1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd October 24, 2017 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67The sysrc(8) command provides a scripting interface to modify system 68config files. 69.Pp 70In addition to 71.Pa /etc/rc.conf.local 72you can also place smaller configuration files for each 73.Xr rc 8 74script in the 75.Pa /etc/rc.conf.d 76directory or 77.Ao Ar dir Ac Ns Pa /rc.conf.d 78directories specified in 79.Va local_startup , 80which will be included by the 81.Va load_rc_config 82function. 83For jail configurations you could use the file 84.Pa /etc/rc.conf.d/jail 85to store jail specific configuration options. 86If 87.Va local_startup 88contains 89.Pa /usr/local/etc/rc.d 90and 91.Pa /opt/conf , 92.Pa /usr/local/rc.conf.d/jail 93and 94.Pa /opt/conf/rc.conf.d/jail 95will be loaded. 96If 97.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 98is a directory, 99all of files in the directory will be loaded. 100Also see the 101.Va rc_conf_files 102variable below. 103.Pp 104Options are set with 105.Dq Ar name Ns Li = Ns Ar value 106assignments that use 107.Xr sh 1 108syntax. 109The following list provides a name and short description for each 110variable that can be set in the 111.Nm 112file: 113.Bl -tag -width indent-two 114.It Va rc_debug 115.Pq Vt bool 116If set to 117.Dq Li YES , 118enable output of debug messages from rc scripts. 119This variable can be helpful in diagnosing mistakes when 120editing or integrating new scripts. 121Beware that this produces copious output to the terminal and 122.Xr syslog 3 . 123.It Va rc_info 124.Pq Vt bool 125If set to 126.Dq Li NO , 127disable informational messages from the rc scripts. 128Informational messages are displayed when 129a condition that is not serious enough to warrant a warning or 130an error occurs. 131.It Va rc_startmsgs 132.Pq Vt bool 133If set to 134.Dq Li YES , 135show 136.Dq Starting foo: 137when faststart is used (e.g., at boot time). 138.It Va early_late_divider 139.Pq Vt str 140The name of the script that should be used as the 141delimiter between the 142.Dq early 143and 144.Dq late 145stages of the boot process. 146The early stage should contain all the services needed to 147get the disks (local or remote) mounted so that the late 148stage can include scripts contained in the directories 149listed in the 150.Va local_startup 151variable (see below). 152Thus, the two likely candidates for this value are 153.Pa mountcritlocal 154for the typical system, and 155.Pa mountcritremote 156if the system needs remote file 157systems mounted to get access to the 158.Va local_startup 159directories; for example when 160.Pa /usr/local 161is NFS mounted. 162For 163.Pa rc.conf 164within a 165.Xr jail 8 166.Pa NETWORKING 167is likely to be an appropriate value. 168Extreme care should be taken when changing this value, 169and before changing it one should ensure that there are 170adequate provisions to recover from a failed boot 171(such as physical contact with the machine, 172or reliable remote console access). 173.It Va always_force_depends 174.Pq Vt bool 175Various 176.Pa rc.d 177scripts use the force_depend function to check whether required 178services are already running, and to start them if necessary. 179By default during boot time this check is bypassed if the 180required service is enabled in 181.Pa /etc/rc.conf[.local] . 182Setting this option will bypass that check at boot time and 183always test whether or not the service is actually running. 184Enabling this option is likely to increase your boot time if 185services are enabled that utilize the force_depend check. 186.It Ao Ar name Ac Ns Va _chroot 187.Pq Vt str 188.Xr chroot 8 189to this directory before running the service. 190.It Ao Ar name Ac Ns Va _user 191.Pq Vt str 192Run the service under this user account. 193.It Ao Ar name Ac Ns Va _group 194.Pq Vt str 195Run the chrooted service under this system group. 196Unlike the _user 197setting, this setting has no effect if the service is not chrooted. 198.It Ao Ar name Ac Ns Va _fib 199.Pq Vt int 200The 201.Xr setfib 1 202value to run the service under. 203.It Ao Ar name Ac Ns Va _nice 204.Pq Vt int 205The 206.Xr nice 1 207value to run the service under. 208.It Va apm_enable 209.Pq Vt bool 210If set to 211.Dq Li YES , 212enable support for Automatic Power Management with 213the 214.Xr apm 8 215command. 216.It Va apmd_enable 217.Pq Vt bool 218Run 219.Xr apmd 8 220to handle APM event from userland. 221This also enables support for APM. 222.It Va apmd_flags 223.Pq Vt str 224If 225.Va apmd_enable 226is set to 227.Dq Li YES , 228these are the flags to pass to the 229.Xr apmd 8 230daemon. 231.It Va devd_enable 232.Pq Vt bool 233Run 234.Xr devd 8 235to handle device added, removed or unknown events from the kernel. 236.It Va ddb_enable 237.Pq Vt bool 238Run 239.Xr ddb 8 240to install 241.Xr ddb 4 242scripts at boot time. 243.It Va ddb_config 244.Pq Vt str 245Configuration file for 246.Xr ddb 8 . 247Default 248.Pa /etc/ddb.conf . 249.It Va kld_list 250.Pq Vt str 251A list of kernel modules to load right after the local 252disks are mounted. 253Loading modules at this point in the boot process is 254much faster than doing it via 255.Pa /boot/loader.conf 256for those modules not necessary for mounting local disk. 257.It Va kldxref_enable 258.Pq Vt bool 259Set to 260.Dq Li NO 261by default. 262Set to 263.Dq Li YES 264to automatically rebuild 265.Pa linker.hints 266files with 267.Xr kldxref 8 268at boot time. 269.It Va kldxref_clobber 270.Pq Vt bool 271Set to 272.Dq Li NO 273by default. 274If 275.Va kldxref_enable 276is true, 277setting to 278.Dq Li YES 279will overwrite existing 280.Pa linker.hints 281files at boot time. 282Otherwise, 283only missing 284.Pa linker.hints 285files are generated. 286.It Va kldxref_module_path 287.Pq Vt str 288Empty by default. 289A semi-colon 290.Pq Ql \&; 291delimited list of paths containing 292.Xr kld 4 293modules. 294If empty, 295the contents of the 296.Va kern.module_path 297.Xr sysctl 8 298are used. 299.It Va powerd_enable 300.Pq Vt bool 301If set to 302.Dq Li YES , 303enable the system power control facility with the 304.Xr powerd 8 305daemon. 306.It Va powerd_flags 307.Pq Vt str 308If 309.Va powerd_enable 310is set to 311.Dq Li YES , 312these are the flags to pass to the 313.Xr powerd 8 314daemon. 315.It Va tmpmfs 316Controls the creation of a 317.Pa /tmp 318memory file system. 319Always happens if set to 320.Dq Li YES 321and never happens if set to 322.Dq Li NO . 323If set to anything else, a memory file system is created if 324.Pa /tmp 325is not writable. 326.It Va tmpsize 327Controls the size of a created 328.Pa /tmp 329memory file system. 330.It Va tmpmfs_flags 331Extra options passed to the 332.Xr mdmfs 8 333utility when the memory file system for 334.Pa /tmp 335is created. 336The default is 337.Dq Li "-S" , 338which inhibits the use of softupdates on 339.Pa /tmp 340so that file system space is freed without delay 341after file truncation or deletion. 342See 343.Xr mdmfs 8 344for other options you can use in 345.Va tmpmfs_flags . 346.It Va varmfs 347Controls the creation of a 348.Pa /var 349memory file system. 350Always happens if set to 351.Dq Li YES 352and never happens if set to 353.Dq Li NO . 354If set to anything else, a memory file system is created if 355.Pa /var 356is not writable. 357.It Va varsize 358Controls the size of a created 359.Pa /var 360memory file system. 361.It Va varmfs_flags 362Extra options passed to the 363.Xr mdmfs 8 364utility when the memory file system for 365.Pa /var 366is created. 367The default is 368.Dq Li "-S" , 369which inhibits the use of softupdates on 370.Pa /var 371so that file system space is freed without delay 372after file truncation or deletion. 373See 374.Xr mdmfs 8 375for other options you can use in 376.Va varmfs_flags . 377.It Va populate_var 378Controls the automatic population of the 379.Pa /var 380file system. 381Always happens if set to 382.Dq Li YES 383and never happens if set to 384.Dq Li NO . 385If set to anything else, a memory file system is created if 386.Pa /var 387is not writable. 388Note that this process requires access to certain commands in 389.Pa /usr 390before 391.Pa /usr 392is mounted on normal systems. 393.It Va cleanvar_enable 394.Pq Vt bool 395Clean the 396.Pa /var 397directory. 398.It Va local_startup 399.Pq Vt str 400List of directories to search for startup script files. 401.It Va script_name_sep 402.Pq Vt str 403The field separator to use for breaking down the list of startup script files 404into individual filenames. 405The default is a space. 406It is not necessary to change this unless there are startup scripts with names 407containing spaces. 408.It Va hostapd_enable 409.Pq Vt bool 410Set to 411.Dq Li YES 412to start 413.Xr hostapd 8 414at system boot time. 415.It Va hostname 416.Pq Vt str 417The fully qualified domain name (FQDN) of this host on the network. 418This should almost certainly be set to something meaningful, even if 419there is no network connection. 420If 421.Xr dhclient 8 422is used to set the hostname via DHCP, 423this variable should be set to an empty string. 424If this value remains unset when the system is done booting 425your console login will display the default hostname of 426.Dq Amnesiac . 427.It Va nisdomainname 428.Pq Vt str 429The NIS domain name of this host, or 430.Dq Li NO 431if NIS is not used. 432.It Va dhclient_program 433.Pq Vt str 434Path to the DHCP client program 435.Pa ( /sbin/dhclient , 436the 437.Ox 438DHCP client, 439is the default). 440.It Va dhclient_flags 441.Pq Vt str 442Additional flags to pass to the DHCP client program. 443For the 444.Ox 445DHCP client, see the 446.Xr dhclient 8 447manpage for a description of the command line options available. 448.It Va dhclient_flags_ Ns Aq Ar iface 449Additional flags to pass to the DHCP client program running on 450.Ar iface 451only. 452When specified, this variable overrides 453.Va dhclient_flags . 454.It Va background_dhclient 455.Pq Vt bool 456Set to 457.Dq Li YES 458to start the DHCP client in background. 459This can cause trouble with applications depending on 460a working network, but it will provide a faster startup 461in many cases. 462.It Va background_dhclient_ Ns Aq Ar iface 463When specified, this variable overrides the 464.Va background_dhclient 465variable for interface 466.Ar iface 467only. 468.It Va synchronous_dhclient 469.Pq Vt bool 470Set to 471.Dq Li YES 472to start 473.Xr dhclient 8 474synchronously at startup. 475This behavior can be overridden on a per-interface basis by replacing 476the 477.Dq Li DHCP 478keyword in the 479.Va ifconfig_ Ns Aq Ar interface 480variable with 481.Dq Li SYNCDHCP 482or 483.Dq Li NOSYNCDHCP . 484.It Va defaultroute_delay 485.Pq Vt int 486When set to a positive value, wait up to this long after configuring 487DHCP interfaces at startup to give the interfaces time to receive a lease. 488.It Va firewall_enable 489.Pq Vt bool 490Set to 491.Dq Li YES 492to load firewall rules at startup. 493If the kernel was not built with 494.Cd "options IPFIREWALL" , 495the 496.Pa ipfw.ko 497kernel module will be loaded. 498See also 499.Va ipfilter_enable . 500.It Va firewall_script 501.Pq Vt str 502This variable specifies the full path to the firewall script to run. 503The default is 504.Pa /etc/rc.firewall . 505.It Va firewall_type 506.Pq Vt str 507Names the firewall type from the selection in 508.Pa /etc/rc.firewall , 509or the file which contains the local firewall ruleset. 510Valid selections from 511.Pa /etc/rc.firewall 512are: 513.Pp 514.Bl -tag -width ".Li simple" -compact 515.It Li open 516unrestricted IP access 517.It Li closed 518all IP services disabled, except via 519.Dq Li lo0 520.It Li client 521basic protection for a workstation 522.It Li simple 523basic protection for a LAN. 524.El 525.Pp 526If a filename is specified, the full path 527must be given. 528.It Va firewall_quiet 529.Pq Vt bool 530Set to 531.Dq Li YES 532to disable the display of firewall rules on the console during boot. 533.It Va firewall_logging 534.Pq Vt bool 535Set to 536.Dq Li YES 537to enable firewall event logging. 538This is equivalent to the 539.Dv IPFIREWALL_VERBOSE 540kernel option. 541.It Va firewall_logif 542.Pq Vt bool 543Set to 544.Dq Li YES 545to create pseudo interface 546.Li ipfw0 547for logging. 548For more details, see 549.Xr ipfw 8 550manual page. 551.It Va firewall_flags 552.Pq Vt str 553Flags passed to 554.Xr ipfw 8 555if 556.Va firewall_type 557specifies a filename. 558.It Va firewall_coscripts 559.Pq Vt str 560List of executables and/or rc scripts to run after firewall starts/stops. 561Default is empty. 562.\" ----- firewall_nat_enable setting -------------------------------- 563.It Va firewall_nat_enable 564.Pq Vt bool 565The 566.Xr ipfw 8 567equivalent of 568.Va natd_enable . 569Setting this to 570.Dq Li YES 571enables kernel NAT. 572.Va firewall_enable 573must also be set to 574.Dq Li YES . 575.It Va firewall_nat_interface 576.Pq Vt str 577The 578.Xr ipfw 8 579equivalent of 580.Va natd_interface . 581This is the name of the public interface or IP address on which 582kernel NAT should run. 583.It Va firewall_nat_flags 584.Pq Vt str 585Additional configuration parameters for kernel NAT should be placed here. 586.It Va dummynet_enable 587.Pq Vt bool 588Setting this to 589.Dq Li YES 590will automatically load the 591.Xr dummynet 4 592module if 593.Va firewall_enable 594is also set to 595.Dq Li YES . 596.\" ------------------------------------------------------------------- 597.It Va ipfw_netflow_enable 598.Pq Vt bool 599Setting this to 600.Dq Li YES 601will enable netflow logging via 602.Xr ng_netflow 4 603.Pp 604By default a ipfw rule is inserted and all packets are duplicated with 605the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 606port using protocol version 5. 607.It Va ipfw_netflow_hook 608.Pq Vt int 609netflow hook name, must be numerical 610(default 611.Pa 9995 ) . 612.It Va ipfw_netflow_rule 613.Pq Vt int 614ipfw rule number 615(default 616.Pa 1000 ) . 617.It Va ipfw_netflow_ip 618.Pq Vt str 619Destination server ip for receiving netflow data 620(default 621.Pa 127.0.0.1 ) . 