt str 2729If 2730.Va lpd_enable 2731and 2732.Va chkprintcap_enable 2733are set to 2734.Dq Li YES , 2735these are the flags to pass to the 2736.Xr chkprintcap 8 2737program. 2738The default is 2739.Dq Li -d , 2740which causes missing directories to be created. 2741.It Va mta_start_script 2742.Pq Vt str 2743This variable specifies the full path to the script to run to start 2744a mail transfer agent. 2745The default is 2746.Pa /etc/rc.sendmail . 2747The 2748.Va sendmail_* 2749variables which 2750.Pa /etc/rc.sendmail 2751uses are documented in the 2752.Xr rc.sendmail 8 2753manual page. 2754.It Va dumpdev 2755.Pq Vt str 2756Indicates the device (usually a swap partition) to which a crash dump 2757should be written in the event of a system crash. 2758If the value of this variable is 2759.Dq Li AUTO , 2760the first suitable swap device listed in 2761.Pa /etc/fstab 2762will be used as dump device. 2763Otherwise, the value of this variable is passed as the argument to 2764.Xr dumpon 8 . 2765To disable crash dumps, set this variable to 2766.Dq Li NO . 2767.It Va dumpdir 2768.Pq Vt str 2769When the system reboots after a crash and a crash dump is found on the 2770device specified by the 2771.Va dumpdev 2772variable, 2773.Xr savecore 8 2774will save that crash dump and a copy of the kernel to the directory 2775specified by the 2776.Va dumpdir 2777variable. 2778The default value is 2779.Pa /var/crash . 2780Set to 2781.Dq Li NO 2782to not run 2783.Xr savecore 8 2784at boot time when 2785.Va dumpdir 2786is set. 2787.It Va savecore_flags 2788.Pq Vt str 2789If crash dumps are enabled, these are the flags to pass to the 2790.Xr savecore 8 2791utility. 2792.It Va enable_quotas 2793.Pq Vt bool 2794Set to 2795.Dq Li YES 2796to turn on user and group disk quotas on system startup via the 2797.Xr quotaon 8 2798command for all file systems marked as having quotas enabled in 2799.Pa /etc/fstab . 2800The kernel must be built with 2801.Cd "options QUOTA" 2802for disk quotas to function. 2803.It Va check_quotas 2804.Pq Vt bool 2805Set to 2806.Dq Li YES 2807to enable user and group disk quota checking via the 2808.Xr quotacheck 8 2809command. 2810.It Va quotacheck_flags 2811.Pq Vt str 2812If 2813.Va enable_quotas 2814is set to 2815.Dq Li YES , 2816and 2817.Va check_quotas 2818is set to 2819.Dq Li YES , 2820these are the flags to pass to the 2821.Xr quotacheck 8 2822utility. 2823The default is 2824.Dq Li "-a" , 2825which checks quotas for all file systems with quotas enabled in 2826.Pa /etc/fstab . 2827.It Va quotaon_flags 2828.Pq Vt str 2829If 2830.Va enable_quotas 2831is set to 2832.Dq Li YES , 2833these are the flags to pass to the 2834.Xr quotaon 8 2835utility. 2836The default is 2837.Dq Li "-a" , 2838which enables quotas for all file systems with quotas enabled in 2839.Pa /etc/fstab . 2840.It Va quotaoff_flags 2841.Pq Vt str 2842If 2843.Va enable_quotas 2844is set to 2845.Dq Li YES , 2846these are the flags to pass to the 2847.Xr quotaoff 8 2848utility when shutting down the quota system. 2849The default is 2850.Dq Li "-a" , 2851which disables quotas for all file systems with quotas enabled in 2852.Pa /etc/fstab . 2853.It Va accounting_enable 2854.Pq Vt bool 2855Set to 2856.Dq Li YES 2857to enable system accounting through the 2858.Xr accton 8 2859facility. 2860.It Va ibcs2_enable 2861.Pq Vt bool 2862Set to 2863.Dq Li YES 2864to enable iBCS2 (SCO) binary emulation at system initial boot 2865time. 2866.It Va ibcs2_loaders 2867.Pq Vt str 2868If not set to 2869.Dq Li NO 2870and if 2871.Va ibcs2_enable 2872is set to 2873.Dq Li YES , 2874this specifies a list of additional iBCS2 loaders to enable. 