1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd May 11, 2023 26.Dt RC.CONF 5 27.Os 28.Sh NAME 29.Nm rc.conf 30.Nd system configuration information 31.Sh DESCRIPTION 32The file 33.Nm 34contains descriptive information about the local host name, configuration 35details for any potential network interfaces and which services should be 36started up at system initial boot time. 37In new installations, the 38.Nm 39file is generally initialized by the system installation utility. 40.Pp 41The purpose of 42.Nm 43is not to run commands or perform system startup actions 44directly. 45Instead, it is included by the 46various generic startup scripts in 47.Pa /etc 48which conditionalize their 49internal actions according to the settings found there. 50.Pp 51The 52.Pa /etc/rc.conf 53file is included from the file 54.Pa /etc/defaults/rc.conf , 55which specifies the default settings for all the available options. 56Options need only be specified in 57.Pa /etc/rc.conf 58when the system administrator wishes to override these defaults. 59The file 60.Pa /etc/defaults/vendor.conf 61allows vendors to override 62.Fx 63defaults. 64The file 65.Pa /etc/rc.conf.local 66is used to override settings in 67.Pa /etc/rc.conf 68for historical reasons. 69.Pp 70The sysrc(8) command provides a scripting interface to modify system 71config files. 72.Pp 73In addition to 74.Pa /etc/rc.conf.local 75you can also place smaller configuration files for each 76.Xr rc 8 77script in the 78.Pa /etc/rc.conf.d 79directory or 80.Ao Ar dir Ac Ns Pa /rc.conf.d 81directories (where 82.Ao Ar dir Ac 83is each entry specified in 84.Va local_startup , 85but with any trailing 86.Pa /rc.d 87stripped), 88which will be included by the 89.Va load_rc_config 90function. 91For jail configurations you could use the file 92.Pa /etc/rc.conf.d/jail 93to store jail-specific configuration options. 94If 95.Va local_startup 96contains 97.Pa /usr/local/etc/rc.d 98and 99.Pa /opt/conf , 100.Pa /usr/local/etc/rc.conf.d/jail 101and 102.Pa /opt/conf/rc.conf.d/jail 103will be loaded. 104If 105.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 106is a directory, 107all of the files in the directory will be loaded. 108Also see the 109.Va rc_conf_files 110variable below. 111.Pp 112Options are set with 113.Dq Ar name Ns Li = Ns Ar value 114assignments that use 115.Xr sh 1 116syntax. 117The following list provides a name and short description for each 118variable that can be set in the 119.Nm 120file: 121.Bl -tag -width indent-two 122.It Va rc_debug 123.Pq Vt bool 124If set to 125.Dq Li YES , 126enable output of debug messages from rc scripts. 127This variable can be helpful in diagnosing mistakes when 128editing or integrating new scripts. 129Beware that this produces copious output to the terminal and 130.Xr syslog 3 . 131.It Va rc_info 132.Pq Vt bool 133If set to 134.Dq Li NO , 135disable informational messages from the rc scripts. 136Informational messages are displayed when 137a condition that is not serious enough to warrant a warning or 138an error occurs. 139.It Va rc_startmsgs 140.Pq Vt bool 141If set to 142.Dq Li YES , 143show 144.Dq Starting foo: 145when faststart is used (e.g., at boot time). 146.It Va early_late_divider 147.Pq Vt str 148The name of the script that should be used as the 149delimiter between the 150.Dq early 151and 152.Dq late 153stages of the boot process. 154The early stage should contain all the services needed to 155get the disks (local or remote) mounted so that the late 156stage can include scripts contained in the directories 157listed in the 158.Va local_startup 159variable (see below). 160Thus, the two likely candidates for this value are 161.Pa mountcritlocal 162for the typical system, and 163.Pa mountcritremote 164if the system needs remote file 165systems mounted to get access to the 166.Va local_startup 167directories; for example when 168.Pa /usr/local 169is NFS mounted. 170For 171.Pa rc.conf 172within a 173.Xr jail 8 174.Pa NETWORKING 175is likely to be an appropriate value. 176Extreme care should be taken when changing this value, 177and before changing it one should ensure that there are 178adequate provisions to recover from a failed boot 179(such as physical contact with the machine, 180or reliable remote console access). 181.It Va always_force_depends 182.Pq Vt bool 183Various 184.Pa rc.d 185scripts use the force_depend function to check whether required 186services are already running, and to start them if necessary. 187By default during boot time this check is bypassed if the 188required service is enabled in 189.Pa /etc/rc.conf[.local] . 190Setting this option will bypass that check at boot time and 191always test whether or not the service is actually running. 192Enabling this option is likely to increase your boot time if 193services are enabled that utilize the force_depend check. 194.It Ao Ar name Ac Ns Va _chroot 195.Pq Vt str 196.Xr chroot 8 197to this directory before running the service. 198.It Ao Ar name Ac Ns Va _cpuset 199.Pq Vt str 200A list of CPUs to run the service on. 201Passed to 202.Xr cpuset 1 203using the 204.Fl l 205flag. 206.It Ao Ar name Ac Ns Va _fib 207.Pq Vt int 208The 209.Xr setfib 1 210value to run the service under. 211.It Ao Ar name Ac Ns Va _group 212.Pq Vt str 213Run the chrooted service under this system group. 214Unlike the 215.Ao Ar name Ac Ns Va _user 216setting, this setting has no effect if the service is not chrooted. 217.It Ao Ar name Ac Ns Va _limits 218.Pq Vt str 219Resource limits to apply to the service using 220.Xr limits 1 . 221By default, resource limits are based on the login class defined in 222.Ao Ar name Ac Ns Va _login_class . 223.It Ao Ar name Ac Ns Va _login_class 224.Pq Vt str 225Login class to be used with 226.Ao Ar name Ac Ns Va _limits . 227Defaults to 228.Dq Li daemon . 229.It Ao Ar name Ac Ns Va _nice 230.Pq Vt int 231The 232.Xr nice 1 233value to run the service under. 234.It Ao Ar name Ac Ns Va _oomprotect 235.Pq Vt str 236Use 237.Xr protect 1 238to prevent the service from being killed when swap space 239is exhausted. 240Use 241.Dq Li YES 242to protect only the service itself, and 243.Dq Li ALL 244to protect the service and all its child processes. 245.Pp 246Please note that rc scripts which redefine 247.Dl ${argument}_cmd 248.Pq see Xr rc.subr 8 249such as PostgreSQL will not inherit the OOM killer protection. 250.Pp 251This variable has no effect on services running within a 252.Xr jail 8 . 253.It Ao Ar name Ac Ns Va _umask 254.Pq Vt int 255Run the service using this 256.Xr umask 1 257value. 258.It Ao Ar name Ac Ns Va _user 259.Pq Vt str 260Run the service under this user account. 261.It Va apm_enable 262.Pq Vt bool 263If set to 264.Dq Li YES , 265enable support for Automatic Power Management with 266the 267.Xr apm 8 268command. 269.It Va apmd_enable 270.Pq Vt bool 271Run 272.Xr apmd 8 273to handle APM event from userland. 274This also enables support for APM. 275.It Va apmd_flags 276.Pq Vt str 277If 278.Va apmd_enable 279is set to 280.Dq Li YES , 281these are the flags to pass to the 282.Xr apmd 8 283daemon. 284.It Va devd_enable 285.Pq Vt bool 286Run 287.Xr devd 8 288to handle device added, removed or unknown events from the kernel. 289.It Va ddb_enable 290.Pq Vt bool 291Run 292.Xr ddb 8 293to install 294.Xr ddb 4 295scripts at boot time. 296.It Va ddb_config 297.Pq Vt str 298Configuration file for 299.Xr ddb 8 . 300Default 301.Pa /etc/ddb.conf . 302.It Va devmatch_enable 303.Pq Vt bool 304If set to 305.Dq Li NO , 306disable auto-loading of kernel modules with 307.Xr devmatch 8 . 308.It Va devmatch_blocklist 309.Pq Vt str 310A whitespace-separated list of kernel modules to be ignored by 311.Xr devmatch 8 . 312In addition, the 313.Xr kenv 1 314.Va devmatch_blocklist 315is appended to this variable to allow disabling of 316.Xr devmatch 8 317loaded modules from the boot loader. 318.It Va devmatch_blacklist 319.Pq Vt str 320This variable is deprecated. 321Use 322.Va devmatch_blocklist 323instead. 324A whitespace-separated list of kernel modules to be ignored by 325.Xr devmatch 8 . 326.It Va kld_list 327.Pq Vt str 328A whitespace-separated list of kernel modules to load right after 329the local disks are mounted, without any 330.Pa .ko 331extension or path. 332Loading modules at this point in the boot process is 333much faster than doing it via 334.Pa /boot/loader.conf 335for those modules not necessary for mounting local disks. 336.It Va kldxref_enable 337.Pq Vt bool 338Set to 339.Dq Li NO 340by default. 341Set to 342.Dq Li YES 343to automatically rebuild 344.Pa linker.hints 345files with 346.Xr kldxref 8 347at boot time. 348.It Va kldxref_clobber 349.Pq Vt bool 350Set to 351.Dq Li NO 352by default. 353If 354.Va kldxref_enable 355is true, 356setting to 357.Dq Li YES 358will overwrite existing 359.Pa linker.hints 360files at boot time. 361Otherwise, 362only missing 363.Pa linker.hints 364files are generated. 365.It Va kldxref_module_path 366.Pq Vt str 367Empty by default. 368A semi-colon 369.Pq Ql \&; 370delimited list of paths containing 371.Xr kld 4 372modules. 373If empty, 374the contents of the 375.Va kern.module_path 376.Xr sysctl 8 377are used. 378.It Va powerd_enable 379.Pq Vt bool 380If set to 381.Dq Li YES , 382enable the system power control facility with the 383.Xr powerd 8 384daemon. 385.It Va powerd_flags 386.Pq Vt str 387If 388.Va powerd_enable 389is set to 390.Dq Li YES , 391these are the flags to pass to the 392.Xr powerd 8 393daemon. 394.It Va tmpmfs 395Controls the creation of a 396.Pa /tmp 397memory file system. 398Always happens if set to 399.Dq Li YES 400and never happens if set to 401.Dq Li NO . 402If set to anything else, a memory file system is created if 403.Pa /tmp 404is not writable. 405.It Va tmpsize 406Controls the size of a created 407.Pa /tmp 408memory file system. 409.It Va tmpmfs_flags 410Extra options passed to the 411.Xr mdmfs 8 412utility when the memory file system for 413.Pa /tmp 414is created. 415The default is 416.Dq Li "-S" , 417which inhibits the use of softupdates on 418.Pa /tmp 419so that file system space is freed without delay 420after file truncation or deletion. 421See 422.Xr mdmfs 8 423for other options you can use in 424.Va tmpmfs_flags . 425.It Va varmfs 426Controls the creation of a 427.Pa /var 428memory file system. 429Always happens if set to 430.Dq Li YES 431and never happens if set to 432.Dq Li NO . 433If set to anything else, a memory file system is created if 434.Pa /var 435is not writable. 436.It Va varsize 437Controls the size of a created 438.Pa /var 439memory file system. 440.It Va varmfs_flags 441Extra options passed to the 442.Xr mdmfs 8 443utility when the memory file system for 444.Pa /var 445is created. 446The default is 447.Dq Li "-S" , 448which inhibits the use of softupdates on 449.Pa /var 450so that file system space is freed without delay 451after file truncation or deletion. 452See 453.Xr mdmfs 8 454for other options you can use in 455.Va varmfs_flags . 456.It Va populate_var 457Controls the automatic population of the 458.Pa /var 459file system. 460Always happens if set to 461.Dq Li YES 462and never happens if set to 463.Dq Li NO . 464If set to anything else, a memory file system is created if 465.Pa /var 466is not writable. 467Note that this process requires access to certain commands in 468.Pa /usr 469before 470.Pa /usr 471is mounted on normal systems. 472.It Va cleanvar_enable 473.Pq Vt bool 474Clean the 475.Pa /var 476directory. 477.It Va var_run_enable 478.Pq Vt bool 479Set to "YES" to enable saving of the 480.Pa /var/run 481directory structure into an mtree file at shutdown and the reload of the 482.Pa /var/run 483directory structure at boot. 484.It Va var_run_autosave 485.Pq Vt bool 486In some cases it may be undesirable to save 487.Pa /var/run 488at shutdown. 489When set to "NO" 490.Pa /var/run 491is loaded at reboot but not saved at shutdown. 492Typically in this scenario 493.Ql service var_run save 494would be performed to save a copy of the 495.Pa /var/run 496directory structure once, to be reloaded during all subsequent reboots. 497.It Va var_run_mtree 498.Pq Vt str 499Where to save the 500.Pa /var/run 501mtree. 502The default location is 503.Pa /var/db/mtree/BSD.var-run.mtree . 504.It Va local_startup 505.Pq Vt str 506List of directories to search for startup script files. 507.It Va script_name_sep 508.Pq Vt str 509The field separator to use for breaking down the list of startup script files 510into individual filenames. 511The default is a space. 512It is not necessary to change this unless there are startup scripts with names 513containing spaces. 514.It Va hostapd_enable 515.Pq Vt bool 516Set to 517.Dq Li YES 518to start 519.Xr hostapd 8 520at system boot time. 521.It Va hostname 522.Pq Vt str 523The fully qualified domain name (FQDN) of this host on the network. 524This should almost certainly be set to something meaningful, even if 525there is no network connection. 526If 527.Xr dhclient 8 528is used to set the hostname via DHCP, 529this variable should be set to an empty string. 530Within a 531.Xr jail 8 532the hostname is generally already set and this variable may be absent. 533If this value remains unset when the system is done booting 534your console login will display the default hostname of 535.Dq Amnesiac . 536.It Va nisdomainname 537.Pq Vt str 538The NIS domain name of this host, or 539.Dq Li NO 540if NIS is not used. 541.It Va hostid_enable 542.Pq Vt bool 543If set to 544.Dq Li NO , 545disable the generation or saving of the 546.Pa hostid 547and 548.Pa machine-id 549files at system boot and shutdown. 550.It Va hostid_file 551.Pq Vt str 552Path to the 553.Pa hostid 554file, default 555.Pa /etc/hostid . 556.It Va hostid_uuidgen_flags 557.Pq Vt str 558Flags passed to 559.Xr uuidgen 1 560when generating a software host UUID. 561This is used only if the system cannot determine a hardware UUID. 562Set to 563.Dq Li -r 564by default. 565.It Va machine_id_file 566.Pq Vt str 567Path to the 568.Pa machine-id 569file, default 570.Pa /etc/machine-id . 571.It Va dhclient_program 572.Pq Vt str 573Path to the DHCP client program, defaulting to 574.Pa /sbin/dhclient . 575.It Va dhclient_flags 576.Pq Vt str 577Additional flags to pass to the DHCP client program. 578See the 579.Xr dhclient 8 580manpage for a description of the command line options available. 581.It Va dhclient_flags_ Ns Aq Ar iface 582Additional flags to pass to the DHCP client program running on 583.Ar iface 584only. 585When specified, this variable overrides 586.Va dhclient_flags . 587.It Va background_dhclient 588.Pq Vt bool 589Set to 590.Dq Li YES 591to start the DHCP client in background. 592This can cause trouble with applications depending on 593a working network, but it will provide a faster startup 594in many cases. 595.It Va background_dhclient_ Ns Aq Ar iface 596When specified, this variable overrides the 597.Va background_dhclient 598variable for interface 599.Ar iface 600only. 601.It Va synchronous_dhclient 602.Pq Vt bool 603Set to 604.Dq Li YES 605to start 606.Xr dhclient 8 607synchronously at startup. 608This behavior can be overridden on a per-interface basis by replacing 609the 610.Dq Li DHCP 611keyword in the 612.Va ifconfig_ Ns Aq Ar interface 613variable with 614.Dq Li SYNCDHCP 615or 616.Dq Li NOSYNCDHCP . 617.It Va defaultroute_delay 618.Pq Vt int 619When set to a positive value, wait up to this long after configuring 620DHCP interfaces at startup to give the interfaces time to receive a lease. 621.It Va firewall_enable 622.Pq Vt bool 623Set to 624.Dq Li YES 625to load firewall rules at startup. 626If the kernel was not built with 627.Cd "options IPFIREWALL" , 628the 629.Pa ipfw.ko 630kernel module will be loaded. 631See also 632.Va ipfilter_enable . 633.It Va firewall_script 634.Pq Vt str 635This variable specifies the full path to the firewall script to run. 636The default is 637.Pa /etc/rc.firewall . 