1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd September 23, 2013 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66In addition to 67.Pa /etc/rc.conf.local 68you can also place smaller configuration files for each 69.Xr rc 8 70script in the 71.Pa /etc/rc.conf.d 72directory, which will be included by the 73.Va load_rc_config 74function. 75For jail configurations you could use the file 76.Pa /etc/rc.conf.d/jail 77to store jail specific configuration options. 78Also see the 79.Va rc_conf_files 80variable below. 81.Pp 82Options are set with 83.Dq Ar name Ns Li = Ns Ar value 84assignments that use 85.Xr sh 1 86syntax. 87The following list provides a name and short description for each 88variable that can be set in the 89.Nm 90file: 91.Bl -tag -width indent-two 92.It Va rc_debug 93.Pq Vt bool 94If set to 95.Dq Li YES , 96enable output of debug messages from rc scripts. 97This variable can be helpful in diagnosing mistakes when 98editing or integrating new scripts. 99Beware that this produces copious output to the terminal and 100.Xr syslog 3 . 101.It Va rc_info 102.Pq Vt bool 103If set to 104.Dq Li NO , 105disable informational messages from the rc scripts. 106Informational messages are displayed when 107a condition that is not serious enough to warrant a warning or 108an error occurs. 109.It Va rc_startmsgs 110.Pq Vt bool 111If set to 112.Dq Li YES , 113show 114.Dq Starting foo: 115when faststart is used (e.g., at boot time). 116.It Va early_late_divider 117.Pq Vt str 118The name of the script that should be used as the 119delimiter between the 120.Dq early 121and 122.Dq late 123stages of the boot process. 124The early stage should contain all the services needed to 125get the disks (local or remote) mounted so that the late 126stage can include scripts contained in the directories 127listed in the 128.Va local_startup 129variable (see below). 130Thus, the two likely candidates for this value are 131.Pa mountcritlocal 132for the typical system, and 133.Pa mountcritremote 134if the system needs remote file 135systems mounted to get access to the 136.Va local_startup 137directories; for example when 138.Pa /usr/local 139is NFS mounted. 140For 141.Pa rc.conf 142within a 143.Xr jail 8 144.Pa NETWORKING 145is likely to be an appropriate value. 146Extreme care should be taken when changing this value, 147and before changing it one should ensure that there are 148adequate provisions to recover from a failed boot 149(such as physical contact with the machine, 150or reliable remote console access). 151.It Va always_force_depends 152.Pq Vt bool 153Various 154.Pa rc.d 155scripts use the force_depend function to check whether required 156services are already running, and to start them if necessary. 157By default during boot time this check is bypassed if the 158required service is enabled in 159.Pa /etc/rc.conf[.local] . 160Setting this option will bypass that check at boot time and 161always test whether or not the service is actually running. 162Enabling this option is likely to increase your boot time if 163services are enabled that utilize the force_depend check. 164.It Ao Ar name Ac Ns Va _chroot 165.Pq Vt str 166.Xr chroot 167to this directory before running the service. 168.It Ao Ar name Ac Ns Va _user 169.Pq Vt str 170Run the service under this user account. 171.It Ao Ar name Ac Ns Va _group 172.Pq Vt str 173Run the chrooted service under this system group. Unlike the _user 174setting, this setting has no effect if the service is not chrooted. 175.It Ao Ar name Ac Ns Va _fib 176.Pq Vt int 177The 178.Xr setfib 1 179value to run the service under. 180.It Ao Ar name Ac Ns Va _nice 181.Pq Vt int 182The 183.Xr nice 1 184value to run the service under. 185.It Va apm_enable 186.Pq Vt bool 187If set to 188.Dq Li YES , 189enable support for Automatic Power Management with 190the 191.Xr apm 8 192command. 193.It Va apmd_enable 194.Pq Vt bool 195Run 196.Xr apmd 8 197to handle APM event from userland. 198This also enables support for APM. 199.It Va apmd_flags 200.Pq Vt str 201If 202.Va apmd_enable 203is set to 204.Dq Li YES , 205these are the flags to pass to the 206.Xr apmd 8 207daemon. 208.It Va devd_enable 209.Pq Vt bool 210Run 211.Xr devd 8 212to handle device added, removed or unknown events from the kernel. 213.It Va ddb_enable 214.Pq Vt bool 215Run 216.Xr ddb 8 217to install 218.Xr ddb 4 219scripts at boot time. 220.It Va ddb_config 221.Pq Vt str 222Configuration file for 223.Xr ddb 8 . 224Default 225.Pa /etc/ddb.conf . 226.It Va kld_list 227.Pq Vt str 228A list of kernel modules to load right after the local 229disks are mounted. 230Loading modules at this point in the boot process is 231much faster than doing it via 232.Pa /boot/loader.conf 233for those modules not necessary for mounting local disk. 234.It Va kldxref_enable 235.Pq Vt bool 236Set to 237.Dq Li NO 238by default. 239Set to 240.Dq Li YES 241to automatically rebuild 242.Pa linker.hints 243files with 244.Xr kldxref 8 245at boot time. 246.It Va kldxref_clobber 247.Pq Vt bool 248Set to 249.Dq Li NO 250by default. 251If 252.Va kldxref_enable 253is true, 254setting to 255.Dq Li YES 256will overwrite existing 257.Pa linker.hints 258files at boot time. 259Otherwise, 260only missing 261.Pa linker.hints 262files are generated. 263.It Va kldxref_module_path 264.Pq Vt str 265Empty by default. 266A semi-colon 267.Pq Ql \&; 268delimited list of paths containing 269.Xr kld 4 270modules. 271If empty, 272the contents of the 273.Va kern.module_path 274.Xr sysctl 8 275are used. 276.It Va powerd_enable 277.Pq Vt bool 278If set to 279.Dq Li YES , 280enable the system power control facility with the 281.Xr powerd 8 282daemon. 283.It Va powerd_flags 284.Pq Vt str 285If 286.Va powerd_enable 287is set to 288.Dq Li YES , 289these are the flags to pass to the 290.Xr powerd 8 291daemon. 292.It Va tmpmfs 293Controls the creation of a 294.Pa /tmp 295memory file system. 296Always happens if set to 297.Dq Li YES 298and never happens if set to 299.Dq Li NO . 300If set to anything else, a memory file system is created if 301.Pa /tmp 302is not writable. 303.It Va tmpsize 304Controls the size of a created 305.Pa /tmp 306memory file system. 307.It Va tmpmfs_flags 308Extra options passed to the 309.Xr mdmfs 8 310utility when the memory file system for 311.Pa /tmp 312is created. 313The default is 314.Dq Li "-S" , 315which inhibits the use of softupdates on 316.Pa /tmp 317so that file system space is freed without delay 318after file truncation or deletion. 319See 320.Xr mdmfs 8 321for other options you can use in 322.Va tmpmfs_flags . 323.It Va varmfs 324Controls the creation of a 325.Pa /var 326memory file system. 327Always happens if set to 328.Dq Li YES 329and never happens if set to 330.Dq Li NO . 331If set to anything else, a memory file system is created if 332.Pa /var 333is not writable. 334.It Va varsize 335Controls the size of a created 336.Pa /var 337memory file system. 338.It Va varmfs_flags 339Extra options passed to the 340.Xr mdmfs 8 341utility when the memory file system for 342.Pa /var 343is created. 344The default is 345.Dq Li "-S" , 346which inhibits the use of softupdates on 347.Pa /var 348so that file system space is freed without delay 349after file truncation or deletion. 350See 351.Xr mdmfs 8 352for other options you can use in 353.Va varmfs_flags . 354.It Va populate_var 355Controls the automatic population of the 356.Pa /var 357file system. 358Always happens if set to 359.Dq Li YES 360and never happens if set to 361.Dq Li NO . 362If set to anything else, a memory file system is created if 363.Pa /var 364is not writable. 365Note that this process requires access to certain commands in 366.Pa /usr 367before 368.Pa /usr 369is mounted on normal systems. 370.It Va cleanvar_enable 371.Pq Vt bool 372Clean the 373.Pa /var 374directory. 375.It Va local_startup 376.Pq Vt str 377List of directories to search for startup script files. 378.It Va script_name_sep 379.Pq Vt str 380The field separator to use for breaking down the list of startup script files 381into individual filenames. 382The default is a space. 383It is not necessary to change this unless there are startup scripts with names 384containing spaces. 385.It Va hostapd_enable 386.Pq Vt bool 387Set to 388.Dq Li YES 389to start 390.Xr hostapd 8 391at system boot time. 392.It Va hostname 393.Pq Vt str 394The fully qualified domain name (FQDN) of this host on the network. 395This should almost certainly be set to something meaningful, even if 396there is no network connection. 397If 398.Xr dhclient 8 399is used to set the hostname via DHCP, 400this variable should be set to an empty string. 401If this value remains unset when the system is done booting 402your console login will display the default hostname of 403.Dq Amnesiac . 404.It Va nisdomainname 405.Pq Vt str 406The NIS domain name of this host, or 407.Dq Li NO 408if NIS is not used. 409.It Va dhclient_program 410.Pq Vt str 411Path to the DHCP client program 412.Pa ( /sbin/dhclient , 413the 414.Ox 415DHCP client, 416is the default). 417.It Va dhclient_flags 418.Pq Vt str 419Additional flags to pass to the DHCP client program. 420For the 421.Ox 422DHCP client, see the 423.Xr dhclient 8 424manpage for a description of the command line options available. 425.It Va dhclient_flags_ Ns Aq Ar iface 426Additional flags to pass to the DHCP client program running on 427.Ar iface 428only. 429When specified, this variable overrides 430.Va dhclient_flags . 431.It Va background_dhclient 432.Pq Vt bool 433Set to 434.Dq Li YES 435to start the DHCP client in background. 436This can cause trouble with applications depending on 437a working network, but it will provide a faster startup 438in many cases. 439.It Va background_dhclient_ Ns Aq Ar iface 440When specified, this variable overrides the 441.Va background_dhclient 442variable for interface 443.Ar iface 444only. 445.It Va synchronous_dhclient 446.Pq Vt bool 447Set to 448.Dq Li YES 449to start 450.Xr dhclient 8 451synchronously at startup. 452This behavior can be overridden on a per-interface basis by replacing 453the 454.Dq Li DHCP 455keyword in the 456.Va ifconfig_ Ns Aq Ar interface 457variable with 458.Dq Li SYNCDHCP 459or 460.Dq Li NOSYNCDHCP . 461.It Va defaultroute_delay 462.Pq Vt int 463When set to a positive value, wait up to this long after configuring 464DHCP interfaces at startup to give the interfaces time to receive a lease. 465.It Va firewall_enable 466.Pq Vt bool 467Set to 468.Dq Li YES 469to load firewall rules at startup. 470If the kernel was not built with 471.Cd "options IPFIREWALL" , 472the 473.Pa ipfw.ko 474kernel module will be loaded. 475See also 476.Va ipfilter_enable . 477.It Va firewall_script 478.Pq Vt str 479This variable specifies the full path to the firewall script to run. 480The default is 481.Pa /etc/rc.firewall . 482.It Va firewall_type 483.Pq Vt str 484Names the firewall type from the selection in 485.Pa /etc/rc.firewall , 486or the file which contains the local firewall ruleset. 487Valid selections from 488.Pa /etc/rc.firewall 489are: 490.Pp 491.Bl -tag -width ".Li simple" -compact 492.It Li open 493unrestricted IP access 494.It Li closed 495all IP services disabled, except via 496.Dq Li lo0 497.It Li client 498basic protection for a workstation 499.It Li simple 500basic protection for a LAN. 501.El 502.Pp 503If a filename is specified, the full path 504must be given. 505.It Va firewall_quiet 506.Pq Vt bool 507Set to 508.Dq Li YES 509to disable the display of firewall rules on the console during boot. 510.It Va firewall_logging 511.Pq Vt bool 512Set to 513.Dq Li YES 514to enable firewall event logging. 515This is equivalent to the 516.Dv IPFIREWALL_VERBOSE 517kernel option. 518.It Va firewall_logif 519.Pq Vt bool 520Set to 521.Dq Li YES 522to create pseudo interface 523.Li ipfw0 524for logging. 525For more details, see 526.Xr ipfw 8 527manual page. 528.It Va firewall_flags 529.Pq Vt str 530Flags passed to 531.Xr ipfw 8 532if 533.Va firewall_type 534specifies a filename. 535.It Va firewall_coscripts 536.Pq Vt str 537List of executables and/or rc scripts to run after firewall starts/stops. 538Default is empty. 539.\" ----- firewall_nat_enable setting -------------------------------- 540.It Va firewall_nat_enable 541.Pq Vt bool 542The 543.Xr ipfw 8 544equivalent of 545.Va natd_enable . 546Setting this to 547.Dq Li YES 548enables kernel NAT. 549.Va firewall_enable 550must also be set to 551.Dq Li YES . 552.It Va firewall_nat_interface 553.Pq Vt str 554The 555.Xr ipfw 8 556equivalent of 557.Va natd_interface . 558This is the name of the public interface or IP address on which 559kernel NAT should run. 560.It Va firewall_nat_flags 561.Pq Vt str 562Additional configuration parameters for kernel NAT should be placed here. 563.It Va dummynet_enable 564.Pq Vt bool 565Setting this to 566.Dq Li YES 567will automatically load the 568.Xr dummynet 4 569module if 570.Va firewall_enable 571is also set to 572.Dq Li YES . 573.\" ------------------------------------------------------------------- 574.It Va natd_program 575.Pq Vt str 576Path to 577.Xr natd 8 . 578.It Va natd_enable 579.Pq Vt bool 580Set to 581.Dq Li YES 582to enable 583.Xr natd 8 . 584.Va firewall_enable 585must also be set to 586.Dq Li YES , 587and 588.Xr divert 4 589sockets must be enabled in the kernel. 590If the kernel was not built with 591.Cd "options IPDIVERT" , 592the 593.Pa ipdivert.ko 594kernel module will be loaded. 595.It Va natd_interface 596.Pq Vt str 597This is the name of the public interface on which 598.Xr natd 8 599should run. 600The interface may be given as an interface name or as an IP address. 601.It Va natd_flags 602.Pq Vt str 603Additional 604.Xr natd 8 605flags should be placed here. 606The 607.Fl n 608or 609.Fl a 610flag is automatically added with the above 611.Va natd_interface 612as an argument. 613.\" ----- ipfilter_enable setting -------------------------------- 614.It Va ipfilter_enable 615.Pq Vt bool 616Set to 617.Dq Li NO 618by default. 619Setting this to 620.Dq Li YES 621enables 622.Xr ipf 8 623packet filtering. 624.Pp 625Typical usage will require putting 626.Bd -literal 627ipfilter_enable="YES" 628ipnat_enable="YES" 629ipmon_enable="YES" 630ipfs_enable="YES" 631.Ed 632.Pp 633into 634.Pa /etc/rc.conf 635and editing 636.Pa /etc/ipf.rules 637and 638.Pa /etc/ipnat.rules 639appropriately. 640.Pp 641Note that 642.Va ipfilter_enable 643and 644.Va ipnat_enable 645can be enabled independently. 646.Va ipmon_enable 647and 648.Va ipfs_enable 649both require at least one of 650.Va ipfilter_enable 651and 652.Va ipnat_enable 653to be enabled. 654.Pp 655Having 656.Bd -literal 657options IPFILTER 658options IPFILTER_LOG 659options IPFILTER_DEFAULT_BLOCK 660.Ed 661.Pp 662in the kernel configuration file is a good idea, too. 663.\" ----- ipfilter_program setting ------------------------------ 664.It Va ipfilter_program 665.Pq Vt str 666Path to 667.Xr ipf 8 668(default 669.Pa /sbin/ipf ) . 670.