1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd September 10, 2013 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66In addition to 67.Pa /etc/rc.conf.local 68you can also place smaller configuration files for each 69.Xr rc 8 70script in the 71.Pa /etc/rc.conf.d 72directory, which will be included by the 73.Va load_rc_config 74function. 75For jail configurations you could use the file 76.Pa /etc/rc.conf.d/jail 77to store jail specific configuration options. 78Also see the 79.Va rc_conf_files 80variable below. 81.Pp 82Options are set with 83.Dq Ar name Ns Li = Ns Ar value 84assignments that use 85.Xr sh 1 86syntax. 87The following list provides a name and short description for each 88variable that can be set in the 89.Nm 90file: 91.Bl -tag -width indent-two 92.It Va rc_debug 93.Pq Vt bool 94If set to 95.Dq Li YES , 96enable output of debug messages from rc scripts. 97This variable can be helpful in diagnosing mistakes when 98editing or integrating new scripts. 99Beware that this produces copious output to the terminal and 100.Xr syslog 3 . 101.It Va rc_info 102.Pq Vt bool 103If set to 104.Dq Li NO , 105disable informational messages from the rc scripts. 106Informational messages are displayed when 107a condition that is not serious enough to warrant a warning or 108an error occurs. 109.It Va rc_startmsgs 110.Pq Vt bool 111If set to 112.Dq Li YES , 113show 114.Dq Starting foo: 115when faststart is used (e.g., at boot time). 116.It Va early_late_divider 117.Pq Vt str 118The name of the script that should be used as the 119delimiter between the 120.Dq early 121and 122.Dq late 123stages of the boot process. 124The early stage should contain all the services needed to 125get the disks (local or remote) mounted so that the late 126stage can include scripts contained in the directories 127listed in the 128.Va local_startup 129variable (see below). 130Thus, the two likely candidates for this value are 131.Pa mountcritlocal 132for the typical system, and 133.Pa mountcritremote 134if the system needs remote file 135systems mounted to get access to the 136.Va local_startup 137directories; for example when 138.Pa /usr/local 139is NFS mounted. 140For 141.Pa rc.conf 142within a 143.Xr jail 8 144.Pa NETWORKING 145is likely to be an appropriate value. 146Extreme care should be taken when changing this value, 147and before changing it one should ensure that there are 148adequate provisions to recover from a failed boot 149(such as physical contact with the machine, 150or reliable remote console access). 151.It Va always_force_depends 152.Pq Vt bool 153Various 154.Pa rc.d 155scripts use the force_depend function to check whether required 156services are already running, and to start them if necessary. 157By default during boot time this check is bypassed if the 158required service is enabled in 159.Pa /etc/rc.conf[.local] . 160Setting this option will bypass that check at boot time and 161always test whether or not the service is actually running. 162Enabling this option is likely to increase your boot time if 163services are enabled that utilize the force_depend check. 164.It Ao Ar name Ac Ns Va _chroot 165.Pq Vt str 166.Xr chroot 167to this directory before running the service. 168.It Ao Ar name Ac Ns Va _user 169.Pq Vt str 170Run the service under this user account. 171.It Ao Ar name Ac Ns Va _group 172.Pq Vt str 173Run the chrooted service under this system group. Unlike the _user 174setting, this setting has no effect if the service is not chrooted. 175.It Ao Ar name Ac Ns Va _fib 176.Pq Vt int 177The 178.Xr setfib 1 179value to run the service under. 180.It Ao Ar name Ac Ns Va _nice 181.Pq Vt int 182The 183.Xr nice 1 184value to run the service under. 185.It Va apm_enable 186.Pq Vt bool 187If set to 188.Dq Li YES , 189enable support for Automatic Power Management with 190the 191.Xr apm 8 192command. 193.It Va apmd_enable 194.Pq Vt bool 195Run 196.Xr apmd 8 197to handle APM event from userland. 