xref: /freebsd/share/man/man5/rc.conf.5 (revision ca53e5aedfebcc1b4091b68e01b2d5cae923f85e)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd Sep 21, 2020
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/defaults/vendor.conf
63allows vendors to override
64.Fx
65defaults.
66The file
67.Pa /etc/rc.conf.local
68is used to override settings in
69.Pa /etc/rc.conf
70for historical reasons.
71.Pp
72The sysrc(8) command provides a scripting interface to modify system
73config files.
74.Pp
75In addition to
76.Pa /etc/rc.conf.local
77you can also place smaller configuration files for each
78.Xr rc 8
79script in the
80.Pa /etc/rc.conf.d
81directory or
82.Ao Ar dir Ac Ns Pa /rc.conf.d
83directories specified in
84.Va local_startup ,
85which will be included by the
86.Va load_rc_config
87function.
88For jail configurations you could use the file
89.Pa /etc/rc.conf.d/jail
90to store jail specific configuration options.
91If
92.Va local_startup
93contains
94.Pa /usr/local/etc/rc.d
95and
96.Pa /opt/conf ,
97.Pa /usr/local/rc.conf.d/jail
98and
99.Pa /opt/conf/rc.conf.d/jail
100will be loaded.
101If
102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
103is a directory,
104all of files in the directory will be loaded.
105Also see the
106.Va rc_conf_files
107variable below.
108.Pp
109Options are set with
110.Dq Ar name Ns Li = Ns Ar value
111assignments that use
112.Xr sh 1
113syntax.
114The following list provides a name and short description for each
115variable that can be set in the
116.Nm
117file:
118.Bl -tag -width indent-two
119.It Va rc_debug
120.Pq Vt bool
121If set to
122.Dq Li YES ,
123enable output of debug messages from rc scripts.
124This variable can be helpful in diagnosing mistakes when
125editing or integrating new scripts.
126Beware that this produces copious output to the terminal and
127.Xr syslog 3 .
128.It Va rc_info
129.Pq Vt bool
130If set to
131.Dq Li NO ,
132disable informational messages from the rc scripts.
133Informational messages are displayed when
134a condition that is not serious enough to warrant a warning or
135an error occurs.
136.It Va rc_startmsgs
137.Pq Vt bool
138If set to
139.Dq Li YES ,
140show
141.Dq Starting foo:
142when faststart is used (e.g., at boot time).
143.It Va early_late_divider
144.Pq Vt str
145The name of the script that should be used as the
146delimiter between the
147.Dq early
148and
149.Dq late
150stages of the boot process.
151The early stage should contain all the services needed to
152get the disks (local or remote) mounted so that the late
153stage can include scripts contained in the directories
154listed in the
155.Va local_startup
156variable (see below).
157Thus, the two likely candidates for this value are
158.Pa mountcritlocal
159for the typical system, and
160.Pa mountcritremote
161if the system needs remote file
162systems mounted to get access to the
163.Va local_startup
164directories; for example when
165.Pa /usr/local
166is NFS mounted.
167For
168.Pa rc.conf
169within a
170.Xr jail 8
171.Pa NETWORKING
172is likely to be an appropriate value.
173Extreme care should be taken when changing this value,
174and before changing it one should ensure that there are
175adequate provisions to recover from a failed boot
176(such as physical contact with the machine,
177or reliable remote console access).
178.It Va always_force_depends
179.Pq Vt bool
180Various
181.Pa rc.d
182scripts use the force_depend function to check whether required
183services are already running, and to start them if necessary.
184By default during boot time this check is bypassed if the
185required service is enabled in
186.Pa /etc/rc.conf[.local] .
187Setting this option will bypass that check at boot time and
188always test whether or not the service is actually running.
189Enabling this option is likely to increase your boot time if
190services are enabled that utilize the force_depend check.
191.It Ao Ar name Ac Ns Va _chroot
192.Pq Vt str
193.Xr chroot 8
194to this directory before running the service.
195.It Ao Ar name Ac Ns Va _user
196.Pq Vt str
197Run the service under this user account.
198.It Ao Ar name Ac Ns Va _group
199.Pq Vt str
200Run the chrooted service under this system group.
201Unlike the _user
202setting, this setting has no effect if the service is not chrooted.
203.It Ao Ar name Ac Ns Va _fib
204.Pq Vt int
205The
206.Xr setfib 1
207value to run the service under.
208.It Ao Ar name Ac Ns Va _nice
209.Pq Vt int
210The
211.Xr nice 1
212value to run the service under.
213.It Va apm_enable
214.Pq Vt bool
215If set to
216.Dq Li YES ,
217enable support for Automatic Power Management with
218the
219.Xr apm 8
220command.
221.It Va apmd_enable
222.Pq Vt bool
223Run
224.Xr apmd 8
225to handle APM event from userland.
226This also enables support for APM.
227.It Va apmd_flags
228.Pq Vt str
229If
230.Va apmd_enable
231is set to
232.Dq Li YES ,
233these are the flags to pass to the
234.Xr apmd 8
235daemon.
236.It Va devd_enable
237.Pq Vt bool
238Run
239.Xr devd 8
240to handle device added, removed or unknown events from the kernel.
241.It Va ddb_enable
242.Pq Vt bool
243Run
244.Xr ddb 8
245to install
246.Xr ddb 4
247scripts at boot time.
248.It Va ddb_config
249.Pq Vt str
250Configuration file for
251.Xr ddb 8 .
252Default
253.Pa /etc/ddb.conf .
254.It Va kld_list
255.Pq Vt str
256A whitespace-separated list of kernel modules to load right after
257the local disks are mounted, without any
258.Pa .ko
259extension or path.
260Loading modules at this point in the boot process is
261much faster than doing it via
262.Pa /boot/loader.conf
263for those modules not necessary for mounting local disks.
264.It Va kldxref_enable
265.Pq Vt bool
266Set to
267.Dq Li NO
268by default.
269Set to
270.Dq Li YES
271to automatically rebuild
272.Pa linker.hints
273files with
274.Xr kldxref 8
275at boot time.
276.It Va kldxref_clobber
277.Pq Vt bool
278Set to
279.Dq Li NO
280by default.
281If
282.Va kldxref_enable
283is true,
284setting to
285.Dq Li YES
286will overwrite existing
287.Pa linker.hints
288files at boot time.
289Otherwise,
290only missing
291.Pa linker.hints
292files are generated.
293.It Va kldxref_module_path
294.Pq Vt str
295Empty by default.
296A semi-colon
297.Pq Ql \&;
298delimited list of paths containing
299.Xr kld 4
300modules.
301If empty,
302the contents of the
303.Va kern.module_path
304.Xr sysctl 8
305are used.
306.It Va powerd_enable
307.Pq Vt bool
308If set to
309.Dq Li YES ,
310enable the system power control facility with the
311.Xr powerd 8
312daemon.
313.It Va powerd_flags
314.Pq Vt str
315If
316.Va powerd_enable
317is set to
318.Dq Li YES ,
319these are the flags to pass to the
320.Xr powerd 8
321daemon.
322.It Va tmpmfs
323Controls the creation of a
324.Pa /tmp
325memory file system.
326Always happens if set to
327.Dq Li YES
328and never happens if set to
329.Dq Li NO .
330If set to anything else, a memory file system is created if
331.Pa /tmp
332is not writable.
333.It Va tmpsize
334Controls the size of a created
335.Pa /tmp
336memory file system.
337.It Va tmpmfs_flags
338Extra options passed to the
339.Xr mdmfs 8
340utility when the memory file system for
341.Pa /tmp
342is created.
343The default is
344.Dq Li "-S" ,
345which inhibits the use of softupdates on
346.Pa /tmp
347so that file system space is freed without delay
348after file truncation or deletion.
349See
350.Xr mdmfs 8
351for other options you can use in
352.Va tmpmfs_flags .
353.It Va varmfs
354Controls the creation of a
355.Pa /var
356memory file system.
357Always happens if set to
358.Dq Li YES
359and never happens if set to
360.Dq Li NO .
361If set to anything else, a memory file system is created if
362.Pa /var
363is not writable.
364.It Va varsize
365Controls the size of a created
366.Pa /var
367memory file system.
368.It Va varmfs_flags
369Extra options passed to the
370.Xr mdmfs 8
371utility when the memory file system for
372.Pa /var
373is created.
374The default is
375.Dq Li "-S" ,
376which inhibits the use of softupdates on
377.Pa /var
378so that file system space is freed without delay
379after file truncation or deletion.
380See
381.Xr mdmfs 8
382for other options you can use in
383.Va varmfs_flags .
384.It Va populate_var
385Controls the automatic population of the
386.Pa /var
387file system.
388Always happens if set to
389.Dq Li YES
390and never happens if set to
391.Dq Li NO .
392If set to anything else, a memory file system is created if
393.Pa /var
394is not writable.
395Note that this process requires access to certain commands in
396.Pa /usr
397before
398.Pa /usr
399is mounted on normal systems.
400.It Va cleanvar_enable
401.Pq Vt bool
402Clean the
403.Pa /var
404directory.
405.It Va local_startup
406.Pq Vt str
407List of directories to search for startup script files.
408.It Va script_name_sep
409.Pq Vt str
410The field separator to use for breaking down the list of startup script files
411into individual filenames.
412The default is a space.
413It is not necessary to change this unless there are startup scripts with names
414containing spaces.
415.It Va hostapd_enable
416.Pq Vt bool
417Set to
418.Dq Li YES
419to start
420.Xr hostapd 8
421at system boot time.
422.It Va hostname
423.Pq Vt str
424The fully qualified domain name (FQDN) of this host on the network.
425This should almost certainly be set to something meaningful, even if
426there is no network connection.
427If
428.Xr dhclient 8
429is used to set the hostname via DHCP,
430this variable should be set to an empty string.
431Within a
432.Xr jail 8
433the hostname is generally already set and this variable may be absent.
434If this value remains unset when the system is done booting
435your console login will display the default hostname of
436.Dq Amnesiac .
437.It Va nisdomainname
438.Pq Vt str
439The NIS domain name of this host, or
440.Dq Li NO
441if NIS is not used.
442.It Va dhclient_program
443.Pq Vt str
444Path to the DHCP client program
445.Pa ( /sbin/dhclient ,
446the
447.Ox
448DHCP client,
449is the default).
450.It Va dhclient_flags
451.Pq Vt str
452Additional flags to pass to the DHCP client program.
453For the
454.Ox
455DHCP client, see the
456.Xr dhclient 8
457manpage for a description of the command line options available.
458.It Va dhclient_flags_ Ns Aq Ar iface
459Additional flags to pass to the DHCP client program running on
460.Ar iface
461only.
462When specified, this variable overrides
463.Va dhclient_flags .
464.It Va background_dhclient
465.Pq Vt bool
466Set to
467.Dq Li YES
468to start the DHCP client in background.
469This can cause trouble with applications depending on
470a working network, but it will provide a faster startup
471in many cases.
472.It Va background_dhclient_ Ns Aq Ar iface
473When specified, this variable overrides the
474.Va background_dhclient
475variable for interface
476.Ar iface
477only.
478.It Va synchronous_dhclient
479.Pq Vt bool
480Set to
481.Dq Li YES
482to start
483.Xr dhclient 8
484synchronously at startup.
485This behavior can be overridden on a per-interface basis by replacing
486the
487.Dq Li DHCP
488keyword in the
489.Va ifconfig_ Ns Aq Ar interface
490variable with
491.Dq Li SYNCDHCP
492or
493.Dq Li NOSYNCDHCP .
494.It Va defaultroute_delay
495.Pq Vt int
496When set to a positive value, wait up to this long after configuring
497DHCP interfaces at startup to give the interfaces time to receive a lease.
498.It Va firewall_enable
499.Pq Vt bool
500Set to
501.Dq Li YES
502to load firewall rules at startup.
503If the kernel was not built with
504.Cd "options IPFIREWALL" ,
505the
506.Pa ipfw.ko
507kernel module will be loaded.
508See also
509.Va ipfilter_enable .
510.It Va firewall_script
511.Pq Vt str
512This variable specifies the full path to the firewall script to run.
513The default is
514.Pa /etc/rc.firewall .
515.It Va firewall_type
516.Pq Vt str
517Names the firewall type from the selection in
518.Pa /etc/rc.firewall ,
519or the file which contains the local firewall ruleset.
520Valid selections from
521.Pa /etc/rc.firewall
522are:
523.Pp
524.Bl -tag -width ".Li simple" -compact
525.It Li open
526unrestricted IP access
527.It Li closed
528all IP services disabled, except via
529.Dq Li lo0
530.It Li client
531basic protection for a workstation
532.It Li simple
533basic protection for a LAN.
534.El
535.Pp
536If a filename is specified, the full path
537must be given.
538.It Va firewall_quiet
539.Pq Vt bool
540Set to
541.Dq Li YES
542to disable the display of firewall rules on the console during boot.
543.It Va firewall_logging
544.Pq Vt bool
545Set to
546.Dq Li YES
547to enable firewall event logging.
548This is equivalent to the
549.Dv IPFIREWALL_VERBOSE
550kernel option.
551.It Va firewall_logif
552.Pq Vt bool
553Set to
554.Dq Li YES
555to create pseudo interface
556.Li ipfw0
557for logging.
558For more details, see
559.Xr ipfw 8
560manual page.
561.It Va firewall_flags
562.Pq Vt str
563Flags passed to
564.Xr ipfw 8
565if
566.Va firewall_type
567specifies a filename.
568.It Va firewall_coscripts
569.Pq Vt str
570List of executables and/or rc scripts to run after firewall starts/stops.
571Default is empty.
572.\" ----- firewall_nat_enable setting --------------------------------
573.It Va firewall_nat_enable
574.Pq Vt bool
575The
576.Xr ipfw 8
577equivalent of
578.Va natd_enable .
579Setting this to
580.Dq Li YES
581will automatically load the
582.Xr ipfw 8
583NAT kernel module if
584.Va firewall_enable
585is also set to
586.Dq Li YES .
587.It Va firewall_nat_interface
588.Pq Vt str
589The
590.Xr ipfw 8
591equivalent of
592.Va natd_interface .
593This is the name of the public interface or IP address on which
594kernel NAT should run.
595.It Va firewall_nat_flags
596.Pq Vt str
597Additional configuration parameters for kernel NAT should be placed here.
598.It Va firewall_nat64_enable
599.Pq Vt bool
600Setting this to
601.Dq Li YES
602will automatically load the
603.Xr ipfw 8
604NAT64 kernel module if
605.Va firewall_enable
606is also set to
607.Dq Li YES .
608.It Va firewall_nptv6_enable
609.Pq Vt bool
610Setting this to
611.Dq Li YES
612will automatically load the
613.Xr ipfw 8
614NPTv6 kernel module if
615.Va firewall_enable
616is also set to
617.Dq Li YES .
618.It Va firewall_pmod_enable
619.Pq Vt bool
620Setting this to
621.Dq Li YES
622will automatically load the
623.Xr ipfw 8
624pmod kernel module if
625.Va firewall_enable
626is also set to
627.Dq Li YES .
628.It Va dummynet_enable
629.Pq Vt bool
630Setting this to
631.Dq Li YES
632will automatically load the
633.Xr dummynet 4
634module if
635.Va firewall_enable
636is also set to
637.Dq Li YES .
638.\" -------------------------------------------------------------------
639.It Va ipfw_netflow_enable
640.Pq Vt bool
641Setting this to
642.Dq Li YES
643will enable netflow logging via
644.Xr ng_netflow 4
645.Pp
646By default a ipfw rule is inserted and all packets are duplicated with
647the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
648port using protocol version 5.
649.It Va ipfw_netflow_hook
650.Pq Vt int
651netflow hook name, must be numerical
652(default
653.Pa 9995 ) .
654.It Va ipfw_netflow_rule
655.Pq Vt int
656ipfw rule number
657(default
658.Pa 1000 ) .
659.It Va ipfw_netflow_ip
660.Pq Vt str
661Destination server ip for receiving netflow data
662(default
663.Pa 127.0.0.1 ) .
664.It Va ipfw_netflow_port
665.Pq Vt int
666Destination server port for receiving netflow data
667(default
668.Pa 9995 ) .