2875.It Va linux_enable 2876.Pq Vt bool 2877Set to 2878.Dq Li YES 2879to enable Linux/ELF binary emulation at system initial 2880boot time. 2881.It Va svr4_enable 2882.Pq Vt bool 2883If set to 2884.Dq Li YES , 2885enable SysVR4 emulation at boot time. 2886.It Va sysvipc_enable 2887.Pq Vt bool 2888If set to 2889.Dq Li YES , 2890load System V IPC primitives at boot time. 2891.It Va clear_tmp_enable 2892.Pq Vt bool 2893Set to 2894.Dq Li YES 2895to have 2896.Pa /tmp 2897cleaned at startup. 2898.It Va clear_tmp_X 2899.Pq Vt bool 2900Set to 2901.Dq Li NO 2902to disable removing of X11 lock files, 2903and the removal and (secure) recreation 2904of the various socket directories for X11 2905related programs. 2906.It Va ldconfig_paths 2907.Pq Vt str 2908Set to the list of shared library paths to use with 2909.Xr ldconfig 8 . 2910NOTE: 2911.Pa /usr/lib 2912will always be added first, so it need not appear in this list. 2913.It Va ldconfig32_paths 2914.Pq Vt str 2915Set to the list of 32-bit compatibility shared library paths to 2916use with 2917.Xr ldconfig 8 . 2918.It Va ldconfig_paths_aout 2919.Pq Vt str 2920Set to the list of shared library paths to use with 2921.Xr ldconfig 8 2922legacy 2923.Xr a.out 5 2924support. 2925.It Va ldconfig_insecure 2926.Pq Vt bool 2927The 2928.Xr ldconfig 8 2929utility normally refuses to use directories 2930which are writable by anyone except root. 2931Set this variable to 2932.Dq Li YES 2933to disable that security check during system startup. 2934.It Va ldconfig_local_dirs 2935.Pq Vt str 2936Set to the list of local 2937.Xr ldconfig 8 2938directories. 2939The names of all files in the directories listed will be 2940passed as arguments to 2941.Xr ldconfig 8 . 2942.It Va ldconfig_local32_dirs 2943.Pq Vt str 2944Set to the list of local 32-bit compatibility 2945.Xr ldconfig 8 2946directories. 2947The names of all files in the directories listed will be 2948passed as arguments to 2949.Dq Nm ldconfig Fl 32 . 2950.It Va kern_securelevel_enable 2951.Pq Vt bool 2952Set to 2953.Dq Li YES 2954to set the kernel security level at system startup. 2955.It Va kern_securelevel 2956.Pq Vt int 2957The kernel security level to set at startup. 2958The allowed range of 2959.Ar value 2960ranges from \-1 (the compile time default) to 3 (the 2961most secure). 2962See 2963.Xr init 8 2964for the list of possible security levels and their effect 2965on system operation. 2966.It Va sshd_program 2967.Pq Vt str 2968Path to the SSH server program 2969.Pa ( /usr/sbin/sshd 2970is the default). 2971.It Va sshd_enable 2972.Pq Vt bool 2973Set to 2974.Dq Li YES 2975to start 2976.Xr sshd 8 2977at system boot time. 2978.It Va sshd_flags 2979.Pq Vt str 2980If 2981.Va sshd_enable 2982is set to 2983.Dq Li YES , 2984these are the flags to pass to the 2985.Xr sshd 8 2986daemon. 2987.It Va ftpd_program 2988.Pq Vt str 2989Path to the FTP server program 2990.Pa ( /usr/libexec/ftpd 2991is the default). 2992.It Va ftpd_enable 2993.Pq Vt bool 2994Set to 2995.Dq Li YES 2996to start 2997.Xr ftpd 8 2998as a stand-alone daemon at system boot time. 2999.It Va ftpd_flags 3000.Pq Vt str 3001If 3002.Va ftpd_enable 3003is set to 3004.Dq Li YES , 3005these are the additional flags to pass to the 3006.Xr ftpd 8 3007daemon. 3008.It Va watchdogd_enable 3009.Pq Vt bool 3010If set to 3011.Dq Li YES , 3012start the 3013.Xr watchdogd 8 3014daemon at boot time. 3015This requires that the kernel have been compiled with a 3016.Xr watchdog 4 3017compatible device. 3018.It Va watchdogd_flags 3019.Pq Vt str 3020If 3021.Va watchdogd_enable 3022is set to 3023.Dq Li YES , 3024these are the flags passed to the 3025.Xr watchdogd 8 3026daemon. 