198This also enables support for APM. 199.It Va apmd_flags 200.Pq Vt str 201If 202.Va apmd_enable 203is set to 204.Dq Li YES , 205these are the flags to pass to the 206.Xr apmd 8 207daemon. 208.It Va devd_enable 209.Pq Vt bool 210Run 211.Xr devd 8 212to handle device added, removed or unknown events from the kernel. 213.It Va ddb_enable 214.Pq Vt bool 215Run 216.Xr ddb 8 217to install 218.Xr ddb 4 219scripts at boot time. 220.It Va ddb_config 221.Pq Vt str 222Configuration file for 223.Xr ddb 8 . 224Default 225.Pa /etc/ddb.conf . 226.It Va kld_list 227.Pq Vt str 228A list of kernel modules to load right after the local 229disks are mounted. 230Loading modules at this point in the boot process is 231much faster than doing it via 232.Pa /boot/loader.conf 233for those modules not necessary for mounting local disk. 234.It Va kldxref_enable 235.Pq Vt bool 236Set to 237.Dq Li NO 238by default. 239Set to 240.Dq Li YES 241to automatically rebuild 242.Pa linker.hints 243files with 244.Xr kldxref 8 245at boot time. 246.It Va kldxref_clobber 247.Pq Vt bool 248Set to 249.Dq Li NO 250by default. 251If 252.Va kldxref_enable 253is true, 254setting to 255.Dq Li YES 256will overwrite existing 257.Pa linker.hints 258files at boot time. 259Otherwise, 260only missing 261.Pa linker.hints 262files are generated. 263.It Va kldxref_module_path 264.Pq Vt str 265Empty by default. 266A semi-colon 267.Pq Ql \&; 268delimited list of paths containing 269.Xr kld 4 270modules. 271If empty, 272the contents of the 273.Va kern.module_path 274.Xr sysctl 8 275are used. 276.It Va powerd_enable 277.Pq Vt bool 278If set to 279.Dq Li YES , 280enable the system power control facility with the 281.Xr powerd 8 282daemon. 283.It Va powerd_flags 284.Pq Vt str 285If 286.Va powerd_enable 287is set to 288.Dq Li YES , 289these are the flags to pass to the 290.Xr powerd 8 291daemon. 292.It Va tmpmfs 293Controls the creation of a 294.Pa /tmp 295memory file system. 296Always happens if set to 297.Dq Li YES 298and never happens if set to 299.Dq Li NO . 300If set to anything else, a memory file system is created if 301.Pa /tmp 302is not writable. 303.It Va tmpsize 304Controls the size of a created 305.Pa /tmp 306memory file system. 307.It Va tmpmfs_flags 308Extra options passed to the 309.Xr mdmfs 8 310utility when the memory file system for 311.Pa /tmp 312is created. 313The default is 314.Dq Li "-S" , 315which inhibits the use of softupdates on 316.Pa /tmp 317so that file system space is freed without delay 318after file truncation or deletion. 319See 320.Xr mdmfs 8 321for other options you can use in 322.Va tmpmfs_flags . 323.It Va varmfs 324Controls the creation of a 325.Pa /var 326memory file system. 327Always happens if set to 328.Dq Li YES 329and never happens if set to 330.Dq Li NO . 331If set to anything else, a memory file system is created if 332.Pa /var 333is not writable. 334.It Va varsize 335Controls the size of a created 336.Pa /var 337memory file system. 338.It Va varmfs_flags 339Extra options passed to the 340.Xr mdmfs 8 341utility when the memory file system for 342.Pa /var 343is created. 344The default is 345.Dq Li "-S" , 346which inhibits the use of softupdates on 347.Pa /var 348so that file system space is freed without delay 349after file truncation or deletion. 350See 351.Xr mdmfs 8 352for other options you can use in 353.Va varmfs_flags . 354.It Va populate_var 355Controls the automatic population of the 356.Pa /var 357file system. 358Always happens if set to 359.Dq Li YES 360and never happens if set to 361.Dq Li NO . 362If set to anything else, a memory file system is created if 363.Pa /var 364is not writable. 365Note that this process requires access to certain commands in 366.Pa /usr 367before 368.Pa /usr 369is mounted on normal systems. 370.It Va cleanvar_enable 371.Pq Vt bool 372Clean the 373.Pa /var 374directory. 375.It Va local_startup 376.Pq Vt str 377List of directories to search for startup script files. 378.It Va script_name_sep 379.Pq Vt str 380The field separator to use for breaking down the list of startup script files 381into individual filenames. 