\" ----- ipfilter_rules setting -------------------------------- 671.It Va ipfilter_rules 672.Pq Vt str 673Set to 674.Pa /etc/ipf.rules 675by default. 676This variable contains the name of the filter rule definition file. 677The file is expected to be readable for the 678.Xr ipf 8 679command to execute. 680.\" ----- ipv6_ipfilter_rules setting --------------------------- 681.It Va ipv6_ipfilter_rules 682.Pq Vt str 683Set to 684.Pa /etc/ipf6.rules 685by default. 686This variable contains the IPv6 filter rule definition file. 687The file is expected to be readable for the 688.Xr ipf 8 689command to execute. 690.\" ----- ipfilter_flags setting -------------------------------- 691.It Va ipfilter_flags 692.Pq Vt str 693Empty by default. 694This variable contains flags passed to the 695.Xr ipf 8 696program. 697.\" ----- ipnat_enable setting ---------------------------------- 698.It Va ipnat_enable 699.Pq Vt bool 700Set to 701.Dq Li NO 702by default. 703Set it to 704.Dq Li YES 705to enable 706.Xr ipnat 8 707network address translation. 708See 709.Va ipfilter_enable 710for a detailed discussion. 711.\" ----- ipnat_program setting --------------------------------- 712.It Va ipnat_program 713.Pq Vt str 714Path to 715.Xr ipnat 8 716(default 717.Pa /sbin/ipnat ) . 718.\" ----- ipnat_rules setting ----------------------------------- 719.It Va ipnat_rules 720.Pq Vt str 721Set to 722.Pa /etc/ipnat.rules 723by default. 724This variable contains the name of the file 725holding the network address translation definition. 726This file is expected to be readable for the 727.Xr ipnat 8 728command to execute. 729.\" ----- ipnat_flags setting ----------------------------------- 730.It Va ipnat_flags 731.Pq Vt str 732Empty by default. 733This variable contains flags passed to the 734.Xr ipnat 8 735program. 736.\" ----- ipmon_enable setting ---------------------------------- 737.It Va ipmon_enable 738.Pq Vt bool 739Set to 740.Dq Li NO 741by default. 742Set it to 743.Dq Li YES 744to enable 745.Xr ipmon 8 746monitoring (logging 747.Xr ipf 8 748and 749.Xr ipnat 8 750events). 751Setting this variable needs setting 752.Va ipfilter_enable 753or 754.Va ipnat_enable 755too. 756See 757.Va ipfilter_enable 758for a detailed discussion. 759.\" ----- ipmon_program setting --------------------------------- 760.It Va ipmon_program 761.Pq Vt str 762Path to 763.Xr ipmon 8 764(default 765.Pa /sbin/ipmon ) . 766.\" ----- ipmon_flags setting ----------------------------------- 767.It Va ipmon_flags 768.Pq Vt str 769Set to 770.Dq Li -Ds 771by default. 772This variable contains flags passed to the 773.Xr ipmon 8 774program. 775Another typical example would be 776.Dq Fl D Pa /var/log/ipflog 777to have 778.Xr ipmon 8 779log directly to a file bypassing 780.Xr syslogd 8 . 781Make sure to adjust 782.Pa /etc/newsyslog.conf 783in such case like this: 784.Bd -literal 785/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 786.Ed 787.\" ----- ipfs_enable setting ----------------------------------- 788.It Va ipfs_enable 789.Pq Vt bool 790Set to 791.Dq Li NO 792by default. 793Set it to 794.Dq Li YES 795to enable 796.Xr ipfs 8 797saving the filter and NAT state tables during shutdown 798and reloading them during startup again. 799Setting this variable needs setting 800.Va ipfilter_enable 801or 802.Va ipnat_enable 803to 804.Dq Li YES 805too. 806See 807.Va ipfilter_enable 808for a detailed discussion. 809Note that if 810.Va kern_securelevel 811is set to 3, 812.Va ipfs_enable 813cannot be used 814because the raised securelevel will prevent 815.Xr ipfs 8 816from saving the state tables at shutdown time. 817.\" ----- ipfs_program setting ---------------------------------- 818.It Va ipfs_program 819.Pq Vt str 820Path to 821.Xr ipfs 8 822(default 823.Pa /sbin/ipfs ) . 824.\" ----- ipfs_flags setting ------------------------------------ 825.It Va ipfs_flags 826.Pq Vt str 827Empty by default. 828This variable contains flags passed to the 829.Xr ipfs 8 830program. 831.\" ----- end of added ipf hook --------------------------------- 832.It Va pf_enable 833.Pq Vt bool 834Set to 835.Dq Li NO 836by default. 837Setting this to 838.Dq Li YES 839enables 840.Xr pf 4 841packet filtering. 842.Pp 843Typical usage will require putting 844.Pp 845.Dl pf_enable="YES" 846.Pp 847into 848.Pa /etc/rc.conf 849and editing 850.Pa /etc/pf.conf 851appropriately. 852Adding 853.Pp 854.Dl "device pf" 855.Pp 856builds support for 857.Xr pf 4 858into the kernel, otherwise the 859kernel module will be loaded. 860.It Va pf_rules 861.Pq Vt str 862Path to 863.Xr pf 4 864ruleset configuration file 865(default 866.Pa /etc/pf.conf ) . 867.It Va pf_program 868.Pq Vt str 869Path to 870.Xr pfctl 8 871(default 872.Pa /sbin/pfctl ) . 873.It Va pf_flags 874.Pq Vt str 875If 876.Va pf_enable 877is set to 878.Dq Li YES , 879these flags are passed to the 880.Xr pfctl 8 881program when loading the ruleset. 882.It Va pflog_enable 883.Pq Vt bool 884Set to 885.Dq Li NO 886by default. 887Setting this to 888.Dq Li YES 889enables 890.Xr pflogd 8 891which logs packets from the 892.Xr pf 4 893packet filter. 894.It Va pflog_logfile 895.Pq Vt str 896If 897.Va pflog_enable 898is set to 899.Dq Li YES 900this controls where 901.Xr pflogd 8 902stores the logfile 903(default 904.Pa /var/log/pflog ) . 905Check 906.Pa /etc/newsyslog.conf 907to adjust logfile rotation for this. 908.It Va pflog_program 909.Pq Vt str 910Path to 911.Xr pflogd 8 912(default 913.Pa /sbin/pflogd ) . 914.It Va pflog_flags 915.Pq Vt str 916Empty by default. 917This variable contains additional flags passed to the 918.Xr pflogd 8 919program. 920.It Va ftpproxy_enable 921.Pq Vt bool 922Set to 923.Dq Li NO 924by default. 925Setting this to 926.Dq Li YES 927enables 928.Xr ftp-proxy 8 929which supports the 930.Xr pf 4 931packet filter in translating ftp connections. 932.It Va ftpproxy_flags 933.Pq Vt str 934Empty by default. 935This variable contains additional flags passed to the 936.Xr ftp-proxy 8 937program. 938.It Va pfsync_enable 939.Pq Vt bool 940Set to 941.Dq Li NO 942by default. 943Setting this to 944.Dq Li YES 945enables exposing 946.Xr pf 4 947state changes to other hosts over the network by means of 948.Xr pfsync 4 . 949The 950.Va pfsync_syncdev 951variable 952must also be set then. 953.It Va pfsync_syncdev 954.Pq Vt str 955Empty by default. 956This variable specifies the name of the network interface 957.Xr pfsync 4 958should operate through. 959It must be set accordingly if 960.Va pfsync_enable 961is set to 962.Dq Li YES . 963.It Va pfsync_syncpeer 964.Pq Vt str 965Empty by default. 966This variable is optional. 967By default, state change messages are sent out on the synchronisation 968interface using IP multicast packets. 969The protocol is IP protocol 240, PFSYNC, and the multicast group used is 970224.0.0.240. 971When a peer address is specified using the 972.Va pfsync_syncpeer 973option, the peer address is used as a destination for the pfsync 974traffic, and the traffic can then be protected using 975.Xr ipsec 4 . 976See the 977.Xr pfsync 4 978manpage for more details about using 979.Xr ipsec 4 980with 981.Xr pfsync 4 982interfaces. 983.It Va pfsync_ifconfig 984.Pq Vt str 985Empty by default. 986This variable can contain additional options to be passed to the 987.Xr ifconfig 8 988command used to set up 989.Xr pfsync 4 . 990.It Va tcp_extensions 991.Pq Vt bool 992Set to 993.Dq Li YES 994by default. 995Setting this to 996.Dq Li NO 997disables certain TCP options as described by 998.Rs 999.%T "RFC 1323" 1000.Re 1001Setting this to 1002.Dq Li NO 1003might help remedy such problems with connections as randomly hanging 1004or other weird behavior. 1005Some network devices are known 1006to be broken with respect to these options. 1007.It Va log_in_vain 1008.Pq Vt int 1009Set to 0 by default. 1010The 1011.Xr sysctl 8 1012variables, 1013.Va net.inet.tcp.log_in_vain 1014and 1015.Va net.inet.udp.log_in_vain , 1016as described in 1017.Xr tcp 4 1018and 1019.Xr udp 4 , 1020are set to the given value. 1021.It Va tcp_keepalive 1022.Pq Vt bool 1023Set to 1024.Dq Li YES 1025by default. 1026Setting to 1027.Dq Li NO 1028will disable probing idle TCP connections to verify that the 1029peer is still up and reachable. 1030.It Va tcp_drop_synfin 1031.Pq Vt bool 1032Set to 1033.Dq Li NO 1034by default. 1035Setting to 1036.Dq Li YES 1037will cause the kernel to ignore TCP frames that have both 1038the SYN and FIN flags set. 1039This prevents OS fingerprinting, but may 1040break some legitimate applications. 1041.It Va icmp_drop_redirect 1042.Pq Vt bool 1043Set to 1044.Dq Li NO 1045by default. 1046Setting to 1047.Dq Li YES 1048will cause the kernel to ignore ICMP REDIRECT packets. 1049Refer to 1050.Xr icmp 4 1051for more information. 1052.It Va icmp_log_redirect 1053.Pq Vt bool 1054Set to 1055.Dq Li NO 1056by default. 1057Setting to 1058.Dq Li YES 1059will cause the kernel to log ICMP REDIRECT packets. 1060Note that 1061the log messages are not rate-limited, so this option should only be used 1062for troubleshooting networks. 1063Refer to 1064.Xr icmp 4 1065for more information. 1066.It Va icmp_bmcastecho 1067.Pq Vt bool 1068Set to 1069.Dq Li YES 1070to respond to broadcast or multicast ICMP ping packets. 1071Refer to 1072.Xr icmp 4 1073for more information. 1074.It Va ip_portrange_first 1075.Pq Vt int 1076If not set to 1077.Dq Li NO , 1078this is the first port in the default portrange. 1079Refer to 1080.Xr ip 4 1081for more information. 1082.It Va ip_portrange_last 1083.Pq Vt int 1084If not set to 1085.Dq Li NO , 1086this is the last port in the default portrange. 1087Refer to 1088.Xr ip 4 1089for more information. 1090.It Va network_interfaces 1091.Pq Vt str 1092Set to the list of network interfaces to configure on this host or 1093.Dq Li AUTO 1094(the default) for all current interfaces. 1095Setting the 1096.Va network_interfaces 1097variable to anything other than the default is deprecated. 1098Interfaces that the administrator wishes to store configuration for, 1099but not start at boot should be configured with the 1100.Dq Li NOAUTO 1101keyword in their 1102.Va ifconfig_ Ns Aq Ar interface 1103variables as described below. 1104.Pp 1105An 1106.Va ifconfig_ Ns Aq Ar interface 1107variable is also assumed to exist for each value of 1108.Ar interface . 1109When an interface name contains any of the characters 1110.Dq Li .-/+ 1111they are translated to 1112.Dq Li _ 1113before lookup. 1114The variable can contain arguments to 1115.Xr ifconfig 8 , 1116as well as special case-insensitive keywords described below. 1117Such keywords are removed before passing the value to 1118.Xr ifconfig 8 1119while the order of the other arguments is preserved. 1120.Pp 1121It is possible to add IP alias entries using 1122.Xr ifconfig 8 1123syntax with the address family keyword such as 1124.Li inet . 1125Assuming that the interface in question was 1126.Li ed0 , 1127it might look something like this: 1128.Bd -literal 1129ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1130ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1131.Ed 1132.Pp 1133It also possible to configure multiple IP addresses in Classless 1134Inter-Domain Routing 1135.Pq CIDR 1136address notation, 1137whose each address component can be a range like 1138.Li inet 192.0.2.5-23/24 1139or 1140.Li inet6 2001:db8:1-f::1/64 . 1141This notation allows address and prefix length part only, 1142not the other address modifiers. 1143.Pp 1144In the case of 1145.Li 192.0.2.5-23/24 , 1146the address 192.0.2.5 will be configured with the 1147netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1148the non-conflicting netmask /32 as explained in the 1149.Xr ifconfig 8 1150alias section. 1151Note that this special netmask handling is only for 1152.Li inet , 1153not for the other address families such as 1154.Li inet6 . 1155.Pp 1156With the interface in question being 1157.Li ed0 , 1158an example could look like: 1159.Bd -literal 1160ifconfig_ed0_alias2="inet 192.0.2.129/27" 1161ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1162.Ed 1163.Pp 1164and so on. 1165.Pp 1166Note that 1167.Va ipv4_addrs_ Ns Aq Ar interface 1168variable was supported for IPv4 CIDR address notation. 1169It is now deprecated because the functionality was integrated into 1170.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1171though 1172.Va ipv4_addrs_ Ns Aq Ar interface 1173is still supported for backward compatibility. 1174.Pp 1175For each 1176.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1177entry with an address family keyword, 1178its contents are passed to 1179.Xr ifconfig 8 . 1180Execution stops at the first unsuccessful access, so if 1181something like this is present: 1182.Bd -literal 1183ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1184ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1185ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1186ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1187.Ed 1188.Pp 1189Then note that alias4 would 1190.Em not 1191be added since the search would 1192stop with the missing 1193.Dq Li alias3 1194entry. 1195Because of this difficult to manage behavior, 1196there is 1197.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1198variable, which has the same functionality as 1199.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1200and can have all of entries in a variable like the following: 1201.Bd -literal 1202ifconfig_ed0_aliases="\\ 1203 inet 127.0.0.251 netmask 0xffffffff \\ 1204 inet 127.0.0.252 netmask 0xffffffff \\ 1205 inet 127.0.0.253 netmask 0xffffffff \\ 1206 inet 127.0.0.254 netmask 0xffffffff" 1207.Ed 1208.Pp 1209It also supports CIDR notation. 1210.Pp 1211If the 1212.Pa /etc/start_if. Ns Aq Ar interface 1213file is present, it is read and executed by the 1214.Xr sh 1 1215interpreter 1216before configuring the interface as specified in the 1217.Va ifconfig_ Ns Aq Ar interface 1218and 1219.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1220variables. 1221.Pp 1222If a 1223.Va vlans_ Ns Aq Ar interface 1224variable is set, 1225a 1226.Xr vlan 4 1227interface will be created for each item in the list with the 1228.Ar vlandev 1229argument set to 1230.Ar interface . 1231If a vlan interface's name is a number, 1232then that number is used as the vlan tag and the new vlan interface is 1233named 1234.Ar interface . Ns Ar tag . 1235Otherwise, 1236the vlan tag must be specified via a 1237.Va vlan 1238parameter in the 1239.Va create_args_ Ns Aq Ar interface 1240variable. 1241.Pp 1242To create a vlan device named 1243.Li em0.101 1244on 1245.Li em0 1246with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1247.Bd -literal 1248vlans_em0="101" 1249ifconfig_em0_101="inet 192.0.2.1/24" 1250.Ed 1251.Pp 1252To create a vlan device named 1253.Li myvlan 1254on 1255.Li em0 1256with the vlan tag 102: 1257.Bd -literal 1258vlans_em0="myvlan" 1259create_args_myvlan="vlan 102" 1260.Ed 1261.Pp 1262If a 1263.Va wlans_ Ns Aq Ar interface 1264variable is set, 1265an 1266.Xr wlan 4 1267interface will be created for each item in the list with the 1268.Ar wlandev 1269argument set to 1270.Ar interface . 