622.It Va ipfw_netflow_port 623.Pq Vt int 624Destination server port for receiving netflow data 625(default 626.Pa 9995 ) . 627.It Va ipfw_netflow_version 628.Pq Vt int 629Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 630.It Va ipfw_netflow_fib 631.Pq Vt int 632Only match packet in FIB 633.Pa ipfw_netflow_fib 634(default is undefined meaning all FIBs). 635.It Va natd_program 636.Pq Vt str 637Path to 638.Xr natd 8 . 639.It Va natd_enable 640.Pq Vt bool 641Set to 642.Dq Li YES 643to enable 644.Xr natd 8 . 645.Va firewall_enable 646must also be set to 647.Dq Li YES , 648and 649.Xr divert 4 650sockets must be enabled in the kernel. 651If the kernel was not built with 652.Cd "options IPDIVERT" , 653the 654.Pa ipdivert.ko 655kernel module will be loaded. 656.It Va natd_interface 657.Pq Vt str 658This is the name of the public interface on which 659.Xr natd 8 660should run. 661The interface may be given as an interface name or as an IP address. 662.It Va natd_flags 663.Pq Vt str 664Additional 665.Xr natd 8 666flags should be placed here. 667The 668.Fl n 669or 670.Fl a 671flag is automatically added with the above 672.Va natd_interface 673as an argument. 674.\" ----- ipfilter_enable setting -------------------------------- 675.It Va ipfilter_enable 676.Pq Vt bool 677Set to 678.Dq Li NO 679by default. 680Setting this to 681.Dq Li YES 682enables 683.Xr ipf 8 684packet filtering. 685.Pp 686Typical usage will require putting 687.Bd -literal 688ipfilter_enable="YES" 689ipnat_enable="YES" 690ipmon_enable="YES" 691ipfs_enable="YES" 692.Ed 693.Pp 694into 695.Pa /etc/rc.conf 696and editing 697.Pa /etc/ipf.rules 698and 699.Pa /etc/ipnat.rules 700appropriately. 701.Pp 702Note that 703.Va ipfilter_enable 704and 705.Va ipnat_enable 706can be enabled independently. 707.Va ipmon_enable 708and 709.Va ipfs_enable 710both require at least one of 711.Va ipfilter_enable 712and 713.Va ipnat_enable 714to be enabled. 715.Pp 716Having 717.Bd -literal 718options IPFILTER 719options IPFILTER_LOG 720options IPFILTER_DEFAULT_BLOCK 721.Ed 722.Pp 723in the kernel configuration file is a good idea, too. 724.\" ----- ipfilter_program setting ------------------------------ 725.It Va ipfilter_program 726.Pq Vt str 727Path to 728.Xr ipf 8 729(default 730.Pa /sbin/ipf ) . 731.\" ----- ipfilter_rules setting -------------------------------- 732.It Va ipfilter_rules 733.Pq Vt str 734Set to 735.Pa /etc/ipf.rules 736by default. 737This variable contains the name of the filter rule definition file. 738The file is expected to be readable for the 739.Xr ipf 8 740command to execute. 741.\" ----- ipv6_ipfilter_rules setting --------------------------- 742.It Va ipv6_ipfilter_rules 743.Pq Vt str 744Set to 745.Pa /etc/ipf6.rules 746by default. 747This variable contains the IPv6 filter rule definition file. 748The file is expected to be readable for the 749.Xr ipf 8 750command to execute. 751.\" ----- ipfilter_flags setting -------------------------------- 752.It Va ipfilter_flags 753.Pq Vt str 754Empty by default. 755This variable contains flags passed to the 756.Xr ipf 8 757program. 758.\" ----- ipnat_enable setting ---------------------------------- 759.It Va ipnat_enable 760.Pq Vt bool 761Set to 762.Dq Li NO 763by default. 764Set it to 765.Dq Li YES 766to enable 767.Xr ipnat 8 768network address translation. 769See 770.Va ipfilter_enable 771for a detailed discussion. 772.\" ----- ipnat_program setting --------------------------------- 773.It Va ipnat_program 774.Pq Vt str 775Path to 776.Xr ipnat 8 777(default 778.Pa /sbin/ipnat ) . 779.\" ----- ipnat_rules setting ----------------------------------- 780.It Va ipnat_rules 781.Pq Vt str 782Set to 783.Pa /etc/ipnat.rules 784by default. 785This variable contains the name of the file 786holding the network address translation definition. 787This file is expected to be readable for the 788.Xr ipnat 8 789command to execute. 790.\" ----- ipnat_flags setting ----------------------------------- 791.It Va ipnat_flags 792.Pq Vt str 793Empty by default. 794This variable contains flags passed to the 795.Xr ipnat 8 796program. 797.\" ----- ipmon_enable setting ---------------------------------- 798.It Va ipmon_enable 799.Pq Vt bool 800Set to 801.Dq Li NO 802by default. 803Set it to 804.Dq Li YES 805to enable 806.Xr ipmon 8 807monitoring (logging 808.Xr ipf 8 809and 810.Xr ipnat 8 811events). 812Setting this variable needs setting 813.Va ipfilter_enable 814or 815.Va ipnat_enable 816too. 817See 818.Va ipfilter_enable 819for a detailed discussion. 820.\" ----- ipmon_program setting --------------------------------- 821.It Va ipmon_program 822.Pq Vt str 823Path to 824.Xr ipmon 8 825(default 826.Pa /sbin/ipmon ) . 827.\" ----- ipmon_flags setting ----------------------------------- 828.It Va ipmon_flags 829.Pq Vt str 830Set to 831.Dq Li -Ds 832by default. 833This variable contains flags passed to the 834.Xr ipmon 8 835program. 836Another typical example would be 837.Dq Fl D Pa /var/log/ipflog 838to have 839.Xr ipmon 8 840log directly to a file bypassing 841.Xr syslogd 8 . 842Make sure to adjust 843.Pa /etc/newsyslog.conf 844in such case like this: 845.Bd -literal 846/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 847.Ed 848.\" ----- ipfs_enable setting ----------------------------------- 849.It Va ipfs_enable 850.Pq Vt bool 851Set to 852.Dq Li NO 853by default. 854Set it to 855.Dq Li YES 856to enable 857.Xr ipfs 8 858saving the filter and NAT state tables during shutdown 859and reloading them during startup again. 860Setting this variable needs setting 861.Va ipfilter_enable 862or 863.Va ipnat_enable 864to 865.Dq Li YES 866too. 867See 868.Va ipfilter_enable 869for a detailed discussion. 870Note that if 871.Va kern_securelevel 872is set to 3, 873.Va ipfs_enable 874cannot be used 875because the raised securelevel will prevent 876.Xr ipfs 8 877from saving the state tables at shutdown time. 878.\" ----- ipfs_program setting ---------------------------------- 879.It Va ipfs_program 880.Pq Vt str 881Path to 882.Xr ipfs 8 883(default 884.Pa /sbin/ipfs ) . 885.\" ----- ipfs_flags setting ------------------------------------ 886.It Va ipfs_flags 887.Pq Vt str 888Empty by default. 889This variable contains flags passed to the 890.Xr ipfs 8 891program. 892.\" ----- end of added ipf hook --------------------------------- 893.It Va pf_enable 894.Pq Vt bool 895Set to 896.Dq Li NO 897by default. 898Setting this to 899.Dq Li YES 900enables 901.Xr pf 4 902packet filtering. 903.Pp 904Typical usage will require putting 905.Pp 906.Dl pf_enable="YES" 907.Pp 908into 909.Pa /etc/rc.conf 910and editing 911.Pa /etc/pf.conf 912appropriately. 913Adding 914.Pp 915.Dl "device pf" 916.Pp 917builds support for 918.Xr pf 4 919into the kernel, otherwise the 920kernel module will be loaded. 921.It Va pf_rules 922.Pq Vt str 923Path to 924.Xr pf 4 925ruleset configuration file 926(default 927.Pa /etc/pf.conf ) . 928.It Va pf_program 929.Pq Vt str 930Path to 931.Xr pfctl 8 932(default 933.Pa /sbin/pfctl ) . 934.It Va pf_flags 935.Pq Vt str 936If 937.Va pf_enable 938is set to 939.Dq Li YES , 940these flags are passed to the 941.Xr pfctl 8 942program when loading the ruleset. 943.It Va pflog_enable 944.Pq Vt bool 945Set to 946.Dq Li NO 947by default. 948Setting this to 949.Dq Li YES 950enables 951.Xr pflogd 8 952which logs packets from the 953.Xr pf 4 954packet filter. 955.It Va pflog_logfile 956.Pq Vt str 957If 958.Va pflog_enable 959is set to 960.Dq Li YES 961this controls where 962.Xr pflogd 8 963stores the logfile 964(default 965.Pa /var/log/pflog ) . 966Check 967.Pa /etc/newsyslog.conf 968to adjust logfile rotation for this. 969.It Va pflog_program 970.Pq Vt str 971Path to 972.Xr pflogd 8 973(default 974.Pa /sbin/pflogd ) . 975.It Va pflog_flags 976.Pq Vt str 977Empty by default. 978This variable contains additional flags passed to the 979.Xr pflogd 8 980program. 981.It Va pflog_instances 982.Pq Vt str 983If logging to more than one 984.Xr pflog 4 985interface is desired, 986.Va pflog_instances 987is set to the list of 988.Xr pflogd 8 989instances that should be started at system boot time. 990If 991.Va pflog_instances 992is set, for each whitespace-seperated 993.Ar element 994in the list, 995.Ao Ar element Ac Ns Va _dev 996and 997.Ao Ar element Ac Ns Va _logfile 998elements are assumed to exist. 999.Ao Ar element Ac Ns Va _dev 1000must contain the 1001.Xr pflog 4 1002interface to be watched by the named 1003.Xr pflogd 8 1004instance. 1005.Ao Ar element Ac Ns Va _logfile 1006must contain the name of the logfile that will be used by the 1007.Xr pflogd 8 1008instance. 1009.It Va ftpproxy_enable 1010.Pq Vt bool 1011Set to 1012.Dq Li NO 1013by default. 1014Setting this to 1015.Dq Li YES 1016enables 1017.Xr ftp-proxy 8 1018which supports the 1019.Xr pf 4 1020packet filter in translating ftp connections. 1021.It Va ftpproxy_flags 1022.Pq Vt str 1023Empty by default. 1024This variable contains additional flags passed to the 1025.Xr ftp-proxy 8 1026program. 1027.It Va ftpproxy_instances 1028.Pq Vt str 1029Empty by default. 1030If multiple instances of 1031.Xr ftp-proxy 8 1032are desired at boot time, 1033.Va ftpproxy_instances 1034should contain a whitespace-seperated list of instance names. 1035For each 1036.Ar element 1037in the list, a variable named 1038.Ao Ar element Ac Ns Va _flags 1039should be defined, containing the command-line flags to be passed to the 1040.Xr ftp-proxy 8 1041instance. 1042.It Va pfsync_enable 1043.Pq Vt bool 1044Set to 1045.Dq Li NO 1046by default. 1047Setting this to 1048.Dq Li YES 1049enables exposing 1050.Xr pf 4 1051state changes to other hosts over the network by means of 1052.Xr pfsync 4 . 1053The 1054.Va pfsync_syncdev 1055variable 1056must also be set then. 1057.It Va pfsync_syncdev 1058.Pq Vt str 1059Empty by default. 1060This variable specifies the name of the network interface 1061.Xr pfsync 4 1062should operate through. 1063It must be set accordingly if 1064.Va pfsync_enable 1065is set to 1066.Dq Li YES . 1067.It Va pfsync_syncpeer 1068.Pq Vt str 1069Empty by default. 1070This variable is optional. 1071By default, state change messages are sent out on the synchronisation 1072interface using IP multicast packets. 1073The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1074224.0.0.240. 1075When a peer address is specified using the 1076.Va pfsync_syncpeer 1077option, the peer address is used as a destination for the pfsync 1078traffic, and the traffic can then be protected using 1079.Xr ipsec 4 . 1080See the 1081.Xr pfsync 4 1082manpage for more details about using 1083.Xr ipsec 4 1084with 1085.Xr pfsync 4 1086interfaces. 1087.It Va pfsync_ifconfig 1088.Pq Vt str 1089Empty by default. 1090This variable can contain additional options to be passed to the 1091.Xr ifconfig 8 1092command used to set up 1093.Xr pfsync 4 . 1094.It Va tcp_extensions 1095.Pq Vt bool 1096Set to 1097.Dq Li YES 1098by default. 1099Setting this to 1100.Dq Li NO 1101disables certain TCP options as described by 1102.Rs 1103.%T "RFC 1323" 1104.Re 1105Setting this to 1106.Dq Li NO 1107might help remedy such problems with connections as randomly hanging 1108or other weird behavior. 1109Some network devices are known 1110to be broken with respect to these options. 1111.It Va log_in_vain 1112.Pq Vt int 1113Set to 0 by default. 1114The 1115.Xr sysctl 8 1116variables, 1117.Va net.inet.tcp.log_in_vain 1118and 1119.Va net.inet.udp.log_in_vain , 1120as described in 1121.Xr tcp 4 1122and 1123.Xr udp 4 , 1124are set to the given value. 1125.It Va tcp_keepalive 1126.Pq Vt bool 1127Set to 1128.Dq Li YES 1129by default. 1130Setting to 1131.Dq Li NO 1132will disable probing idle TCP connections to verify that the 1133peer is still up and reachable. 1134.It Va tcp_drop_synfin 1135.Pq Vt bool 1136Set to 1137.Dq Li NO 1138by default. 1139Setting to 1140.Dq Li YES 1141will cause the kernel to ignore TCP frames that have both 1142the SYN and FIN flags set. 1143This prevents OS fingerprinting, but may 1144break some legitimate applications. 1145.It Va icmp_drop_redirect 1146.Pq Vt bool 1147Set to 1148.Dq Li NO 1149by default. 1150Setting to 1151.Dq Li YES 1152will cause the kernel to ignore ICMP REDIRECT packets. 1153Refer to 1154.Xr icmp 4 1155for more information. 1156.It Va icmp_log_redirect 1157.Pq Vt bool 1158Set to 1159.Dq Li NO 1160by default. 1161Setting to 1162.Dq Li YES 1163will cause the kernel to log ICMP REDIRECT packets. 1164Note that 1165the log messages are not rate-limited, so this option should only be used 1166for troubleshooting networks. 1167Refer to 1168.Xr icmp 4 1169for more information. 1170.It Va icmp_bmcastecho 1171.Pq Vt bool 1172Set to 1173.Dq Li YES 1174to respond to broadcast or multicast ICMP ping packets. 1175Refer to 1176.Xr icmp 4 1177for more information. 1178.It Va ip_portrange_first 1179.Pq Vt int 1180If not set to 1181.Dq Li NO , 1182this is the first port in the default portrange. 1183Refer to 1184.Xr ip 4 1185for more information. 1186.It Va ip_portrange_last 1187.Pq Vt int 1188If not set to 1189.Dq Li NO , 1190this is the last port in the default portrange. 1191Refer to 1192.Xr ip 4 1193for more information. 1194.It Va network_interfaces 1195.Pq Vt str 1196Set to the list of network interfaces to configure on this host or 1197.Dq Li AUTO 1198(the default) for all current interfaces. 1199Setting the 1200.Va network_interfaces 1201variable to anything other than the default is deprecated. 1202Interfaces that the administrator wishes to store configuration for, 1203but not start at boot should be configured with the 1204.Dq Li NOAUTO 1205keyword in their 1206.Va ifconfig_ Ns Aq Ar interface 1207variables as described below. 1208.Pp 1209An 1210.Va ifconfig_ Ns Aq Ar interface 1211variable is also assumed to exist for each value of 1212.Ar interface . 1213When an interface name contains any of the characters 1214.Dq Li .-/+ 1215they are translated to 1216.Dq Li _ 1217before lookup. 1218The variable can contain arguments to 1219.Xr ifconfig 8 , 1220as well as special case-insensitive keywords described below. 