3027.It Va performance_cx_lowest 3028.Pq Vt str 3029CPU idle state to use while on AC power. 3030The string 3031.Dq Li LOW 3032indicates that 3033.Xr acpi 4 3034should use the lowest power state available while 3035.Dq Li HIGH 3036indicates that the lowest latency state (less power savings) should be used. 3037.It Va performance_cpu_freq 3038.Pq Vt str 3039CPU clock frequency to use while on AC power. 3040The string 3041.Dq Li LOW 3042indicates that 3043.Xr cpufreq 4 3044should use the lowest frequency available while 3045.Dq Li HIGH 3046indicates that the highest frequency (less power savings) should be used. 3047.It Va economy_cx_lowest 3048.Pq Vt str 3049CPU idle state to use when off AC power. 3050The string 3051.Dq Li LOW 3052indicates that 3053.Xr acpi 4 3054should use the lowest power state available while 3055.Dq Li HIGH 3056indicates that the lowest latency state (less power savings) should be used. 3057.It Va economy_cpu_freq 3058.Pq Vt str 3059CPU clock frequency to use when off AC power. 3060The string 3061.Dq Li LOW 3062indicates that 3063.Xr cpufreq 4 3064should use the lowest frequency available while 3065.Dq Li HIGH 3066indicates that the highest frequency (less power savings) should be used. 3067.It Va jail_enable 3068.Pq Vt bool 3069If set to 3070.Dq Li NO , 3071any configured jails will not be started. 3072.It Va jail_list 3073.Pq Vt str 3074A space separated list of names for jails. 3075This is purely a configuration aid to help identify and 3076configure multiple jails. 3077The names specified in this list will be used to 3078identify settings common to an instance of a jail. 3079Assuming that the jail in question was named 3080.Li vjail , 3081you would have the following dependent variables: 3082.Bd -literal 3083jail_vjail_hostname="jail.example.com" 3084jail_vjail_ip="192.168.1.100" 3085jail_vjail_rootdir="/var/jails/vjail/root" 3086.Ed 3087.Pp 3088.It Va jail_flags 3089.Pq Vt str 3090Unset by default. 3091When set, use as default value for 3092.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3093for every jail in 3094.Va jail_list . 3095.It Va jail_interface 3096.Pq Vt str 3097Unset by default. 3098When set, use as default value for 3099.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3100for every jail in 3101.Va jail_list . 3102.It Va jail_fstab 3103.Pq Vt str 3104Unset by default. 3105When set, use as default value for 3106.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3107for every jail in 3108.Va jail_list . 3109.It Va jail_mount_enable 3110.Pq Vt bool 3111Set to 3112.Dq Li NO 3113by default. 3114When set to 3115.Dq Li YES , 3116sets 3117.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3118to 3119.Dq Li YES 3120by default for every jail in 3121.Va jail_list . 3122.It Va jail_devfs_ruleset 3123.Pq Vt str 3124Unset by default. 3125When set, sets 3126.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3127to given value for every jail in 3128.Va jail_list . 3129.It Va jail_devfs_enable 3130.Pq Vt bool 3131Set to 3132.Dq Li NO 3133by default. 3134When set to 3135.Dq Li YES , 3136sets 3137.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3138to 3139.Dq Li YES 3140by default for every jail in 3141.Va jail_list . 3142.It Va jail_fdescfs_enable 3143.Pq Vt bool 3144Set to 3145.Dq Li NO 3146by default. 3147When set to 3148.Dq Li YES , 3149sets 3150.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3151to 3152.Dq Li YES 3153by default for every jail in 3154.Va jail_list . 3155.It Va jail_procfs_enable 3156.Pq Vt bool 3157Set to 3158.Dq Li NO 3159by default. 3160When set to 3161.Dq Li YES , 3162sets 3163.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3164to 3165.Dq Li YES 3166by default for every jail in 3167.Va jail_list . 