1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd July 22, 2013 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66In addition to 67.Pa /etc/rc.conf.local 68you can also place smaller configuration files for each 69.Xr rc 8 70script in the 71.Pa /etc/rc.conf.d 72directory, which will be included by the 73.Va load_rc_config 74function. 75For jail configurations you could use the file 76.Pa /etc/rc.conf.d/jail 77to store jail specific configuration options. 78Also see the 79.Va rc_conf_files 80variable below. 81.Pp 82Options are set with 83.Dq Ar name Ns Li = Ns Ar value 84assignments that use 85.Xr sh 1 86syntax. 87The following list provides a name and short description for each 88variable that can be set in the 89.Nm 90file: 91.Bl -tag -width indent-two 92.It Va rc_debug 93.Pq Vt bool 94If set to 95.Dq Li YES , 96enable output of debug messages from rc scripts. 97This variable can be helpful in diagnosing mistakes when 98editing or integrating new scripts. 99Beware that this produces copious output to the terminal and 100.Xr syslog 3 . 101.It Va rc_info 102.Pq Vt bool 103If set to 104.Dq Li NO , 105disable informational messages from the rc scripts. 106Informational messages are displayed when 107a condition that is not serious enough to warrant a warning or 108an error occurs. 109.It Va rc_startmsgs 110.Pq Vt bool 111If set to 112.Dq Li YES , 113show 114.Dq Starting foo: 115when faststart is used (e.g., at boot time). 116.It Va early_late_divider 117.Pq Vt str 118The name of the script that should be used as the 119delimiter between the 120.Dq early 121and 122.Dq late 123stages of the boot process. 124The early stage should contain all the services needed to 125get the disks (local or remote) mounted so that the late 126stage can include scripts contained in the directories 127listed in the 128.Va local_startup 129variable (see below). 130Thus, the two likely candidates for this value are 131.Pa mountcritlocal 132for the typical system, and 133.Pa mountcritremote 134if the system needs remote file 135systems mounted to get access to the 136.Va local_startup 137directories; for example when 138.Pa /usr/local 139is NFS mounted. 140For 141.Pa rc.conf 142within a 143.Xr jail 8 144.Pa NETWORKING 145is likely to be an appropriate value. 146Extreme care should be taken when changing this value, 147and before changing it one should ensure that there are 148adequate provisions to recover from a failed boot 149(such as physical contact with the machine, 150or reliable remote console access). 151.It Va always_force_depends 152.Pq Vt bool 153Various 154.Pa rc.d 155scripts use the force_depend function to check whether required 156services are already running, and to start them if necessary. 157By default during boot time this check is bypassed if the 158required service is enabled in 159.Pa /etc/rc.conf[.local] . 160Setting this option will bypass that check at boot time and 161always test whether or not the service is actually running. 162Enabling this option is likely to increase your boot time if 163services are enabled that utilize the force_depend check. 164.It Ao Ar name Ac Ns Va _chroot 165.Pq Vt str 166.Xr chroot 167to this directory before running the service. 168.It Ao Ar name Ac Ns Va _user 169.Pq Vt str 170Run the service under this user account. 171.It Ao Ar name Ac Ns Va _group 172.Pq Vt str 173Run the chrooted service under this system group. Unlike the _user 174setting, this setting has no effect if the service is not chrooted. 175.It Ao Ar name Ac Ns Va _fib 176.Pq Vt int 177The 178.Xr setfib 1 179value to run the service under. 180.It Ao Ar name Ac Ns Va _nice 181.Pq Vt int 182The 183.Xr nice 1 184value to run the service under. 185.It Va apm_enable 186.Pq Vt bool 187If set to 188.Dq Li YES , 189enable support for Automatic Power Management with 190the 191.Xr apm 8 192command. 193.It Va apmd_enable 194.Pq Vt bool 195Run 196.Xr apmd 8 197to handle APM event from userland. 198This also enables support for APM. 199.It Va apmd_flags 200.Pq Vt str 201If 202.Va apmd_enable 203is set to 204.Dq Li YES , 205these are the flags to pass to the 206.Xr apmd 8 207daemon. 208.It Va devd_enable 209.Pq Vt bool 210Run 211.Xr devd 8 212to handle device added, removed or unknown events from the kernel. 213.It Va ddb_enable 214.Pq Vt bool 215Run 216.Xr ddb 8 217to install 218.Xr ddb 4 219scripts at boot time. 220.It Va ddb_config 221.Pq Vt str 222Configuration file for 223.Xr ddb 8 . 224Default 225.Pa /etc/ddb.conf . 226.It Va kld_list 227.Pq Vt str 228A list of kernel modules to load right after the local 229disks are mounted. 230Loading modules at this point in the boot process is 231much faster than doing it via 232.Pa /boot/loader.conf 233for those modules not necessary for mounting local disk. 234.It Va kldxref_enable 235.Pq Vt bool 236Set to 237.Dq Li NO 238by default. 239Set to 240.Dq Li YES 241to automatically rebuild 242.Pa linker.hints 243files with 244.Xr kldxref 8 245at boot time. 246.It Va kldxref_clobber 247.Pq Vt bool 248Set to 249.Dq Li NO 250by default. 251If 252.Va kldxref_enable 253is true, 254setting to 255.Dq Li YES 256will overwrite existing 257.Pa linker.hints 258files at boot time. 259Otherwise, 260only missing 261.Pa linker.hints 262files are generated. 263.It Va kldxref_module_path 264.Pq Vt str 265Empty by default. 266A semi-colon 267.Pq Ql \&; 268delimited list of paths containing 269.Xr kld 4 270modules. 271If empty, 272the contents of the 273.Va kern.module_path 274.Xr sysctl 8 275are used. 276.It Va powerd_enable 277.Pq Vt bool 278If set to 279.Dq Li YES , 280enable the system power control facility with the 281.Xr powerd 8 282daemon. 283.It Va powerd_flags 284.Pq Vt str 285If 286.Va powerd_enable 287is set to 288.Dq Li YES , 289these are the flags to pass to the 290.Xr powerd 8 291daemon. 292.It Va tmpmfs 293Controls the creation of a 294.Pa /tmp 295memory file system. 296Always happens if set to 297.Dq Li YES 298and never happens if set to 299.Dq Li NO . 300If set to anything else, a memory file system is created if 301.Pa /tmp 302is not writable. 303.It Va tmpsize 304Controls the size of a created 305.Pa /tmp 306memory file system. 307.It Va tmpmfs_flags 308Extra options passed to the 309.Xr mdmfs 8 310utility when the memory file system for 311.Pa /tmp 312is created. 313The default is 314.Dq Li "-S" , 315which inhibits the use of softupdates on 316.Pa /tmp 317so that file system space is freed without delay 318after file truncation or deletion. 319See 320.Xr mdmfs 8 321for other options you can use in 322.Va tmpmfs_flags . 323.It Va varmfs 324Controls the creation of a 325.Pa /var 326memory file system. 327Always happens if set to 328.Dq Li YES 329and never happens if set to 330.Dq Li NO . 331If set to anything else, a memory file system is created if 332.Pa /var 333is not writable. 334.It Va varsize 335Controls the size of a created 336.Pa /var 337memory file system. 338.It Va varmfs_flags 339Extra options passed to the 340.Xr mdmfs 8 341utility when the memory file system for 342.Pa /var 343is created. 344The default is 345.Dq Li "-S" , 346which inhibits the use of softupdates on 347.Pa /var 348so that file system space is freed without delay 349after file truncation or deletion. 350See 351.Xr mdmfs 8 352for other options you can use in 353.Va varmfs_flags . 354.It Va populate_var 355Controls the automatic population of the 356.Pa /var 357file system. 358Always happens if set to 359.Dq Li YES 360and never happens if set to 361.Dq Li NO . 362If set to anything else, a memory file system is created if 363.Pa /var 364is not writable. 365Note that this process requires access to certain commands in 366.Pa /usr 367before 368.Pa /usr 369is mounted on normal systems. 370.It Va cleanvar_enable 371.Pq Vt bool 372Clean the 373.Pa /var 374directory. 375.It Va local_startup 376.Pq Vt str 377List of directories to search for startup script files. 378.It Va script_name_sep 379.Pq Vt str 380The field separator to use for breaking down the list of startup script files 381into individual filenames. 382The default is a space. 383It is not necessary to change this unless there are startup scripts with names 384containing spaces. 385.It Va hostapd_enable 386.Pq Vt bool 387Set to 388.Dq Li YES 389to start 390.Xr hostapd 8 391at system boot time. 392.It Va hostname 393.Pq Vt str 394The fully qualified domain name (FQDN) of this host on the network. 395This should almost certainly be set to something meaningful, even if 396there is no network connection. 397If 398.Xr dhclient 8 399is used to set the hostname via DHCP, 400this variable should be set to an empty string. 401If this value remains unset when the system is done booting 402your console login will display the default hostname of 403.Dq Amnesiac . 404.It Va nisdomainname 405.Pq Vt str 406The NIS domain name of this host, or 407.Dq Li NO 408if NIS is not used. 409.It Va dhclient_program 410.Pq Vt str 411Path to the DHCP client program 412.Pa ( /sbin/dhclient , 413the 414.Ox 415DHCP client, 416is the default). 417.It Va dhclient_flags 418.Pq Vt str 419Additional flags to pass to the DHCP client program. 420For the 421.Ox 422DHCP client, see the 423.Xr dhclient 8 424manpage for a description of the command line options available. 425.It Va dhclient_flags_ Ns Aq Ar iface 426Additional flags to pass to the DHCP client program running on 427.Ar iface 428only. 429When specified, this variable overrides 430.Va dhclient_flags . 431.It Va background_dhclient 432.Pq Vt bool 433Set to 434.Dq Li YES 435to start the DHCP client in background. 436This can cause trouble with applications depending on 437a working network, but it will provide a faster startup 438in many cases. 439.It Va background_dhclient_ Ns Aq Ar iface 440When specified, this variable overrides the 441.Va background_dhclient 442variable for interface 443.Ar iface 444only. 445.It Va synchronous_dhclient 446.Pq Vt bool 447Set to 448.Dq Li YES 449to start 450.Xr dhclient 8 451synchronously at startup. 452This behavior can be overridden on a per-interface basis by replacing 453the 454.Dq Li DHCP 455keyword in the 456.Va ifconfig_ Ns Aq Ar interface 457variable with 458.Dq Li SYNCDHCP 459or 460.Dq Li NOSYNCDHCP . 461.It Va defaultroute_delay 462.Pq Vt int 463When set to a positive value, wait up to this long after configuring 464DHCP interfaces at startup to give the interfaces time to receive a lease. 465.It Va firewall_enable 466.Pq Vt bool 467Set to 468.Dq Li YES 469to load firewall rules at startup. 470If the kernel was not built with 471.Cd "options IPFIREWALL" , 472the 473.Pa ipfw.ko 474kernel module will be loaded. 475See also 476.Va ipfilter_enable . 477.It Va firewall_script 478.Pq Vt str 479This variable specifies the full path to the firewall script to run. 480The default is 481.Pa /etc/rc.firewall . 482.It Va firewall_type 483.Pq Vt str 484Names the firewall type from the selection in 485.Pa /etc/rc.firewall , 486or the file which contains the local firewall ruleset. 487Valid selections from 488.Pa /etc/rc.firewall 489are: 490.Pp 491.Bl -tag -width ".Li simple" -compact 492.It Li open 493unrestricted IP access 494.It Li closed 495all IP services disabled, except via 496.Dq Li lo0 497.It Li client 498basic protection for a workstation 499.It Li simple 500basic protection for a LAN. 501.El 502.Pp 503If a filename is specified, the full path 504must be given. 505.It Va firewall_quiet 506.Pq Vt bool 507Set to 508.Dq Li YES 509to disable the display of firewall rules on the console during boot. 510.It Va firewall_logging 511.Pq Vt bool 512Set to 513.Dq Li YES 514to enable firewall event logging. 515This is equivalent to the 516.Dv IPFIREWALL_VERBOSE 517kernel option. 518.It Va firewall_logif 519.Pq Vt bool 520Set to 521.Dq Li YES 522to create pseudo interface 523.Li ipfw0 524for logging. 525For more details, see 526.Xr ipfw 8 527manual page. 528.It Va firewall_flags 529.Pq Vt str 530Flags passed to 531.Xr ipfw 8 532if 533.Va firewall_type 534specifies a filename. 535.It Va firewall_coscripts 536.Pq Vt str 537List of executables and/or rc scripts to run after firewall starts/stops. 538Default is empty. 539.\" ----- firewall_nat_enable setting -------------------------------- 540.It Va firewall_nat_enable 541.Pq Vt bool 542The 543.Xr ipfw 8 544equivalent of 545.Va natd_enable . 546Setting this to 547.Dq Li YES 548enables kernel NAT. 549.Va firewall_enable 550must also be set to 551.Dq Li YES . 552.It Va firewall_nat_interface 553.Pq Vt str 554The 555.Xr ipfw 8 556equivalent of 557.Va natd_interface . 558This is the name of the public interface or IP address on which 559kernel NAT should run. 560.It Va firewall_nat_flags 561.Pq Vt str 562Additional configuration parameters for kernel NAT should be placed here. 563.It Va dummynet_enable 564.Pq Vt bool 565Setting this to 566.Dq Li YES 567will automatically load the 568.Xr dummynet 4 569module if 570.Va firewall_enable 571is also set to 572.Dq Li YES . 573.\" ------------------------------------------------------------------- 574.It Va natd_program 575.Pq Vt str 576Path to 577.Xr natd 8 . 578.It Va natd_enable 579.Pq Vt bool 580Set to 581.Dq Li YES 582to enable 583.Xr natd 8 . 584.Va firewall_enable 585must also be set to 586.Dq Li YES , 587and 588.Xr divert 4 589sockets must be enabled in the kernel. 590If the kernel was not built with 591.Cd "options IPDIVERT" , 592the 593.Pa ipdivert.ko 594kernel module will be loaded. 595.It Va natd_interface 596.Pq Vt str 597This is the name of the public interface on which 598.Xr natd 8 599should run. 600The interface may be given as an interface name or as an IP address. 601.It Va natd_flags 602.Pq Vt str 603Additional 604.Xr natd 8 605flags should be placed here. 606The 607.Fl n 608or 609.Fl a 610flag is automatically added with the above 611.Va natd_interface 612as an argument. 613.\" ----- ipfilter_enable setting -------------------------------- 614.It Va ipfilter_enable 615.Pq Vt bool 616Set to 617.Dq Li NO 618by default. 619Setting this to 620.Dq Li YES 621enables 622.Xr ipf 8 623packet filtering. 624.Pp 625Typical usage will require putting 626.Bd -literal 627ipfilter_enable="YES" 628ipnat_enable="YES" 629ipmon_enable="YES" 630ipfs_enable="YES" 631.Ed 632.Pp 633into 634.Pa /etc/rc.conf 635and editing 636.Pa /etc/ipf.rules 637and 638.Pa /etc/ipnat.rules 639appropriately. 640.Pp 641Note that 642.Va ipfilter_enable 643and 644.Va ipnat_enable 645can be enabled independently. 646.Va ipmon_enable 647and 648.Va ipfs_enable 649both require at least one of 650.Va ipfilter_enable 651and 652.Va ipnat_enable 653to be enabled. 654.Pp 655Having 656.Bd -literal 657options IPFILTER 658options IPFILTER_LOG 659options IPFILTER_DEFAULT_BLOCK 660.Ed 661.Pp 662in the kernel configuration file is a good idea, too. 663.\" ----- ipfilter_program setting ------------------------------ 664.It Va ipfilter_program 665.Pq Vt str 666Path to 667.Xr ipf 8 668(default 669.Pa /sbin/ipf ) . 670.