382The default is a space. 383It is not necessary to change this unless there are startup scripts with names 384containing spaces. 385.It Va hostapd_enable 386.Pq Vt bool 387Set to 388.Dq Li YES 389to start 390.Xr hostapd 8 391at system boot time. 392.It Va hostname 393.Pq Vt str 394The fully qualified domain name (FQDN) of this host on the network. 395This should almost certainly be set to something meaningful, even if 396there is no network connection. 397If 398.Xr dhclient 8 399is used to set the hostname via DHCP, 400this variable should be set to an empty string. 401If this value remains unset when the system is done booting 402your console login will display the default hostname of 403.Dq Amnesiac . 404.It Va nisdomainname 405.Pq Vt str 406The NIS domain name of this host, or 407.Dq Li NO 408if NIS is not used. 409.It Va dhclient_program 410.Pq Vt str 411Path to the DHCP client program 412.Pa ( /sbin/dhclient , 413the 414.Ox 415DHCP client, 416is the default). 417.It Va dhclient_flags 418.Pq Vt str 419Additional flags to pass to the DHCP client program. 420For the 421.Ox 422DHCP client, see the 423.Xr dhclient 8 424manpage for a description of the command line options available. 425.It Va dhclient_flags_ Ns Aq Ar iface 426Additional flags to pass to the DHCP client program running on 427.Ar iface 428only. 429When specified, this variable overrides 430.Va dhclient_flags . 431.It Va background_dhclient 432.Pq Vt bool 433Set to 434.Dq Li YES 435to start the DHCP client in background. 436This can cause trouble with applications depending on 437a working network, but it will provide a faster startup 438in many cases. 439.It Va background_dhclient_ Ns Aq Ar iface 440When specified, this variable overrides the 441.Va background_dhclient 442variable for interface 443.Ar iface 444only. 445.It Va synchronous_dhclient 446.Pq Vt bool 447Set to 448.Dq Li YES 449to start 450.Xr dhclient 8 451synchronously at startup. 452This behavior can be overridden on a per-interface basis by replacing 453the 454.Dq Li DHCP 455keyword in the 456.Va ifconfig_ Ns Aq Ar interface 457variable with 458.Dq Li SYNCDHCP 459or 460.Dq Li NOSYNCDHCP . 461.It Va defaultroute_delay 462.Pq Vt int 463When set to a positive value, wait up to this long after configuring 464DHCP interfaces at startup to give the interfaces time to receive a lease. 465.It Va firewall_enable 466.Pq Vt bool 467Set to 468.Dq Li YES 469to load firewall rules at startup. 470If the kernel was not built with 471.Cd "options IPFIREWALL" , 472the 473.Pa ipfw.ko 474kernel module will be loaded. 475See also 476.Va ipfilter_enable . 477.It Va firewall_script 478.Pq Vt str 479This variable specifies the full path to the firewall script to run. 480The default is 481.Pa /etc/rc.firewall . 482.It Va firewall_type 483.Pq Vt str 484Names the firewall type from the selection in 485.Pa /etc/rc.firewall , 486or the file which contains the local firewall ruleset. 487Valid selections from 488.Pa /etc/rc.firewall 489are: 490.Pp 491.Bl -tag -width ".Li simple" -compact 492.It Li open 493unrestricted IP access 494.It Li closed 495all IP services disabled, except via 496.Dq Li lo0 497.It Li client 498basic protection for a workstation 499.It Li simple 500basic protection for a LAN. 501.El 502.Pp 503If a filename is specified, the full path 504must be given. 505.It Va firewall_quiet 506.Pq Vt bool 507Set to 508.Dq Li YES 509to disable the display of firewall rules on the console during boot. 510.It Va firewall_logging 511.Pq Vt bool 512Set to 513.Dq Li YES 514to enable firewall event logging. 515This is equivalent to the 516.Dv IPFIREWALL_VERBOSE 517kernel option. 518.It Va firewall_logif 519.Pq Vt bool 520Set to 521.Dq Li YES 522to create pseudo interface 523.Li ipfw0 524for logging. 525For more details, see 526.Xr ipfw 8 527manual page. 528.It Va firewall_flags 529.Pq Vt str 530Flags passed to 531.Xr ipfw 8 532if 533.Va firewall_type 534specifies a filename. 535.It Va firewall_coscripts 536.Pq Vt str 537List of executables and/or rc scripts to run after firewall starts/stops. 