3168.It Va jail_exec_start 3169.Pq Vt str 3170Unset by default. 3171When set, use as default value for 3172.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3173for every jail in 3174.Va jail_list . 3175.It Va jail_exec_afterstart Ns Aq Ar N 3176.Pq Vt str 3177Unset by default. 3178When set, use as default value for 3179.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3180for every jail in 3181.Va jail_list . 3182.It Va jail_exec_stop 3183Unset by default. 3184When set, use as default value for 3185.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3186for every jail in 3187.Va jail_list . 3188.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3189.Pq Vt str 3190Unset by default. 3191Set to the root directory used by jail 3192.Va jname . 3193.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3194.Pq Vt str 3195Unset by default. 3196Set to the fully qualified domain name (FQDN) assigned to jail 3197.Va jname . 3198.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3199.Pq Vt str 3200Unset by default. 3201Set to the IP address assigned to jail 3202.Va jname . 3203.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3204.Pq Vt str 3205Set to 3206.Dq Li -l -U root 3207by default. 3208These are flags to pass to 3209.Xr jail . 3210.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3211.Pq Vt str 3212Unset by default. 3213When set, sets the interface to use when setting IP address alias. 3214Note that the alias is created at jail startup and removed at jail shutdown. 3215.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3216.Pq Vt str 3217Set to 3218.Pa /etc/fstab. Ns Aq Ar jname 3219by default. 3220This is the file system information file to use for jail 3221.Va jname . 3222.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3223.Pq Vt bool 3224Set to 3225.Dq Li NO 3226by default. 3227When set to 3228.Dq Li YES , 3229mount all file systems from 3230.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3231at jail startup. 3232.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3233.Pq Vt str 3234Unset by default. 3235When set, defines the device file system ruleset file to use for jail 3236.Va jname . 3237.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3238.Pq Vt bool 3239Set to 3240.Dq Li NO 3241by default. 3242When set to 3243.Dq Li YES , 3244mount the device file system inside jail 3245.Ar jname 3246at jail startup. 3247.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3248.Pq Vt bool 3249Set to 3250.Dq Li NO 3251by default. 3252When set to 3253.Dq Li YES , 3254mount the file-descriptor file system inside jail 3255.Ar jname 3256at jail startup. 3257.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3258.Pq Vt bool 3259Set to 3260.Dq Li NO 3261by default. 3262When set to 3263.Dq Li YES , 3264mount the process file system inside jail 3265.Ar jname 3266at jail startup. 3267.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3268.Pq Vt str 3269Set to 3270.Dq Li /bin/sh /etc/rc 3271by default. 3272This is the command executed at jail startup. 3273.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3274.Pq Vt str 3275Unset by default. 3276This is the command run as 3277.Ar N Ns 3278th command 3279after jail startup, where 3280.Ar N 3281is 1, 2, and so on. 3282.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3283.Pq Vt str 3284Set to 3285.Dq Li /bin/sh /etc/rc.shutdown 3286by default. 3287This is the command executed at jail shutdown. 3288.It Va jail_set_hostname_allow 3289.Pq Vt bool 3290If set to 3291.Dq Li NO , 3292do not allow the root user in a jail to set its hostname. 