1221Such keywords are removed before passing the value to 1222.Xr ifconfig 8 1223while the order of the other arguments is preserved. 1224.Pp 1225It is possible to add IP alias entries using 1226.Xr ifconfig 8 1227syntax with the address family keyword such as 1228.Li inet . 1229Assuming that the interface in question was 1230.Li ed0 , 1231it might look something like this: 1232.Bd -literal 1233ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1234ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1235.Ed 1236.Pp 1237It also possible to configure multiple IP addresses in Classless 1238Inter-Domain Routing 1239.Pq CIDR 1240address notation, 1241whose each address component can be a range like 1242.Li inet 192.0.2.5-23/24 1243or 1244.Li inet6 2001:db8:1-f::1/64 . 1245This notation allows address and prefix length part only, 1246not the other address modifiers. 1247Note that the maximum number of the generated addresses from a range 1248specification is limited to an integer value specified in 1249.Va netif_ipexpand_max 1250in 1251.Nm 1252because a small typo can unexpectedly generate a large number of addresses. 1253The default value is 1254.Li 2048 . 1255It can be increased by adding the following line into 1256.Nm : 1257.Bd -literal 1258netif_ipexpand_max="4096" 1259.Ed 1260.Pp 1261In the case of 1262.Li 192.0.2.5-23/24 , 1263the address 192.0.2.5 will be configured with the 1264netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1265the non-conflicting netmask /32 as explained in the 1266.Xr ifconfig 8 1267alias section. 1268Note that this special netmask handling is only for 1269.Li inet , 1270not for the other address families such as 1271.Li inet6 . 1272.Pp 1273With the interface in question being 1274.Li ed0 , 1275an example could look like: 1276.Bd -literal 1277ifconfig_ed0_alias2="inet 192.0.2.129/27" 1278ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1279.Ed 1280.Pp 1281and so on. 1282.Pp 1283Note that 1284.Va ipv4_addrs_ Ns Aq Ar interface 1285variable was supported for IPv4 CIDR address notation. 1286It is now deprecated because the functionality was integrated into 1287.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1288though 1289.Va ipv4_addrs_ Ns Aq Ar interface 1290is still supported for backward compatibility. 1291.Pp 1292For each 1293.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1294entry with an address family keyword, 1295its contents are passed to 1296.Xr ifconfig 8 . 1297Execution stops at the first unsuccessful access, so if 1298something like this is present: 1299.Bd -literal 1300ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1301ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1302ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1303ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1304.Ed 1305.Pp 1306Then note that alias4 would 1307.Em not 1308be added since the search would 1309stop with the missing 1310.Dq Li alias3 1311entry. 1312Because of this difficult to manage behavior, 1313there is 1314.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1315variable, which has the same functionality as 1316.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1317and can have all of entries in a variable like the following: 1318.Bd -literal 1319ifconfig_ed0_aliases="\\ 1320 inet 127.0.0.251 netmask 0xffffffff \\ 1321 inet 127.0.0.252 netmask 0xffffffff \\ 1322 inet 127.0.0.253 netmask 0xffffffff \\ 1323 inet 127.0.0.254 netmask 0xffffffff" 1324.Ed 1325.Pp 1326It also supports CIDR notation. 1327.Pp 1328If the 1329.Pa /etc/start_if. Ns Aq Ar interface 1330file is present, it is read and executed by the 1331.Xr sh 1 1332interpreter 1333before configuring the interface as specified in the 1334.Va ifconfig_ Ns Aq Ar interface 1335and 1336.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1337variables. 1338.Pp 1339If a 1340.Va vlans_ Ns Aq Ar interface 1341variable is set, 1342a 1343.Xr vlan 4 1344interface will be created for each item in the list with the 1345.Ar vlandev 1346argument set to 1347.Ar interface . 1348If a vlan interface's name is a number, 1349then that number is used as the vlan tag and the new vlan interface is 1350named 1351.Ar interface . Ns Ar tag . 1352Otherwise, 1353the vlan tag must be specified via a 1354.Va vlan 1355parameter in the 1356.Va create_args_ Ns Aq Ar interface 1357variable. 1358.Pp 1359To create a vlan device named 1360.Li em0.101 1361on 1362.Li em0 1363with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1364.Bd -literal 1365vlans_em0="101" 1366ifconfig_em0_101="inet 192.0.2.1/24" 1367.Ed 1368.Pp 1369To create a vlan device named 1370.Li myvlan 1371on 1372.Li em0 1373with the vlan tag 102: 1374.Bd -literal 1375vlans_em0="myvlan" 1376create_args_myvlan="vlan 102" 1377.Ed 1378.Pp 1379If a 1380.Va wlans_ Ns Aq Ar interface 1381variable is set, 1382an 1383.Xr wlan 4 1384interface will be created for each item in the list with the 1385.Ar wlandev 1386argument set to 1387.Ar interface . 1388Further wlan cloning arguments may be passed to the 1389.Xr ifconfig 8 1390.Cm create 1391command by setting the 1392.Va create_args_ Ns Aq Ar interface 1393variable. 1394One or more 1395.Xr wlan 4 1396devices must be created for each wireless devices as of 1397.Fx 8.0 . 1398Debugging flags for 1399.Xr wlan 4 1400devices as set by 1401.Xr wlandebug 8 1402may be specified with an 1403.Va wlandebug_ Ns Aq Ar interface 1404variable. 1405The contents of this variable will be passed directly to 1406.Xr wlandebug 8 . 1407.Pp 1408If the 1409.Va ifconfig_ Ns Aq Ar interface 1410contains the keyword 1411.Dq Li NOAUTO 1412then the interface will not be configured 1413at boot or by 1414.Pa /etc/pccard_ether 1415when 1416.Va network_interfaces 1417is set to 1418.Dq Li AUTO . 1419.Pp 1420It is possible to bring up an interface with DHCP by adding 1421.Dq Li DHCP 1422to the 1423.Va ifconfig_ Ns Aq Ar interface 1424variable. 1425For instance, to initialize the 1426.Li ed0 1427device via DHCP, 1428it is possible to use something like: 1429.Bd -literal 1430ifconfig_ed0="DHCP" 1431.Ed 1432.Pp 1433If you want to configure your wireless interface with 1434.Xr wpa_supplicant 8 1435for use with WPA, EAP/LEAP or WEP, you need to add 1436.Dq Li WPA 1437to the 1438.Va ifconfig_ Ns Aq Ar interface 1439variable. 1440.Pp 1441On the other hand, if you want to configure your wireless interface with 1442.Xr hostapd 8 , 1443you need to add 1444.Dq Li HOSTAP 1445to the 1446.Va ifconfig_ Ns Aq Ar interface 1447variable. 1448.Xr hostapd 8 1449will use the settings from 1450.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1451.Pp 1452Finally, you can add 1453.Xr ifconfig 8 1454options in this variable, in addition to the 1455.Pa /etc/start_if. Ns Aq Ar interface 1456file. 1457For instance, to configure an 1458.Xr ath 4 1459wireless device in station mode with an address obtained 1460via DHCP, using WPA authentication and 802.11b mode, it is 1461possible to use something like: 1462.Bd -literal 1463wlans_ath0="wlan0" 1464ifconfig_wlan0="DHCP WPA mode 11b" 1465.Ed 1466.Pp 1467In addition to the 1468.Va ifconfig_ Ns Aq Ar interface 1469form, a fallback variable 1470.Va ifconfig_DEFAULT 1471may be configured. 1472It will be used for all interfaces with no 1473.Va ifconfig_ Ns Aq Ar interface 1474variable. 1475This is intended to replace the no longer supported 1476.Va pccard_ifconfig 1477variable. 1478.Pp 1479It is also possible to rename an interface by doing: 1480.Bd -literal 1481ifconfig_ed0_name="net0" 1482ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1483.Ed 1484.It Va ipv6_enable 1485.Pq Vt bool 1486This variable is deprecated. 1487Use 1488.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1489and 1490.Va ipv6_activate_all_interfaces 1491if necessary. 1492.Pp 1493If the variable is 1494.Dq Li YES , 1495.Dq Li inet6 accept_rtadv 1496is added to all of 1497.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1498and the 1499.Va ipv6_activate_all_interfaces 1500is defined as 1501.Dq Li YES . 1502.It Va ipv6_prefer 1503.Pq Vt bool 1504This variable is deprecated. 1505Use 1506.Va ip6addrctl_policy 1507instead. 1508.Pp 1509If the variable is 1510.Dq Li YES , 1511the default address selection policy table set by 1512.Xr ip6addrctl 8 1513will be IPv6-preferred. 1514.Pp 1515If the variable is 1516.Dq Li NO , 1517the default address selection policy table set by 1518.Xr ip6addrctl 8 1519will be IPv4-preferred. 1520.It Va ipv6_activate_all_interfaces 1521.Pq Vt bool 1522This controls initial configuration on IPv6-capable 1523interfaces with no corresponding 1524.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1525variable. 1526Note that it is not always necessary to set this variable to 1527.Dq YES 1528to use IPv6 functionality on 1529.Fx . 1530In most cases, just configuring 1531.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1532variables works. 1533.Pp 1534If the variable is 1535.Dq Li NO , 1536all interfaces which do not have a corresponding 1537.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1538variable will be marked as 1539.Dq Li IFDISABLED 1540at creation. 1541This means that all of IPv6 functionality on that interface 1542is completely disabled to enforce a security policy. 1543If the variable is set to 1544.Dq YES , 1545the flag will be cleared on all of the interfaces. 1546.Pp 1547In most cases, just defining an 1548.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1549for an IPv6-capable interface should be sufficient. 1550However, if an interface is added dynamically 1551.Pq by some tunneling protocols such as PPP, for example , 1552it is often difficult to define the variable in advance. 1553In such a case, configuring the 1554.Dq Li IFDISABLED 1555flag can be disabled by setting this variable to 1556.Dq YES . 1557.Pp 1558For more details of the 1559.Dq Li IFDISABLED 1560flag and keywords 1561.Dq Li inet6 ifdisabled , 1562see 1563.Xr ifconfig 8 . 1564.Pp 1565Default is 1566.Dq Li NO . 1567.It Va ipv6_privacy 1568.Pq Vt bool 1569If the variable is 1570.Dq Li YES 1571privacy addresses will be generated for each IPv6 1572interface as described in RFC 4941. 1573.It Va ipv6_network_interfaces 1574.Pq Vt str 1575This is the IPv6 equivalent of 1576.Va network_interfaces . 1577Normally manual configuration of this variable is not needed. 1578.It Va ipv6_cpe_wanif 1579.Pq Vt str 1580If the variable is set to an interface name, 1581the 1582.Xr ifconfig 8 1583options 1584.Dq inet6 -no_radr accept_rtadv 1585will be added to the specified interface automatically before evaluating 1586.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1587and two 1588.Xr sysctl 8 1589variables 1590.Va net.inet6.ip6.rfc6204w3 1591and 1592.Va net.inet6.ip6.no_radr 1593will be set to 1. 1594.Pp 1595This means the specified interface will accept ICMPv6 Router 1596Advertisement messages on that link and add the discovered 1597routers into the Default Router List. 1598While the other interfaces can still accept RA messages if the 1599.Dq inet6 accept_rtadv 1600option is specified, adding 1601routes into the Default Router List will be disabled by 1602.Dq inet6 no_radr 1603option by default. 1604See 1605.Xr ifconfig 8 1606for more details. 1607.Pp 1608Note that ICMPv6 Router Advertisement messages will be 1609accepted even when 1610.Va net.inet6.ip6.forwarding 1611is 1 1612.Pq packet forwarding is enabled 1613when 1614.Va net.inet6.ip6.rfc6204w3 1615is set to 1. 1616.Pp 1617Default is 1618.Dq Li NO . 1619.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1620.Pq Vt str 1621This assigns arbitrary description to an interface. 1622The 1623.Xr sysctl 8 1624variable 1625.Va net.ifdescr_maxlen 1626limits its length. 1627This static setting may be overridden by commands 1628started with dynamic interface configuration utilities 1629like 1630.Xr dhclient 8 1631hooks. The description can be seen with 1632.Xr ifconfig 8 1633command and it may be exported with 1634.Xr bsnmpd 1 1635daemon using its MIB-2 module. 1636.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1637.Pq Vt str 1638IPv6 functionality on an interface should be configured by 1639.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1640instead of setting ifconfig parameters in 1641.Va ifconfig_ Ns Aq Ar interface . 1642If this variable is empty, all of IPv6 configurations on the 1643specified interface by other variables such as 1644.Va ipv6_prefix_ Ns Ao Ar interface Ac 1645will be ignored. 1646.Pp 1647Aliases should be set by 1648.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1649with 1650.Dq Li inet6 1651keyword. 1652For example: 1653.Bd -literal 1654ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1655ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1656.Ed 1657.Pp 1658Interfaces that have an 1659.Dq Li inet6 accept_rtadv 1660keyword in 1661.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1662setting will be automatically configured by SLAAC 1663.Pq StateLess Address AutoConfiguration 1664described in 1665.Rs 1666.%T "RFC 4862" 1667.Re 1668.Pp 1669Note that a link-local address will be automatically configured in 1670addition to the configured global-scope addresses because the IPv6 1671specifications require it on each link. 1672The address is calculated from the MAC address by using an algorithm 1673defined in 1674.Rs 1675.%T "RFC 4862" 1676.%O "Section 5.3" 1677.Re 1678.Pp 1679If only a link-local address is needed on the interface, 1680the following configuration can be used: 1681.Bd -literal 1682ifconfig_ed0_ipv6="inet6 auto_linklocal" 1683.Ed 1684.Pp 1685A link-local address can also be configured manually. 1686This is useful for the default router address of an IPv6 router 1687so that it does not change when the network interface 1688card is replaced. 1689For example: 1690.Bd -literal 1691ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1692.Ed 1693.It Va ipv6_prefix_ Ns Aq Ar interface 1694.Pq Vt str 1695If one or more prefixes are defined in 1696.Va ipv6_prefix_ Ns Aq Ar interface 1697addresses based on each prefix and the EUI-64 interface index will be 1698configured on that interface. 1699Note that this variable will be ignored when 1700.