1271Further wlan cloning arguments may be passed to the 1272.Xr ifconfig 8 1273.Cm create 1274command by setting the 1275.Va create_args_ Ns Aq Ar interface 1276variable. 1277One or more 1278.Xr wlan 4 1279devices must be created for each wireless devices as of 1280.Fx 8.0 . 1281Debugging flags for 1282.Xr wlan 4 1283devices as set by 1284.Xr wlandebug 8 1285may be specified with an 1286.Va wlandebug_ Ns Aq Ar interface 1287variable. 1288The contents of this variable will be passed directly to 1289.Xr wlandebug 8 . 1290.Pp 1291If the 1292.Va ifconfig_ Ns Aq Ar interface 1293contains the keyword 1294.Dq Li NOAUTO 1295then the interface will not be configured 1296at boot or by 1297.Pa /etc/pccard_ether 1298when 1299.Va network_interfaces 1300is set to 1301.Dq Li AUTO . 1302.Pp 1303It is possible to bring up an interface with DHCP by adding 1304.Dq Li DHCP 1305to the 1306.Va ifconfig_ Ns Aq Ar interface 1307variable. 1308For instance, to initialize the 1309.Li ed0 1310device via DHCP, 1311it is possible to use something like: 1312.Bd -literal 1313ifconfig_ed0="DHCP" 1314.Ed 1315.Pp 1316If you want to configure your wireless interface with 1317.Xr wpa_supplicant 8 1318for use with WPA, EAP/LEAP or WEP, you need to add 1319.Dq Li WPA 1320to the 1321.Va ifconfig_ Ns Aq Ar interface 1322variable. 1323.Pp 1324On the other hand, if you want to configure your wireless interface with 1325.Xr hostapd 8 , 1326you need to add 1327.Dq Li HOSTAP 1328to the 1329.Va ifconfig_ Ns Aq Ar interface 1330variable. 1331.Xr hostapd 8 1332will use the settings from 1333.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1334.Pp 1335Finally, you can add 1336.Xr ifconfig 8 1337options in this variable, in addition to the 1338.Pa /etc/start_if. Ns Aq Ar interface 1339file. 1340For instance, to configure an 1341.Xr ath 4 1342wireless device in station mode with an address obtained 1343via DHCP, using WPA authentication and 802.11b mode, it is 1344possible to use something like: 1345.Bd -literal 1346wlans_ath0="wlan0" 1347ifconfig_wlan0="DHCP WPA mode 11b" 1348.Ed 1349.Pp 1350In addition to the 1351.Va ifconfig_ Ns Aq Ar interface 1352form, a fallback variable 1353.Va ifconfig_DEFAULT 1354may be configured. 1355It will be used for all interfaces with no 1356.Va ifconfig_ Ns Aq Ar interface 1357variable. 1358This is intended to replace the no longer supported 1359.Va pccard_ifconfig 1360variable. 1361.Pp 1362It is also possible to rename an interface by doing: 1363.Bd -literal 1364ifconfig_ed0_name="net0" 1365ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1366.Ed 1367.It Va ipv6_enable 1368.Pq Vt bool 1369This variable is deprecated. 1370Use 1371.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1372and 1373.Va ipv6_activate_all_interfaces 1374if necessary. 1375.Pp 1376If the variable is 1377.Dq Li YES , 1378.Dq Li inet6 accept_rtadv 1379is added to all of 1380.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1381and the 1382.Va ipv6_activate_all_interfaces 1383is defined as 1384.Dq Li YES . 1385.It Va ipv6_prefer 1386.Pq Vt bool 1387This variable is deprecated. 1388Use 1389.Va ip6addrctl_policy 1390instead. 1391.Pp 1392If the variable is 1393.Dq Li YES , 1394the default address selection policy table set by 1395.Xr ip6addrctl 8 1396will be IPv6-preferred. 1397.Pp 1398If the variable is 1399.Dq Li NO , 1400the default address selection policy table set by 1401.Xr ip6addrctl 8 1402will be IPv4-preferred. 1403.It Va ipv6_activate_all_interfaces 1404.Pq Vt bool 1405This controls initial configuration on IPv6-capable 1406interfaces with no corresponding 1407.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1408variable. 1409Note that it is not always necessary to set this variable to 1410.Dq YES 1411to use IPv6 functionality on 1412.Fx . 1413In most cases, just configuring 1414.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1415variables works. 1416.Pp 1417If the variable is 1418.Dq Li NO , 1419all interfaces which do not have a corresponding 1420.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1421variable will be marked as 1422.Dq Li IFDISABLED 1423at creation. 1424This means that all of IPv6 functionality on that interface 1425is completely disabled to enforce a security policy. 1426If the variable is set to 1427.Dq YES , 1428the flag will be cleared on all of the interfaces. 1429.Pp 1430In most cases, just defining an 1431.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1432for an IPv6-capable interface should be sufficient. 1433However, if an interface is added dynamically 1434.Pq by some tunneling protocols such as PPP, for example , 1435it is often difficult to define the variable in advance. 1436In such a case, configuring the 1437.Dq Li IFDISABLED 1438flag can be disabled by setting this variable to 1439.Dq YES . 1440.Pp 1441For more details of the 1442.Dq Li IFDISABLED 1443flag and keywords 1444.Dq Li inet6 ifdisabled , 1445see 1446.Xr ifconfig 8 . 1447.Pp 1448Default is 1449.Dq Li NO . 1450.It Va ipv6_privacy 1451.Pq Vt bool 1452If the variable is 1453.Dq Li YES 1454privacy addresses will be generated for each IPv6 1455interface as described in RFC 4941. 1456.It Va ipv6_network_interfaces 1457.Pq Vt str 1458This is the IPv6 equivalent of 1459.Va network_interfaces . 1460Normally manual configuration of this variable is not needed. 1461.Pp 1462.It Va ipv6_cpe_wanif 1463.Pq Vt str 1464If the variable is set to an interface name, 1465the 1466.Xr ifconfig 8 1467options 1468.Dq inet6 -no_radr accept_rtadv 1469will be added to the specified interface automatically before evaluating 1470.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1471and two 1472.Xr sysctl 8 1473variables 1474.Va net.inet6.ip6.rfc6204w3 1475and 1476.Va net.inet6.ip6.no_radr 1477will be set to 1. 1478.Pp 1479This means the specified interface will accept ICMPv6 Router 1480Advertisement messages on that link and add the discovered 1481routers into the Default Router List. 1482While the other interfaces can still accept RA messages if the 1483.Dq inet6 accept_rtadv 1484option is specified, adding 1485routes into the Default Router List will be disabled by 1486.Dq inet6 no_radr 1487option by default. 1488See 1489.Xr ifconfig 8 1490for more details. 1491.Pp 1492Note that ICMPv6 Router Advertisement messages will be 1493accepted even when 1494.Va net.inet6.ip6.forwarding 1495is 1 1496.Pq packet forwarding is enabled 1497when 1498.Va net.inet6.ip6.rfc6204w3 1499is set to 1. 1500.Pp 1501Default is 1502.Dq Li NO . 1503.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1504.Pq Vt str 1505IPv6 functionality on an interface should be configured by 1506.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1507instead of setting ifconfig parameters in 1508.Va ifconfig_ Ns Aq Ar interface . 1509If this variable is empty, all of IPv6 configurations on the 1510specified interface by other variables such as 1511.Va ipv6_prefix_ Ns Ao Ar interface Ac 1512will be ignored. 1513.Pp 1514Aliases should be set by 1515.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1516with 1517.Dq Li inet6 1518keyword. 1519For example: 1520.Bd -literal 1521ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1522ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1523.Ed 1524.Pp 1525Interfaces that have an 1526.Dq Li inet6 accept_rtadv 1527keyword in 1528.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1529setting will be automatically configured by SLAAC 1530.Pq StateLess Address AutoConfiguration 1531described in 1532.Rs 1533.%T "RFC 4862" 1534.Re 1535.Pp 1536Note that a link-local address will be automatically configured in 1537addition to the configured global-scope addresses because the IPv6 1538specifications require it on each link. 1539The address is calculated from the MAC address by using an algorithm 1540defined in 1541.Rs 1542.%T "RFC 4862" 1543.%O "Section 5.3" 1544.Re 1545.Pp 1546If only a link-local address is needed on the interface, 1547the following configuration can be used: 1548.Bd -literal 1549ifconfig_ed0_ipv6="inet6 auto_linklocal" 1550.Ed 1551.Pp 1552A link-local address can also be configured manually. 1553This is useful for the default router address of an IPv6 router 1554so that it does not change when the network interface 1555card is replaced. 1556For example: 1557.Bd -literal 1558ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1559.Ed 1560.It Va ipv6_prefix_ Ns Aq Ar interface 1561.Pq Vt str 1562If one or more prefixes are defined in 1563.Va ipv6_prefix_ Ns Aq Ar interface 1564addresses based on each prefix and the EUI-64 interface index will be 1565configured on that interface. 1566Note that this variable will be ignored when 1567.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1568is empty. 1569.Pp 1570For example, the following configuration 1571.Bd -literal 1572ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1573.Ed 1574.Pp 1575is equivalent to the following: 1576.Bd -literal 1577ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1578ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1579ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1580ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1581.Ed 1582.Pp 1583These Subnet-Router anycast addresses will be added only when 1584.Va ipv6_gateway_enable 1585is YES. 1586.It Va ipv6_default_interface 1587.Pq Vt str 1588If not set to 1589.Dq Li NO , 1590this is the default output interface for scoped addresses. 1591This works only with ipv6_gateway_enable="NO". 1592.It Va ip6addrctl_enable 1593.Pq Vt bool 1594This variable is to enable configuring default address selection policy table 1595.Pq RFC 3484 . 1596The table can be specified in another variable 1597.Va ip6addrctl_policy . 1598For 1599.Va ip6addrctl_policy 1600the following keywords can be specified: 1601.Dq Li ipv4_prefer , 1602.Dq Li ipv6_prefer , 1603or 1604.Dq Li AUTO . 1605.Pp 1606If 1607.Dq Li ipv4_prefer 1608or 1609.Dq Li ipv6_prefer 1610is specified, 1611.Xr ip6addrctl 8 1612installs a pre-defined policy table described in Section 2.1 1613.Pq IPv6-preferred 1614or 10.3 1615.Pq IPv4-preferred 1616of RFC 3484. 1617.Pp 1618If 1619.Dq Li AUTO 1620is specified, it attempts to read a file 1621.Pa /etc/ip6addrctl.conf 1622first. 1623If this file is found, 1624.Xr ip6addrctl 8 1625reads and installs it. 1626If not found, a policy is automatically set 1627according to 1628.Va ipv6_activate_all_interfaces 1629variable; if the variable is set to 1630.Dq Li YES 1631the IPv6-preferred one is used. 1632Otherwise IPv4-preferred. 1633.Pp 1634The default value of 1635.Va ip6addrctl_enable 1636and 1637.Va ip6addrctl_policy 1638are 1639.Dq Li YES 1640and 1641.Dq Li AUTO , 1642respectively. 1643.It Va cloned_interfaces 1644.Pq Vt str 1645Set to the list of clonable network interfaces to create on this host. 1646Further cloning arguments may be passed to the 1647.Xr ifconfig 8 1648.Cm create 1649command for each interface by setting the 1650.Va create_args_ Ns Aq Ar interface 1651variable. 1652If an interface name is specified with 1653.Dq :sticky 1654keyword, 1655the interface will not be destroyed even when 1656.Pa rc.d/netif 1657script is invoked with 1658.Dq stop 1659argument. 1660This is useful when reconfiguring the interface without destroying it. 1661Entries in 1662.Va cloned_interfaces 1663are automatically appended to 1664.Va network_interfaces 1665for configuration. 1666.It Va cloned_interfaces_sticky 1667.Pq Vt bool 1668This variable is to globally enable functionality of 1669.Dq :sticky 1670keyword in 1671.Va cloned_interfaces 1672for all interfaces. 1673The default value is 1674.Dq NO . 1675Even if this variable is specified to 1676.Dq YES , 1677.Dq :nosticky 1678keyword can be used to override it on per interface basis. 1679.It Va fec_interfaces 1680.Pq Vt str 1681Set to the list of 1682.Xr ng_fec 4 1683Fast EtherChannel interfaces to configure on this host. 1684A 1685.Va fecconfig_ Ns Aq Ar interface 1686variable is assumed to exist for each value of 1687.Ar interface . 1688The value of this variable is used to configure link aggregated interfaces 1689according to the syntax of the 1690.Cm NGM_FEC_ADD_IFACE 1691to 1692.Xr ngctl 8 1693msg. 1694Additionally, this option ensures that each listed interface is created 1695via the 1696.Cm mkpeer 1697command to 1698.Xr ngctl 8 1699before attempting to configure it. 1700For example: 1701.Bd -literal 1702fec_interfaces="fec0" 1703fecconfig_fec0="em0 em1" 1704ifconfig_fec0="DHCP" 1705.Ed 1706.It Va gif_interfaces 1707.Pq Vt str 1708This variable is deprecated in favor of 1709.Va cloned_interfaces . 1710Set to the list of 1711.Xr gif 4 1712tunnel interfaces to configure on this host. 1713A 1714.Va gifconfig_ Ns Aq Ar interface 1715variable is assumed to exist for each value of 1716.Ar interface . 1717The value of this variable is used to configure the link layer of the 1718tunnel according to the syntax of the 1719.Cm tunnel 1720option to 1721.Xr ifconfig 8 . 1722Additionally, this option ensures that each listed interface is created 1723via the 1724.Cm create 1725option to 1726.Xr ifconfig 8 1727before attempting to configure it. 1728.It Va sppp_interfaces 1729.Pq Vt str 1730Set to the list of 1731.Xr sppp 4 1732interfaces to configure on this host. 1733A 1734.Va spppconfig_ Ns Aq Ar interface 1735variable is assumed to exist for each value of 1736.Ar interface . 1737Each interface should also be configured by a general 1738.Va ifconfig_ Ns Aq Ar interface 1739setting. 1740Refer to 1741.Xr spppcontrol 8 1742for more information about available options. 1743.It Va ppp_enable 1744.Pq Vt bool 1745If set to 1746.Dq Li YES , 1747run the 1748.Xr ppp 8 1749daemon. 1750.It Va ppp_profile 1751.Pq Vt str 1752The name of the profile to use from 1753.Pa /etc/ppp/ppp.conf . 1754Also used for per-profile overrides of 1755.Va ppp_mode 1756and 1757.Va ppp_nat , 1758and 1759.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1760When the profile name contains any of the characters 1761.Dq Li .-/+ 1762they are translated to 1763.Dq Li _ 1764for the proposes of the override variable names. 1765.It Va ppp_mode 1766.Pq Vt str 1767Mode in which to run the 1768.Xr ppp 8 1769daemon. 1770.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1771.Pq Vt str 1772Overrides the global 1773.Va ppp_mode 1774for 1775.Ar profile . 1776Accepted modes are 1777.Dq Li auto , 1778.Dq Li ddial , 1779.Dq Li direct 1780and 1781.Dq Li dedicated . 1782See the manual for a full description. 1783.It Va ppp_nat 1784.Pq Vt bool 1785If set to 1786.Dq Li YES , 1787enables network address translation. 1788Used in conjunction with 1789.Va gateway_enable 1790allows hosts on private network addresses access to the Internet using 1791this host as a network address translating router. 1792.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1793.Pq Vt str 1794Overrides the global 1795.Va ppp_nat 1796for 1797.Ar profile . 1798.