638.It Va firewall_type 639.Pq Vt str 640Names the firewall type from the selection in 641.Pa /etc/rc.firewall , 642or the file which contains the local firewall ruleset. 643Valid selections from 644.Pa /etc/rc.firewall 645are: 646.Pp 647.Bl -tag -width ".Li workstation" -compact 648.It Li open 649unrestricted IP access 650.It Li closed 651all IP services disabled, except via 652.Dq Li lo0 653.It Li client 654basic protection for a workstation 655.It Li workstation 656basic protection for a workstation using stateful firewalling 657.It Li simple 658basic protection for a LAN. 659.El 660.Pp 661If a filename is specified, the full path 662must be given. 663.Pp 664Most of the predefined rulesets define additional configuration variables. 665These are documented in 666.Pa /etc/rc.firewall . 667.It Va firewall_quiet 668.Pq Vt bool 669Set to 670.Dq Li YES 671to disable the display of firewall rules on the console during boot. 672.It Va firewall_logging 673.Pq Vt bool 674Set to 675.Dq Li YES 676to enable firewall event logging. 677This is equivalent to the 678.Dv IPFIREWALL_VERBOSE 679kernel option. 680.It Va firewall_logif 681.Pq Vt bool 682Set to 683.Dq Li YES 684to create pseudo interface 685.Li ipfw0 686for logging. 687For more details, see 688.Xr ipfw 8 689manual page. 690.It Va firewall_flags 691.Pq Vt str 692Flags passed to 693.Xr ipfw 8 694if 695.Va firewall_type 696specifies a filename. 697.It Va firewall_coscripts 698.Pq Vt str 699List of executables and/or rc scripts to run after firewall starts/stops. 700Default is empty. 701.\" ----- firewall_nat_enable setting -------------------------------- 702.It Va firewall_nat_enable 703.Pq Vt bool 704The 705.Xr ipfw 8 706equivalent of 707.Va natd_enable . 708Setting this to 709.Dq Li YES 710will automatically load the 711.Xr ipfw 8 712NAT kernel module if 713.Va firewall_enable 714is also set to 715.Dq Li YES . 716.It Va firewall_nat_interface 717.Pq Vt str 718The 719.Xr ipfw 8 720equivalent of 721.Va natd_interface . 722This is the name of the public interface or IP address on which 723kernel NAT should run. 724.It Va firewall_nat_flags 725.Pq Vt str 726Additional configuration parameters for kernel NAT should be placed here. 727.It Va firewall_nat64_enable 728.Pq Vt bool 729Setting this to 730.Dq Li YES 731will automatically load the 732.Xr ipfw 8 733NAT64 kernel module if 734.Va firewall_enable 735is also set to 736.Dq Li YES . 737.It Va firewall_nptv6_enable 738.Pq Vt bool 739Setting this to 740.Dq Li YES 741will automatically load the 742.Xr ipfw 8 743NPTv6 kernel module if 744.Va firewall_enable 745is also set to 746.Dq Li YES . 747.It Va firewall_pmod_enable 748.Pq Vt bool 749Setting this to 750.Dq Li YES 751will automatically load the 752.Xr ipfw 8 753pmod kernel module if 754.Va firewall_enable 755is also set to 756.Dq Li YES . 757.It Va dummynet_enable 758.Pq Vt bool 759Setting this to 760.Dq Li YES 761will automatically load the 762.Xr dummynet 4 763module if 764.Va firewall_enable 765is also set to 766.Dq Li YES . 767.\" ------------------------------------------------------------------- 768.It Va ipfw_netflow_enable 769.Pq Vt bool 770Setting this to 771.Dq Li YES 772will enable netflow logging via 773.Xr ng_netflow 4 . 774.Pp 775By default a ipfw rule is inserted and all packets are duplicated with 776the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 777port using protocol version 5. 778.It Va ipfw_netflow_hook 779.Pq Vt int 780netflow hook name, must be numerical 781(default 782.Pa 9995 ) . 783.It Va ipfw_netflow_rule 784.Pq Vt int 785ipfw rule number 786(default 787.Pa 1000 ) . 788.It Va ipfw_netflow_ip 789.Pq Vt str 790Destination server ip for receiving netflow data 791(default 792.Pa 127.0.0.1 ) . 793.It Va ipfw_netflow_port 794.Pq Vt int 795Destination server port for receiving netflow data 796(default 797.Pa 9995 ) . 798.It Va ipfw_netflow_version 799.Pq Vt int 800Do not set for using version 5 of the netflow protocol, set it to 9 for using 801version 9. 802.It Va ipfw_netflow_fib 803.Pq Vt int 804Only match packet in FIB 805.Pa ipfw_netflow_fib 806(default is undefined meaning all FIBs). 807.It Va natd_program 808.Pq Vt str 809Path to 810.Xr natd 8 . 811.It Va natd_enable 812.Pq Vt bool 813Set to 814.Dq Li YES 815to enable 816.Xr natd 8 . 817.Va firewall_enable 818must also be set to 819.Dq Li YES , 820and 821.Xr divert 4 822sockets must be enabled in the kernel. 823If the kernel was not built with 824.Cd "options IPDIVERT" , 825the 826.Pa ipdivert.ko 827kernel module will be loaded. 828.It Va natd_interface 829.Pq Vt str 830This is the name of the public interface on which 831.Xr natd 8 832should run. 833The interface may be given as an interface name or as an IP address. 834.It Va natd_flags 835.Pq Vt str 836Additional 837.Xr natd 8 838flags should be placed here. 839The 840.Fl n 841or 842.Fl a 843flag is automatically added with the above 844.Va natd_interface 845as an argument. 846.\" ----- ipfilter_enable setting -------------------------------- 847.It Va ipfilter_enable 848.Pq Vt bool 849Set to 850.Dq Li NO 851by default. 852Setting this to 853.Dq Li YES 854enables 855.Xr ipf 8 856packet filtering. 857.Pp 858Typical usage will require putting 859.Bd -literal 860ipfilter_enable="YES" 861ipnat_enable="YES" 862ipmon_enable="YES" 863ipfs_enable="YES" 864.Ed 865.Pp 866into 867.Pa /etc/rc.conf 868and editing 869.Pa /etc/ipf.rules 870and 871.Pa /etc/ipnat.rules 872appropriately. 873.Pp 874Note that 875.Va ipfilter_enable 876and 877.Va ipnat_enable 878can be enabled independently. 879.Va ipmon_enable 880and 881.Va ipfs_enable 882both require at least one of 883.Va ipfilter_enable 884and 885.Va ipnat_enable 886to be enabled. 887.Pp 888Having 889.Bd -literal 890options IPFILTER 891options IPFILTER_LOG 892options IPFILTER_DEFAULT_BLOCK 893.Ed 894.Pp 895in the kernel configuration file is a good idea, too. 896.\" ----- ipfilter_program setting ------------------------------ 897.It Va ipfilter_program 898.Pq Vt str 899Path to 900.Xr ipf 8 901(default 902.Pa /sbin/ipf ) . 903.\" ----- ipfilter_rules setting -------------------------------- 904.It Va ipfilter_rules 905.Pq Vt str 906Set to 907.Pa /etc/ipf.rules 908by default. 909This variable contains the name of the filter rule definition file. 910The file is expected to be readable for the 911.Xr ipf 8 912command to execute. 913.\" ----- ipfilter_flags setting -------------------------------- 914.It Va ipfilter_flags 915.Pq Vt str 916Empty by default. 917This variable contains flags passed to the 918.Xr ipf 8 919program. 920.\" ----- ipnat_enable setting ---------------------------------- 921.It Va ipnat_enable 922.Pq Vt bool 923Set to 924.Dq Li NO 925by default. 926Set it to 927.Dq Li YES 928to enable 929.Xr ipnat 8 930network address translation. 931See 932.Va ipfilter_enable 933for a detailed discussion. 934.\" ----- ipnat_program setting --------------------------------- 935.It Va ipnat_program 936.Pq Vt str 937Path to 938.Xr ipnat 8 939(default 940.Pa /sbin/ipnat ) . 941.\" ----- ipnat_rules setting ----------------------------------- 942.It Va ipnat_rules 943.Pq Vt str 944Set to 945.Pa /etc/ipnat.rules 946by default. 947This variable contains the name of the file 948holding the network address translation definition. 949This file is expected to be readable for the 950.Xr ipnat 8 951command to execute. 952.\" ----- ipnat_flags setting ----------------------------------- 953.It Va ipnat_flags 954.Pq Vt str 955Empty by default. 956This variable contains flags passed to the 957.Xr ipnat 8 958program. 959.\" ----- ipmon_enable setting ---------------------------------- 960.It Va ipmon_enable 961.Pq Vt bool 962Set to 963.Dq Li NO 964by default. 965Set it to 966.Dq Li YES 967to enable 968.Xr ipmon 8 969monitoring (logging 970.Xr ipf 8 971and 972.Xr ipnat 8 973events). 974Setting this variable needs setting 975.Va ipfilter_enable 976or 977.Va ipnat_enable 978too. 979See 980.Va ipfilter_enable 981for a detailed discussion. 982.\" ----- ipmon_program setting --------------------------------- 983.It Va ipmon_program 984.Pq Vt str 985Path to 986.Xr ipmon 8 987(default 988.Pa /sbin/ipmon ) . 989.\" ----- ipmon_flags setting ----------------------------------- 990.It Va ipmon_flags 991.Pq Vt str 992Set to 993.Dq Li -Ds 994by default. 995This variable contains flags passed to the 996.Xr ipmon 8 997program. 998Another typical example would be 999.Dq Fl D Pa /var/log/ipflog 1000to have 1001.Xr ipmon 8 1002log directly to a file bypassing 1003.Xr syslogd 8 . 1004Make sure to adjust 1005.Pa /etc/newsyslog.conf 1006in such case like this: 1007.Bd -literal 1008/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 1009.Ed 1010.\" ----- ipfs_enable setting ----------------------------------- 1011.It Va ipfs_enable 1012.Pq Vt bool 1013Set to 1014.Dq Li NO 1015by default. 1016Set it to 1017.Dq Li YES 1018to enable 1019.Xr ipfs 8 1020saving the filter and NAT state tables during shutdown 1021and reloading them during startup again. 1022Setting this variable needs setting 1023.Va ipfilter_enable 1024or 1025.Va ipnat_enable 1026to 1027.Dq Li YES 1028too. 1029See 1030.Va ipfilter_enable 1031for a detailed discussion. 1032Note that if 1033.Va kern_securelevel 1034is set to 3, 1035.Va ipfs_enable 1036cannot be used 1037because the raised securelevel will prevent 1038.Xr ipfs 8 1039from saving the state tables at shutdown time. 1040.\" ----- ipfs_program setting ---------------------------------- 1041.It Va ipfs_program 1042.Pq Vt str 1043Path to 1044.Xr ipfs 8 1045(default 1046.Pa /sbin/ipfs ) . 1047.\" ----- ipfs_flags setting ------------------------------------ 1048.It Va ipfs_flags 1049.Pq Vt str 1050Empty by default. 1051This variable contains flags passed to the 1052.Xr ipfs 8 1053program. 1054.\" ----- end of added ipf hook --------------------------------- 1055.It Va pf_enable 1056.Pq Vt bool 1057Set to 1058.Dq Li NO 1059by default. 1060Setting this to 1061.Dq Li YES 1062enables 1063.Xr pf 4 1064packet filtering. 1065.Pp 1066Typical usage will require putting 1067.Pp 1068.Dl pf_enable="YES" 1069.Pp 1070into 1071.Pa /etc/rc.conf 1072and editing 1073.Pa /etc/pf.conf 1074appropriately. 1075Adding 1076.Pp 1077.Dl "device pf" 1078.Pp 1079builds support for 1080.Xr pf 4 1081into the kernel, otherwise the 1082kernel module will be loaded. 1083.It Va pf_rules 1084.Pq Vt str 1085Path to 1086.Xr pf 4 1087ruleset configuration file 1088(default 1089.Pa /etc/pf.conf ) . 1090.It Va pf_program 1091.Pq Vt str 1092Path to 1093.Xr pfctl 8 1094(default 1095.Pa /sbin/pfctl ) . 1096.It Va pf_flags 1097.Pq Vt str 1098If 1099.Va pf_enable 1100is set to 1101.Dq Li YES , 1102these flags are passed to the 1103.Xr pfctl 8 1104program when loading the ruleset. 1105.It Va pf_fallback_rules_enable 1106.Pq Vt bool 1107Set to 1108.Dq Li NO 1109by default. 1110Setting this to 1111.Dq Li YES 1112enables loading 1113.Va pf_fallback_rules_file 1114or 1115.Va pf_fallback_rules 1116in case of a problem when loading the ruleset in 1117.Va pf_rules . 1118.It Va pf_fallback_rules_file 1119.Pq Vt str 1120Path to a pf ruleset to load in case of failure when loading the 1121ruleset in 1122.Va pf_rules 1123(default 1124.Pa /etc/pf-fallback.conf ) . 1125.It Va pf_fallback_rules 1126.Pq Vt str 1127A pf ruleset to load in case of failure when loading the ruleset in 1128.Va pf_rules 1129and 1130.Va pf_fallback_rules_file 1131is not found. 1132Multiple rules can be set as follows: 1133.Bd -literal 1134pf_fallback_rules="\\ 1135 block drop log all\\ 1136 pass in quick on em0" 1137.Pp 1138.Ed 1139The default fallback rule is 1140.Dq block drop log all 1141.It Va pflog_enable 1142.Pq Vt bool 1143Set to 1144.Dq Li NO 1145by default. 1146Setting this to 1147.Dq Li YES 1148enables 1149.Xr pflogd 8 1150which logs packets from the 1151.Xr pf 4 1152packet filter. 1153.It Va pflog_logfile 1154.Pq Vt str 1155If 1156.Va pflog_enable 1157is set to 1158.Dq Li YES 1159this controls where 1160.Xr pflogd 8 1161stores the logfile 1162(default 1163.Pa /var/log/pflog ) . 1164Check 1165.Pa /etc/newsyslog.conf 1166to adjust logfile rotation for this. 1167.It Va pflog_program 1168.Pq Vt str 1169Path to 1170.Xr pflogd 8 1171(default 1172.Pa /sbin/pflogd ) . 1173.It Va pflog_flags 1174.Pq Vt str 1175Empty by default. 1176This variable contains additional flags passed to the 1177.Xr pflogd 8 1178program. 1179.It Va pflog_instances 1180.Pq Vt str 1181If logging to more than one 1182.Xr pflog 4 1183interface is desired, 1184.Va pflog_instances 1185is set to the list of 1186.Xr pflogd 8 1187instances that should be started at system boot time. 1188If 1189.Va pflog_instances 1190is set, for each whitespace-separated 1191.Ar element 1192in the list, 1193.Ao Ar element Ac Ns Va _dev 1194and 1195.Ao Ar element Ac Ns Va _logfile 1196elements are assumed to exist. 1197.Ao Ar element Ac Ns Va _dev 1198must contain the 1199.Xr pflog 4 1200interface to be watched by the named 1201.Xr pflogd 8 1202instance. 1203.Ao Ar element Ac Ns Va _logfile 1204must contain the name of the logfile that will be used by the 1205.Xr pflogd 8 1206instance. 1207.It Va ftpproxy_enable 1208.Pq Vt bool 1209Set to 1210.Dq Li NO 1211by default. 1212Setting this to 1213.Dq Li YES 1214enables 1215.Xr ftp-proxy 8 1216which supports the 1217.Xr pf 4 1218packet filter in translating ftp connections. 1219.It Va ftpproxy_flags 1220.Pq Vt str 1221Empty by default. 1222This variable contains additional flags passed to the 1223.Xr ftp-proxy 8 1224program. 1225.It Va ftpproxy_instances 1226.Pq Vt str 1227Empty by default. 1228If multiple instances of 1229.Xr ftp-proxy 8 1230are desired at boot time, 1231.Va ftpproxy_instances 1232should contain a whitespace-separated list of instance names. 1233For each 1234.Ar element 1235in the list, a variable named 1236.Ao Ar element Ac Ns Va _flags 1237should be defined, containing the command-line flags to be passed to the 1238.Xr ftp-proxy 8 1239instance. 1240.It Va pfsync_enable 1241.Pq Vt bool 1242Set to 1243.Dq Li NO 1244by default. 1245Setting this to 1246.Dq Li YES 1247enables exposing 1248.Xr pf 4 1249state changes to other hosts over the network by means of 1250.Xr pfsync 4 . 1251The 1252.Va pfsync_syncdev 1253variable 1254must also be set then. 1255.It Va pfsync_syncdev 1256.Pq Vt str 1257Empty by default. 1258This variable specifies the name of the network interface 1259.Xr pfsync 4 1260should operate through. 1261It must be set accordingly if 1262.Va pfsync_enable 1263is set to 1264.Dq Li YES . 1265.It Va pfsync_syncpeer 1266.Pq Vt str 1267Empty by default. 1268This variable is optional. 1269By default, state change messages are sent out on the synchronisation 1270interface using IP multicast packets. 1271The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1272224.0.0.240. 1273When a peer address is specified using the 1274.Va pfsync_syncpeer 1275option, the peer address is used as a destination for the pfsync 1276traffic, and the traffic can then be protected using 1277.Xr ipsec 4 . 1278See the 1279.Xr pfsync 4 1280manpage for more details about using 1281.Xr ipsec 4 1282with 1283.Xr pfsync 4 1284interfaces. 1285.It Va pfsync_ifconfig 1286.Pq Vt str 1287Empty by default. 1288This variable can contain additional options to be passed to the 1289.Xr ifconfig 8 1290command used to set up 1291.Xr pfsync 4 . 1292.It Va tcp_extensions 1293.Pq Vt bool 1294Set to 1295.Dq Li YES 1296by default. 1297Setting this to 1298.Dq Li NO 1299disables certain TCP options as described by 1300.Rs 1301.%T "RFC 1323" 1302.Re 1303Setting this to 1304.Dq Li NO 1305might help remedy such problems with connections as randomly hanging 1306or other weird behavior. 1307Some network devices are known 1308to be broken with respect to these options. 