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1701is empty. 1702.Pp 1703For example, the following configuration 1704.Bd -literal 1705ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1706.Ed 1707.Pp 1708is equivalent to the following: 1709.Bd -literal 1710ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1711ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1712ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1713ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1714.Ed 1715.Pp 1716These Subnet-Router anycast addresses will be added only when 1717.Va ipv6_gateway_enable 1718is YES. 1719.It Va ipv6_default_interface 1720.Pq Vt str 1721If not set to 1722.Dq Li NO , 1723this is the default output interface for scoped addresses. 1724This works only with ipv6_gateway_enable="NO". 1725.It Va ip6addrctl_enable 1726.Pq Vt bool 1727This variable is to enable configuring default address selection policy table 1728.Pq RFC 3484 . 1729The table can be specified in another variable 1730.Va ip6addrctl_policy . 1731For 1732.Va ip6addrctl_policy 1733the following keywords can be specified: 1734.Dq Li ipv4_prefer , 1735.Dq Li ipv6_prefer , 1736or 1737.Dq Li AUTO . 1738.Pp 1739If 1740.Dq Li ipv4_prefer 1741or 1742.Dq Li ipv6_prefer 1743is specified, 1744.Xr ip6addrctl 8 1745installs a pre-defined policy table described in Section 2.1 1746.Pq IPv6-preferred 1747or 10.3 1748.Pq IPv4-preferred 1749of RFC 3484. 1750.Pp 1751If 1752.Dq Li AUTO 1753is specified, it attempts to read a file 1754.Pa /etc/ip6addrctl.conf 1755first. 1756If this file is found, 1757.Xr ip6addrctl 8 1758reads and installs it. 1759If not found, a policy is automatically set 1760according to 1761.Va ipv6_activate_all_interfaces 1762variable; if the variable is set to 1763.Dq Li YES 1764the IPv6-preferred one is used. 1765Otherwise IPv4-preferred. 1766.Pp 1767The default value of 1768.Va ip6addrctl_enable 1769and 1770.Va ip6addrctl_policy 1771are 1772.Dq Li YES 1773and 1774.Dq Li AUTO , 1775respectively. 1776.It Va cloned_interfaces 1777.Pq Vt str 1778Set to the list of clonable network interfaces to create on this host. 1779Further cloning arguments may be passed to the 1780.Xr ifconfig 8 1781.Cm create 1782command for each interface by setting the 1783.Va create_args_ Ns Aq Ar interface 1784variable. 1785If an interface name is specified with 1786.Dq :sticky 1787keyword, 1788the interface will not be destroyed even when 1789.Pa rc.d/netif 1790script is invoked with 1791.Dq stop 1792argument. 1793This is useful when reconfiguring the interface without destroying it. 1794Entries in 1795.Va cloned_interfaces 1796are automatically appended to 1797.Va network_interfaces 1798for configuration. 1799.It Va cloned_interfaces_sticky 1800.Pq Vt bool 1801This variable is to globally enable functionality of 1802.Dq :sticky 1803keyword in 1804.Va cloned_interfaces 1805for all interfaces. 1806The default value is 1807.Dq NO . 1808Even if this variable is specified to 1809.Dq YES , 1810.Dq :nosticky 1811keyword can be used to override it on per interface basis. 1812.It Va gif_interfaces 1813.Pq Vt str 1814This variable is deprecated in favor of 1815.Va cloned_interfaces . 1816Set to the list of 1817.Xr gif 4 1818tunnel interfaces to configure on this host. 1819A 1820.Va gifconfig_ Ns Aq Ar interface 1821variable is assumed to exist for each value of 1822.Ar interface . 1823The value of this variable is used to configure the link layer of the 1824tunnel according to the syntax of the 1825.Cm tunnel 1826option to 1827.Xr ifconfig 8 . 1828Additionally, this option ensures that each listed interface is created 1829via the 1830.Cm create 1831option to 1832.Xr ifconfig 8 1833before attempting to configure it. 1834.It Va sppp_interfaces 1835.Pq Vt str 1836Set to the list of 1837.Xr sppp 4 1838interfaces to configure on this host. 1839A 1840.Va spppconfig_ Ns Aq Ar interface 1841variable is assumed to exist for each value of 1842.Ar interface . 1843Each interface should also be configured by a general 1844.Va ifconfig_ Ns Aq Ar interface 1845setting. 1846Refer to 1847.Xr spppcontrol 8 1848for more information about available options. 1849.It Va ppp_enable 1850.Pq Vt bool 1851If set to 1852.Dq Li YES , 1853run the 1854.Xr ppp 8 1855daemon. 1856.It Va ppp_profile 1857.Pq Vt str 1858The name of the profile to use from 1859.Pa /etc/ppp/ppp.conf . 1860Also used for per-profile overrides of 1861.Va ppp_mode 1862and 1863.Va ppp_nat , 1864and 1865.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1866When the profile name contains any of the characters 1867.Dq Li .-/+ 1868they are translated to 1869.Dq Li _ 1870for the proposes of the override variable names. 1871.It Va ppp_mode 1872.Pq Vt str 1873Mode in which to run the 1874.Xr ppp 8 1875daemon. 1876.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1877.Pq Vt str 1878Overrides the global 1879.Va ppp_mode 1880for 1881.Ar profile . 1882Accepted modes are 1883.Dq Li auto , 1884.Dq Li ddial , 1885.Dq Li direct 1886and 1887.Dq Li dedicated . 1888See the manual for a full description. 1889.It Va ppp_nat 1890.Pq Vt bool 1891If set to 1892.Dq Li YES , 1893enables network address translation. 1894Used in conjunction with 1895.Va gateway_enable 1896allows hosts on private network addresses access to the Internet using 1897this host as a network address translating router. 1898.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1899.Pq Vt str 1900Overrides the global 1901.Va ppp_nat 1902for 1903.Ar profile . 1904.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1905.Pq Vt int 1906Set the unit number to be used for this profile. 1907See the manual description of 1908.Fl unit Ns Ar N 1909for details. 1910.It Va ppp_user 1911.Pq Vt str 1912The name of the user under which 1913.Xr ppp 8 1914should be started. 1915By 1916default, 1917.Xr ppp 8 1918is started as 1919.Dq Li root . 1920.It Va rc_conf_files 1921.Pq Vt str 1922This option is used to specify a list of files that will override 1923the settings in 1924.Pa /etc/defaults/rc.conf . 1925The files will be read in the order in which they are specified and should 1926include the full path to the file. 1927By default, the files specified are 1928.Pa /etc/rc.conf 1929and 1930.Pa /etc/rc.conf.local 1931.It Va zfs_enable 1932.Pq Vt bool 1933If set to 1934.Dq Li YES , 1935.Pa /etc/rc.d/zfs 1936will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1937(ZVOLs). 1938.It Va gptboot_enable 1939.Pq Vt bool 1940If set to 1941.Dq Li YES , 1942.Pa /etc/rc.d/gptboot 1943will log if the system successfully (or not) booted from a GPT partition, 1944which had the 1945.Ar bootonce 1946attribute set using 1947.Xr gpart 8 1948utility. 1949.It Va gbde_autoattach_all 1950.Pq Vt bool 1951If set to 1952.Dq Li YES , 1953.Pa /etc/rc.d/gbde 1954will attempt to automatically initialize your .bde devices in 1955.Pa /etc/fstab . 1956.It Va gbde_devices 1957.Pq Vt str 1958List the devices that the script should try to attach, 1959or 1960.Dq Li AUTO . 1961.It Va gbde_lockdir 1962.Pq Vt str 1963The directory where the 1964.Xr gbde 4 1965lockfiles are located. 1966The default lockfile directory is 1967.Pa /etc . 1968.Pp 1969The lockfile for each individual 1970.Xr gbde 4 1971device can be overridden by setting the variable 1972.Va gbde_lock_ Ns Aq Ar device , 1973where 1974.Ar device 1975is the encrypted device without the 1976.Dq Pa /dev/ 1977and 1978.Dq Pa .bde 1979parts. 1980.It Va gbde_attach_attempts 1981.Pq Vt int 1982Number of times to attempt attaching to a 1983.Xr gbde 4 1984device, i.e., how many times the user is asked for the pass-phrase. 1985Default is 3. 1986.It Va geli_devices 1987.Pq Vt str 1988List of devices to automatically attach on boot. 1989Note that .eli devices from 1990.Pa /etc/fstab 1991are automatically appended to this list. 1992.It Va geli_tries 1993.Pq Vt int 1994Number of times user is asked for the pass-phrase. 1995If empty, it will be taken from 1996.Va kern.geom.eli.tries 1997sysctl variable. 1998.It Va geli_default_flags 1999.Pq Vt str 2000Default flags to use by 2001.Xr geli 8 2002when configuring disk encryption. 2003Flags can be configured for every device separately by defining 2004.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2005variable. 2006.It Va geli_autodetach 2007.Pq Vt str 2008Specifies if GELI devices should be marked for detach on last close after 2009file systems are mounted. 2010Default is 2011.Dq Li YES . 2012This can be changed for every device separately by defining 2013.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2014variable. 2015.It Va root_rw_mount 2016.Pq Vt bool 2017Set to 2018.Dq Li YES 2019by default. 2020After the file systems are checked at boot time, the root file system 2021is remounted as read-write if this is set to 2022.Dq Li YES . 2023Diskless systems that mount their root file system from a read-only remote 2024NFS share should set this to 2025.Dq Li NO 2026in their 2027.Pa rc.conf . 2028.It Va fsck_y_enable 2029.Pq Vt bool 2030If set to 2031.Dq Li YES , 2032.Xr fsck 8 2033will be run with the 2034.Fl y 2035flag if the initial preen 2036of the file systems fails. 2037.It Va background_fsck 2038.Pq Vt bool 2039If set to 2040.Dq Li YES , 2041the system will attempt to run 2042.Xr fsck 8 2043in the background where possible. 2044.It Va background_fsck_delay 2045.Pq Vt int 2046The amount of time in seconds to sleep before starting a background 2047.Xr fsck 8 . 2048It defaults to sixty seconds to allow large applications such as 2049the X server to start before disk I/O bandwidth is monopolized by 2050.Xr fsck 8 . 2051If set to a negative number, the background file system check will be 2052delayed indefinitely to allow the administrator to run it at a more 2053convenient time. 2054For example it may be run from 2055.Xr cron 8 2056by adding a line like 2057.Pp 2058.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2059.Pp 2060to 2061.Pa /etc/crontab . 2062.It Va netfs_types 2063.Pq Vt str 2064List of file system types that are network-based. 2065This list should generally not be modified by end users. 2066Use 2067.Va extra_netfs_types 2068instead. 2069.It Va extra_netfs_types 2070.Pq Vt str 2071If set to something other than 2072.Dq Li NO 2073(the default), 2074this variable extends the list of file system types 2075for which automatic mounting at startup by 2076.Xr rc 8 2077should be delayed until the network is initialized. 2078It should contain 2079a whitespace-separated list of network file system descriptor pairs, 2080each consisting of a file system type as passed to 2081.Xr mount 8 2082and a human-readable, one-word description, 2083joined with a colon 2084.Pq Ql \&: . 2085Extending the default list in this way is only necessary 2086when third party file system types are used. 2087.It Va syslogd_enable 2088.Pq Vt bool 2089If set to 2090.Dq Li YES , 2091run the 2092.Xr syslogd 8 2093daemon. 2094.It Va syslogd_program 2095.Pq Vt str 2096Path to 2097.Xr syslogd 8 2098(default 2099.Pa /usr/sbin/syslogd ) . 2100.It Va syslogd_flags 2101.Pq Vt str 2102If 2103.Va syslogd_enable 2104is set to 2105.Dq Li YES , 2106these are the flags to pass to 2107.Xr syslogd 8 . 2108.It Va inetd_enable 2109.Pq Vt bool 2110If set to 2111.Dq Li YES , 2112run the 2113.Xr inetd 8 2114daemon. 2115.It Va inetd_program 2116.Pq Vt str 2117Path to 2118.Xr inetd 8 2119(default 2120.Pa /usr/sbin/inetd ) . 2121.It Va inetd_flags 2122.Pq Vt str 2123If 2124.Va inetd_enable 2125is set to 2126.Dq Li YES , 2127these are the flags to pass to 2128.Xr inetd 8 . 2129.It Va hastd_enable 2130.Pq Vt bool 2131If set to 2132.Dq Li YES , 2133run the 2134.Xr hastd 8 2135daemon. 2136.It Va hastd_program 2137.Pq Vt str 2138Path to 2139.Xr hastd 8 2140(default 2141.Pa /sbin/hastd ) . 2142.It Va hastd_flags 2143.Pq Vt str 2144If 2145.Va hastd_enable 2146is set to 2147.Dq Li YES , 2148these are the flags to pass to 2149.Xr hastd 8 . 2150.It Va local_unbound_enable 2151.Pq Vt bool 2152If set to 2153.Dq Li YES , 2154run the 2155.Xr unbound 8 2156daemon as a local caching resolver. 2157.It Va kdc_enable 2158.Pq Vt bool 2159Set to 2160.Dq Li YES 2161to start a Kerberos 5 authentication server 2162at boot time. 2163.It Va kdc_program 2164.Pq Vt str 2165If 2166.Va kdc_enable 2167is set to 2168.Dq Li YES 2169this is the path to Kerberos 5 Authentication Server. 2170.It Va kdc_flags 2171.Pq Vt str 2172Empty by default. 2173This variable contains additional flags to be passed to the Kerberos 5 2174authentication server. 2175.It Va kadmind_enable 2176.Pq Vt bool 2177Set to 2178.Dq Li YES 2179to start 2180.Xr kadmind 8 , 2181the Kerberos 5 Administration Daemon; set to 2182.Dq Li NO 2183on a slave server. 2184.It Va kadmind_program 2185.Pq Vt str 2186If 2187.Va kadmind_enable 2188is set to 2189.Dq Li YES 2190this is the path to Kerberos 5 Administration Daemon. 2191.It Va kpasswdd_enable 2192.Pq Vt bool 2193Set to 2194.Dq Li YES 2195to start 2196.Xr kpasswdd 8 , 2197the Kerberos 5 Password-Changing Daemon; set to 2198.Dq Li NO 2199on a slave server. 2200.It Va kpasswdd_program 2201.Pq Vt str 2202If 2203.Va kpasswdd_enable 2204is set to 2205.Dq Li YES 2206this is the path to Kerberos 5 Password-Changing Daemon. 2207.It Va kfd_enable 2208.Pq Vt bool 2209Set to 2210.Dq Li YES 2211to start 2212.Xr kfd 8 , 2213the Kerberos 5 ticket forwarding daemon, at the boot time. 2214.It Va kfd_program 2215.Pq Vt str 2216Path to 2217.Xr kfd 8 2218(default 2219.Pa /usr/libexec/kfd ) . 2220.It Va rwhod_enable 2221.Pq Vt bool 2222If set to 2223.Dq Li YES , 2224run the 2225.Xr rwhod 8 2226daemon at boot time. 2227.It Va rwhod_flags 2228.Pq Vt str 2229If 2230.Va rwhod_enable 2231is set to 2232.Dq Li YES , 2233these are the flags to pass to it. 2234.It Va amd_enable 2235.Pq Vt bool 2236If set to 2237.Dq Li YES , 2238run the 2239.Xr amd 8 2240daemon at boot time. 2241.It Va amd_flags 2242.Pq Vt str 2243If 2244.Va amd_enable 2245is set to 2246.Dq Li YES , 2247these are the flags to pass to it. 2248See the 2249.Xr amd 8 2250manpage for more information. 