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1799.Pq Vt int 1800Set the unit number to be used for this profile. 1801See the manual description of 1802.Fl unit Ns Ar N 1803for details. 1804.It Va ppp_user 1805.Pq Vt str 1806The name of the user under which 1807.Xr ppp 8 1808should be started. 1809By 1810default, 1811.Xr ppp 8 1812is started as 1813.Dq Li root . 1814.It Va rc_conf_files 1815.Pq Vt str 1816This option is used to specify a list of files that will override 1817the settings in 1818.Pa /etc/defaults/rc.conf . 1819The files will be read in the order in which they are specified and should 1820include the full path to the file. 1821By default, the files specified are 1822.Pa /etc/rc.conf 1823and 1824.Pa /etc/rc.conf.local 1825.It Va zfs_enable 1826.Pq Vt bool 1827If set to 1828.Dq Li YES , 1829.Pa /etc/rc.d/zfs 1830will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1831(ZVOLs). 1832.It Va gptboot_enable 1833.Pq Vt bool 1834If set to 1835.Dq Li YES , 1836.Pa /etc/rc.d/gptboot 1837will log if the system successfully (or not) booted from a GPT partition, 1838which had the 1839.Ar bootonce 1840attribute set using 1841.Xr gpart 8 1842utility. 1843.It Va gbde_autoattach_all 1844.Pq Vt bool 1845If set to 1846.Dq Li YES , 1847.Pa /etc/rc.d/gbde 1848will attempt to automatically initialize your .bde devices in 1849.Pa /etc/fstab . 1850.It Va gbde_devices 1851.Pq Vt str 1852List the devices that the script should try to attach, 1853or 1854.Dq Li AUTO . 1855.It Va gbde_lockdir 1856.Pq Vt str 1857The directory where the 1858.Xr gbde 4 1859lockfiles are located. 1860The default lockfile directory is 1861.Pa /etc . 1862.Pp 1863The lockfile for each individual 1864.Xr gbde 4 1865device can be overridden by setting the variable 1866.Va gbde_lock_ Ns Aq Ar device , 1867where 1868.Ar device 1869is the encrypted device without the 1870.Dq Pa /dev/ 1871and 1872.Dq Pa .bde 1873parts. 1874.It Va gbde_attach_attempts 1875.Pq Vt int 1876Number of times to attempt attaching to a 1877.Xr gbde 4 1878device, i.e., how many times the user is asked for the pass-phrase. 1879Default is 3. 1880.It Va geli_devices 1881.Pq Vt str 1882List of devices to automatically attach on boot. 1883Note that .eli devices from 1884.Pa /etc/fstab 1885are automatically appended to this list. 1886.It Va geli_tries 1887.Pq Vt int 1888Number of times user is asked for the pass-phrase. 1889If empty, it will be taken from 1890.Va kern.geom.eli.tries 1891sysctl variable. 1892.It Va geli_default_flags 1893.Pq Vt str 1894Default flags to use by 1895.Xr geli 8 1896when configuring disk encryption. 1897Flags can be configured for every device separately by defining 1898.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1899variable. 1900.It Va geli_autodetach 1901.Pq Vt str 1902Specifies if GELI devices should be marked for detach on last close after 1903file systems are mounted. 1904Default is 1905.Dq Li YES . 1906This can be changed for every device separately by defining 1907.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1908variable. 1909.It Va root_rw_mount 1910.Pq Vt bool 1911Set to 1912.Dq Li YES 1913by default. 1914After the file systems are checked at boot time, the root file system 1915is remounted as read-write if this is set to 1916.Dq Li YES . 1917Diskless systems that mount their root file system from a read-only remote 1918NFS share should set this to 1919.Dq Li NO 1920in their 1921.Pa rc.conf . 1922.It Va fsck_y_enable 1923.Pq Vt bool 1924If set to 1925.Dq Li YES , 1926.Xr fsck 8 1927will be run with the 1928.Fl y 1929flag if the initial preen 1930of the file systems fails. 1931.It Va background_fsck 1932.Pq Vt bool 1933If set to 1934.Dq Li YES , 1935the system will attempt to run 1936.Xr fsck 8 1937in the background where possible. 1938.It Va background_fsck_delay 1939.Pq Vt int 1940The amount of time in seconds to sleep before starting a background 1941.Xr fsck 8 . 1942It defaults to sixty seconds to allow large applications such as 1943the X server to start before disk I/O bandwidth is monopolized by 1944.Xr fsck 8 . 1945If set to a negative number, the background file system check will be 1946delayed indefinitely to allow the administrator to run it at a more 1947convenient time. 1948For example it may be run from 1949.Xr cron 8 1950by adding a line like 1951.Pp 1952.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1953.Pp 1954to 1955.Pa /etc/crontab . 1956.It Va netfs_types 1957.Pq Vt str 1958List of file system types that are network-based. 1959This list should generally not be modified by end users. 1960Use 1961.Va extra_netfs_types 1962instead. 1963.It Va extra_netfs_types 1964.Pq Vt str 1965If set to something other than 1966.Dq Li NO 1967(the default), 1968this variable extends the list of file system types 1969for which automatic mounting at startup by 1970.Xr rc 8 1971should be delayed until the network is initialized. 1972It should contain 1973a whitespace-separated list of network file system descriptor pairs, 1974each consisting of a file system type as passed to 1975.Xr mount 8 1976and a human-readable, one-word description, 1977joined with a colon 1978.Pq Ql \&: . 1979Extending the default list in this way is only necessary 1980when third party file system types are used. 1981.It Va syslogd_enable 1982.Pq Vt bool 1983If set to 1984.Dq Li YES , 1985run the 1986.Xr syslogd 8 1987daemon. 1988.It Va syslogd_program 1989.Pq Vt str 1990Path to 1991.Xr syslogd 8 1992(default 1993.Pa /usr/sbin/syslogd ) . 1994.It Va syslogd_flags 1995.Pq Vt str 1996If 1997.Va syslogd_enable 1998is set to 1999.Dq Li YES , 2000these are the flags to pass to 2001.Xr syslogd 8 . 2002.It Va inetd_enable 2003.Pq Vt bool 2004If set to 2005.Dq Li YES , 2006run the 2007.Xr inetd 8 2008daemon. 2009.It Va inetd_program 2010.Pq Vt str 2011Path to 2012.Xr inetd 8 2013(default 2014.Pa /usr/sbin/inetd ) . 2015.It Va inetd_flags 2016.Pq Vt str 2017If 2018.Va inetd_enable 2019is set to 2020.Dq Li YES , 2021these are the flags to pass to 2022.Xr inetd 8 . 2023.It Va hastd_enable 2024.Pq Vt bool 2025If set to 2026.Dq Li YES , 2027run the 2028.Xr hastd 8 2029daemon. 2030.It Va hastd_program 2031.Pq Vt str 2032Path to 2033.Xr hastd 8 2034(default 2035.Pa /sbin/hastd ) . 2036.It Va hastd_flags 2037.Pq Vt str 2038If 2039.Va hastd_enable 2040is set to 2041.Dq Li YES , 2042these are the flags to pass to 2043.Xr hastd 8 . 2044.It Va local_unbound_enable 2045.Pq Vt bool 2046If set to 2047.Dq Li YES , 2048run the 2049.Xr unbound 8 2050daemon as a local caching resolver. 2051.It Va named_enable 2052.Pq Vt bool 2053If set to 2054.Dq Li YES , 2055run the 2056.Xr named 8 2057daemon. 2058.It Va named_program 2059.Pq Vt str 2060Path to 2061.Xr named 8 2062(default 2063.Pa /usr/sbin/named ) . 2064.It Va named_conf 2065.Pq Vt str 2066Path to 2067.Xr named 8 2068configuration file, (default 2069.Pa /etc/namedb/named.conf ) . 2070.It Va named_flags 2071.Pq Vt str 2072If 2073.Va named_enable 2074is set to 2075.Dq Li YES , 2076these are the flags to pass to 2077.Xr named 8 . 2078.It Va named_uid 2079.Pq Vt str 2080The user that the 2081.Xr named 8 2082process should be run as. 2083.It Va named_chrootdir 2084.Pq Vt str 2085The root directory for a name server run in a 2086.Xr chroot 8 2087environment (default 2088.Pa /var/named ) . 2089If left empty 2090.Xr named 8 2091will not be run in a 2092.Xr chroot 8 2093environment. 2094.It Va named_chroot_autoupdate 2095.Pq Vt bool 2096Set to 2097.Dq Li NO 2098to disable automatic update of the 2099.Xr chroot 8 2100environment. 2101.It Va named_symlink_enable 2102.Pq Vt bool 2103Set to 2104.Dq Li NO 2105to disable symlinking of 2106daemon's PID file 2107into the 2108.Xr chroot 8 2109environment. 2110.It Va named_wait 2111.Pq Vt bool 2112Set to have 2113.Pa /etc/rc.d/named 2114loop until working name service is established. 2115.It Va named_wait_host 2116.Pq Vt str 2117Name of host to lookup for the named_wait option. 2118(Default localhost) 2119.It Va named_auto_forward 2120.Pq Vt bool 2121Set to enable automatic creation of a forwarder 2122configuration file derived from 2123.Pa /etc/resolv.conf . 2124.It Va named_auto_forward_only 2125.Pq Vt bool 2126Set to change the default forwarder configuration from 2127.Dq forward first 2128to 2129.Dq forward only . 2130.It Va kerberos5_server_enable 2131.Pq Vt bool 2132Set to 2133.Dq Li YES 2134to start a Kerberos 5 authentication server 2135at boot time. 2136.It Va kerberos5_server 2137.Pq Vt str 2138If 2139.Va kerberos5_server_enable 2140is set to 2141.Dq Li YES 2142this is the path to Kerberos 5 Authentication Server. 2143.It Va kerberos5_server_flags 2144.Pq Vt str 2145Empty by default. 2146This variable contains additional flags to be passed to the Kerberos 5 2147authentication server. 2148.It Va kadmind5_server_enable 2149.Pq Vt bool 2150Set to 2151.Dq Li YES 2152to start 2153.Xr kadmind 8 , 2154the Kerberos 5 Administration Daemon; set to 2155.Dq Li NO 2156on a slave server. 2157.It Va kadmind5_server 2158.Pq Vt str 2159If 2160.Va kadmind5_server_enable 2161is set to 2162.Dq Li YES 2163this is the path to Kerberos 5 Administration Daemon. 2164.It Va kpasswdd_server_enable 2165.Pq Vt bool 2166Set to 2167.Dq Li YES 2168to start 2169.Xr kpasswdd 8 , 2170the Kerberos 5 Password-Changing Daemon; set to 2171.Dq Li NO 2172on a slave server. 2173.It Va kpasswdd_server 2174.Pq Vt str 2175If 2176.Va kpasswdd_server_enable 2177is set to 2178.Dq Li YES 2179this is the path to Kerberos 5 Password-Changing Daemon. 2180.It Va kfd_enable 2181.Pq Vt bool 2182Set to 2183.Dq Li YES 2184to start 2185.Xr kfd 8 , 2186the Kerberos 5 ticket forwarding daemon, at the boot time. 2187.It Va kfd_program 2188.Pq Vt str 2189Path to 2190.Xr kfd 8 2191(default 2192.Pa /usr/libexec/kfd ) . 2193.It Va rwhod_enable 2194.Pq Vt bool 2195If set to 2196.Dq Li YES , 2197run the 2198.Xr rwhod 8 2199daemon at boot time. 2200.It Va rwhod_flags 2201.Pq Vt str 2202If 2203.Va rwhod_enable 2204is set to 2205.Dq Li YES , 2206these are the flags to pass to it. 2207.It Va amd_enable 2208.Pq Vt bool 2209If set to 2210.Dq Li YES , 2211run the 2212.Xr amd 8 2213daemon at boot time. 2214.It Va amd_flags 2215.Pq Vt str 2216If 2217.Va amd_enable 2218is set to 2219.Dq Li YES , 2220these are the flags to pass to it. 2221See the 2222.Xr amd 8 2223manpage for more information. 2224.It Va amd_map_program 2225.Pq Vt str 2226If set, 2227the specified program is run to get the list of 2228.Xr amd 8 2229maps. 2230For example, if the 2231.Xr amd 8 2232maps are stored in NIS, one can set this to 2233run 2234.Xr ypcat 1 2235to get a list of 2236.Xr amd 8 2237maps from the 2238.Pa amd.master 2239NIS map. 2240.It Va update_motd 2241.Pq Vt bool 2242If set to 2243.Dq Li YES , 2244.Pa /etc/motd 2245will be updated at boot time to reflect the kernel release 2246being run. 2247If set to 2248.Dq Li NO , 2249.Pa /etc/motd 2250will not be updated. 2251.It Va nfs_client_enable 2252.Pq Vt bool 2253If set to 2254.Dq Li YES , 2255run the NFS client daemons at boot time. 2256.It Va nfs_access_cache 2257.Pq Vt int 2258If 2259.Va nfs_client_enable 2260is set to 2261.Dq Li YES , 2262this can be set to 2263.Dq Li 0 2264to disable NFS ACCESS RPC caching, or to the number of seconds for which 2265NFS ACCESS 2266results should be cached. 2267A value of 2-10 seconds will substantially reduce network 2268traffic for many NFS operations. 2269.It Va nfs_server_enable 2270.Pq Vt bool 2271If set to 2272.Dq Li YES , 2273run the NFS server daemons at boot time. 2274.It Va nfs_server_flags 2275.Pq Vt str 2276If 2277.Va nfs_server_enable 2278is set to 2279.Dq Li YES , 2280these are the flags to pass to the 2281.Xr nfsd 8 2282daemon. 2283.It Va nfsv4_server_enable 2284.Pq Vt bool 2285If 2286.Va nfs_server_enable 2287is set to 2288.Dq Li YES 2289and 2290.Va nfsv4_server_enable 2291are set to 2292.Dq Li YES , 2293enable the server for NFSv4 as well as NFSv2 and NFSv3. 2294.It Va nfsuserd_enable 2295.Pq Vt bool 2296If 2297.Va nfsuserd_enable 2298is set to 2299.Dq Li YES , 2300run the nfsuserd daemon, which is needed for NFSv4 in order 2301to map between user/group names vs uid/gid numbers. 2302If 2303.Va nfsv4_server_enable 2304is set to 2305.Dq Li YES , 2306this will be forced enabled. 2307.It Va nfsuserd_flags 2308.Pq Vt str 2309If 2310.Va nfsuserd_enable 2311is set to 2312.Dq Li YES , 2313these are the flags to pass to the 2314.Xr nfsuserd 8 2315daemon. 2316.It Va nfscbd_enable 2317.Pq Vt bool 2318If 2319.Va nfscbd_enable 2320is set to 2321.Dq Li YES , 2322run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2323.It Va nfscbd_flags 2324.Pq Vt str 2325If 2326.Va nfscbd_enable 2327is set to 2328.Dq Li YES , 2329these are the flags to pass to the 2330.Xr nfscbd 8 2331daemon. 2332.It Va oldnfs_server_enable 2333.Pq Vt bool 2334If 2335.Va oldnfs_server_enable 2336is set to 2337.Dq Li YES , 2338force the NFS server daemons to run the old NFS server code 2339that does not support NFSv4. 2340.It Va mountd_enable 2341.Pq Vt bool 2342If set to 2343.Dq Li YES , 2344and no 2345.Va nfs_server_enable 2346is set, start 2347.Xr mountd 8 , 2348but not 2349.Xr nfsd 8 2350daemon. 2351It is commonly needed to run CFS without real NFS used. 2352.It Va mountd_flags 2353.Pq Vt str 2354If 2355.Va mountd_enable 2356is set to 2357.Dq Li YES , 2358these are the flags to pass to the 2359.Xr mountd 8 2360daemon. 2361.It Va weak_mountd_authentication 2362.Pq Vt bool 2363If set to 2364.Dq Li YES , 2365allow services like PCNFSD to make non-privileged mount 2366requests. 2367.It Va nfs_reserved_port_only 2368.Pq Vt bool 2369If set to 2370.Dq Li YES , 2371provide NFS services only on a secure port. 2372.It Va nfs_bufpackets 2373.Pq Vt int 2374If set to a number, indicates the number of packets worth of 2375socket buffer space to reserve on an NFS client. 2376The kernel default is typically 4. 2377Using a higher number may be 2378useful on gigabit networks to improve performance. 2379The minimum value is 23802 and the maximum is 64. 2381.It Va rpc_lockd_enable 2382.Pq Vt bool 2383If set to 2384.Dq Li YES 2385and also an NFS server or client, run 2386.Xr rpc.lockd 8 2387at boot time. 2388.It Va rpc_lockd_flags 2389.Pq Vt str 2390If 2391.Va rpc_lockd_enable 2392is set to 2393.Dq Li YES , 2394these are the flags to pass to the 2395.Xr rpc.lockd 8 2396daemon. 2397.It Va rpc_statd_enable 2398.Pq Vt bool 2399If set to 2400.Dq Li YES 2401and also an NFS server or client, run 2402.Xr rpc.statd 8 2403at boot time. 2404.It Va rpc_statd_flags 2405.Pq Vt str 2406If 2407.Va rpc_statd_enable 2408is set to 2409.Dq Li YES , 2410these are the flags to pass to the 2411.Xr rpc.statd 8 2412daemon. 2413.It Va rpcbind_program 2414.Pq Vt str 2415Path to 2416.Xr rpcbind 8 2417(default 2418.Pa /usr/sbin/rpcbind ) . 2419.It Va rpcbind_enable 2420.Pq Vt bool 2421If set to 2422.Dq Li YES , 2423run the 2424.Xr rpcbind 8 2425service at boot time. 2426.It Va rpcbind_flags 2427.Pq Vt str 2428If 2429.Va rpcbind_enable 2430is set to 2431.Dq Li YES , 2432these are the flags to pass to the 2433.Xr rpcbind 8 2434daemon. 