1309.It Va log_in_vain 1310.Pq Vt int 1311Set to 0 by default. 1312The 1313.Xr sysctl 8 1314variables, 1315.Va net.inet.tcp.log_in_vain 1316and 1317.Va net.inet.udp.log_in_vain , 1318as described in 1319.Xr tcp 4 1320and 1321.Xr udp 4 , 1322are set to the given value. 1323.It Va tcp_keepalive 1324.Pq Vt bool 1325Set to 1326.Dq Li YES 1327by default. 1328Setting to 1329.Dq Li NO 1330will disable probing idle TCP connections to verify that the 1331peer is still up and reachable. 1332.It Va tcp_drop_synfin 1333.Pq Vt bool 1334Set to 1335.Dq Li NO 1336by default. 1337Setting to 1338.Dq Li YES 1339will cause the kernel to ignore TCP frames that have both 1340the SYN and FIN flags set. 1341This prevents OS fingerprinting, but may 1342break some legitimate applications. 1343.It Va icmp_drop_redirect 1344.Pq Vt bool 1345Set to 1346.Dq Li AUTO 1347by default. 1348This setting will be identical to 1349.Dq Li YES , 1350if a dynamic routing daemon is enabled, because redirect processing may 1351cause performance issues for large routing tables. 1352If no such service is enabled, this setting behaves like a 1353.Dq Li NO . 1354Setting to 1355.Dq Li YES 1356will cause the kernel to ignore ICMP REDIRECT packets. 1357Setting to 1358.Dq Li NO 1359will cause the kernel to process ICMP REDIRECT packets. 1360Refer to 1361.Xr icmp 4 1362for more information. 1363.It Va icmp_log_redirect 1364.Pq Vt bool 1365Set to 1366.Dq Li NO 1367by default. 1368Setting to 1369.Dq Li YES 1370will cause the kernel to log ICMP REDIRECT packets. 1371Note that 1372the log messages are not rate-limited, so this option should only be used 1373for troubleshooting networks. 1374Refer to 1375.Xr icmp 4 1376for more information. 1377.It Va icmp_bmcastecho 1378.Pq Vt bool 1379Set to 1380.Dq Li YES 1381to respond to broadcast or multicast ICMP ping packets. 1382Refer to 1383.Xr icmp 4 1384for more information. 1385.It Va ip_portrange_first 1386.Pq Vt int 1387If not set to 1388.Dq Li NO , 1389this is the first port in the default portrange. 1390Refer to 1391.Xr ip 4 1392for more information. 1393.It Va ip_portrange_last 1394.Pq Vt int 1395If not set to 1396.Dq Li NO , 1397this is the last port in the default portrange. 1398Refer to 1399.Xr ip 4 1400for more information. 1401.It Va network_interfaces 1402.Pq Vt str 1403Set to the list of network interfaces to configure on this host or 1404.Dq Li AUTO 1405(the default) for all current interfaces. 1406Setting the 1407.Va network_interfaces 1408variable to anything other than the default is deprecated. 1409Interfaces that the administrator wishes to store configuration for, 1410but not start at boot should be configured with the 1411.Dq Li NOAUTO 1412keyword in their 1413.Va ifconfig_ Ns Aq Ar interface 1414variables as described below. 1415.Pp 1416An 1417.Va ifconfig_ Ns Aq Ar interface 1418variable is also assumed to exist for each value of 1419.Ar interface . 1420When an interface name contains any of the characters 1421.Dq Li .-/+ 1422they are translated to 1423.Dq Li _ 1424before lookup. 1425The variable can contain arguments to 1426.Xr ifconfig 8 , 1427as well as special case-insensitive keywords described below. 1428Such keywords are removed before passing the value to 1429.Xr ifconfig 8 1430while the order of the other arguments is preserved. 1431.Pp 1432It is possible to add IP alias entries using 1433.Xr ifconfig 8 1434syntax with the address family keyword such as 1435.Li inet . 1436Assuming that the interface in question was 1437.Li em0 , 1438it might look something like this: 1439.Bd -literal 1440ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1441ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1442.Ed 1443.Pp 1444It also possible to configure multiple IP addresses in Classless 1445Inter-Domain Routing 1446.Pq CIDR 1447address notation, 1448whose each address component can be a range like 1449.Li inet 192.0.2.5-23/24 1450or 1451.Li inet6 2001:db8:1-f::1/64 . 1452This notation allows address and prefix length part only, 1453not the other address modifiers. 1454Note that the maximum number of the generated addresses from a range 1455specification is limited to an integer value specified in 1456.Va netif_ipexpand_max 1457in 1458.Nm 1459because a small typo can unexpectedly generate a large number of addresses. 1460The default value is 1461.Li 2048 . 1462It can be increased by adding the following line into 1463.Nm : 1464.Bd -literal 1465netif_ipexpand_max="4096" 1466.Ed 1467.Pp 1468In the case of 1469.Li 192.0.2.5-23/24 , 1470the address 192.0.2.5 will be configured with the 1471netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1472the non-conflicting netmask /32 as explained in the 1473.Xr ifconfig 8 1474alias section. 1475Note that this special netmask handling is only for 1476.Li inet , 1477not for the other address families such as 1478.Li inet6 . 1479.Pp 1480With the interface in question being 1481.Li em0 , 1482an example could look like: 1483.Bd -literal 1484ifconfig_em0_alias2="inet 192.0.2.129/27" 1485ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1486.Ed 1487.Pp 1488and so on. 1489.Pp 1490Note that deprecated 1491.Va ipv4_addrs_ Ns Aq Ar interface 1492variable was supported for IPv4 CIDR address notation. 1493The 1494.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1495variable replaces it, though 1496.Va ipv4_addrs_ Ns Aq Ar interface 1497is still supported for backward compatibility. 1498.Pp 1499For each 1500.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1501entry with an address family keyword, 1502its contents are passed to 1503.Xr ifconfig 8 . 1504Execution stops at the first unsuccessful access, so if 1505something like this is present: 1506.Bd -literal 1507ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1508ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1509ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1510ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1511.Ed 1512.Pp 1513Then note that alias4 would 1514.Em not 1515be added since the search would 1516stop with the missing 1517.Dq Li alias3 1518entry. 1519Because of this difficult to manage behavior, 1520there is 1521.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1522variable, which has the same functionality as 1523.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1524and can have all of the entries in a variable like the following: 1525.Bd -literal 1526ifconfig_em0_aliases="\\ 1527 inet 127.0.0.251 netmask 0xffffffff \\ 1528 inet 127.0.0.252 netmask 0xffffffff \\ 1529 inet 127.0.0.253 netmask 0xffffffff \\ 1530 inet 127.0.0.254 netmask 0xffffffff" 1531.Ed 1532.Pp 1533It also supports CIDR notation. 1534.Pp 1535If the 1536.Pa /etc/start_if . Ns Aq Ar interface 1537file is present, it is read and executed by the 1538.Xr sh 1 1539interpreter 1540before configuring the interface as specified in the 1541.Va ifconfig_ Ns Aq Ar interface 1542and 1543.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1544variables. 1545.Pp 1546If a 1547.Va vlans_ Ns Aq Ar interface 1548variable is set, 1549a 1550.Xr vlan 4 1551interface will be created for each item in the list with the 1552.Ar vlandev 1553argument set to 1554.Ar interface . 1555If a vlan interface's name is a number, 1556then that number is used as the vlan tag and the new vlan interface is 1557named 1558.Ar interface . Ns Ar tag . 1559Otherwise, 1560the vlan tag must be specified via a 1561.Va vlan 1562parameter in the 1563.Va create_args_ Ns Aq Ar interface 1564variable. 1565.Pp 1566To create a vlan device named 1567.Li em0.101 1568on 1569.Li em0 1570with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24: 1571.Bd -literal 1572vlans_em0="101" 1573ifconfig_em0_101="inet 192.0.2.1/24" 1574.Ed 1575.Pp 1576To create a vlan device named 1577.Li myvlan 1578on 1579.Li em0 1580with the vlan tag 102: 1581.Bd -literal 1582vlans_em0="myvlan" 1583create_args_myvlan="vlan 102" 1584.Ed 1585.Pp 1586If a 1587.Va wlans_ Ns Aq Ar interface 1588variable is set, 1589an 1590.Xr wlan 4 1591interface will be created for each item in the list with the 1592.Ar wlandev 1593argument set to 1594.Ar interface . 1595Further wlan cloning arguments may be passed to the 1596.Xr ifconfig 8 1597.Cm create 1598command by setting the 1599.Va create_args_ Ns Aq Ar interface 1600variable. 1601One or more 1602.Xr wlan 4 1603devices must be created for each wireless device as of 1604.Fx 8.0 . 1605Debugging flags for 1606.Xr wlan 4 1607devices as set by 1608.Xr wlandebug 8 1609may be specified with an 1610.Va wlandebug_ Ns Aq Ar interface 1611variable. 1612The contents of this variable will be passed directly to 1613.Xr wlandebug 8 . 1614.Pp 1615If the 1616.Va ifconfig_ Ns Aq Ar interface 1617contains the keyword 1618.Dq Li NOAUTO 1619then the interface will not be configured 1620at boot or by 1621.Pa /etc/pccard_ether 1622when 1623.Va network_interfaces 1624is set to 1625.Dq Li AUTO . 1626.Pp 1627It is possible to bring up an interface with DHCP by adding 1628.Dq Li DHCP 1629to the 1630.Va ifconfig_ Ns Aq Ar interface 1631variable. 1632For instance, to initialize the 1633.Li em0 1634device via DHCP, 1635it is possible to use something like: 1636.Bd -literal 1637ifconfig_em0="DHCP" 1638.Ed 1639.Pp 1640If you want to configure your wireless interface with 1641.Xr wpa_supplicant 8 1642for use with WPA, EAP/LEAP or WEP, you need to add 1643.Dq Li WPA 1644to the 1645.Va ifconfig_ Ns Aq Ar interface 1646variable. 1647.Pp 1648On the other hand, if you want to configure your wireless interface with 1649.Xr hostapd 8 , 1650you need to add 1651.Dq Li HOSTAP 1652to the 1653.Va ifconfig_ Ns Aq Ar interface 1654variable. 1655.Xr hostapd 8 1656will use the settings from 1657.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1658.Pp 1659Finally, you can add 1660.Xr ifconfig 8 1661options in this variable, in addition to the 1662.Pa /etc/start_if . Ns Aq Ar interface 1663file. 1664For instance, to configure an 1665.Xr ath 4 1666wireless device in station mode with an address obtained 1667via DHCP, using WPA authentication and 802.11b mode, it is 1668possible to use something like: 1669.Bd -literal 1670wlans_ath0="wlan0" 1671ifconfig_wlan0="DHCP WPA mode 11b" 1672.Ed 1673.Pp 1674In addition to the 1675.Va ifconfig_ Ns Aq Ar interface 1676form, a fallback variable 1677.Va ifconfig_DEFAULT 1678may be configured. 1679It will be used for all interfaces with no 1680.Va ifconfig_ Ns Aq Ar interface 1681variable. 1682.Pp 1683It is also possible to rename an interface by doing: 1684.Bd -literal 1685ifconfig_em0_name="net0" 1686ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1687.Ed 1688.It Va ipv6_enable 1689.Pq Vt bool 1690This variable is deprecated. 1691Use 1692.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1693and 1694.Va ipv6_activate_all_interfaces 1695if necessary. 1696.Pp 1697If the variable is 1698.Dq Li YES , 1699.Dq Li inet6 accept_rtadv 1700is added to all of 1701.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1702and the 1703.Va ipv6_activate_all_interfaces 1704is defined as 1705.Dq Li YES . 1706.It Va ipv6_prefer 1707.Pq Vt bool 1708This variable is deprecated. 1709Use 1710.Va ip6addrctl_policy 1711instead. 1712.Pp 1713If the variable is 1714.Dq Li YES , 1715the default address selection policy table set by 1716.Xr ip6addrctl 8 1717will be IPv6-preferred. 1718.Pp 1719If the variable is 1720.Dq Li NO , 1721the default address selection policy table set by 1722.Xr ip6addrctl 8 1723will be IPv4-preferred. 1724.It Va ipv6_activate_all_interfaces 1725.Pq Vt bool 1726This controls initial configuration on IPv6-capable 1727interfaces with no corresponding 1728.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1729variable. 1730Note that it is not always necessary to set this variable to 1731.Dq YES 1732to use IPv6 functionality on 1733.Fx . 1734In most cases, just configuring 1735.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1736variables works. 1737.Pp 1738If the variable is 1739.Dq Li NO , 1740all interfaces which do not have a corresponding 1741.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1742variable will be marked as 1743.Dq Li IFDISABLED 1744at creation. 1745This means that all IPv6 functionality on that interface 1746is completely disabled to enforce a security policy. 1747If the variable is set to 1748.Dq YES , 1749the flag will be cleared on all of the interfaces. 1750.Pp 1751In most cases, just defining an 1752.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1753for an IPv6-capable interface should be sufficient. 1754However, if an interface is added dynamically 1755.Pq by some tunneling protocols such as PPP, for example , 1756it is often difficult to define the variable in advance. 1757In such a case, configuring the 1758.Dq Li IFDISABLED 1759flag can be disabled by setting this variable to 1760.Dq YES . 1761.Pp 1762For more details of the 1763.Dq Li IFDISABLED 1764flag and keywords 1765.Dq Li inet6 ifdisabled , 1766see 1767.Xr ifconfig 8 . 1768.Pp 1769Default is 1770.Dq Li NO . 1771.It Va ipv6_privacy 1772.Pq Vt bool 1773If the variable is 1774.Dq Li YES 1775privacy addresses will be generated for each IPv6 1776interface as described in RFC 4941. 1777.It Va ipv6_network_interfaces 1778.Pq Vt str 1779This is the IPv6 equivalent of 1780.Va network_interfaces . 1781Normally manual configuration of this variable is not needed. 1782.It Va ipv6_cpe_wanif 1783.Pq Vt str 1784If the variable is set to an interface name, 1785the 1786.Xr ifconfig 8 1787options 1788.Dq inet6 -no_radr accept_rtadv 1789will be added to the specified interface automatically before evaluating 1790.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1791and two 1792.Xr sysctl 8 1793variables 1794.Va net.inet6.ip6.rfc6204w3 1795and 1796.Va net.inet6.ip6.no_radr 1797will be set to 1. 1798.Pp 1799This means the specified interface will accept ICMPv6 Router 1800Advertisement messages on that link and add the discovered 1801routers into the Default Router List. 1802While the other interfaces can still accept RA messages if the 1803.Dq inet6 accept_rtadv 1804option is specified, adding 1805routes into the Default Router List will be disabled by 1806.Dq inet6 no_radr 1807option by default. 1808See 1809.Xr ifconfig 8 1810for more details. 1811.Pp 1812Note that ICMPv6 Router Advertisement messages will be 1813accepted even when 1814.Va net.inet6.ip6.forwarding 1815is 1 1816.Pq packet forwarding is enabled 1817when 1818.Va net.inet6.ip6.rfc6204w3 1819is set to 1. 1820.Pp 1821Default is 1822.Dq Li NO . 1823.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1824.Pq Vt str 1825This assigns arbitrary description to an interface. 1826The 1827.Xr sysctl 8 1828variable 1829.Va net.ifdescr_maxlen 1830limits its length. 1831This static setting may be overridden by commands 1832started with dynamic interface configuration utilities 1833like 1834.Xr dhclient 8 1835hooks. 1836The description can be seen with 1837.Xr ifconfig 8 1838command and it may be exported with 1839.Xr bsnmpd 1 1840daemon using its MIB-2 module. 1841.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1842.Pq Vt str 1843IPv6 functionality on an interface should be configured by 1844.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1845instead of setting ifconfig parameters in 1846.Va ifconfig_ Ns Aq Ar interface . 1847If this variable is empty, all IPv6 configurations on the 1848specified interface by other variables such as 1849.Va ipv6_prefix_ Ns Ao Ar interface Ac 1850will be ignored. 1851.Pp 1852Aliases should be set by 1853.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1854with 1855.Dq Li inet6 1856keyword. 1857For example: 1858.Bd -literal 1859ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1860ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1861.Ed 1862.Pp 1863Interfaces that have an 1864.Dq Li inet6 accept_rtadv 1865keyword in 1866.