\" ----- ipfilter_rules setting -------------------------------- 671.It Va ipfilter_rules 672.Pq Vt str 673Set to 674.Pa /etc/ipf.rules 675by default. 676This variable contains the name of the filter rule definition file. 677The file is expected to be readable for the 678.Xr ipf 8 679command to execute. 680.\" ----- ipv6_ipfilter_rules setting --------------------------- 681.It Va ipv6_ipfilter_rules 682.Pq Vt str 683Set to 684.Pa /etc/ipf6.rules 685by default. 686This variable contains the IPv6 filter rule definition file. 687The file is expected to be readable for the 688.Xr ipf 8 689command to execute. 690.\" ----- ipfilter_flags setting -------------------------------- 691.It Va ipfilter_flags 692.Pq Vt str 693Empty by default. 694This variable contains flags passed to the 695.Xr ipf 8 696program. 697.\" ----- ipnat_enable setting ---------------------------------- 698.It Va ipnat_enable 699.Pq Vt bool 700Set to 701.Dq Li NO 702by default. 703Set it to 704.Dq Li YES 705to enable 706.Xr ipnat 8 707network address translation. 708See 709.Va ipfilter_enable 710for a detailed discussion. 711.\" ----- ipnat_program setting --------------------------------- 712.It Va ipnat_program 713.Pq Vt str 714Path to 715.Xr ipnat 8 716(default 717.Pa /sbin/ipnat ) . 718.\" ----- ipnat_rules setting ----------------------------------- 719.It Va ipnat_rules 720.Pq Vt str 721Set to 722.Pa /etc/ipnat.rules 723by default. 724This variable contains the name of the file 725holding the network address translation definition. 726This file is expected to be readable for the 727.Xr ipnat 8 728command to execute. 729.\" ----- ipnat_flags setting ----------------------------------- 730.It Va ipnat_flags 731.Pq Vt str 732Empty by default. 733This variable contains flags passed to the 734.Xr ipnat 8 735program. 736.\" ----- ipmon_enable setting ---------------------------------- 737.It Va ipmon_enable 738.Pq Vt bool 739Set to 740.Dq Li NO 741by default. 742Set it to 743.Dq Li YES 744to enable 745.Xr ipmon 8 746monitoring (logging 747.Xr ipf 8 748and 749.Xr ipnat 8 750events). 751Setting this variable needs setting 752.Va ipfilter_enable 753or 754.Va ipnat_enable 755too. 756See 757.Va ipfilter_enable 758for a detailed discussion. 759.\" ----- ipmon_program setting --------------------------------- 760.It Va ipmon_program 761.Pq Vt str 762Path to 763.Xr ipmon 8 764(default 765.Pa /sbin/ipmon ) . 766.\" ----- ipmon_flags setting ----------------------------------- 767.It Va ipmon_flags 768.Pq Vt str 769Set to 770.Dq Li -Ds 771by default. 772This variable contains flags passed to the 773.Xr ipmon 8 774program. 775Another typical example would be 776.Dq Fl D Pa /var/log/ipflog 777to have 778.Xr ipmon 8 779log directly to a file bypassing 780.Xr syslogd 8 . 781Make sure to adjust 782.Pa /etc/newsyslog.conf 783in such case like this: 784.Bd -literal 785/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 786.Ed 787.\" ----- ipfs_enable setting ----------------------------------- 788.It Va ipfs_enable 789.Pq Vt bool 790Set to 791.Dq Li NO 792by default. 793Set it to 794.Dq Li YES 795to enable 796.Xr ipfs 8 797saving the filter and NAT state tables during shutdown 798and reloading them during startup again. 799Setting this variable needs setting 800.Va ipfilter_enable 801or 802.Va ipnat_enable 803to 804.Dq Li YES 805too. 806See 807.Va ipfilter_enable 808for a detailed discussion. 809Note that if 810.Va kern_securelevel 811is set to 3, 812.Va ipfs_enable 813cannot be used 814because the raised securelevel will prevent 815.Xr ipfs 8 816from saving the state tables at shutdown time. 817.\" ----- ipfs_program setting ---------------------------------- 818.It Va ipfs_program 819.Pq Vt str 820Path to 821.Xr ipfs 8 822(default 823.Pa /sbin/ipfs ) . 824.\" ----- ipfs_flags setting ------------------------------------ 825.It Va ipfs_flags 826.Pq Vt str 827Empty by default. 828This variable contains flags passed to the 829.Xr ipfs 8 830program. 831.\" ----- end of added ipf hook --------------------------------- 832.It Va pf_enable 833.Pq Vt bool 834Set to 835.Dq Li NO 836by default. 837Setting this to 838.Dq Li YES 839enables 840.Xr pf 4 841packet filtering. 842.Pp 843Typical usage will require putting 844.Pp 845.Dl pf_enable="YES" 846.Pp 847into 848.Pa /etc/rc.conf 849and editing 850.Pa /etc/pf.conf 851appropriately. 852Adding 853.Pp 854.Dl "device pf" 855.Pp 856builds support for 857.Xr pf 4 858into the kernel, otherwise the 859kernel module will be loaded. 860.It Va pf_rules 861.Pq Vt str 862Path to 863.Xr pf 4 864ruleset configuration file 865(default 866.Pa /etc/pf.conf ) . 867.It Va pf_program 868.Pq Vt str 869Path to 870.Xr pfctl 8 871(default 872.Pa /sbin/pfctl ) . 873.It Va pf_flags 874.Pq Vt str 875If 876.Va pf_enable 877is set to 878.Dq Li YES , 879these flags are passed to the 880.Xr pfctl 8 881program when loading the ruleset. 882.It Va pflog_enable 883.Pq Vt bool 884Set to 885.Dq Li NO 886by default. 887Setting this to 888.Dq Li YES 889enables 890.Xr pflogd 8 891which logs packets from the 892.Xr pf 4 893packet filter. 894.It Va pflog_logfile 895.Pq Vt str 896If 897.Va pflog_enable 898is set to 899.Dq Li YES 900this controls where 901.Xr pflogd 8 902stores the logfile 903(default 904.Pa /var/log/pflog ) . 905Check 906.Pa /etc/newsyslog.conf 907to adjust logfile rotation for this. 908.It Va pflog_program 909.Pq Vt str 910Path to 911.Xr pflogd 8 912(default 913.Pa /sbin/pflogd ) . 914.It Va pflog_flags 915.Pq Vt str 916Empty by default. 917This variable contains additional flags passed to the 918.Xr pflogd 8 919program. 920.It Va ftpproxy_enable 921.Pq Vt bool 922Set to 923.Dq Li NO 924by default. 925Setting this to 926.Dq Li YES 927enables 928.Xr ftp-proxy 8 929which supports the 930.Xr pf 4 931packet filter in translating ftp connections. 932.It Va ftpproxy_flags 933.Pq Vt str 934Empty by default. 935This variable contains additional flags passed to the 936.Xr ftp-proxy 8 937program. 938.It Va pfsync_enable 939.Pq Vt bool 940Set to 941.Dq Li NO 942by default. 943Setting this to 944.Dq Li YES 945enables exposing 946.Xr pf 4 947state changes to other hosts over the network by means of 948.Xr pfsync 4 . 949The 950.Va pfsync_syncdev 951variable 952must also be set then. 953.It Va pfsync_syncdev 954.Pq Vt str 955Empty by default. 956This variable specifies the name of the network interface 957.Xr pfsync 4 958should operate through. 959It must be set accordingly if 960.Va pfsync_enable 961is set to 962.Dq Li YES . 963.It Va pfsync_syncpeer 964.Pq Vt str 965Empty by default. 966This variable is optional. 967By default, state change messages are sent out on the synchronisation 968interface using IP multicast packets. 969The protocol is IP protocol 240, PFSYNC, and the multicast group used is 970224.0.0.240. 971When a peer address is specified using the 972.Va pfsync_syncpeer 973option, the peer address is used as a destination for the pfsync 974traffic, and the traffic can then be protected using 975.Xr ipsec 4 . 976See the 977.Xr pfsync 4 978manpage for more details about using 979.Xr ipsec 4 980with 981.Xr pfsync 4 982interfaces. 983.It Va pfsync_ifconfig 984.Pq Vt str 985Empty by default. 986This variable can contain additional options to be passed to the 987.Xr ifconfig 8 988command used to set up 989.Xr pfsync 4 . 990.It Va tcp_extensions 991.Pq Vt bool 992Set to 993.Dq Li YES 994by default. 995Setting this to 996.Dq Li NO 997disables certain TCP options as described by 998.Rs 999.%T "RFC 1323" 1000.Re 1001Setting this to 1002.Dq Li NO 1003might help remedy such problems with connections as randomly hanging 1004or other weird behavior. 1005Some network devices are known 1006to be broken with respect to these options. 1007.It Va log_in_vain 1008.Pq Vt int 1009Set to 0 by default. 1010The 1011.Xr sysctl 8 1012variables, 1013.Va net.inet.tcp.log_in_vain 1014and 1015.Va net.inet.udp.log_in_vain , 1016as described in 1017.Xr tcp 4 1018and 1019.Xr udp 4 , 1020are set to the given value. 1021.It Va tcp_keepalive 1022.Pq Vt bool 1023Set to 1024.Dq Li YES 1025by default. 1026Setting to 1027.Dq Li NO 1028will disable probing idle TCP connections to verify that the 1029peer is still up and reachable. 1030.It Va tcp_drop_synfin 1031.Pq Vt bool 1032Set to 1033.Dq Li NO 1034by default. 1035Setting to 1036.Dq Li YES 1037will cause the kernel to ignore TCP frames that have both 1038the SYN and FIN flags set. 1039This prevents OS fingerprinting, but may 1040break some legitimate applications. 1041.It Va icmp_drop_redirect 1042.Pq Vt bool 1043Set to 1044.Dq Li NO 1045by default. 1046Setting to 1047.Dq Li YES 1048will cause the kernel to ignore ICMP REDIRECT packets. 1049Refer to 1050.Xr icmp 4 1051for more information. 1052.It Va icmp_log_redirect 1053.Pq Vt bool 1054Set to 1055.Dq Li NO 1056by default. 1057Setting to 1058.Dq Li YES 1059will cause the kernel to log ICMP REDIRECT packets. 1060Note that 1061the log messages are not rate-limited, so this option should only be used 1062for troubleshooting networks. 1063Refer to 1064.Xr icmp 4 1065for more information. 1066.It Va icmp_bmcastecho 1067.Pq Vt bool 1068Set to 1069.Dq Li YES 1070to respond to broadcast or multicast ICMP ping packets. 1071Refer to 1072.Xr icmp 4 1073for more information. 1074.It Va ip_portrange_first 1075.Pq Vt int 1076If not set to 1077.Dq Li NO , 1078this is the first port in the default portrange. 1079Refer to 1080.Xr ip 4 1081for more information. 1082.It Va ip_portrange_last 1083.Pq Vt int 1084If not set to 1085.Dq Li NO , 1086this is the last port in the default portrange. 1087Refer to 1088.Xr ip 4 1089for more information. 1090.It Va network_interfaces 1091.Pq Vt str 1092Set to the list of network interfaces to configure on this host or 1093.Dq Li AUTO 1094(the default) for all current interfaces. 1095Setting the 1096.Va network_interfaces 1097variable to anything other than the default is deprecated. 1098Interfaces that the administrator wishes to store configuration for, 1099but not start at boot should be configured with the 1100.Dq Li NOAUTO 1101keyword in their 1102.Va ifconfig_ Ns Aq Ar interface 1103variables as described below. 1104.Pp 1105An 1106.Va ifconfig_ Ns Aq Ar interface 1107variable is also assumed to exist for each value of 1108.Ar interface . 1109When an interface name contains any of the characters 1110.Dq Li .-/+ 1111they are translated to 1112.Dq Li _ 1113before lookup. 1114The variable can contain arguments to 1115.Xr ifconfig 8 , 1116as well as special case-insensitive keywords described below. 1117Such keywords are removed before passing the value to 1118.Xr ifconfig 8 1119while the order of the other arguments is preserved. 1120.Pp 1121It is possible to add IP alias entries using 1122.Xr ifconfig 8 1123syntax with the address family keyword such as 1124.Li inet . 1125Assuming that the interface in question was 1126.Li ed0 , 1127it might look something like this: 1128.Bd -literal 1129ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1130ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1131.Ed 1132.Pp 1133It also possible to configure multiple IP addresses in Classless 1134Inter-Domain Routing 1135.Pq CIDR 1136address notation, 1137whose each address component can be a range like 1138.Li inet 192.0.2.5-23/24 1139or 1140.Li inet6 2001:db8:1-f::1/64 . 1141This notation allows address and prefix length part only, 1142not the other address modifiers. 1143.Pp 1144In the case of 1145.Li 192.0.2.5-23/24 , 1146the address 192.0.2.5 will be configured with the 1147netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1148the non-conflicting netmask /32 as explained in the 1149.Xr ifconfig 8 1150alias section. 1151Note that this special netmask handling is only for 1152.Li inet , 1153not for the other address families such as 1154.Li inet6 . 1155.Pp 1156With the interface in question being 1157.Li ed0 , 1158an example could look like: 1159.Bd -literal 1160ifconfig_ed0_alias2="inet 192.0.2.129/27" 1161ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1162.Ed 1163.Pp 1164and so on. 1165.Pp 1166Note that 1167.Va ipv4_addrs_ Ns Aq Ar interface 1168variable was supported for IPv4 CIDR address notation. 1169It is now deprecated because the functionality was integrated into 1170.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1171though 1172.Va ipv4_addrs_ Ns Aq Ar interface 1173is still supported for backward compatibility. 1174.Pp 1175For each 1176.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1177entry with an address family keyword, 1178its contents are passed to 1179.Xr ifconfig 8 . 1180Execution stops at the first unsuccessful access, so if 1181something like this is present: 1182.Bd -literal 1183ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1184ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1185ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1186ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1187.Ed 1188.Pp 1189Then note that alias4 would 1190.Em not 1191be added since the search would 1192stop with the missing 1193.Dq Li alias3 1194entry. 1195Due to this difficult to manage behavior, the 1196.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1197form is deprecated. 1198There is 1199.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1200variable, which has the same functionality as 1201.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1202and can have all of entries in a variable like the following: 1203.Bd -literal 1204ifconfig_ed0_aliases="\\ 1205 inet 127.0.0.251 netmask 0xffffffff \\ 1206 inet 127.0.0.252 netmask 0xffffffff \\ 1207 inet 127.0.0.253 netmask 0xffffffff \\ 1208 inet 127.0.0.254 netmask 0xffffffff" 1209.Ed 1210.Pp 1211It also supports CIDR notation. 1212.Pp 1213If the 1214.Pa /etc/start_if. Ns Aq Ar interface 1215file is present, it is read and executed by the 1216.Xr sh 1 1217interpreter 1218before configuring the interface as specified in the 1219.Va ifconfig_ Ns Aq Ar interface 1220and 1221.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1222variables. 1223.Pp 1224If a 1225.Va vlans_ Ns Aq Ar interface 1226variable is set, 1227a 1228.Xr vlan 4 1229interface will be created for each item in the list with the 1230.Ar vlandev 1231argument set to 1232.Ar interface . 1233If a vlan interface's name is a number, 1234then that number is used as the vlan tag and the new vlan interface is 1235named 1236.Ar interface . Ns Ar tag . 1237Otherwise, 1238the vlan tag must be specified via a 1239.Va vlan 1240parameter in the 1241.Va create_args_ Ns Aq Ar interface 1242variable. 1243.Pp 1244To create a vlan device named 1245.Li em0.101 1246on 1247.Li em0 1248with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1249.Bd -literal 1250vlans_em0="101" 1251ifconfig_em0_101="inet 192.0.2.1/24" 1252.Ed 1253.Pp 1254To create a vlan device named 1255.Li myvlan 1256on 1257.Li em0 1258with the vlan tag 102: 1259.Bd -literal 1260vlans_em0="myvlan" 1261create_args_myvlan="vlan 102" 1262.Ed 1263.Pp 1264If a 1265.Va wlans_ Ns Aq Ar interface 1266variable is set, 1267an 1268.Xr wlan 4 1269interface will be created for each item in the list with the 1270.Ar wlandev 1271argument set to 1272.Ar interface . 