669.It Va ipfw_netflow_version
670.Pq Vt int
671Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
672.It Va ipfw_netflow_fib
673.Pq Vt int
674Only match packet in FIB
675.Pa ipfw_netflow_fib
676(default is undefined meaning all FIBs).
677.It Va natd_program
678.Pq Vt str
679Path to
680.Xr natd 8 .
681.It Va natd_enable
682.Pq Vt bool
683Set to
684.Dq Li YES
685to enable
686.Xr natd 8 .
687.Va firewall_enable
688must also be set to
689.Dq Li YES ,
690and
691.Xr divert 4
692sockets must be enabled in the kernel.
693If the kernel was not built with
694.Cd "options IPDIVERT" ,
695the
696.Pa ipdivert.ko
697kernel module will be loaded.
698.It Va natd_interface
699.Pq Vt str
700This is the name of the public interface on which
701.Xr natd 8
702should run.
703The interface may be given as an interface name or as an IP address.
704.It Va natd_flags
705.Pq Vt str
706Additional
707.Xr natd 8
708flags should be placed here.
709The
710.Fl n
711or
712.Fl a
713flag is automatically added with the above
714.Va natd_interface
715as an argument.
716.\" ----- ipfilter_enable setting --------------------------------
717.It Va ipfilter_enable
718.Pq Vt bool
719Set to
720.Dq Li NO
721by default.
722Setting this to
723.Dq Li YES
724enables
725.Xr ipf 8
726packet filtering.
727.Pp
728Typical usage will require putting
729.Bd -literal
730ipfilter_enable="YES"
731ipnat_enable="YES"
732ipmon_enable="YES"
733ipfs_enable="YES"
734.Ed
735.Pp
736into
737.Pa /etc/rc.conf
738and editing
739.Pa /etc/ipf.rules
740and
741.Pa /etc/ipnat.rules
742appropriately.
743.Pp
744Note that
745.Va ipfilter_enable
746and
747.Va ipnat_enable
748can be enabled independently.
749.Va ipmon_enable
750and
751.Va ipfs_enable
752both require at least one of
753.Va ipfilter_enable
754and
755.Va ipnat_enable
756to be enabled.
757.Pp
758Having
759.Bd -literal
760options IPFILTER
761options IPFILTER_LOG
762options IPFILTER_DEFAULT_BLOCK
763.Ed
764.Pp
765in the kernel configuration file is a good idea, too.
766.\" ----- ipfilter_program setting ------------------------------
767.It Va ipfilter_program
768.Pq Vt str
769Path to
770.Xr ipf 8
771(default
772.Pa /sbin/ipf ) .
773.\" ----- ipfilter_rules setting --------------------------------
774.It Va ipfilter_rules
775.Pq Vt str
776Set to
777.Pa /etc/ipf.rules
778by default.
779This variable contains the name of the filter rule definition file.
780The file is expected to be readable for the
781.Xr ipf 8
782command to execute.
783.\" ----- ipv6_ipfilter_rules setting ---------------------------
784.It Va ipv6_ipfilter_rules
785.Pq Vt str
786Set to
787.Pa /etc/ipf6.rules
788by default.
789This variable contains the IPv6 filter rule definition file.
790The file is expected to be readable for the
791.Xr ipf 8
792command to execute.
793.\" ----- ipfilter_flags setting --------------------------------
794.It Va ipfilter_flags
795.Pq Vt str
796Empty by default.
797This variable contains flags passed to the
798.Xr ipf 8
799program.
800.\" ----- ipnat_enable setting ----------------------------------
801.It Va ipnat_enable
802.Pq Vt bool
803Set to
804.Dq Li NO
805by default.
806Set it to
807.Dq Li YES
808to enable
809.Xr ipnat 8
810network address translation.
811See
812.Va ipfilter_enable
813for a detailed discussion.
814.\" ----- ipnat_program setting ---------------------------------
815.It Va ipnat_program
816.Pq Vt str
817Path to
818.Xr ipnat 8
819(default
820.Pa /sbin/ipnat ) .
821.\" ----- ipnat_rules setting -----------------------------------
822.It Va ipnat_rules
823.Pq Vt str
824Set to
825.Pa /etc/ipnat.rules
826by default.
827This variable contains the name of the file
828holding the network address translation definition.
829This file is expected to be readable for the
830.Xr ipnat 8
831command to execute.
832.\" ----- ipnat_flags setting -----------------------------------
833.It Va ipnat_flags
834.Pq Vt str
835Empty by default.
836This variable contains flags passed to the
837.Xr ipnat 8
838program.
839.\" ----- ipmon_enable setting ----------------------------------
840.It Va ipmon_enable
841.Pq Vt bool
842Set to
843.Dq Li NO
844by default.
845Set it to
846.Dq Li YES
847to enable
848.Xr ipmon 8
849monitoring (logging
850.Xr ipf 8
851and
852.Xr ipnat 8
853events).
854Setting this variable needs setting
855.Va ipfilter_enable
856or
857.Va ipnat_enable
858too.
859See
860.Va ipfilter_enable
861for a detailed discussion.
862.\" ----- ipmon_program setting ---------------------------------
863.It Va ipmon_program
864.Pq Vt str
865Path to
866.Xr ipmon 8
867(default
868.Pa /sbin/ipmon ) .
869.\" ----- ipmon_flags setting -----------------------------------
870.It Va ipmon_flags
871.Pq Vt str
872Set to
873.Dq Li -Ds
874by default.
875This variable contains flags passed to the
876.Xr ipmon 8
877program.
878Another typical example would be
879.Dq Fl D Pa /var/log/ipflog
880to have
881.Xr ipmon 8
882log directly to a file bypassing
883.Xr syslogd 8 .
884Make sure to adjust
885.Pa /etc/newsyslog.conf
886in such case like this:
887.Bd -literal
888/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
889.Ed
890.\" ----- ipfs_enable setting -----------------------------------
891.It Va ipfs_enable
892.Pq Vt bool
893Set to
894.Dq Li NO
895by default.
896Set it to
897.Dq Li YES
898to enable
899.Xr ipfs 8
900saving the filter and NAT state tables during shutdown
901and reloading them during startup again.
902Setting this variable needs setting
903.Va ipfilter_enable
904or
905.Va ipnat_enable
906to
907.Dq Li YES
908too.
909See
910.Va ipfilter_enable
911for a detailed discussion.
912Note that if
913.Va kern_securelevel
914is set to 3,
915.Va ipfs_enable
916cannot be used
917because the raised securelevel will prevent
918.Xr ipfs 8
919from saving the state tables at shutdown time.
920.\" ----- ipfs_program setting ----------------------------------
921.It Va ipfs_program
922.Pq Vt str
923Path to
924.Xr ipfs 8
925(default
926.Pa /sbin/ipfs ) .
927.\" ----- ipfs_flags setting ------------------------------------
928.It Va ipfs_flags
929.Pq Vt str
930Empty by default.
931This variable contains flags passed to the
932.Xr ipfs 8
933program.
934.\" ----- end of added ipf hook ---------------------------------
935.It Va pf_enable
936.Pq Vt bool
937Set to
938.Dq Li NO
939by default.
940Setting this to
941.Dq Li YES
942enables
943.Xr pf 4
944packet filtering.
945.Pp
946Typical usage will require putting
947.Pp
948.Dl pf_enable="YES"
949.Pp
950into
951.Pa /etc/rc.conf
952and editing
953.Pa /etc/pf.conf
954appropriately.
955Adding
956.Pp
957.Dl "device pf"
958.Pp
959builds support for
960.Xr pf 4
961into the kernel, otherwise the
962kernel module will be loaded.
963.It Va pf_rules
964.Pq Vt str
965Path to
966.Xr pf 4
967ruleset configuration file
968(default
969.Pa /etc/pf.conf ) .
970.It Va pf_program
971.Pq Vt str
972Path to
973.Xr pfctl 8
974(default
975.Pa /sbin/pfctl ) .
976.It Va pf_flags
977.Pq Vt str
978If
979.Va pf_enable
980is set to
981.Dq Li YES ,
982these flags are passed to the
983.Xr pfctl 8
984program when loading the ruleset.
985.It Va pflog_enable
986.Pq Vt bool
987Set to
988.Dq Li NO
989by default.
990Setting this to
991.Dq Li YES
992enables
993.Xr pflogd 8
994which logs packets from the
995.Xr pf 4
996packet filter.
997.It Va pflog_logfile
998.Pq Vt str
999If
1000.Va pflog_enable
1001is set to
1002.Dq Li YES
1003this controls where
1004.Xr pflogd 8
1005stores the logfile
1006(default
1007.Pa /var/log/pflog ) .
1008Check
1009.Pa /etc/newsyslog.conf
1010to adjust logfile rotation for this.
1011.It Va pflog_program
1012.Pq Vt str
1013Path to
1014.Xr pflogd 8
1015(default
1016.Pa /sbin/pflogd ) .
1017.It Va pflog_flags
1018.Pq Vt str
1019Empty by default.
1020This variable contains additional flags passed to the
1021.Xr pflogd 8
1022program.
1023.It Va pflog_instances
1024.Pq Vt str
1025If logging to more than one
1026.Xr pflog 4
1027interface is desired,
1028.Va pflog_instances
1029is set to the list of
1030.Xr pflogd 8
1031instances that should be started at system boot time.
1032If
1033.Va pflog_instances
1034is set, for each whitespace-separated
1035.Ar element
1036in the list,
1037.Ao Ar element Ac Ns Va _dev
1038and
1039.Ao Ar element Ac Ns Va _logfile
1040elements are assumed to exist.
1041.Ao Ar element Ac Ns Va _dev
1042must contain the
1043.Xr pflog 4
1044interface to be watched by the named
1045.Xr pflogd 8
1046instance.
1047.Ao Ar element Ac Ns Va _logfile
1048must contain the name of the logfile that will be used by the
1049.Xr pflogd 8
1050instance.
1051.It Va ftpproxy_enable
1052.Pq Vt bool
1053Set to
1054.Dq Li NO
1055by default.
1056Setting this to
1057.Dq Li YES
1058enables
1059.Xr ftp-proxy 8
1060which supports the
1061.Xr pf 4
1062packet filter in translating ftp connections.
1063.It Va ftpproxy_flags
1064.Pq Vt str
1065Empty by default.
1066This variable contains additional flags passed to the
1067.Xr ftp-proxy 8
1068program.
1069.It Va ftpproxy_instances
1070.Pq Vt str
1071Empty by default.
1072If multiple instances of
1073.Xr ftp-proxy 8
1074are desired at boot time,
1075.Va ftpproxy_instances
1076should contain a whitespace-separated list of instance names.
1077For each
1078.Ar element
1079in the list, a variable named
1080.Ao Ar element Ac Ns Va _flags
1081should be defined, containing the command-line flags to be passed to the
1082.Xr ftp-proxy 8
1083instance.
1084.It Va pfsync_enable
1085.Pq Vt bool
1086Set to
1087.Dq Li NO
1088by default.
1089Setting this to
1090.Dq Li YES
1091enables exposing
1092.Xr pf 4
1093state changes to other hosts over the network by means of
1094.Xr pfsync 4 .
1095The
1096.Va pfsync_syncdev
1097variable
1098must also be set then.
1099.It Va pfsync_syncdev
1100.Pq Vt str
1101Empty by default.
1102This variable specifies the name of the network interface
1103.Xr pfsync 4
1104should operate through.
1105It must be set accordingly if
1106.Va pfsync_enable
1107is set to
1108.Dq Li YES .
1109.It Va pfsync_syncpeer
1110.Pq Vt str
1111Empty by default.
1112This variable is optional.
1113By default, state change messages are sent out on the synchronisation
1114interface using IP multicast packets.
1115The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1116224.0.0.240.
1117When a peer address is specified using the
1118.Va pfsync_syncpeer
1119option, the peer address is used as a destination for the pfsync
1120traffic, and the traffic can then be protected using
1121.Xr ipsec 4 .
1122See the
1123.Xr pfsync 4
1124manpage for more details about using
1125.Xr ipsec 4
1126with
1127.Xr pfsync 4
1128interfaces.
1129.It Va pfsync_ifconfig
1130.Pq Vt str
1131Empty by default.
1132This variable can contain additional options to be passed to the
1133.Xr ifconfig 8
1134command used to set up
1135.Xr pfsync 4 .
1136.It Va tcp_extensions
1137.Pq Vt bool
1138Set to
1139.Dq Li YES
1140by default.
1141Setting this to
1142.Dq Li NO
1143disables certain TCP options as described by
1144.Rs
1145.%T "RFC 1323"
1146.Re
1147Setting this to
1148.Dq Li NO
1149might help remedy such problems with connections as randomly hanging
1150or other weird behavior.
1151Some network devices are known
1152to be broken with respect to these options.
1153.It Va log_in_vain
1154.Pq Vt int
1155Set to 0 by default.
1156The
1157.Xr sysctl 8
1158variables,
1159.Va net.inet.tcp.log_in_vain
1160and
1161.Va net.inet.udp.log_in_vain ,
1162as described in
1163.Xr tcp 4
1164and
1165.Xr udp 4 ,
1166are set to the given value.
1167.It Va tcp_keepalive
1168.Pq Vt bool
1169Set to
1170.Dq Li YES
1171by default.
1172Setting to
1173.Dq Li NO
1174will disable probing idle TCP connections to verify that the
1175peer is still up and reachable.
1176.It Va tcp_drop_synfin
1177.Pq Vt bool
1178Set to
1179.Dq Li NO
1180by default.
1181Setting to
1182.Dq Li YES
1183will cause the kernel to ignore TCP frames that have both
1184the SYN and FIN flags set.
1185This prevents OS fingerprinting, but may
1186break some legitimate applications.
1187.It Va icmp_drop_redirect
1188.Pq Vt bool
1189Set to
1190.Dq Li AUTO
1191by default.
1192This setting will be identical to
1193.Dq Li YES ,
1194if a dynamicrouting daemon is enabled, because redirect processing may
1195cause performance issues for large routing tables.
1196If no such service is enabled, this setting behaves like a
1197.Dq Li NO .
1198Setting to
1199.Dq Li YES
1200will cause the kernel to ignore ICMP REDIRECT packets.
1201Setting to
1202.Dq Li NO
1203will cause the kernel to process ICMP REDIRECT packets.
1204Refer to
1205.Xr icmp 4
1206for more information.
1207.It Va icmp_log_redirect
1208.Pq Vt bool
1209Set to
1210.Dq Li NO
1211by default.
1212Setting to
1213.Dq Li YES
1214will cause the kernel to log ICMP REDIRECT packets.
1215Note that
1216the log messages are not rate-limited, so this option should only be used
1217for troubleshooting networks.
1218Refer to
1219.Xr icmp 4
1220for more information.
1221.It Va icmp_bmcastecho
1222.Pq Vt bool
1223Set to
1224.Dq Li YES
1225to respond to broadcast or multicast ICMP ping packets.
1226Refer to
1227.Xr icmp 4
1228for more information.
1229.It Va ip_portrange_first
1230.Pq Vt int
1231If not set to
1232.Dq Li NO ,
1233this is the first port in the default portrange.
1234Refer to
1235.Xr ip 4
1236for more information.
1237.It Va ip_portrange_last
1238.Pq Vt int
1239If not set to
1240.Dq Li NO ,
1241this is the last port in the default portrange.
1242Refer to
1243.Xr ip 4
1244for more information.
1245.It Va network_interfaces
1246.Pq Vt str
1247Set to the list of network interfaces to configure on this host or
1248.Dq Li AUTO
1249(the default) for all current interfaces.
1250Setting the
1251.Va network_interfaces
1252variable to anything other than the default is deprecated.
1253Interfaces that the administrator wishes to store configuration for,
1254but not start at boot should be configured with the
1255.Dq Li NOAUTO
1256keyword in their
1257.Va ifconfig_ Ns Aq Ar interface
1258variables as described below.
1259.Pp
1260An
1261.Va ifconfig_ Ns Aq Ar interface
1262variable is also assumed to exist for each value of
1263.Ar interface .
1264When an interface name contains any of the characters
1265.Dq Li .-/+
1266they are translated to
1267.Dq Li _
1268before lookup.
1269The variable can contain arguments to
1270.Xr ifconfig 8 ,
1271as well as special case-insensitive keywords described below.
1272Such keywords are removed before passing the value to
1273.Xr ifconfig 8
1274while the order of the other arguments is preserved.