2251.It Va amd_map_program 2252.Pq Vt str 2253If set, 2254the specified program is run to get the list of 2255.Xr amd 8 2256maps. 2257For example, if the 2258.Xr amd 8 2259maps are stored in NIS, one can set this to 2260run 2261.Xr ypcat 1 2262to get a list of 2263.Xr amd 8 2264maps from the 2265.Pa amd.master 2266NIS map. 2267.It Va update_motd 2268.Pq Vt bool 2269If set to 2270.Dq Li YES , 2271.Pa /etc/motd 2272will be updated at boot time to reflect the kernel release 2273being run. 2274If set to 2275.Dq Li NO , 2276.Pa /etc/motd 2277will not be updated. 2278.It Va nfs_client_enable 2279.Pq Vt bool 2280If set to 2281.Dq Li YES , 2282run the NFS client daemons at boot time. 2283.It Va nfs_access_cache 2284.Pq Vt int 2285If 2286.Va nfs_client_enable 2287is set to 2288.Dq Li YES , 2289this can be set to 2290.Dq Li 0 2291to disable NFS ACCESS RPC caching, or to the number of seconds for which 2292NFS ACCESS 2293results should be cached. 2294A value of 2-10 seconds will substantially reduce network 2295traffic for many NFS operations. 2296.It Va nfs_server_enable 2297.Pq Vt bool 2298If set to 2299.Dq Li YES , 2300run the NFS server daemons at boot time. 2301.It Va nfs_server_flags 2302.Pq Vt str 2303If 2304.Va nfs_server_enable 2305is set to 2306.Dq Li YES , 2307these are the flags to pass to the 2308.Xr nfsd 8 2309daemon. 2310.It Va nfsv4_server_enable 2311.Pq Vt bool 2312If 2313.Va nfs_server_enable 2314is set to 2315.Dq Li YES 2316and 2317.Va nfsv4_server_enable 2318are set to 2319.Dq Li YES , 2320enable the server for NFSv4 as well as NFSv2 and NFSv3. 2321.It Va nfsuserd_enable 2322.Pq Vt bool 2323If 2324.Va nfsuserd_enable 2325is set to 2326.Dq Li YES , 2327run the nfsuserd daemon, which is needed for NFSv4 in order 2328to map between user/group names vs uid/gid numbers. 2329If 2330.Va nfsv4_server_enable 2331is set to 2332.Dq Li YES , 2333this will be forced enabled. 2334.It Va nfsuserd_flags 2335.Pq Vt str 2336If 2337.Va nfsuserd_enable 2338is set to 2339.Dq Li YES , 2340these are the flags to pass to the 2341.Xr nfsuserd 8 2342daemon. 2343.It Va nfscbd_enable 2344.Pq Vt bool 2345If 2346.Va nfscbd_enable 2347is set to 2348.Dq Li YES , 2349run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2350.It Va nfscbd_flags 2351.Pq Vt str 2352If 2353.Va nfscbd_enable 2354is set to 2355.Dq Li YES , 2356these are the flags to pass to the 2357.Xr nfscbd 8 2358daemon. 2359.It Va mountd_enable 2360.Pq Vt bool 2361If set to 2362.Dq Li YES , 2363and no 2364.Va nfs_server_enable 2365is set, start 2366.Xr mountd 8 , 2367but not 2368.Xr nfsd 8 2369daemon. 2370It is commonly needed to run CFS without real NFS used. 2371.It Va mountd_flags 2372.Pq Vt str 2373If 2374.Va mountd_enable 2375is set to 2376.Dq Li YES , 2377these are the flags to pass to the 2378.Xr mountd 8 2379daemon. 2380.It Va weak_mountd_authentication 2381.Pq Vt bool 2382If set to 2383.Dq Li YES , 2384allow services like PCNFSD to make non-privileged mount 2385requests. 2386.It Va nfs_reserved_port_only 2387.Pq Vt bool 2388If set to 2389.Dq Li YES , 2390provide NFS services only on a secure port. 2391.It Va nfs_bufpackets 2392.Pq Vt int 2393If set to a number, indicates the number of packets worth of 2394socket buffer space to reserve on an NFS client. 2395The kernel default is typically 4. 2396Using a higher number may be 2397useful on gigabit networks to improve performance. 2398The minimum value is 23992 and the maximum is 64. 2400.It Va rpc_lockd_enable 2401.Pq Vt bool 2402If set to 2403.Dq Li YES 2404and also an NFS server or client, run 2405.Xr rpc.lockd 8 2406at boot time. 2407.It Va rpc_lockd_flags 2408.Pq Vt str 2409If 2410.Va rpc_lockd_enable 2411is set to 2412.Dq Li YES , 2413these are the flags to pass to the 2414.Xr rpc.lockd 8 2415daemon. 2416.It Va rpc_statd_enable 2417.Pq Vt bool 2418If set to 2419.Dq Li YES 2420and also an NFS server or client, run 2421.Xr rpc.statd 8 2422at boot time. 2423.It Va rpc_statd_flags 2424.Pq Vt str 2425If 2426.Va rpc_statd_enable 2427is set to 2428.Dq Li YES , 2429these are the flags to pass to the 2430.Xr rpc.statd 8 2431daemon. 2432.It Va rpcbind_program 2433.Pq Vt str 2434Path to 2435.Xr rpcbind 8 2436(default 2437.Pa /usr/sbin/rpcbind ) . 2438.It Va rpcbind_enable 2439.Pq Vt bool 2440If set to 2441.Dq Li YES , 2442run the 2443.Xr rpcbind 8 2444service at boot time. 2445.It Va rpcbind_flags 2446.Pq Vt str 2447If 2448.Va rpcbind_enable 2449is set to 2450.Dq Li YES , 2451these are the flags to pass to the 2452.Xr rpcbind 8 2453daemon. 2454.It Va keyserv_enable 2455.Pq Vt bool 2456If set to 2457.Dq Li YES , 2458run the 2459.Xr keyserv 8 2460daemon on boot for running Secure RPC. 2461.It Va keyserv_flags 2462.Pq Vt str 2463If 2464.Va keyserv_enable 2465is set to 2466.Dq Li YES , 2467these are the flags to pass to 2468.Xr keyserv 8 2469daemon. 2470.It Va pppoed_enable 2471.Pq Vt bool 2472If set to 2473.Dq Li YES , 2474run the 2475.Xr pppoed 8 2476daemon at boot time to provide PPP over Ethernet services. 2477.It Va pppoed_ Ns Aq Ar provider 2478.Pq Vt str 2479.Xr pppoed 8 2480listens to requests to this 2481.Ar provider 2482and ultimately runs 2483.Xr ppp 8 2484with a 2485.Ar system 2486argument of the same name. 2487.It Va pppoed_flags 2488.Pq Vt str 2489Additional flags to pass to 2490.Xr pppoed 8 . 2491.It Va pppoed_interface 2492.Pq Vt str 2493The network interface to run 2494.Xr pppoed 8 2495on. 2496This is mandatory when 2497.Va pppoed_enable 2498is set to 2499.Dq Li YES . 2500.It Va timed_enable 2501.Pq Vt bool 2502If set to 2503.Dq Li YES , 2504run the 2505.Xr timed 8 2506service at boot time. 2507This command is intended for networks of 2508machines where a consistent 2509.Dq "network time" 2510for all hosts must be established. 2511This is often useful in large NFS 2512environments where time stamps on files are expected to be consistent 2513network-wide. 2514.It Va timed_flags 2515.Pq Vt str 2516If 2517.Va timed_enable 2518is set to 2519.Dq Li YES , 2520these are the flags to pass to the 2521.Xr timed 8 2522service. 2523.It Va ntpdate_enable 2524.Pq Vt bool 2525If set to 2526.Dq Li YES , 2527run 2528.Xr ntpdate 8 2529at system startup. 2530This command is intended to 2531synchronize the system clock only 2532.Em once 2533from some standard reference. 2534.It Va ntpdate_config 2535.Pq Vt str 2536Configuration file for 2537.Xr ntpdate 8 . 2538Default 2539.Pa /etc/ntp.conf . 2540.It Va ntpdate_hosts 2541.Pq Vt str 2542A whitespace-separated list of NTP servers to synchronize with at startup. 2543The default is to use the servers listed in 2544.Va ntpdate_config , 2545if that file exists. 2546.It Va ntpdate_program 2547.Pq Vt str 2548Path to 2549.Xr ntpdate 8 2550(default 2551.Pa /usr/sbin/ntpdate ) . 2552.It Va ntpdate_flags 2553.Pq Vt str 2554If 2555.Va ntpdate_enable 2556is set to 2557.Dq Li YES , 2558these are the flags to pass to the 2559.Xr ntpdate 8 2560command (typically a hostname). 2561.It Va ntpd_enable 2562.Pq Vt bool 2563If set to 2564.Dq Li YES , 2565run the 2566.Xr ntpd 8 2567command at boot time. 2568.It Va ntpd_program 2569.Pq Vt str 2570Path to 2571.Xr ntpd 8 2572(default 2573.Pa /usr/sbin/ntpd ) . 2574.It Va ntpd_config 2575.Pq Vt str 2576Path to 2577.Xr ntpd 8 2578configuration file. 2579Default 2580.Pa /etc/ntp.conf . 2581.It Va ntpd_flags 2582.Pq Vt str 2583If 2584.Va ntpd_enable 2585is set to 2586.Dq Li YES , 2587these are the flags to pass to the 2588.Xr ntpd 8 2589daemon. 2590.It Va ntpd_sync_on_start 2591.Pq Vt bool 2592If set to 2593.Dq Li YES , 2594.Xr ntpd 8 2595is run with the 2596.Fl g 2597flag, which syncs the system's clock on startup. 2598See 2599.Xr ntpd 8 2600for more information regarding the 2601.Fl g 2602option. 2603This is a preferred alternative to using 2604.Xr ntpdate 8 2605or specifying the 2606.Va ntpdate_enable 2607variable. 2608.It Va nis_client_enable 2609.Pq Vt bool 2610If set to 2611.Dq Li YES , 2612run the 2613.Xr ypbind 8 2614service at system boot time. 2615.It Va nis_client_flags 2616.Pq Vt str 2617If 2618.Va nis_client_enable 2619is set to 2620.Dq Li YES , 2621these are the flags to pass to the 2622.Xr ypbind 8 2623service. 2624.It Va nis_ypldap_enable 2625.Pq Vt bool 2626If set to 2627.Dq Li YES , 2628run the 2629.Xr ypldap 8 2630daemon at system boot time. 2631.It Va nis_ypldap_flags 2632.Pq Vt str 2633If 2634.Va nis.ypldap_enable 2635is set to 2636.Dq Li YES , 2637these are the flags to pass to the 2638.Xr ypldap 8 2639daemon. 2640.It Va nis_ypset_enable 2641.Pq Vt bool 2642If set to 2643.Dq Li YES , 2644run the 2645.Xr ypset 8 2646daemon at system boot time. 2647.It Va nis_ypset_flags 2648.Pq Vt str 2649If 2650.Va nis_ypset_enable 2651is set to 2652.Dq Li YES , 2653these are the flags to pass to the 2654.Xr ypset 8 2655daemon. 2656.It Va nis_server_enable 2657.Pq Vt bool 2658If set to 2659.Dq Li YES , 2660run the 2661.Xr ypserv 8 2662daemon at system boot time. 2663.It Va nis_server_flags 2664.Pq Vt str 2665If 2666.Va nis_server_enable 2667is set to 2668.Dq Li YES , 2669these are the flags to pass to the 2670.Xr ypserv 8 2671daemon. 2672.It Va nis_ypxfrd_enable 2673.Pq Vt bool 2674If set to 2675.Dq Li YES , 2676run the 2677.Xr rpc.ypxfrd 8 2678daemon at system boot time. 2679.It Va nis_ypxfrd_flags 2680.Pq Vt str 2681If 2682.Va nis_ypxfrd_enable 2683is set to 2684.Dq Li YES , 2685these are the flags to pass to the 2686.Xr rpc.ypxfrd 8 2687daemon. 2688.It Va nis_yppasswdd_enable 2689.Pq Vt bool 2690If set to 2691.Dq Li YES , 2692run the 2693.Xr rpc.yppasswdd 8 2694daemon at system boot time. 2695.It Va nis_yppasswdd_flags 2696.Pq Vt str 2697If 2698.Va nis_yppasswdd_enable 2699is set to 2700.Dq Li YES , 2701these are the flags to pass to the 2702.Xr rpc.yppasswdd 8 2703daemon. 2704.It Va rpc_ypupdated_enable 2705.Pq Vt bool 2706If set to 2707.Dq Li YES , 2708run the 2709.Nm rpc.ypupdated 2710daemon at system boot time. 2711.It Va bsnmpd_enable 2712.Pq Vt bool 2713If set to 2714.Dq Li YES , 2715run the 2716.Xr bsnmpd 1 2717daemon at system boot time. 2718Be sure to understand the security implications of running SNMP daemon 2719on your host. 2720.It Va bsnmpd_flags 2721.Pq Vt str 2722If 2723.Va bsnmpd_enable 2724is set to 2725.Dq Li YES , 2726these are the flags to pass to the 2727.Xr bsnmpd 1 2728daemon. 2729.It Va defaultrouter 2730.Pq Vt str 2731If not set to 2732.Dq Li NO , 2733create a default route to this host name or IP address 2734(use an IP address if this router is also required to get to the 2735name server!). 2736.It Va ipv6_defaultrouter 2737.Pq Vt str 2738The IPv6 equivalent of 2739.Va defaultrouter . 2740.It Va static_arp_pairs 2741.Pq Vt str 2742Set to the list of static ARP pairs that are to be added at system 2743boot time. 2744For each whitespace separated 2745.Ar element 2746in the value, a 2747.Va static_arp_ Ns Aq Ar element 2748variable is assumed to exist whose contents will later be passed to a 2749.Dq Nm arp Cm -S 2750operation. 2751For example 2752.Bd -literal 2753static_arp_pairs="gw" 2754static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2755.Ed 2756.It Va static_ndp_pairs 2757.Pq Vt str 2758Set to the list of static NDP pairs that are to be added at system 2759boot time. 2760For each whitespace separated 2761.Ar element 2762in the value, a 2763.Va static_ndp_ Ns Aq Ar element 2764variable is assumed to exist whose contents will later be passed to a 2765.Dq Nm ndp Cm -s 2766operation. 2767For example 2768.Bd -literal 2769static_ndp_pairs="gw" 2770static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2771.Ed 2772.It Va static_routes 2773.Pq Vt str 2774Set to the list of static routes that are to be added at system 2775boot time. 2776If not set to 2777.Dq Li NO 2778then for each whitespace separated 2779.Ar element 2780in the value, a 2781.Va route_ Ns Aq Ar element 2782variable is assumed to exist 2783whose contents will later be passed to a 2784.Dq Nm route Cm add 2785operation. 2786For example: 2787.Bd -literal 2788static_routes="ext mcast:gif0 gif0local:gif0" 2789route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2790route_mcast="-net 224.0.0.0/4 -iface gif0" 2791route_gif0local="-host 169.254.1.1 -iface lo0" 2792.Ed 2793.Pp 2794When an 2795.Ar element 2796is in the form of 2797.Li name:ifname , 2798the route is specific to the interface 2799.Li ifname . 2800.It Va ipv6_static_routes 2801.Pq Vt str 2802The IPv6 equivalent of 2803.Va static_routes . 2804If not set to 2805.Dq Li NO 2806then for each whitespace separated 2807.Ar element 2808in the value, a 2809.Va ipv6_route_ Ns Aq Ar element 2810variable is assumed to exist 2811whose contents will later be passed to a 2812.Dq Nm route Cm add Fl inet6 2813operation. 2814.It Va gateway_enable 2815.Pq Vt bool 2816If set to 2817.Dq Li YES , 2818configure host to act as an IP router, e.g.\& to forward packets 2819between interfaces. 2820.It Va ipv6_gateway_enable 2821.Pq Vt bool 2822The IPv6 equivalent of 2823.Va gateway_enable . 2824.It Va routed_enable 2825.Pq Vt bool 2826If set to 2827.Dq Li YES , 2828run a routing daemon of some sort, based on the 2829settings of 2830.Va routed_program 2831and 2832.Va routed_flags . 2833.It Va route6d_enable 2834.Pq Vt bool 2835The IPv6 equivalent of 2836.Va routed_enable . 2837If set to 2838.Dq Li YES , 2839run a routing daemon of some sort, based on the 2840settings of 2841.Va route6d_program 2842and 2843.Va route6d_flags . 2844.It Va routed_program 2845.Pq Vt str 2846If 2847.Va routed_enable 2848is set to 2849.Dq Li YES , 2850this is the name of the routing daemon to use. 2851.It Va route6d_program 2852.Pq Vt str 2853The IPv6 equivalent of 2854.Va routed_program . 2855.It Va routed_flags 2856.Pq Vt str 2857If 2858.Va routed_enable 2859is set to 2860.Dq Li YES , 2861these are the flags to pass to the routing daemon. 2862.It Va route6d_flags 2863.Pq Vt str 2864The IPv6 equivalent of 2865.Va routed_flags . 2866.It Va rtadvd_enable 2867.Pq Vt bool 2868If set to 2869.Dq Li YES , 2870run the 2871.Xr rtadvd 8 2872daemon at boot time. 2873The 2874.Xr rtadvd 8 2875utility sends ICMPv6 Router Advertisement messages to 2876the interfaces specified in 2877.Va rtadvd_interfaces . 2878This should only be enabled with great care. 2879You may want to fine-tune 2880.Xr rtadvd.conf 5 . 