1273Further wlan cloning arguments may be passed to the 1274.Xr ifconfig 8 1275.Cm create 1276command by setting the 1277.Va create_args_ Ns Aq Ar interface 1278variable. 1279One or more 1280.Xr wlan 4 1281devices must be created for each wireless devices as of 1282.Fx 8.0 . 1283Debugging flags for 1284.Xr wlan 4 1285devices as set by 1286.Xr wlandebug 8 1287may be specified with an 1288.Va wlandebug_ Ns Aq Ar interface 1289variable. 1290The contents of this variable will be passed directly to 1291.Xr wlandebug 8 . 1292.Pp 1293If the 1294.Va ifconfig_ Ns Aq Ar interface 1295contains the keyword 1296.Dq Li NOAUTO 1297then the interface will not be configured 1298at boot or by 1299.Pa /etc/pccard_ether 1300when 1301.Va network_interfaces 1302is set to 1303.Dq Li AUTO . 1304.Pp 1305It is possible to bring up an interface with DHCP by adding 1306.Dq Li DHCP 1307to the 1308.Va ifconfig_ Ns Aq Ar interface 1309variable. 1310For instance, to initialize the 1311.Li ed0 1312device via DHCP, 1313it is possible to use something like: 1314.Bd -literal 1315ifconfig_ed0="DHCP" 1316.Ed 1317.Pp 1318If you want to configure your wireless interface with 1319.Xr wpa_supplicant 8 1320for use with WPA, EAP/LEAP or WEP, you need to add 1321.Dq Li WPA 1322to the 1323.Va ifconfig_ Ns Aq Ar interface 1324variable. 1325.Pp 1326On the other hand, if you want to configure your wireless interface with 1327.Xr hostapd 8 , 1328you need to add 1329.Dq Li HOSTAP 1330to the 1331.Va ifconfig_ Ns Aq Ar interface 1332variable. 1333.Xr hostapd 8 1334will use the settings from 1335.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1336.Pp 1337Finally, you can add 1338.Xr ifconfig 8 1339options in this variable, in addition to the 1340.Pa /etc/start_if. Ns Aq Ar interface 1341file. 1342For instance, to configure an 1343.Xr ath 4 1344wireless device in station mode with an address obtained 1345via DHCP, using WPA authentication and 802.11b mode, it is 1346possible to use something like: 1347.Bd -literal 1348wlans_ath0="wlan0" 1349ifconfig_wlan0="DHCP WPA mode 11b" 1350.Ed 1351.Pp 1352In addition to the 1353.Va ifconfig_ Ns Aq Ar interface 1354form, a fallback variable 1355.Va ifconfig_DEFAULT 1356may be configured. 1357It will be used for all interfaces with no 1358.Va ifconfig_ Ns Aq Ar interface 1359variable. 1360This is intended to replace the no longer supported 1361.Va pccard_ifconfig 1362variable. 1363.Pp 1364It is also possible to rename an interface by doing: 1365.Bd -literal 1366ifconfig_ed0_name="net0" 1367ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1368.Ed 1369.It Va ipv6_enable 1370.Pq Vt bool 1371This variable is deprecated. 1372Use 1373.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1374and 1375.Va ipv6_activate_all_interfaces 1376if necessary. 1377.Pp 1378If the variable is 1379.Dq Li YES , 1380.Dq Li inet6 accept_rtadv 1381is added to all of 1382.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1383and the 1384.Va ipv6_activate_all_interfaces 1385is defined as 1386.Dq Li YES . 1387.It Va ipv6_prefer 1388.Pq Vt bool 1389This variable is deprecated. 1390Use 1391.Va ip6addrctl_policy 1392instead. 1393.Pp 1394If the variable is 1395.Dq Li YES , 1396the default address selection policy table set by 1397.Xr ip6addrctl 8 1398will be IPv6-preferred. 1399.Pp 1400If the variable is 1401.Dq Li NO , 1402the default address selection policy table set by 1403.Xr ip6addrctl 8 1404will be IPv4-preferred. 1405.It Va ipv6_activate_all_interfaces 1406.Pq Vt bool 1407This controls initial configuration on IPv6-capable 1408interfaces with no corresponding 1409.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1410variable. 1411Note that it is not always necessary to set this variable to 1412.Dq YES 1413to use IPv6 functionality on 1414.Fx . 1415In most cases, just configuring 1416.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1417variables works. 1418.Pp 1419If the variable is 1420.Dq Li NO , 1421all interfaces which do not have a corresponding 1422.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1423variable will be marked as 1424.Dq Li IFDISABLED 1425at creation. 1426This means that all of IPv6 functionality on that interface 1427is completely disabled to enforce a security policy. 1428If the variable is set to 1429.Dq YES , 1430the flag will be cleared on all of the interfaces. 1431.Pp 1432In most cases, just defining an 1433.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1434for an IPv6-capable interface should be sufficient. 1435However, if an interface is added dynamically 1436.Pq by some tunneling protocols such as PPP, for example , 1437it is often difficult to define the variable in advance. 1438In such a case, configuring the 1439.Dq Li IFDISABLED 1440flag can be disabled by setting this variable to 1441.Dq YES . 1442.Pp 1443For more details of the 1444.Dq Li IFDISABLED 1445flag and keywords 1446.Dq Li inet6 ifdisabled , 1447see 1448.Xr ifconfig 8 . 1449.Pp 1450Default is 1451.Dq Li NO . 1452.It Va ipv6_privacy 1453.Pq Vt bool 1454If the variable is 1455.Dq Li YES 1456privacy addresses will be generated for each IPv6 1457interface as described in RFC 4941. 1458.It Va ipv6_network_interfaces 1459.Pq Vt str 1460This is the IPv6 equivalent of 1461.Va network_interfaces . 1462Normally manual configuration of this variable is not needed. 1463.Pp 1464.It Va ipv6_cpe_wanif 1465.Pq Vt str 1466If the variable is set to an interface name, 1467the 1468.Xr ifconfig 8 1469options 1470.Dq inet6 -no_radr accept_rtadv 1471will be added to the specified interface automatically before evaluating 1472.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1473and two 1474.Xr sysctl 8 1475variables 1476.Va net.inet6.ip6.rfc6204w3 1477and 1478.Va net.inet6.ip6.no_radr 1479will be set to 1. 1480.Pp 1481This means the specified interface will accept ICMPv6 Router 1482Advertisement messages on that link and add the discovered 1483routers into the Default Router List. 1484While the other interfaces can still accept RA messages if the 1485.Dq inet6 accept_rtadv 1486option is specified, adding 1487routes into the Default Router List will be disabled by 1488.Dq inet6 no_radr 1489option by default. 1490See 1491.Xr ifconfig 8 1492for more details. 1493.Pp 1494Note that ICMPv6 Router Advertisement messages will be 1495accepted even when 1496.Va net.inet6.ip6.forwarding 1497is 1 1498.Pq packet forwarding is enabled 1499when 1500.Va net.inet6.ip6.rfc6204w3 1501is set to 1. 1502.Pp 1503Default is 1504.Dq Li NO . 1505.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1506.Pq Vt str 1507IPv6 functionality on an interface should be configured by 1508.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1509instead of setting ifconfig parameters in 1510.Va ifconfig_ Ns Aq Ar interface . 1511If this variable is empty, all of IPv6 configurations on the 1512specified interface by other variables such as 1513.Va ipv6_prefix_ Ns Ao Ar interface Ac 1514will be ignored. 1515.Pp 1516Aliases should be set by 1517.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1518with 1519.Dq Li inet6 1520keyword. 1521For example: 1522.Bd -literal 1523ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1524ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1525.Ed 1526.Pp 1527Interfaces that have an 1528.Dq Li inet6 accept_rtadv 1529keyword in 1530.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1531setting will be automatically configured by SLAAC 1532.Pq StateLess Address AutoConfiguration 1533described in 1534.Rs 1535.%T "RFC 4862" 1536.Re 1537.Pp 1538Note that a link-local address will be automatically configured in 1539addition to the configured global-scope addresses because the IPv6 1540specifications require it on each link. 1541The address is calculated from the MAC address by using an algorithm 1542defined in 1543.Rs 1544.%T "RFC 4862" 1545.%O "Section 5.3" 1546.Re 1547.Pp 1548If only a link-local address is needed on the interface, 1549the following configuration can be used: 1550.Bd -literal 1551ifconfig_ed0_ipv6="inet6 auto_linklocal" 1552.Ed 1553.Pp 1554A link-local address can also be configured manually. 1555This is useful for the default router address of an IPv6 router 1556so that it does not change when the network interface 1557card is replaced. 1558For example: 1559.Bd -literal 1560ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1561.Ed 1562.It Va ipv6_prefix_ Ns Aq Ar interface 1563.Pq Vt str 1564If one or more prefixes are defined in 1565.Va ipv6_prefix_ Ns Aq Ar interface 1566addresses based on each prefix and the EUI-64 interface index will be 1567configured on that interface. 1568Note that this variable will be ignored when 1569.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1570is empty. 1571.Pp 1572For example, the following configuration 1573.Bd -literal 1574ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1575.Ed 1576.Pp 1577is equivalent to the following: 1578.Bd -literal 1579ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1580ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1581ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1582ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1583.Ed 1584.Pp 1585These Subnet-Router anycast addresses will be added only when 1586.Va ipv6_gateway_enable 1587is YES. 1588.It Va ipv6_default_interface 1589.Pq Vt str 1590If not set to 1591.Dq Li NO , 1592this is the default output interface for scoped addresses. 1593This works only with ipv6_gateway_enable="NO". 1594.It Va ip6addrctl_enable 1595.Pq Vt bool 1596This variable is to enable configuring default address selection policy table 1597.Pq RFC 3484 . 1598The table can be specified in another variable 1599.Va ip6addrctl_policy . 1600For 1601.Va ip6addrctl_policy 1602the following keywords can be specified: 1603.Dq Li ipv4_prefer , 1604.Dq Li ipv6_prefer , 1605or 1606.Dq Li AUTO . 1607.Pp 1608If 1609.Dq Li ipv4_prefer 1610or 1611.Dq Li ipv6_prefer 1612is specified, 1613.Xr ip6addrctl 8 1614installs a pre-defined policy table described in Section 2.1 1615.Pq IPv6-preferred 1616or 10.3 1617.Pq IPv4-preferred 1618of RFC 3484. 1619.Pp 1620If 1621.Dq Li AUTO 1622is specified, it attempts to read a file 1623.Pa /etc/ip6addrctl.conf 1624first. 1625If this file is found, 1626.Xr ip6addrctl 8 1627reads and installs it. 1628If not found, a policy is automatically set 1629according to 1630.Va ipv6_activate_all_interfaces 1631variable; if the variable is set to 1632.Dq Li YES 1633the IPv6-preferred one is used. 1634Otherwise IPv4-preferred. 1635.Pp 1636The default value of 1637.Va ip6addrctl_enable 1638and 1639.Va ip6addrctl_policy 1640are 1641.Dq Li YES 1642and 1643.Dq Li AUTO , 1644respectively. 1645.It Va cloned_interfaces 1646.Pq Vt str 1647Set to the list of clonable network interfaces to create on this host. 1648Further cloning arguments may be passed to the 1649.Xr ifconfig 8 1650.Cm create 1651command for each interface by setting the 1652.Va create_args_ Ns Aq Ar interface 1653variable. 1654If an interface name is specified with 1655.Dq :sticky 1656keyword, 1657the interface will not be destroyed even when 1658.Pa rc.d/netif 1659script is invoked with 1660.Dq stop 1661argument. 1662This is useful when reconfiguring the interface without destroying it. 1663Entries in 1664.Va cloned_interfaces 1665are automatically appended to 1666.Va network_interfaces 1667for configuration. 1668.It Va cloned_interfaces_sticky 1669.Pq Vt bool 1670This variable is to globally enable functionality of 1671.Dq :sticky 1672keyword in 1673.Va cloned_interfaces 1674for all interfaces. 1675The default value is 1676.Dq NO . 1677Even if this variable is specified to 1678.Dq YES , 1679.Dq :nosticky 1680keyword can be used to override it on per interface basis. 1681.It Va fec_interfaces 1682.Pq Vt str 1683Set to the list of 1684.Xr ng_fec 4 1685Fast EtherChannel interfaces to configure on this host. 1686A 1687.Va fecconfig_ Ns Aq Ar interface 1688variable is assumed to exist for each value of 1689.Ar interface . 1690The value of this variable is used to configure link aggregated interfaces 1691according to the syntax of the 1692.Cm NGM_FEC_ADD_IFACE 1693to 1694.Xr ngctl 8 1695msg. 1696Additionally, this option ensures that each listed interface is created 1697via the 1698.Cm mkpeer 1699command to 1700.Xr ngctl 8 1701before attempting to configure it. 1702For example: 1703.Bd -literal 1704fec_interfaces="fec0" 1705fecconfig_fec0="em0 em1" 1706ifconfig_fec0="DHCP" 1707.Ed 1708.It Va gif_interfaces 1709.Pq Vt str 1710This variable is deprecated in favor of 1711.Va cloned_interfaces . 1712Set to the list of 1713.Xr gif 4 1714tunnel interfaces to configure on this host. 1715A 1716.Va gifconfig_ Ns Aq Ar interface 1717variable is assumed to exist for each value of 1718.Ar interface . 1719The value of this variable is used to configure the link layer of the 1720tunnel according to the syntax of the 1721.Cm tunnel 1722option to 1723.Xr ifconfig 8 . 1724Additionally, this option ensures that each listed interface is created 1725via the 1726.Cm create 1727option to 1728.Xr ifconfig 8 1729before attempting to configure it. 1730.It Va sppp_interfaces 1731.Pq Vt str 1732Set to the list of 1733.Xr sppp 4 1734interfaces to configure on this host. 1735A 1736.Va spppconfig_ Ns Aq Ar interface 1737variable is assumed to exist for each value of 1738.Ar interface . 1739Each interface should also be configured by a general 1740.Va ifconfig_ Ns Aq Ar interface 1741setting. 1742Refer to 1743.Xr spppcontrol 8 1744for more information about available options. 1745.It Va ppp_enable 1746.Pq Vt bool 1747If set to 1748.Dq Li YES , 1749run the 1750.Xr ppp 8 1751daemon. 1752.It Va ppp_profile 1753.Pq Vt str 1754The name of the profile to use from 1755.Pa /etc/ppp/ppp.conf . 1756Also used for per-profile overrides of 1757.Va ppp_mode 1758and 1759.Va ppp_nat , 1760and 1761.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1762When the profile name contains any of the characters 1763.Dq Li .-/+ 1764they are translated to 1765.Dq Li _ 1766for the proposes of the override variable names. 1767.It Va ppp_mode 1768.Pq Vt str 1769Mode in which to run the 1770.Xr ppp 8 1771daemon. 1772.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1773.Pq Vt str 1774Overrides the global 1775.Va ppp_mode 1776for 1777.Ar profile . 1778Accepted modes are 1779.Dq Li auto , 1780.Dq Li ddial , 1781.Dq Li direct 1782and 1783.Dq Li dedicated . 1784See the manual for a full description. 1785.It Va ppp_nat 1786.Pq Vt bool 1787If set to 1788.Dq Li YES , 1789enables network address translation. 1790Used in conjunction with 1791.Va gateway_enable 1792allows hosts on private network addresses access to the Internet using 1793this host as a network address translating router. 1794.