1275.Pp
1276It is possible to add IP alias entries using
1277.Xr ifconfig 8
1278syntax with the address family keyword such as
1279.Li inet .
1280Assuming that the interface in question was
1281.Li em0 ,
1282it might look something like this:
1283.Bd -literal
1284ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1285ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1286.Ed
1287.Pp
1288It also possible to configure multiple IP addresses in Classless
1289Inter-Domain Routing
1290.Pq CIDR
1291address notation,
1292whose each address component can be a range like
1293.Li inet 192.0.2.5-23/24
1294or
1295.Li inet6 2001:db8:1-f::1/64 .
1296This notation allows address and prefix length part only,
1297not the other address modifiers.
1298Note that the maximum number of the generated addresses from a range
1299specification is limited to an integer value specified in
1300.Va netif_ipexpand_max
1301in
1302.Nm
1303because a small typo can unexpectedly generate a large number of addresses.
1304The default value is
1305.Li 2048 .
1306It can be increased by adding the following line into
1307.Nm :
1308.Bd -literal
1309netif_ipexpand_max="4096"
1310.Ed
1311.Pp
1312In the case of
1313.Li 192.0.2.5-23/24 ,
1314the address 192.0.2.5 will be configured with the
1315netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1316the non-conflicting netmask /32 as explained in the
1317.Xr ifconfig 8
1318alias section.
1319Note that this special netmask handling is only for
1320.Li inet ,
1321not for the other address families such as
1322.Li inet6 .
1323.Pp
1324With the interface in question being
1325.Li em0 ,
1326an example could look like:
1327.Bd -literal
1328ifconfig_em0_alias2="inet 192.0.2.129/27"
1329ifconfig_em0_alias3="inet 192.0.2.1-5/28"
1330.Ed
1331.Pp
1332and so on.
1333.Pp
1334Note that deprecated
1335.Va ipv4_addrs_ Ns Aq Ar interface
1336variable was supported for IPv4 CIDR address notation.
1337The
1338.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1339variable replaces it, though
1340.Va ipv4_addrs_ Ns Aq Ar interface
1341is still supported for backward compatibility.
1342.Pp
1343For each
1344.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1345entry with an address family keyword,
1346its contents are passed to
1347.Xr ifconfig 8 .
1348Execution stops at the first unsuccessful access, so if
1349something like this is present:
1350.Bd -literal
1351ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1352ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1353ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1354ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1355.Ed
1356.Pp
1357Then note that alias4 would
1358.Em not
1359be added since the search would
1360stop with the missing
1361.Dq Li alias3
1362entry.
1363Because of this difficult to manage behavior,
1364there is
1365.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1366variable, which has the same functionality as
1367.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1368and can have all of entries in a variable like the following:
1369.Bd -literal
1370ifconfig_em0_aliases="\\
1371	inet 127.0.0.251 netmask 0xffffffff \\
1372	inet 127.0.0.252 netmask 0xffffffff \\
1373	inet 127.0.0.253 netmask 0xffffffff \\
1374	inet 127.0.0.254 netmask 0xffffffff"
1375.Ed
1376.Pp
1377It also supports CIDR notation.
1378.Pp
1379If the
1380.Pa /etc/start_if. Ns Aq Ar interface
1381file is present, it is read and executed by the
1382.Xr sh 1
1383interpreter
1384before configuring the interface as specified in the
1385.Va ifconfig_ Ns Aq Ar interface
1386and
1387.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1388variables.
1389.Pp
1390If a
1391.Va vlans_ Ns Aq Ar interface
1392variable is set,
1393a
1394.Xr vlan 4
1395interface will be created for each item in the list with the
1396.Ar vlandev
1397argument set to
1398.Ar interface .
1399If a vlan interface's name is a number,
1400then that number is used as the vlan tag and the new vlan interface is
1401named
1402.Ar interface . Ns Ar tag .
1403Otherwise,
1404the vlan tag must be specified via a
1405.Va vlan
1406parameter in the
1407.Va create_args_ Ns Aq Ar interface
1408variable.
1409.Pp
1410To create a vlan device named
1411.Li em0.101
1412on
1413.Li em0
1414with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1415.Bd -literal
1416vlans_em0="101"
1417ifconfig_em0_101="inet 192.0.2.1/24"
1418.Ed
1419.Pp
1420To create a vlan device named
1421.Li myvlan
1422on
1423.Li em0
1424with the vlan tag 102:
1425.Bd -literal
1426vlans_em0="myvlan"
1427create_args_myvlan="vlan 102"
1428.Ed
1429.Pp
1430If a
1431.Va wlans_ Ns Aq Ar interface
1432variable is set,
1433an
1434.Xr wlan 4
1435interface will be created for each item in the list with the
1436.Ar wlandev
1437argument set to
1438.Ar interface .
1439Further wlan cloning arguments may be passed to the
1440.Xr ifconfig 8
1441.Cm create
1442command by setting the
1443.Va create_args_ Ns Aq Ar interface
1444variable.
1445One or more
1446.Xr wlan 4
1447devices must be created for each wireless devices as of
1448.Fx 8.0 .
1449Debugging flags for
1450.Xr wlan 4
1451devices as set by
1452.Xr wlandebug 8
1453may be specified with an
1454.Va wlandebug_ Ns Aq Ar interface
1455variable.
1456The contents of this variable will be passed directly to
1457.Xr wlandebug 8 .
1458.Pp
1459If the
1460.Va ifconfig_ Ns Aq Ar interface
1461contains the keyword
1462.Dq Li NOAUTO
1463then the interface will not be configured
1464at boot or by
1465.Pa /etc/pccard_ether
1466when
1467.Va network_interfaces
1468is set to
1469.Dq Li AUTO .
1470.Pp
1471It is possible to bring up an interface with DHCP by adding
1472.Dq Li DHCP
1473to the
1474.Va ifconfig_ Ns Aq Ar interface
1475variable.
1476For instance, to initialize the
1477.Li em0
1478device via DHCP,
1479it is possible to use something like:
1480.Bd -literal
1481ifconfig_em0="DHCP"
1482.Ed
1483.Pp
1484If you want to configure your wireless interface with
1485.Xr wpa_supplicant 8
1486for use with WPA, EAP/LEAP or WEP, you need to add
1487.Dq Li WPA
1488to the
1489.Va ifconfig_ Ns Aq Ar interface
1490variable.
1491.Pp
1492On the other hand, if you want to configure your wireless interface with
1493.Xr hostapd 8 ,
1494you need to add
1495.Dq Li HOSTAP
1496to the
1497.Va ifconfig_ Ns Aq Ar interface
1498variable.
1499.Xr hostapd 8
1500will use the settings from
1501.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1502.Pp
1503Finally, you can add
1504.Xr ifconfig 8
1505options in this variable, in addition to the
1506.Pa /etc/start_if. Ns Aq Ar interface
1507file.
1508For instance, to configure an
1509.Xr ath 4
1510wireless device in station mode with an address obtained
1511via DHCP, using WPA authentication and 802.11b mode, it is
1512possible to use something like:
1513.Bd -literal
1514wlans_ath0="wlan0"
1515ifconfig_wlan0="DHCP WPA mode 11b"
1516.Ed
1517.Pp
1518In addition to the
1519.Va ifconfig_ Ns Aq Ar interface
1520form, a fallback variable
1521.Va ifconfig_DEFAULT
1522may be configured.
1523It will be used for all interfaces with no
1524.Va ifconfig_ Ns Aq Ar interface
1525variable.
1526This is intended to replace the no longer supported
1527.Va pccard_ifconfig
1528variable.
1529.Pp
1530It is also possible to rename an interface by doing:
1531.Bd -literal
1532ifconfig_em0_name="net0"
1533ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1534.Ed
1535.It Va ipv6_enable
1536.Pq Vt bool
1537This variable is deprecated.
1538Use
1539.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1540and
1541.Va ipv6_activate_all_interfaces
1542if necessary.
1543.Pp
1544If the variable is
1545.Dq Li YES ,
1546.Dq Li inet6 accept_rtadv
1547is added to all of
1548.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1549and the
1550.Va ipv6_activate_all_interfaces
1551is defined as
1552.Dq Li YES .
1553.It Va ipv6_prefer
1554.Pq Vt bool
1555This variable is deprecated.
1556Use
1557.Va ip6addrctl_policy
1558instead.
1559.Pp
1560If the variable is
1561.Dq Li YES ,
1562the default address selection policy table set by
1563.Xr ip6addrctl 8
1564will be IPv6-preferred.
1565.Pp
1566If the variable is
1567.Dq Li NO ,
1568the default address selection policy table set by
1569.Xr ip6addrctl 8
1570will be IPv4-preferred.
1571.It Va ipv6_activate_all_interfaces
1572.Pq Vt bool
1573This controls initial configuration on IPv6-capable
1574interfaces with no corresponding
1575.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1576variable.
1577Note that it is not always necessary to set this variable to
1578.Dq YES
1579to use IPv6 functionality on
1580.Fx .
1581In most cases, just configuring
1582.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1583variables works.
1584.Pp
1585If the variable is
1586.Dq Li NO ,
1587all interfaces which do not have a corresponding
1588.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1589variable will be marked as
1590.Dq Li IFDISABLED
1591at creation.
1592This means that all of IPv6 functionality on that interface
1593is completely disabled to enforce a security policy.
1594If the variable is set to
1595.Dq YES ,
1596the flag will be cleared on all of the interfaces.
1597.Pp
1598In most cases, just defining an
1599.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1600for an IPv6-capable interface should be sufficient.
1601However, if an interface is added dynamically
1602.Pq by some tunneling protocols such as PPP, for example ,
1603it is often difficult to define the variable in advance.
1604In such a case, configuring the
1605.Dq Li IFDISABLED
1606flag can be disabled by setting this variable to
1607.Dq YES .
1608.Pp
1609For more details of the
1610.Dq Li IFDISABLED
1611flag and keywords
1612.Dq Li inet6 ifdisabled ,
1613see
1614.Xr ifconfig 8 .
1615.Pp
1616Default is
1617.Dq Li NO .
1618.It Va ipv6_privacy
1619.Pq Vt bool
1620If the variable is
1621.Dq Li YES
1622privacy addresses will be generated for each IPv6
1623interface as described in RFC 4941.
1624.It Va ipv6_network_interfaces
1625.Pq Vt str
1626This is the IPv6 equivalent of
1627.Va network_interfaces .
1628Normally manual configuration of this variable is not needed.
1629.It Va ipv6_cpe_wanif
1630.Pq Vt str
1631If the variable is set to an interface name,
1632the
1633.Xr ifconfig 8
1634options
1635.Dq inet6 -no_radr accept_rtadv
1636will be added to the specified interface automatically before evaluating
1637.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1638and two
1639.Xr sysctl 8
1640variables
1641.Va net.inet6.ip6.rfc6204w3
1642and
1643.Va net.inet6.ip6.no_radr
1644will be set to 1.
1645.Pp
1646This means the specified interface will accept ICMPv6 Router
1647Advertisement messages on that link and add the discovered
1648routers into the Default Router List.
1649While the other interfaces can still accept RA messages if the
1650.Dq inet6 accept_rtadv
1651option is specified, adding
1652routes into the Default Router List will be disabled by
1653.Dq inet6 no_radr
1654option by default.
1655See
1656.Xr ifconfig 8
1657for more details.
1658.Pp
1659Note that ICMPv6 Router Advertisement messages will be
1660accepted even when
1661.Va net.inet6.ip6.forwarding
1662is 1
1663.Pq packet forwarding is enabled
1664when
1665.Va net.inet6.ip6.rfc6204w3
1666is set to 1.
1667.Pp
1668Default is
1669.Dq Li NO .
1670.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1671.Pq Vt str
1672This assigns arbitrary description to an interface.
1673The
1674.Xr sysctl 8
1675variable
1676.Va net.ifdescr_maxlen
1677limits its length.
1678This static setting may be overridden by commands
1679started with dynamic interface configuration utilities
1680like
1681.Xr dhclient 8
1682hooks.
1683The description can be seen with
1684.Xr ifconfig 8
1685command and it may be exported with
1686.Xr bsnmpd 1
1687daemon using its MIB-2 module.
1688.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1689.Pq Vt str
1690IPv6 functionality on an interface should be configured by
1691.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1692instead of setting ifconfig parameters in
1693.Va ifconfig_ Ns Aq Ar interface .
1694If this variable is empty, all of IPv6 configurations on the
1695specified interface by other variables such as
1696.Va ipv6_prefix_ Ns Ao Ar interface Ac
1697will be ignored.
1698.Pp
1699Aliases should be set by
1700.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1701with
1702.Dq Li inet6
1703keyword.
1704For example:
1705.Bd -literal
1706ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1707ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1708.Ed
1709.Pp
1710Interfaces that have an
1711.Dq Li inet6 accept_rtadv
1712keyword in
1713.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1714setting will be automatically configured by SLAAC
1715.Pq StateLess Address AutoConfiguration
1716described in
1717.Rs
1718.%T "RFC 4862"
1719.Re
1720.Pp
1721Note that a link-local address will be automatically configured in
1722addition to the configured global-scope addresses because the IPv6
1723specifications require it on each link.
1724The address is calculated from the MAC address by using an algorithm
1725defined in
1726.Rs
1727.%T "RFC 4862"
1728.%O "Section 5.3"
1729.Re
1730.Pp
1731If only a link-local address is needed on the interface,
1732the following configuration can be used:
1733.Bd -literal
1734ifconfig_em0_ipv6="inet6 auto_linklocal"
1735.Ed
1736.Pp
1737A link-local address can also be configured manually.
1738This is useful for the default router address of an IPv6 router
1739so that it does not change when the network interface
1740card is replaced.
1741For example:
1742.Bd -literal
1743ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
1744.Ed
1745.It Va ipv6_prefix_ Ns Aq Ar interface
1746.Pq Vt str
1747If one or more prefixes are defined in
1748.Va ipv6_prefix_ Ns Aq Ar interface
1749addresses based on each prefix and the EUI-64 interface index will be
1750configured on that interface.
1751Note that this variable will be ignored when
1752.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1753is empty.
1754.Pp
1755For example, the following configuration
1756.Bd -literal
1757ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
1758.Ed
1759.Pp
1760is equivalent to the following:
1761.Bd -literal
1762ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1763ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1764ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1765ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1766.Ed
1767.Pp
1768These Subnet-Router anycast addresses will be added only when
1769.Va ipv6_gateway_enable
1770is YES.
1771.It Va ipv6_default_interface
1772.Pq Vt str
1773If not set to
1774.Dq Li NO ,
1775this is the default output interface for scoped addresses.
1776This works only with ipv6_gateway_enable="NO".
1777.It Va ip6addrctl_enable
1778.Pq Vt bool
1779This variable is to enable configuring default address selection policy table
1780.Pq RFC 3484 .
1781The table can be specified in another variable
1782.Va ip6addrctl_policy .
1783For
1784.Va ip6addrctl_policy
1785the following keywords can be specified:
1786.Dq Li ipv4_prefer ,
1787.Dq Li ipv6_prefer ,
1788or
1789.Dq Li AUTO .
1790.Pp
1791If
1792.Dq Li ipv4_prefer
1793or
1794.Dq Li ipv6_prefer
1795is specified,
1796.Xr ip6addrctl 8
1797installs a pre-defined policy table described in Section 10.3
1798.Pq IPv4-preferred
1799or 2.1
1800.Pq IPv6-preferred
1801of RFC 3484.
1802.Pp
1803If
1804.Dq Li AUTO
1805is specified, it attempts to read a file
1806.Pa /etc/ip6addrctl.conf
1807first.
1808If this file is found,
1809.Xr ip6addrctl 8
1810reads and installs it.
1811If not found, a policy is automatically set
1812according to
1813.Va ipv6_activate_all_interfaces
1814variable; if the variable is set to
1815.Dq Li YES
1816the IPv6-preferred one is used.
1817Otherwise IPv4-preferred.
1818.Pp
1819The default value of
1820.Va ip6addrctl_enable
1821and
1822.Va ip6addrctl_policy
1823are
1824.Dq Li YES
1825and
1826.Dq Li AUTO ,
1827respectively.
1828.It Va cloned_interfaces
1829.Pq Vt str
1830Set to the list of clonable network interfaces to create on this host.