2435.It Va keyserv_enable 2436.Pq Vt bool 2437If set to 2438.Dq Li YES , 2439run the 2440.Xr keyserv 8 2441daemon on boot for running Secure RPC. 2442.It Va keyserv_flags 2443.Pq Vt str 2444If 2445.Va keyserv_enable 2446is set to 2447.Dq Li YES , 2448these are the flags to pass to 2449.Xr keyserv 8 2450daemon. 2451.It Va pppoed_enable 2452.Pq Vt bool 2453If set to 2454.Dq Li YES , 2455run the 2456.Xr pppoed 8 2457daemon at boot time to provide PPP over Ethernet services. 2458.It Va pppoed_ Ns Aq Ar provider 2459.Pq Vt str 2460.Xr pppoed 8 2461listens to requests to this 2462.Ar provider 2463and ultimately runs 2464.Xr ppp 8 2465with a 2466.Ar system 2467argument of the same name. 2468.It Va pppoed_flags 2469.Pq Vt str 2470Additional flags to pass to 2471.Xr pppoed 8 . 2472.It Va pppoed_interface 2473.Pq Vt str 2474The network interface to run 2475.Xr pppoed 8 2476on. 2477This is mandatory when 2478.Va pppoed_enable 2479is set to 2480.Dq Li YES . 2481.It Va timed_enable 2482.Pq Vt bool 2483If set to 2484.Dq Li YES , 2485run the 2486.Xr timed 8 2487service at boot time. 2488This command is intended for networks of 2489machines where a consistent 2490.Dq "network time" 2491for all hosts must be established. 2492This is often useful in large NFS 2493environments where time stamps on files are expected to be consistent 2494network-wide. 2495.It Va timed_flags 2496.Pq Vt str 2497If 2498.Va timed_enable 2499is set to 2500.Dq Li YES , 2501these are the flags to pass to the 2502.Xr timed 8 2503service. 2504.It Va ntpdate_enable 2505.Pq Vt bool 2506If set to 2507.Dq Li YES , 2508run 2509.Xr ntpdate 8 2510at system startup. 2511This command is intended to 2512synchronize the system clock only 2513.Em once 2514from some standard reference. 2515.It Va ntpdate_config 2516.Pq Vt str 2517Configuration file for 2518.Xr ntpdate 8 . 2519Default 2520.Pa /etc/ntp.conf . 2521.It Va ntpdate_hosts 2522.Pq Vt str 2523A whitespace-separated list of NTP servers to synchronize with at startup. 2524The default is to use the servers listed in 2525.Va ntpdate_config , 2526if that file exists. 2527.It Va ntpdate_program 2528.Pq Vt str 2529Path to 2530.Xr ntpdate 8 2531(default 2532.Pa /usr/sbin/ntpdate ) . 2533.It Va ntpdate_flags 2534.Pq Vt str 2535If 2536.Va ntpdate_enable 2537is set to 2538.Dq Li YES , 2539these are the flags to pass to the 2540.Xr ntpdate 8 2541command (typically a hostname). 2542.It Va ntpd_enable 2543.Pq Vt bool 2544If set to 2545.Dq Li YES , 2546run the 2547.Xr ntpd 8 2548command at boot time. 2549.It Va ntpd_program 2550.Pq Vt str 2551Path to 2552.Xr ntpd 8 2553(default 2554.Pa /usr/sbin/ntpd ) . 2555.It Va ntpd_config 2556.Pq Vt str 2557Path to 2558.Xr ntpd 8 2559configuration file. 2560Default 2561.Pa /etc/ntp.conf . 2562.It Va ntpd_flags 2563.Pq Vt str 2564If 2565.Va ntpd_enable 2566is set to 2567.Dq Li YES , 2568these are the flags to pass to the 2569.Xr ntpd 8 2570daemon. 2571.It Va ntpd_sync_on_start 2572.Pq Vt bool 2573If set to 2574.Dq Li YES , 2575.Xr ntpd 8 2576is run with the 2577.Fl g 2578flag, which syncs the system's clock on startup. 2579See 2580.Xr ntpd 8 2581for more information regarding the 2582.Fl g 2583option. 2584This is a preferred alternative to using 2585.Xr ntpdate 8 2586or specifying the 2587.Va ntpdate_enable 2588variable. 2589.It Va nis_client_enable 2590.Pq Vt bool 2591If set to 2592.Dq Li YES , 2593run the 2594.Xr ypbind 8 2595service at system boot time. 2596.It Va nis_client_flags 2597.Pq Vt str 2598If 2599.Va nis_client_enable 2600is set to 2601.Dq Li YES , 2602these are the flags to pass to the 2603.Xr ypbind 8 2604service. 2605.It Va nis_ypset_enable 2606.Pq Vt bool 2607If set to 2608.Dq Li YES , 2609run the 2610.Xr ypset 8 2611daemon at system boot time. 2612.It Va nis_ypset_flags 2613.Pq Vt str 2614If 2615.Va nis_ypset_enable 2616is set to 2617.Dq Li YES , 2618these are the flags to pass to the 2619.Xr ypset 8 2620daemon. 2621.It Va nis_server_enable 2622.Pq Vt bool 2623If set to 2624.Dq Li YES , 2625run the 2626.Xr ypserv 8 2627daemon at system boot time. 2628.It Va nis_server_flags 2629.Pq Vt str 2630If 2631.Va nis_server_enable 2632is set to 2633.Dq Li YES , 2634these are the flags to pass to the 2635.Xr ypserv 8 2636daemon. 2637.It Va nis_ypxfrd_enable 2638.Pq Vt bool 2639If set to 2640.Dq Li YES , 2641run the 2642.Xr rpc.ypxfrd 8 2643daemon at system boot time. 2644.It Va nis_ypxfrd_flags 2645.Pq Vt str 2646If 2647.Va nis_ypxfrd_enable 2648is set to 2649.Dq Li YES , 2650these are the flags to pass to the 2651.Xr rpc.ypxfrd 8 2652daemon. 2653.It Va nis_yppasswdd_enable 2654.Pq Vt bool 2655If set to 2656.Dq Li YES , 2657run the 2658.Xr rpc.yppasswdd 8 2659daemon at system boot time. 2660.It Va nis_yppasswdd_flags 2661.Pq Vt str 2662If 2663.Va nis_yppasswdd_enable 2664is set to 2665.Dq Li YES , 2666these are the flags to pass to the 2667.Xr rpc.yppasswdd 8 2668daemon. 2669.It Va rpc_ypupdated_enable 2670.Pq Vt bool 2671If set to 2672.Dq Li YES , 2673run the 2674.Nm rpc.ypupdated 2675daemon at system boot time. 2676.It Va bsnmpd_enable 2677.Pq Vt bool 2678If set to 2679.Dq Li YES , 2680run the 2681.Xr bsnmpd 1 2682daemon at system boot time. 2683Be sure to understand the security implications of running SNMP daemon 2684on your host. 2685.It Va bsnmpd_flags 2686.Pq Vt str 2687If 2688.Va bsnmpd_enable 2689is set to 2690.Dq Li YES , 2691these are the flags to pass to the 2692.Xr bsnmpd 1 2693daemon. 2694.It Va defaultrouter 2695.Pq Vt str 2696If not set to 2697.Dq Li NO , 2698create a default route to this host name or IP address 2699(use an IP address if this router is also required to get to the 2700name server!). 2701.It Va ipv6_defaultrouter 2702.Pq Vt str 2703The IPv6 equivalent of 2704.Va defaultrouter . 2705.It Va static_arp_pairs 2706.Pq Vt str 2707Set to the list of static ARP pairs that are to be added at system 2708boot time. 2709For each whitespace separated 2710.Ar element 2711in the value, a 2712.Va static_arp_ Ns Aq Ar element 2713variable is assumed to exist whose contents will later be passed to a 2714.Dq Nm arp Cm -S 2715operation. 2716For example 2717.Bd -literal 2718static_arp_pairs="gw" 2719static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2720.Ed 2721.It Va static_ndp_pairs 2722.Pq Vt str 2723Set to the list of static NDP pairs that are to be added at system 2724boot time. 2725For each whitespace separated 2726.Ar element 2727in the value, a 2728.Va static_ndp_ Ns Aq Ar element 2729variable is assumed to exist whose contents will later be passed to a 2730.Dq Nm ndp Cm -s 2731operation. 2732For example 2733.Bd -literal 2734static_ndp_pairs="gw" 2735static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2736.Ed 2737.It Va static_routes 2738.Pq Vt str 2739Set to the list of static routes that are to be added at system 2740boot time. 2741If not set to 2742.Dq Li NO 2743then for each whitespace separated 2744.Ar element 2745in the value, a 2746.Va route_ Ns Aq Ar element 2747variable is assumed to exist 2748whose contents will later be passed to a 2749.Dq Nm route Cm add 2750operation. 2751For example: 2752.Bd -literal 2753static_routes="ext mcast:gif0 gif0local:gif0" 2754route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2755route_mcast="-net 224.0.0.0/4 -iface gif0" 2756route_gif0local="-host 169.254.1.1 -iface lo0" 2757.Ed 2758.Pp 2759When an 2760.Ar element 2761is in the form of 2762.Li name:ifname , 2763the route is specific to the interface 2764.Li ifname . 2765.It Va ipv6_static_routes 2766.Pq Vt str 2767The IPv6 equivalent of 2768.Va static_routes . 2769If not set to 2770.Dq Li NO 2771then for each whitespace separated 2772.Ar element 2773in the value, a 2774.Va ipv6_route_ Ns Aq Ar element 2775variable is assumed to exist 2776whose contents will later be passed to a 2777.Dq Nm route Cm add Fl inet6 2778operation. 2779.It Va natm_static_routes 2780.Pq Vt str 2781The 2782.Xr natmip 4 2783equivalent of 2784.Va static_routes . 2785If not empty then for each whitespace separated 2786.Ar element 2787in the value, a 2788.Va route_ Ns Aq Ar element 2789variable is assumed to exist whose contents will later be passed to a 2790.Dq Nm atmconfig Cm natm Cm add 2791operation. 2792.It Va gateway_enable 2793.Pq Vt bool 2794If set to 2795.Dq Li YES , 2796configure host to act as an IP router, e.g.\& to forward packets 2797between interfaces. 2798.It Va ipv6_gateway_enable 2799.Pq Vt bool 2800The IPv6 equivalent of 2801.Va gateway_enable . 2802.It Va routed_enable 2803.Pq Vt bool 2804If set to 2805.Dq Li YES , 2806run a routing daemon of some sort, based on the 2807settings of 2808.Va routed_program 2809and 2810.Va routed_flags . 2811.It Va route6d_enable 2812.Pq Vt bool 2813The IPv6 equivalent of 2814.Va routed_enable . 2815If set to 2816.Dq Li YES , 2817run a routing daemon of some sort, based on the 2818settings of 2819.Va route6d_program 2820and 2821.Va route6d_flags . 2822.It Va routed_program 2823.Pq Vt str 2824If 2825.Va routed_enable 2826is set to 2827.Dq Li YES , 2828this is the name of the routing daemon to use. 2829.It Va route6d_program 2830.Pq Vt str 2831The IPv6 equivalent of 2832.Va routed_program . 2833.It Va routed_flags 2834.Pq Vt str 2835If 2836.Va routed_enable 2837is set to 2838.Dq Li YES , 2839these are the flags to pass to the routing daemon. 2840.It Va route6d_flags 2841.Pq Vt str 2842The IPv6 equivalent of 2843.Va routed_flags . 2844.It Va mrouted_enable 2845.Pq Vt bool 2846If set to 2847.Dq Li YES , 2848run the multicast routing daemon, 2849.Xr mrouted 8 . 2850.It Va mroute6d_enable 2851.Pq Vt bool 2852The IPv6 equivalent of 2853.Va mrouted_enable . 2854If set to 2855.Dq Li YES , 2856run the IPv6 multicast routing daemon. 2857.Pp 2858Note that multicast routing daemons are no longer included in the 2859.Fx 2860base system, however, both 2861.Xr mrouted 8 2862and 2863.Xr pim6dd 8 2864may be installed from the 2865.Fx 2866Ports Collection. 2867.It Va mrouted_flags 2868.Pq Vt str 2869If 2870.Va mrouted_enable 2871is set to 2872.Dq Li YES , 2873these are the flags to pass to the 2874.Xr mrouted 8 2875daemon. 2876.It Va mroute6d_flags 2877.Pq Vt str 2878The IPv6 equivalent of 2879.Va mrouted_flags . 2880If 2881.Va mroute6d_enable 2882is set to 2883.Dq Li YES , 2884these are the flags passed to the IPv6 multicast routing daemon. 2885.It Va mroute6d_program 2886.Pq Vt str 2887If 2888.Va mroute6d_enable 2889is set to 2890.Dq Li YES , 2891this is the path to the IPv6 multicast routing daemon. 2892.It Va rtadvd_enable 2893.Pq Vt bool 2894If set to 2895.Dq Li YES , 2896run the 2897.Xr rtadvd 8 2898daemon at boot time. 2899The 2900.Xr rtadvd 8 2901utility sends ICMPv6 Router Advertisement messages to 2902the interfaces specified in 2903.Va rtadvd_interfaces . 2904This should only be enabled with great care. 2905You may want to fine-tune 2906.Xr rtadvd.conf 5 . 2907.It Va rtadvd_interfaces 2908.Pq Vt str 2909If 2910.Va rtadvd_enable 2911is set to 2912.Dq Li YES 2913this is the list of interfaces to use. 2914.It Va ipxgateway_enable 2915.Pq Vt bool 2916If set to 2917.Dq Li YES , 2918enable the routing of IPX traffic. 2919.It Va ipxrouted_enable 2920.Pq Vt bool 2921If set to 2922.Dq Li YES , 2923run the 2924.Xr IPXrouted 8 2925daemon at system boot time. 2926.It Va ipxrouted_flags 2927.Pq Vt str 2928If 2929.Va ipxrouted_enable 2930is set to 2931.Dq Li YES , 2932these are the flags to pass to the 2933.Xr IPXrouted 8 2934daemon. 2935.It Va arpproxy_all 2936.Pq Vt bool 2937If set to 2938.Dq Li YES , 2939enable global proxy ARP. 2940.It Va forward_sourceroute 2941.Pq Vt bool 2942If set to 2943.Dq Li YES 2944and 2945.Va gateway_enable 2946is also set to 2947.Dq Li YES , 2948source-routed packets are forwarded. 2949.It Va accept_sourceroute 2950.Pq Vt bool 2951If set to 2952.Dq Li YES , 2953the system will accept source-routed packets directed at it. 2954.It Va rarpd_enable 2955.Pq Vt bool 2956If set to 2957.Dq Li YES , 2958run the 2959.Xr rarpd 8 2960daemon at system boot time. 2961.It Va rarpd_flags 2962.Pq Vt str 2963If 2964.Va rarpd_enable 2965is set to 2966.Dq Li YES , 2967these are the flags to pass to the 2968.Xr rarpd 8 2969daemon. 2970.It Va bootparamd_enable 2971.Pq Vt bool 2972If set to 2973.Dq Li YES , 2974run the 2975.Xr bootparamd 8 2976daemon at system boot time. 2977.It Va bootparamd_flags 2978.Pq Vt str 2979If 2980.Va bootparamd_enable 2981is set to 2982.Dq Li YES , 2983these are the flags to pass to the 2984.Xr bootparamd 8 2985daemon. 2986.It Va stf_interface_ipv4addr 2987.Pq Vt str 2988If not set to 2989.Dq Li NO , 2990this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2991interface). 2992Specify this entry to enable the 6to4 interface. 2993.It Va stf_interface_ipv4plen 2994.Pq Vt int 2995Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2996An effective value is 0-31. 2997.It Va stf_interface_ipv6_ifid 2998.Pq Vt str 2999IPv6 interface ID for 3000.Xr stf 4 . 3001This can be set to 3002.Dq Li AUTO . 3003.It Va stf_interface_ipv6_slaid 3004.Pq Vt str 3005IPv6 Site Level Aggregator for 3006.Xr stf 4 . 3007.It Va ipv6_faith_prefix 3008.Pq Vt str 3009If not set to 3010.Dq Li NO , 3011this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 3012translator. 3013You also need 3014.Xr faithd 8 3015setup. 3016.It Va ipv6_ipv4mapping 3017.Pq Vt bool 3018If set to 3019.Dq Li YES 3020this enables IPv4 mapped IPv6 address communication (like 3021.Li ::ffff:a.b.c.d ) . 3022.It Va rtsold_enable 3023.Pq Vt bool 3024Set to 3025.Dq Li YES 3026to enable the 3027.Xr rtsold 8 3028daemon to send ICMPv6 Router Solicitation messages. 3029.It Va rtsold_flags 3030.Pq Vt str 3031If 3032.Va rtsold_enable 3033is set to 3034.Dq Li YES , 3035these are the flags to pass to 3036.Xr rtsold 8 . 3037.It Va rtsol_flags 3038.Pq Vt str 3039For interfaces configured with the 3040.Dq Li inet6 accept_rtadv 3041keyword, these are the flags to pass to 3042.Xr rtsol 8 . 3043.Pp 3044Note that 3045.Va rtsold_enable 3046is mutually exclusive to 3047.Va rtsol_flags ; 3048.Va rtsold_enable 3049takes precedence. 3050.It Va atm_enable 3051.Pq Vt bool 3052Set to 3053.Dq Li YES 3054to enable the configuration of ATM interfaces at system boot time. 3055For all of the ATM variables described below, please refer to the 3056.Xr atm 8 3057manual page for further details on the available command parameters. 3058Also refer to the files in 3059.Pa /usr/share/examples/atm 3060for more detailed configuration information. 3061.It Va atm_load 3062.Pq Vt str 3063This is a list of physical ATM interface drivers to load. 3064Typical values are 3065.Dq Li hfa_pci 3066and/or 3067.Dq Li hea_pci . 3068.It Va atm_netif_ Ns Aq Ar intf 3069.Pq Vt str 3070For the ATM physical interface 3071.Ar intf , 3072this variable defines the name prefix and count for the ATM network 3073interfaces to be created. 3074The value will be passed as the parameters of an 3075.Dq Nm atm Cm "set netif" Ar intf 3076command. 