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1867setting will be automatically configured by SLAAC 1868.Pq StateLess Address AutoConfiguration 1869described in 1870.Rs 1871.%T "RFC 4862" 1872.Re 1873.Pp 1874Note that a link-local address will be automatically configured in 1875addition to the configured global-scope addresses because the IPv6 1876specifications require it on each link. 1877The address is calculated from the MAC address by using an algorithm 1878defined in 1879.Rs 1880.%T "RFC 4862" 1881.%O "Section 5.3" 1882.Re 1883.Pp 1884If only a link-local address is needed on the interface, 1885the following configuration can be used: 1886.Bd -literal 1887ifconfig_em0_ipv6="inet6 auto_linklocal" 1888.Ed 1889.Pp 1890A link-local address can also be configured manually. 1891This is useful for the default router address of an IPv6 router 1892so that it does not change when the network interface 1893card is replaced. 1894For example: 1895.Bd -literal 1896ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1897.Ed 1898.It Va ipv6_prefix_ Ns Aq Ar interface 1899.Pq Vt str 1900If one or more prefixes are defined in 1901.Va ipv6_prefix_ Ns Aq Ar interface 1902addresses based on each prefix and the EUI-64 interface index will be 1903configured on that interface. 1904Note that this variable will be ignored when 1905.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1906is empty. 1907.Pp 1908For example, the following configuration 1909.Bd -literal 1910ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1911.Ed 1912.Pp 1913is equivalent to the following: 1914.Bd -literal 1915ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1916ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1917ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1918ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1919.Ed 1920.Pp 1921These Subnet-Router anycast addresses will be added only when 1922.Va ipv6_gateway_enable 1923is YES. 1924.It Va ipv6_default_interface 1925.Pq Vt str 1926If not set to 1927.Dq Li NO , 1928this is the default output interface for scoped addresses. 1929This works only with ipv6_gateway_enable="NO". 1930.It Va ip6addrctl_enable 1931.Pq Vt bool 1932This variable is to enable configuring default address selection policy table 1933.Pq RFC 3484 . 1934The table can be specified in another variable 1935.Va ip6addrctl_policy . 1936For 1937.Va ip6addrctl_policy 1938the following keywords can be specified: 1939.Dq Li ipv4_prefer , 1940.Dq Li ipv6_prefer , 1941or 1942.Dq Li AUTO . 1943.Pp 1944If 1945.Dq Li ipv4_prefer 1946or 1947.Dq Li ipv6_prefer 1948is specified, 1949.Xr ip6addrctl 8 1950installs a pre-defined policy table described in Section 10.3 1951.Pq IPv4-preferred 1952or 2.1 1953.Pq IPv6-preferred 1954of RFC 3484. 1955.Pp 1956If 1957.Dq Li AUTO 1958is specified, it attempts to read a file 1959.Pa /etc/ip6addrctl.conf 1960first. 1961If this file is found, 1962.Xr ip6addrctl 8 1963reads and installs it. 1964If not found, a policy is automatically set 1965according to 1966.Va ipv6_activate_all_interfaces 1967variable; if the variable is set to 1968.Dq Li YES 1969the IPv6-preferred one is used. 1970Otherwise IPv4-preferred. 1971.Pp 1972The default value of 1973.Va ip6addrctl_enable 1974and 1975.Va ip6addrctl_policy 1976are 1977.Dq Li YES 1978and 1979.Dq Li AUTO , 1980respectively. 1981.It Va cloned_interfaces 1982.Pq Vt str 1983Set to the list of clonable network interfaces to create on this host. 1984Further cloning arguments may be passed to the 1985.Xr ifconfig 8 1986.Cm create 1987command for each interface by setting the 1988.Va create_args_ Ns Aq Ar interface 1989variable. 1990If an interface name is specified with 1991.Dq :sticky 1992keyword, 1993the interface will not be destroyed even when 1994.Pa rc.d/netif 1995script is invoked with 1996.Dq stop 1997argument. 1998This is useful when reconfiguring the interface without destroying it. 1999Entries in 2000.Va cloned_interfaces 2001are automatically appended to 2002.Va network_interfaces 2003for configuration. 2004.It Va cloned_interfaces_sticky 2005.Pq Vt bool 2006This variable is to globally enable functionality of 2007.Dq :sticky 2008keyword in 2009.Va cloned_interfaces 2010for all interfaces. 2011The default value is 2012.Dq NO . 2013Even if this variable is specified to 2014.Dq YES , 2015.Dq :nosticky 2016keyword can be used to override it on per interface basis. 2017.It Va gif_interfaces 2018Set to the list of 2019.Xr gif 4 2020tunnel interfaces to configure on this host. 2021A 2022.Va gifconfig_ Ns Aq Ar interface 2023variable is assumed to exist for each value of 2024.Ar interface . 2025The value of this variable is used to configure the link layer of the 2026tunnel using the 2027.Cm tunnel 2028option to 2029.Xr ifconfig 8 . 2030Additionally, this option ensures that each listed interface is created 2031via the 2032.Cm create 2033option to 2034.Xr ifconfig 8 2035before attempting to configure it. 2036.Pp 2037For example, configure two 2038.Xr gif 4 2039interfaces with: 2040.Bd -literal 2041gif_interfaces="gif0 gif1" 2042gifconfig_gif0="100.64.0.1 100.64.0.2" 2043ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 2044gifconfig_gif1="inet6 2a00::1 2a01::1" 2045ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 2046.Ed 2047.It Va ppp_enable 2048.Pq Vt bool 2049If set to 2050.Dq Li YES , 2051run the 2052.Xr ppp 8 2053daemon. 2054.It Va ppp_profile 2055.Pq Vt str 2056The name of the profile to use from 2057.Pa /etc/ppp/ppp.conf . 2058Also used for per-profile overrides of 2059.Va ppp_mode 2060and 2061.Va ppp_nat , 2062and 2063.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2064When the profile name contains any of the characters 2065.Dq Li .-/+ 2066they are translated to 2067.Dq Li _ 2068for the proposes of the override variable names. 2069.It Va ppp_mode 2070.Pq Vt str 2071Mode in which to run the 2072.Xr ppp 8 2073daemon. 2074.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2075.Pq Vt str 2076Overrides the global 2077.Va ppp_mode 2078for 2079.Ar profile . 2080Accepted modes are 2081.Dq Li auto , 2082.Dq Li ddial , 2083.Dq Li direct 2084and 2085.Dq Li dedicated . 2086See the manual for a full description. 2087.It Va ppp_nat 2088.Pq Vt bool 2089If set to 2090.Dq Li YES , 2091enables network address translation. 2092Used in conjunction with 2093.Va gateway_enable 2094allows hosts on private network addresses access to the Internet using 2095this host as a network address translating router. 2096Default is 2097.Dq Li YES . 2098.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2099.Pq Vt str 2100Overrides the global 2101.Va ppp_nat 2102for 2103.Ar profile . 2104.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2105.Pq Vt int 2106Set the unit number to be used for this profile. 2107See the manual description of 2108.Fl unit Ns Ar N 2109for details. 2110.It Va ppp_user 2111.Pq Vt str 2112The name of the user under which 2113.Xr ppp 8 2114should be started. 2115By 2116default, 2117.Xr ppp 8 2118is started as 2119.Dq Li root . 2120.It Va rc_conf_files 2121.Pq Vt str 2122This option is used to specify a list of files that will override 2123the settings in 2124.Pa /etc/defaults/rc.conf . 2125The files will be read in the order in which they are specified and should 2126include the full path to the file. 2127By default, the files specified are 2128.Pa /etc/rc.conf 2129and 2130.Pa /etc/rc.conf.local . 2131.It Va zfs_enable 2132.Pq Vt bool 2133If set to 2134.Dq Li YES , 2135.Pa /etc/rc.d/zfs 2136will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2137(ZVOLs). 2138.It Va zpool_reguid 2139.Pq Vt str 2140A space-separated list of ZFS pool names for which new pool GUIDs should be 2141assigned upon first boot. 2142This is useful when using a ZFS pool copied from a template, such as a virtual 2143machine image. 2144.It Va zpool_upgrade 2145.Pq Vt str 2146A space-separated list of ZFS pool names for which the version should be 2147upgraded upon first boot. 2148This is useful when using a ZFS pool generated by the 2149.Xr makefs 8 2150utility. 2151.It Va gptboot_enable 2152.Pq Vt bool 2153If set to 2154.Dq Li YES , 2155.Pa /etc/rc.d/gptboot 2156will log if the system successfully (or not) booted from a GPT partition, 2157which had the 2158.Ar bootonce 2159attribute set using 2160.Xr gpart 8 2161utility. 2162.It Va gbde_autoattach_all 2163.Pq Vt bool 2164If set to 2165.Dq Li YES , 2166.Pa /etc/rc.d/gbde 2167will attempt to automatically initialize the .bde devices specified in 2168.Pa /etc/fstab . 2169.It Va gbde_devices 2170.Pq Vt str 2171List the devices that the script should try to attach, 2172or 2173.Dq Li AUTO . 2174.It Va gbde_lockdir 2175.Pq Vt str 2176The directory where the 2177.Xr gbde 4 2178lockfiles are located. 2179The default lockfile directory is 2180.Pa /etc . 2181.Pp 2182The lockfile for each individual 2183.Xr gbde 4 2184device can be overridden by setting the variable 2185.Va gbde_lock_ Ns Aq Ar device , 2186where 2187.Ar device 2188is the encrypted device without the 2189.Dq Pa /dev/ 2190and 2191.Dq Pa .bde 2192parts. 2193.It Va gbde_attach_attempts 2194.Pq Vt int 2195Number of times to attempt attaching to a 2196.Xr gbde 4 2197device, i.e., how many times the user is asked for the pass-phrase. 2198Default is 3. 2199.It Va geli_devices 2200.Pq Vt str 2201List of devices to automatically attach on boot. 2202Note that .eli devices from 2203.Pa /etc/fstab 2204are automatically appended to this list. 2205.It Va geli_groups 2206.Pq Vt str 2207List of groups containing devices to automatically attach on boot with the same 2208keyfiles and passphrase. 2209This must be accompanied with a corresponding 2210.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2211variable. 2212.It Va geli_tries 2213.Pq Vt int 2214Number of times user is asked for the pass-phrase. 2215If empty, it will be taken from 2216.Va kern.geom.eli.tries 2217sysctl variable. 2218.It Va geli_default_flags 2219.Pq Vt str 2220Default flags to use by 2221.Xr geli 8 2222when configuring disk encryption. 2223Flags can be configured for every device separately by defining the 2224.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2225variable, and for every group separately by defining the 2226.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2227variable. 2228.It Va geli_autodetach 2229.Pq Vt str 2230Specifies if GELI devices should be marked for detach on last close after 2231file systems are mounted. 2232Default is 2233.Dq Li YES . 2234This can be changed for every device separately by defining the 2235.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2236variable. 2237.It Va root_rw_mount 2238.Pq Vt bool 2239Set to 2240.Dq Li YES 2241by default. 2242After the file systems are checked at boot time, the root file system 2243is remounted as read-write if this is set to 2244.Dq Li YES . 2245Diskless systems that mount their root file system from a read-only remote 2246NFS share should set this to 2247.Dq Li NO 2248in their 2249.Pa rc.conf . 2250.It Va fsck_y_enable 2251.Pq Vt bool 2252If set to 2253.Dq Li YES , 2254.Xr fsck 8 2255will be run with the 2256.Fl y 2257flag if the initial preen 2258of the file systems fails. 2259.It Va background_fsck 2260.Pq Vt bool 2261If set to 2262.Dq Li NO , 2263the system will not attempt to run 2264.Xr fsck 8 2265in the background where possible. 2266.It Va background_fsck_delay 2267.Pq Vt int 2268The amount of time in seconds to sleep before starting a background 2269.Xr fsck 8 . 2270It defaults to sixty seconds to allow large applications such as 2271the X server to start before disk I/O bandwidth is monopolized by 2272.Xr fsck 8 . 2273If set to a negative number, the background file system check will be 2274delayed indefinitely to allow the administrator to run it at a more 2275convenient time. 2276For example it may be run from 2277.Xr cron 8 2278by adding a line like 2279.Pp 2280.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2281.Pp 2282to 2283.Pa /etc/crontab . 2284.It Va netfs_types 2285.Pq Vt str 2286List of file system types that are network-based. 2287This list should generally not be modified by end users. 2288Use 2289.Va extra_netfs_types 2290instead. 2291.It Va extra_netfs_types 2292.Pq Vt str 2293If set to something other than 2294.Dq Li NO 2295(the default), 2296this variable extends the list of file system types 2297for which automatic mounting at startup by 2298.Xr rc 8 2299should be delayed until the network is initialized. 2300It should contain 2301a whitespace-separated list of network file system descriptor pairs, 2302each consisting of a file system type as passed to 2303.Xr mount 8 2304and a human-readable, one-word description, 2305joined with a colon 2306.Pq Ql \&: . 2307Extending the default list in this way is only necessary 2308when third party file system types are used. 2309.It Va syslogd_enable 2310.Pq Vt bool 2311If set to 2312.Dq Li YES , 2313run the 2314.Xr syslogd 8 2315daemon. 2316.It Va syslogd_program 2317.Pq Vt str 2318Path to 2319.Xr syslogd 8 2320(default 2321.Pa /usr/sbin/syslogd ) . 2322.It Va syslogd_flags 2323.Pq Vt str 2324If 2325.Va syslogd_enable 2326is set to 2327.Dq Li YES , 2328these are the flags to pass to 2329.Xr syslogd 8 . 2330.It Va inetd_enable 2331.Pq Vt bool 2332If set to 2333.Dq Li YES , 2334run the 2335.Xr inetd 8 2336daemon. 2337.It Va inetd_program 2338.Pq Vt str 2339Path to 2340.Xr inetd 8 2341(default 2342.Pa /usr/sbin/inetd ) . 2343.It Va inetd_flags 2344.Pq Vt str 2345If 2346.Va inetd_enable 2347is set to 2348.Dq Li YES , 2349these are the flags to pass to 2350.Xr inetd 8 . 2351.It Va hastd_enable 2352.Pq Vt bool 2353If set to 2354.Dq Li YES , 2355run the 2356.Xr hastd 8 2357daemon. 2358.It Va hastd_program 2359.Pq Vt str 2360Path to 2361.Xr hastd 8 2362(default 2363.Pa /sbin/hastd ) . 2364.It Va hastd_flags 2365.Pq Vt str 2366If 2367.Va hastd_enable 2368is set to 2369.Dq Li YES , 2370these are the flags to pass to 2371.Xr hastd 8 . 2372.It Va local_unbound_enable 2373.Pq Vt bool 2374If set to 2375.Dq Li YES , 2376run the 2377.Xr unbound 8 2378daemon as a local caching DNS resolver. 2379.It Va nscd_enable 2380.Pq Vt bool 2381Set to 2382.Dq Li YES 2383to start the 2384.Xr nscd 8 2385caching daemon for the 2386.Nm nsswitch 2387subsystem. 2388.It Va nscd_flags 2389.Pq Vt str 2390If 2391.Va nscd_enable 2392is set to 2393.Dq Li YES , 2394these flags are passed to 2395.Xr nscd 8 . 2396.It Va kdc_enable 2397.Pq Vt bool 2398Set to 2399.Dq Li YES 2400to start a Kerberos 5 authentication server 2401at boot time. 2402.It Va kdc_program 2403.Pq Vt str 2404If 2405.Va kdc_enable 2406is set to 2407.Dq Li YES 2408this is the path to Kerberos 5 Authentication Server. 2409.It Va kdc_flags 2410.Pq Vt str 2411Empty by default. 2412This variable contains additional flags to be passed to the Kerberos 5 2413authentication server. 2414.It Va kadmind_enable 2415.Pq Vt bool 2416Set to 2417.Dq Li YES 2418to start 2419.Xr kadmind 8 , 2420the Kerberos 5 Administration Daemon; set to 2421.Dq Li NO 2422on a slave server. 2423.It Va kadmind_program 2424.Pq Vt str 2425If 2426.Va kadmind_enable 2427is set to 2428.Dq Li YES 2429this is the path to Kerberos 5 Administration Daemon. 2430.It Va kpasswdd_enable 2431.Pq Vt bool 2432Set to 2433.Dq Li YES 2434to start 2435.Xr kpasswdd 8 , 2436the Kerberos 5 Password-Changing Daemon; set to 2437.Dq Li NO 2438on a slave server. 2439.It Va kpasswdd_program 2440.Pq Vt str 2441If 2442.Va kpasswdd_enable 2443is set to 2444.Dq Li YES 2445this is the path to Kerberos 5 Password-Changing Daemon. 2446.It Va kfd_enable 2447.Pq Vt bool 2448Set to 2449.Dq Li YES 2450to start 2451.Xr kfd 8 , 2452the Kerberos 5 ticket forwarding daemon, at the boot time. 2453.It Va kfd_program 2454.Pq Vt str 2455Path to 2456.Xr kfd 8 2457(default 2458.Pa /usr/libexec/kfd ) . 