1831Further cloning arguments may be passed to the
1832.Xr ifconfig 8
1833.Cm create
1834command for each interface by setting the
1835.Va create_args_ Ns Aq Ar interface
1836variable.
1837If an interface name is specified with
1838.Dq :sticky
1839keyword,
1840the interface will not be destroyed even when
1841.Pa rc.d/netif
1842script is invoked with
1843.Dq stop
1844argument.
1845This is useful when reconfiguring the interface without destroying it.
1846Entries in
1847.Va cloned_interfaces
1848are automatically appended to
1849.Va network_interfaces
1850for configuration.
1851.It Va cloned_interfaces_sticky
1852.Pq Vt bool
1853This variable is to globally enable functionality of
1854.Dq :sticky
1855keyword in
1856.Va cloned_interfaces
1857for all interfaces.
1858The default value is
1859.Dq NO .
1860Even if this variable is specified to
1861.Dq YES ,
1862.Dq :nosticky
1863keyword can be used to override it on per interface basis.
1864.It Va gif_interfaces
1865Set to the list of
1866.Xr gif 4
1867tunnel interfaces to configure on this host.
1868A
1869.Va gifconfig_ Ns Aq Ar interface
1870variable is assumed to exist for each value of
1871.Ar interface .
1872The value of this variable is used to configure the link layer of the
1873tunnel using the
1874.Cm tunnel
1875option to
1876.Xr ifconfig .
1877Additionally, this option ensures that each listed interface is created
1878via the
1879.Cm create
1880option to
1881.Xr ifconfig
1882before attempting to configure it.
1883.Pp
1884For example, configure two
1885.Xr gif
1886interfaces with:
1887.Bd -literal
1888gif_interfaces="gif0 gif1"
1889gifconfig_gif0="100.64.0.1 100.64.0.2"
1890ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
1891gifconfig_gif1="inet6 2a00::1 2a01::1"
1892ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
1893.Ed
1894.It Va sppp_interfaces
1895.Pq Vt str
1896Set to the list of
1897.Xr sppp 4
1898interfaces to configure on this host.
1899A
1900.Va spppconfig_ Ns Aq Ar interface
1901variable is assumed to exist for each value of
1902.Ar interface .
1903Each interface should also be configured by a general
1904.Va ifconfig_ Ns Aq Ar interface
1905setting.
1906Refer to
1907.Xr spppcontrol 8
1908for more information about available options.
1909.It Va ppp_enable
1910.Pq Vt bool
1911If set to
1912.Dq Li YES ,
1913run the
1914.Xr ppp 8
1915daemon.
1916.It Va ppp_profile
1917.Pq Vt str
1918The name of the profile to use from
1919.Pa /etc/ppp/ppp.conf .
1920Also used for per-profile overrides of
1921.Va ppp_mode
1922and
1923.Va ppp_nat ,
1924and
1925.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1926When the profile name contains any of the characters
1927.Dq Li .-/+
1928they are translated to
1929.Dq Li _
1930for the proposes of the override variable names.
1931.It Va ppp_mode
1932.Pq Vt str
1933Mode in which to run the
1934.Xr ppp 8
1935daemon.
1936.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1937.Pq Vt str
1938Overrides the global
1939.Va ppp_mode
1940for
1941.Ar profile .
1942Accepted modes are
1943.Dq Li auto ,
1944.Dq Li ddial ,
1945.Dq Li direct
1946and
1947.Dq Li dedicated .
1948See the manual for a full description.
1949.It Va ppp_nat
1950.Pq Vt bool
1951If set to
1952.Dq Li YES ,
1953enables network address translation.
1954Used in conjunction with
1955.Va gateway_enable
1956allows hosts on private network addresses access to the Internet using
1957this host as a network address translating router.
1958Default is
1959.Dq Li YES .
1960.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1961.Pq Vt str
1962Overrides the global
1963.Va ppp_nat
1964for
1965.Ar profile .
1966.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1967.Pq Vt int
1968Set the unit number to be used for this profile.
1969See the manual description of
1970.Fl unit Ns Ar N
1971for details.
1972.It Va ppp_user
1973.Pq Vt str
1974The name of the user under which
1975.Xr ppp 8
1976should be started.
1977By
1978default,
1979.Xr ppp 8
1980is started as
1981.Dq Li root .
1982.It Va rc_conf_files
1983.Pq Vt str
1984This option is used to specify a list of files that will override
1985the settings in
1986.Pa /etc/defaults/rc.conf .
1987The files will be read in the order in which they are specified and should
1988include the full path to the file.
1989By default, the files specified are
1990.Pa /etc/rc.conf
1991and
1992.Pa /etc/rc.conf.local
1993.It Va zfs_enable
1994.Pq Vt bool
1995If set to
1996.Dq Li YES ,
1997.Pa /etc/rc.d/zfs
1998will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1999(ZVOLs).
2000.It Va gptboot_enable
2001.Pq Vt bool
2002If set to
2003.Dq Li YES ,
2004.Pa /etc/rc.d/gptboot
2005will log if the system successfully (or not) booted from a GPT partition,
2006which had the
2007.Ar bootonce
2008attribute set using
2009.Xr gpart 8
2010utility.
2011.It Va gbde_autoattach_all
2012.Pq Vt bool
2013If set to
2014.Dq Li YES ,
2015.Pa /etc/rc.d/gbde
2016will attempt to automatically initialize your .bde devices in
2017.Pa /etc/fstab .
2018.It Va gbde_devices
2019.Pq Vt str
2020List the devices that the script should try to attach,
2021or
2022.Dq Li AUTO .
2023.It Va gbde_lockdir
2024.Pq Vt str
2025The directory where the
2026.Xr gbde 4
2027lockfiles are located.
2028The default lockfile directory is
2029.Pa /etc .
2030.Pp
2031The lockfile for each individual
2032.Xr gbde 4
2033device can be overridden by setting the variable
2034.Va gbde_lock_ Ns Aq Ar device ,
2035where
2036.Ar device
2037is the encrypted device without the
2038.Dq Pa /dev/
2039and
2040.Dq Pa .bde
2041parts.
2042.It Va gbde_attach_attempts
2043.Pq Vt int
2044Number of times to attempt attaching to a
2045.Xr gbde 4
2046device, i.e., how many times the user is asked for the pass-phrase.
2047Default is 3.
2048.It Va geli_devices
2049.Pq Vt str
2050List of devices to automatically attach on boot.
2051Note that .eli devices from
2052.Pa /etc/fstab
2053are automatically appended to this list.
2054.It Va geli_groups
2055.Pq Vt str
2056List of groups containing devices to automatically attach on boot with the same
2057keyfiles and passphrase.
2058This must be accompanied with a corresponding
2059.Va geli_ Ns Ao Ar group Ac Ns Va _devices
2060variable.
2061.It Va geli_tries
2062.Pq Vt int
2063Number of times user is asked for the pass-phrase.
2064If empty, it will be taken from
2065.Va kern.geom.eli.tries
2066sysctl variable.
2067.It Va geli_default_flags
2068.Pq Vt str
2069Default flags to use by
2070.Xr geli 8
2071when configuring disk encryption.
2072Flags can be configured for every device separately by defining the
2073.Va geli_ Ns Ao Ar device Ac Ns Va _flags
2074variable, and for every group separately by defining the
2075.Va geli_ Ns Ao Ar group Ac Ns Va _flags
2076variable.
2077.It Va geli_autodetach
2078.Pq Vt str
2079Specifies if GELI devices should be marked for detach on last close after
2080file systems are mounted.
2081Default is
2082.Dq Li YES .
2083This can be changed for every device separately by defining the
2084.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2085variable.
2086.It Va root_rw_mount
2087.Pq Vt bool
2088Set to
2089.Dq Li YES
2090by default.
2091After the file systems are checked at boot time, the root file system
2092is remounted as read-write if this is set to
2093.Dq Li YES .
2094Diskless systems that mount their root file system from a read-only remote
2095NFS share should set this to
2096.Dq Li NO
2097in their
2098.Pa rc.conf .
2099.It Va fsck_y_enable
2100.Pq Vt bool
2101If set to
2102.Dq Li YES ,
2103.Xr fsck 8
2104will be run with the
2105.Fl y
2106flag if the initial preen
2107of the file systems fails.
2108.It Va background_fsck
2109.Pq Vt bool
2110If set to
2111.Dq Li NO ,
2112the system will not attempt to run
2113.Xr fsck 8
2114in the background where possible.
2115.It Va background_fsck_delay
2116.Pq Vt int
2117The amount of time in seconds to sleep before starting a background
2118.Xr fsck 8 .
2119It defaults to sixty seconds to allow large applications such as
2120the X server to start before disk I/O bandwidth is monopolized by
2121.Xr fsck 8 .
2122If set to a negative number, the background file system check will be
2123delayed indefinitely to allow the administrator to run it at a more
2124convenient time.
2125For example it may be run from
2126.Xr cron 8
2127by adding a line like
2128.Pp
2129.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2130.Pp
2131to
2132.Pa /etc/crontab .
2133.It Va netfs_types
2134.Pq Vt str
2135List of file system types that are network-based.
2136This list should generally not be modified by end users.
2137Use
2138.Va extra_netfs_types
2139instead.
2140.It Va extra_netfs_types
2141.Pq Vt str
2142If set to something other than
2143.Dq Li NO
2144(the default),
2145this variable extends the list of file system types
2146for which automatic mounting at startup by
2147.Xr rc 8
2148should be delayed until the network is initialized.
2149It should contain
2150a whitespace-separated list of network file system descriptor pairs,
2151each consisting of a file system type as passed to
2152.Xr mount 8
2153and a human-readable, one-word description,
2154joined with a colon
2155.Pq Ql \&: .
2156Extending the default list in this way is only necessary
2157when third party file system types are used.
2158.It Va syslogd_enable
2159.Pq Vt bool
2160If set to
2161.Dq Li YES ,
2162run the
2163.Xr syslogd 8
2164daemon.
2165.It Va syslogd_program
2166.Pq Vt str
2167Path to
2168.Xr syslogd 8
2169(default
2170.Pa /usr/sbin/syslogd ) .
2171.It Va syslogd_flags
2172.Pq Vt str
2173If
2174.Va syslogd_enable
2175is set to
2176.Dq Li YES ,
2177these are the flags to pass to
2178.Xr syslogd 8 .
2179.It Va inetd_enable
2180.Pq Vt bool
2181If set to
2182.Dq Li YES ,
2183run the
2184.Xr inetd 8
2185daemon.
2186.It Va inetd_program
2187.Pq Vt str
2188Path to
2189.Xr inetd 8
2190(default
2191.Pa /usr/sbin/inetd ) .
2192.It Va inetd_flags
2193.Pq Vt str
2194If
2195.Va inetd_enable
2196is set to
2197.Dq Li YES ,
2198these are the flags to pass to
2199.Xr inetd 8 .
2200.It Va hastd_enable
2201.Pq Vt bool
2202If set to
2203.Dq Li YES ,
2204run the
2205.Xr hastd 8
2206daemon.
2207.It Va hastd_program
2208.Pq Vt str
2209Path to
2210.Xr hastd 8
2211(default
2212.Pa /sbin/hastd ) .
2213.It Va hastd_flags
2214.Pq Vt str
2215If
2216.Va hastd_enable
2217is set to
2218.Dq Li YES ,
2219these are the flags to pass to
2220.Xr hastd 8 .
2221.It Va local_unbound_enable
2222.Pq Vt bool
2223If set to
2224.Dq Li YES ,
2225run the
2226.Xr unbound 8
2227daemon as a local caching resolver.
2228.It Va kdc_enable
2229.Pq Vt bool
2230Set to
2231.Dq Li YES
2232to start a Kerberos 5 authentication server
2233at boot time.
2234.It Va kdc_program
2235.Pq Vt str
2236If
2237.Va kdc_enable
2238is set to
2239.Dq Li YES
2240this is the path to Kerberos 5 Authentication Server.
2241.It Va kdc_flags
2242.Pq Vt str
2243Empty by default.
2244This variable contains additional flags to be passed to the Kerberos 5
2245authentication server.
2246.It Va kadmind_enable
2247.Pq Vt bool
2248Set to
2249.Dq Li YES
2250to start
2251.Xr kadmind 8 ,
2252the Kerberos 5 Administration Daemon; set to
2253.Dq Li NO
2254on a slave server.
2255.It Va kadmind_program
2256.Pq Vt str
2257If
2258.Va kadmind_enable
2259is set to
2260.Dq Li YES
2261this is the path to Kerberos 5 Administration Daemon.
2262.It Va kpasswdd_enable
2263.Pq Vt bool
2264Set to
2265.Dq Li YES
2266to start
2267.Xr kpasswdd 8 ,
2268the Kerberos 5 Password-Changing Daemon; set to
2269.Dq Li NO
2270on a slave server.
2271.It Va kpasswdd_program
2272.Pq Vt str
2273If
2274.Va kpasswdd_enable
2275is set to
2276.Dq Li YES
2277this is the path to Kerberos 5 Password-Changing Daemon.
2278.It Va kfd_enable
2279.Pq Vt bool
2280Set to
2281.Dq Li YES
2282to start
2283.Xr kfd 8 ,
2284the Kerberos 5 ticket forwarding daemon, at the boot time.
2285.It Va kfd_program
2286.Pq Vt str
2287Path to
2288.Xr kfd 8
2289(default
2290.Pa /usr/libexec/kfd ) .
2291.It Va rwhod_enable
2292.Pq Vt bool
2293If set to
2294.Dq Li YES ,
2295run the
2296.Xr rwhod 8
2297daemon at boot time.
2298.It Va rwhod_flags
2299.Pq Vt str
2300If
2301.Va rwhod_enable
2302is set to
2303.Dq Li YES ,
2304these are the flags to pass to it.
2305.It Va amd_enable
2306.Pq Vt bool
2307If set to
2308.Dq Li YES ,
2309run the
2310.Xr amd 8
2311daemon at boot time.
2312.It Va amd_flags
2313.Pq Vt str
2314If
2315.Va amd_enable
2316is set to
2317.Dq Li YES ,
2318these are the flags to pass to it.
2319See the
2320.Xr amd 8
2321manpage for more information.
2322.It Va amd_map_program
2323.Pq Vt str
2324If set,
2325the specified program is run to get the list of
2326.Xr amd 8
2327maps.
2328For example, if the
2329.Xr amd 8
2330maps are stored in NIS, one can set this to
2331run
2332.Xr ypcat 1
2333to get a list of
2334.Xr amd 8
2335maps from the
2336.Pa amd.master
2337NIS map.
2338.It Va update_motd
2339.Pq Vt bool
2340If set to
2341.Dq Li YES ,
2342.Pa /etc/motd
2343will be updated at boot time to reflect the kernel release
2344being run.
2345If set to
2346.Dq Li NO ,
2347.Pa /etc/motd
2348will not be updated.
2349.It Va nfs_client_enable
2350.Pq Vt bool
2351If set to
2352.Dq Li YES ,
2353run the NFS client daemons at boot time.
2354.It Va nfs_access_cache
2355.Pq Vt int
2356If
2357.Va nfs_client_enable
2358is set to
2359.Dq Li YES ,
2360this can be set to
2361.Dq Li 0
2362to disable NFS ACCESS RPC caching, or to the number of seconds for which
2363NFS ACCESS
2364results should be cached.
2365A value of 2-10 seconds will substantially reduce network
2366traffic for many NFS operations.
2367.It Va nfs_server_enable
2368.Pq Vt bool
2369If set to
2370.Dq Li YES ,
2371run the NFS server daemons at boot time.
2372.It Va nfs_server_flags
2373.Pq Vt str
2374If
2375.Va nfs_server_enable
2376is set to
2377.Dq Li YES ,
2378these are the flags to pass to the
2379.Xr nfsd 8
2380daemon.
2381.It Va nfsv4_server_enable
2382.Pq Vt bool
2383If
2384.Va nfs_server_enable
2385is set to
2386.Dq Li YES
2387and
2388.Va nfsv4_server_enable
2389are set to
2390.Dq Li YES ,
2391enable the server for NFSv4 as well as NFSv2 and NFSv3.
2392.It Va nfsuserd_enable
2393.Pq Vt bool
2394If
2395.Va nfsuserd_enable
2396is set to
2397.Dq Li YES ,
2398run the nfsuserd daemon, which is needed for NFSv4 in order
2399to map between user/group names vs uid/gid numbers.