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1795.Pq Vt str 1796Overrides the global 1797.Va ppp_nat 1798for 1799.Ar profile . 1800.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1801.Pq Vt int 1802Set the unit number to be used for this profile. 1803See the manual description of 1804.Fl unit Ns Ar N 1805for details. 1806.It Va ppp_user 1807.Pq Vt str 1808The name of the user under which 1809.Xr ppp 8 1810should be started. 1811By 1812default, 1813.Xr ppp 8 1814is started as 1815.Dq Li root . 1816.It Va rc_conf_files 1817.Pq Vt str 1818This option is used to specify a list of files that will override 1819the settings in 1820.Pa /etc/defaults/rc.conf . 1821The files will be read in the order in which they are specified and should 1822include the full path to the file. 1823By default, the files specified are 1824.Pa /etc/rc.conf 1825and 1826.Pa /etc/rc.conf.local 1827.It Va zfs_enable 1828.Pq Vt bool 1829If set to 1830.Dq Li YES , 1831.Pa /etc/rc.d/zfs 1832will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1833(ZVOLs). 1834.It Va gptboot_enable 1835.Pq Vt bool 1836If set to 1837.Dq Li YES , 1838.Pa /etc/rc.d/gptboot 1839will log if the system successfully (or not) booted from a GPT partition, 1840which had the 1841.Ar bootonce 1842attribute set using 1843.Xr gpart 8 1844utility. 1845.It Va gbde_autoattach_all 1846.Pq Vt bool 1847If set to 1848.Dq Li YES , 1849.Pa /etc/rc.d/gbde 1850will attempt to automatically initialize your .bde devices in 1851.Pa /etc/fstab . 1852.It Va gbde_devices 1853.Pq Vt str 1854List the devices that the script should try to attach, 1855or 1856.Dq Li AUTO . 1857.It Va gbde_lockdir 1858.Pq Vt str 1859The directory where the 1860.Xr gbde 4 1861lockfiles are located. 1862The default lockfile directory is 1863.Pa /etc . 1864.Pp 1865The lockfile for each individual 1866.Xr gbde 4 1867device can be overridden by setting the variable 1868.Va gbde_lock_ Ns Aq Ar device , 1869where 1870.Ar device 1871is the encrypted device without the 1872.Dq Pa /dev/ 1873and 1874.Dq Pa .bde 1875parts. 1876.It Va gbde_attach_attempts 1877.Pq Vt int 1878Number of times to attempt attaching to a 1879.Xr gbde 4 1880device, i.e., how many times the user is asked for the pass-phrase. 1881Default is 3. 1882.It Va geli_devices 1883.Pq Vt str 1884List of devices to automatically attach on boot. 1885Note that .eli devices from 1886.Pa /etc/fstab 1887are automatically appended to this list. 1888.It Va geli_tries 1889.Pq Vt int 1890Number of times user is asked for the pass-phrase. 1891If empty, it will be taken from 1892.Va kern.geom.eli.tries 1893sysctl variable. 1894.It Va geli_default_flags 1895.Pq Vt str 1896Default flags to use by 1897.Xr geli 8 1898when configuring disk encryption. 1899Flags can be configured for every device separately by defining 1900.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1901variable. 1902.It Va geli_autodetach 1903.Pq Vt str 1904Specifies if GELI devices should be marked for detach on last close after 1905file systems are mounted. 1906Default is 1907.Dq Li YES . 1908This can be changed for every device separately by defining 1909.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1910variable. 1911.It Va root_rw_mount 1912.Pq Vt bool 1913Set to 1914.Dq Li YES 1915by default. 1916After the file systems are checked at boot time, the root file system 1917is remounted as read-write if this is set to 1918.Dq Li YES . 1919Diskless systems that mount their root file system from a read-only remote 1920NFS share should set this to 1921.Dq Li NO 1922in their 1923.Pa rc.conf . 1924.It Va fsck_y_enable 1925.Pq Vt bool 1926If set to 1927.Dq Li YES , 1928.Xr fsck 8 1929will be run with the 1930.Fl y 1931flag if the initial preen 1932of the file systems fails. 1933.It Va background_fsck 1934.Pq Vt bool 1935If set to 1936.Dq Li YES , 1937the system will attempt to run 1938.Xr fsck 8 1939in the background where possible. 1940.It Va background_fsck_delay 1941.Pq Vt int 1942The amount of time in seconds to sleep before starting a background 1943.Xr fsck 8 . 1944It defaults to sixty seconds to allow large applications such as 1945the X server to start before disk I/O bandwidth is monopolized by 1946.Xr fsck 8 . 1947If set to a negative number, the background file system check will be 1948delayed indefinitely to allow the administrator to run it at a more 1949convenient time. 1950For example it may be run from 1951.Xr cron 8 1952by adding a line like 1953.Pp 1954.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1955.Pp 1956to 1957.Pa /etc/crontab . 1958.It Va netfs_types 1959.Pq Vt str 1960List of file system types that are network-based. 1961This list should generally not be modified by end users. 1962Use 1963.Va extra_netfs_types 1964instead. 1965.It Va extra_netfs_types 1966.Pq Vt str 1967If set to something other than 1968.Dq Li NO 1969(the default), 1970this variable extends the list of file system types 1971for which automatic mounting at startup by 1972.Xr rc 8 1973should be delayed until the network is initialized. 1974It should contain 1975a whitespace-separated list of network file system descriptor pairs, 1976each consisting of a file system type as passed to 1977.Xr mount 8 1978and a human-readable, one-word description, 1979joined with a colon 1980.Pq Ql \&: . 1981Extending the default list in this way is only necessary 1982when third party file system types are used. 1983.It Va syslogd_enable 1984.Pq Vt bool 1985If set to 1986.Dq Li YES , 1987run the 1988.Xr syslogd 8 1989daemon. 1990.It Va syslogd_program 1991.Pq Vt str 1992Path to 1993.Xr syslogd 8 1994(default 1995.Pa /usr/sbin/syslogd ) . 1996.It Va syslogd_flags 1997.Pq Vt str 1998If 1999.Va syslogd_enable 2000is set to 2001.Dq Li YES , 2002these are the flags to pass to 2003.Xr syslogd 8 . 2004.It Va inetd_enable 2005.Pq Vt bool 2006If set to 2007.Dq Li YES , 2008run the 2009.Xr inetd 8 2010daemon. 2011.It Va inetd_program 2012.Pq Vt str 2013Path to 2014.Xr inetd 8 2015(default 2016.Pa /usr/sbin/inetd ) . 2017.It Va inetd_flags 2018.Pq Vt str 2019If 2020.Va inetd_enable 2021is set to 2022.Dq Li YES , 2023these are the flags to pass to 2024.Xr inetd 8 . 2025.It Va hastd_enable 2026.Pq Vt bool 2027If set to 2028.Dq Li YES , 2029run the 2030.Xr hastd 8 2031daemon. 2032.It Va hastd_program 2033.Pq Vt str 2034Path to 2035.Xr hastd 8 2036(default 2037.Pa /sbin/hastd ) . 2038.It Va hastd_flags 2039.Pq Vt str 2040If 2041.Va hastd_enable 2042is set to 2043.Dq Li YES , 2044these are the flags to pass to 2045.Xr hastd 8 . 2046.It Va named_enable 2047.Pq Vt bool 2048If set to 2049.Dq Li YES , 2050run the 2051.Xr named 8 2052daemon. 2053.It Va named_program 2054.Pq Vt str 2055Path to 2056.Xr named 8 2057(default 2058.Pa /usr/sbin/named ) . 2059.It Va named_conf 2060.Pq Vt str 2061Path to 2062.Xr named 8 2063configuration file, (default 2064.Pa /etc/namedb/named.conf ) . 2065.It Va named_flags 2066.Pq Vt str 2067If 2068.Va named_enable 2069is set to 2070.Dq Li YES , 2071these are the flags to pass to 2072.Xr named 8 . 2073.It Va named_uid 2074.Pq Vt str 2075The user that the 2076.Xr named 8 2077process should be run as. 2078.It Va named_chrootdir 2079.Pq Vt str 2080The root directory for a name server run in a 2081.Xr chroot 8 2082environment (default 2083.Pa /var/named ) . 2084If left empty 2085.Xr named 8 2086will not be run in a 2087.Xr chroot 8 2088environment. 2089.It Va named_chroot_autoupdate 2090.Pq Vt bool 2091Set to 2092.Dq Li NO 2093to disable automatic update of the 2094.Xr chroot 8 2095environment. 2096.It Va named_symlink_enable 2097.Pq Vt bool 2098Set to 2099.Dq Li NO 2100to disable symlinking of 2101daemon's PID file 2102into the 2103.Xr chroot 8 2104environment. 2105.It Va named_wait 2106.Pq Vt bool 2107Set to have 2108.Pa /etc/rc.d/named 2109loop until working name service is established. 2110.It Va named_wait_host 2111.Pq Vt str 2112Name of host to lookup for the named_wait option. 2113(Default localhost) 2114.It Va named_auto_forward 2115.Pq Vt bool 2116Set to enable automatic creation of a forwarder 2117configuration file derived from 2118.Pa /etc/resolv.conf . 2119.It Va named_auto_forward_only 2120.Pq Vt bool 2121Set to change the default forwarder configuration from 2122.Dq forward first 2123to 2124.Dq forward only . 2125.It Va kerberos5_server_enable 2126.Pq Vt bool 2127Set to 2128.Dq Li YES 2129to start a Kerberos 5 authentication server 2130at boot time. 2131.It Va kerberos5_server 2132.Pq Vt str 2133If 2134.Va kerberos5_server_enable 2135is set to 2136.Dq Li YES 2137this is the path to Kerberos 5 Authentication Server. 2138.It Va kerberos5_server_flags 2139.Pq Vt str 2140Empty by default. 2141This variable contains additional flags to be passed to the Kerberos 5 2142authentication server. 2143.It Va kadmind5_server_enable 2144.Pq Vt bool 2145Set to 2146.Dq Li YES 2147to start 2148.Xr kadmind 8 , 2149the Kerberos 5 Administration Daemon; set to 2150.Dq Li NO 2151on a slave server. 2152.It Va kadmind5_server 2153.Pq Vt str 2154If 2155.Va kadmind5_server_enable 2156is set to 2157.Dq Li YES 2158this is the path to Kerberos 5 Administration Daemon. 2159.It Va kpasswdd_server_enable 2160.Pq Vt bool 2161Set to 2162.Dq Li YES 2163to start 2164.Xr kpasswdd 8 , 2165the Kerberos 5 Password-Changing Daemon; set to 2166.Dq Li NO 2167on a slave server. 2168.It Va kpasswdd_server 2169.Pq Vt str 2170If 2171.Va kpasswdd_server_enable 2172is set to 2173.Dq Li YES 2174this is the path to Kerberos 5 Password-Changing Daemon. 2175.It Va kfd_enable 2176.Pq Vt bool 2177Set to 2178.Dq Li YES 2179to start 2180.Xr kfd 8 , 2181the Kerberos 5 ticket forwarding daemon, at the boot time. 2182.It Va kfd_program 2183.Pq Vt str 2184Path to 2185.Xr kfd 8 2186(default 2187.Pa /usr/libexec/kfd ) . 2188.It Va rwhod_enable 2189.Pq Vt bool 2190If set to 2191.Dq Li YES , 2192run the 2193.Xr rwhod 8 2194daemon at boot time. 2195.It Va rwhod_flags 2196.Pq Vt str 2197If 2198.Va rwhod_enable 2199is set to 2200.Dq Li YES , 2201these are the flags to pass to it. 2202.It Va amd_enable 2203.Pq Vt bool 2204If set to 2205.Dq Li YES , 2206run the 2207.Xr amd 8 2208daemon at boot time. 2209.It Va amd_flags 2210.Pq Vt str 2211If 2212.Va amd_enable 2213is set to 2214.Dq Li YES , 2215these are the flags to pass to it. 2216See the 2217.Xr amd 8 2218manpage for more information. 2219.It Va amd_map_program 2220.Pq Vt str 2221If set, 2222the specified program is run to get the list of 2223.Xr amd 8 2224maps. 2225For example, if the 2226.Xr amd 8 2227maps are stored in NIS, one can set this to 2228run 2229.Xr ypcat 1 2230to get a list of 2231.Xr amd 8 2232maps from the 2233.Pa amd.master 2234NIS map. 2235.It Va update_motd 2236.Pq Vt bool 2237If set to 2238.Dq Li YES , 2239.Pa /etc/motd 2240will be updated at boot time to reflect the kernel release 2241being run. 2242If set to 2243.Dq Li NO , 2244.Pa /etc/motd 2245will not be updated. 2246.It Va nfs_client_enable 2247.Pq Vt bool 2248If set to 2249.Dq Li YES , 2250run the NFS client daemons at boot time. 2251.It Va nfs_access_cache 2252.Pq Vt int 2253If 2254.Va nfs_client_enable 2255is set to 2256.Dq Li YES , 2257this can be set to 2258.Dq Li 0 2259to disable NFS ACCESS RPC caching, or to the number of seconds for which 2260NFS ACCESS 2261results should be cached. 2262A value of 2-10 seconds will substantially reduce network 2263traffic for many NFS operations. 2264.It Va nfs_server_enable 2265.Pq Vt bool 2266If set to 2267.Dq Li YES , 2268run the NFS server daemons at boot time. 2269.It Va nfs_server_flags 2270.Pq Vt str 2271If 2272.Va nfs_server_enable 2273is set to 2274.Dq Li YES , 2275these are the flags to pass to the 2276.Xr nfsd 8 2277daemon. 2278.It Va nfsv4_server_enable 2279.Pq Vt bool 2280If 2281.Va nfs_server_enable 2282is set to 2283.Dq Li YES 2284and 2285.Va nfsv4_server_enable 2286are set to 2287.Dq Li YES , 2288enable the server for NFSv4 as well as NFSv2 and NFSv3. 2289.It Va nfsuserd_enable 2290.Pq Vt bool 2291If 2292.Va nfsuserd_enable 2293is set to 2294.Dq Li YES , 2295run the nfsuserd daemon, which is needed for NFSv4 in order 2296to map between user/group names vs uid/gid numbers. 2297If 2298.Va nfsv4_server_enable 2299is set to 2300.Dq Li YES , 2301this will be forced enabled. 2302.It Va nfsuserd_flags 2303.Pq Vt str 2304If 2305.Va nfsuserd_enable 2306is set to 2307.Dq Li YES , 2308these are the flags to pass to the 2309.Xr nfsuserd 8 2310daemon. 2311.It Va nfscbd_enable 2312.Pq Vt bool 2313If 2314.Va nfscbd_enable 2315is set to 2316.Dq Li YES , 2317run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2318.It Va nfscbd_flags 2319.Pq Vt str 2320If 2321.Va nfscbd_enable 2322is set to 2323.Dq Li YES , 2324these are the flags to pass to the 2325.Xr nfscbd 8 2326daemon. 2327.It Va oldnfs_server_enable 2328.Pq Vt bool 2329If 2330.Va oldnfs_server_enable 2331is set to 2332.Dq Li YES , 2333force the NFS server daemons to run the old NFS server code 2334that does not support NFSv4. 2335.It Va mountd_enable 2336.Pq Vt bool 2337If set to 2338.Dq Li YES , 2339and no 2340.Va nfs_server_enable 2341is set, start 2342.Xr mountd 8 , 2343but not 2344.Xr nfsd 8 2345daemon. 2346It is commonly needed to run CFS without real NFS used. 2347.It Va mountd_flags 2348.Pq Vt str 2349If 2350.Va mountd_enable 2351is set to 2352.Dq Li YES , 2353these are the flags to pass to the 2354.Xr mountd 8 2355daemon. 2356.It Va weak_mountd_authentication 2357.Pq Vt bool 2358If set to 2359.Dq Li YES , 2360allow services like PCNFSD to make non-privileged mount 2361requests. 2362.It Va nfs_reserved_port_only 2363.Pq Vt bool 2364If set to 2365.Dq Li YES , 2366provide NFS services only on a secure port. 2367.It Va nfs_bufpackets 2368.Pq Vt int 2369If set to a number, indicates the number of packets worth of 2370socket buffer space to reserve on an NFS client. 2371The kernel default is typically 4. 2372Using a higher number may be 2373useful on gigabit networks to improve performance. 2374The minimum value is 23752 and the maximum is 64. 2376.It Va rpc_lockd_enable 2377.Pq Vt bool 2378If set to 2379.Dq Li YES 2380and also an NFS server or client, run 2381.Xr rpc.lockd 8 2382at boot time. 2383.It Va rpc_lockd_flags 2384.Pq Vt str 2385If 2386.Va rpc_lockd_enable 2387is set to 2388.Dq Li YES , 2389these are the flags to pass to the 2390.Xr rpc.lockd 8 2391daemon. 2392.It Va rpc_statd_enable 2393.Pq Vt bool 2394If set to 2395.Dq Li YES 2396and also an NFS server or client, run 2397.Xr rpc.statd 8 2398at boot time. 2399.It Va rpc_statd_flags 2400.Pq Vt str 2401If 2402.Va rpc_statd_enable 2403is set to 2404.Dq Li YES , 2405these are the flags to pass to the 2406.Xr rpc.statd 8 2407daemon. 2408.It Va rpcbind_program 2409.Pq Vt str 2410Path to 2411.Xr rpcbind 8 2412(default 2413.Pa /usr/sbin/rpcbind ) . 2414.It Va rpcbind_enable 2415.Pq Vt bool 2416If set to 2417.Dq Li YES , 2418run the 2419.Xr rpcbind 8 2420service at boot time. 2421.It Va rpcbind_flags 2422.Pq Vt str 2423If 2424.Va rpcbind_enable 2425is set to 2426.Dq Li YES , 2427these are the flags to pass to the 2428.Xr rpcbind 8 2429daemon. 