2881.It Va rtadvd_interfaces 2882.Pq Vt str 2883If 2884.Va rtadvd_enable 2885is set to 2886.Dq Li YES 2887this is the list of interfaces to use. 2888.It Va arpproxy_all 2889.Pq Vt bool 2890If set to 2891.Dq Li YES , 2892enable global proxy ARP. 2893.It Va forward_sourceroute 2894.Pq Vt bool 2895If set to 2896.Dq Li YES 2897and 2898.Va gateway_enable 2899is also set to 2900.Dq Li YES , 2901source-routed packets are forwarded. 2902.It Va accept_sourceroute 2903.Pq Vt bool 2904If set to 2905.Dq Li YES , 2906the system will accept source-routed packets directed at it. 2907.It Va rarpd_enable 2908.Pq Vt bool 2909If set to 2910.Dq Li YES , 2911run the 2912.Xr rarpd 8 2913daemon at system boot time. 2914.It Va rarpd_flags 2915.Pq Vt str 2916If 2917.Va rarpd_enable 2918is set to 2919.Dq Li YES , 2920these are the flags to pass to the 2921.Xr rarpd 8 2922daemon. 2923.It Va bootparamd_enable 2924.Pq Vt bool 2925If set to 2926.Dq Li YES , 2927run the 2928.Xr bootparamd 8 2929daemon at system boot time. 2930.It Va bootparamd_flags 2931.Pq Vt str 2932If 2933.Va bootparamd_enable 2934is set to 2935.Dq Li YES , 2936these are the flags to pass to the 2937.Xr bootparamd 8 2938daemon. 2939.It Va stf_interface_ipv4addr 2940.Pq Vt str 2941If not set to 2942.Dq Li NO , 2943this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2944interface). 2945Specify this entry to enable the 6to4 interface. 2946.It Va stf_interface_ipv4plen 2947.Pq Vt int 2948Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2949An effective value is 0-31. 2950.It Va stf_interface_ipv6_ifid 2951.Pq Vt str 2952IPv6 interface ID for 2953.Xr stf 4 . 2954This can be set to 2955.Dq Li AUTO . 2956.It Va stf_interface_ipv6_slaid 2957.Pq Vt str 2958IPv6 Site Level Aggregator for 2959.Xr stf 4 . 2960.It Va ipv6_ipv4mapping 2961.Pq Vt bool 2962If set to 2963.Dq Li YES 2964this enables IPv4 mapped IPv6 address communication (like 2965.Li ::ffff:a.b.c.d ) . 2966.It Va rtsold_enable 2967.Pq Vt bool 2968Set to 2969.Dq Li YES 2970to enable the 2971.Xr rtsold 8 2972daemon to send ICMPv6 Router Solicitation messages. 2973.It Va rtsold_flags 2974.Pq Vt str 2975If 2976.Va rtsold_enable 2977is set to 2978.Dq Li YES , 2979these are the flags to pass to 2980.Xr rtsold 8 . 2981.It Va rtsol_flags 2982.Pq Vt str 2983For interfaces configured with the 2984.Dq Li inet6 accept_rtadv 2985keyword, these are the flags to pass to 2986.Xr rtsol 8 . 2987.Pp 2988Note that 2989.Va rtsold_enable 2990is mutually exclusive to 2991.Va rtsol_flags ; 2992.Va rtsold_enable 2993takes precedence. 2994.It Va keybell 2995.Pq Vt str 2996The keyboard bell sound. 2997Set to 2998.Dq Li normal , 2999.Dq Li visual , 3000.Dq Li off , 3001or 3002.Dq Li NO 3003if the default behavior is desired. 3004For details, refer to the 3005.Xr kbdcontrol 1 3006manpage. 3007.It Va keyboard 3008.Pq Vt str 3009If set to a non-null string, the virtual console's keyboard input is 3010set to this device. 3011.It Va keymap 3012.Pq Vt str 3013If set to 3014.Dq Li NO , 3015no keymap is installed, otherwise the value is used to install 3016the keymap file found in 3017.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3018(if using 3019.Xr syscons 4 ) or 3020.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3021(if using 3022.Xr vt 4 ) . 3023.It Va keyrate 3024.Pq Vt str 3025The keyboard repeat speed. 3026Set to 3027.Dq Li slow , 3028.Dq Li normal , 3029.Dq Li fast , 3030or 3031.Dq Li NO 3032if the default behavior is desired. 3033.It Va keychange 3034.Pq Vt str 3035If not set to 3036.Dq Li NO , 3037attempt to program the function keys with the value. 3038The value should 3039be a single string of the form: 3040.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3041.It Va cursor 3042.Pq Vt str 3043Can be set to the value of 3044.Dq Li normal , 3045.Dq Li blink , 3046.Dq Li destructive , 3047or 3048.Dq Li NO 3049to set the cursor behavior explicitly or choose the default behavior. 3050.It Va scrnmap 3051.Pq Vt str 3052If set to 3053.Dq Li NO , 3054no screen map is installed, otherwise the value is used to install 3055the screen map file in 3056.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3057This parameter is ignored when using 3058.Xr vt 4 3059as the console driver. 3060.It Va font8x16 3061.Pq Vt str 3062If set to 3063.Dq Li NO , 3064the default 8x16 font value is used for screen size requests, otherwise 3065the value in 3066.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3067or 3068.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3069is used (depending on the console driver being used). 3070.It Va font8x14 3071.Pq Vt str 3072If set to 3073.Dq Li NO , 3074the default 8x14 font value is used for screen size requests, otherwise 3075the value in 3076.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3077or 3078.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3079is used (depending on the console driver being used). 3080.It Va font8x8 3081.Pq Vt str 3082If set to 3083.Dq Li NO , 3084the default 8x8 font value is used for screen size requests, otherwise 3085the value in 3086.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3087or 3088.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3089is used (depending on the console driver being used). 3090.It Va blanktime 3091.Pq Vt int 3092If set to 3093.Dq Li NO , 3094the default screen blanking interval is used, otherwise it is set 3095to 3096.Ar value 3097seconds. 3098.It Va saver 3099.Pq Vt str 3100If not set to 3101.Dq Li NO , 3102this is the actual screen saver to use 3103.Li ( blank , snake , daemon , 3104etc). 3105.It Va moused_nondefault_enable 3106.Pq Vt str 3107If set to 3108.Dq Li NO , 3109the mouse device specified on 3110the command line is not automatically treated as enabled by the 3111.Pa /etc/rc.d/moused 3112script. 3113Having this variable set to 3114.Dq Li YES 3115allows a 3116.Xr usb 4 3117mouse, 3118for example, 3119to be enabled as soon as it is plugged in. 3120.It Va moused_enable 3121.Pq Vt str 3122If set to 3123.Dq Li YES , 3124the 3125.Xr moused 8 3126daemon is started for doing cut/paste selection on the console. 3127.It Va moused_type 3128.Pq Vt str 3129This is the protocol type of the mouse connected to this host. 3130This variable must be set if 3131.Va moused_enable 3132is set to 3133.Dq Li YES . 3134The 3135.Xr moused 8 3136daemon 3137is able to detect the appropriate mouse type automatically in many cases. 3138Set this variable to 3139.Dq Li auto 3140to let the daemon detect it, or 3141select one from the following list if the automatic detection fails. 3142.Pp 3143If the mouse is attached to the PS/2 mouse port, choose 3144.Dq Li auto 3145or 3146.Dq Li ps/2 , 3147regardless of the brand and model of the mouse. 3148Likewise, if the 3149mouse is attached to the bus mouse port, choose 3150.Dq Li auto 3151or 3152.Dq Li busmouse . 3153All other protocols are for serial mice and will not work with 3154the PS/2 and bus mice. 3155If this is a USB mouse, 3156.Dq Li auto 3157is the only protocol type which will work. 3158.Pp 3159.Bl -tag -width ".Li x10mouseremote" -compact 3160.It Li microsoft 3161Microsoft mouse (serial) 3162.It Li intellimouse 3163Microsoft IntelliMouse (serial) 3164.It Li mousesystems 3165Mouse systems Corp.\& mouse (serial) 3166.It Li mmseries 3167MM Series mouse (serial) 3168.It Li logitech 3169Logitech mouse (serial) 3170.It Li busmouse 3171A bus mouse 3172.It Li mouseman 3173Logitech MouseMan and TrackMan (serial) 3174.It Li glidepoint 3175ALPS GlidePoint (serial) 3176.It Li thinkingmouse 3177Kensington ThinkingMouse (serial) 3178.It Li ps/2 3179PS/2 mouse 3180.It Li mmhittab 3181MM HitTablet (serial) 3182.It Li x10mouseremote 3183X10 MouseRemote (serial) 3184.It Li versapad 3185Interlink VersaPad (serial) 3186.El 3187.Pp 3188Even if the mouse is not in the above list, it may be compatible 3189with one in the list. 3190Refer to the manual page for 3191.Xr moused 8 3192for compatibility information. 3193.Pp 3194It should also be noted that while this is enabled, any 3195other client of the mouse (such as an X server) should access 3196the mouse through the virtual mouse device, 3197.Pa /dev/sysmouse , 3198and configure it as a 3199.Dq Li sysmouse 3200type mouse, since all 3201mouse data is converted to this single canonical format when 3202using 3203.Xr moused 8 . 3204If the client program does not support the 3205.Dq Li sysmouse 3206type, 3207specify the 3208.Dq Li mousesystems 3209type. 3210It is the second preferred type. 3211.It Va moused_port 3212.Pq Vt str 3213If 3214.Va moused_enable 3215is set to 3216.Dq Li YES , 3217this is the actual port the mouse is on. 3218It might be 3219.Pa /dev/cuau0 3220for a COM1 serial mouse, 3221.Pa /dev/psm0 3222for a PS/2 mouse or 3223.Pa /dev/mse0 3224for a bus mouse, for example. 3225.It Va moused_flags 3226.Pq Vt str 3227If 3228.Va moused_flags 3229is set, its value is used as an additional set of flags to pass to the 3230.Xr moused 8 3231daemon. 3232.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3233When 3234.Va moused_nondefault_enable 3235is enabled, and a 3236.Xr moused 8 3237daemon is started for a non-default port, the 3238.Va "moused_" Ns Ar XXX Ns Va "_flags" 3239set of options has precedence over and replaces the default 3240.Va moused_flags 3241(where 3242.Ar XXX 3243is the name of the non-default port, i.e.,\& 3244.Ar ums0 ) . 3245By setting 3246.Va "moused_" Ns Ar XXX Ns Va "_flags" 3247it is possible to set up a different set of default flags for each 3248.Xr moused 8 3249instance. 3250For example, you can use 3251.Dq Li "-3" 3252for the default 3253.Va moused_flags 3254to make your laptop's touchpad more comfortable to use, 3255but an empty set of options for 3256.Va moused_ums0_flags 3257when your 3258.Xr usb 4 3259mouse has three or more buttons. 3260.It Va mousechar_start 3261.Pq Vt int 3262If set to 3263.Dq Li NO , 3264the default mouse cursor character range 3265.Li 0xd0 Ns - Ns Li 0xd3 3266is used, 3267otherwise the range start is set 3268to 3269.Ar value 3270character, see 3271.Xr vidcontrol 1 . 3272Use if the default range is occupied in the language code table. 3273.It Va allscreens_flags 3274.Pq Vt str 3275If set, 3276.Xr vidcontrol 1 3277is run with these options for each of the virtual terminals 3278.Pq Pa /dev/ttyv* . 3279For example, 3280.Dq Fl m Cm on 3281will enable the mouse pointer on all virtual terminals 3282if 3283.Va moused_enable 3284is set to 3285.Dq Li YES . 3286.It Va allscreens_kbdflags 3287.Pq Vt str 3288If set, 3289.Xr kbdcontrol 1 3290is run with these options for each of the virtual terminals 3291.Pq Pa /dev/ttyv* . 3292For example, 3293.Dq Fl h Li 200 3294will set the 3295.Xr syscons 4 3296or 3297.Xr vt 4 3298scrollback (history) buffer to 200 lines. 3299.It Va cron_enable 3300.Pq Vt bool 3301If set to 3302.Dq Li YES , 3303run the 3304.Xr cron 8 3305daemon at system boot time. 3306.It Va cron_program 3307.Pq Vt str 3308Path to 3309.Xr cron 8 3310(default 3311.Pa /usr/sbin/cron ) . 3312.It Va cron_flags 3313.Pq Vt str 3314If 3315.Va cron_enable 3316is set to 3317.Dq Li YES , 3318these are the flags to pass to 3319.Xr cron 8 . 3320.It Va cron_dst 3321.Pq Vt bool 3322If set to 3323.Dq Li YES , 3324enable the special handling of transitions to and from the 3325Daylight Saving Time in 3326.Xr cron 8 3327(equivalent to using the flag 3328.Fl s ) . 3329.It Va lpd_program 3330.Pq Vt str 3331Path to 3332.Xr lpd 8 3333(default 3334.Pa /usr/sbin/lpd ) . 3335.It Va lpd_enable 3336.Pq Vt bool 3337If set to 3338.Dq Li YES , 3339run the 3340.Xr lpd 8 3341daemon at system boot time. 3342.It Va lpd_flags 3343.Pq Vt str 3344If 3345.Va lpd_enable 3346is set to 3347.Dq Li YES , 3348these are the flags to pass to the 3349.Xr lpd 8 3350daemon. 3351.It Va chkprintcap_enable 3352.Pq Vt bool 3353If set to 3354.Dq Li YES , 3355run the 3356.Xr chkprintcap 8 3357command before starting the 3358.Xr lpd 8 3359daemon. 3360.It Va chkprintcap_flags 3361.Pq Vt str 3362If 3363.Va lpd_enable 3364and 3365.Va chkprintcap_enable 3366are set to 3367.Dq Li YES , 3368these are the flags to pass to the 3369.Xr chkprintcap 8 3370program. 3371The default is 3372.Dq Li -d , 3373which causes missing directories to be created. 3374.It Va mta_start_script 3375.Pq Vt str 3376This variable specifies the full path to the script to run to start 3377a mail transfer agent. 3378The default is 3379.Pa /etc/rc.sendmail . 3380The 3381.Va sendmail_* 3382variables which 3383.Pa /etc/rc.sendmail 3384uses are documented in the 3385.Xr rc.sendmail 8 3386manual page. 3387.It Va dumpdev 3388.Pq Vt str 3389Indicates the device (usually a swap partition) to which a crash dump 3390should be written in the event of a system crash. 3391If the value of this variable is 3392.Dq Li AUTO , 3393the first suitable swap device listed in 3394.Pa /etc/fstab 3395will be used as dump device. 3396Otherwise, the value of this variable is passed as the argument to 3397.Xr dumpon 8 . 3398To disable crash dumps, set this variable to 3399.Dq Li NO . 3400.It Va dumpon_flags 3401.Pq Vt str 3402Flags to pass to 3403.Xr dumpon 8 3404when configuring 3405.Va dumpdev 3406as the system dump device. 3407.It Va dumpdir 3408.Pq Vt str 3409When the system reboots after a crash and a crash dump is found on the 3410device specified by the 3411.Va dumpdev 3412variable, 3413.Xr savecore 8 3414will save that crash dump and a copy of the kernel to the directory 3415specified by the 3416.Va dumpdir 3417variable. 3418The default value is 3419.Pa /var/crash . 3420Set to 3421.Dq Li NO 3422to not run 3423.Xr savecore 8 3424at boot time when 3425.Va dumpdir 3426is set. 3427.It Va savecore_enable 3428.Pq Vt bool 3429If set to 3430.Dq Li NO , 3431disable automatic extraction of the crash dump from the 3432.Va dumpdev . 3433.It Va savecore_flags 3434.Pq Vt str 3435If crash dumps are enabled, these are the flags to pass to the 3436.Xr savecore 8 3437utility. 3438.It Va quota_enable 3439.Pq Vt bool 3440Set to 3441.Dq Li YES 3442to turn on user and group disk quotas on system startup via the 3443.Xr quotaon 8 3444command for all file systems marked as having quotas enabled in 3445.Pa /etc/fstab . 