3293.It Va jail_socket_unixiproute_only 3294.Pq Vt bool 3295If set to 3296.Dq Li YES , 3297do not allow any sockets, 3298besides UNIX/IP/route sockets, 3299to be used within a jail. 3300.It Va jail_sysvipc_allow 3301.Pq Vt bool 3302If set to 3303.Dq Li YES , 3304allow applications within a jail to use System V IPC. 3305.\" ----- ISDN settings --------------------------------- 3306.It Va isdn_enable 3307.Pq Vt bool 3308Set to 3309.Dq Li NO 3310by default. 3311When set to 3312.Dq Li YES , 3313starts the 3314.Xr isdnd 8 3315daemon 3316at system boot time. 3317.It Va isdn_flags 3318.Pq Vt str 3319Set to 3320.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9 3321by default. 3322Additional flags to pass to 3323.Xr isdnd 8 3324(but see 3325.Va isdn_fsdev 3326and 3327.Va isdn_ttype 3328for certain tunable parameters). 3329.It Va isdn_ttype 3330.Pq Vt str 3331Set to 3332.Dq Li cons25 3333by default. 3334The terminal type of the output device when 3335.Xr isdnd 8 3336operates in full-screen mode. 3337.It Va isdn_screenflags 3338.Pq Vt str 3339Set to 3340.Dq Li NO 3341by default. 3342The video mode for full-screen mode (only for 3343.Xr syscons 4 3344console driver, see 3345.Xr vidcontrol 1 3346for valid modes). 3347.It Va isdn_fsdev 3348.Pq Vt str 3349Set to 3350.Dq Li NO 3351by default. 3352The output device for 3353.Xr isdnd 8 3354in full-screen mode (or 3355.Dq Li NO 3356for daemon mode). 3357.It Va isdn_trace 3358.Pq Vt bool 3359Set to 3360.Dq Li NO 3361by default. 3362When set to 3363.Dq Li YES , 3364enables the ISDN protocol trace utility 3365.Xr isdntrace 8 3366at system boot time. 3367.It Va isdn_traceflags 3368.Pq Vt str 3369Set to 3370.Dq Fl f Pa /var/tmp/isdntrace0 3371by default. 3372Flags for 3373.Xr isdntrace 8 . 3374.\" ----------------------------------------------------- 3375.It Va harvest_interrupt 3376.Pq Vt bool 3377Set to 3378.Dq Li YES 3379to use hardware interrupts as an entropy source. 3380Refer to 3381.Xr random 4 3382for more information. 3383.It Va harvest_ethernet 3384.Pq Vt bool 3385Set to 3386.Dq Li YES 3387to use LAN traffic as an entropy source. 3388Refer to 3389.Xr random 4 3390for more information. 3391.It Va harvest_p_to_p 3392.Pq Vt bool 3393Set to 3394.Dq Li YES 3395to use serial line traffic as an entropy source. 3396Refer to 3397.Xr random 4 3398for more information. 3399.It Va entropy_dir 3400.Pq Vt str 3401Set to 3402.Dq Li NO 3403to disable caching entropy via 3404.Xr cron 8 . 3405Otherwise set to the directory used to store entropy files in. 3406.It Va entropy_file 3407.Pq Vt str 3408Set to 3409.Dq Li NO 3410to disable caching entropy through reboots. 3411Otherwise set to the filename used to store cached entropy through 3412reboots. 3413This file should be located on the root file system to seed the 3414.Xr random 4 3415device as early as possible in the boot process. 3416.It Va entropy_save_sz 3417.Pq Vt int 3418Size of the entropy cache files saved by 3419.Nm save-entropy 3420periodically. 3421.It Va entropy_save_num 3422.Pq Vt int 3423Number of entropy cache files to save by 3424.Nm save-entropy 3425periodically. 3426.It Va ipsec_enable 3427.Pq Vt bool 3428Set to 3429.Dq Li YES 3430to run 3431.Xr setkey 8 3432on 3433.Va ipsec_file 3434at boot time. 3435.It Va ipsec_file 3436.Pq Vt str 3437Configuration file for 3438.Xr setkey 8 . 3439.It Va dmesg_enable 3440.Pq Vt bool 3441Set to 3442.Dq Li YES 3443to save 3444.Xr dmesg 8 3445to 3446.Pa /var/run/dmesg.boot 3447on boot. 3448.It Va rcshutdown_timeout 3449.Pq Vt int 3450If set, start a watchdog timer in the background which will terminate 3451.Pa rc.shutdown 3452if 3453.Xr shutdown 8 3454has not completed within the specified time (in seconds). 