2459.It Va rwhod_enable 2460.Pq Vt bool 2461If set to 2462.Dq Li YES , 2463run the 2464.Xr rwhod 8 2465daemon at boot time. 2466.It Va rwhod_flags 2467.Pq Vt str 2468If 2469.Va rwhod_enable 2470is set to 2471.Dq Li YES , 2472these are the flags to pass to it. 2473.It Va update_motd 2474.Pq Vt bool 2475If set to 2476.Dq Li YES , 2477.Pa /var/run/motd 2478will be updated at boot time to reflect the kernel release 2479being run. 2480If set to 2481.Dq Li NO , 2482.Pa /var/run/motd 2483will not be updated. 2484.It Va nfs_client_enable 2485.Pq Vt bool 2486If set to 2487.Dq Li YES , 2488run the NFS client daemons at boot time. 2489.It Va nfs_access_cache 2490.Pq Vt int 2491If 2492.Va nfs_client_enable 2493is set to 2494.Dq Li YES , 2495this can be set to 2496.Dq Li 0 2497to disable NFS ACCESS RPC caching, or to the number of seconds for which 2498NFS ACCESS 2499results should be cached. 2500A value of 2-10 seconds will substantially reduce network 2501traffic for many NFS operations. 2502.It Va nfs_server_enable 2503.Pq Vt bool 2504If set to 2505.Dq Li YES , 2506run the NFS server daemons at boot time. 2507.It Va nfs_server_flags 2508.Pq Vt str 2509If 2510.Va nfs_server_enable 2511is set to 2512.Dq Li YES , 2513these are the flags to pass to the 2514.Xr nfsd 8 2515daemon. 2516.It Va nfsv4_server_enable 2517.Pq Vt bool 2518If 2519.Va nfs_server_enable 2520is set to 2521.Dq Li YES 2522and 2523.Va nfsv4_server_enable 2524is set to 2525.Dq Li YES , 2526enable the server for NFSv4 as well as NFSv2 and NFSv3. 2527.It Va nfsv4_server_only 2528.Pq Vt bool 2529If 2530.Va nfs_server_enable 2531is set to 2532.Dq Li YES 2533and 2534.Va nfsv4_server_only 2535is set to 2536.Dq Li YES , 2537enable the NFS server for NFSv4 only. 2538.It Va nfs_server_maxio 2539.Pq Vt int 2540value to set vfs.nfsd.srvmaxio to, which is the 2541maximum I/O size for the NFS server. 2542.It Va tlsclntd_enable 2543.Pq Vt bool 2544If set to 2545.Dq Li YES , 2546run the 2547.Xr rpc.tlsclntd 8 2548daemon, which is needed for NFS-over-TLS NFS mounts. 2549.It Va tlsservd_enable 2550.Pq Vt bool 2551If set to 2552.Dq Li YES , 2553run the 2554.Xr rpc.tlsservd 8 2555daemon, which is needed for the 2556.Xr nfsd 8 2557to support NFS-over-TLS NFS mounts. 2558.It Va nfsuserd_enable 2559.Pq Vt bool 2560If 2561.Va nfsuserd_enable 2562is set to 2563.Dq Li YES , 2564run the nfsuserd daemon, which is needed for NFSv4 in order 2565to map between user/group names vs uid/gid numbers. 2566If 2567.Va nfsv4_server_enable 2568is set to 2569.Dq Li YES , 2570this will be forced enabled. 2571.It Va nfsuserd_flags 2572.Pq Vt str 2573If 2574.Va nfsuserd_enable 2575is set to 2576.Dq Li YES , 2577these are the flags to pass to the 2578.Xr nfsuserd 8 2579daemon. 2580.It Va nfscbd_enable 2581.Pq Vt bool 2582If 2583.Va nfscbd_enable 2584is set to 2585.Dq Li YES , 2586run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2587.It Va nfscbd_flags 2588.Pq Vt str 2589If 2590.Va nfscbd_enable 2591is set to 2592.Dq Li YES , 2593these are the flags to pass to the 2594.Xr nfscbd 8 2595daemon. 2596.It Va mountd_enable 2597.Pq Vt bool 2598If set to 2599.Dq Li YES , 2600and no 2601.Va nfs_server_enable 2602is set, start 2603.Xr mountd 8 , 2604but not 2605.Xr nfsd 8 2606daemon. 2607It is commonly needed to run CFS without real NFS used. 2608.It Va mountd_flags 2609.Pq Vt str 2610If 2611.Va mountd_enable 2612is set to 2613.Dq Li YES , 2614these are the flags to pass to the 2615.Xr mountd 8 2616daemon. 2617.It Va weak_mountd_authentication 2618.Pq Vt bool 2619If set to 2620.Dq Li YES , 2621allow services like PCNFSD to make non-privileged mount 2622requests. 2623.It Va nfs_reserved_port_only 2624.Pq Vt bool 2625If set to 2626.Dq Li YES , 2627provide NFS services only on a secure port. 2628.It Va nfs_bufpackets 2629.Pq Vt int 2630If set to a number, indicates the number of packets worth of 2631socket buffer space to reserve on an NFS client. 2632The kernel default is typically 4. 2633Using a higher number may be 2634useful on gigabit networks to improve performance. 2635The minimum value is 26362 and the maximum is 64. 2637.It Va rpc_lockd_enable 2638.Pq Vt bool 2639If set to 2640.Dq Li YES 2641and also an NFS server or client, run 2642.Xr rpc.lockd 8 2643at boot time. 2644.It Va rpc_lockd_flags 2645.Pq Vt str 2646If 2647.Va rpc_lockd_enable 2648is set to 2649.Dq Li YES , 2650these are the flags to pass to the 2651.Xr rpc.lockd 8 2652daemon. 2653.It Va rpc_statd_enable 2654.Pq Vt bool 2655If set to 2656.Dq Li YES 2657and also an NFS server or client, run 2658.Xr rpc.statd 8 2659at boot time. 2660.It Va rpc_statd_flags 2661.Pq Vt str 2662If 2663.Va rpc_statd_enable 2664is set to 2665.Dq Li YES , 2666these are the flags to pass to the 2667.Xr rpc.statd 8 2668daemon. 2669.It Va rpcbind_program 2670.Pq Vt str 2671Path to 2672.Xr rpcbind 8 2673(default 2674.Pa /usr/sbin/rpcbind ) . 2675.It Va rpcbind_enable 2676.Pq Vt bool 2677If set to 2678.Dq Li YES , 2679run the 2680.Xr rpcbind 8 2681service at boot time. 2682.It Va rpcbind_flags 2683.Pq Vt str 2684If 2685.Va rpcbind_enable 2686is set to 2687.Dq Li YES , 2688these are the flags to pass to the 2689.Xr rpcbind 8 2690daemon. 2691.It Va keyserv_enable 2692.Pq Vt bool 2693If set to 2694.Dq Li YES , 2695run the 2696.Xr keyserv 8 2697daemon on boot for running Secure RPC. 2698.It Va keyserv_flags 2699.Pq Vt str 2700If 2701.Va keyserv_enable 2702is set to 2703.Dq Li YES , 2704these are the flags to pass to 2705.Xr keyserv 8 2706daemon. 2707.It Va pppoed_enable 2708.Pq Vt bool 2709If set to 2710.Dq Li YES , 2711run the 2712.Xr pppoed 8 2713daemon at boot time to provide PPP over Ethernet services. 2714.It Va pppoed_ Ns Aq Ar provider 2715.Pq Vt str 2716.Xr pppoed 8 2717listens to requests to this 2718.Ar provider 2719and ultimately runs 2720.Xr ppp 8 2721with a 2722.Ar system 2723argument of the same name. 2724.It Va pppoed_flags 2725.Pq Vt str 2726Additional flags to pass to 2727.Xr pppoed 8 . 2728.It Va pppoed_interface 2729.Pq Vt str 2730The network interface to run 2731.Xr pppoed 8 2732on. 2733This is mandatory when 2734.Va pppoed_enable 2735is set to 2736.Dq Li YES . 2737.It Va ntpdate_enable 2738.Pq Vt bool 2739If set to 2740.Dq Li YES , 2741run 2742.Xr ntpdate 8 2743at system startup. 2744This command is intended to 2745synchronize the system clock only 2746.Em once 2747from some standard reference. 2748.Pp 2749Note that the use of the 2750.Va ntpd_sync_on_start 2751variable is a preferred alternative to the 2752.Xr ntpdate 8 2753utility as 2754.Xr ntpdate 8 2755is to be retired from the NTP distribution. 2756.It Va ntpdate_config 2757.Pq Vt str 2758Configuration file for 2759.Xr ntpdate 8 . 2760Default 2761.Pa /etc/ntp.conf . 2762.It Va ntpdate_hosts 2763.Pq Vt str 2764A whitespace-separated list of NTP servers to synchronize with at startup. 2765The default is to use the servers listed in 2766.Va ntpdate_config , 2767if that file exists. 2768.It Va ntpdate_program 2769.Pq Vt str 2770Path to 2771.Xr ntpdate 8 2772(default 2773.Pa /usr/sbin/ntpdate ) . 2774.It Va ntpdate_flags 2775.Pq Vt str 2776If 2777.Va ntpdate_enable 2778is set to 2779.Dq Li YES , 2780these are the flags to pass to the 2781.Xr ntpdate 8 2782command (typically a hostname). 2783.It Va ntpd_enable 2784.Pq Vt bool 2785If set to 2786.Dq Li YES , 2787run the 2788.Xr ntpd 8 2789command at boot time. 2790.It Va ntpd_program 2791.Pq Vt str 2792Path to 2793.Xr ntpd 8 2794(default 2795.Pa /usr/sbin/ntpd ) . 2796.It Va ntpd_config 2797.Pq Vt str 2798Path to 2799.Xr ntpd 8 2800configuration file. 2801Default 2802.Pa /etc/ntp.conf . 2803.It Va ntpd_flags 2804.Pq Vt str 2805If 2806.Va ntpd_enable 2807is set to 2808.Dq Li YES , 2809these are the flags to pass to the 2810.Xr ntpd 8 2811daemon. 2812.It Va ntpd_sync_on_start 2813.Pq Vt bool 2814If set to 2815.Dq Li YES , 2816.Xr ntpd 8 2817is run with the 2818.Fl g 2819flag, which syncs the system's clock on startup. 2820See 2821.Xr ntpd 8 2822for more information regarding the 2823.Fl g 2824option. 2825This is a preferred alternative to using 2826.Xr ntpdate 8 2827or specifying the 2828.Va ntpdate_enable 2829variable. 2830.It Va nis_client_enable 2831.Pq Vt bool 2832If set to 2833.Dq Li YES , 2834run the 2835.Xr ypbind 8 2836service at system boot time. 2837.It Va nis_client_flags 2838.Pq Vt str 2839If 2840.Va nis_client_enable 2841is set to 2842.Dq Li YES , 2843these are the flags to pass to the 2844.Xr ypbind 8 2845service. 2846.It Va nis_ypldap_enable 2847.Pq Vt bool 2848If set to 2849.Dq Li YES , 2850run the 2851.Xr ypldap 8 2852daemon at system boot time. 2853.It Va nis_ypldap_flags 2854.Pq Vt str 2855If 2856.Va nis.ypldap_enable 2857is set to 2858.Dq Li YES , 2859these are the flags to pass to the 2860.Xr ypldap 8 2861daemon. 2862.It Va nis_ypset_enable 2863.Pq Vt bool 2864If set to 2865.Dq Li YES , 2866run the 2867.Xr ypset 8 2868daemon at system boot time. 2869.It Va nis_ypset_flags 2870.Pq Vt str 2871If 2872.Va nis_ypset_enable 2873is set to 2874.Dq Li YES , 2875these are the flags to pass to the 2876.Xr ypset 8 2877daemon. 2878.It Va nis_server_enable 2879.Pq Vt bool 2880If set to 2881.Dq Li YES , 2882run the 2883.Xr ypserv 8 2884daemon at system boot time. 2885.It Va nis_server_flags 2886.Pq Vt str 2887If 2888.Va nis_server_enable 2889is set to 2890.Dq Li YES , 2891these are the flags to pass to the 2892.Xr ypserv 8 2893daemon. 2894.It Va nis_ypxfrd_enable 2895.Pq Vt bool 2896If set to 2897.Dq Li YES , 2898run the 2899.Xr rpc.ypxfrd 8 2900daemon at system boot time. 2901.It Va nis_ypxfrd_flags 2902.Pq Vt str 2903If 2904.Va nis_ypxfrd_enable 2905is set to 2906.Dq Li YES , 2907these are the flags to pass to the 2908.Xr rpc.ypxfrd 8 2909daemon. 2910.It Va nis_yppasswdd_enable 2911.Pq Vt bool 2912If set to 2913.Dq Li YES , 2914run the 2915.Xr rpc.yppasswdd 8 2916daemon at system boot time. 2917.It Va nis_yppasswdd_flags 2918.Pq Vt str 2919If 2920.Va nis_yppasswdd_enable 2921is set to 2922.Dq Li YES , 2923these are the flags to pass to the 2924.Xr rpc.yppasswdd 8 2925daemon. 2926.It Va rpc_ypupdated_enable 2927.Pq Vt bool 2928If set to 2929.Dq Li YES , 2930run the 2931.Nm rpc.ypupdated 2932daemon at system boot time. 2933.It Va bsnmpd_enable 2934.Pq Vt bool 2935If set to 2936.Dq Li YES , 2937run the 2938.Xr bsnmpd 1 2939daemon at system boot time. 2940Be sure to understand the security implications of running an SNMP daemon 2941on your host. 2942.It Va bsnmpd_flags 2943.Pq Vt str 2944If 2945.Va bsnmpd_enable 2946is set to 2947.Dq Li YES , 2948these are the flags to pass to the 2949.Xr bsnmpd 1 2950daemon. 2951.It Va defaultrouter 2952.Pq Vt str 2953If not set to 2954.Dq Li NO , 2955create a default route to this host name or IP address 2956(use an IP address if this router is also required to get to the 2957name server!). 2958.It Va defaultrouter_fibN 2959.Pq Vt str 2960If not set to 2961.Dq Li NO , 2962create a default route in FIB N to this host name or IP address. 2963.It Va ipv6_defaultrouter 2964.Pq Vt str 2965The IPv6 equivalent of 2966.Va defaultrouter . 2967.It Va ipv6_defaultrouter_fibN 2968.Pq Vt str 2969The IPv6 equivalent of 2970.Va defaultrouter_fibN . 2971.It Va static_arp_pairs 2972.Pq Vt str 2973Set to the list of static ARP pairs that are to be added at system 2974boot time. 2975For each whitespace separated 2976.Ar element 2977in the value, a 2978.Va static_arp_ Ns Aq Ar element 2979variable is assumed to exist whose contents will later be passed to a 2980.Dq Nm arp Cm -S 2981operation. 2982For example 2983.Bd -literal 2984static_arp_pairs="gw" 2985static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2986.Ed 2987.It Va static_ndp_pairs 2988.Pq Vt str 2989Set to the list of static NDP pairs that are to be added at system 2990boot time. 2991For each whitespace separated 2992.Ar element 2993in the value, a 2994.Va static_ndp_ Ns Aq Ar element 2995variable is assumed to exist whose contents will later be passed to a 2996.Dq Nm ndp Cm -s 2997operation. 2998For example 2999.Bd -literal 3000static_ndp_pairs="gw" 3001static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 3002.Ed 3003.It Va static_routes 3004.Pq Vt str 3005Set to the list of static routes that are to be added at system 3006boot time. 3007If not set to 3008.Dq Li NO 3009then for each whitespace separated 3010.Ar element 3011in the value, a 3012.Va route_ Ns Aq Ar element 3013variable is assumed to exist 3014whose contents will later be passed to a 3015.Dq Nm route Cm add 3016operation. 3017For example: 3018.Bd -literal 3019static_routes="ext mcast:gif0 gif0local:gif0" 3020route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 3021route_mcast="-net 224.0.0.0/4 -iface gif0" 3022route_gif0local="-host 169.254.1.1 -iface lo0" 3023.Ed 3024.Pp 3025When an 3026.Ar element 3027is in the form of 3028.Li name:ifname , 3029the route is specific to the interface 3030.Li ifname . 3031.It Va ipv6_static_routes 3032.Pq Vt str 3033The IPv6 equivalent of 3034.Va static_routes . 3035If not set to 3036.Dq Li NO 3037then for each whitespace separated 3038.Ar element 3039in the value, a 3040.Va ipv6_route_ Ns Aq Ar element 3041variable is assumed to exist 3042whose contents will later be passed to a 3043.Dq Nm route Cm add Fl inet6 3044operation. 3045.It Va gateway_enable 3046.Pq Vt bool 3047If set to 3048.Dq Li YES , 3049configure host to act as an IP router, e.g.\& to forward packets 3050between interfaces. 3051.It Va ipv6_gateway_enable 3052.Pq Vt bool 3053The IPv6 equivalent of 3054.Va gateway_enable . 3055.It Va routed_enable 3056.Pq Vt bool 3057If set to 3058.Dq Li YES , 3059run a routing daemon of some sort, based on the 3060settings of 3061.Va routed_program 3062and 3063.Va routed_flags . 3064.It Va route6d_enable 3065.Pq Vt bool 3066The IPv6 equivalent of 3067.Va routed_enable . 3068If set to 3069.Dq Li YES , 3070run a routing daemon of some sort, based on the 3071settings of 3072.Va route6d_program 3073and 3074.Va route6d_flags . 3075.It Va routed_program 3076.Pq Vt str 3077If 3078.Va routed_enable 3079is set to 3080.Dq Li YES , 3081this is the name of the routing daemon to use. 3082The default is 3083.Xr routed 8 . 3084.It Va route6d_program 3085.Pq Vt str 3086The IPv6 equivalent of 3087.Va routed_program . 3088The default is 3089.Xr route6d 8 . 3090.It Va routed_flags 3091.Pq Vt str 3092If 3093.Va routed_enable 3094is set to 3095.Dq Li YES , 3096these are the flags to pass to the routing daemon. 3097.It Va route6d_flags 3098.Pq Vt str 3099The IPv6 equivalent of 3100.Va routed_flags . 3101.It Va rtadvd_enable 3102.Pq Vt bool 3103If set to 3104.Dq Li YES , 3105run the 3106.Xr rtadvd 8 3107daemon at boot time. 3108The 3109.Xr rtadvd 8 3110utility sends ICMPv6 Router Advertisement messages to 3111the interfaces specified in 3112.Va rtadvd_interfaces . 3113This should only be enabled with great care. 3114You may want to fine-tune 3115.Xr rtadvd.conf 5 . 3116.It Va rtadvd_interfaces 3117.Pq Vt str 3118If 3119.Va rtadvd_enable 3120is set to 3121.Dq Li YES 3122this is the list of interfaces to use. 3123.It Va arpproxy_all 3124.Pq Vt bool 3125If set to 3126.Dq Li YES , 3127enable global proxy ARP. 3128.It Va forward_sourceroute 3129.Pq Vt bool 3130If set to 3131.Dq Li YES 3132and 3133.Va gateway_enable 3134is also set to 3135.Dq Li YES , 3136source-routed packets are forwarded. 3137.It Va accept_sourceroute 3138.Pq Vt bool 3139If set to 3140.Dq Li YES , 3141the system will accept source-routed packets directed at it. 3142.It Va rarpd_enable 3143.Pq Vt bool 3144If set to 3145.Dq Li YES , 3146run the 3147.Xr rarpd 8 3148daemon at system boot time. 3149.It Va rarpd_flags 3150.Pq Vt str 3151If 3152.Va rarpd_enable 3153is set to 3154.Dq Li YES , 3155these are the flags to pass to the 3156.Xr rarpd 8 3157daemon. 