2400If
2401.Va nfsv4_server_enable
2402is set to
2403.Dq Li YES ,
2404this will be forced enabled.
2405.It Va nfsuserd_flags
2406.Pq Vt str
2407If
2408.Va nfsuserd_enable
2409is set to
2410.Dq Li YES ,
2411these are the flags to pass to the
2412.Xr nfsuserd 8
2413daemon.
2414.It Va nfscbd_enable
2415.Pq Vt bool
2416If
2417.Va nfscbd_enable
2418is set to
2419.Dq Li YES ,
2420run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2421.It Va nfscbd_flags
2422.Pq Vt str
2423If
2424.Va nfscbd_enable
2425is set to
2426.Dq Li YES ,
2427these are the flags to pass to the
2428.Xr nfscbd 8
2429daemon.
2430.It Va mountd_enable
2431.Pq Vt bool
2432If set to
2433.Dq Li YES ,
2434and no
2435.Va nfs_server_enable
2436is set, start
2437.Xr mountd 8 ,
2438but not
2439.Xr nfsd 8
2440daemon.
2441It is commonly needed to run CFS without real NFS used.
2442.It Va mountd_flags
2443.Pq Vt str
2444If
2445.Va mountd_enable
2446is set to
2447.Dq Li YES ,
2448these are the flags to pass to the
2449.Xr mountd 8
2450daemon.
2451.It Va weak_mountd_authentication
2452.Pq Vt bool
2453If set to
2454.Dq Li YES ,
2455allow services like PCNFSD to make non-privileged mount
2456requests.
2457.It Va nfs_reserved_port_only
2458.Pq Vt bool
2459If set to
2460.Dq Li YES ,
2461provide NFS services only on a secure port.
2462.It Va nfs_bufpackets
2463.Pq Vt int
2464If set to a number, indicates the number of packets worth of
2465socket buffer space to reserve on an NFS client.
2466The kernel default is typically 4.
2467Using a higher number may be
2468useful on gigabit networks to improve performance.
2469The minimum value is
24702 and the maximum is 64.
2471.It Va rpc_lockd_enable
2472.Pq Vt bool
2473If set to
2474.Dq Li YES
2475and also an NFS server or client, run
2476.Xr rpc.lockd 8
2477at boot time.
2478.It Va rpc_lockd_flags
2479.Pq Vt str
2480If
2481.Va rpc_lockd_enable
2482is set to
2483.Dq Li YES ,
2484these are the flags to pass to the
2485.Xr rpc.lockd 8
2486daemon.
2487.It Va rpc_statd_enable
2488.Pq Vt bool
2489If set to
2490.Dq Li YES
2491and also an NFS server or client, run
2492.Xr rpc.statd 8
2493at boot time.
2494.It Va rpc_statd_flags
2495.Pq Vt str
2496If
2497.Va rpc_statd_enable
2498is set to
2499.Dq Li YES ,
2500these are the flags to pass to the
2501.Xr rpc.statd 8
2502daemon.
2503.It Va rpcbind_program
2504.Pq Vt str
2505Path to
2506.Xr rpcbind 8
2507(default
2508.Pa /usr/sbin/rpcbind ) .
2509.It Va rpcbind_enable
2510.Pq Vt bool
2511If set to
2512.Dq Li YES ,
2513run the
2514.Xr rpcbind 8
2515service at boot time.
2516.It Va rpcbind_flags
2517.Pq Vt str
2518If
2519.Va rpcbind_enable
2520is set to
2521.Dq Li YES ,
2522these are the flags to pass to the
2523.Xr rpcbind 8
2524daemon.
2525.It Va keyserv_enable
2526.Pq Vt bool
2527If set to
2528.Dq Li YES ,
2529run the
2530.Xr keyserv 8
2531daemon on boot for running Secure RPC.
2532.It Va keyserv_flags
2533.Pq Vt str
2534If
2535.Va keyserv_enable
2536is set to
2537.Dq Li YES ,
2538these are the flags to pass to
2539.Xr keyserv 8
2540daemon.
2541.It Va pppoed_enable
2542.Pq Vt bool
2543If set to
2544.Dq Li YES ,
2545run the
2546.Xr pppoed 8
2547daemon at boot time to provide PPP over Ethernet services.
2548.It Va pppoed_ Ns Aq Ar provider
2549.Pq Vt str
2550.Xr pppoed 8
2551listens to requests to this
2552.Ar provider
2553and ultimately runs
2554.Xr ppp 8
2555with a
2556.Ar system
2557argument of the same name.
2558.It Va pppoed_flags
2559.Pq Vt str
2560Additional flags to pass to
2561.Xr pppoed 8 .
2562.It Va pppoed_interface
2563.Pq Vt str
2564The network interface to run
2565.Xr pppoed 8
2566on.
2567This is mandatory when
2568.Va pppoed_enable
2569is set to
2570.Dq Li YES .
2571.It Va timed_enable
2572.Pq Vt bool
2573If set to
2574.Dq Li YES ,
2575run the
2576.Xr timed 8
2577service at boot time.
2578This command is intended for networks of
2579machines where a consistent
2580.Dq "network time"
2581for all hosts must be established.
2582This is often useful in large NFS
2583environments where time stamps on files are expected to be consistent
2584network-wide.
2585.It Va timed_flags
2586.Pq Vt str
2587If
2588.Va timed_enable
2589is set to
2590.Dq Li YES ,
2591these are the flags to pass to the
2592.Xr timed 8
2593service.
2594.It Va ntpdate_enable
2595.Pq Vt bool
2596If set to
2597.Dq Li YES ,
2598run
2599.Xr ntpdate 8
2600at system startup.
2601This command is intended to
2602synchronize the system clock only
2603.Em once
2604from some standard reference.
2605.Pp
2606Note that the use of the
2607.Va ntpd_sync_on_start
2608variable is a preferred alternative to the
2609.Xr ntpdate 8
2610utility as
2611.Xr ntpdate 8
2612is to be retired from the NTP distribution.
2613.It Va ntpdate_config
2614.Pq Vt str
2615Configuration file for
2616.Xr ntpdate 8 .
2617Default
2618.Pa /etc/ntp.conf .
2619.It Va ntpdate_hosts
2620.Pq Vt str
2621A whitespace-separated list of NTP servers to synchronize with at startup.
2622The default is to use the servers listed in
2623.Va ntpdate_config ,
2624if that file exists.
2625.It Va ntpdate_program
2626.Pq Vt str
2627Path to
2628.Xr ntpdate 8
2629(default
2630.Pa /usr/sbin/ntpdate ) .
2631.It Va ntpdate_flags
2632.Pq Vt str
2633If
2634.Va ntpdate_enable
2635is set to
2636.Dq Li YES ,
2637these are the flags to pass to the
2638.Xr ntpdate 8
2639command (typically a hostname).
2640.It Va ntpd_enable
2641.Pq Vt bool
2642If set to
2643.Dq Li YES ,
2644run the
2645.Xr ntpd 8
2646command at boot time.
2647.It Va ntpd_program
2648.Pq Vt str
2649Path to
2650.Xr ntpd 8
2651(default
2652.Pa /usr/sbin/ntpd ) .
2653.It Va ntpd_config
2654.Pq Vt str
2655Path to
2656.Xr ntpd 8
2657configuration file.
2658Default
2659.Pa /etc/ntp.conf .
2660.It Va ntpd_flags
2661.Pq Vt str
2662If
2663.Va ntpd_enable
2664is set to
2665.Dq Li YES ,
2666these are the flags to pass to the
2667.Xr ntpd 8
2668daemon.
2669.It Va ntpd_sync_on_start
2670.Pq Vt bool
2671If set to
2672.Dq Li YES ,
2673.Xr ntpd 8
2674is run with the
2675.Fl g
2676flag, which syncs the system's clock on startup.
2677See
2678.Xr ntpd 8
2679for more information regarding the
2680.Fl g
2681option.
2682This is a preferred alternative to using
2683.Xr ntpdate 8
2684or specifying the
2685.Va ntpdate_enable
2686variable.
2687.It Va nis_client_enable
2688.Pq Vt bool
2689If set to
2690.Dq Li YES ,
2691run the
2692.Xr ypbind 8
2693service at system boot time.
2694.It Va nis_client_flags
2695.Pq Vt str
2696If
2697.Va nis_client_enable
2698is set to
2699.Dq Li YES ,
2700these are the flags to pass to the
2701.Xr ypbind 8
2702service.
2703.It Va nis_ypldap_enable
2704.Pq Vt bool
2705If set to
2706.Dq Li YES ,
2707run the
2708.Xr ypldap 8
2709daemon at system boot time.
2710.It Va nis_ypldap_flags
2711.Pq Vt str
2712If
2713.Va nis.ypldap_enable
2714is set to
2715.Dq Li YES ,
2716these are the flags to pass to the
2717.Xr ypldap 8
2718daemon.
2719.It Va nis_ypset_enable
2720.Pq Vt bool
2721If set to
2722.Dq Li YES ,
2723run the
2724.Xr ypset 8
2725daemon at system boot time.
2726.It Va nis_ypset_flags
2727.Pq Vt str
2728If
2729.Va nis_ypset_enable
2730is set to
2731.Dq Li YES ,
2732these are the flags to pass to the
2733.Xr ypset 8
2734daemon.
2735.It Va nis_server_enable
2736.Pq Vt bool
2737If set to
2738.Dq Li YES ,
2739run the
2740.Xr ypserv 8
2741daemon at system boot time.
2742.It Va nis_server_flags
2743.Pq Vt str
2744If
2745.Va nis_server_enable
2746is set to
2747.Dq Li YES ,
2748these are the flags to pass to the
2749.Xr ypserv 8
2750daemon.
2751.It Va nis_ypxfrd_enable
2752.Pq Vt bool
2753If set to
2754.Dq Li YES ,
2755run the
2756.Xr rpc.ypxfrd 8
2757daemon at system boot time.
2758.It Va nis_ypxfrd_flags
2759.Pq Vt str
2760If
2761.Va nis_ypxfrd_enable
2762is set to
2763.Dq Li YES ,
2764these are the flags to pass to the
2765.Xr rpc.ypxfrd 8
2766daemon.
2767.It Va nis_yppasswdd_enable
2768.Pq Vt bool
2769If set to
2770.Dq Li YES ,
2771run the
2772.Xr rpc.yppasswdd 8
2773daemon at system boot time.
2774.It Va nis_yppasswdd_flags
2775.Pq Vt str
2776If
2777.Va nis_yppasswdd_enable
2778is set to
2779.Dq Li YES ,
2780these are the flags to pass to the
2781.Xr rpc.yppasswdd 8
2782daemon.
2783.It Va rpc_ypupdated_enable
2784.Pq Vt bool
2785If set to
2786.Dq Li YES ,
2787run the
2788.Nm rpc.ypupdated
2789daemon at system boot time.
2790.It Va bsnmpd_enable
2791.Pq Vt bool
2792If set to
2793.Dq Li YES ,
2794run the
2795.Xr bsnmpd 1
2796daemon at system boot time.
2797Be sure to understand the security implications of running SNMP daemon
2798on your host.
2799.It Va bsnmpd_flags
2800.Pq Vt str
2801If
2802.Va bsnmpd_enable
2803is set to
2804.Dq Li YES ,
2805these are the flags to pass to the
2806.Xr bsnmpd 1
2807daemon.
2808.It Va defaultrouter
2809.Pq Vt str
2810If not set to
2811.Dq Li NO ,
2812create a default route to this host name or IP address
2813(use an IP address if this router is also required to get to the
2814name server!).
2815.It Va ipv6_defaultrouter
2816.Pq Vt str
2817The IPv6 equivalent of
2818.Va defaultrouter .
2819.It Va static_arp_pairs
2820.Pq Vt str
2821Set to the list of static ARP pairs that are to be added at system
2822boot time.
2823For each whitespace separated
2824.Ar element
2825in the value, a
2826.Va static_arp_ Ns Aq Ar element
2827variable is assumed to exist whose contents will later be passed to a
2828.Dq Nm arp Cm -S
2829operation.
2830For example
2831.Bd -literal
2832static_arp_pairs="gw"
2833static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2834.Ed
2835.It Va static_ndp_pairs
2836.Pq Vt str
2837Set to the list of static NDP pairs that are to be added at system
2838boot time.
2839For each whitespace separated
2840.Ar element
2841in the value, a
2842.Va static_ndp_ Ns Aq Ar element
2843variable is assumed to exist whose contents will later be passed to a
2844.Dq Nm ndp Cm -s
2845operation.
2846For example
2847.Bd -literal
2848static_ndp_pairs="gw"
2849static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2850.Ed
2851.It Va static_routes
2852.Pq Vt str
2853Set to the list of static routes that are to be added at system
2854boot time.
2855If not set to
2856.Dq Li NO
2857then for each whitespace separated
2858.Ar element
2859in the value, a
2860.Va route_ Ns Aq Ar element
2861variable is assumed to exist
2862whose contents will later be passed to a
2863.Dq Nm route Cm add
2864operation.
2865For example:
2866.Bd -literal
2867static_routes="ext mcast:gif0 gif0local:gif0"
2868route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2869route_mcast="-net 224.0.0.0/4 -iface gif0"
2870route_gif0local="-host 169.254.1.1 -iface lo0"
2871.Ed
2872.Pp
2873When an
2874.Ar element
2875is in the form of
2876.Li name:ifname ,
2877the route is specific to the interface
2878.Li ifname .
2879.It Va ipv6_static_routes
2880.Pq Vt str
2881The IPv6 equivalent of
2882.Va static_routes .
2883If not set to
2884.Dq Li NO
2885then for each whitespace separated
2886.Ar element
2887in the value, a
2888.Va ipv6_route_ Ns Aq Ar element
2889variable is assumed to exist
2890whose contents will later be passed to a
2891.Dq Nm route Cm add Fl inet6
2892operation.
2893.It Va gateway_enable
2894.Pq Vt bool
2895If set to
2896.Dq Li YES ,
2897configure host to act as an IP router, e.g.\& to forward packets
2898between interfaces.
2899.It Va ipv6_gateway_enable
2900.Pq Vt bool
2901The IPv6 equivalent of
2902.Va gateway_enable .
2903.It Va routed_enable
2904.Pq Vt bool
2905If set to
2906.Dq Li YES ,
2907run a routing daemon of some sort, based on the
2908settings of
2909.Va routed_program
2910and
2911.Va routed_flags .
2912.It Va route6d_enable
2913.Pq Vt bool
2914The IPv6 equivalent of
2915.Va routed_enable .
2916If set to
2917.Dq Li YES ,
2918run a routing daemon of some sort, based on the
2919settings of
2920.Va route6d_program
2921and
2922.Va route6d_flags .
2923.It Va routed_program
2924.Pq Vt str
2925If
2926.Va routed_enable
2927is set to
2928.Dq Li YES ,
2929this is the name of the routing daemon to use.
2930.It Va route6d_program
2931.Pq Vt str
2932The IPv6 equivalent of
2933.Va routed_program .
2934.It Va routed_flags
2935.Pq Vt str
2936If
2937.Va routed_enable
2938is set to
2939.Dq Li YES ,
2940these are the flags to pass to the routing daemon.
2941.It Va route6d_flags
2942.Pq Vt str
2943The IPv6 equivalent of
2944.Va routed_flags .
2945.It Va rtadvd_enable
2946.Pq Vt bool
2947If set to
2948.Dq Li YES ,
2949run the
2950.Xr rtadvd 8
2951daemon at boot time.
2952The
2953.Xr rtadvd 8
2954utility sends ICMPv6 Router Advertisement messages to
2955the interfaces specified in
2956.Va rtadvd_interfaces .
2957This should only be enabled with great care.
2958You may want to fine-tune
2959.Xr rtadvd.conf 5 .
2960.It Va rtadvd_interfaces
2961.Pq Vt str
2962If
2963.Va rtadvd_enable
2964is set to
2965.Dq Li YES
2966this is the list of interfaces to use.
2967.It Va arpproxy_all
2968.Pq Vt bool
2969If set to
2970.Dq Li YES ,
2971enable global proxy ARP.
2972.It Va forward_sourceroute
2973.Pq Vt bool
2974If set to
2975.Dq Li YES
2976and
2977.Va gateway_enable
2978is also set to
2979.Dq Li YES ,
2980source-routed packets are forwarded.