3077.It Va atm_sigmgr_ Ns Aq Ar intf 3078.Pq Vt str 3079For the ATM physical interface 3080.Ar intf , 3081this variable defines the ATM signalling manager to be used. 3082The value will be passed as the parameters of an 3083.Dq Nm atm Cm attach Ar intf 3084command. 3085.It Va atm_prefix_ Ns Aq Ar intf 3086.Pq Vt str 3087For the ATM physical interface 3088.Ar intf , 3089this variable defines the NSAP prefix for interfaces using a UNI signalling 3090manager. 3091If set to 3092.Dq Li ILMI , 3093the prefix will automatically be set via the 3094.Xr ilmid 8 3095daemon. 3096Otherwise, the value will be passed as the parameters of an 3097.Dq Nm atm Cm "set prefix" Ar intf 3098command. 3099.It Va atm_macaddr_ Ns Aq Ar intf 3100.Pq Vt str 3101For the ATM physical interface 3102.Ar intf , 3103this variable defines the MAC address for interfaces using a UNI signalling 3104manager. 3105If set to 3106.Dq Li NO , 3107the hardware MAC address contained in the ATM interface card will be used. 3108Otherwise, the value will be passed as the parameters of an 3109.Dq Nm atm Cm "set mac" Ar intf 3110command. 3111.It Va atm_arpserver_ Ns Aq Ar netif 3112.Pq Vt str 3113For the ATM network interface 3114.Ar netif , 3115this variable defines the ATM address for a host which is to provide ATMARP 3116service. 3117This variable is only applicable to interfaces using a UNI signalling 3118manager. 3119If set to 3120.Dq Li local , 3121this host will become an ATMARP server. 3122The value will be passed as the parameters of an 3123.Dq Nm atm Cm "set arpserver" Ar netif 3124command. 3125.It Va atm_scsparp_ Ns Aq Ar netif 3126.Pq Vt bool 3127If set to 3128.Dq Li YES , 3129SCSP/ATMARP service for the network interface 3130.Ar netif 3131will be initiated using the 3132.Xr scspd 8 3133and 3134.Xr atmarpd 8 3135daemons. 3136This variable is only applicable if 3137.Va atm_arpserver_ Ns Aq Ar netif 3138is set to 3139.Dq Li local . 3140.It Va atm_pvcs 3141.Pq Vt str 3142Set to the list of ATM PVCs to be added at system 3143boot time. 3144For each whitespace separated 3145.Ar element 3146in the value, an 3147.Va atm_pvc_ Ns Aq Ar element 3148variable is assumed to exist. 3149The value of each of these variables 3150will be passed as the parameters of an 3151.Dq Nm atm Cm "add pvc" 3152command. 3153.It Va atm_arps 3154.Pq Vt str 3155Set to the list of permanent ATM ARP entries to be added 3156at system boot time. 3157For each whitespace separated 3158.Ar element 3159in the value, an 3160.Va atm_arp_ Ns Aq Ar element 3161variable is assumed to exist. 3162The value of each of these variables 3163will be passed as the parameters of an 3164.Dq Nm atm Cm "add arp" 3165command. 3166.It Va natm_interfaces 3167.Pq Vt str 3168Set to the list of 3169.Xr natm 4 3170interfaces that will also be used for HARP through 3171.Xr harp 4 . 3172If this list is not empty all interfaces in the list will be brought up 3173with 3174.Xr ifconfig 8 3175and 3176.Xr harp 4 3177will be loaded. 3178For this to work the interface drivers must be either compiled into the 3179kernel or must reside on the root partition. 3180.It Va keybell 3181.Pq Vt str 3182The keyboard bell sound. 3183Set to 3184.Dq Li normal , 3185.Dq Li visual , 3186.Dq Li off , 3187or 3188.Dq Li NO 3189if the default behavior is desired. 3190For details, refer to the 3191.Xr kbdcontrol 1 3192manpage. 3193.It Va keyboard 3194.Pq Vt str 3195If set to a non-null string, the virtual console's keyboard input is 3196set to this device. 3197.It Va keymap 3198.Pq Vt str 3199If set to 3200.Dq Li NO , 3201no keymap is installed, otherwise the value is used to install 3202the keymap file in 3203.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3204.It Va keyrate 3205.Pq Vt str 3206The keyboard repeat speed. 3207Set to 3208.Dq Li slow , 3209.Dq Li normal , 3210.Dq Li fast , 3211or 3212.Dq Li NO 3213if the default behavior is desired. 3214.It Va keychange 3215.Pq Vt str 3216If not set to 3217.Dq Li NO , 3218attempt to program the function keys with the value. 3219The value should 3220be a single string of the form: 3221.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3222.It Va cursor 3223.Pq Vt str 3224Can be set to the value of 3225.Dq Li normal , 3226.Dq Li blink , 3227.Dq Li destructive , 3228or 3229.Dq Li NO 3230to set the cursor behavior explicitly or choose the default behavior. 3231.It Va scrnmap 3232.Pq Vt str 3233If set to 3234.Dq Li NO , 3235no screen map is installed, otherwise the value is used to install 3236the screen map file in 3237.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3238.It Va font8x16 3239.Pq Vt str 3240If set to 3241.Dq Li NO , 3242the default 8x16 font value is used for screen size requests, otherwise 3243the value in 3244.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3245is used. 3246.It Va font8x14 3247.Pq Vt str 3248If set to 3249.Dq Li NO , 3250the default 8x14 font value is used for screen size requests, otherwise 3251the value in 3252.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3253is used. 3254.It Va font8x8 3255.Pq Vt str 3256If set to 3257.Dq Li NO , 3258the default 8x8 font value is used for screen size requests, otherwise 3259the value in 3260.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3261is used. 3262.It Va blanktime 3263.Pq Vt int 3264If set to 3265.Dq Li NO , 3266the default screen blanking interval is used, otherwise it is set 3267to 3268.Ar value 3269seconds. 3270.It Va saver 3271.Pq Vt str 3272If not set to 3273.Dq Li NO , 3274this is the actual screen saver to use 3275.Li ( blank , snake , daemon , 3276etc). 3277.It Va moused_nondefault_enable 3278.Pq Vt str 3279If set to 3280.Dq Li NO , 3281the mouse device specified on 3282the command line is not automatically treated as enabled by the 3283.Pa /etc/rc.d/moused 3284script. 3285Having this variable set to 3286.Dq Li YES 3287allows a 3288.Xr usb 4 3289mouse, 3290for example, 3291to be enabled as soon as it is plugged in. 3292.It Va moused_enable 3293.Pq Vt str 3294If set to 3295.Dq Li YES , 3296the 3297.Xr moused 8 3298daemon is started for doing cut/paste selection on the console. 3299.It Va moused_type 3300.Pq Vt str 3301This is the protocol type of the mouse connected to this host. 3302This variable must be set if 3303.Va moused_enable 3304is set to 3305.Dq Li YES . 3306The 3307.Xr moused 8 3308daemon 3309is able to detect the appropriate mouse type automatically in many cases. 3310Set this variable to 3311.Dq Li auto 3312to let the daemon detect it, or 3313select one from the following list if the automatic detection fails. 3314.Pp 3315If the mouse is attached to the PS/2 mouse port, choose 3316.Dq Li auto 3317or 3318.Dq Li ps/2 , 3319regardless of the brand and model of the mouse. 3320Likewise, if the 3321mouse is attached to the bus mouse port, choose 3322.Dq Li auto 3323or 3324.Dq Li busmouse . 3325All other protocols are for serial mice and will not work with 3326the PS/2 and bus mice. 3327If this is a USB mouse, 3328.Dq Li auto 3329is the only protocol type which will work. 3330.Pp 3331.Bl -tag -width ".Li x10mouseremote" -compact 3332.It Li microsoft 3333Microsoft mouse (serial) 3334.It Li intellimouse 3335Microsoft IntelliMouse (serial) 3336.It Li mousesystems 3337Mouse systems Corp.\& mouse (serial) 3338.It Li mmseries 3339MM Series mouse (serial) 3340.It Li logitech 3341Logitech mouse (serial) 3342.It Li busmouse 3343A bus mouse 3344.It Li mouseman 3345Logitech MouseMan and TrackMan (serial) 3346.It Li glidepoint 3347ALPS GlidePoint (serial) 3348.It Li thinkingmouse 3349Kensington ThinkingMouse (serial) 3350.It Li ps/2 3351PS/2 mouse 3352.It Li mmhittab 3353MM HitTablet (serial) 3354.It Li x10mouseremote 3355X10 MouseRemote (serial) 3356.It Li versapad 3357Interlink VersaPad (serial) 3358.El 3359.Pp 3360Even if the mouse is not in the above list, it may be compatible 3361with one in the list. 3362Refer to the manual page for 3363.Xr moused 8 3364for compatibility information. 3365.Pp 3366It should also be noted that while this is enabled, any 3367other client of the mouse (such as an X server) should access 3368the mouse through the virtual mouse device, 3369.Pa /dev/sysmouse , 3370and configure it as a 3371.Dq Li sysmouse 3372type mouse, since all 3373mouse data is converted to this single canonical format when 3374using 3375.Xr moused 8 . 3376If the client program does not support the 3377.Dq Li sysmouse 3378type, 3379specify the 3380.Dq Li mousesystems 3381type. 3382It is the second preferred type. 3383.It Va moused_port 3384.Pq Vt str 3385If 3386.Va moused_enable 3387is set to 3388.Dq Li YES , 3389this is the actual port the mouse is on. 3390It might be 3391.Pa /dev/cuau0 3392for a COM1 serial mouse, 3393.Pa /dev/psm0 3394for a PS/2 mouse or 3395.Pa /dev/mse0 3396for a bus mouse, for example. 3397.It Va moused_flags 3398.Pq Vt str 3399If 3400.Va moused_flags 3401is set, its value is used as an additional set of flags to pass to the 3402.Xr moused 8 3403daemon. 3404.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3405When 3406.Va moused_nondefault_enable 3407is enabled, and a 3408.Xr moused 8 3409daemon is started for a non-default port, the 3410.Va "moused_" Ns Ar XXX Ns Va "_flags" 3411set of options has precedence over and replaces the default 3412.Va moused_flags 3413(where 3414.Ar XXX 3415is the name of the non-default port, i.e.,\& 3416.Ar ums0 ) . 3417By setting 3418.Va "moused_" Ns Ar XXX Ns Va "_flags" 3419it is possible to set up a different set of default flags for each 3420.Xr moused 8 3421instance. 3422For example, you can use 3423.Dq Li "-3" 3424for the default 3425.Va moused_flags 3426to make your laptop's touchpad more comfortable to use, 3427but an empty set of options for 3428.Va moused_ums0_flags 3429when your 3430.Xr usb 4 3431mouse has three or more buttons. 3432.It Va mousechar_start 3433.Pq Vt int 3434If set to 3435.Dq Li NO , 3436the default mouse cursor character range 3437.Li 0xd0 Ns - Ns Li 0xd3 3438is used, 3439otherwise the range start is set 3440to 3441.Ar value 3442character, see 3443.Xr vidcontrol 1 . 3444Use if the default range is occupied in the language code table. 3445.It Va allscreens_flags 3446.Pq Vt str 3447If set, 3448.Xr vidcontrol 1 3449is run with these options for each of the virtual terminals 3450.Pq Pa /dev/ttyv* . 3451For example, 3452.Dq Fl m Cm on 3453will enable the mouse pointer on all virtual terminals 3454if 3455.Va moused_enable 3456is set to 3457.Dq Li YES . 3458.It Va allscreens_kbdflags 3459.Pq Vt str 3460If set, 3461.Xr kbdcontrol 1 3462is run with these options for each of the virtual terminals 3463.Pq Pa /dev/ttyv* . 3464For example, 3465.Dq Fl h Li 200 3466will set the 3467.Xr syscons 4 3468scrollback (history) buffer to 200 lines. 3469.It Va cron_enable 3470.Pq Vt bool 3471If set to 3472.Dq Li YES , 3473run the 3474.Xr cron 8 3475daemon at system boot time. 3476.It Va cron_program 3477.Pq Vt str 3478Path to 3479.Xr cron 8 3480(default 3481.Pa /usr/sbin/cron ) . 3482.It Va cron_flags 3483.Pq Vt str 3484If 3485.Va cron_enable 3486is set to 3487.Dq Li YES , 3488these are the flags to pass to 3489.Xr cron 8 . 3490.It Va cron_dst 3491.Pq Vt bool 3492If set to 3493.Dq Li YES , 3494enable the special handling of transitions to and from the 3495Daylight Saving Time in 3496.Xr cron 8 3497(equivalent to using the flag 3498.Fl s ) . 3499.It Va lpd_program 3500.Pq Vt str 3501Path to 3502.Xr lpd 8 3503(default 3504.Pa /usr/sbin/lpd ) . 3505.It Va lpd_enable 3506.Pq Vt bool 3507If set to 3508.Dq Li YES , 3509run the 3510.Xr lpd 8 3511daemon at system boot time. 3512.It Va lpd_flags 3513.Pq Vt str 3514If 3515.Va lpd_enable 3516is set to 3517.Dq Li YES , 3518these are the flags to pass to the 3519.Xr lpd 8 3520daemon. 3521.It Va chkprintcap_enable 3522.Pq Vt bool 3523If set to 3524.Dq Li YES , 3525run the 3526.Xr chkprintcap 8 3527command before starting the 3528.Xr lpd 8 3529daemon. 3530.It Va chkprintcap_flags 3531.Pq Vt str 3532If 3533.Va lpd_enable 3534and 3535.Va chkprintcap_enable 3536are set to 3537.Dq Li YES , 3538these are the flags to pass to the 3539.Xr chkprintcap 8 3540program. 3541The default is 3542.Dq Li -d , 3543which causes missing directories to be created. 3544.It Va mta_start_script 3545.Pq Vt str 3546This variable specifies the full path to the script to run to start 3547a mail transfer agent. 3548The default is 3549.Pa /etc/rc.sendmail . 3550The 3551.Va sendmail_* 3552variables which 3553.Pa /etc/rc.sendmail 3554uses are documented in the 3555.Xr rc.sendmail 8 3556manual page. 3557.It Va dumpdev 3558.Pq Vt str 3559Indicates the device (usually a swap partition) to which a crash dump 3560should be written in the event of a system crash. 3561If the value of this variable is 3562.Dq Li AUTO , 3563the first suitable swap device listed in 3564.Pa /etc/fstab 3565will be used as dump device. 3566Otherwise, the value of this variable is passed as the argument to 3567.Xr dumpon 8 . 3568To disable crash dumps, set this variable to 3569.Dq Li NO . 3570.It Va dumpdir 3571.Pq Vt str 3572When the system reboots after a crash and a crash dump is found on the 3573device specified by the 3574.Va dumpdev 3575variable, 3576.Xr savecore 8 3577will save that crash dump and a copy of the kernel to the directory 3578specified by the 3579.Va dumpdir 3580variable. 3581The default value is 3582.Pa /var/crash . 3583Set to 3584.Dq Li NO 3585to not run 3586.Xr savecore 8 3587at boot time when 3588.Va dumpdir 3589is set. 3590.It Va savecore_flags 3591.Pq Vt str 3592If crash dumps are enabled, these are the flags to pass to the 3593.Xr savecore 8 3594utility. 3595.It Va quota_enable 3596.Pq Vt bool 3597Set to 3598.Dq Li YES 3599to turn on user and group disk quotas on system startup via the 3600.Xr quotaon 8 3601command for all file systems marked as having quotas enabled in 3602.Pa /etc/fstab . 3603The kernel must be built with 3604.Cd "options QUOTA" 3605for disk quotas to function. 3606.It Va check_quotas 3607.Pq Vt bool 3608Set to 3609.Dq Li YES 3610to enable user and group disk quota checking via the 3611.Xr quotacheck 8 3612command. 3613.It Va quotacheck_flags 3614.Pq Vt str 3615If 3616.Va quota_enable 3617is set to 3618.Dq Li YES , 3619and 3620.Va check_quotas 3621is set to 3622.Dq Li YES , 3623these are the flags to pass to the 3624.Xr quotacheck 8 3625utility. 3626The default is 3627.Dq Li "-a" , 3628which checks quotas for all file systems with quotas enabled in 3629.Pa /etc/fstab . 3630.It Va quotaon_flags 3631.Pq Vt str 3632If 3633.Va quota_enable 3634is set to 3635.Dq Li YES , 3636these are the flags to pass to the 3637.Xr quotaon 8 3638utility. 3639The default is 3640.Dq Li "-a" , 3641which enables quotas for all file systems with quotas enabled in 3642.Pa /etc/fstab . 3643.It Va quotaoff_flags 3644.Pq Vt str 3645If 3646.Va quota_enable 3647is set to 3648.Dq Li YES , 3649these are the flags to pass to the 3650.Xr quotaoff 8 3651utility when shutting down the quota system. 3652The default is 3653.Dq Li "-a" , 3654which disables quotas for all file systems with quotas enabled in 3655.Pa /etc/fstab . 