2430.It Va keyserv_enable 2431.Pq Vt bool 2432If set to 2433.Dq Li YES , 2434run the 2435.Xr keyserv 8 2436daemon on boot for running Secure RPC. 2437.It Va keyserv_flags 2438.Pq Vt str 2439If 2440.Va keyserv_enable 2441is set to 2442.Dq Li YES , 2443these are the flags to pass to 2444.Xr keyserv 8 2445daemon. 2446.It Va pppoed_enable 2447.Pq Vt bool 2448If set to 2449.Dq Li YES , 2450run the 2451.Xr pppoed 8 2452daemon at boot time to provide PPP over Ethernet services. 2453.It Va pppoed_ Ns Aq Ar provider 2454.Pq Vt str 2455.Xr pppoed 8 2456listens to requests to this 2457.Ar provider 2458and ultimately runs 2459.Xr ppp 8 2460with a 2461.Ar system 2462argument of the same name. 2463.It Va pppoed_flags 2464.Pq Vt str 2465Additional flags to pass to 2466.Xr pppoed 8 . 2467.It Va pppoed_interface 2468.Pq Vt str 2469The network interface to run 2470.Xr pppoed 8 2471on. 2472This is mandatory when 2473.Va pppoed_enable 2474is set to 2475.Dq Li YES . 2476.It Va timed_enable 2477.Pq Vt bool 2478If set to 2479.Dq Li YES , 2480run the 2481.Xr timed 8 2482service at boot time. 2483This command is intended for networks of 2484machines where a consistent 2485.Dq "network time" 2486for all hosts must be established. 2487This is often useful in large NFS 2488environments where time stamps on files are expected to be consistent 2489network-wide. 2490.It Va timed_flags 2491.Pq Vt str 2492If 2493.Va timed_enable 2494is set to 2495.Dq Li YES , 2496these are the flags to pass to the 2497.Xr timed 8 2498service. 2499.It Va ntpdate_enable 2500.Pq Vt bool 2501If set to 2502.Dq Li YES , 2503run 2504.Xr ntpdate 8 2505at system startup. 2506This command is intended to 2507synchronize the system clock only 2508.Em once 2509from some standard reference. 2510.It Va ntpdate_config 2511.Pq Vt str 2512Configuration file for 2513.Xr ntpdate 8 . 2514Default 2515.Pa /etc/ntp.conf . 2516.It Va ntpdate_hosts 2517.Pq Vt str 2518A whitespace-separated list of NTP servers to synchronize with at startup. 2519The default is to use the servers listed in 2520.Va ntpdate_config , 2521if that file exists. 2522.It Va ntpdate_program 2523.Pq Vt str 2524Path to 2525.Xr ntpdate 8 2526(default 2527.Pa /usr/sbin/ntpdate ) . 2528.It Va ntpdate_flags 2529.Pq Vt str 2530If 2531.Va ntpdate_enable 2532is set to 2533.Dq Li YES , 2534these are the flags to pass to the 2535.Xr ntpdate 8 2536command (typically a hostname). 2537.It Va ntpd_enable 2538.Pq Vt bool 2539If set to 2540.Dq Li YES , 2541run the 2542.Xr ntpd 8 2543command at boot time. 2544.It Va ntpd_program 2545.Pq Vt str 2546Path to 2547.Xr ntpd 8 2548(default 2549.Pa /usr/sbin/ntpd ) . 2550.It Va ntpd_config 2551.Pq Vt str 2552Path to 2553.Xr ntpd 8 2554configuration file. 2555Default 2556.Pa /etc/ntp.conf . 2557.It Va ntpd_flags 2558.Pq Vt str 2559If 2560.Va ntpd_enable 2561is set to 2562.Dq Li YES , 2563these are the flags to pass to the 2564.Xr ntpd 8 2565daemon. 2566.It Va ntpd_sync_on_start 2567.Pq Vt bool 2568If set to 2569.Dq Li YES , 2570.Xr ntpd 8 2571is run with the 2572.Fl g 2573flag, which syncs the system's clock on startup. 2574See 2575.Xr ntpd 8 2576for more information regarding the 2577.Fl g 2578option. 2579This is a preferred alternative to using 2580.Xr ntpdate 8 2581or specifying the 2582.Va ntpdate_enable 2583variable. 2584.It Va nis_client_enable 2585.Pq Vt bool 2586If set to 2587.Dq Li YES , 2588run the 2589.Xr ypbind 8 2590service at system boot time. 2591.It Va nis_client_flags 2592.Pq Vt str 2593If 2594.Va nis_client_enable 2595is set to 2596.Dq Li YES , 2597these are the flags to pass to the 2598.Xr ypbind 8 2599service. 2600.It Va nis_ypset_enable 2601.Pq Vt bool 2602If set to 2603.Dq Li YES , 2604run the 2605.Xr ypset 8 2606daemon at system boot time. 2607.It Va nis_ypset_flags 2608.Pq Vt str 2609If 2610.Va nis_ypset_enable 2611is set to 2612.Dq Li YES , 2613these are the flags to pass to the 2614.Xr ypset 8 2615daemon. 2616.It Va nis_server_enable 2617.Pq Vt bool 2618If set to 2619.Dq Li YES , 2620run the 2621.Xr ypserv 8 2622daemon at system boot time. 2623.It Va nis_server_flags 2624.Pq Vt str 2625If 2626.Va nis_server_enable 2627is set to 2628.Dq Li YES , 2629these are the flags to pass to the 2630.Xr ypserv 8 2631daemon. 2632.It Va nis_ypxfrd_enable 2633.Pq Vt bool 2634If set to 2635.Dq Li YES , 2636run the 2637.Xr rpc.ypxfrd 8 2638daemon at system boot time. 2639.It Va nis_ypxfrd_flags 2640.Pq Vt str 2641If 2642.Va nis_ypxfrd_enable 2643is set to 2644.Dq Li YES , 2645these are the flags to pass to the 2646.Xr rpc.ypxfrd 8 2647daemon. 2648.It Va nis_yppasswdd_enable 2649.Pq Vt bool 2650If set to 2651.Dq Li YES , 2652run the 2653.Xr rpc.yppasswdd 8 2654daemon at system boot time. 2655.It Va nis_yppasswdd_flags 2656.Pq Vt str 2657If 2658.Va nis_yppasswdd_enable 2659is set to 2660.Dq Li YES , 2661these are the flags to pass to the 2662.Xr rpc.yppasswdd 8 2663daemon. 2664.It Va rpc_ypupdated_enable 2665.Pq Vt bool 2666If set to 2667.Dq Li YES , 2668run the 2669.Nm rpc.ypupdated 2670daemon at system boot time. 2671.It Va bsnmpd_enable 2672.Pq Vt bool 2673If set to 2674.Dq Li YES , 2675run the 2676.Xr bsnmpd 1 2677daemon at system boot time. 2678Be sure to understand the security implications of running SNMP daemon 2679on your host. 2680.It Va bsnmpd_flags 2681.Pq Vt str 2682If 2683.Va bsnmpd_enable 2684is set to 2685.Dq Li YES , 2686these are the flags to pass to the 2687.Xr bsnmpd 1 2688daemon. 2689.It Va defaultrouter 2690.Pq Vt str 2691If not set to 2692.Dq Li NO , 2693create a default route to this host name or IP address 2694(use an IP address if this router is also required to get to the 2695name server!). 2696.It Va ipv6_defaultrouter 2697.Pq Vt str 2698The IPv6 equivalent of 2699.Va defaultrouter . 2700.It Va static_arp_pairs 2701.Pq Vt str 2702Set to the list of static ARP pairs that are to be added at system 2703boot time. 2704For each whitespace separated 2705.Ar element 2706in the value, a 2707.Va static_arp_ Ns Aq Ar element 2708variable is assumed to exist whose contents will later be passed to a 2709.Dq Nm arp Cm -S 2710operation. 2711For example 2712.Bd -literal 2713static_arp_pairs="gw" 2714static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2715.Ed 2716.It Va static_ndp_pairs 2717.Pq Vt str 2718Set to the list of static NDP pairs that are to be added at system 2719boot time. 2720For each whitespace separated 2721.Ar element 2722in the value, a 2723.Va static_ndp_ Ns Aq Ar element 2724variable is assumed to exist whose contents will later be passed to a 2725.Dq Nm ndp Cm -s 2726operation. 2727For example 2728.Bd -literal 2729static_ndp_pairs="gw" 2730static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2731.Ed 2732.It Va static_routes 2733.Pq Vt str 2734Set to the list of static routes that are to be added at system 2735boot time. 2736If not set to 2737.Dq Li NO 2738then for each whitespace separated 2739.Ar element 2740in the value, a 2741.Va route_ Ns Aq Ar element 2742variable is assumed to exist 2743whose contents will later be passed to a 2744.Dq Nm route Cm add 2745operation. 2746For example: 2747.Bd -literal 2748static_routes="ext mcast:gif0 gif0local:gif0" 2749route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2750route_mcast="-net 224.0.0.0/4 -iface gif0" 2751route_gif0local="-host 169.254.1.1 -iface lo0" 2752.Ed 2753.Pp 2754When an 2755.Ar element 2756is in the form of 2757.Li name:ifname , 2758the route is specific to the interface 2759.Li ifname . 2760.It Va ipv6_static_routes 2761.Pq Vt str 2762The IPv6 equivalent of 2763.Va static_routes . 2764If not set to 2765.Dq Li NO 2766then for each whitespace separated 2767.Ar element 2768in the value, a 2769.Va ipv6_route_ Ns Aq Ar element 2770variable is assumed to exist 2771whose contents will later be passed to a 2772.Dq Nm route Cm add Fl inet6 2773operation. 2774.It Va natm_static_routes 2775.Pq Vt str 2776The 2777.Xr natmip 4 2778equivalent of 2779.Va static_routes . 2780If not empty then for each whitespace separated 2781.Ar element 2782in the value, a 2783.Va route_ Ns Aq Ar element 2784variable is assumed to exist whose contents will later be passed to a 2785.Dq Nm atmconfig Cm natm Cm add 2786operation. 2787.It Va gateway_enable 2788.Pq Vt bool 2789If set to 2790.Dq Li YES , 2791configure host to act as an IP router, e.g.\& to forward packets 2792between interfaces. 2793.It Va ipv6_gateway_enable 2794.Pq Vt bool 2795The IPv6 equivalent of 2796.Va gateway_enable . 2797.It Va routed_enable 2798.Pq Vt bool 2799If set to 2800.Dq Li YES , 2801run a routing daemon of some sort, based on the 2802settings of 2803.Va routed_program 2804and 2805.Va routed_flags . 2806.It Va route6d_enable 2807.Pq Vt bool 2808The IPv6 equivalent of 2809.Va routed_enable . 2810If set to 2811.Dq Li YES , 2812run a routing daemon of some sort, based on the 2813settings of 2814.Va route6d_program 2815and 2816.Va route6d_flags . 2817.It Va routed_program 2818.Pq Vt str 2819If 2820.Va routed_enable 2821is set to 2822.Dq Li YES , 2823this is the name of the routing daemon to use. 2824.It Va route6d_program 2825.Pq Vt str 2826The IPv6 equivalent of 2827.Va routed_program . 2828.It Va routed_flags 2829.Pq Vt str 2830If 2831.Va routed_enable 2832is set to 2833.Dq Li YES , 2834these are the flags to pass to the routing daemon. 2835.It Va route6d_flags 2836.Pq Vt str 2837The IPv6 equivalent of 2838.Va routed_flags . 2839.It Va mrouted_enable 2840.Pq Vt bool 2841If set to 2842.Dq Li YES , 2843run the multicast routing daemon, 2844.Xr mrouted 8 . 2845.It Va mroute6d_enable 2846.Pq Vt bool 2847The IPv6 equivalent of 2848.Va mrouted_enable . 2849If set to 2850.Dq Li YES , 2851run the IPv6 multicast routing daemon. 2852.Pp 2853Note that multicast routing daemons are no longer included in the 2854.Fx 2855base system, however, both 2856.Xr mrouted 8 2857and 2858.Xr pim6dd 8 2859may be installed from the 2860.Fx 2861Ports Collection. 2862.It Va mrouted_flags 2863.Pq Vt str 2864If 2865.Va mrouted_enable 2866is set to 2867.Dq Li YES , 2868these are the flags to pass to the 2869.Xr mrouted 8 2870daemon. 2871.It Va mroute6d_flags 2872.Pq Vt str 2873The IPv6 equivalent of 2874.Va mrouted_flags . 2875If 2876.Va mroute6d_enable 2877is set to 2878.Dq Li YES , 2879these are the flags passed to the IPv6 multicast routing daemon. 2880.It Va mroute6d_program 2881.Pq Vt str 2882If 2883.Va mroute6d_enable 2884is set to 2885.Dq Li YES , 2886this is the path to the IPv6 multicast routing daemon. 2887.It Va rtadvd_enable 2888.Pq Vt bool 2889If set to 2890.Dq Li YES , 2891run the 2892.Xr rtadvd 8 2893daemon at boot time. 2894The 2895.Xr rtadvd 8 2896utility sends ICMPv6 Router Advertisement messages to 2897the interfaces specified in 2898.Va rtadvd_interfaces . 2899This should only be enabled with great care. 2900You may want to fine-tune 2901.Xr rtadvd.conf 5 . 2902.It Va rtadvd_interfaces 2903.Pq Vt str 2904If 2905.Va rtadvd_enable 2906is set to 2907.Dq Li YES 2908this is the list of interfaces to use. 2909.It Va ipxgateway_enable 2910.Pq Vt bool 2911If set to 2912.Dq Li YES , 2913enable the routing of IPX traffic. 2914.It Va ipxrouted_enable 2915.Pq Vt bool 2916If set to 2917.Dq Li YES , 2918run the 2919.Xr IPXrouted 8 2920daemon at system boot time. 2921.It Va ipxrouted_flags 2922.Pq Vt str 2923If 2924.Va ipxrouted_enable 2925is set to 2926.Dq Li YES , 2927these are the flags to pass to the 2928.Xr IPXrouted 8 2929daemon. 2930.It Va arpproxy_all 2931.Pq Vt bool 2932If set to 2933.Dq Li YES , 2934enable global proxy ARP. 2935.It Va forward_sourceroute 2936.Pq Vt bool 2937If set to 2938.Dq Li YES 2939and 2940.Va gateway_enable 2941is also set to 2942.Dq Li YES , 2943source-routed packets are forwarded. 2944.It Va accept_sourceroute 2945.Pq Vt bool 2946If set to 2947.Dq Li YES , 2948the system will accept source-routed packets directed at it. 2949.It Va rarpd_enable 2950.Pq Vt bool 2951If set to 2952.Dq Li YES , 2953run the 2954.Xr rarpd 8 2955daemon at system boot time. 2956.It Va rarpd_flags 2957.Pq Vt str 2958If 2959.Va rarpd_enable 2960is set to 2961.Dq Li YES , 2962these are the flags to pass to the 2963.Xr rarpd 8 2964daemon. 2965.It Va bootparamd_enable 2966.Pq Vt bool 2967If set to 2968.Dq Li YES , 2969run the 2970.Xr bootparamd 8 2971daemon at system boot time. 2972.It Va bootparamd_flags 2973.Pq Vt str 2974If 2975.Va bootparamd_enable 2976is set to 2977.Dq Li YES , 2978these are the flags to pass to the 2979.Xr bootparamd 8 2980daemon. 2981.It Va stf_interface_ipv4addr 2982.Pq Vt str 2983If not set to 2984.Dq Li NO , 2985this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2986interface). 2987Specify this entry to enable the 6to4 interface. 2988.It Va stf_interface_ipv4plen 2989.Pq Vt int 2990Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2991An effective value is 0-31. 2992.It Va stf_interface_ipv6_ifid 2993.Pq Vt str 2994IPv6 interface ID for 2995.Xr stf 4 . 2996This can be set to 2997.Dq Li AUTO . 2998.It Va stf_interface_ipv6_slaid 2999.Pq Vt str 3000IPv6 Site Level Aggregator for 3001.Xr stf 4 . 3002.It Va ipv6_faith_prefix 3003.Pq Vt str 3004If not set to 3005.Dq Li NO , 3006this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 3007translator. 3008You also need 3009.Xr faithd 8 3010setup. 3011.It Va ipv6_ipv4mapping 3012.Pq Vt bool 3013If set to 3014.Dq Li YES 3015this enables IPv4 mapped IPv6 address communication (like 3016.Li ::ffff:a.b.c.d ) . 3017.It Va rtsold_enable 3018.Pq Vt bool 3019Set to 3020.Dq Li YES 3021to enable the 3022.Xr rtsold 8 3023daemon to send ICMPv6 Router Solicitation messages. 3024.It Va rtsold_flags 3025.Pq Vt str 3026If 3027.Va rtsold_enable 3028is set to 3029.Dq Li YES , 3030these are the flags to pass to 3031.Xr rtsold 8 . 3032.It Va rtsol_flags 3033.Pq Vt str 3034For interfaces configured with the 3035.Dq Li inet6 accept_rtadv 3036keyword, these are the flags to pass to 3037.Xr rtsol 8 . 3038.Pp 3039Note that 3040.Va rtsold_enable 3041is mutually exclusive to 3042.Va rtsol_flags ; 3043.Va rtsold_enable 3044takes precedence. 3045.It Va atm_enable 3046.Pq Vt bool 3047Set to 3048.Dq Li YES 3049to enable the configuration of ATM interfaces at system boot time. 3050For all of the ATM variables described below, please refer to the 3051.Xr atm 8 3052manual page for further details on the available command parameters. 3053Also refer to the files in 3054.Pa /usr/share/examples/atm 3055for more detailed configuration information. 3056.It Va atm_load 3057.Pq Vt str 3058This is a list of physical ATM interface drivers to load. 3059Typical values are 3060.Dq Li hfa_pci 3061and/or 3062.Dq Li hea_pci . 3063.It Va atm_netif_ Ns Aq Ar intf 3064.Pq Vt str 3065For the ATM physical interface 3066.Ar intf , 3067this variable defines the name prefix and count for the ATM network 3068interfaces to be created. 3069The value will be passed as the parameters of an 3070.Dq Nm atm Cm "set netif" Ar intf 3071command. 