2981.It Va accept_sourceroute
2982.Pq Vt bool
2983If set to
2984.Dq Li YES ,
2985the system will accept source-routed packets directed at it.
2986.It Va rarpd_enable
2987.Pq Vt bool
2988If set to
2989.Dq Li YES ,
2990run the
2991.Xr rarpd 8
2992daemon at system boot time.
2993.It Va rarpd_flags
2994.Pq Vt str
2995If
2996.Va rarpd_enable
2997is set to
2998.Dq Li YES ,
2999these are the flags to pass to the
3000.Xr rarpd 8
3001daemon.
3002.It Va bootparamd_enable
3003.Pq Vt bool
3004If set to
3005.Dq Li YES ,
3006run the
3007.Xr bootparamd 8
3008daemon at system boot time.
3009.It Va bootparamd_flags
3010.Pq Vt str
3011If
3012.Va bootparamd_enable
3013is set to
3014.Dq Li YES ,
3015these are the flags to pass to the
3016.Xr bootparamd 8
3017daemon.
3018.It Va stf_interface_ipv4addr
3019.Pq Vt str
3020If not set to
3021.Dq Li NO ,
3022this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
3023interface).
3024Specify this entry to enable the 6to4 interface.
3025.It Va stf_interface_ipv4plen
3026.Pq Vt int
3027Prefix length for 6to4 IPv4 addresses, to limit peer address range.
3028An effective value is 0-31.
3029.It Va stf_interface_ipv6_ifid
3030.Pq Vt str
3031IPv6 interface ID for
3032.Xr stf 4 .
3033This can be set to
3034.Dq Li AUTO .
3035.It Va stf_interface_ipv6_slaid
3036.Pq Vt str
3037IPv6 Site Level Aggregator for
3038.Xr stf 4 .
3039.It Va ipv6_ipv4mapping
3040.Pq Vt bool
3041If set to
3042.Dq Li YES
3043this enables IPv4 mapped IPv6 address communication (like
3044.Li ::ffff:a.b.c.d ) .
3045.It Va rtsold_enable
3046.Pq Vt bool
3047Set to
3048.Dq Li YES
3049to enable the
3050.Xr rtsold 8
3051daemon to send ICMPv6 Router Solicitation messages.
3052.It Va rtsold_flags
3053.Pq Vt str
3054If
3055.Va rtsold_enable
3056is set to
3057.Dq Li YES ,
3058these are the flags to pass to
3059.Xr rtsold 8 .
3060.It Va rtsol_flags
3061.Pq Vt str
3062For interfaces configured with the
3063.Dq Li inet6 accept_rtadv
3064keyword, these are the flags to pass to
3065.Xr rtsol 8 .
3066.Pp
3067Note that
3068.Va rtsold_enable
3069is mutually exclusive to
3070.Va rtsol_flags ;
3071.Va rtsold_enable
3072takes precedence.
3073.It Va keybell
3074.Pq Vt str
3075The keyboard bell sound.
3076Set to
3077.Dq Li normal ,
3078.Dq Li visual ,
3079.Dq Li off ,
3080or
3081.Dq Li NO
3082if the default behavior is desired.
3083For details, refer to the
3084.Xr kbdcontrol 1
3085manpage.
3086.It Va keyboard
3087.Pq Vt str
3088If set to a non-null string, the virtual console's keyboard input is
3089set to this device.
3090.It Va keymap
3091.Pq Vt str
3092If set to
3093.Dq Li NO ,
3094no keymap is installed, otherwise the value is used to install
3095the keymap file found in
3096.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3097(if using
3098.Xr syscons 4 ) or
3099.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3100(if using
3101.Xr vt 4 ) .
3102.It Va keyrate
3103.Pq Vt str
3104The keyboard repeat speed.
3105Set to
3106.Dq Li slow ,
3107.Dq Li normal ,
3108.Dq Li fast ,
3109or
3110.Dq Li NO
3111if the default behavior is desired.
3112.It Va keychange
3113.Pq Vt str
3114If not set to
3115.Dq Li NO ,
3116attempt to program the function keys with the value.
3117The value should
3118be a single string of the form:
3119.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3120.It Va cursor
3121.Pq Vt str
3122Can be set to the value of
3123.Dq Li normal ,
3124.Dq Li blink ,
3125.Dq Li destructive ,
3126or
3127.Dq Li NO
3128to set the cursor behavior explicitly or choose the default behavior.
3129.It Va scrnmap
3130.Pq Vt str
3131If set to
3132.Dq Li NO ,
3133no screen map is installed, otherwise the value is used to install
3134the screen map file in
3135.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3136This parameter is ignored when using
3137.Xr vt 4
3138as the console driver.
3139.It Va font8x16
3140.Pq Vt str
3141If set to
3142.Dq Li NO ,
3143the default 8x16 font value is used for screen size requests, otherwise
3144the value in
3145.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3146or
3147.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3148is used (depending on the console driver being used).
3149.It Va font8x14
3150.Pq Vt str
3151If set to
3152.Dq Li NO ,
3153the default 8x14 font value is used for screen size requests, otherwise
3154the value in
3155.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3156or
3157.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3158is used (depending on the console driver being used).
3159.It Va font8x8
3160.Pq Vt str
3161If set to
3162.Dq Li NO ,
3163the default 8x8 font value is used for screen size requests, otherwise
3164the value in
3165.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3166or
3167.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3168is used (depending on the console driver being used).
3169.It Va blanktime
3170.Pq Vt int
3171If set to
3172.Dq Li NO ,
3173the default screen blanking interval is used, otherwise it is set
3174to
3175.Ar value
3176seconds.
3177.It Va saver
3178.Pq Vt str
3179If not set to
3180.Dq Li NO ,
3181this is the actual screen saver to use
3182.Li ( blank , snake , daemon ,
3183etc).
3184.It Va moused_nondefault_enable
3185.Pq Vt str
3186If set to
3187.Dq Li NO ,
3188the mouse device specified on
3189the command line is not automatically treated as enabled by the
3190.Pa /etc/rc.d/moused
3191script.
3192Having this variable set to
3193.Dq Li YES
3194allows a
3195.Xr usb 4
3196mouse,
3197for example,
3198to be enabled as soon as it is plugged in.
3199.It Va moused_enable
3200.Pq Vt str
3201If set to
3202.Dq Li YES ,
3203the
3204.Xr moused 8
3205daemon is started for doing cut/paste selection on the console.
3206.It Va moused_type
3207.Pq Vt str
3208This is the protocol type of the mouse connected to this host.
3209This variable must be set if
3210.Va moused_enable
3211is set to
3212.Dq Li YES .
3213The
3214.Xr moused 8
3215daemon
3216is able to detect the appropriate mouse type automatically in many cases.
3217Set this variable to
3218.Dq Li auto
3219to let the daemon detect it, or
3220select one from the following list if the automatic detection fails.
3221.Pp
3222If the mouse is attached to the PS/2 mouse port, choose
3223.Dq Li auto
3224or
3225.Dq Li ps/2 ,
3226regardless of the brand and model of the mouse.
3227Likewise, if the
3228mouse is attached to the bus mouse port, choose
3229.Dq Li auto
3230or
3231.Dq Li busmouse .
3232All other protocols are for serial mice and will not work with
3233the PS/2 and bus mice.
3234If this is a USB mouse,
3235.Dq Li auto
3236is the only protocol type which will work.
3237.Pp
3238.Bl -tag -width ".Li x10mouseremote" -compact
3239.It Li microsoft
3240Microsoft mouse (serial)
3241.It Li intellimouse
3242Microsoft IntelliMouse (serial)
3243.It Li mousesystems
3244Mouse systems Corp.\& mouse (serial)
3245.It Li mmseries
3246MM Series mouse (serial)
3247.It Li logitech
3248Logitech mouse (serial)
3249.It Li busmouse
3250A bus mouse
3251.It Li mouseman
3252Logitech MouseMan and TrackMan (serial)
3253.It Li glidepoint
3254ALPS GlidePoint (serial)
3255.It Li thinkingmouse
3256Kensington ThinkingMouse (serial)
3257.It Li ps/2
3258PS/2 mouse
3259.It Li mmhittab
3260MM HitTablet (serial)
3261.It Li x10mouseremote
3262X10 MouseRemote (serial)
3263.It Li versapad
3264Interlink VersaPad (serial)
3265.El
3266.Pp
3267Even if the mouse is not in the above list, it may be compatible
3268with one in the list.
3269Refer to the manual page for
3270.Xr moused 8
3271for compatibility information.
3272.Pp
3273It should also be noted that while this is enabled, any
3274other client of the mouse (such as an X server) should access
3275the mouse through the virtual mouse device,
3276.Pa /dev/sysmouse ,
3277and configure it as a
3278.Dq Li sysmouse
3279type mouse, since all
3280mouse data is converted to this single canonical format when
3281using
3282.Xr moused 8 .
3283If the client program does not support the
3284.Dq Li sysmouse
3285type,
3286specify the
3287.Dq Li mousesystems
3288type.
3289It is the second preferred type.
3290.It Va moused_port
3291.Pq Vt str
3292If
3293.Va moused_enable
3294is set to
3295.Dq Li YES ,
3296this is the actual port the mouse is on.
3297It might be
3298.Pa /dev/cuau0
3299for a COM1 serial mouse, or
3300.Pa /dev/psm0
3301for a PS/2 mouse, for example.
3302.It Va moused_flags
3303.Pq Vt str
3304If
3305.Va moused_flags
3306is set, its value is used as an additional set of flags to pass to the
3307.Xr moused 8
3308daemon.
3309.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3310When
3311.Va moused_nondefault_enable
3312is enabled, and a
3313.Xr moused 8
3314daemon is started for a non-default port, the
3315.Va "moused_" Ns Ar XXX Ns Va "_flags"
3316set of options has precedence over and replaces the default
3317.Va moused_flags
3318(where
3319.Ar XXX
3320is the name of the non-default port, i.e.,\&
3321.Ar ums0 ) .
3322By setting
3323.Va "moused_" Ns Ar XXX Ns Va "_flags"
3324it is possible to set up a different set of default flags for each
3325.Xr moused 8
3326instance.
3327For example, you can use
3328.Dq Li "-3"
3329for the default
3330.Va moused_flags
3331to make your laptop's touchpad more comfortable to use,
3332but an empty set of options for
3333.Va moused_ums0_flags
3334when your
3335.Xr usb 4
3336mouse has three or more buttons.
3337.It Va mousechar_start
3338.Pq Vt int
3339If set to
3340.Dq Li NO ,
3341the default mouse cursor character range
3342.Li 0xd0 Ns - Ns Li 0xd3
3343is used,
3344otherwise the range start is set
3345to
3346.Ar value
3347character, see
3348.Xr vidcontrol 1 .
3349Use if the default range is occupied in the language code table.
3350.It Va allscreens_flags
3351.Pq Vt str
3352If set,
3353.Xr vidcontrol 1
3354is run with these options for each of the virtual terminals
3355.Pq Pa /dev/ttyv* .
3356For example,
3357.Dq Fl m Cm on
3358will enable the mouse pointer on all virtual terminals
3359if
3360.Va moused_enable
3361is set to
3362.Dq Li YES .
3363.It Va allscreens_kbdflags
3364.Pq Vt str
3365If set,
3366.Xr kbdcontrol 1
3367is run with these options for each of the virtual terminals
3368.Pq Pa /dev/ttyv* .
3369For example,
3370.Dq Fl h Li 200
3371will set the
3372.Xr syscons 4
3373or
3374.Xr vt 4
3375scrollback (history) buffer to 200 lines.
3376.It Va cron_enable
3377.Pq Vt bool
3378If set to
3379.Dq Li YES ,
3380run the
3381.Xr cron 8
3382daemon at system boot time.
3383.It Va cron_program
3384.Pq Vt str
3385Path to
3386.Xr cron 8
3387(default
3388.Pa /usr/sbin/cron ) .
3389.It Va cron_flags
3390.Pq Vt str
3391If
3392.Va cron_enable
3393is set to
3394.Dq Li YES ,
3395these are the flags to pass to
3396.Xr cron 8 .
3397.It Va cron_dst
3398.Pq Vt bool
3399If set to
3400.Dq Li YES ,
3401enable the special handling of transitions to and from the
3402Daylight Saving Time in
3403.Xr cron 8
3404(equivalent to using the flag
3405.Fl s ) .
3406.It Va lpd_program
3407.Pq Vt str
3408Path to
3409.Xr lpd 8
3410(default
3411.Pa /usr/sbin/lpd ) .
3412.It Va lpd_enable
3413.Pq Vt bool
3414If set to
3415.Dq Li YES ,
3416run the
3417.Xr lpd 8
3418daemon at system boot time.
3419.It Va lpd_flags
3420.Pq Vt str
3421If
3422.Va lpd_enable
3423is set to
3424.Dq Li YES ,
3425these are the flags to pass to the
3426.Xr lpd 8
3427daemon.
3428.It Va chkprintcap_enable
3429.Pq Vt bool
3430If set to
3431.Dq Li YES ,
3432run the
3433.Xr chkprintcap 8
3434command before starting the
3435.Xr lpd 8
3436daemon.
3437.It Va chkprintcap_flags
3438.Pq Vt str
3439If
3440.Va lpd_enable
3441and
3442.Va chkprintcap_enable
3443are set to
3444.Dq Li YES ,
3445these are the flags to pass to the
3446.Xr chkprintcap 8
3447program.
3448The default is
3449.Dq Li -d ,
3450which causes missing directories to be created.
3451.It Va mta_start_script
3452.Pq Vt str
3453This variable specifies the full path to the script to run to start
3454a mail transfer agent.
3455The default is
3456.Pa /etc/rc.sendmail .
3457The
3458.Va sendmail_*
3459variables which
3460.Pa /etc/rc.sendmail
3461uses are documented in the
3462.Xr rc.sendmail 8
3463manual page.
3464.It Va dumpdev
3465.Pq Vt str
3466Indicates the device (usually a swap partition) to which a crash dump
3467should be written in the event of a system crash.
3468If the value of this variable is
3469.Dq Li AUTO ,
3470the first suitable swap device listed in
3471.Pa /etc/fstab
3472will be used as dump device.
3473Otherwise, the value of this variable is passed as the argument to
3474.Xr dumpon 8
3475and
3476.Xr savecore 8 .
3477To disable crash dumps, set this variable to
3478.Dq Li NO .
3479.It Va dumpon_flags
3480.Pq Vt str
3481Flags to pass to
3482.Xr dumpon 8
3483when configuring
3484.Va dumpdev
3485as the system dump device.
3486.It Va dumpdir
3487.Pq Vt str
3488When the system reboots after a crash and a crash dump is found on the
3489device specified by the
3490.Va dumpdev
3491variable,
3492.Xr savecore 8
3493will save that crash dump and a copy of the kernel to the directory
3494specified by the
3495.Va dumpdir
3496variable.
3497The default value is
3498.Pa /var/crash .
3499Set to
3500.Dq Li NO
3501to not run
3502.Xr savecore 8
3503at boot time when
3504.Va dumpdir
3505is set.
3506.It Va savecore_enable
3507.Pq Vt bool
3508If set to
3509.Dq Li NO ,
3510disable automatic extraction of the crash dump from the
3511.Va dumpdev .
3512.It Va savecore_flags
3513.Pq Vt str
3514If crash dumps are enabled, these are the flags to pass to the
3515.Xr savecore 8
3516utility.
3517.It Va quota_enable
3518.Pq Vt bool
3519Set to
3520.Dq Li YES
3521to turn on user and group disk quotas on system startup via the
3522.Xr quotaon 8
3523command for all file systems marked as having quotas enabled in
3524.Pa /etc/fstab .
3525The kernel must be built with
3526.Cd "options QUOTA"
3527for disk quotas to function.
3528.It Va check_quotas
3529.Pq Vt bool
3530Set to
3531.Dq Li YES
3532to enable user and group disk quota checking via the
3533.Xr quotacheck 8
3534command.
3535.It Va quotacheck_flags
3536.Pq Vt str
3537If
3538.Va quota_enable
3539is set to
3540.Dq Li YES ,
3541and
3542.Va check_quotas
3543is set to
3544.Dq Li YES ,
3545these are the flags to pass to the
3546.Xr quotacheck 8
3547utility.