3158.It Va bootparamd_enable 3159.Pq Vt bool 3160If set to 3161.Dq Li YES , 3162run the 3163.Xr bootparamd 8 3164daemon at system boot time. 3165.It Va bootparamd_flags 3166.Pq Vt str 3167If 3168.Va bootparamd_enable 3169is set to 3170.Dq Li YES , 3171these are the flags to pass to the 3172.Xr bootparamd 8 3173daemon. 3174.It Va stf_interface_ipv4addr 3175.Pq Vt str 3176If not set to 3177.Dq Li NO , 3178this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3179interface). 3180Specify this entry to enable the 6to4 interface. 3181.It Va stf_interface_ipv4plen 3182.Pq Vt int 3183Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3184An effective value is 0-31. 3185.It Va stf_interface_ipv6_ifid 3186.Pq Vt str 3187IPv6 interface ID for 3188.Xr stf 4 . 3189This can be set to 3190.Dq Li AUTO . 3191.It Va stf_interface_ipv6_slaid 3192.Pq Vt str 3193IPv6 Site Level Aggregator for 3194.Xr stf 4 . 3195.It Va ipv6_ipv4mapping 3196.Pq Vt bool 3197If set to 3198.Dq Li YES 3199this enables IPv4 mapped IPv6 address communication (like 3200.Li ::ffff:a.b.c.d ) . 3201.It Va rtsold_enable 3202.Pq Vt bool 3203Set to 3204.Dq Li YES 3205to enable the 3206.Xr rtsold 8 3207daemon to send ICMPv6 Router Solicitation messages. 3208.It Va rtsold_flags 3209.Pq Vt str 3210If 3211.Va rtsold_enable 3212is set to 3213.Dq Li YES , 3214these are the flags to pass to 3215.Xr rtsold 8 . 3216.It Va rtsol_flags 3217.Pq Vt str 3218For interfaces configured with the 3219.Dq Li inet6 accept_rtadv 3220keyword, these are the flags to pass to 3221.Xr rtsol 8 . 3222.Pp 3223Note that 3224.Va rtsold_enable 3225is mutually exclusive to 3226.Va rtsol_flags ; 3227.Va rtsold_enable 3228takes precedence. 3229.It Va keybell 3230.Pq Vt str 3231The keyboard bell sound. 3232Set to 3233.Dq Li normal , 3234.Dq Li visual , 3235.Dq Li off , 3236or 3237.Dq Li NO 3238if the default behavior is desired. 3239For details, refer to the 3240.Xr kbdcontrol 1 3241manpage. 3242.It Va keyboard 3243.Pq Vt str 3244If set to a non-null string, the virtual console's keyboard input is 3245set to this device. 3246.It Va keymap 3247.Pq Vt str 3248If set to 3249.Dq Li NO , 3250no keymap is installed, otherwise the value is used to install 3251the keymap file found in 3252.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3253(if using 3254.Xr syscons 4 ) or 3255.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3256(if using 3257.Xr vt 4 ) . 3258.It Va keyrate 3259.Pq Vt str 3260The keyboard repeat speed. 3261Set to 3262.Dq Li slow , 3263.Dq Li normal , 3264.Dq Li fast , 3265or 3266.Dq Li NO 3267if the default behavior is desired. 3268.It Va keychange 3269.Pq Vt str 3270If not set to 3271.Dq Li NO , 3272attempt to program the function keys with the value. 3273The value should 3274be a single string of the form: 3275.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3276.It Va cursor 3277.Pq Vt str 3278Can be set to the value of 3279.Dq Li normal , 3280.Dq Li blink , 3281.Dq Li destructive , 3282or 3283.Dq Li NO 3284to set the cursor behavior explicitly or choose the default behavior. 3285.It Va scrnmap 3286.Pq Vt str 3287If set to 3288.Dq Li NO , 3289no screen map is installed, otherwise the value is used to install 3290the screen map file in 3291.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3292This parameter is ignored when using 3293.Xr vt 4 3294as the console driver. 3295.It Va font8x16 3296.Pq Vt str 3297If set to 3298.Dq Li NO , 3299the default 8x16 font value is used for screen size requests, otherwise 3300the value in 3301.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3302or 3303.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3304is used (depending on the console driver being used). 3305.It Va font8x14 3306.Pq Vt str 3307If set to 3308.Dq Li NO , 3309the default 8x14 font value is used for screen size requests, otherwise 3310the value in 3311.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3312or 3313.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3314is used (depending on the console driver being used). 3315.It Va font8x8 3316.Pq Vt str 3317If set to 3318.Dq Li NO , 3319the default 8x8 font value is used for screen size requests, otherwise 3320the value in 3321.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3322or 3323.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3324is used (depending on the console driver being used). 3325.It Va blanktime 3326.Pq Vt int 3327If set to 3328.Dq Li NO , 3329the default screen blanking interval is used, otherwise it is set 3330to 3331.Ar value 3332seconds. 3333.It Va saver 3334.Pq Vt str 3335If not set to 3336.Dq Li NO , 3337this is the actual screen saver to use 3338.Li ( blank , snake , daemon , 3339etc). 3340.It Va moused_nondefault_enable 3341.Pq Vt str 3342If set to 3343.Dq Li NO , 3344the mouse device specified on 3345the command line is not automatically treated as enabled by the 3346.Pa /etc/rc.d/moused 3347script. 3348Having this variable set to 3349.Dq Li YES 3350allows a 3351.Xr usb 4 3352mouse, 3353for example, 3354to be enabled as soon as it is plugged in. 3355.It Va moused_enable 3356.Pq Vt str 3357If set to 3358.Dq Li YES , 3359the 3360.Xr moused 8 3361daemon is started for doing cut/paste selection on the console. 3362.It Va moused_type 3363.Pq Vt str 3364This is the protocol type of the mouse connected to this host. 3365This variable must be set if 3366.Va moused_enable 3367is set to 3368.Dq Li YES , 3369but defaults to 3370.Dq Li auto 3371as the 3372.Xr moused 8 3373daemon 3374is able to detect the appropriate mouse type automatically in many cases. 3375Set this variable to 3376one from the following list if the automatic detection fails. 3377.Pp 3378If the mouse is attached to the PS/2 mouse port, choose 3379.Dq Li auto 3380or 3381.Dq Li ps/2 , 3382regardless of the brand and model of the mouse. 3383Likewise, if the 3384mouse is attached to the bus mouse port, choose 3385.Dq Li auto 3386or 3387.Dq Li busmouse . 3388All other protocols are for serial mice and will not work with 3389the PS/2 and bus mice. 3390If this is a USB mouse, 3391.Dq Li auto 3392is the only protocol type which will work. 3393.Pp 3394.Bl -tag -width ".Li x10mouseremote" -compact 3395.It Li microsoft 3396Microsoft mouse (serial) 3397.It Li intellimouse 3398Microsoft IntelliMouse (serial) 3399.It Li mousesystems 3400Mouse systems Corp.\& mouse (serial) 3401.It Li mmseries 3402MM Series mouse (serial) 3403.It Li logitech 3404Logitech mouse (serial) 3405.It Li busmouse 3406A bus mouse 3407.It Li mouseman 3408Logitech MouseMan and TrackMan (serial) 3409.It Li glidepoint 3410ALPS GlidePoint (serial) 3411.It Li thinkingmouse 3412Kensington ThinkingMouse (serial) 3413.It Li ps/2 3414PS/2 mouse 3415.It Li mmhittab 3416MM HitTablet (serial) 3417.It Li x10mouseremote 3418X10 MouseRemote (serial) 3419.It Li versapad 3420Interlink VersaPad (serial) 3421.El 3422.Pp 3423Even if the mouse is not in the above list, it may be compatible 3424with one in the list. 3425Refer to the manual page for 3426.Xr moused 8 3427for compatibility information. 3428.Pp 3429It should also be noted that while this is enabled, any 3430other client of the mouse (such as an X server) should access 3431the mouse through the virtual mouse device, 3432.Pa /dev/sysmouse , 3433and configure it as a 3434.Dq Li sysmouse 3435type mouse, since all 3436mouse data is converted to this single canonical format when 3437using 3438.Xr moused 8 . 3439If the client program does not support the 3440.Dq Li sysmouse 3441type, 3442specify the 3443.Dq Li mousesystems 3444type. 3445It is the second preferred type. 3446.It Va moused_port 3447.Pq Vt str 3448If 3449.Va moused_enable 3450is set to 3451.Dq Li YES , 3452this is the actual port the mouse is on. 3453It might be 3454.Pa /dev/cuau0 3455for a COM1 serial mouse, or 3456.Pa /dev/psm0 3457for a PS/2 mouse, for example. 3458.It Va moused_flags 3459.Pq Vt str 3460If 3461.Va moused_flags 3462is set, its value is used as an additional set of flags to pass to the 3463.Xr moused 8 3464daemon. 3465.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3466When 3467.Va moused_nondefault_enable 3468is enabled, and a 3469.Xr moused 8 3470daemon is started for a non-default port, the 3471.Va "moused_" Ns Ar XXX Ns Va "_flags" 3472set of options has precedence over and replaces the default 3473.Va moused_flags 3474(where 3475.Ar XXX 3476is the name of the non-default port, i.e.,\& 3477.Ar ums0 ) . 3478By setting 3479.Va "moused_" Ns Ar XXX Ns Va "_flags" 3480it is possible to set up a different set of default flags for each 3481.Xr moused 8 3482instance. 3483For example, you can use 3484.Dq Li "-3" 3485for the default 3486.Va moused_flags 3487to make your laptop's touchpad more comfortable to use, 3488but an empty set of options for 3489.Va moused_ums0_flags 3490when your 3491.Xr usb 4 3492mouse has three or more buttons. 3493.It Va mousechar_start 3494.Pq Vt int 3495If set to 3496.Dq Li NO , 3497the default mouse cursor character range 3498.Li 0xd0 Ns - Ns Li 0xd3 3499is used, 3500otherwise the range start is set 3501to 3502.Ar value 3503character, see 3504.Xr vidcontrol 1 . 3505Use if the default range is occupied in the language code table. 3506.It Va allscreens_flags 3507.Pq Vt str 3508If set, 3509.Xr vidcontrol 1 3510is run with these options for each of the virtual terminals 3511.Pq Pa /dev/ttyv* . 3512For example, 3513.Dq Fl m Cm on 3514will enable the mouse pointer on all virtual terminals 3515if 3516.Va moused_enable 3517is set to 3518.Dq Li YES . 3519.It Va allscreens_kbdflags 3520.Pq Vt str 3521If set, 3522.Xr kbdcontrol 1 3523is run with these options for each of the virtual terminals 3524.Pq Pa /dev/ttyv* . 3525For example, 3526.Dq Fl h Li 200 3527will set the 3528.Xr syscons 4 3529or 3530.Xr vt 4 3531scrollback (history) buffer to 200 lines. 3532.It Va cron_enable 3533.Pq Vt bool 3534If set to 3535.Dq Li YES , 3536run the 3537.Xr cron 8 3538daemon at system boot time. 3539.It Va cron_program 3540.Pq Vt str 3541Path to 3542.Xr cron 8 3543(default 3544.Pa /usr/sbin/cron ) . 3545.It Va cron_flags 3546.Pq Vt str 3547If 3548.Va cron_enable 3549is set to 3550.Dq Li YES , 3551these are the flags to pass to 3552.Xr cron 8 . 3553.It Va cron_dst 3554.Pq Vt bool 3555If set to 3556.Dq Li YES , 3557enable the special handling of transitions to and from the 3558Daylight Saving Time in 3559.Xr cron 8 3560(equivalent to using the flag 3561.Fl s ) . 3562.It Va lpd_program 3563.Pq Vt str 3564Path to 3565.Xr lpd 8 3566(default 3567.Pa /usr/sbin/lpd ) . 3568.It Va lpd_enable 3569.Pq Vt bool 3570If set to 3571.Dq Li YES , 3572run the 3573.Xr lpd 8 3574daemon at system boot time. 3575.It Va lpd_flags 3576.Pq Vt str 3577If 3578.Va lpd_enable 3579is set to 3580.Dq Li YES , 3581these are the flags to pass to the 3582.Xr lpd 8 3583daemon. 3584.It Va chkprintcap_enable 3585.Pq Vt bool 3586If set to 3587.Dq Li YES , 3588run the 3589.Xr chkprintcap 8 3590command before starting the 3591.Xr lpd 8 3592daemon. 3593.It Va chkprintcap_flags 3594.Pq Vt str 3595If 3596.Va lpd_enable 3597and 3598.Va chkprintcap_enable 3599are set to 3600.Dq Li YES , 3601these are the flags to pass to the 3602.Xr chkprintcap 8 3603program. 3604The default is 3605.Dq Li -d , 3606which causes missing directories to be created. 3607.It Va dumpdev 3608.Pq Vt str 3609Indicates the device (usually a swap partition) to which a crash dump 3610should be written in the event of a system crash. 3611If the value of this variable is 3612.Dq Li AUTO , 3613the first suitable swap device listed in 3614.Pa /etc/fstab 3615will be used as dump device. 3616Otherwise, the value of this variable is passed as the argument to 3617.Xr dumpon 8 3618and 3619.Xr savecore 8 . 3620To disable crash dumps, set this variable to 3621.Dq Li NO . 3622.It Va dumpon_flags 3623.Pq Vt str 3624Flags to pass to 3625.Xr dumpon 8 3626when configuring 3627.Va dumpdev 3628as the system dump device. 3629.It Va dumpdir 3630.Pq Vt str 3631When the system reboots after a crash and a crash dump is found on the 3632device specified by the 3633.Va dumpdev 3634variable, 3635.Xr savecore 8 3636will save that crash dump and a copy of the kernel to the directory 3637specified by the 3638.Va dumpdir 3639variable. 3640The default value is 3641.Pa /var/crash . 3642Set to 3643.Dq Li NO 3644to not run 3645.Xr savecore 8 3646at boot time when 3647.Va dumpdir 3648is set. 3649.It Va savecore_enable 3650.Pq Vt bool 3651If set to 3652.Dq Li NO , 3653disable automatic extraction of the crash dump from the 3654.Va dumpdev . 3655.It Va savecore_flags 3656.Pq Vt str 3657If crash dumps are enabled, these are the flags to pass to the 3658.Xr savecore 8 3659utility. 3660.It Va quota_enable 3661.Pq Vt bool 3662Set to 3663.Dq Li YES 3664to turn on user and group disk quotas on system startup via the 3665.Xr quotaon 8 3666command for all file systems marked as having quotas enabled in 3667.Pa /etc/fstab . 3668The kernel must be built with 3669.Cd "options QUOTA" 3670for disk quotas to function. 3671.It Va check_quotas 3672.Pq Vt bool 3673Set to 3674.Dq Li YES 3675to enable user and group disk quota checking via the 3676.Xr quotacheck 8 3677command. 3678.It Va quotacheck_flags 3679.Pq Vt str 3680If 3681.Va quota_enable 3682is set to 3683.Dq Li YES , 3684and 3685.Va check_quotas 3686is set to 3687.Dq Li YES , 3688these are the flags to pass to the 3689.Xr quotacheck 8 3690utility. 3691The default is 3692.Dq Li "-a" , 3693which checks quotas for all file systems with quotas enabled in 3694.Pa /etc/fstab . 3695.It Va quotaon_flags 3696.Pq Vt str 3697If 3698.Va quota_enable 3699is set to 3700.Dq Li YES , 3701these are the flags to pass to the 3702.Xr quotaon 8 3703utility. 3704The default is 3705.Dq Li "-a" , 3706which enables quotas for all file systems with quotas enabled in 3707.Pa /etc/fstab . 3708.It Va quotaoff_flags 3709.Pq Vt str 3710If 3711.Va quota_enable 3712is set to 3713.Dq Li YES , 3714these are the flags to pass to the 3715.Xr quotaoff 8 3716utility when shutting down the quota system. 3717The default is 3718.Dq Li "-a" , 3719which disables quotas for all file systems with quotas enabled in 3720.Pa /etc/fstab . 3721.It Va accounting_enable 3722.Pq Vt bool 3723Set to 3724.Dq Li YES 3725to enable system accounting through the 3726.Xr accton 8 3727facility. 3728.It Va firstboot_sentinel 3729.Pq Vt str 3730This variable specifies the full path to a 3731.Dq first boot 3732sentinel file. 3733If a file exists with this path, 3734.Pa rc.d 3735scripts with the 3736.Dq firstboot 3737keyword will be run on startup and the sentinel file will be deleted 3738after the boot process completes. 3739The sentinel file must be located on a writable file system which is 3740mounted no later than 3741.Va early_late_divider 3742to function properly. 3743The default is 3744.Pa /firstboot . 3745.It Va linux_enable 3746.Pq Vt bool 3747Set to 3748.Dq Li YES 3749to enable Linux/ELF binary emulation at system initial 3750boot time. 3751.It Va sysvipc_enable 3752.Pq Vt bool 3753If set to 3754.Dq Li YES , 3755load System V IPC primitives at boot time. 3756.It Va clear_tmp_enable 3757.Pq Vt bool 3758Set to 3759.Dq Li YES 3760to have 3761.Pa /tmp 3762cleaned at startup. 3763.It Va clear_tmp_X 3764.Pq Vt bool 3765Set to 3766.Dq Li NO 3767to disable removing of X11 lock files, 3768and the removal and (secure) recreation 3769of the various socket directories for X11 3770related programs. 3771.It Va ldconfig_paths 3772.Pq Vt str 3773Set to the list of shared library paths to use with 3774.Xr ldconfig 8 . 3775NOTE: 3776.Pa /lib 3777and 3778.Pa /usr/lib 3779will always be added first, so they need not appear in this list. 3780.It Va ldconfig32_paths 3781.Pq Vt str 3782Set to the list of 32-bit compatibility shared library paths to 3783use with 3784.Xr ldconfig 8 . 