3656.It Va accounting_enable 3657.Pq Vt bool 3658Set to 3659.Dq Li YES 3660to enable system accounting through the 3661.Xr accton 8 3662facility. 3663.It Va ibcs2_enable 3664.Pq Vt bool 3665Set to 3666.Dq Li YES 3667to enable iBCS2 (SCO) binary emulation at system initial boot 3668time. 3669.It Va ibcs2_loaders 3670.Pq Vt str 3671If not set to 3672.Dq Li NO 3673and if 3674.Va ibcs2_enable 3675is set to 3676.Dq Li YES , 3677this specifies a list of additional iBCS2 loaders to enable. 3678.It Va linux_enable 3679.Pq Vt bool 3680Set to 3681.Dq Li YES 3682to enable Linux/ELF binary emulation at system initial 3683boot time. 3684.It Va svr4_enable 3685.Pq Vt bool 3686If set to 3687.Dq Li YES , 3688enable SysVR4 emulation at boot time. 3689.It Va sysvipc_enable 3690.Pq Vt bool 3691If set to 3692.Dq Li YES , 3693load System V IPC primitives at boot time. 3694.It Va clear_tmp_enable 3695.Pq Vt bool 3696Set to 3697.Dq Li YES 3698to have 3699.Pa /tmp 3700cleaned at startup. 3701.It Va clear_tmp_X 3702.Pq Vt bool 3703Set to 3704.Dq Li NO 3705to disable removing of X11 lock files, 3706and the removal and (secure) recreation 3707of the various socket directories for X11 3708related programs. 3709.It Va ldconfig_paths 3710.Pq Vt str 3711Set to the list of shared library paths to use with 3712.Xr ldconfig 8 . 3713NOTE: 3714.Pa /usr/lib 3715will always be added first, so it need not appear in this list. 3716.It Va ldconfig32_paths 3717.Pq Vt str 3718Set to the list of 32-bit compatibility shared library paths to 3719use with 3720.Xr ldconfig 8 . 3721.It Va ldconfig_paths_aout 3722.Pq Vt str 3723Set to the list of shared library paths to use with 3724.Xr ldconfig 8 3725legacy 3726.Xr a.out 5 3727support. 3728.It Va ldconfig_insecure 3729.Pq Vt bool 3730The 3731.Xr ldconfig 8 3732utility normally refuses to use directories 3733which are writable by anyone except root. 3734Set this variable to 3735.Dq Li YES 3736to disable that security check during system startup. 3737.It Va ldconfig_local_dirs 3738.Pq Vt str 3739Set to the list of local 3740.Xr ldconfig 8 3741directories. 3742The names of all files in the directories listed will be 3743passed as arguments to 3744.Xr ldconfig 8 . 3745.It Va ldconfig_local32_dirs 3746.Pq Vt str 3747Set to the list of local 32-bit compatibility 3748.Xr ldconfig 8 3749directories. 3750The names of all files in the directories listed will be 3751passed as arguments to 3752.Dq Nm ldconfig Fl 32 . 3753.It Va kern_securelevel_enable 3754.Pq Vt bool 3755Set to 3756.Dq Li YES 3757to set the kernel security level at system startup. 3758.It Va kern_securelevel 3759.Pq Vt int 3760The kernel security level to set at startup. 3761The allowed range of 3762.Ar value 3763ranges from \-1 (the compile time default) to 3 (the 3764most secure). 3765See 3766.Xr security 7 3767for the list of possible security levels and their effect 3768on system operation. 3769.It Va sshd_program 3770.Pq Vt str 3771Path to the SSH server program 3772.Pa ( /usr/sbin/sshd 3773is the default). 3774.It Va sshd_enable 3775.Pq Vt bool 3776Set to 3777.Dq Li YES 3778to start 3779.Xr sshd 8 3780at system boot time. 3781.It Va sshd_flags 3782.Pq Vt str 3783If 3784.Va sshd_enable 3785is set to 3786.Dq Li YES , 3787these are the flags to pass to the 3788.Xr sshd 8 3789daemon. 3790.It Va ftpd_program 3791.Pq Vt str 3792Path to the FTP server program 3793.Pa ( /usr/libexec/ftpd 3794is the default). 3795.It Va ftpd_enable 3796.Pq Vt bool 3797Set to 3798.Dq Li YES 3799to start 3800.Xr ftpd 8 3801as a stand-alone daemon at system boot time. 3802.It Va ftpd_flags 3803.Pq Vt str 3804If 3805.Va ftpd_enable 3806is set to 3807.Dq Li YES , 3808these are the additional flags to pass to the 3809.Xr ftpd 8 3810daemon. 3811.It Va watchdogd_enable 3812.Pq Vt bool 3813If set to 3814.Dq Li YES , 3815start the 3816.Xr watchdogd 8 3817daemon at boot time. 3818This requires that the kernel have been compiled with a 3819.Xr watchdog 4 3820compatible device. 3821.It Va watchdogd_flags 3822.Pq Vt str 3823If 3824.Va watchdogd_enable 3825is set to 3826.Dq Li YES , 3827these are the flags passed to the 3828.Xr watchdogd 8 3829daemon. 3830.It Va devfs_rulesets 3831.Pq Vt str 3832List of files containing sets of rules for 3833.Xr devfs 8 . 3834.It Va devfs_system_ruleset 3835.Pq Vt str 3836Rule name(s) to apply to the system 3837.Pa /dev 3838itself. 3839.It Va devfs_set_rulesets 3840.Pq Vt str 3841Pairs of already-mounted 3842.Pa dev 3843directories and rulesets that should be applied to them. 3844For example: /mount/dev=ruleset_name 3845.It Va devfs_load_rulesets 3846.Pq Vt bool 3847If set, always load the default rulesets listed in 3848.Va devfs_rulesets . 3849.It Va performance_cx_lowest 3850.Pq Vt str 3851CPU idle state to use while on AC power. 3852The string 3853.Dq Li LOW 3854indicates that 3855.Xr acpi 4 3856should use the lowest power state available while 3857.Dq Li HIGH 3858indicates that the lowest latency state (less power savings) should be used. 3859.It Va performance_cpu_freq 3860.Pq Vt str 3861CPU clock frequency to use while on AC power. 3862The string 3863.Dq Li LOW 3864indicates that 3865.Xr cpufreq 4 3866should use the lowest frequency available while 3867.Dq Li HIGH 3868indicates that the highest frequency (less power savings) should be used. 3869.It Va economy_cx_lowest 3870.Pq Vt str 3871CPU idle state to use when off AC power. 3872The string 3873.Dq Li LOW 3874indicates that 3875.Xr acpi 4 3876should use the lowest power state available while 3877.Dq Li HIGH 3878indicates that the lowest latency state (less power savings) should be used. 3879.It Va economy_cpu_freq 3880.Pq Vt str 3881CPU clock frequency to use when off AC power. 3882The string 3883.Dq Li LOW 3884indicates that 3885.Xr cpufreq 4 3886should use the lowest frequency available while 3887.Dq Li HIGH 3888indicates that the highest frequency (less power savings) should be used. 3889.It Va jail_enable 3890.Pq Vt bool 3891If set to 3892.Dq Li NO , 3893any configured jails will not be started. 3894.It Va jail_parallel_start 3895.Pq Vt bool 3896If set to 3897.Dq Li YES , 3898all configured jails will be started in the background (in parallel). 3899.It Va jail_list 3900.Pq Vt str 3901A space separated list of names for jails. 3902This is purely a configuration aid to help identify and 3903configure multiple jails. 3904The names specified in this list will be used to 3905identify settings common to an instance of a jail, 3906and should contain alphanumeric characters only. 3907The literal jail name of 3908.Dq Li 0 3909.Pq zero 3910is not allowed. 3911.Pp 3912Assuming that the jail in question was named 3913.Li vjail , 3914you would have the following dependent variables: 3915.Bd -literal 3916jail_vjail_hostname="jail.example.com" 3917jail_vjail_ip="192.0.2.100" 3918jail_vjail_rootdir="/var/jails/vjail/root" 3919.Ed 3920.Pp 3921.It Va jail_flags 3922.Pq Vt str 3923Unset by default. 3924When set, use as default value for 3925.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3926for every jail in 3927.Va jail_list . 3928.It Va jail_interface 3929.Pq Vt str 3930Unset by default. 3931When set, use as default value for 3932.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3933for every jail in 3934.Va jail_list . 3935.It Va jail_fstab 3936.Pq Vt str 3937Unset by default. 3938When set, use as default value for 3939.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3940for every jail in 3941.Va jail_list . 3942.It Va jail_mount_enable 3943.Pq Vt bool 3944Set to 3945.Dq Li NO 3946by default. 3947When set to 3948.Dq Li YES , 3949sets 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3951to 3952.Dq Li YES 3953by default for every jail in 3954.Va jail_list . 3955.It Va jail_devfs_ruleset 3956.Pq Vt str 3957Unset by default. 3958When set, sets 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3960to given value for every jail in 3961.Va jail_list . 3962.It Va jail_devfs_enable 3963.Pq Vt bool 3964Set to 3965.Dq Li NO 3966by default. 3967When set to 3968.Dq Li YES , 3969sets 3970.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3971to 3972.Dq Li YES 3973by default for every jail in 3974.Va jail_list . 3975.It Va jail_fdescfs_enable 3976.Pq Vt bool 3977Set to 3978.Dq Li NO 3979by default. 3980When set to 3981.Dq Li YES , 3982sets 3983.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3984to 3985.Dq Li YES 3986by default for every jail in 3987.Va jail_list . 3988.It Va jail_procfs_enable 3989.Pq Vt bool 3990Set to 3991.Dq Li NO 3992by default. 3993When set to 3994.Dq Li YES , 3995sets 3996.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3997to 3998.Dq Li YES 3999by default for every jail in 4000.Va jail_list . 4001.It Va jail_exec_prestart Ns Aq Ar N 4002.Pq Vt str 4003Unset by default. 4004When set, use as default value for 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 4006for every jail in 4007.Va jail_list . 4008.It Va jail_exec_start 4009.Pq Vt str 4010Unset by default. 4011When set, use as default value for 4012.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4013for every jail in 4014.Va jail_list . 4015.It Va jail_exec_afterstart Ns Aq Ar N 4016.Pq Vt str 4017Unset by default. 4018When set, use as default value for 4019.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4020for every jail in 4021.Va jail_list . 4022.It Va jail_exec_poststart Ns Aq Ar N 4023.Pq Vt str 4024Unset by default. 4025When set, use as default value for 4026.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4027for every jail in 4028.Va jail_list . 4029.It Va jail_exec_prestop Ns Aq Ar N 4030.Pq Vt str 4031Unset by default. 4032When set, use as default value for 4033.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4034for every jail in 4035.Va jail_list . 4036.It Va jail_exec_stop 4037Unset by default. 4038When set, use as default value for 4039.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4040for every jail in 4041.Va jail_list . 4042.It Va jail_exec_poststop Ns Aq Ar N 4043.Pq Vt str 4044Unset by default. 4045When set, use as default value for 4046.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4047for every jail in 4048.Va jail_list . 4049.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4050.Pq Vt str 4051Unset by default. 4052Set to the root directory used by jail 4053.Va jname . 4054.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4055.Pq Vt str 4056Unset by default. 4057Set to the fully qualified domain name (FQDN) assigned to jail 4058.Va jname . 4059.It Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4060.Pq Vt str 4061Unset by default. 4062Set extra parameters for jail 4063.Va jname , 4064such as 4065.Dq Li allow.chflags 4066or 4067.Dq Li children.max . 4068See 4069.Xr jail 8 4070for a list of available parameters. 4071Note that the following parameters are already defined by 4072.Pa rc.d/jail 4073script out of their corresponding 4074.Nm 4075variables: 4076.Bl -tag -width "host.hostname" -offset indent 4077.It Li path 4078set from 4079.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4080.It Li host.hostname 4081set from 4082.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4083.It Li command 4084set from 4085.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4086.It Li ip4.addr 4087set if 4088.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4089contains IPv4 addresses 4090.It Li ip6.addr 4091set if 4092.Va jail_ Ns Ao Ar jname Ac Ns Va _ip6 4093contains IPv6 addresses 4094.El 4095.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4096.Pq Vt str 4097Unset by default. 4098Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 4099The argument can be a sole address or a comma separated list of addresses. 4100Additionally each address can be prefixed by the name of an interface 4101followed by a pipe to overwrite 4102.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4103or 4104.Va jail_interface 4105and/or suffixed by a netmask, prefixlen or prefix. 4106In case no netmask, prefixlen or prefix is given, 4107.Sq /32 4108will be used for IPv4 and 4109.Sq /128 4110will be used for an IPv6 address. 4111If no address is given for the jail then the jail will be started with 4112no networking support. 4113.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4114.Pq Vt str 4115Unset by default. 4116Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 4117The sequence starts with 4118.Dq Li _multi0 4119and the numbers have to be strictly ascending. 4120These entries follow the same syntax as their primary 4121.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4122entry. 4123The order of the entries can be important as the first address for 4124each address family found will be the primary address of the jail. 4125See 4126.Va ip-addresses 4127option in 4128.Xr jail 8 4129for more details. 4130.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4131.Pq Vt str 4132Set to 4133.Dq Li -l -U root 4134by default. 4135These are flags to pass to 4136.Xr jail 8 . 4137.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4138.Pq Vt str 4139Unset by default. 4140When set, sets the interface to use when setting IP address alias. 4141Note that the alias is created at jail startup and removed at jail shutdown. 4142.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4143.Pq Vt str 4144Unset by default. 4145When set, the jail is started with the specified forwarding table (sometimes 4146referred to as a routing table) via 4147.Xr setfib 1 . 4148.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4149.Pq Vt str 4150Set to 4151.Pa /etc/fstab. Ns Aq Ar jname 4152by default. 4153This is the file system information file to use for jail 4154.Va jname . 4155.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4156.Pq Vt bool 4157Set to 4158.Dq Li NO 4159by default. 4160When set to 4161.Dq Li YES , 4162mount all file systems from 4163.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4164at jail startup. 4165.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 4166.Pq Vt str 4167Unset by default. 4168When set, defines the device file system ruleset file to use for jail 4169.Va jname . 4170.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4171.Pq Vt bool 4172Set to 4173.Dq Li NO 4174by default. 4175When set to 4176.Dq Li YES , 4177mount the device file system inside jail 4178.Ar jname 4179at jail startup. 4180.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4181.Pq Vt bool 4182Set to 4183.Dq Li NO 4184by default. 4185When set to 4186.Dq Li YES , 4187mount the file-descriptor file system inside jail 4188.Ar jname 4189at jail startup. 4190.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 4191.Pq Vt bool 4192Set to 4193.Dq Li NO 4194by default. 4195When set to 4196.Dq Li YES , 4197mount the process file system inside jail 4198.Ar jname 4199at jail startup. 4200.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 4201.Pq Vt str 4202Unset by default. 