3548The default is
3549.Dq Li "-a" ,
3550which checks quotas for all file systems with quotas enabled in
3551.Pa /etc/fstab .
3552.It Va quotaon_flags
3553.Pq Vt str
3554If
3555.Va quota_enable
3556is set to
3557.Dq Li YES ,
3558these are the flags to pass to the
3559.Xr quotaon 8
3560utility.
3561The default is
3562.Dq Li "-a" ,
3563which enables quotas for all file systems with quotas enabled in
3564.Pa /etc/fstab .
3565.It Va quotaoff_flags
3566.Pq Vt str
3567If
3568.Va quota_enable
3569is set to
3570.Dq Li YES ,
3571these are the flags to pass to the
3572.Xr quotaoff 8
3573utility when shutting down the quota system.
3574The default is
3575.Dq Li "-a" ,
3576which disables quotas for all file systems with quotas enabled in
3577.Pa /etc/fstab .
3578.It Va accounting_enable
3579.Pq Vt bool
3580Set to
3581.Dq Li YES
3582to enable system accounting through the
3583.Xr accton 8
3584facility.
3585.It Va firstboot_sentinel
3586.Pq Vt str
3587This variable specifies the full path to a
3588.Dq first boot
3589sentinel file.
3590If a file exists with this path,
3591.Pa rc.d
3592scripts with the
3593.Dq firstboot
3594keyword will be run on startup and the sentinel file will be deleted
3595after the boot process completes.
3596The sentinel file must be located on a writable file system which is
3597mounted no later than
3598.Va early_late_divider
3599to function properly.
3600The default is
3601.Pa /firstboot .
3602.It Va linux_enable
3603.Pq Vt bool
3604Set to
3605.Dq Li YES
3606to enable Linux/ELF binary emulation at system initial
3607boot time.
3608.It Va sysvipc_enable
3609.Pq Vt bool
3610If set to
3611.Dq Li YES ,
3612load System V IPC primitives at boot time.
3613.It Va clear_tmp_enable
3614.Pq Vt bool
3615Set to
3616.Dq Li YES
3617to have
3618.Pa /tmp
3619cleaned at startup.
3620.It Va clear_tmp_X
3621.Pq Vt bool
3622Set to
3623.Dq Li NO
3624to disable removing of X11 lock files,
3625and the removal and (secure) recreation
3626of the various socket directories for X11
3627related programs.
3628.It Va ldconfig_paths
3629.Pq Vt str
3630Set to the list of shared library paths to use with
3631.Xr ldconfig 8 .
3632NOTE:
3633.Pa /lib
3634and
3635.Pa /usr/lib
3636will always be added first, so they need not appear in this list.
3637.It Va ldconfig32_paths
3638.Pq Vt str
3639Set to the list of 32-bit compatibility shared library paths to
3640use with
3641.Xr ldconfig 8 .
3642.It Va ldconfig_insecure
3643.Pq Vt bool
3644The
3645.Xr ldconfig 8
3646utility normally refuses to use directories
3647which are writable by anyone except root.
3648Set this variable to
3649.Dq Li YES
3650to disable that security check during system startup.
3651.It Va ldconfig_local_dirs
3652.Pq Vt str
3653Set to the list of local
3654.Xr ldconfig 8
3655directories.
3656The names of all files in the directories listed will be
3657passed as arguments to
3658.Xr ldconfig 8 .
3659.It Va ldconfig_local32_dirs
3660.Pq Vt str
3661Set to the list of local 32-bit compatibility
3662.Xr ldconfig 8
3663directories.
3664The names of all files in the directories listed will be
3665passed as arguments to
3666.Dq Nm ldconfig Fl 32 .
3667.It Va kern_securelevel_enable
3668.Pq Vt bool
3669Set to
3670.Dq Li YES
3671to set the kernel security level at system startup.
3672.It Va kern_securelevel
3673.Pq Vt int
3674The kernel security level to set at startup.
3675The allowed range of
3676.Ar value
3677ranges from \-1 (the compile time default) to 3 (the
3678most secure).
3679See
3680.Xr security 7
3681for the list of possible security levels and their effect
3682on system operation.
3683.It Va sshd_program
3684.Pq Vt str
3685Path to the SSH server program
3686.Pa ( /usr/sbin/sshd
3687is the default).
3688.It Va sshd_enable
3689.Pq Vt bool
3690Set to
3691.Dq Li YES
3692to start
3693.Xr sshd 8
3694at system boot time.
3695.It Va sshd_flags
3696.Pq Vt str
3697If
3698.Va sshd_enable
3699is set to
3700.Dq Li YES ,
3701these are the flags to pass to the
3702.Xr sshd 8
3703daemon.
3704.It Va ftpd_program
3705.Pq Vt str
3706Path to the FTP server program
3707.Pa ( /usr/libexec/ftpd
3708is the default).
3709.It Va ftpd_enable
3710.Pq Vt bool
3711Set to
3712.Dq Li YES
3713to start
3714.Xr ftpd 8
3715as a stand-alone daemon at system boot time.
3716.It Va ftpd_flags
3717.Pq Vt str
3718If
3719.Va ftpd_enable
3720is set to
3721.Dq Li YES ,
3722these are the additional flags to pass to the
3723.Xr ftpd 8
3724daemon.
3725.It Va watchdogd_enable
3726.Pq Vt bool
3727If set to
3728.Dq Li YES ,
3729start the
3730.Xr watchdogd 8
3731daemon at boot time.
3732This requires that the kernel have been compiled with a
3733.Xr watchdog 4
3734compatible device.
3735.It Va watchdogd_flags
3736.Pq Vt str
3737If
3738.Va watchdogd_enable
3739is set to
3740.Dq Li YES ,
3741these are the flags passed to the
3742.Xr watchdogd 8
3743daemon.
3744.It Va watchdogd_timeout
3745.Pq Vt int
3746If
3747.Va watchdogd_enable
3748is set to
3749.Dq Li YES ,
3750this is a timeout that will be used by the
3751.Xr watchdogd 8
3752daemon.
3753If this option is set, it overrides
3754.Fl t
3755in
3756.Va watchdogd_flags .
3757.It Va watchdogd_shutdown_timeout
3758.Pq Vt int
3759If
3760.Va watchdogd_enable
3761is set to
3762.Dq Li YES ,
3763this is a timeout that will be set by the
3764.Xr watchdogd 8
3765daemon when it exits during the system shutdown.
3766This timeout will not be set when returning to the single-user mode
3767or when the watchdogd service is stopped individually using the
3768.Xr service 8
3769command or the rc.d script.
3770Note that the timeout will be applied if
3771.Xr watchdogd 8
3772is stopped outside of
3773.Xr rc 8
3774framework.
3775If this option is set, it overrides
3776.Fl x
3777in
3778.Va watchdogd_flags .
3779.It Va devfs_rulesets
3780.Pq Vt str
3781List of files containing sets of rules for
3782.Xr devfs 8 .
3783.It Va devfs_system_ruleset
3784.Pq Vt str
3785Rule name(s) to apply to the system
3786.Pa /dev
3787itself.
3788.It Va devfs_set_rulesets
3789.Pq Vt str
3790Pairs of already-mounted
3791.Pa dev
3792directories and rulesets that should be applied to them.
3793For example: /mount/dev=ruleset_name
3794.It Va devfs_load_rulesets
3795.Pq Vt bool
3796If set, always load the default rulesets listed in
3797.Va devfs_rulesets .
3798.It Va performance_cx_lowest
3799.Pq Vt str
3800CPU idle state to use while on AC power.
3801The string
3802.Dq Li LOW
3803indicates that
3804.Xr acpi 4
3805should use the lowest power state available while
3806.Dq Li HIGH
3807indicates that the lowest latency state (less power savings) should be used.
3808.It Va performance_cpu_freq
3809.Pq Vt str
3810CPU clock frequency to use while on AC power.
3811The string
3812.Dq Li LOW
3813indicates that
3814.Xr cpufreq 4
3815should use the lowest frequency available while
3816.Dq Li HIGH
3817indicates that the highest frequency (less power savings) should be used.
3818.It Va economy_cx_lowest
3819.Pq Vt str
3820CPU idle state to use when off AC power.
3821The string
3822.Dq Li LOW
3823indicates that
3824.Xr acpi 4
3825should use the lowest power state available while
3826.Dq Li HIGH
3827indicates that the lowest latency state (less power savings) should be used.
3828.It Va economy_cpu_freq
3829.Pq Vt str
3830CPU clock frequency to use when off AC power.
3831The string
3832.Dq Li LOW
3833indicates that
3834.Xr cpufreq 4
3835should use the lowest frequency available while
3836.Dq Li HIGH
3837indicates that the highest frequency (less power savings) should be used.
3838.It Va jail_enable
3839.Pq Vt bool
3840If set to
3841.Dq Li NO ,
3842any configured jails will not be started.
3843.It Va jail_conf
3844.Pq Vt str
3845The configuration filename used by
3846.Xr jail 8
3847utility.
3848The default value is
3849.Pa /etc/jail.conf .
3850.It Va jail_parallel_start
3851.Pq Vt bool
3852If set to
3853.Dq Li YES ,
3854all configured jails will be started in the background (in parallel).
3855.It Va jail_flags
3856.Pq Vt str
3857Unset by default.
3858When set, use as default value for
3859.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3860for every jail in
3861.Va jail_list .
3862.It Va jail_list
3863.Pq Vt str
3864A space-delimited list of jail names.
3865When left empty, all of the
3866.Xr jail 8
3867instances defined in the configuration file are started.
3868The names specified in this list control the jail startup order.
3869.Xr jail 8
3870instances missing from
3871.Va jail_list
3872must be started manually.
3873Note that a jail's
3874.Va depend
3875parameter in the configuration file may override this list.
3876.It Va jail_reverse_stop
3877.Pq Vt bool
3878When set to
3879.Dq Li YES ,
3880all configured jails in
3881.Va jail_list
3882are stopped in reverse order.
3883.It Va jail_ Ns * variables
3884Note that older releases supported per-jail configuration via
3885.Nm
3886variables.
3887For example,
3888hostname of a jail named
3889.Li vjail
3890was able to be set by
3891.Li jail_vjail_hostname .
3892These per-jail configuration variables are now obsolete in favor of
3893.Xr jail 8
3894configuration file.
3895For backward compatibility,
3896when per-jail configuration variables are defined,
3897.Xr jail 8
3898configuration files are created as
3899.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3900and used.
3901.Pp
3902The following per-jail parameters are handled by
3903.Pa rc.d/jail
3904script out of their corresponding
3905.Nm
3906variables.
3907In addition to them, parameters in
3908.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3909will be added to the configuration file.
3910They must be a semi-colon
3911.Pq Ql \&;
3912delimited list of
3913.Dq key=value .
3914For more details,
3915see
3916.Xr jail 8
3917manual page.
3918.Bl  -tag -width "host.hostname" -offset indent
3919.It Li path
3920set from
3921.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3922.It Li host.hostname
3923set from
3924.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3925.It Li exec.consolelog
3926set from
3927.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3928The default value is
3929.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3930.It Li interface
3931set from
3932.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3933.It Li vnet.interface
3934set from
3935.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3936This implies
3937.Li vnet
3938parameter will be enabled and cannot be specified with
3939.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3940.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3941and/or
3942.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3943at the same time.
3944.It Li fstab
3945set from
3946.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3947.It Li mount
3948set from
3949.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
3950.It Li exec.fib
3951set from
3952.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3953.It Li exec.start
3954set from
3955.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
3956The parameter name was
3957.Li command
3958in some older releases.
3959.It Li exec.prestart
3960set from
3961.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
3962.It Li exec.poststart
3963set from
3964.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
3965.It Li exec.stop
3966set from
3967.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3968.It Li exec.prestop
3969set from
3970.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
3971.It Li exec.poststop
3972set from
3973.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
3974.It Li ip4.addr
3975set if
3976.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3977or
3978.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3979contain IPv4 addresses
3980.It Li ip6.addr
3981set if
3982.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3983or
3984.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3985contain IPv6 addresses
3986.It Li allow.mount
3987set from
3988.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3989.It Li mount.devfs
3990set from
3991.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3992.It Li devfs_ruleset
3993set from
3994.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
3995This must be an integer,
3996not a string.
3997.It Li mount.fdescfs
3998set from
3999.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
4000.It Li allow.set_hostname
4001set from
4002.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4003.It Li allow.rawsocket
4004set from
4005.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4006.It Li allow.sysvipc
4007set from
4008.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4009.El
4010.\" -----------------------------------------------------
4011.It Va harvest_mask
4012.Pq Vt int
4013Set to a bit-mask
4014representing the entropy sources
4015you wish to harvest.
4016Refer to
4017.Xr random 4
4018for more information.
4019.It Va entropy_dir
4020.Pq Vt str
4021Set to
4022.Dq Li NO
4023to disable caching entropy via
4024.Xr cron 8 .
4025Otherwise set to the directory
4026in which the entropy files are stored.
4027To be useful,
4028there must be
4029a system cron job
4030that regularly writes and rotates
4031files here.
4032All files found
4033will be used at boot time.
4034The default is
4035.Pa /var/db/entropy .
4036.It Va entropy_file
4037.Pq Vt str
4038Set to
4039.Dq Li NO
4040to disable caching entropy through reboots.
4041Otherwise set to the name
4042of a file used to store cached entropy.
4043This file should be located
4044on a file system that is readable
4045before all the volumes specified in
4046.Xr fstab 5
4047are mounted.
4048By default,
4049.Pa /entropy
4050is used,
4051but if
4052.Pa /var/db/entropy-file
4053is found it will also be used.
4054This will be of some use to
4055.Xr bsdinstall 8 .
4056.It Va entropy_boot_file
4057.Pq Vt str
4058Set to
4059.Dq Li NO
4060to disable
4061very early caching entropy
4062through reboots.
4063Otherwise set to the filename
4064used to read
4065very early reboot cached entropy.
4066This file should be located where
4067.Xr loader 8
4068can read it.
4069See also
4070.Xr loader.conf 5 .
4071The default location is
4072.Pa /boot/entropy .
4073.It Va entropy_save_sz
4074.Pq Vt int
4075Size of the entropy cache files saved by
4076.Nm save-entropy
4077periodically.
4078.It Va entropy_save_num
4079.Pq Vt int
4080Number of entropy cache files to save by
4081.Nm save-entropy
4082periodically.
4083.It Va ipsec_enable
4084.Pq Vt bool
4085Set to
4086.Dq Li YES
4087to run
4088.Xr setkey 8
4089on
4090.Va ipsec_file
4091at boot time.
4092.It Va ipsec_file
4093.Pq Vt str
4094Configuration file for
4095.Xr setkey 8 .
4096.It Va dmesg_enable
4097.Pq Vt bool
4098Set to
4099.Dq Li YES
4100to save
4101.Xr dmesg 8
4102to
4103.Pa /var/run/dmesg.boot
4104on boot.
4105.It Va rcshutdown_timeout
4106.Pq Vt int
4107If set, start a watchdog timer in the background which will terminate
4108.Pa rc.shutdown
4109if
4110.Xr shutdown 8
4111has not completed within the specified time (in seconds).
4112Notice that in addition to this soft timeout,
4113.Xr init 8
4114also applies a hard timeout for the execution of
4115.Pa rc.shutdown .
4116This is configured via
4117.Xr sysctl 8
4118variable
4119.Va kern.init_shutdown_timeout
4120and defaults to 120 seconds.
4121Setting the value of
4122.Va rcshutdown_timeout
4123to more than 120 seconds will have no effect until the
4124.Xr sysctl 8
4125variable
4126.Va kern.init_shutdown_timeout
4127is also increased.
4128.It Va virecover_enable
4129.Pq Vt bool
4130Set to
4131.Dq Li NO
4132to prevent the system from trying to
4133recover pre-maturely terminated
4134.Xr vi 1
4135sessions.
4136.It Va ugidfw_enable
4137.Pq Vt bool
4138Set to
4139.Dq Li YES
4140to load the
4141.Xr mac_bsdextended 4
4142module upon system initialization and load a default
4143ruleset file.
4144.It Va bsdextended_script
4145.Pq Vt str
4146The default
4147.Xr mac_bsdextended 4
4148ruleset file to load.
4149The default value of this variable is
4150.Pa /etc/rc.bsdextended .