3446The kernel must be built with 3447.Cd "options QUOTA" 3448for disk quotas to function. 3449.It Va check_quotas 3450.Pq Vt bool 3451Set to 3452.Dq Li YES 3453to enable user and group disk quota checking via the 3454.Xr quotacheck 8 3455command. 3456.It Va quotacheck_flags 3457.Pq Vt str 3458If 3459.Va quota_enable 3460is set to 3461.Dq Li YES , 3462and 3463.Va check_quotas 3464is set to 3465.Dq Li YES , 3466these are the flags to pass to the 3467.Xr quotacheck 8 3468utility. 3469The default is 3470.Dq Li "-a" , 3471which checks quotas for all file systems with quotas enabled in 3472.Pa /etc/fstab . 3473.It Va quotaon_flags 3474.Pq Vt str 3475If 3476.Va quota_enable 3477is set to 3478.Dq Li YES , 3479these are the flags to pass to the 3480.Xr quotaon 8 3481utility. 3482The default is 3483.Dq Li "-a" , 3484which enables quotas for all file systems with quotas enabled in 3485.Pa /etc/fstab . 3486.It Va quotaoff_flags 3487.Pq Vt str 3488If 3489.Va quota_enable 3490is set to 3491.Dq Li YES , 3492these are the flags to pass to the 3493.Xr quotaoff 8 3494utility when shutting down the quota system. 3495The default is 3496.Dq Li "-a" , 3497which disables quotas for all file systems with quotas enabled in 3498.Pa /etc/fstab . 3499.It Va accounting_enable 3500.Pq Vt bool 3501Set to 3502.Dq Li YES 3503to enable system accounting through the 3504.Xr accton 8 3505facility. 3506.It Va ibcs2_enable 3507.Pq Vt bool 3508Set to 3509.Dq Li YES 3510to enable iBCS2 (SCO) binary emulation at system initial boot 3511time. 3512.It Va ibcs2_loaders 3513.Pq Vt str 3514If not set to 3515.Dq Li NO 3516and if 3517.Va ibcs2_enable 3518is set to 3519.Dq Li YES , 3520this specifies a list of additional iBCS2 loaders to enable. 3521.It Va firstboot_sentinel 3522.Pq Vt str 3523This variable specifies the full path to a 3524.Dq first boot 3525sentinel file. 3526If a file exists with this path, 3527.Pa rc.d 3528scripts with the 3529.Dq firstboot 3530keyword will be run on startup and the sentinel file will be deleted 3531after the boot process completes. 3532The sentinel file must be located on a writable file system which is 3533mounted no later than 3534.Va early_late_divider 3535to function properly. 3536The default is 3537.Pa /firstboot . 3538.It Va linux_enable 3539.Pq Vt bool 3540Set to 3541.Dq Li YES 3542to enable Linux/ELF binary emulation at system initial 3543boot time. 3544.It Va sysvipc_enable 3545.Pq Vt bool 3546If set to 3547.Dq Li YES , 3548load System V IPC primitives at boot time. 3549.It Va clear_tmp_enable 3550.Pq Vt bool 3551Set to 3552.Dq Li YES 3553to have 3554.Pa /tmp 3555cleaned at startup. 3556.It Va clear_tmp_X 3557.Pq Vt bool 3558Set to 3559.Dq Li NO 3560to disable removing of X11 lock files, 3561and the removal and (secure) recreation 3562of the various socket directories for X11 3563related programs. 3564.It Va ldconfig_paths 3565.Pq Vt str 3566Set to the list of shared library paths to use with 3567.Xr ldconfig 8 . 3568NOTE: 3569.Pa /usr/lib 3570will always be added first, so it need not appear in this list. 3571.It Va ldconfig32_paths 3572.Pq Vt str 3573Set to the list of 32-bit compatibility shared library paths to 3574use with 3575.Xr ldconfig 8 . 3576.It Va ldconfig_paths_aout 3577.Pq Vt str 3578Set to the list of shared library paths to use with 3579.Xr ldconfig 8 3580legacy 3581.Xr a.out 5 3582support. 3583.It Va ldconfig_insecure 3584.Pq Vt bool 3585The 3586.Xr ldconfig 8 3587utility normally refuses to use directories 3588which are writable by anyone except root. 3589Set this variable to 3590.Dq Li YES 3591to disable that security check during system startup. 3592.It Va ldconfig_local_dirs 3593.Pq Vt str 3594Set to the list of local 3595.Xr ldconfig 8 3596directories. 3597The names of all files in the directories listed will be 3598passed as arguments to 3599.Xr ldconfig 8 . 3600.It Va ldconfig_local32_dirs 3601.Pq Vt str 3602Set to the list of local 32-bit compatibility 3603.Xr ldconfig 8 3604directories. 3605The names of all files in the directories listed will be 3606passed as arguments to 3607.Dq Nm ldconfig Fl 32 . 3608.It Va kern_securelevel_enable 3609.Pq Vt bool 3610Set to 3611.Dq Li YES 3612to set the kernel security level at system startup. 3613.It Va kern_securelevel 3614.Pq Vt int 3615The kernel security level to set at startup. 3616The allowed range of 3617.Ar value 3618ranges from \-1 (the compile time default) to 3 (the 3619most secure). 3620See 3621.Xr security 7 3622for the list of possible security levels and their effect 3623on system operation. 3624.It Va sshd_program 3625.Pq Vt str 3626Path to the SSH server program 3627.Pa ( /usr/sbin/sshd 3628is the default). 3629.It Va sshd_enable 3630.Pq Vt bool 3631Set to 3632.Dq Li YES 3633to start 3634.Xr sshd 8 3635at system boot time. 3636.It Va sshd_flags 3637.Pq Vt str 3638If 3639.Va sshd_enable 3640is set to 3641.Dq Li YES , 3642these are the flags to pass to the 3643.Xr sshd 8 3644daemon. 3645.It Va ftpd_program 3646.Pq Vt str 3647Path to the FTP server program 3648.Pa ( /usr/libexec/ftpd 3649is the default). 3650.It Va ftpd_enable 3651.Pq Vt bool 3652Set to 3653.Dq Li YES 3654to start 3655.Xr ftpd 8 3656as a stand-alone daemon at system boot time. 3657.It Va ftpd_flags 3658.Pq Vt str 3659If 3660.Va ftpd_enable 3661is set to 3662.Dq Li YES , 3663these are the additional flags to pass to the 3664.Xr ftpd 8 3665daemon. 3666.It Va watchdogd_enable 3667.Pq Vt bool 3668If set to 3669.Dq Li YES , 3670start the 3671.Xr watchdogd 8 3672daemon at boot time. 3673This requires that the kernel have been compiled with a 3674.Xr watchdog 4 3675compatible device. 3676.It Va watchdogd_flags 3677.Pq Vt str 3678If 3679.Va watchdogd_enable 3680is set to 3681.Dq Li YES , 3682these are the flags passed to the 3683.Xr watchdogd 8 3684daemon. 3685.It Va devfs_rulesets 3686.Pq Vt str 3687List of files containing sets of rules for 3688.Xr devfs 8 . 3689.It Va devfs_system_ruleset 3690.Pq Vt str 3691Rule name(s) to apply to the system 3692.Pa /dev 3693itself. 3694.It Va devfs_set_rulesets 3695.Pq Vt str 3696Pairs of already-mounted 3697.Pa dev 3698directories and rulesets that should be applied to them. 3699For example: /mount/dev=ruleset_name 3700.It Va devfs_load_rulesets 3701.Pq Vt bool 3702If set, always load the default rulesets listed in 3703.Va devfs_rulesets . 3704.It Va performance_cx_lowest 3705.Pq Vt str 3706CPU idle state to use while on AC power. 3707The string 3708.Dq Li LOW 3709indicates that 3710.Xr acpi 4 3711should use the lowest power state available while 3712.Dq Li HIGH 3713indicates that the lowest latency state (less power savings) should be used. 3714.It Va performance_cpu_freq 3715.Pq Vt str 3716CPU clock frequency to use while on AC power. 3717The string 3718.Dq Li LOW 3719indicates that 3720.Xr cpufreq 4 3721should use the lowest frequency available while 3722.Dq Li HIGH 3723indicates that the highest frequency (less power savings) should be used. 3724.It Va economy_cx_lowest 3725.Pq Vt str 3726CPU idle state to use when off AC power. 3727The string 3728.Dq Li LOW 3729indicates that 3730.Xr acpi 4 3731should use the lowest power state available while 3732.Dq Li HIGH 3733indicates that the lowest latency state (less power savings) should be used. 3734.It Va economy_cpu_freq 3735.Pq Vt str 3736CPU clock frequency to use when off AC power. 3737The string 3738.Dq Li LOW 3739indicates that 3740.Xr cpufreq 4 3741should use the lowest frequency available while 3742.Dq Li HIGH 3743indicates that the highest frequency (less power savings) should be used. 3744.It Va jail_enable 3745.Pq Vt bool 3746If set to 3747.Dq Li NO , 3748any configured jails will not be started. 3749.It Va jail_conf 3750.Pq Vt str 3751The configuration filename used by 3752.Xr jail 8 3753utility. 3754The default value is 3755.Pa /etc/jail.conf . 3756.It Va jail_parallel_start 3757.Pq Vt bool 3758If set to 3759.Dq Li YES , 3760all configured jails will be started in the background (in parallel). 3761.It Va jail_flags 3762.Pq Vt str 3763Unset by default. 3764When set, use as default value for 3765.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3766for every jail in 3767.Va jail_list . 3768.It Va jail_list 3769.Pq Vt str 3770A space-delimited list of jail names. 3771When left empty, all of the 3772.Xr jail 8 3773instances defined in the configuration file are started. 3774The names specified in this list control the jail startup order. 3775.Xr jail 8 3776instances missing from 3777.Va jail_list 3778must be started manually. 3779Note that a jail's 3780.Va depend 3781parameter in the configuration file may override this list. 3782.It Va jail_reverse_stop 3783.Pq Vt bool 3784When set to 3785.Dq Li YES , 3786all configured jails in 3787.Va jail_list 3788are stopped in reverse order. 3789.It Va jail_* variables 3790Note that older releases supported per-jail configuration via 3791.Nm 3792variables. 3793For example, 3794hostname of a jail named 3795.Li vjail 3796was able to be set by 3797.Li jail_vjail_hostname . 3798These per-jail configuration variables are now obsolete in favor of 3799.Xr jail 8 3800configuration file. 3801For backward compatibility, 3802when per-jail configuration variables are defined, 3803.Xr jail 8 3804configuration files are created as 3805.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3806and used. 3807.Pp 3808The following per-jail parameters are handled by 3809.Pa rc.d/jail 3810script out of their corresponding 3811.Nm 3812variables. 3813In addition to them, parameters in 3814.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3815will be added to the configuration file. 3816They must be a semi-colon 3817.Pq Ql \&; 3818delimited list of 3819.Dq key=value . 3820For more details, 3821see 3822.Xr jail 8 3823manual page. 3824.Bl -tag -width "host.hostname" -offset indent 3825.It Li path 3826set from 3827.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3828.It Li host.hostname 3829set from 3830.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3831.It Li exec.consolelog 3832set from 3833.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3834The default value is 3835.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3836.It Li interface 3837set from 3838.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3839.It Li vnet.interface 3840set from 3841.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3842This implies 3843.Li vnet 3844parameter will be enabled and cannot be specified with 3845.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3846.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3847and/or 3848.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3849at the same time. 3850.It Li fstab 3851set from 3852.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3853.It Li mount 3854set from 3855.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3856.It Li exec.fib 3857set from 3858.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3859.It Li exec.start 3860set from 3861.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3862The parameter name was 3863.Li command 3864in some older releases. 3865.It Li exec.prestart 3866set from 3867.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3868.It Li exec.poststart 3869set from 3870.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3871.It Li exec.stop 3872set from 3873.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3874.It Li exec.prestop 3875set from 3876.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3877.It Li exec.poststop 3878set from 3879.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3880.It Li ip4.addr 3881set if 3882.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3883or 3884.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3885contain IPv4 addresses 3886.It Li ip6.addr 3887set if 3888.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3889or 3890.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3891contain IPv6 addresses 3892.It Li allow.mount 3893set from 3894.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3895.It Li mount.devfs 3896set from 3897.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3898.It Li devfs_ruleset 3899set from 3900.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3901This must be an integer, 3902not a string. 3903.It Li mount.fdescfs 3904set from 3905.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3906.It Li allow.set_hostname 3907set from 3908.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3909.It Li allow.rawsocket 3910set from 3911.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3912.It Li allow.sysvipc 3913set from 3914.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 3915.El 3916.\" ----------------------------------------------------- 3917.It Va harvest_mask 3918.Pq Vt int 3919Set to a bit-mask 3920representing the entropy sources 3921you wish to harvest. 3922Refer to 3923.Xr random 4 3924for more information. 3925.It Va entropy_dir 3926.Pq Vt str 3927Set to 3928.Dq Li NO 3929to disable caching entropy via 3930.Xr cron 8 . 3931Otherwise set to the directory 3932in which the entropy files are stored. 3933To be useful, 3934there must be 3935a system cron job 3936that regularly writes and rotates 3937files here. 3938All files found 3939will be used at boot time. 3940The default is 3941.Pa /var/db/entropy . 3942.It Va entropy_file 3943.Pq Vt str 3944Set to 3945.Dq Li NO 3946to disable caching entropy through reboots. 3947Otherwise set to the name 3948of a file used to store cached entropy. 3949This file should be located 3950on a file system that is readable 3951before all the volumes specified in 3952.Xr fstab 5 3953are mounted. 3954By default, 3955.Pa /entropy 3956is used, 3957but if 3958.Pa /var/db/entropy-file 3959is found it will also be used. 3960This will be of some use to 3961.Xr bsdinstall 8 . 3962.It Va entropy_boot_file 3963.Pq Vt str 3964Set to 3965.Dq Li NO 3966to disable 3967very early caching entropy 3968through reboots. 3969Otherwise set to the filename 3970used to read 3971very early reboot cached entropy. 3972This file should be located where 3973.Xr loader 8 3974can read it. 3975See also 3976.Xr loader.conf 5 . 