3455Notice that in addition to this soft timeout, 3456.Xr init 8 3457also applies a hard timeout for the execution of 3458.Pa rc.shutdown . 3459This is configured via 3460.Xr sysctl 8 3461variable 3462.Va kern.init_shutdown_timeout 3463and defaults to 120 seconds. 3464Setting the value of 3465.Va rcshutdown_timeout 3466to more than 120 seconds will have no effect until the 3467.Xr sysctl 8 3468variable 3469.Va kern.init_shutdown_timeout 3470is also increased. 3471.It Va virecover_enable 3472.Pq Vt bool 3473Set to 3474.Dq Li NO 3475to prevent the system from trying to 3476recover pre-maturely terminated 3477.Xr vi 1 3478sessions. 3479.It Va ugidfw_enable 3480.Pq Vt bool 3481Set to 3482.Dq Li YES 3483to load the 3484.Xr mac_bsdextended 4 3485module upon system initialization and load a default 3486ruleset file. 3487.It Va bsdextended_script 3488.Pq Vt str 3489The default 3490.Xr mac_bsdextended 4 3491ruleset file to load. 3492The default value of this variable is 3493.Pa /etc/rc.bsdextended . 3494.It Va newsyslog_enable 3495.Pq Vt bool 3496If set to 3497.Dq Li YES , 3498run 3499.Xr newsyslog 8 3500command at startup. 3501.It Va newsyslog_flags 3502.Pq Vt str 3503If 3504.Va newsyslog_enable 3505is set to 3506.Dq Li YES , 3507these are the flags to pass to the 3508.Xr newsyslog 8 3509program. 3510The default is 3511.Dq Li -CN , 3512which causes log files flagged with a 3513.Cm C 3514to be created. 3515.It Va mdconfig_md Ns Aq Ar X 3516.Pq Vt str 3517Arguments to 3518.Xr mdconfig 8 3519for 3520.Xr md 4 3521device 3522.Ar X . 3523At minimum a 3524.Fl t Ar type 3525must be specified and either a 3526.Fl s Ar size 3527for malloc or swap backed 3528.Xr md 4 3529devices or a 3530.Fl f Ar file 3531for vnode backed 3532.Xr md 4 3533devices. 3534Note that 3535.Va mdconfig_md Ns Aq Ar X 3536variables are evaluated until one variable is unset or null. 3537.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3538.Pq Vt str 3539Optional arguments passed to 3540.Xr newfs 8 3541to initialize 3542.Xr md 4 3543device 3544.Ar X . 3545.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3546.Pq Vt str 3547An ownership specification passed to 3548.Xr chown 8 3549after the specified 3550.Xr md 4 3551device 3552.Ar X 3553has been mounted. 3554Both the 3555.Xr md 4 3556device and the mount point will be changed. 3557.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3558.Pq Vt str 3559A mode string passed to 3560.Xr chmod 1 3561after the specified 3562.Xr md 4 3563device 3564.Ar X 3565has been mounted. 3566Both the 3567.Xr md 4 3568device and the mount point will be changed. 3569.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3570.Pq Vt str 3571Files to be copied to the mount point of the 3572.Xr md 4 3573device 3574.Ar X 3575after it has been mounted. 3576.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3577.Pq Vt str 3578Command to execute after the specified 3579.Xr md 4 3580device 3581.Ar X 3582has been mounted. 3583Note that the command is passed to 3584.Ic eval 3585and that both 3586.Va _dev 3587and 3588.Va _mp 3589variables can be used to reference respectively the 3590.Xr md 4 3591device and the mount point. 3592Assuming that the 3593.Xr md 4 3594device is 3595.Li md0 , 3596one could set the following: 3597.Bd -literal 3598mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3599.Ed 3600.It Va ramdisk_units 3601.Pq Vt str 3602A list of one or more ramdisk units to configure with 3603.Xr mdconfig 8 3604and 3605.Xr newfs 8 3606in time to be mounted from 3607.Xr fstab 5 . 3608Each listed unit 3609.Ar X 3610must specify at least a 3611.Ar type 3612in a 3613.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3614variable. 