3072.It Va atm_sigmgr_ Ns Aq Ar intf 3073.Pq Vt str 3074For the ATM physical interface 3075.Ar intf , 3076this variable defines the ATM signalling manager to be used. 3077The value will be passed as the parameters of an 3078.Dq Nm atm Cm attach Ar intf 3079command. 3080.It Va atm_prefix_ Ns Aq Ar intf 3081.Pq Vt str 3082For the ATM physical interface 3083.Ar intf , 3084this variable defines the NSAP prefix for interfaces using a UNI signalling 3085manager. 3086If set to 3087.Dq Li ILMI , 3088the prefix will automatically be set via the 3089.Xr ilmid 8 3090daemon. 3091Otherwise, the value will be passed as the parameters of an 3092.Dq Nm atm Cm "set prefix" Ar intf 3093command. 3094.It Va atm_macaddr_ Ns Aq Ar intf 3095.Pq Vt str 3096For the ATM physical interface 3097.Ar intf , 3098this variable defines the MAC address for interfaces using a UNI signalling 3099manager. 3100If set to 3101.Dq Li NO , 3102the hardware MAC address contained in the ATM interface card will be used. 3103Otherwise, the value will be passed as the parameters of an 3104.Dq Nm atm Cm "set mac" Ar intf 3105command. 3106.It Va atm_arpserver_ Ns Aq Ar netif 3107.Pq Vt str 3108For the ATM network interface 3109.Ar netif , 3110this variable defines the ATM address for a host which is to provide ATMARP 3111service. 3112This variable is only applicable to interfaces using a UNI signalling 3113manager. 3114If set to 3115.Dq Li local , 3116this host will become an ATMARP server. 3117The value will be passed as the parameters of an 3118.Dq Nm atm Cm "set arpserver" Ar netif 3119command. 3120.It Va atm_scsparp_ Ns Aq Ar netif 3121.Pq Vt bool 3122If set to 3123.Dq Li YES , 3124SCSP/ATMARP service for the network interface 3125.Ar netif 3126will be initiated using the 3127.Xr scspd 8 3128and 3129.Xr atmarpd 8 3130daemons. 3131This variable is only applicable if 3132.Va atm_arpserver_ Ns Aq Ar netif 3133is set to 3134.Dq Li local . 3135.It Va atm_pvcs 3136.Pq Vt str 3137Set to the list of ATM PVCs to be added at system 3138boot time. 3139For each whitespace separated 3140.Ar element 3141in the value, an 3142.Va atm_pvc_ Ns Aq Ar element 3143variable is assumed to exist. 3144The value of each of these variables 3145will be passed as the parameters of an 3146.Dq Nm atm Cm "add pvc" 3147command. 3148.It Va atm_arps 3149.Pq Vt str 3150Set to the list of permanent ATM ARP entries to be added 3151at system boot time. 3152For each whitespace separated 3153.Ar element 3154in the value, an 3155.Va atm_arp_ Ns Aq Ar element 3156variable is assumed to exist. 3157The value of each of these variables 3158will be passed as the parameters of an 3159.Dq Nm atm Cm "add arp" 3160command. 3161.It Va natm_interfaces 3162.Pq Vt str 3163Set to the list of 3164.Xr natm 4 3165interfaces that will also be used for HARP through 3166.Xr harp 4 . 3167If this list is not empty all interfaces in the list will be brought up 3168with 3169.Xr ifconfig 8 3170and 3171.Xr harp 4 3172will be loaded. 3173For this to work the interface drivers must be either compiled into the 3174kernel or must reside on the root partition. 3175.It Va keybell 3176.Pq Vt str 3177The keyboard bell sound. 3178Set to 3179.Dq Li normal , 3180.Dq Li visual , 3181.Dq Li off , 3182or 3183.Dq Li NO 3184if the default behavior is desired. 3185For details, refer to the 3186.Xr kbdcontrol 1 3187manpage. 3188.It Va keyboard 3189.Pq Vt str 3190If set to a non-null string, the virtual console's keyboard input is 3191set to this device. 3192.It Va keymap 3193.Pq Vt str 3194If set to 3195.Dq Li NO , 3196no keymap is installed, otherwise the value is used to install 3197the keymap file in 3198.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3199.It Va keyrate 3200.Pq Vt str 3201The keyboard repeat speed. 3202Set to 3203.Dq Li slow , 3204.Dq Li normal , 3205.Dq Li fast , 3206or 3207.Dq Li NO 3208if the default behavior is desired. 3209.It Va keychange 3210.Pq Vt str 3211If not set to 3212.Dq Li NO , 3213attempt to program the function keys with the value. 3214The value should 3215be a single string of the form: 3216.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3217.It Va cursor 3218.Pq Vt str 3219Can be set to the value of 3220.Dq Li normal , 3221.Dq Li blink , 3222.Dq Li destructive , 3223or 3224.Dq Li NO 3225to set the cursor behavior explicitly or choose the default behavior. 3226.It Va scrnmap 3227.Pq Vt str 3228If set to 3229.Dq Li NO , 3230no screen map is installed, otherwise the value is used to install 3231the screen map file in 3232.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3233.It Va font8x16 3234.Pq Vt str 3235If set to 3236.Dq Li NO , 3237the default 8x16 font value is used for screen size requests, otherwise 3238the value in 3239.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3240is used. 3241.It Va font8x14 3242.Pq Vt str 3243If set to 3244.Dq Li NO , 3245the default 8x14 font value is used for screen size requests, otherwise 3246the value in 3247.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3248is used. 3249.It Va font8x8 3250.Pq Vt str 3251If set to 3252.Dq Li NO , 3253the default 8x8 font value is used for screen size requests, otherwise 3254the value in 3255.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3256is used. 3257.It Va blanktime 3258.Pq Vt int 3259If set to 3260.Dq Li NO , 3261the default screen blanking interval is used, otherwise it is set 3262to 3263.Ar value 3264seconds. 3265.It Va saver 3266.Pq Vt str 3267If not set to 3268.Dq Li NO , 3269this is the actual screen saver to use 3270.Li ( blank , snake , daemon , 3271etc). 3272.It Va moused_nondefault_enable 3273.Pq Vt str 3274If set to 3275.Dq Li NO , 3276the mouse device specified on 3277the command line is not automatically treated as enabled by the 3278.Pa /etc/rc.d/moused 3279script. 3280Having this variable set to 3281.Dq Li YES 3282allows a 3283.Xr usb 4 3284mouse, 3285for example, 3286to be enabled as soon as it is plugged in. 3287.It Va moused_enable 3288.Pq Vt str 3289If set to 3290.Dq Li YES , 3291the 3292.Xr moused 8 3293daemon is started for doing cut/paste selection on the console. 3294.It Va moused_type 3295.Pq Vt str 3296This is the protocol type of the mouse connected to this host. 3297This variable must be set if 3298.Va moused_enable 3299is set to 3300.Dq Li YES . 3301The 3302.Xr moused 8 3303daemon 3304is able to detect the appropriate mouse type automatically in many cases. 3305Set this variable to 3306.Dq Li auto 3307to let the daemon detect it, or 3308select one from the following list if the automatic detection fails. 3309.Pp 3310If the mouse is attached to the PS/2 mouse port, choose 3311.Dq Li auto 3312or 3313.Dq Li ps/2 , 3314regardless of the brand and model of the mouse. 3315Likewise, if the 3316mouse is attached to the bus mouse port, choose 3317.Dq Li auto 3318or 3319.Dq Li busmouse . 3320All other protocols are for serial mice and will not work with 3321the PS/2 and bus mice. 3322If this is a USB mouse, 3323.Dq Li auto 3324is the only protocol type which will work. 3325.Pp 3326.Bl -tag -width ".Li x10mouseremote" -compact 3327.It Li microsoft 3328Microsoft mouse (serial) 3329.It Li intellimouse 3330Microsoft IntelliMouse (serial) 3331.It Li mousesystems 3332Mouse systems Corp.\& mouse (serial) 3333.It Li mmseries 3334MM Series mouse (serial) 3335.It Li logitech 3336Logitech mouse (serial) 3337.It Li busmouse 3338A bus mouse 3339.It Li mouseman 3340Logitech MouseMan and TrackMan (serial) 3341.It Li glidepoint 3342ALPS GlidePoint (serial) 3343.It Li thinkingmouse 3344Kensington ThinkingMouse (serial) 3345.It Li ps/2 3346PS/2 mouse 3347.It Li mmhittab 3348MM HitTablet (serial) 3349.It Li x10mouseremote 3350X10 MouseRemote (serial) 3351.It Li versapad 3352Interlink VersaPad (serial) 3353.El 3354.Pp 3355Even if the mouse is not in the above list, it may be compatible 3356with one in the list. 3357Refer to the manual page for 3358.Xr moused 8 3359for compatibility information. 3360.Pp 3361It should also be noted that while this is enabled, any 3362other client of the mouse (such as an X server) should access 3363the mouse through the virtual mouse device, 3364.Pa /dev/sysmouse , 3365and configure it as a 3366.Dq Li sysmouse 3367type mouse, since all 3368mouse data is converted to this single canonical format when 3369using 3370.Xr moused 8 . 3371If the client program does not support the 3372.Dq Li sysmouse 3373type, 3374specify the 3375.Dq Li mousesystems 3376type. 3377It is the second preferred type. 3378.It Va moused_port 3379.Pq Vt str 3380If 3381.Va moused_enable 3382is set to 3383.Dq Li YES , 3384this is the actual port the mouse is on. 3385It might be 3386.Pa /dev/cuau0 3387for a COM1 serial mouse, 3388.Pa /dev/psm0 3389for a PS/2 mouse or 3390.Pa /dev/mse0 3391for a bus mouse, for example. 3392.It Va moused_flags 3393.Pq Vt str 3394If 3395.Va moused_flags 3396is set, its value is used as an additional set of flags to pass to the 3397.Xr moused 8 3398daemon. 3399.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3400When 3401.Va moused_nondefault_enable 3402is enabled, and a 3403.Xr moused 8 3404daemon is started for a non-default port, the 3405.Va "moused_" Ns Ar XXX Ns Va "_flags" 3406set of options has precedence over and replaces the default 3407.Va moused_flags 3408(where 3409.Ar XXX 3410is the name of the non-default port, i.e.,\& 3411.Ar ums0 ) . 3412By setting 3413.Va "moused_" Ns Ar XXX Ns Va "_flags" 3414it is possible to set up a different set of default flags for each 3415.Xr moused 8 3416instance. 3417For example, you can use 3418.Dq Li "-3" 3419for the default 3420.Va moused_flags 3421to make your laptop's touchpad more comfortable to use, 3422but an empty set of options for 3423.Va moused_ums0_flags 3424when your 3425.Xr usb 4 3426mouse has three or more buttons. 3427.It Va mousechar_start 3428.Pq Vt int 3429If set to 3430.Dq Li NO , 3431the default mouse cursor character range 3432.Li 0xd0 Ns - Ns Li 0xd3 3433is used, 3434otherwise the range start is set 3435to 3436.Ar value 3437character, see 3438.Xr vidcontrol 1 . 3439Use if the default range is occupied in the language code table. 3440.It Va allscreens_flags 3441.Pq Vt str 3442If set, 3443.Xr vidcontrol 1 3444is run with these options for each of the virtual terminals 3445.Pq Pa /dev/ttyv* . 3446For example, 3447.Dq Fl m Cm on 3448will enable the mouse pointer on all virtual terminals 3449if 3450.Va moused_enable 3451is set to 3452.Dq Li YES . 3453.It Va allscreens_kbdflags 3454.Pq Vt str 3455If set, 3456.Xr kbdcontrol 1 3457is run with these options for each of the virtual terminals 3458.Pq Pa /dev/ttyv* . 3459For example, 3460.Dq Fl h Li 200 3461will set the 3462.Xr syscons 4 3463scrollback (history) buffer to 200 lines. 3464.It Va cron_enable 3465.Pq Vt bool 3466If set to 3467.Dq Li YES , 3468run the 3469.Xr cron 8 3470daemon at system boot time. 3471.It Va cron_program 3472.Pq Vt str 3473Path to 3474.Xr cron 8 3475(default 3476.Pa /usr/sbin/cron ) . 3477.It Va cron_flags 3478.Pq Vt str 3479If 3480.Va cron_enable 3481is set to 3482.Dq Li YES , 3483these are the flags to pass to 3484.Xr cron 8 . 3485.It Va cron_dst 3486.Pq Vt bool 3487If set to 3488.Dq Li YES , 3489enable the special handling of transitions to and from the 3490Daylight Saving Time in 3491.Xr cron 8 3492(equivalent to using the flag 3493.Fl s ) . 3494.It Va lpd_program 3495.Pq Vt str 3496Path to 3497.Xr lpd 8 3498(default 3499.Pa /usr/sbin/lpd ) . 3500.It Va lpd_enable 3501.Pq Vt bool 3502If set to 3503.Dq Li YES , 3504run the 3505.Xr lpd 8 3506daemon at system boot time. 3507.It Va lpd_flags 3508.Pq Vt str 3509If 3510.Va lpd_enable 3511is set to 3512.Dq Li YES , 3513these are the flags to pass to the 3514.Xr lpd 8 3515daemon. 3516.It Va chkprintcap_enable 3517.Pq Vt bool 3518If set to 3519.Dq Li YES , 3520run the 3521.Xr chkprintcap 8 3522command before starting the 3523.Xr lpd 8 3524daemon. 3525.It Va chkprintcap_flags 3526.Pq Vt str 3527If 3528.Va lpd_enable 3529and 3530.Va chkprintcap_enable 3531are set to 3532.Dq Li YES , 3533these are the flags to pass to the 3534.Xr chkprintcap 8 3535program. 3536The default is 3537.Dq Li -d , 3538which causes missing directories to be created. 3539.It Va mta_start_script 3540.Pq Vt str 3541This variable specifies the full path to the script to run to start 3542a mail transfer agent. 3543The default is 3544.Pa /etc/rc.sendmail . 3545The 3546.Va sendmail_* 3547variables which 3548.Pa /etc/rc.sendmail 3549uses are documented in the 3550.Xr rc.sendmail 8 3551manual page. 3552.It Va dumpdev 3553.Pq Vt str 3554Indicates the device (usually a swap partition) to which a crash dump 3555should be written in the event of a system crash. 3556If the value of this variable is 3557.Dq Li AUTO , 3558the first suitable swap device listed in 3559.Pa /etc/fstab 3560will be used as dump device. 3561Otherwise, the value of this variable is passed as the argument to 3562.Xr dumpon 8 . 3563To disable crash dumps, set this variable to 3564.Dq Li NO . 3565.It Va dumpdir 3566.Pq Vt str 3567When the system reboots after a crash and a crash dump is found on the 3568device specified by the 3569.Va dumpdev 3570variable, 3571.Xr savecore 8 3572will save that crash dump and a copy of the kernel to the directory 3573specified by the 3574.Va dumpdir 3575variable. 3576The default value is 3577.Pa /var/crash . 3578Set to 3579.Dq Li NO 3580to not run 3581.Xr savecore 8 3582at boot time when 3583.Va dumpdir 3584is set. 3585.It Va savecore_flags 3586.Pq Vt str 3587If crash dumps are enabled, these are the flags to pass to the 3588.Xr savecore 8 3589utility. 3590.It Va quota_enable 3591.Pq Vt bool 3592Set to 3593.Dq Li YES 3594to turn on user and group disk quotas on system startup via the 3595.Xr quotaon 8 3596command for all file systems marked as having quotas enabled in 3597.Pa /etc/fstab . 3598The kernel must be built with 3599.Cd "options QUOTA" 3600for disk quotas to function. 3601.It Va check_quotas 3602.Pq Vt bool 3603Set to 3604.Dq Li YES 3605to enable user and group disk quota checking via the 3606.Xr quotacheck 8 3607command. 3608.It Va quotacheck_flags 3609.Pq Vt str 3610If 3611.Va quota_enable 3612is set to 3613.Dq Li YES , 3614and 3615.Va check_quotas 3616is set to 3617.Dq Li YES , 3618these are the flags to pass to the 3619.Xr quotacheck 8 3620utility. 3621The default is 3622.Dq Li "-a" , 3623which checks quotas for all file systems with quotas enabled in 3624.Pa /etc/fstab . 3625.It Va quotaon_flags 3626.Pq Vt str 3627If 3628.Va quota_enable 3629is set to 3630.Dq Li YES , 3631these are the flags to pass to the 3632.Xr quotaon 8 3633utility. 3634The default is 3635.Dq Li "-a" , 3636which enables quotas for all file systems with quotas enabled in 3637.Pa /etc/fstab . 3638.It Va quotaoff_flags 3639.Pq Vt str 3640If 3641.Va quota_enable 3642is set to 3643.Dq Li YES , 3644these are the flags to pass to the 3645.Xr quotaoff 8 3646utility when shutting down the quota system. 3647The default is 3648.Dq Li "-a" , 3649which disables quotas for all file systems with quotas enabled in 3650.Pa /etc/fstab . 