538Default is empty. 539.\" ----- firewall_nat_enable setting -------------------------------- 540.It Va firewall_nat_enable 541.Pq Vt bool 542The 543.Xr ipfw 8 544equivalent of 545.Va natd_enable . 546Setting this to 547.Dq Li YES 548enables kernel NAT. 549.Va firewall_enable 550must also be set to 551.Dq Li YES . 552.It Va firewall_nat_interface 553.Pq Vt str 554The 555.Xr ipfw 8 556equivalent of 557.Va natd_interface . 558This is the name of the public interface or IP address on which 559kernel NAT should run. 560.It Va firewall_nat_flags 561.Pq Vt str 562Additional configuration parameters for kernel NAT should be placed here. 563.It Va dummynet_enable 564.Pq Vt bool 565Setting this to 566.Dq Li YES 567will automatically load the 568.Xr dummynet 4 569module if 570.Va firewall_enable 571is also set to 572.Dq Li YES . 573.\" ------------------------------------------------------------------- 574.It Va natd_program 575.Pq Vt str 576Path to 577.Xr natd 8 . 578.It Va natd_enable 579.Pq Vt bool 580Set to 581.Dq Li YES 582to enable 583.Xr natd 8 . 584.Va firewall_enable 585must also be set to 586.Dq Li YES , 587and 588.Xr divert 4 589sockets must be enabled in the kernel. 590If the kernel was not built with 591.Cd "options IPDIVERT" , 592the 593.Pa ipdivert.ko 594kernel module will be loaded. 595.It Va natd_interface 596.Pq Vt str 597This is the name of the public interface on which 598.Xr natd 8 599should run. 600The interface may be given as an interface name or as an IP address. 601.It Va natd_flags 602.Pq Vt str 603Additional 604.Xr natd 8 605flags should be placed here. 606The 607.Fl n 608or 609.Fl a 610flag is automatically added with the above 611.Va natd_interface 612as an argument. 613.\" ----- ipfilter_enable setting -------------------------------- 614.It Va ipfilter_enable 615.Pq Vt bool 616Set to 617.Dq Li NO 618by default. 619Setting this to 620.Dq Li YES 621enables 622.Xr ipf 8 623packet filtering. 624.Pp 625Typical usage will require putting 626.Bd -literal 627ipfilter_enable="YES" 628ipnat_enable="YES" 629ipmon_enable="YES" 630ipfs_enable="YES" 631.Ed 632.Pp 633into 634.Pa /etc/rc.conf 635and editing 636.Pa /etc/ipf.rules 637and 638.Pa /etc/ipnat.rules 639appropriately. 640.Pp 641Note that 642.Va ipfilter_enable 643and 644.Va ipnat_enable 645can be enabled independently. 646.Va ipmon_enable 647and 648.Va ipfs_enable 649both require at least one of 650.Va ipfilter_enable 651and 652.Va ipnat_enable 653to be enabled. 654.Pp 655Having 656.Bd -literal 657options IPFILTER 658options IPFILTER_LOG 659options IPFILTER_DEFAULT_BLOCK 660.Ed 661.Pp 662in the kernel configuration file is a good idea, too. 663.\" ----- ipfilter_program setting ------------------------------ 664.It Va ipfilter_program 665.Pq Vt str 666Path to 667.Xr ipf 8 668(default 669.Pa /sbin/ipf ) . 670.\" ----- ipfilter_rules setting -------------------------------- 671.It Va ipfilter_rules 672.Pq Vt str 673Set to 674.Pa /etc/ipf.rules 675by default. 676This variable contains the name of the filter rule definition file. 677The file is expected to be readable for the 678.Xr ipf 8 679command to execute. 680.\" ----- ipv6_ipfilter_rules setting --------------------------- 681.It Va ipv6_ipfilter_rules 682.Pq Vt str 683Set to 684.Pa /etc/ipf6.rules 685by default. 686This variable contains the IPv6 filter rule definition file. 687The file is expected to be readable for the 688.Xr ipf 8 689command to execute. 690.\" ----- ipfilter_flags setting -------------------------------- 691.It Va ipfilter_flags 692.Pq Vt str 693Empty by default. 694This variable contains flags passed to the 695.Xr ipf 8 696program. 697.\" ----- ipnat_enable setting ---------------------------------- 698.It Va ipnat_enable 699.Pq Vt bool 700Set to 701.Dq Li NO 702by default. 703Set it to 704.Dq Li YES 705to enable 706.Xr ipnat 8 707network address translation. 708See 709.Va ipfilter_enable 710for a detailed discussion. 711.