3785.It Va ldconfig_insecure 3786.Pq Vt bool 3787The 3788.Xr ldconfig 8 3789utility normally refuses to use directories 3790which are writable by anyone except root. 3791Set this variable to 3792.Dq Li YES 3793to disable that security check during system startup. 3794.It Va ldconfig_local_dirs 3795.Pq Vt str 3796Set to the list of local 3797.Xr ldconfig 8 3798directories. 3799The names of all files in the directories listed will be 3800passed as arguments to 3801.Xr ldconfig 8 . 3802.It Va ldconfig_local32_dirs 3803.Pq Vt str 3804Set to the list of local 32-bit compatibility 3805.Xr ldconfig 8 3806directories. 3807The names of all files in the directories listed will be 3808passed as arguments to 3809.Dq Nm ldconfig Fl 32 . 3810.It Va kern_securelevel_enable 3811.Pq Vt bool 3812Set to 3813.Dq Li YES 3814to set the kernel security level at system startup. 3815.It Va kern_securelevel 3816.Pq Vt int 3817The kernel security level to set at startup. 3818The allowed range of 3819.Ar value 3820ranges from \-1 (the compile time default) to 3 (the 3821most secure). 3822See 3823.Xr security 7 3824for the list of possible security levels and their effect 3825on system operation. 3826.It Va sshd_program 3827.Pq Vt str 3828Path to the SSH server program 3829.Pa ( /usr/sbin/sshd 3830is the default). 3831.It Va sshd_enable 3832.Pq Vt bool 3833Set to 3834.Dq Li YES 3835to start 3836.Xr sshd 8 3837at system boot time. 3838.It Va sshd_flags 3839.Pq Vt str 3840If 3841.Va sshd_enable 3842is set to 3843.Dq Li YES , 3844these are the flags to pass to the 3845.Xr sshd 8 3846daemon. 3847.It Va ftpd_program 3848.Pq Vt str 3849Path to the FTP server program 3850.Pa ( /usr/libexec/ftpd 3851is the default). 3852.It Va ftpd_enable 3853.Pq Vt bool 3854Set to 3855.Dq Li YES 3856to start 3857.Xr ftpd 8 3858as a stand-alone daemon at system boot time. 3859.It Va ftpd_flags 3860.Pq Vt str 3861If 3862.Va ftpd_enable 3863is set to 3864.Dq Li YES , 3865these are the additional flags to pass to the 3866.Xr ftpd 8 3867daemon. 3868.It Va watchdogd_enable 3869.Pq Vt bool 3870If set to 3871.Dq Li YES , 3872start the 3873.Xr watchdogd 8 3874daemon at boot time. 3875This requires that the kernel have been compiled with a 3876.Xr watchdog 4 3877compatible device. 3878.It Va watchdogd_flags 3879.Pq Vt str 3880If 3881.Va watchdogd_enable 3882is set to 3883.Dq Li YES , 3884these are the flags passed to the 3885.Xr watchdogd 8 3886daemon. 3887.It Va watchdogd_timeout 3888.Pq Vt int 3889If 3890.Va watchdogd_enable 3891is set to 3892.Dq Li YES , 3893this is a timeout that will be used by the 3894.Xr watchdogd 8 3895daemon. 3896If this option is set, it overrides 3897.Fl t 3898in 3899.Va watchdogd_flags . 3900.It Va watchdogd_shutdown_timeout 3901.Pq Vt int 3902If 3903.Va watchdogd_enable 3904is set to 3905.Dq Li YES , 3906this is a timeout that will be set by the 3907.Xr watchdogd 8 3908daemon when it exits during the system shutdown. 3909This timeout will not be set when returning to the single-user mode 3910or when the watchdogd service is stopped individually using the 3911.Xr service 8 3912command or the rc.d script. 3913Note that the timeout will be applied if 3914.Xr watchdogd 8 3915is stopped outside of 3916.Xr rc 8 3917framework. 3918If this option is set, it overrides 3919.Fl x 3920in 3921.Va watchdogd_flags . 3922.It Va devfs_rulesets 3923.Pq Vt str 3924List of files containing sets of rules for 3925.Xr devfs 8 . 3926.It Va devfs_system_ruleset 3927.Pq Vt str 3928Rule name(s) to apply to the system 3929.Pa /dev 3930itself. 3931.It Va devfs_set_rulesets 3932.Pq Vt str 3933Pairs of already-mounted 3934.Pa dev 3935directories and rulesets that should be applied to them. 3936For example: /mount/dev=ruleset_name 3937.It Va devfs_load_rulesets 3938.Pq Vt bool 3939If set, always load the default rulesets listed in 3940.Va devfs_rulesets . 3941.It Va performance_cx_lowest 3942.Pq Vt str 3943CPU idle state to use while on AC power. 3944The string 3945.Dq Li LOW 3946indicates that 3947.Xr acpi 4 3948should use the lowest power state available while 3949.Dq Li HIGH 3950indicates that the lowest latency state (less power savings) should be used. 3951.It Va performance_cpu_freq 3952.Pq Vt str 3953CPU clock frequency to use while on AC power. 3954The string 3955.Dq Li LOW 3956indicates that 3957.Xr cpufreq 4 3958should use the lowest frequency available while 3959.Dq Li HIGH 3960indicates that the highest frequency (less power savings) should be used. 3961.It Va economy_cx_lowest 3962.Pq Vt str 3963CPU idle state to use when off AC power. 3964The string 3965.Dq Li LOW 3966indicates that 3967.Xr acpi 4 3968should use the lowest power state available while 3969.Dq Li HIGH 3970indicates that the lowest latency state (less power savings) should be used. 3971.It Va economy_cpu_freq 3972.Pq Vt str 3973CPU clock frequency to use when off AC power. 3974The string 3975.Dq Li LOW 3976indicates that 3977.Xr cpufreq 4 3978should use the lowest frequency available while 3979.Dq Li HIGH 3980indicates that the highest frequency (less power savings) should be used. 3981.It Va jail_enable 3982.Pq Vt bool 3983If set to 3984.Dq Li NO , 3985any configured jails will not be started. 3986.It Va jail_conf 3987.Pq Vt str 3988The configuration filename used by 3989.Xr jail 8 3990utility. 3991The default value is 3992.Pa /etc/jail.conf . 3993.Pa /etc/jail. Ns Ao Va jname Ac Ns Pa .conf 3994and 3995.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf 3996will also be used if 3997.Ao Va jname Ac 3998is set in 3999.Va jail_list . 4000.It Va jail_parallel_start 4001.Pq Vt bool 4002If set to 4003.Dq Li YES , 4004all configured jails will be started in the background (in parallel). 4005.It Va jail_flags 4006.Pq Vt str 4007Unset by default. 4008When set, use as default value for 4009.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4010for every jail in 4011.Va jail_list . 4012.It Va jail_list 4013.Pq Vt str 4014A space-delimited list of jail names. 4015When left empty, all of the 4016.Xr jail 8 4017instances defined in the configuration file are started. 4018The names specified in this list control the jail startup order. 4019.Xr jail 8 4020instances missing from 4021.Va jail_list 4022must be started manually. 4023Note that a jail's 4024.Va depend 4025parameter in the configuration file may override this list. 4026.It Va jail_reverse_stop 4027.Pq Vt bool 4028When set to 4029.Dq Li YES , 4030all configured jails in 4031.Va jail_list 4032are stopped in reverse order. 4033.It Va jail_ Ns * variables 4034Note that older releases supported per-jail configuration via 4035.Nm 4036variables. 4037For example, 4038hostname of a jail named 4039.Li vjail 4040was able to be set by 4041.Li jail_vjail_hostname . 4042These per-jail configuration variables are now obsolete in favor of 4043.Xr jail 8 4044configuration file. 4045For backward compatibility, 4046when per-jail configuration variables are defined, 4047.Xr jail 8 4048configuration files are created as 4049.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4050and used. 4051.Pp 4052The following per-jail parameters are handled by 4053.Pa rc.d/jail 4054script out of their corresponding 4055.Nm 4056variables. 4057In addition to them, parameters in 4058.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4059will be added to the configuration file. 4060They must be a semi-colon 4061.Pq Ql \&; 4062delimited list of 4063.Dq key=value . 4064For more details, 4065see 4066.Xr jail 8 4067manual page. 4068.Bl -tag -width "host.hostname" -offset indent 4069.It Li path 4070set from 4071.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4072.It Li host.hostname 4073set from 4074.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4075.It Li exec.consolelog 4076set from 4077.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4078The default value is 4079.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4080.It Li interface 4081set from 4082.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4083.It Li vnet.interface 4084set from 4085.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4086This implies 4087.Li vnet 4088parameter will be enabled and cannot be specified with 4089.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4090.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4091and/or 4092.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4093at the same time. 4094.It Li fstab 4095set from 4096.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4097.It Li mount 4098set from 4099.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4100.It Li exec.fib 4101set from 4102.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4103.It Li exec.start 4104set from 4105.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4106The parameter name was 4107.Li command 4108in some older releases. 4109.It Li exec.prestart 4110set from 4111.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4112.It Li exec.poststart 4113set from 4114.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4115.It Li exec.stop 4116set from 4117.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4118.It Li exec.prestop 4119set from 4120.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4121.It Li exec.poststop 4122set from 4123.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4124.It Li ip4.addr 4125set if 4126.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4127or 4128.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4129contain IPv4 addresses 4130.It Li ip6.addr 4131set if 4132.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4133or 4134.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4135contain IPv6 addresses 4136.It Li allow.mount 4137set from 4138.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4139.It Li mount.devfs 4140set from 4141.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4142.It Li devfs_ruleset 4143set from 4144.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4145This must be an integer, 4146not a string. 4147.It Li mount.fdescfs 4148set from 4149.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4150.It Li allow.set_hostname 4151set from 4152.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4153.It Li allow.rawsocket 4154set from 4155.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4156.It Li allow.sysvipc 4157set from 4158.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4159.El 4160.\" ----------------------------------------------------- 4161.It Va harvest_mask 4162.Pq Vt int 4163Set to a bit-mask 4164representing the entropy sources 4165you wish to harvest. 4166Refer to 4167.Xr random 4 4168for more information. 4169.It Va entropy_dir 4170.Pq Vt str 4171Set to 4172.Dq Li NO 4173to disable caching entropy via 4174.Xr cron 8 . 4175Otherwise set to the directory 4176in which the entropy files are stored. 4177To be useful, 4178there must be 4179a system cron job 4180that regularly writes and rotates 4181files here. 4182All files found 4183will be used at boot time. 4184The default is 4185.Pa /var/db/entropy . 4186.It Va entropy_file 4187.Pq Vt str 4188Set to 4189.Dq Li NO 4190to disable caching entropy through reboots. 4191Otherwise set to the name 4192of a file used to store cached entropy. 4193This file should be located 4194on a file system that is readable 4195before all the volumes specified in 4196.Xr fstab 5 4197are mounted. 4198By default, 4199.Pa /entropy 4200is used, 4201but if 4202.Pa /var/db/entropy-file 4203is found it will also be used. 4204This will be of some use to 4205.Xr bsdinstall 8 . 4206.It Va entropy_boot_file 4207.Pq Vt str 4208Set to 4209.Dq Li NO 4210to disable 4211very early caching entropy 4212through reboots. 4213Otherwise set to the filename 4214used to read 4215very early reboot cached entropy. 4216This file should be located where 4217.Xr loader 8 4218can read it. 4219See also 4220.Xr loader.conf 5 . 4221The default location is 4222.Pa /boot/entropy . 4223.It Va entropy_save_sz 4224.Pq Vt int 4225Size of the entropy cache files saved by 4226.Nm save-entropy 4227periodically. 4228.It Va entropy_save_num 4229.Pq Vt int 4230Number of entropy cache files to save by 4231.Nm save-entropy 4232periodically. 4233.It Va ipsec_enable 4234.Pq Vt bool 4235Set to 4236.Dq Li YES 4237to run 4238.Xr setkey 8 4239on 4240.Va ipsec_file 4241at boot time. 4242.It Va ipsec_file 4243.Pq Vt str 4244Configuration file for 4245.Xr setkey 8 . 4246.It Va dmesg_enable 4247.Pq Vt bool 4248Set to 4249.Dq Li YES 4250to save 4251.Xr dmesg 8 4252to 4253.Pa /var/run/dmesg.boot 4254on boot. 4255.It Va rcshutdown_timeout 4256.Pq Vt int 4257If set, start a watchdog timer in the background which will terminate 4258.Pa rc.shutdown 4259if 4260.Xr shutdown 8 4261has not completed within the specified time (in seconds). 4262Notice that in addition to this soft timeout, 4263.Xr init 8 4264also applies a hard timeout for the execution of 4265.Pa rc.shutdown . 4266This is configured via 4267.Xr sysctl 8 4268variable 4269.Va kern.init_shutdown_timeout 4270and defaults to 120 seconds. 4271Setting the value of 4272.Va rcshutdown_timeout 4273to more than 120 seconds will have no effect until the 4274.Xr sysctl 8 4275variable 4276.Va kern.init_shutdown_timeout 4277is also increased. 4278.It Va virecover_enable 4279.Pq Vt bool 4280Set to 4281.Dq Li NO 4282to prevent the system from trying to 4283recover prematurely terminated 4284.Xr vi 1 4285sessions. 4286.It Va ugidfw_enable 4287.Pq Vt bool 4288Set to 4289.Dq Li YES 4290to load the 4291.Xr mac_bsdextended 4 4292module upon system initialization and load a default 4293ruleset file. 4294.It Va bsdextended_script 4295.Pq Vt str 4296The default 4297.Xr mac_bsdextended 4 4298ruleset file to load. 4299The default value of this variable is 4300.Pa /etc/rc.bsdextended . 4301.It Va newsyslog_enable 4302.Pq Vt bool 4303If set to 4304.Dq Li YES , 4305run 4306.Xr newsyslog 8 4307command at startup. 4308.It Va newsyslog_flags 4309.Pq Vt str 4310If 4311.Va newsyslog_enable 4312is set to 4313.Dq Li YES , 4314these are the flags to pass to the 4315.Xr newsyslog 8 4316program. 4317The default is 4318.Dq Li -CN , 4319which causes log files flagged with a 4320.Cm C 4321to be created. 4322.It Va mdconfig_md Ns Aq Ar X 4323.Pq Vt str 4324Arguments to 4325.Xr mdconfig 8 4326for 4327.Xr md 4 4328device 4329.Ar X . 4330At minimum a 4331.Fl t Ar type 4332must be specified and either a 4333.Fl s Ar size 4334for malloc or swap backed 4335.Xr md 4 4336devices or a 4337.Fl f Ar file 4338for vnode backed 4339.Xr md 4 4340devices. 4341Note that 4342.Va mdconfig_md Ns Aq Ar X 4343variables are evaluated until one variable is unset or null. 4344.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4345.Pq Vt str 4346Optional arguments passed to 4347.Xr newfs 8 4348to initialize 4349.Xr md 4 4350device 4351.Ar X . 4352.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4353.Pq Vt str 4354An ownership specification passed to 4355.Xr chown 8 4356after the specified 4357.Xr md 4 4358device 4359.Ar X 4360has been mounted. 4361Both the 4362.Xr md 4 4363device and the mount point will be changed. 4364.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4365.Pq Vt str 4366A mode string passed to 4367.Xr chmod 1 4368after the specified 4369.Xr md 4 4370device 4371.Ar X 4372has been mounted. 4373Both the 4374.Xr md 4 4375device and the mount point will be changed. 4376.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4377.Pq Vt str 4378Files to be copied to the mount point of the 4379.Xr md 4 4380device 4381.Ar X 4382after it has been mounted. 4383.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4384.Pq Vt str 4385Command to execute after the specified 4386.Xr md 4 4387device 4388.Ar X 4389has been mounted. 4390Note that the command is passed to 4391.Ic eval 4392and that both 4393.Va _dev 4394and 4395.Va _mp 4396variables can be used to reference respectively the 4397.Xr md 4 4398device and the mount point. 