3615Note that this way to configure ramdisks has been deprecated 3616in favor of new 3617.Va mdconfig_md* 3618variables (see above). 3619.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3620.Pq Vt str 3621Arguments to 3622.Xr mdconfig 8 3623for ramdisk 3624.Ar X . 3625At minimum a 3626.Fl t Ar type 3627must be specified, where 3628.Ar type 3629must be one of 3630.Cm malloc 3631or 3632.Cm swap . 3633.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3634.Pq Vt str 3635Optional arguments passed to 3636.Xr newfs 8 3637to initialize ramdisk 3638.Ar X . 3639.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3640.Pq Vt str 3641An ownership specification passed to 3642.Xr chown 8 3643after the specified ramdisk unit 3644.Ar X 3645has been mounted. 3646Both the 3647.Xr md 4 3648device and the mount point will be changed. 3649.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3650.Pq Vt str 3651A mode string passed to 3652.Xr chmod 1 3653after the specified ramdisk unit 3654.Ar X 3655has been mounted. 3656Both the 3657.Xr md 4 3658device and the mount point will be changed. 3659.It Va autobridge_interfaces 3660.Pq Vt str 3661Set to the list of bridge interfaces that will have newly arriving interfaces 3662checked against to be automatically added. 3663If not set to 3664.Dq Li NO 3665then for each whitespace separated 3666.Ar element 3667in the value, a 3668.Va autobridge_ Ns Aq Ar element 3669variable is assumed to exist which has a whitespace separated list of interface 3670names to match, these names can use wildcards. 3671For example: 3672.Bd -literal 3673autobridge_interfaces="bridge0" 3674autobridge_bridge0="tap* dc0 vlan[345]" 3675.Ed 3676.It Va mixer_enable 3677.Pq Vt bool 3678If set to 3679.Dq Li YES , 3680enable support for sound mixer. 3681.El 3682.Sh FILES 3683.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 3684.It Pa /etc/defaults/rc.conf 3685.It Pa /etc/rc.conf 3686.It Pa /etc/rc.conf.local 3687.El 3688.Sh SEE ALSO 3689.Xr catman 1 , 3690.Xr chmod 1 , 3691.Xr gdb 1 , 3692.Xr info 1 , 3693.Xr kbdcontrol 1 , 3694.Xr makewhatis 1 , 3695.Xr sh 1 , 3696.Xr vi 1 , 3697.Xr vidcontrol 1 , 3698.Xr bridge 4 , 3699.Xr ip 4 , 3700.Xr ipf 4 , 3701.Xr ipfw 4 , 3702.Xr ipnat 4 , 3703.Xr kld 4 , 3704.Xr pf 4 , 3705.Xr pflog 4 , 3706.Xr pfsync 4 , 3707.Xr tcp 4 , 3708.Xr udp 4 , 3709.Xr exports 5 , 3710.Xr fstab 5 , 3711.Xr ipf 5 , 3712.Xr ipnat 5 , 3713.Xr motd 5 , 3714.Xr newsyslog.conf 5 , 3715.Xr pf.conf 5 , 3716.Xr accton 8 , 3717.Xr amd 8 , 3718.Xr apm 8 , 3719.Xr atm 8 , 3720.Xr chkprintcap 8 , 3721.Xr chown 8 , 3722.Xr cron 8 , 3723.Xr dhclient 8 , 3724.Xr ftpd 8 , 3725.Xr geli 8 , 3726.Xr ifconfig 8 , 3727.Xr inetd 8 , 3728.Xr ipf 8 , 3729.Xr ipfw 8 , 3730.Xr ipnat 8 , 3731.Xr isdnd 8 , 3732.Xr isdntrace 8 , 3733.Xr jail 8 , 3734.Xr kldxref 8 , 3735.Xr lpd 8 , 3736.Xr mdconfig 8 , 3737.Xr mdmfs 8 , 3738.Xr mixer 8 , 3739.Xr mountd 8 , 3740.Xr moused 8 , 3741.Xr mrouted 8 , 3742.Xr named 8 , 3743.Xr newfs 8 , 3744.Xr newsyslog 8 , 3745.Xr nfsd 8 , 3746.Xr ntpd 8 , 3747.Xr ntpdate 8 , 3748.Xr pcnfsd 8 , 3749.Xr pfctl 8 , 3750.Xr pflogd 8 , 3751.Xr powerd 8 , 3752.Xr quotacheck 8 , 3753.Xr quotaon 8 , 3754.Xr rc 8 , 3755.Xr rc.sendmail 8 , 3756.Xr route 8 , 3757.Xr routed 8 , 3758.Xr rpcbind 8 , 3759.Xr rpc.lockd 8 , 3760.Xr rpc.statd 8 , 3761.Xr rwhod 8 , 3762.Xr savecore 8 , 3763.Xr sshd 8 , 3764.Xr swapon 8 , 3765.Xr sysctl 8 , 3766.Xr syslogd 8 , 3767.Xr timed 8 , 3768.Xr yp 8 , 3769.Xr ypbind 8 , 3770.Xr ypserv 8 , 3771.Xr ypset 8 3772.Sh HISTORY 3773The 3774.Nm 3775file appeared in 3776.Fx 2.2.2 . 3777.Sh AUTHORS 3778.An Jordan K. Hubbard . 3779