4203This is the command run as 4204.Ar N Ns 4205th command 4206before jail startup, where 4207.Ar N 4208is 0, 1, and so on. 4209It is run outside the jail. 4210.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4211.Pq Vt str 4212Set to 4213.Dq Li /bin/sh /etc/rc 4214by default. 4215This is the command executed in a jail at jail startup. 4216.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4217.Pq Vt str 4218Unset by default. 4219This is the command run as 4220.Ar N Ns 4221th command 4222in a jail 4223after jail startup, where 4224.Ar N 4225is 1, 2, and so on. 4226.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4227.Pq Vt str 4228Unset by default. 4229This is the command run as 4230.Ar N Ns 4231th command 4232after jail startup, where 4233.Ar N 4234is 0, 1, and so on. 4235It is run outside the jail. 4236.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4237.Pq Vt str 4238Unset by default. 4239This is the command run as 4240.Ar N Ns 4241th command 4242before jail shutdown, where 4243.Ar N 4244is 0, 1, and so on. 4245It is run outside the jail. 4246.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4247.Pq Vt str 4248Set to 4249.Dq Li /bin/sh /etc/rc.shutdown 4250by default. 4251This is the command executed in a jail at jail shutdown. 4252.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4253.Pq Vt str 4254Unset by default. 4255This is the command run as 4256.Ar N Ns 4257th command 4258after jail shutdown, where 4259.Ar N 4260is 0, 1, and so on. 4261It is run outside the jail. 4262.It Va jail_set_hostname_allow 4263.Pq Vt bool 4264If set to 4265.Dq Li NO , 4266do not allow the root user in a jail to set its hostname. 4267.It Va jail_socket_unixiproute_only 4268.Pq Vt bool 4269If set to 4270.Dq Li YES , 4271do not allow any sockets, 4272besides UNIX/IP/route sockets, 4273to be used within a jail. 4274.It Va jail_sysvipc_allow 4275.Pq Vt bool 4276If set to 4277.Dq Li YES , 4278allow applications within a jail to use System V IPC. 4279.\" ----------------------------------------------------- 4280.It Va harvest_interrupt 4281.Pq Vt bool 4282Set to 4283.Dq Li YES 4284to use hardware interrupts as an entropy source. 4285Refer to 4286.Xr random 4 4287for more information. 4288.It Va harvest_ethernet 4289.Pq Vt bool 4290Set to 4291.Dq Li YES 4292to use LAN traffic as an entropy source. 4293Refer to 4294.Xr random 4 4295for more information. 4296.It Va harvest_p_to_p 4297.Pq Vt bool 4298Set to 4299.Dq Li YES 4300to use serial line traffic as an entropy source. 4301Refer to 4302.Xr random 4 4303for more information. 4304.It Va entropy_dir 4305.Pq Vt str 4306Set to 4307.Dq Li NO 4308to disable caching entropy via 4309.Xr cron 8 . 4310Otherwise set to the directory used to store entropy files in. 4311.It Va entropy_file 4312.Pq Vt str 4313Set to 4314.Dq Li NO 4315to disable caching entropy through reboots. 4316Otherwise set to the filename used to store cached entropy through 4317reboots. 4318This file should be located on the root file system to seed the 4319.Xr random 4 4320device as early as possible in the boot process. 4321.It Va entropy_save_sz 4322.Pq Vt int 4323Size of the entropy cache files saved by 4324.Nm save-entropy 4325periodically. 4326.It Va entropy_save_num 4327.Pq Vt int 4328Number of entropy cache files to save by 4329.Nm save-entropy 4330periodically. 4331.It Va ipsec_enable 4332.Pq Vt bool 4333Set to 4334.Dq Li YES 4335to run 4336.Xr setkey 8 4337on 4338.Va ipsec_file 4339at boot time. 4340.It Va ipsec_file 4341.Pq Vt str 4342Configuration file for 4343.Xr setkey 8 . 4344.It Va dmesg_enable 4345.Pq Vt bool 4346Set to 4347.Dq Li YES 4348to save 4349.Xr dmesg 8 4350to 4351.Pa /var/run/dmesg.boot 4352on boot. 4353.It Va rcshutdown_timeout 4354.Pq Vt int 4355If set, start a watchdog timer in the background which will terminate 4356.Pa rc.shutdown 4357if 4358.Xr shutdown 8 4359has not completed within the specified time (in seconds). 4360Notice that in addition to this soft timeout, 4361.Xr init 8 4362also applies a hard timeout for the execution of 4363.Pa rc.shutdown . 4364This is configured via 4365.Xr sysctl 8 4366variable 4367.Va kern.init_shutdown_timeout 4368and defaults to 120 seconds. 4369Setting the value of 4370.Va rcshutdown_timeout 4371to more than 120 seconds will have no effect until the 4372.Xr sysctl 8 4373variable 4374.Va kern.init_shutdown_timeout 4375is also increased. 4376.It Va virecover_enable 4377.Pq Vt bool 4378Set to 4379.Dq Li NO 4380to prevent the system from trying to 4381recover pre-maturely terminated 4382.Xr vi 1 4383sessions. 4384.It Va ugidfw_enable 4385.Pq Vt bool 4386Set to 4387.Dq Li YES 4388to load the 4389.Xr mac_bsdextended 4 4390module upon system initialization and load a default 4391ruleset file. 4392.It Va bsdextended_script 4393.Pq Vt str 4394The default 4395.Xr mac_bsdextended 4 4396ruleset file to load. 4397The default value of this variable is 4398.Pa /etc/rc.bsdextended . 4399.It Va newsyslog_enable 4400.Pq Vt bool 4401If set to 4402.Dq Li YES , 4403run 4404.Xr newsyslog 8 4405command at startup. 4406.It Va newsyslog_flags 4407.Pq Vt str 4408If 4409.Va newsyslog_enable 4410is set to 4411.Dq Li YES , 4412these are the flags to pass to the 4413.Xr newsyslog 8 4414program. 4415The default is 4416.Dq Li -CN , 4417which causes log files flagged with a 4418.Cm C 4419to be created. 4420.It Va mdconfig_md Ns Aq Ar X 4421.Pq Vt str 4422Arguments to 4423.Xr mdconfig 8 4424for 4425.Xr md 4 4426device 4427.Ar X . 4428At minimum a 4429.Fl t Ar type 4430must be specified and either a 4431.Fl s Ar size 4432for malloc or swap backed 4433.Xr md 4 4434devices or a 4435.Fl f Ar file 4436for vnode backed 4437.Xr md 4 4438devices. 4439Note that 4440.Va mdconfig_md Ns Aq Ar X 4441variables are evaluated until one variable is unset or null. 4442.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4443.Pq Vt str 4444Optional arguments passed to 4445.Xr newfs 8 4446to initialize 4447.Xr md 4 4448device 4449.Ar X . 4450.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4451.Pq Vt str 4452An ownership specification passed to 4453.Xr chown 8 4454after the specified 4455.Xr md 4 4456device 4457.Ar X 4458has been mounted. 4459Both the 4460.Xr md 4 4461device and the mount point will be changed. 4462.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4463.Pq Vt str 4464A mode string passed to 4465.Xr chmod 1 4466after the specified 4467.Xr md 4 4468device 4469.Ar X 4470has been mounted. 4471Both the 4472.Xr md 4 4473device and the mount point will be changed. 4474.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4475.Pq Vt str 4476Files to be copied to the mount point of the 4477.Xr md 4 4478device 4479.Ar X 4480after it has been mounted. 4481.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4482.Pq Vt str 4483Command to execute after the specified 4484.Xr md 4 4485device 4486.Ar X 4487has been mounted. 4488Note that the command is passed to 4489.Ic eval 4490and that both 4491.Va _dev 4492and 4493.Va _mp 4494variables can be used to reference respectively the 4495.Xr md 4 4496device and the mount point. 4497Assuming that the 4498.Xr md 4 4499device is 4500.Li md0 , 4501one could set the following: 4502.Bd -literal 4503mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4504.Ed 4505.It Va autobridge_interfaces 4506.Pq Vt str 4507Set to the list of bridge interfaces that will have newly arriving interfaces 4508checked against to be automatically added. 4509If not set to 4510.Dq Li NO 4511then for each whitespace separated 4512.Ar element 4513in the value, a 4514.Va autobridge_ Ns Aq Ar element 4515variable is assumed to exist which has a whitespace separated list of interface 4516names to match, these names can use wildcards. 4517For example: 4518.Bd -literal 4519autobridge_interfaces="bridge0" 4520autobridge_bridge0="tap* dc0 vlan[345]" 4521.Ed 4522.It Va mixer_enable 4523.Pq Vt bool 4524If set to 4525.Dq Li YES , 4526enable support for sound mixer. 4527.It Va hcsecd_enable 4528.Pq Vt bool 4529If set to 4530.Dq Li YES , 4531enable Bluetooth security daemon. 4532.It Va hcsecd_config 4533.Pq Vt str 4534Configuration file for 4535.Xr hcsecd 8 . 4536Default 4537.Pa /etc/bluetooth/hcsecd.conf . 4538.It Va sdpd_enable 4539.Pq Vt bool 4540If set to 4541.Dq Li YES , 4542enable Bluetooth Service Discovery Protocol daemon. 4543.It Va sdpd_control 4544.Pq Vt str 4545Path to 4546.Xr sdpd 8 4547control socket. 4548Default 4549.Pa /var/run/sdp . 4550.It Va sdpd_groupname 4551.Pq Vt str 4552Sets 4553.Xr sdpd 8 4554group to run as after it initializes. 4555Default 4556.Dq Li nobody . 4557.It Va sdpd_username 4558.Pq Vt str 4559Sets 4560.Xr sdpd 8 4561user to run as after it initializes. 4562Default 4563.Dq Li nobody . 4564.It Va bthidd_enable 4565.Pq Vt bool 4566If set to 4567.Dq Li YES , 4568enable Bluetooth Human Interface Device daemon. 4569.It Va bthidd_config 4570.Pq Vt str 4571Configuration file for 4572.Xr bthidd 8 . 4573Default 4574.Pa /etc/bluetooth/bthidd.conf . 4575.It Va bthidd_hids 4576.Pq Vt str 4577Path to a file, where 4578.Xr bthidd 8 4579will store information about known HID devices. 4580Default 4581.Pa /var/db/bthidd.hids . 4582.It Va rfcomm_pppd_server_enable 4583.Pq Vt bool 4584If set to 4585.Dq Li YES , 4586enable Bluetooth RFCOMM PPP wrapper daemon. 4587.It Va rfcomm_pppd_server_profile 4588.Pq Vt str 4589The name of the profile to use from 4590.Pa /etc/ppp/ppp.conf . 4591Multiple profiles can be specified here. 4592Also used to specify per-profile overrides. 4593When the profile name contains any of the characters 4594.Dq Li .-/+ 4595they are translated to 4596.Dq Li _ 4597for the proposes of the override variable names. 4598.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4599.Pq Vt str 4600Overrides local address to listen on. 4601By default 4602.Xr rfcomm_pppd 8 4603will listen on 4604.Dq Li ANY 4605address. 4606The address can be specified as BD_ADDR or name. 4607.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4608.Pq Vt str 4609Overrides local RFCOMM channel to listen on. 4610By default 4611.Xr rfcomm_pppd 8 4612will listen on RFCOMM channel 1. 4613Must set properly if multiple profiles used in the same time. 4614.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4615.Pq Vt bool 4616Tells 4617.Xr rfcomm_pppd 8 4618if it should register Serial Port service on the specified RFCOMM channel. 4619Default 4620.Dq Li NO . 4621.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4622.Pq Vt bool 4623Tells 4624.Xr rfcomm_pppd 8 4625if it should register Dial-Up Networking service on the specified 4626RFCOMM channel. 4627Default 4628.Dq Li NO . 4629.It Va ubthidhci_enable 4630.Pq Vt bool 4631If set to 4632.Dq Li YES , 4633change the USB Bluetooth controller from HID mode to HCI mode. 4634You also need to specify the location of USB Bluetooth controller with the 4635.Va ubthidhci_busnum 4636and 4637.Va ubthidhci_addr 4638variables. 4639.It Va ubthidhci_busnum 4640Bus number where the USB Bluetooth controller is located. 4641Check the output of 4642.Xr usbconfig 8 4643on your system to find this information. 4644.It Va ubthidhci_addr 4645Bus address of the USB Bluetooth controller. 4646Check the output of 4647.Xr usbconfig 8 4648on your system to find this information. 4649.It Va netwait_enable 4650.Pq Vt bool 4651If set to 4652.Dq Li YES , 4653delays the start of network-reliant services until 4654.Va netwait_if 4655is up and ICMP packets to a destination defined in 4656.Va netwait_ip 4657are flowing. 4658Link state is examined first, followed by 4659.Dq Li pinging 4660an IP address to verify network usability. 4661If no destination can be reached or timeouts are exceeded, 4662network services are started anyway with no guarantee that 4663the network is usable. 4664Use of this variable requires both 4665.Va netwait_ip 4666and 4667.Va netwait_if 4668to be set. 4669.It Va netwait_ip 4670.Pq Vt str 4671Empty by default. 4672This variable contains a space-delimited list of IP addresses to 4673.Xr ping 8 . 4674DNS hostnames should not be used as resolution is not guaranteed 4675to be functional at this point. 4676If multiple IP addresses are specified, 4677each will be tried until one is successful or the list is exhausted. 4678.It Va netwait_timeout 4679.Pq Vt int 4680Indicates the total number of seconds to perform a 4681.Dq Li ping 4682against each IP address in 4683.Va netwait_ip , 4684at a rate of one ping per second. 4685If any of the pings are successful, 4686full network connectivity is considered reliable. 4687The default is 60. 4688.It Va netwait_if 4689.Pq Vt str 4690Empty by default. 4691Defines the name of the network interface on which watch for link. 4692.Xr ifconfig 8 4693is used to monitor the interface, looking for 4694.Dq Li status: no carrier . 4695Once gone, the link is considered up. 4696This can be a 4697.Xr vlan 4 4698interface if desired. 4699.It Va netwait_if_timeout 4700.Pq Vt int 4701Defines the total number of seconds to wait for link to become usable, 4702polled at a 1-second interval. 4703The default is 30. 4704.El 4705.Sh FILES 4706.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4707.It Pa /etc/defaults/rc.conf 4708.It Pa /etc/rc.conf 4709.It Pa /etc/rc.conf.local 4710.El 4711.Sh SEE ALSO 4712.Xr catman 1 , 4713.Xr chmod 1 , 4714.Xr gdb 1 , 4715.Xr info 1 , 4716.Xr kbdcontrol 1 , 4717.Xr makewhatis 1 , 4718.Xr sh 1 , 4719.Xr vi 1 , 4720.Xr vidcontrol 1 , 4721.Xr bridge 4 , 4722.Xr dummynet 4 , 4723.Xr ip 4 , 4724.Xr ipf 4 , 4725.Xr ipfw 4 , 4726.Xr ipnat 4 , 4727.Xr kld 4 , 4728.Xr pf 4 , 4729.Xr pflog 4 , 4730.Xr pfsync 4 , 4731.Xr tcp 4 , 4732.Xr udp 4 , 4733.Xr exports 5 , 4734.Xr fstab 5 , 4735.Xr ipf 5 , 4736.Xr ipnat 5 , 4737.Xr motd 5 , 4738.Xr newsyslog.conf 5 , 4739.Xr pf.conf 5 , 4740.Xr security 7 , 4741.Xr accton 8 , 4742.Xr amd 8 , 4743.Xr apm 8 , 4744.Xr atm 8 , 4745.Xr bthidd 8 , 4746.Xr chkprintcap 8 , 4747.Xr chown 8 , 4748.Xr cron 8 , 4749.Xr devfs 8 , 4750.Xr dhclient 8 , 4751.Xr ftpd 8 , 4752.Xr geli 8 , 4753.Xr hcsecd 8 , 4754.Xr ifconfig 8 , 4755.Xr inetd 8 , 4756.Xr ipf 8 , 4757.Xr ipfw 8 , 4758.Xr ipnat 8 , 4759.Xr jail 8 , 4760.Xr kldxref 8 , 4761.Xr lpd 8 , 4762.Xr mdconfig 8 , 4763.Xr mdmfs 8 , 4764.Xr mixer 8 , 4765.Xr mountd 8 , 4766.Xr moused 8 , 4767.Xr mrouted 8 , 4768.Xr named 8 , 4769.Xr newfs 8 , 4770.Xr newsyslog 8 , 4771.Xr nfsd 8 , 4772.Xr ntpd 8 , 4773.Xr ntpdate 8 , 4774.Xr pfctl 8 , 4775.Xr pflogd 8 , 4776.Xr ping 8 , 4777.Xr powerd 8 , 4778.Xr quotacheck 8 , 4779.Xr quotaon 8 , 4780.Xr rc 8 , 4781.Xr rc.sendmail 8 , 4782.Xr rfcomm_pppd 8 , 4783.Xr route 8 , 4784.Xr routed 8 , 4785.Xr rpcbind 8 , 4786.Xr rpc.lockd 8 , 4787.Xr rpc.statd 8 , 4788.Xr rwhod 8 , 4789.Xr savecore 8 , 4790.Xr sdpd 8 , 4791.Xr sshd 8 , 4792.Xr swapon 8 , 4793.Xr sysctl 8 , 4794.Xr syslogd 8 , 4795.Xr timed 8 , 4796.Xr unbound 8 , 4797.Xr usbconfig 8 , 4798.Xr wlandebug 8 , 4799.Xr yp 8 , 4800.Xr ypbind 8 , 4801.Xr ypserv 8 , 4802.Xr ypset 8 4803.Sh HISTORY 4804The 4805.Nm 4806file appeared in 4807.Fx 2.2.2 . 4808.Sh AUTHORS 4809.An Jordan K. Hubbard . 4810