3977The default location is 3978.Pa /boot/entropy . 3979.It Va entropy_save_sz 3980.Pq Vt int 3981Size of the entropy cache files saved by 3982.Nm save-entropy 3983periodically. 3984.It Va entropy_save_num 3985.Pq Vt int 3986Number of entropy cache files to save by 3987.Nm save-entropy 3988periodically. 3989.It Va ipsec_enable 3990.Pq Vt bool 3991Set to 3992.Dq Li YES 3993to run 3994.Xr setkey 8 3995on 3996.Va ipsec_file 3997at boot time. 3998.It Va ipsec_file 3999.Pq Vt str 4000Configuration file for 4001.Xr setkey 8 . 4002.It Va dmesg_enable 4003.Pq Vt bool 4004Set to 4005.Dq Li YES 4006to save 4007.Xr dmesg 8 4008to 4009.Pa /var/run/dmesg.boot 4010on boot. 4011.It Va rcshutdown_timeout 4012.Pq Vt int 4013If set, start a watchdog timer in the background which will terminate 4014.Pa rc.shutdown 4015if 4016.Xr shutdown 8 4017has not completed within the specified time (in seconds). 4018Notice that in addition to this soft timeout, 4019.Xr init 8 4020also applies a hard timeout for the execution of 4021.Pa rc.shutdown . 4022This is configured via 4023.Xr sysctl 8 4024variable 4025.Va kern.init_shutdown_timeout 4026and defaults to 120 seconds. 4027Setting the value of 4028.Va rcshutdown_timeout 4029to more than 120 seconds will have no effect until the 4030.Xr sysctl 8 4031variable 4032.Va kern.init_shutdown_timeout 4033is also increased. 4034.It Va virecover_enable 4035.Pq Vt bool 4036Set to 4037.Dq Li NO 4038to prevent the system from trying to 4039recover pre-maturely terminated 4040.Xr vi 1 4041sessions. 4042.It Va ugidfw_enable 4043.Pq Vt bool 4044Set to 4045.Dq Li YES 4046to load the 4047.Xr mac_bsdextended 4 4048module upon system initialization and load a default 4049ruleset file. 4050.It Va bsdextended_script 4051.Pq Vt str 4052The default 4053.Xr mac_bsdextended 4 4054ruleset file to load. 4055The default value of this variable is 4056.Pa /etc/rc.bsdextended . 4057.It Va newsyslog_enable 4058.Pq Vt bool 4059If set to 4060.Dq Li YES , 4061run 4062.Xr newsyslog 8 4063command at startup. 4064.It Va newsyslog_flags 4065.Pq Vt str 4066If 4067.Va newsyslog_enable 4068is set to 4069.Dq Li YES , 4070these are the flags to pass to the 4071.Xr newsyslog 8 4072program. 4073The default is 4074.Dq Li -CN , 4075which causes log files flagged with a 4076.Cm C 4077to be created. 4078.It Va mdconfig_md Ns Aq Ar X 4079.Pq Vt str 4080Arguments to 4081.Xr mdconfig 8 4082for 4083.Xr md 4 4084device 4085.Ar X . 4086At minimum a 4087.Fl t Ar type 4088must be specified and either a 4089.Fl s Ar size 4090for malloc or swap backed 4091.Xr md 4 4092devices or a 4093.Fl f Ar file 4094for vnode backed 4095.Xr md 4 4096devices. 4097Note that 4098.Va mdconfig_md Ns Aq Ar X 4099variables are evaluated until one variable is unset or null. 4100.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4101.Pq Vt str 4102Optional arguments passed to 4103.Xr newfs 8 4104to initialize 4105.Xr md 4 4106device 4107.Ar X . 4108.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4109.Pq Vt str 4110An ownership specification passed to 4111.Xr chown 8 4112after the specified 4113.Xr md 4 4114device 4115.Ar X 4116has been mounted. 4117Both the 4118.Xr md 4 4119device and the mount point will be changed. 4120.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4121.Pq Vt str 4122A mode string passed to 4123.Xr chmod 1 4124after the specified 4125.Xr md 4 4126device 4127.Ar X 4128has been mounted. 4129Both the 4130.Xr md 4 4131device and the mount point will be changed. 4132.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4133.Pq Vt str 4134Files to be copied to the mount point of the 4135.Xr md 4 4136device 4137.Ar X 4138after it has been mounted. 4139.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4140.Pq Vt str 4141Command to execute after the specified 4142.Xr md 4 4143device 4144.Ar X 4145has been mounted. 4146Note that the command is passed to 4147.Ic eval 4148and that both 4149.Va _dev 4150and 4151.Va _mp 4152variables can be used to reference respectively the 4153.Xr md 4 4154device and the mount point. 4155Assuming that the 4156.Xr md 4 4157device is 4158.Li md0 , 4159one could set the following: 4160.Bd -literal 4161mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4162.Ed 4163.It Va autobridge_interfaces 4164.Pq Vt str 4165Set to the list of bridge interfaces that will have newly arriving interfaces 4166checked against to be automatically added. 4167If not set to 4168.Dq Li NO 4169then for each whitespace separated 4170.Ar element 4171in the value, a 4172.Va autobridge_ Ns Aq Ar element 4173variable is assumed to exist which has a whitespace separated list of interface 4174names to match, these names can use wildcards. 4175For example: 4176.Bd -literal 4177autobridge_interfaces="bridge0" 4178autobridge_bridge0="tap* dc0 vlan[345]" 4179.Ed 4180.It Va mixer_enable 4181.Pq Vt bool 4182If set to 4183.Dq Li YES , 4184enable support for sound mixer. 4185.It Va hcsecd_enable 4186.Pq Vt bool 4187If set to 4188.Dq Li YES , 4189enable Bluetooth security daemon. 4190.It Va hcsecd_config 4191.Pq Vt str 4192Configuration file for 4193.Xr hcsecd 8 . 4194Default 4195.Pa /etc/bluetooth/hcsecd.conf . 4196.It Va sdpd_enable 4197.Pq Vt bool 4198If set to 4199.Dq Li YES , 4200enable Bluetooth Service Discovery Protocol daemon. 4201.It Va sdpd_control 4202.Pq Vt str 4203Path to 4204.Xr sdpd 8 4205control socket. 4206Default 4207.Pa /var/run/sdp . 4208.It Va sdpd_groupname 4209.Pq Vt str 4210Sets 4211.Xr sdpd 8 4212group to run as after it initializes. 4213Default 4214.Dq Li nobody . 4215.It Va sdpd_username 4216.Pq Vt str 4217Sets 4218.Xr sdpd 8 4219user to run as after it initializes. 4220Default 4221.Dq Li nobody . 4222.It Va bthidd_enable 4223.Pq Vt bool 4224If set to 4225.Dq Li YES , 4226enable Bluetooth Human Interface Device daemon. 4227.It Va bthidd_config 4228.Pq Vt str 4229Configuration file for 4230.Xr bthidd 8 . 4231Default 4232.Pa /etc/bluetooth/bthidd.conf . 4233.It Va bthidd_hids 4234.Pq Vt str 4235Path to a file, where 4236.Xr bthidd 8 4237will store information about known HID devices. 4238Default 4239.Pa /var/db/bthidd.hids . 4240.It Va rfcomm_pppd_server_enable 4241.Pq Vt bool 4242If set to 4243.Dq Li YES , 4244enable Bluetooth RFCOMM PPP wrapper daemon. 4245.It Va rfcomm_pppd_server_profile 4246.Pq Vt str 4247The name of the profile to use from 4248.Pa /etc/ppp/ppp.conf . 4249Multiple profiles can be specified here. 4250Also used to specify per-profile overrides. 4251When the profile name contains any of the characters 4252.Dq Li .-/+ 4253they are translated to 4254.Dq Li _ 4255for the proposes of the override variable names. 4256.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4257.Pq Vt str 4258Overrides local address to listen on. 4259By default 4260.Xr rfcomm_pppd 8 4261will listen on 4262.Dq Li ANY 4263address. 4264The address can be specified as BD_ADDR or name. 4265.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4266.Pq Vt str 4267Overrides local RFCOMM channel to listen on. 4268By default 4269.Xr rfcomm_pppd 8 4270will listen on RFCOMM channel 1. 4271Must set properly if multiple profiles used in the same time. 4272.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4273.Pq Vt bool 4274Tells 4275.Xr rfcomm_pppd 8 4276if it should register Serial Port service on the specified RFCOMM channel. 4277Default 4278.Dq Li NO . 4279.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4280.Pq Vt bool 4281Tells 4282.Xr rfcomm_pppd 8 4283if it should register Dial-Up Networking service on the specified 4284RFCOMM channel. 4285Default 4286.Dq Li NO . 4287.It Va ubthidhci_enable 4288.Pq Vt bool 4289If set to 4290.Dq Li YES , 4291change the USB Bluetooth controller from HID mode to HCI mode. 4292You also need to specify the location of USB Bluetooth controller with the 4293.Va ubthidhci_busnum 4294and 4295.Va ubthidhci_addr 4296variables. 4297.It Va ubthidhci_busnum 4298Bus number where the USB Bluetooth controller is located. 4299Check the output of 4300.Xr usbconfig 8 4301on your system to find this information. 4302.It Va ubthidhci_addr 4303Bus address of the USB Bluetooth controller. 4304Check the output of 4305.Xr usbconfig 8 4306on your system to find this information. 4307.It Va netwait_enable 4308.Pq Vt bool 4309If set to 4310.Dq Li YES , 4311delays the start of network-reliant services until 4312.Va netwait_if 4313is up and ICMP packets to a destination defined in 4314.Va netwait_ip 4315are flowing. 4316Link state is examined first, followed by 4317.Dq Li pinging 4318an IP address to verify network usability. 4319If no destination can be reached or timeouts are exceeded, 4320network services are started anyway with no guarantee that 4321the network is usable. 4322Use of this variable requires both 4323.Va netwait_ip 4324and 4325.Va netwait_if 4326to be set. 4327.It Va netwait_ip 4328.Pq Vt str 4329Empty by default. 4330This variable contains a space-delimited list of IP addresses to 4331.Xr ping 8 . 4332DNS hostnames should not be used as resolution is not guaranteed 4333to be functional at this point. 4334If multiple IP addresses are specified, 4335each will be tried until one is successful or the list is exhausted. 4336.It Va netwait_timeout 4337.Pq Vt int 4338Indicates the total number of seconds to perform a 4339.Dq Li ping 4340against each IP address in 4341.Va netwait_ip , 4342at a rate of one ping per second. 4343If any of the pings are successful, 4344full network connectivity is considered reliable. 4345The default is 60. 4346.It Va netwait_if 4347.Pq Vt str 4348Empty by default. 4349Defines the name of the network interface on which watch for link. 4350.Xr ifconfig 8 4351is used to monitor the interface, looking for 4352.Dq Li status: no carrier . 4353Once gone, the link is considered up. 4354This can be a 4355.Xr vlan 4 4356interface if desired. 4357.It Va netwait_if_timeout 4358.Pq Vt int 4359Defines the total number of seconds to wait for link to become usable, 4360polled at a 1-second interval. 4361The default is 30. 4362.It Va rctl_enable 4363.Pq Vt bool 4364If set to 4365.Dq Li YES , 4366load 4367.Xr rctl 8 4368rules from the defined ruleset. 4369The kernel must be built with 4370.Cd "options RACCT" 4371and 4372.Cd "options RCTL" . 4373.It Va rctl_rules 4374.Pq Vt str 4375Set to 4376.Pa /etc/rctl.conf 4377by default. 4378This variables contains the 4379.Xr rctl.conf 5 4380ruleset to load for 4381.Xr rctl 8 . 4382.It Va iovctl_files 4383.Pq Vt str 4384A space-separated list of configuration files used by 4385.Xr iovctl 8 . 4386The default value is an empty string. 4387.It Va autofs_enable 4388.Pq Vt bool 4389If set to 4390.Dq Li YES , 4391start the 4392.Xr automount 8 4393utility and the 4394.Xr automountd 8 4395and 4396.Xr autounmountd 8 4397daemons at boot time. 4398.It Va automount_flags 4399.Pq Vt str 4400If 4401.Va autofs_enable 4402is set to 4403.Dq Li YES , 4404these are the flags to pass to the 4405.Xr automount 8 4406program. 4407By default no flags are passed. 4408.It Va automountd_flags 4409.Pq Vt str 4410If 4411.Va autofs_enable 4412is set to 4413.Dq Li YES , 4414these are the flags to pass to the 4415.Xr automountd 8 4416daemon. 4417By default no flags are passed. 4418.It Va autounmountd_flags 4419.Pq Vt str 4420If 4421.Va autofs_enable 4422is set to 4423.Dq Li YES , 4424these are the flags to pass to the 4425.Xr autounmountd 8 4426daemon. 4427By default no flags are passed. 4428.It Va ctld_enable 4429.Pq Vt bool 4430If set to 4431.Dq Li YES , 4432start the 4433.Xr ctld 8 4434daemon at boot time. 4435.It Va iscsid_enable 4436.Pq Vt bool 4437If set to 4438.Dq Li YES , 4439start the 4440.Xr iscsid 8 4441daemon at boot time. 4442.It Va iscsictl_enable 4443.Pq Vt bool 4444If set to 4445.Dq Li YES , 4446start the 4447.Xr iscsictl 8 4448utility at boot time. 4449.It Va iscsictl_flags 4450.Pq Vt str 4451If 4452.Va iscsictl_enable 4453is set to 4454.Dq Li YES , 4455these are the flags to pass to the 4456.Xr iscsictl 8 4457program. 4458The default is 4459.Dq Li -Aa , 4460which configures sessions based on the 4461.Pa /etc/iscsi.conf 4462configuration file. 4463.El 4464.Sh FILES 4465.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4466.It Pa /etc/defaults/rc.conf 4467.It Pa /etc/rc.conf 4468.It Pa /etc/rc.conf.local 4469.El 4470.Sh SEE ALSO 4471.Xr chmod 1 , 4472.Xr gdb 1 , 4473.Xr info 1 , 4474.Xr kbdcontrol 1 , 4475.Xr makewhatis 1 , 4476.Xr sh 1 , 4477.Xr vi 1 , 4478.Xr vidcontrol 1 , 4479.Xr bridge 4 , 4480.Xr dummynet 4 , 4481.Xr ip 4 , 4482.Xr ipf 4 , 4483.Xr ipfw 4 , 4484.Xr ipnat 4 , 4485.Xr kld 4 , 4486.Xr pf 4 , 4487.Xr pflog 4 , 4488.Xr pfsync 4 , 4489.Xr tcp 4 , 4490.Xr udp 4 , 4491.Xr exports 5 , 4492.Xr fstab 5 , 4493.Xr ipf 5 , 4494.Xr ipnat 5 , 4495.Xr jail.conf 5 , 4496.Xr loader.conf 5 , 4497.Xr motd 5 , 4498.Xr newsyslog.conf 5 , 4499.Xr pf.conf 5 , 4500.Xr security 7 , 4501.Xr accton 8 , 4502.Xr amd 8 , 4503.Xr apm 8 , 4504.Xr bsdinstall 8 , 4505.Xr bthidd 8 , 4506.Xr chkprintcap 8 , 4507.Xr chown 8 , 4508.Xr cron 8 , 4509.Xr devfs 8 , 4510.Xr dhclient 8 , 4511.Xr ftpd 8 , 4512.Xr geli 8 , 4513.Xr hcsecd 8 , 4514.Xr ifconfig 8 , 4515.Xr inetd 8 , 4516.Xr iovctl 8 , 4517.Xr ipf 8 , 4518.Xr ipfw 8 , 4519.Xr ipnat 8 , 4520.Xr jail 8 , 4521.Xr kldxref 8 , 4522.Xr loader 8 , 4523.Xr lpd 8 , 4524.Xr mdconfig 8 , 4525.Xr mdmfs 8 , 4526.Xr mixer 8 , 4527.Xr mountd 8 , 4528.Xr moused 8 , 4529.Xr newfs 8 , 4530.Xr newsyslog 8 , 4531.Xr nfsd 8 , 4532.Xr ntpd 8 , 4533.Xr ntpdate 8 , 4534.Xr pfctl 8 , 4535.Xr pflogd 8 , 4536.Xr ping 8 , 4537.Xr powerd 8 , 4538.Xr quotacheck 8 , 4539.Xr quotaon 8 , 4540.Xr rc 8 , 4541.Xr rc.sendmail 8 , 4542.Xr rfcomm_pppd 8 , 4543.Xr route 8 , 4544.Xr routed 8 , 4545.Xr rpc.lockd 8 , 4546.Xr rpc.statd 8 , 4547.Xr rpcbind 8 , 4548.Xr rwhod 8 , 4549.Xr savecore 8 , 4550.Xr sdpd 8 , 4551.Xr sshd 8 , 4552.Xr swapon 8 , 4553.Xr sysctl 8 , 4554.Xr syslogd 8 , 4555.Xr sysrc 8 , 4556.Xr timed 8 , 4557.Xr unbound 8 , 4558.Xr usbconfig 8 , 4559.Xr wlandebug 8 , 4560.Xr yp 8 , 4561.Xr ypbind 8 , 4562.Xr ypserv 8 , 4563.Xr ypset 8 4564.Sh HISTORY 4565The 4566.Nm 4567file appeared in 4568.Fx 2.2.2 . 4569.Sh AUTHORS 4570.An Jordan K. Hubbard . 4571