3651.It Va accounting_enable 3652.Pq Vt bool 3653Set to 3654.Dq Li YES 3655to enable system accounting through the 3656.Xr accton 8 3657facility. 3658.It Va ibcs2_enable 3659.Pq Vt bool 3660Set to 3661.Dq Li YES 3662to enable iBCS2 (SCO) binary emulation at system initial boot 3663time. 3664.It Va ibcs2_loaders 3665.Pq Vt str 3666If not set to 3667.Dq Li NO 3668and if 3669.Va ibcs2_enable 3670is set to 3671.Dq Li YES , 3672this specifies a list of additional iBCS2 loaders to enable. 3673.It Va linux_enable 3674.Pq Vt bool 3675Set to 3676.Dq Li YES 3677to enable Linux/ELF binary emulation at system initial 3678boot time. 3679.It Va svr4_enable 3680.Pq Vt bool 3681If set to 3682.Dq Li YES , 3683enable SysVR4 emulation at boot time. 3684.It Va sysvipc_enable 3685.Pq Vt bool 3686If set to 3687.Dq Li YES , 3688load System V IPC primitives at boot time. 3689.It Va clear_tmp_enable 3690.Pq Vt bool 3691Set to 3692.Dq Li YES 3693to have 3694.Pa /tmp 3695cleaned at startup. 3696.It Va clear_tmp_X 3697.Pq Vt bool 3698Set to 3699.Dq Li NO 3700to disable removing of X11 lock files, 3701and the removal and (secure) recreation 3702of the various socket directories for X11 3703related programs. 3704.It Va ldconfig_paths 3705.Pq Vt str 3706Set to the list of shared library paths to use with 3707.Xr ldconfig 8 . 3708NOTE: 3709.Pa /usr/lib 3710will always be added first, so it need not appear in this list. 3711.It Va ldconfig32_paths 3712.Pq Vt str 3713Set to the list of 32-bit compatibility shared library paths to 3714use with 3715.Xr ldconfig 8 . 3716.It Va ldconfig_paths_aout 3717.Pq Vt str 3718Set to the list of shared library paths to use with 3719.Xr ldconfig 8 3720legacy 3721.Xr a.out 5 3722support. 3723.It Va ldconfig_insecure 3724.Pq Vt bool 3725The 3726.Xr ldconfig 8 3727utility normally refuses to use directories 3728which are writable by anyone except root. 3729Set this variable to 3730.Dq Li YES 3731to disable that security check during system startup. 3732.It Va ldconfig_local_dirs 3733.Pq Vt str 3734Set to the list of local 3735.Xr ldconfig 8 3736directories. 3737The names of all files in the directories listed will be 3738passed as arguments to 3739.Xr ldconfig 8 . 3740.It Va ldconfig_local32_dirs 3741.Pq Vt str 3742Set to the list of local 32-bit compatibility 3743.Xr ldconfig 8 3744directories. 3745The names of all files in the directories listed will be 3746passed as arguments to 3747.Dq Nm ldconfig Fl 32 . 3748.It Va kern_securelevel_enable 3749.Pq Vt bool 3750Set to 3751.Dq Li YES 3752to set the kernel security level at system startup. 3753.It Va kern_securelevel 3754.Pq Vt int 3755The kernel security level to set at startup. 3756The allowed range of 3757.Ar value 3758ranges from \-1 (the compile time default) to 3 (the 3759most secure). 3760See 3761.Xr security 7 3762for the list of possible security levels and their effect 3763on system operation. 3764.It Va sshd_program 3765.Pq Vt str 3766Path to the SSH server program 3767.Pa ( /usr/sbin/sshd 3768is the default). 3769.It Va sshd_enable 3770.Pq Vt bool 3771Set to 3772.Dq Li YES 3773to start 3774.Xr sshd 8 3775at system boot time. 3776.It Va sshd_flags 3777.Pq Vt str 3778If 3779.Va sshd_enable 3780is set to 3781.Dq Li YES , 3782these are the flags to pass to the 3783.Xr sshd 8 3784daemon. 3785.It Va ftpd_program 3786.Pq Vt str 3787Path to the FTP server program 3788.Pa ( /usr/libexec/ftpd 3789is the default). 3790.It Va ftpd_enable 3791.Pq Vt bool 3792Set to 3793.Dq Li YES 3794to start 3795.Xr ftpd 8 3796as a stand-alone daemon at system boot time. 3797.It Va ftpd_flags 3798.Pq Vt str 3799If 3800.Va ftpd_enable 3801is set to 3802.Dq Li YES , 3803these are the additional flags to pass to the 3804.Xr ftpd 8 3805daemon. 3806.It Va watchdogd_enable 3807.Pq Vt bool 3808If set to 3809.Dq Li YES , 3810start the 3811.Xr watchdogd 8 3812daemon at boot time. 3813This requires that the kernel have been compiled with a 3814.Xr watchdog 4 3815compatible device. 3816.It Va watchdogd_flags 3817.Pq Vt str 3818If 3819.Va watchdogd_enable 3820is set to 3821.Dq Li YES , 3822these are the flags passed to the 3823.Xr watchdogd 8 3824daemon. 3825.It Va devfs_rulesets 3826.Pq Vt str 3827List of files containing sets of rules for 3828.Xr devfs 8 . 3829.It Va devfs_system_ruleset 3830.Pq Vt str 3831Rule name(s) to apply to the system 3832.Pa /dev 3833itself. 3834.It Va devfs_set_rulesets 3835.Pq Vt str 3836Pairs of already-mounted 3837.Pa dev 3838directories and rulesets that should be applied to them. 3839For example: /mount/dev=ruleset_name 3840.It Va devfs_load_rulesets 3841.Pq Vt bool 3842If set, always load the default rulesets listed in 3843.Va devfs_rulesets . 3844.It Va performance_cx_lowest 3845.Pq Vt str 3846CPU idle state to use while on AC power. 3847The string 3848.Dq Li LOW 3849indicates that 3850.Xr acpi 4 3851should use the lowest power state available while 3852.Dq Li HIGH 3853indicates that the lowest latency state (less power savings) should be used. 3854.It Va performance_cpu_freq 3855.Pq Vt str 3856CPU clock frequency to use while on AC power. 3857The string 3858.Dq Li LOW 3859indicates that 3860.Xr cpufreq 4 3861should use the lowest frequency available while 3862.Dq Li HIGH 3863indicates that the highest frequency (less power savings) should be used. 3864.It Va economy_cx_lowest 3865.Pq Vt str 3866CPU idle state to use when off AC power. 3867The string 3868.Dq Li LOW 3869indicates that 3870.Xr acpi 4 3871should use the lowest power state available while 3872.Dq Li HIGH 3873indicates that the lowest latency state (less power savings) should be used. 3874.It Va economy_cpu_freq 3875.Pq Vt str 3876CPU clock frequency to use when off AC power. 3877The string 3878.Dq Li LOW 3879indicates that 3880.Xr cpufreq 4 3881should use the lowest frequency available while 3882.Dq Li HIGH 3883indicates that the highest frequency (less power savings) should be used. 3884.It Va jail_enable 3885.Pq Vt bool 3886If set to 3887.Dq Li NO , 3888any configured jails will not be started. 3889.It Va jail_parallel_start 3890.Pq Vt bool 3891If set to 3892.Dq Li YES , 3893all configured jails will be started in the background (in parallel). 3894.It Va jail_list 3895.Pq Vt str 3896A space separated list of names for jails. 3897This is purely a configuration aid to help identify and 3898configure multiple jails. 3899The names specified in this list will be used to 3900identify settings common to an instance of a jail, 3901and should contain alphanumeric characters only. 3902The literal jail name of 3903.Dq Li 0 3904.Pq zero 3905is not allowed. 3906.Pp 3907Assuming that the jail in question was named 3908.Li vjail , 3909you would have the following dependent variables: 3910.Bd -literal 3911jail_vjail_hostname="jail.example.com" 3912jail_vjail_ip="192.0.2.100" 3913jail_vjail_rootdir="/var/jails/vjail/root" 3914.Ed 3915.Pp 3916.It Va jail_flags 3917.Pq Vt str 3918Unset by default. 3919When set, use as default value for 3920.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3921for every jail in 3922.Va jail_list . 3923.It Va jail_interface 3924.Pq Vt str 3925Unset by default. 3926When set, use as default value for 3927.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3928for every jail in 3929.Va jail_list . 3930.It Va jail_fstab 3931.Pq Vt str 3932Unset by default. 3933When set, use as default value for 3934.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3935for every jail in 3936.Va jail_list . 3937.It Va jail_mount_enable 3938.Pq Vt bool 3939Set to 3940.Dq Li NO 3941by default. 3942When set to 3943.Dq Li YES , 3944sets 3945.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3946to 3947.Dq Li YES 3948by default for every jail in 3949.Va jail_list . 3950.It Va jail_devfs_ruleset 3951.Pq Vt str 3952Unset by default. 3953When set, sets 3954.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3955to given value for every jail in 3956.Va jail_list . 3957.It Va jail_devfs_enable 3958.Pq Vt bool 3959Set to 3960.Dq Li NO 3961by default. 3962When set to 3963.Dq Li YES , 3964sets 3965.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3966to 3967.Dq Li YES 3968by default for every jail in 3969.Va jail_list . 3970.It Va jail_fdescfs_enable 3971.Pq Vt bool 3972Set to 3973.Dq Li NO 3974by default. 3975When set to 3976.Dq Li YES , 3977sets 3978.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3979to 3980.Dq Li YES 3981by default for every jail in 3982.Va jail_list . 3983.It Va jail_procfs_enable 3984.Pq Vt bool 3985Set to 3986.Dq Li NO 3987by default. 3988When set to 3989.Dq Li YES , 3990sets 3991.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3992to 3993.Dq Li YES 3994by default for every jail in 3995.Va jail_list . 3996.It Va jail_exec_prestart Ns Aq Ar N 3997.Pq Vt str 3998Unset by default. 3999When set, use as default value for 4000.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 4001for every jail in 4002.Va jail_list . 4003.It Va jail_exec_start 4004.Pq Vt str 4005Unset by default. 4006When set, use as default value for 4007.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4008for every jail in 4009.Va jail_list . 4010.It Va jail_exec_afterstart Ns Aq Ar N 4011.Pq Vt str 4012Unset by default. 4013When set, use as default value for 4014.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4015for every jail in 4016.Va jail_list . 4017.It Va jail_exec_poststart Ns Aq Ar N 4018.Pq Vt str 4019Unset by default. 4020When set, use as default value for 4021.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4022for every jail in 4023.Va jail_list . 4024.It Va jail_exec_prestop Ns Aq Ar N 4025.Pq Vt str 4026Unset by default. 4027When set, use as default value for 4028.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4029for every jail in 4030.Va jail_list . 4031.It Va jail_exec_stop 4032Unset by default. 4033When set, use as default value for 4034.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4035for every jail in 4036.Va jail_list . 4037.It Va jail_exec_poststop Ns Aq Ar N 4038.Pq Vt str 4039Unset by default. 4040When set, use as default value for 4041.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4042for every jail in 4043.Va jail_list . 4044.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4045.Pq Vt str 4046Unset by default. 4047Set to the root directory used by jail 4048.Va jname . 4049.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4050.Pq Vt str 4051Unset by default. 4052Set to the fully qualified domain name (FQDN) assigned to jail 4053.Va jname . 4054.It Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4055.Pq Vt str 4056Unset by default. 4057Set extra parameters for jail 4058.Va jname , 4059such as 4060.Dq Li allow.chflags 4061or 4062.Dq Li children.max . 4063See 4064.Xr jail 8 4065for a list of available parameters. 4066Note that the following parameters are already defined by 4067.Pa rc.d/jail 4068script out of their corresponding 4069.Nm 4070variables: 4071.Bl -tag -width "host.hostname" -offset indent 4072.It Li path 4073set from 4074.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4075.It Li host.hostname 4076set from 4077.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4078.It Li command 4079set from 4080.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4081.It Li ip4.addr 4082set if 4083.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4084contains IPv4 addresses 4085.It Li ip6.addr 4086set if 4087.Va jail_ Ns Ao Ar jname Ac Ns Va _ip6 4088contains IPv6 addresses 4089.El 4090.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4091.Pq Vt str 4092Unset by default. 4093Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 4094The argument can be a sole address or a comma separated list of addresses. 4095Additionally each address can be prefixed by the name of an interface 4096followed by a pipe to overwrite 4097.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4098or 4099.Va jail_interface 4100and/or suffixed by a netmask, prefixlen or prefix. 4101In case no netmask, prefixlen or prefix is given, 4102.Sq /32 4103will be used for IPv4 and 4104.Sq /128 4105will be used for an IPv6 address. 4106If no address is given for the jail then the jail will be started with 4107no networking support. 4108.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4109.Pq Vt str 4110Unset by default. 4111Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 4112The sequence starts with 4113.Dq Li _multi0 4114and the numbers have to be strictly ascending. 4115These entries follow the same syntax as their primary 4116.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4117entry. 4118The order of the entries can be important as the first address for 4119each address family found will be the primary address of the jail. 4120See 4121.Va ip-addresses 4122option in 4123.Xr jail 8 4124for more details. 4125.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4126.Pq Vt str 4127Set to 4128.Dq Li -l -U root 4129by default. 4130These are flags to pass to 4131.Xr jail 8 . 4132.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4133.Pq Vt str 4134Unset by default. 4135When set, sets the interface to use when setting IP address alias. 4136Note that the alias is created at jail startup and removed at jail shutdown. 4137.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4138.Pq Vt str 4139Unset by default. 4140When set, the jail is started with the specified forwarding table (sometimes 4141referred to as a routing table) via 4142.Xr setfib 1 . 4143.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4144.Pq Vt str 4145Set to 4146.Pa /etc/fstab. Ns Aq Ar jname 4147by default. 4148This is the file system information file to use for jail 4149.Va jname . 4150.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4151.Pq Vt bool 4152Set to 4153.Dq Li NO 4154by default. 4155When set to 4156.Dq Li YES , 4157mount all file systems from 4158.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4159at jail startup. 4160.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 4161.Pq Vt str 4162Unset by default. 4163When set, defines the device file system ruleset file to use for jail 4164.Va jname . 4165.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4166.Pq Vt bool 4167Set to 4168.Dq Li NO 4169by default. 4170When set to 4171.Dq Li YES , 4172mount the device file system inside jail 4173.Ar jname 4174at jail startup. 4175.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4176.Pq Vt bool 4177Set to 4178.Dq Li NO 4179by default. 4180When set to 4181.Dq Li YES , 4182mount the file-descriptor file system inside jail 4183.Ar jname 4184at jail startup. 4185.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 4186.Pq Vt bool 4187Set to 4188.Dq Li NO 4189by default. 4190When set to 4191.Dq Li YES , 4192mount the process file system inside jail 4193.Ar jname 4194at jail startup. 4195.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 4196.Pq Vt str 4197Unset by default. 