4151.It Va newsyslog_enable
4152.Pq Vt bool
4153If set to
4154.Dq Li YES ,
4155run
4156.Xr newsyslog 8
4157command at startup.
4158.It Va newsyslog_flags
4159.Pq Vt str
4160If
4161.Va newsyslog_enable
4162is set to
4163.Dq Li YES ,
4164these are the flags to pass to the
4165.Xr newsyslog 8
4166program.
4167The default is
4168.Dq Li -CN ,
4169which causes log files flagged with a
4170.Cm C
4171to be created.
4172.It Va mdconfig_md Ns Aq Ar X
4173.Pq Vt str
4174Arguments to
4175.Xr mdconfig 8
4176for
4177.Xr md 4
4178device
4179.Ar X .
4180At minimum a
4181.Fl t Ar type
4182must be specified and either a
4183.Fl s Ar size
4184for malloc or swap backed
4185.Xr md 4
4186devices or a
4187.Fl f Ar file
4188for vnode backed
4189.Xr md 4
4190devices.
4191Note that
4192.Va mdconfig_md Ns Aq Ar X
4193variables are evaluated until one variable is unset or null.
4194.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4195.Pq Vt str
4196Optional arguments passed to
4197.Xr newfs 8
4198to initialize
4199.Xr md 4
4200device
4201.Ar X .
4202.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4203.Pq Vt str
4204An ownership specification passed to
4205.Xr chown 8
4206after the specified
4207.Xr md 4
4208device
4209.Ar X
4210has been mounted.
4211Both the
4212.Xr md 4
4213device and the mount point will be changed.
4214.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4215.Pq Vt str
4216A mode string passed to
4217.Xr chmod 1
4218after the specified
4219.Xr md 4
4220device
4221.Ar X
4222has been mounted.
4223Both the
4224.Xr md 4
4225device and the mount point will be changed.
4226.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4227.Pq Vt str
4228Files to be copied to the mount point of the
4229.Xr md 4
4230device
4231.Ar X
4232after it has been mounted.
4233.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4234.Pq Vt str
4235Command to execute after the specified
4236.Xr md 4
4237device
4238.Ar X
4239has been mounted.
4240Note that the command is passed to
4241.Ic eval
4242and that both
4243.Va _dev
4244and
4245.Va _mp
4246variables can be used to reference respectively the
4247.Xr md 4
4248device and the mount point.
4249Assuming that the
4250.Xr md 4
4251device is
4252.Li md0 ,
4253one could set the following:
4254.Bd -literal
4255mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4256.Ed
4257.It Va autobridge_interfaces
4258.Pq Vt str
4259Set to the list of bridge interfaces that will have newly arriving interfaces
4260checked against to be automatically added.
4261If not set to
4262.Dq Li NO
4263then for each whitespace separated
4264.Ar element
4265in the value, a
4266.Va autobridge_ Ns Aq Ar element
4267variable is assumed to exist which has a whitespace separated list of interface
4268names to match, these names can use wildcards.
4269For example:
4270.Bd -literal
4271autobridge_interfaces="bridge0"
4272autobridge_bridge0="tap* dc0 vlan[345]"
4273.Ed
4274.It Va mixer_enable
4275.Pq Vt bool
4276If set to
4277.Dq Li YES ,
4278enable support for sound mixer.
4279.It Va hcsecd_enable
4280.Pq Vt bool
4281If set to
4282.Dq Li YES ,
4283enable Bluetooth security daemon.
4284.It Va hcsecd_config
4285.Pq Vt str
4286Configuration file for
4287.Xr hcsecd 8 .
4288Default
4289.Pa /etc/bluetooth/hcsecd.conf .
4290.It Va sdpd_enable
4291.Pq Vt bool
4292If set to
4293.Dq Li YES ,
4294enable Bluetooth Service Discovery Protocol daemon.
4295.It Va sdpd_control
4296.Pq Vt str
4297Path to
4298.Xr sdpd 8
4299control socket.
4300Default
4301.Pa /var/run/sdp .
4302.It Va sdpd_groupname
4303.Pq Vt str
4304Sets
4305.Xr sdpd 8
4306group to run as after it initializes.
4307Default
4308.Dq Li nobody .
4309.It Va sdpd_username
4310.Pq Vt str
4311Sets
4312.Xr sdpd 8
4313user to run as after it initializes.
4314Default
4315.Dq Li nobody .
4316.It Va bthidd_enable
4317.Pq Vt bool
4318If set to
4319.Dq Li YES ,
4320enable Bluetooth Human Interface Device daemon.
4321.It Va bthidd_config
4322.Pq Vt str
4323Configuration file for
4324.Xr bthidd 8 .
4325Default
4326.Pa /etc/bluetooth/bthidd.conf .
4327.It Va bthidd_hids
4328.Pq Vt str
4329Path to a file, where
4330.Xr bthidd 8
4331will store information about known HID devices.
4332Default
4333.Pa /var/db/bthidd.hids .
4334.It Va rfcomm_pppd_server_enable
4335.Pq Vt bool
4336If set to
4337.Dq Li YES ,
4338enable Bluetooth RFCOMM PPP wrapper daemon.
4339.It Va rfcomm_pppd_server_profile
4340.Pq Vt str
4341The name of the profile to use from
4342.Pa /etc/ppp/ppp.conf .
4343Multiple profiles can be specified here.
4344Also used to specify per-profile overrides.
4345When the profile name contains any of the characters
4346.Dq Li .-/+
4347they are translated to
4348.Dq Li _
4349for the proposes of the override variable names.
4350.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4351.Pq Vt str
4352Overrides local address to listen on.
4353By default
4354.Xr rfcomm_pppd 8
4355will listen on
4356.Dq Li ANY
4357address.
4358The address can be specified as BD_ADDR or name.
4359.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4360.Pq Vt str
4361Overrides local RFCOMM channel to listen on.
4362By default
4363.Xr rfcomm_pppd 8
4364will listen on RFCOMM channel 1.
4365Must set properly if multiple profiles used in the same time.
4366.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4367.Pq Vt bool
4368Tells
4369.Xr rfcomm_pppd 8
4370if it should register Serial Port service on the specified RFCOMM channel.
4371Default
4372.Dq Li NO .
4373.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4374.Pq Vt bool
4375Tells
4376.Xr rfcomm_pppd 8
4377if it should register Dial-Up Networking service on the specified
4378RFCOMM channel.
4379Default
4380.Dq Li NO .
4381.It Va ubthidhci_enable
4382.Pq Vt bool
4383If set to
4384.Dq Li YES ,
4385change the USB Bluetooth controller from HID mode to HCI mode.
4386You also need to specify the location of USB Bluetooth controller with the
4387.Va ubthidhci_busnum
4388and
4389.Va ubthidhci_addr
4390variables.
4391.It Va ubthidhci_busnum
4392Bus number where the USB Bluetooth controller is located.
4393Check the output of
4394.Xr usbconfig 8
4395on your system to find this information.
4396.It Va ubthidhci_addr
4397Bus address of the USB Bluetooth controller.
4398Check the output of
4399.Xr usbconfig 8
4400on your system to find this information.
4401.It Va netwait_enable
4402.Pq Vt bool
4403If set to
4404.Dq Li YES ,
4405delays the start of network-reliant services until
4406.Va netwait_if
4407is up and ICMP packets to a destination defined in
4408.Va netwait_ip
4409are flowing.
4410Link state is examined first, followed by
4411.Dq Li pinging
4412an IP address to verify network usability.
4413If no destination can be reached or timeouts are exceeded,
4414network services are started anyway with no guarantee that
4415the network is usable.
4416Use of this variable requires both
4417.Va netwait_ip
4418and
4419.Va netwait_if
4420to be set.
4421.It Va netwait_ip
4422.Pq Vt str
4423Empty by default.
4424This variable contains a space-delimited list of IP addresses to
4425.Xr ping 8 .
4426DNS hostnames should not be used as resolution is not guaranteed
4427to be functional at this point.
4428If multiple IP addresses are specified,
4429each will be tried until one is successful or the list is exhausted.
4430.It Va netwait_timeout
4431.Pq Vt int
4432Indicates the total number of seconds to perform a
4433.Dq Li ping
4434against each IP address in
4435.Va netwait_ip ,
4436at a rate of one ping per second.
4437If any of the pings are successful,
4438full network connectivity is considered reliable.
4439The default is 60.
4440.It Va netwait_if
4441.Pq Vt str
4442Empty by default.
4443Defines the name of the network interface on which watch for link.
4444.Xr ifconfig 8
4445is used to monitor the interface, looking for
4446.Dq Li status: no carrier .
4447Once gone, the link is considered up.
4448This can be a
4449.Xr vlan 4
4450interface if desired.
4451.It Va netwait_if_timeout
4452.Pq Vt int
4453Defines the total number of seconds to wait for link to become usable,
4454polled at a 1-second interval.
4455The default is 30.
4456.It Va rctl_enable
4457.Pq Vt bool
4458If set to
4459.Dq Li YES ,
4460load
4461.Xr rctl 8
4462rules from the defined ruleset.
4463The kernel must be built with
4464.Cd "options RACCT"
4465and
4466.Cd "options RCTL" .
4467.It Va rctl_rules
4468.Pq Vt str
4469Set to
4470.Pa /etc/rctl.conf
4471by default.
4472This variables contains the
4473.Xr rctl.conf 5
4474ruleset to load for
4475.Xr rctl 8 .
4476.It Va iovctl_files
4477.Pq Vt str
4478A space-separated list of configuration files used by
4479.Xr iovctl 8 .
4480The default value is an empty string.
4481.It Va autofs_enable
4482.Pq Vt bool
4483If set to
4484.Dq Li YES ,
4485start the
4486.Xr automount 8
4487utility and the
4488.Xr automountd 8
4489and
4490.Xr autounmountd 8
4491daemons at boot time.
4492.It Va automount_flags
4493.Pq Vt str
4494If
4495.Va autofs_enable
4496is set to
4497.Dq Li YES ,
4498these are the flags to pass to the
4499.Xr automount 8
4500program.
4501By default no flags are passed.
4502.It Va automountd_flags
4503.Pq Vt str
4504If
4505.Va autofs_enable
4506is set to
4507.Dq Li YES ,
4508these are the flags to pass to the
4509.Xr automountd 8
4510daemon.
4511By default no flags are passed.
4512.It Va autounmountd_flags
4513.Pq Vt str
4514If
4515.Va autofs_enable
4516is set to
4517.Dq Li YES ,
4518these are the flags to pass to the
4519.Xr autounmountd 8
4520daemon.
4521By default no flags are passed.
4522.It Va ctld_enable
4523.Pq Vt bool
4524If set to
4525.Dq Li YES ,
4526start the
4527.Xr ctld 8
4528daemon at boot time.
4529.It Va iscsid_enable
4530.Pq Vt bool
4531If set to
4532.Dq Li YES ,
4533start the
4534.Xr iscsid 8
4535daemon at boot time.
4536.It Va iscsictl_enable
4537.Pq Vt bool
4538If set to
4539.Dq Li YES ,
4540start the
4541.Xr iscsictl 8
4542utility at boot time.
4543.It Va iscsictl_flags
4544.Pq Vt str
4545If
4546.Va iscsictl_enable
4547is set to
4548.Dq Li YES ,
4549these are the flags to pass to the
4550.Xr iscsictl 8
4551program.
4552The default is
4553.Dq Li -Aa ,
4554which configures sessions based on the
4555.Pa /etc/iscsi.conf
4556configuration file.
4557.It Va cfumass_enable
4558.Pq Vt bool
4559If set to
4560.Dq Li YES ,
4561create and export an USB LUN using
4562.Xr cfumass 4
4563at boot time.
4564.It Va cfumass_dir
4565.Pq Vt str
4566The directory where the files exported by USB LUN are located.
4567The default directory is
4568.Pa /var/cfumass .
4569.It Va service_delete_empty
4570.Pq Vt bool
4571If set to
4572.Dq Li YES ,
4573.Ql Li service delete
4574removes empty
4575.Dq Li rc.conf.d
4576files.
4577.It Va zfs_bootonce_activate
4578.Pq Vt bool
4579If set to
4580.Dq Li YES ,
4581and a boot environment marked bootonce is successfully booted,
4582it will be made permanently active.
4583.El
4584.Sh FILES
4585.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4586.It Pa /etc/defaults/rc.conf
4587.It Pa /etc/defaults/vendor.conf
4588.It Pa /etc/rc.conf
4589.It Pa /etc/rc.conf.local
4590.El
4591.Sh SEE ALSO
4592.Xr chmod 1 ,
4593.Xr gdb 1 ,
4594.Xr info 1 ,
4595.Xr kbdcontrol 1 ,
4596.Xr makewhatis 1 ,
4597.Xr sh 1 ,
4598.Xr vi 1 ,
4599.Xr vidcontrol 1 ,
4600.Xr bridge 4 ,
4601.Xr dummynet 4 ,
4602.Xr ip 4 ,
4603.Xr ipf 4 ,
4604.Xr ipfw 4 ,
4605.Xr ipnat 4 ,
4606.Xr kld 4 ,
4607.Xr pf 4 ,
4608.Xr pflog 4 ,
4609.Xr pfsync 4 ,
4610.Xr tcp 4 ,
4611.Xr udp 4 ,
4612.Xr exports 5 ,
4613.Xr fstab 5 ,
4614.Xr ipf 5 ,
4615.Xr ipnat 5 ,
4616.Xr jail.conf 5 ,
4617.Xr loader.conf 5 ,
4618.Xr motd 5 ,
4619.Xr newsyslog.conf 5 ,
4620.Xr pf.conf 5 ,
4621.Xr security 7 ,
4622.Xr accton 8 ,
4623.Xr amd 8 ,
4624.Xr apm 8 ,
4625.Xr bsdinstall 8 ,
4626.Xr bthidd 8 ,
4627.Xr chkprintcap 8 ,
4628.Xr chown 8 ,
4629.Xr cron 8 ,
4630.Xr devfs 8 ,
4631.Xr dhclient 8 ,
4632.Xr ftpd 8 ,
4633.Xr geli 8 ,
4634.Xr hcsecd 8 ,
4635.Xr ifconfig 8 ,
4636.Xr inetd 8 ,
4637.Xr iovctl 8 ,
4638.Xr ipf 8 ,
4639.Xr ipfw 8 ,
4640.Xr ipnat 8 ,
4641.Xr jail 8 ,
4642.Xr kldxref 8 ,
4643.Xr loader 8 ,
4644.Xr lpd 8 ,
4645.Xr mdconfig 8 ,
4646.Xr mdmfs 8 ,
4647.Xr mixer 8 ,
4648.Xr mountd 8 ,
4649.Xr moused 8 ,
4650.Xr newfs 8 ,
4651.Xr newsyslog 8 ,
4652.Xr nfsd 8 ,
4653.Xr ntpd 8 ,
4654.Xr ntpdate 8 ,
4655.Xr pfctl 8 ,
4656.Xr pflogd 8 ,
4657.Xr ping 8 ,
4658.Xr powerd 8 ,
4659.Xr quotacheck 8 ,
4660.Xr quotaon 8 ,
4661.Xr rc 8 ,
4662.Xr rc.sendmail 8 ,
4663.Xr rfcomm_pppd 8 ,
4664.Xr route 8 ,
4665.Xr routed 8 ,
4666.Xr rpc.lockd 8 ,
4667.Xr rpc.statd 8 ,
4668.Xr rpcbind 8 ,
4669.Xr rwhod 8 ,
4670.Xr savecore 8 ,
4671.Xr sdpd 8 ,
4672.Xr service 8 ,
4673.Xr sshd 8 ,
4674.Xr swapon 8 ,
4675.Xr sysctl 8 ,
4676.Xr syslogd 8 ,
4677.Xr sysrc 8 ,
4678.Xr timed 8 ,
4679.Xr unbound 8 ,
4680.Xr usbconfig 8 ,
4681.Xr wlandebug 8 ,
4682.Xr yp 8 ,
4683.Xr ypbind 8 ,
4684.Xr ypserv 8 ,
4685.Xr ypset 8
4686.Sh HISTORY
4687The
4688.Nm
4689file appeared in
4690.Fx 2.2.2 .
4691.Sh AUTHORS
4692.An Jordan K. Hubbard .
4693