4399Assuming that the 4400.Xr md 4 4401device is 4402.Li md0 , 4403one could set the following: 4404.Bd -literal 4405mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4406.Ed 4407.It Va autobridge_interfaces 4408.Pq Vt str 4409Set to the list of bridge interfaces that will have newly arriving interfaces 4410checked against to be automatically added. 4411If not set to 4412.Dq Li NO 4413then for each whitespace separated 4414.Ar element 4415in the value, a 4416.Va autobridge_ Ns Aq Ar element 4417variable is assumed to exist which has a whitespace separated list of interface 4418names to match, these names can use wildcards. 4419For example: 4420.Bd -literal 4421autobridge_interfaces="bridge0" 4422autobridge_bridge0="tap* dc0 vlan[345]" 4423.Ed 4424.It Va mixer_enable 4425.Pq Vt bool 4426If set to 4427.Dq Li YES , 4428enable support for sound mixer. 4429.It Va hcsecd_enable 4430.Pq Vt bool 4431If set to 4432.Dq Li YES , 4433enable Bluetooth security daemon. 4434.It Va hcsecd_config 4435.Pq Vt str 4436Configuration file for 4437.Xr hcsecd 8 . 4438Default 4439.Pa /etc/bluetooth/hcsecd.conf . 4440.It Va sdpd_enable 4441.Pq Vt bool 4442If set to 4443.Dq Li YES , 4444enable Bluetooth Service Discovery Protocol daemon. 4445.It Va sdpd_control 4446.Pq Vt str 4447Path to 4448.Xr sdpd 8 4449control socket. 4450Default 4451.Pa /var/run/sdp . 4452.It Va sdpd_groupname 4453.Pq Vt str 4454Sets 4455.Xr sdpd 8 4456group to run as after it initializes. 4457Default 4458.Dq Li nobody . 4459.It Va sdpd_username 4460.Pq Vt str 4461Sets 4462.Xr sdpd 8 4463user to run as after it initializes. 4464Default 4465.Dq Li nobody . 4466.It Va bthidd_enable 4467.Pq Vt bool 4468If set to 4469.Dq Li YES , 4470enable Bluetooth Human Interface Device daemon. 4471.It Va bthidd_config 4472.Pq Vt str 4473Configuration file for 4474.Xr bthidd 8 . 4475Default 4476.Pa /etc/bluetooth/bthidd.conf . 4477.It Va bthidd_hids 4478.Pq Vt str 4479Path to a file, where 4480.Xr bthidd 8 4481will store information about known HID devices. 4482Default 4483.Pa /var/db/bthidd.hids . 4484.It Va rfcomm_pppd_server_enable 4485.Pq Vt bool 4486If set to 4487.Dq Li YES , 4488enable Bluetooth RFCOMM PPP wrapper daemon. 4489.It Va rfcomm_pppd_server_profile 4490.Pq Vt str 4491The name of the profile to use from 4492.Pa /etc/ppp/ppp.conf . 4493Multiple profiles can be specified here. 4494Also used to specify per-profile overrides. 4495When the profile name contains any of the characters 4496.Dq Li .-/+ 4497they are translated to 4498.Dq Li _ 4499for the proposes of the override variable names. 4500.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4501.Pq Vt str 4502Overrides local address to listen on. 4503By default 4504.Xr rfcomm_pppd 8 4505will listen on 4506.Dq Li ANY 4507address. 4508The address can be specified as BD_ADDR or name. 4509.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4510.Pq Vt str 4511Overrides local RFCOMM channel to listen on. 4512By default 4513.Xr rfcomm_pppd 8 4514will listen on RFCOMM channel 1. 4515Must set properly if multiple profiles used in the same time. 4516.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4517.Pq Vt bool 4518Tells 4519.Xr rfcomm_pppd 8 4520if it should register Serial Port service on the specified RFCOMM channel. 4521Default 4522.Dq Li NO . 4523.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4524.Pq Vt bool 4525Tells 4526.Xr rfcomm_pppd 8 4527if it should register Dial-Up Networking service on the specified 4528RFCOMM channel. 4529Default 4530.Dq Li NO . 4531.It Va ubthidhci_enable 4532.Pq Vt bool 4533If set to 4534.Dq Li YES , 4535change the USB Bluetooth controller from HID mode to HCI mode. 4536You also need to specify the location of USB Bluetooth controller with the 4537.Va ubthidhci_busnum 4538and 4539.Va ubthidhci_addr 4540variables. 4541.It Va ubthidhci_busnum 4542Bus number where the USB Bluetooth controller is located. 4543Check the output of 4544.Xr usbconfig 8 4545on your system to find this information. 4546.It Va ubthidhci_addr 4547Bus address of the USB Bluetooth controller. 4548Check the output of 4549.Xr usbconfig 8 4550on your system to find this information. 4551.It Va utx_enable 4552.Pq Vt bool 4553Set to 4554.Dq Li YES 4555to enable user accounting through the 4556.Xr utx 8 4557facility. 4558.It Va netwait_enable 4559.Pq Vt bool 4560If set to 4561.Dq Li YES , 4562delays the start of network-reliant services until 4563.Va netwait_if 4564is up and ICMP packets to a destination defined in 4565.Va netwait_ip 4566are flowing. 4567Link state is examined first, followed by 4568.Dq Li pinging 4569an IP address to verify network usability. 4570If no destination can be reached or timeouts are exceeded, 4571network services are started anyway with no guarantee that 4572the network is usable. 4573Use of this variable requires both 4574.Va netwait_ip 4575and 4576.Va netwait_if 4577to be set. 4578.It Va netwait_ip 4579.Pq Vt str 4580Empty by default. 4581This variable contains a space-delimited list of IP addresses to 4582.Xr ping 8 . 4583DNS hostnames should not be used as resolution is not guaranteed 4584to be functional at this point. 4585If multiple IP addresses are specified, 4586each will be tried until one is successful or the list is exhausted. 4587.It Va netwait_timeout 4588.Pq Vt int 4589Indicates the total number of seconds to perform a 4590.Dq Li ping 4591against each IP address in 4592.Va netwait_ip , 4593at a rate of one ping per second. 4594If any of the pings are successful, 4595full network connectivity is considered reliable. 4596The default is 60. 4597.It Va netwait_if 4598.Pq Vt str 4599Empty by default. 4600Defines the name of the network interface on which watch for link. 4601.Xr ifconfig 8 4602is used to monitor the interface, looking for 4603.Dq Li status: no carrier . 4604Once gone, the link is considered up. 4605This can be a 4606.Xr vlan 4 4607interface if desired. 4608.It Va netwait_if_timeout 4609.Pq Vt int 4610Defines the total number of seconds to wait for link to become usable, 4611polled at a 1-second interval. 4612The default is 30. 4613.It Va rctl_enable 4614.Pq Vt bool 4615If set to 4616.Dq Li YES , 4617load 4618.Xr rctl 8 4619rules from the defined ruleset. 4620The kernel must be built with 4621.Cd "options RACCT" 4622and 4623.Cd "options RCTL" . 4624.It Va rctl_rules 4625.Pq Vt str 4626Set to 4627.Pa /etc/rctl.conf 4628by default. 4629This variables contains the 4630.Xr rctl.conf 5 4631ruleset to load for 4632.Xr rctl 8 . 4633.It Va iovctl_files 4634.Pq Vt str 4635A space-separated list of configuration files used by 4636.Xr iovctl 8 . 4637The default value is an empty string. 4638.It Va autofs_enable 4639.Pq Vt bool 4640If set to 4641.Dq Li YES , 4642start the 4643.Xr automount 8 4644utility and the 4645.Xr automountd 8 4646and 4647.Xr autounmountd 8 4648daemons at boot time. 4649.It Va automount_flags 4650.Pq Vt str 4651If 4652.Va autofs_enable 4653is set to 4654.Dq Li YES , 4655these are the flags to pass to the 4656.Xr automount 8 4657program. 4658By default no flags are passed. 4659.It Va automountd_flags 4660.Pq Vt str 4661If 4662.Va autofs_enable 4663is set to 4664.Dq Li YES , 4665these are the flags to pass to the 4666.Xr automountd 8 4667daemon. 4668By default no flags are passed. 4669.It Va autounmountd_flags 4670.Pq Vt str 4671If 4672.Va autofs_enable 4673is set to 4674.Dq Li YES , 4675these are the flags to pass to the 4676.Xr autounmountd 8 4677daemon. 4678By default no flags are passed. 4679.It Va ctld_enable 4680.Pq Vt bool 4681If set to 4682.Dq Li YES , 4683start the 4684.Xr ctld 8 4685daemon at boot time. 4686.It Va iscsid_enable 4687.Pq Vt bool 4688If set to 4689.Dq Li YES , 4690start the 4691.Xr iscsid 8 4692daemon at boot time. 4693.It Va iscsictl_enable 4694.Pq Vt bool 4695If set to 4696.Dq Li YES , 4697start the 4698.Xr iscsictl 8 4699utility at boot time. 4700.It Va iscsictl_flags 4701.Pq Vt str 4702If 4703.Va iscsictl_enable 4704is set to 4705.Dq Li YES , 4706these are the flags to pass to the 4707.Xr iscsictl 8 4708program. 4709The default is 4710.Dq Li -Aa , 4711which configures sessions based on the 4712.Pa /etc/iscsi.conf 4713configuration file. 4714.It Va cfumass_enable 4715.Pq Vt bool 4716If set to 4717.Dq Li YES , 4718create and export an USB LUN using 4719.Xr cfumass 4 4720at boot time. 4721.It Va cfumass_dir 4722.Pq Vt str 4723The directory where the files exported by USB LUN are located. 4724The default directory is 4725.Pa /var/cfumass . 4726.It Va service_delete_empty 4727.Pq Vt bool 4728If set to 4729.Dq Li YES , 4730.Ql Li service delete 4731removes empty 4732.Dq Li rc.conf.d 4733files. 4734.It Va zfs_bootonce_activate 4735.Pq Vt bool 4736If set to 4737.Dq Li YES , 4738and a boot environment marked bootonce is successfully booted, 4739it will be made permanently active. 4740.It Va zfskeys_enable 4741.Pq Vt bool 4742If set to 4743.Dq Li YES , 4744enable auto-loading of encryption keys for encrypted ZFS datasets. 4745For every dataset the script will first load the appropriate encryption key 4746and then attempt to unlock the dataset. 4747.Pp 4748The script operates only on datasets which are encrypted with 4749ZFS native encryption 4750and have a ZFS 4751.Dq Li keylocation 4752dataset property beginning with 4753.Dq Li file:// . 4754.It Va zfskeys_datasets 4755.Pq Vt str 4756A whitespace-separated list of ZFS datasets to unlock. 4757The list is empty by default, 4758which means that the script will attempt to unlock all datasets. 4759.It Va zfskeys_timeout 4760.Pq Vt int 4761Define the total number of seconds to wait for the zfskeys script 4762to unlock an encrypted dataset. 4763The default is 10. 4764.It Va sendmail_enable 4765.Pq Vt str 4766If set to 4767.Dq Li YES , 4768run the 4769.Xr sendmail 8 4770daemon at system boot time. 4771If set to 4772.Dq Li NO , 4773do not run a 4774.Xr sendmail 8 4775daemon to listen for incoming network mail. 4776This does not preclude a 4777.Xr sendmail 8 4778daemon listening on the SMTP port of the loopback interface. 4779The 4780.Dq Li NONE 4781option sets each 4782.Va sendmail_enable , 4783.Va sendmail_submit_enable , 4784.Va sendmail_outbound_enable , 4785.Va sendmail_msp_queue_enable 4786to 4787.Dq Li NO . 4788.It Va sendmail_cert_create 4789.Pq Vt str 4790If 4791.Va sendmail_enable 4792is set to 4793.Dq Li YES , 4794create a signed certificate 4795.Pa /etc/mail/certs/host.cert 4796representing 4797.Pa /etc/mail/certs/host.key 4798by the CA certificate in 4799.Pa /etc/mail/certs/cacert.pem . 4800This will enable connecting hosts to negotiate STARTTLS allowing incoming 4801email to be encrypted in transit. 4802.Xr sendmail 8 4803needs to be configured to use these generated files. 4804The default configuration in 4805.Pa /etc/mail/freebsd.mc 4806has the required options in it. 4807.It Va sendmail_cert_cn 4808.Pq Vt str 4809If 4810.Va sendmail_enable 4811is set to 4812.Dq Li YES 4813and 4814.Va sendmail_cert_create 4815is set to 4816.Dq Li YES , 4817this is the Common Name (CN) of the certificate that will be created. 4818If 4819.Va sendmail_cert_cn 4820is not set, the system's hostname will be used. 4821If there is no hostname set, 4822.Dq Li amnesiac 4823will be used. 4824.It Va sendmail_flags 4825.Pq Vt str 4826If 4827.Va sendmail_enable 4828is set to 4829.Dq Li YES , 4830these are the flags to pass to the 4831.Xr sendmail 8 4832daemon. 4833.It Va sendmail_submit_enable 4834.Pq Vt bool 4835If set to 4836.Dq Li YES 4837and 4838.Va sendmail_enable 4839is set to 4840.Dq Li NO , 4841run 4842.Xr sendmail 8 4843using 4844.Va sendmail_submit_flags 4845instead of 4846.Va sendmail_flags . 4847This is intended to allow local mail submission via 4848a localhost-only listening SMTP service required for running 4849.Xr sendmail 8 4850as a non-set-user-ID binary. 4851Note that this does not work inside 4852.Xr jail 2 4853systems, as jails do not allow binding to just the localhost interface. 4854.It Va sendmail_submit_flags 4855.Pq Vt str 4856If 4857.Va sendmail_enable 4858is set to 4859.Dq Li NO 4860and 4861.Va sendmail_submit_enable 4862is set to 4863.Dq Li YES , 4864these are the flags to pass to the 4865.Xr sendmail 8 4866daemon. 4867.It Va sendmail_outbound_enable 4868.Pq Vt bool 4869If set to 4870.Dq Li YES 4871and both 4872.Va sendmail_enable 4873and 4874.Va sendmail_submit_enable 4875are set to 4876.Dq Li NO , 4877run 4878.Xr sendmail 8 4879using 4880.Va sendmail_outbound_flags 4881instead of 4882.Va sendmail_flags . 4883This is intended to allow local mail queue management 4884for systems that do not offer a listening SMTP service. 4885.It Va sendmail_outbound_flags 4886.Pq Vt str 4887If both 4888.Va sendmail_enable 4889and 4890.Va sendmail_submit_enable 4891are set to 4892.Dq Li NO 4893and 4894.Va sendmail_outbound_enable 4895is set to 4896.Dq Li YES , 4897these are the flags to pass to the 4898.Xr sendmail 8 4899daemon. 4900.It Va sendmail_msp_queue_enable 4901.Pq Vt bool 4902If set to 4903.Dq Li YES , 4904start a client (MSP) queue runner 4905.Xr sendmail 8 4906daemon at system boot time. 4907As of sendmail 8.12, a separate queue is used for command line 4908submissions. 4909The client queue runner ensures that nothing is 4910left behind in the submission queue. 4911.It Va sendmail_msp_queue_flags 4912.Pq Vt str 4913If 4914.Va sendmail_msp_queue_enable 4915is set to 4916daemon. 4917.Dq Li YES , 4918these are the flags to pass to the 4919.Xr sendmail 8 4920.El 4921.Sh FILES 4922.Bl -tag -width "/etc/defaults/rc.conf" -compact 4923.It Pa /etc/defaults/rc.conf 4924.It Pa /etc/defaults/vendor.conf 4925.It Pa /etc/rc.conf 4926.It Pa /etc/rc.conf.local 4927.It Pa /etc/rc.conf.d/ 4928.El 4929.Sh SEE ALSO 4930.Xr chmod 1 , 4931.Xr cpuset 1 , 4932.Xr gdb 1 Pq Pa ports/devel/gdb , 4933.Xr kbdcontrol 1 , 4934.Xr limits 1 , 4935.Xr protect 1 , 4936.Xr sh 1 , 4937.Xr umask 1 , 4938.Xr uuidgen 1 , 4939.Xr vi 1 , 4940.Xr vidcontrol 1 , 4941.Xr bridge 4 , 4942.Xr dummynet 4 , 4943.Xr ip 4 , 4944.Xr ipf 4 , 4945.Xr ipfw 4 , 4946.Xr ipnat 4 , 4947.Xr kld 4 , 4948.Xr pf 4 , 4949.Xr pflog 4 , 4950.Xr pfsync 4 , 4951.Xr tcp 4 , 4952.Xr udp 4 , 4953.Xr exports 5 , 4954.Xr fstab 5 , 4955.Xr ipf 5 , 4956.Xr ipnat 5 , 4957.Xr jail.conf 5 , 4958.Xr loader.conf 5 , 4959.Xr login.conf 5 , 4960.Xr motd 5 , 4961.Xr newsyslog.conf 5 , 4962.Xr pf.conf 5 , 4963.Xr firewall 7 , 4964.Xr growfs 7 , 4965.Xr security 7 , 4966.Xr tuning 7 , 4967.Xr accton 8 , 4968.Xr apm 8 , 4969.Xr bsdinstall 8 , 4970.Xr bthidd 8 , 4971.Xr chkprintcap 8 , 4972.Xr chown 8 , 4973.Xr cron 8 , 4974.Xr devfs 8 , 4975.Xr dhclient 8 , 4976.Xr ftpd 8 , 4977.Xr geli 8 , 4978.Xr hcsecd 8 , 4979.Xr ifconfig 8 , 4980.Xr inetd 8 , 4981.Xr iovctl 8 , 4982.Xr ipf 8 , 4983.Xr ipfw 8 , 4984.Xr ipnat 8 , 4985.Xr jail 8 , 4986.Xr kldxref 8 , 4987.Xr loader 8 , 4988.Xr lpd 8 , 4989.Xr makewhatis 8 , 4990.Xr mdconfig 8 , 4991.Xr mdmfs 8 , 4992.Xr mixer 8 , 4993.Xr mountd 8 , 4994.Xr moused 8 , 4995.Xr newfs 8 , 4996.Xr newsyslog 8 , 4997.Xr nfsd 8 , 4998.Xr ntpd 8 , 4999.Xr ntpdate 8 , 5000.Xr pfctl 8 , 5001.Xr pflogd 8 , 5002.Xr ping 8 , 5003.Xr powerd 8 , 5004.Xr quotacheck 8 , 5005.Xr quotaon 8 , 5006.Xr rc 8 , 5007.Xr rc.subr 8 , 5008.Xr rcorder 8 , 5009.Xr rfcomm_pppd 8 , 5010.Xr route 8 , 5011.Xr route6d 8 , 5012.Xr routed 8 , 5013.Xr rpc.lockd 8 , 5014.Xr rpc.statd 8 , 5015.Xr rpc.tlsclntd 8 , 5016.Xr rpc.tlsservd 8 , 5017.Xr rpcbind 8 , 5018.Xr rwhod 8 , 5019.Xr savecore 8 , 5020.Xr sdpd 8 , 5021.Xr sendmail 8 , 5022.Xr service 8 , 5023.Xr sshd 8 , 5024.Xr swapon 8 , 5025.Xr sysctl 8 , 5026.Xr syslogd 8 , 5027.Xr sysrc 8 , 5028.Xr unbound 8 , 5029.Xr usbconfig 8 , 5030.Xr utx 8 , 5031.Xr wlandebug 8 , 5032.Xr yp 8 , 5033.Xr ypbind 8 , 5034.Xr ypserv 8 , 5035.Xr ypset 8 5036.Sh HISTORY 5037The 5038.Nm 5039file appeared in 5040.Fx 2.2.2 . 5041.Sh AUTHORS 5042.An Jordan K. Hubbard . 5043