4198This is the command run as 4199.Ar N Ns 4200th command 4201before jail startup, where 4202.Ar N 4203is 0, 1, and so on. 4204It is run outside the jail. 4205.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4206.Pq Vt str 4207Set to 4208.Dq Li /bin/sh /etc/rc 4209by default. 4210This is the command executed in a jail at jail startup. 4211.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4212.Pq Vt str 4213Unset by default. 4214This is the command run as 4215.Ar N Ns 4216th command 4217in a jail 4218after jail startup, where 4219.Ar N 4220is 1, 2, and so on. 4221.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4222.Pq Vt str 4223Unset by default. 4224This is the command run as 4225.Ar N Ns 4226th command 4227after jail startup, where 4228.Ar N 4229is 0, 1, and so on. 4230It is run outside the jail. 4231.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4232.Pq Vt str 4233Unset by default. 4234This is the command run as 4235.Ar N Ns 4236th command 4237before jail shutdown, where 4238.Ar N 4239is 0, 1, and so on. 4240It is run outside the jail. 4241.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4242.Pq Vt str 4243Set to 4244.Dq Li /bin/sh /etc/rc.shutdown 4245by default. 4246This is the command executed in a jail at jail shutdown. 4247.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4248.Pq Vt str 4249Unset by default. 4250This is the command run as 4251.Ar N Ns 4252th command 4253after jail shutdown, where 4254.Ar N 4255is 0, 1, and so on. 4256It is run outside the jail. 4257.It Va jail_set_hostname_allow 4258.Pq Vt bool 4259If set to 4260.Dq Li NO , 4261do not allow the root user in a jail to set its hostname. 4262.It Va jail_socket_unixiproute_only 4263.Pq Vt bool 4264If set to 4265.Dq Li YES , 4266do not allow any sockets, 4267besides UNIX/IP/route sockets, 4268to be used within a jail. 4269.It Va jail_sysvipc_allow 4270.Pq Vt bool 4271If set to 4272.Dq Li YES , 4273allow applications within a jail to use System V IPC. 4274.\" ----------------------------------------------------- 4275.It Va harvest_interrupt 4276.Pq Vt bool 4277Set to 4278.Dq Li YES 4279to use hardware interrupts as an entropy source. 4280Refer to 4281.Xr random 4 4282for more information. 4283.It Va harvest_ethernet 4284.Pq Vt bool 4285Set to 4286.Dq Li YES 4287to use LAN traffic as an entropy source. 4288Refer to 4289.Xr random 4 4290for more information. 4291.It Va harvest_p_to_p 4292.Pq Vt bool 4293Set to 4294.Dq Li YES 4295to use serial line traffic as an entropy source. 4296Refer to 4297.Xr random 4 4298for more information. 4299.It Va entropy_dir 4300.Pq Vt str 4301Set to 4302.Dq Li NO 4303to disable caching entropy via 4304.Xr cron 8 . 4305Otherwise set to the directory used to store entropy files in. 4306.It Va entropy_file 4307.Pq Vt str 4308Set to 4309.Dq Li NO 4310to disable caching entropy through reboots. 4311Otherwise set to the filename used to store cached entropy through 4312reboots. 4313This file should be located on the root file system to seed the 4314.Xr random 4 4315device as early as possible in the boot process. 4316.It Va entropy_save_sz 4317.Pq Vt int 4318Size of the entropy cache files saved by 4319.Nm save-entropy 4320periodically. 4321.It Va entropy_save_num 4322.Pq Vt int 4323Number of entropy cache files to save by 4324.Nm save-entropy 4325periodically. 4326.It Va ipsec_enable 4327.Pq Vt bool 4328Set to 4329.Dq Li YES 4330to run 4331.Xr setkey 8 4332on 4333.Va ipsec_file 4334at boot time. 4335.It Va ipsec_file 4336.Pq Vt str 4337Configuration file for 4338.Xr setkey 8 . 4339.It Va dmesg_enable 4340.Pq Vt bool 4341Set to 4342.Dq Li YES 4343to save 4344.Xr dmesg 8 4345to 4346.Pa /var/run/dmesg.boot 4347on boot. 4348.It Va rcshutdown_timeout 4349.Pq Vt int 4350If set, start a watchdog timer in the background which will terminate 4351.Pa rc.shutdown 4352if 4353.Xr shutdown 8 4354has not completed within the specified time (in seconds). 4355Notice that in addition to this soft timeout, 4356.Xr init 8 4357also applies a hard timeout for the execution of 4358.Pa rc.shutdown . 4359This is configured via 4360.Xr sysctl 8 4361variable 4362.Va kern.init_shutdown_timeout 4363and defaults to 120 seconds. 4364Setting the value of 4365.Va rcshutdown_timeout 4366to more than 120 seconds will have no effect until the 4367.Xr sysctl 8 4368variable 4369.Va kern.init_shutdown_timeout 4370is also increased. 4371.It Va virecover_enable 4372.Pq Vt bool 4373Set to 4374.Dq Li NO 4375to prevent the system from trying to 4376recover pre-maturely terminated 4377.Xr vi 1 4378sessions. 4379.It Va ugidfw_enable 4380.Pq Vt bool 4381Set to 4382.Dq Li YES 4383to load the 4384.Xr mac_bsdextended 4 4385module upon system initialization and load a default 4386ruleset file. 4387.It Va bsdextended_script 4388.Pq Vt str 4389The default 4390.Xr mac_bsdextended 4 4391ruleset file to load. 4392The default value of this variable is 4393.Pa /etc/rc.bsdextended . 4394.It Va newsyslog_enable 4395.Pq Vt bool 4396If set to 4397.Dq Li YES , 4398run 4399.Xr newsyslog 8 4400command at startup. 4401.It Va newsyslog_flags 4402.Pq Vt str 4403If 4404.Va newsyslog_enable 4405is set to 4406.Dq Li YES , 4407these are the flags to pass to the 4408.Xr newsyslog 8 4409program. 4410The default is 4411.Dq Li -CN , 4412which causes log files flagged with a 4413.Cm C 4414to be created. 4415.It Va mdconfig_md Ns Aq Ar X 4416.Pq Vt str 4417Arguments to 4418.Xr mdconfig 8 4419for 4420.Xr md 4 4421device 4422.Ar X . 4423At minimum a 4424.Fl t Ar type 4425must be specified and either a 4426.Fl s Ar size 4427for malloc or swap backed 4428.Xr md 4 4429devices or a 4430.Fl f Ar file 4431for vnode backed 4432.Xr md 4 4433devices. 4434Note that 4435.Va mdconfig_md Ns Aq Ar X 4436variables are evaluated until one variable is unset or null. 4437.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4438.Pq Vt str 4439Optional arguments passed to 4440.Xr newfs 8 4441to initialize 4442.Xr md 4 4443device 4444.Ar X . 4445.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4446.Pq Vt str 4447An ownership specification passed to 4448.Xr chown 8 4449after the specified 4450.Xr md 4 4451device 4452.Ar X 4453has been mounted. 4454Both the 4455.Xr md 4 4456device and the mount point will be changed. 4457.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4458.Pq Vt str 4459A mode string passed to 4460.Xr chmod 1 4461after the specified 4462.Xr md 4 4463device 4464.Ar X 4465has been mounted. 4466Both the 4467.Xr md 4 4468device and the mount point will be changed. 4469.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4470.Pq Vt str 4471Files to be copied to the mount point of the 4472.Xr md 4 4473device 4474.Ar X 4475after it has been mounted. 4476.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4477.Pq Vt str 4478Command to execute after the specified 4479.Xr md 4 4480device 4481.Ar X 4482has been mounted. 4483Note that the command is passed to 4484.Ic eval 4485and that both 4486.Va _dev 4487and 4488.Va _mp 4489variables can be used to reference respectively the 4490.Xr md 4 4491device and the mount point. 4492Assuming that the 4493.Xr md 4 4494device is 4495.Li md0 , 4496one could set the following: 4497.Bd -literal 4498mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4499.Ed 4500.It Va autobridge_interfaces 4501.Pq Vt str 4502Set to the list of bridge interfaces that will have newly arriving interfaces 4503checked against to be automatically added. 4504If not set to 4505.Dq Li NO 4506then for each whitespace separated 4507.Ar element 4508in the value, a 4509.Va autobridge_ Ns Aq Ar element 4510variable is assumed to exist which has a whitespace separated list of interface 4511names to match, these names can use wildcards. 4512For example: 4513.Bd -literal 4514autobridge_interfaces="bridge0" 4515autobridge_bridge0="tap* dc0 vlan[345]" 4516.Ed 4517.It Va mixer_enable 4518.Pq Vt bool 4519If set to 4520.Dq Li YES , 4521enable support for sound mixer. 4522.It Va hcsecd_enable 4523.Pq Vt bool 4524If set to 4525.Dq Li YES , 4526enable Bluetooth security daemon. 4527.It Va hcsecd_config 4528.Pq Vt str 4529Configuration file for 4530.Xr hcsecd 8 . 4531Default 4532.Pa /etc/bluetooth/hcsecd.conf . 4533.It Va sdpd_enable 4534.Pq Vt bool 4535If set to 4536.Dq Li YES , 4537enable Bluetooth Service Discovery Protocol daemon. 4538.It Va sdpd_control 4539.Pq Vt str 4540Path to 4541.Xr sdpd 8 4542control socket. 4543Default 4544.Pa /var/run/sdp . 4545.It Va sdpd_groupname 4546.Pq Vt str 4547Sets 4548.Xr sdpd 8 4549group to run as after it initializes. 4550Default 4551.Dq Li nobody . 4552.It Va sdpd_username 4553.Pq Vt str 4554Sets 4555.Xr sdpd 8 4556user to run as after it initializes. 4557Default 4558.Dq Li nobody . 4559.It Va bthidd_enable 4560.Pq Vt bool 4561If set to 4562.Dq Li YES , 4563enable Bluetooth Human Interface Device daemon. 4564.It Va bthidd_config 4565.Pq Vt str 4566Configuration file for 4567.Xr bthidd 8 . 4568Default 4569.Pa /etc/bluetooth/bthidd.conf . 4570.It Va bthidd_hids 4571.Pq Vt str 4572Path to a file, where 4573.Xr bthidd 8 4574will store information about known HID devices. 4575Default 4576.Pa /var/db/bthidd.hids . 4577.It Va rfcomm_pppd_server_enable 4578.Pq Vt bool 4579If set to 4580.Dq Li YES , 4581enable Bluetooth RFCOMM PPP wrapper daemon. 4582.It Va rfcomm_pppd_server_profile 4583.Pq Vt str 4584The name of the profile to use from 4585.Pa /etc/ppp/ppp.conf . 4586Multiple profiles can be specified here. 4587Also used to specify per-profile overrides. 4588When the profile name contains any of the characters 4589.Dq Li .-/+ 4590they are translated to 4591.Dq Li _ 4592for the proposes of the override variable names. 4593.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4594.Pq Vt str 4595Overrides local address to listen on. 4596By default 4597.Xr rfcomm_pppd 8 4598will listen on 4599.Dq Li ANY 4600address. 4601The address can be specified as BD_ADDR or name. 4602.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4603.Pq Vt str 4604Overrides local RFCOMM channel to listen on. 4605By default 4606.Xr rfcomm_pppd 8 4607will listen on RFCOMM channel 1. 4608Must set properly if multiple profiles used in the same time. 4609.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4610.Pq Vt bool 4611Tells 4612.Xr rfcomm_pppd 8 4613if it should register Serial Port service on the specified RFCOMM channel. 4614Default 4615.Dq Li NO . 4616.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4617.Pq Vt bool 4618Tells 4619.Xr rfcomm_pppd 8 4620if it should register Dial-Up Networking service on the specified 4621RFCOMM channel. 4622Default 4623.Dq Li NO . 4624.It Va ubthidhci_enable 4625.Pq Vt bool 4626If set to 4627.Dq Li YES , 4628change the USB Bluetooth controller from HID mode to HCI mode. 4629You also need to specify the location of USB Bluetooth controller with the 4630.Va ubthidhci_busnum 4631and 4632.Va ubthidhci_addr 4633variables. 4634.It Va ubthidhci_busnum 4635Bus number where the USB Bluetooth controller is located. 4636Check the output of 4637.Xr usbconfig 8 4638on your system to find this information. 4639.It Va ubthidhci_addr 4640Bus address of the USB Bluetooth controller. 4641Check the output of 4642.Xr usbconfig 8 4643on your system to find this information. 4644.It Va netwait_enable 4645.Pq Vt bool 4646If set to 4647.Dq Li YES , 4648delays the start of network-reliant services until 4649.Va netwait_if 4650is up and ICMP packets to a destination defined in 4651.Va netwait_ip 4652are flowing. 4653Link state is examined first, followed by 4654.Dq Li pinging 4655an IP address to verify network usability. 4656If no destination can be reached or timeouts are exceeded, 4657network services are started anyway with no guarantee that 4658the network is usable. 4659Use of this variable requires both 4660.Va netwait_ip 4661and 4662.Va netwait_if 4663to be set. 4664.It Va netwait_ip 4665.Pq Vt str 4666Empty by default. 4667This variable contains a space-delimited list of IP addresses to 4668.Xr ping 8 . 4669DNS hostnames should not be used as resolution is not guaranteed 4670to be functional at this point. 4671If multiple IP addresses are specified, 4672each will be tried until one is successful or the list is exhausted. 4673.It Va netwait_timeout 4674.Pq Vt int 4675Indicates the total number of seconds to perform a 4676.Dq Li ping 4677against each IP address in 4678.Va netwait_ip , 4679at a rate of one ping per second. 4680If any of the pings are successful, 4681full network connectivity is considered reliable. 4682The default is 60. 4683.It Va netwait_if 4684.Pq Vt str 4685Empty by default. 4686Defines the name of the network interface on which watch for link. 4687.Xr ifconfig 8 4688is used to monitor the interface, looking for 4689.Dq Li status: no carrier . 4690Once gone, the link is considered up. 4691This can be a 4692.Xr vlan 4 4693interface if desired. 4694.It Va netwait_if_timeout 4695.Pq Vt int 4696Defines the total number of seconds to wait for link to become usable, 4697polled at a 1-second interval. 4698The default is 30. 4699.El 4700.Sh FILES 4701.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4702.It Pa /etc/defaults/rc.conf 4703.It Pa /etc/rc.conf 4704.It Pa /etc/rc.conf.local 4705.El 4706.Sh SEE ALSO 4707.Xr catman 1 , 4708.Xr chmod 1 , 4709.Xr gdb 1 , 4710.Xr info 1 , 4711.Xr kbdcontrol 1 , 4712.Xr makewhatis 1 , 4713.Xr sh 1 , 4714.Xr vi 1 , 4715.Xr vidcontrol 1 , 4716.Xr bridge 4 , 4717.Xr dummynet 4 , 4718.Xr ip 4 , 4719.Xr ipf 4 , 4720.Xr ipfw 4 , 4721.Xr ipnat 4 , 4722.Xr kld 4 , 4723.Xr pf 4 , 4724.Xr pflog 4 , 4725.Xr pfsync 4 , 4726.Xr tcp 4 , 4727.Xr udp 4 , 4728.Xr exports 5 , 4729.Xr fstab 5 , 4730.Xr ipf 5 , 4731.Xr ipnat 5 , 4732.Xr motd 5 , 4733.Xr newsyslog.conf 5 , 4734.Xr pf.conf 5 , 4735.Xr security 7 , 4736.Xr accton 8 , 4737.Xr amd 8 , 4738.Xr apm 8 , 4739.Xr atm 8 , 4740.Xr bthidd 8 , 4741.Xr chkprintcap 8 , 4742.Xr chown 8 , 4743.Xr cron 8 , 4744.Xr devfs 8 , 4745.Xr dhclient 8 , 4746.Xr ftpd 8 , 4747.Xr geli 8 , 4748.Xr hcsecd 8 , 4749.Xr ifconfig 8 , 4750.Xr inetd 8 , 4751.Xr ipf 8 , 4752.Xr ipfw 8 , 4753.Xr ipnat 8 , 4754.Xr jail 8 , 4755.Xr kldxref 8 , 4756.Xr lpd 8 , 4757.Xr mdconfig 8 , 4758.Xr mdmfs 8 , 4759.Xr mixer 8 , 4760.Xr mountd 8 , 4761.Xr moused 8 , 4762.Xr mrouted 8 , 4763.Xr named 8 , 4764.Xr newfs 8 , 4765.Xr newsyslog 8 , 4766.Xr nfsd 8 , 4767.Xr ntpd 8 , 4768.Xr ntpdate 8 , 4769.Xr pfctl 8 , 4770.Xr pflogd 8 , 4771.Xr ping 8 , 4772.Xr powerd 8 , 4773.Xr quotacheck 8 , 4774.Xr quotaon 8 , 4775.Xr rc 8 , 4776.Xr rc.sendmail 8 , 4777.Xr rfcomm_pppd 8 , 4778.Xr route 8 , 4779.Xr routed 8 , 4780.Xr rpcbind 8 , 4781.Xr rpc.lockd 8 , 4782.Xr rpc.statd 8 , 4783.Xr rwhod 8 , 4784.Xr savecore 8 , 4785.Xr sdpd 8 , 4786.Xr sshd 8 , 4787.Xr swapon 8 , 4788.Xr sysctl 8 , 4789.Xr syslogd 8 , 4790.Xr timed 8 , 4791.Xr usbconfig 8 , 4792.Xr wlandebug 8 , 4793.Xr yp 8 , 4794.Xr ypbind 8 , 4795.Xr ypserv 8 , 4796.Xr ypset 8 4797.Sh HISTORY 4798The 4799.Nm 4800file appeared in 4801.Fx 2.2.2 . 4802.Sh AUTHORS 4803.An Jordan K. Hubbard . 4804