\" ----- ipnat_program setting --------------------------------- 712.It Va ipnat_program 713.Pq Vt str 714Path to 715.Xr ipnat 8 716(default 717.Pa /sbin/ipnat ) . 718.\" ----- ipnat_rules setting ----------------------------------- 719.It Va ipnat_rules 720.Pq Vt str 721Set to 722.Pa /etc/ipnat.rules 723by default. 724This variable contains the name of the file 725holding the network address translation definition. 726This file is expected to be readable for the 727.Xr ipnat 8 728command to execute. 729.\" ----- ipnat_flags setting ----------------------------------- 730.It Va ipnat_flags 731.Pq Vt str 732Empty by default. 733This variable contains flags passed to the 734.Xr ipnat 8 735program. 736.\" ----- ipmon_enable setting ---------------------------------- 737.It Va ipmon_enable 738.Pq Vt bool 739Set to 740.Dq Li NO 741by default. 742Set it to 743.Dq Li YES 744to enable 745.Xr ipmon 8 746monitoring (logging 747.Xr ipf 8 748and 749.Xr ipnat 8 750events). 751Setting this variable needs setting 752.Va ipfilter_enable 753or 754.Va ipnat_enable 755too. 756See 757.Va ipfilter_enable 758for a detailed discussion. 759.\" ----- ipmon_program setting --------------------------------- 760.It Va ipmon_program 761.Pq Vt str 762Path to 763.Xr ipmon 8 764(default 765.Pa /sbin/ipmon ) . 766.\" ----- ipmon_flags setting ----------------------------------- 767.It Va ipmon_flags 768.Pq Vt str 769Set to 770.Dq Li -Ds 771by default. 772This variable contains flags passed to the 773.Xr ipmon 8 774program. 775Another typical example would be 776.Dq Fl D Pa /var/log/ipflog 777to have 778.Xr ipmon 8 779log directly to a file bypassing 780.Xr syslogd 8 . 781Make sure to adjust 782.Pa /etc/newsyslog.conf 783in such case like this: 784.Bd -literal 785/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 786.Ed 787.\" ----- ipfs_enable setting ----------------------------------- 788.It Va ipfs_enable 789.Pq Vt bool 790Set to 791.Dq Li NO 792by default. 793Set it to 794.Dq Li YES 795to enable 796.Xr ipfs 8 797saving the filter and NAT state tables during shutdown 798and reloading them during startup again. 799Setting this variable needs setting 800.Va ipfilter_enable 801or 802.Va ipnat_enable 803to 804.Dq Li YES 805too. 806See 807.Va ipfilter_enable 808for a detailed discussion. 809Note that if 810.Va kern_securelevel 811is set to 3, 812.Va ipfs_enable 813cannot be used 814because the raised securelevel will prevent 815.Xr ipfs 8 816from saving the state tables at shutdown time. 817.\" ----- ipfs_program setting ---------------------------------- 818.It Va ipfs_program 819.Pq Vt str 820Path to 821.Xr ipfs 8 822(default 823.Pa /sbin/ipfs ) . 824.\" ----- ipfs_flags setting ------------------------------------ 825.It Va ipfs_flags 826.Pq Vt str 827Empty by default. 828This variable contains flags passed to the 829.Xr ipfs 8 830program. 831.\" ----- end of added ipf hook --------------------------------- 832.It Va pf_enable 833.Pq Vt bool 834Set to 835.Dq Li NO 836by default. 837Setting this to 838.Dq Li YES 839enables 840.Xr pf 4 841packet filtering. 842.Pp 843Typical usage will require putting 844.Pp 845.Dl pf_enable="YES" 846.Pp 847into 848.Pa /etc/rc.conf 849and editing 850.Pa /etc/pf.conf 851appropriately. 852Adding 853.Pp 854.Dl "device pf" 855.Pp 856builds support for 857.Xr pf 4 858into the kernel, otherwise the 859kernel module will be loaded. 860.It Va pf_rules 861.Pq Vt str 862Path to 863.Xr pf 4 864ruleset configuration file 865(default 866.Pa /etc/pf.conf ) . 867.It Va pf_program 868.Pq Vt str 869Path to 870.Xr pfctl 8 871(default 872.Pa /sbin/pfctl ) . 873.It Va pf_flags 874.Pq Vt str 875If 876.Va pf_enable 877is set to 878.Dq Li YES , 879these flags are passed to the 880.Xr pfctl 8 881program when loading the ruleset. 882.It Va pflog_enable 883.Pq Vt bool 884Set to 885.Dq Li NO 886by default. 887Setting this to 888.Dq Li YES 889enables 890.Xr pflogd 8 891which logs packets from the 892.Xr pf 4 893packet filter. 894.It Va pflog_logfile 895.Pq Vt str 896If 897.Va pflog_enable 898is set to 899.Dq Li YES 900this controls where 901.Xr pflogd 8 902stores the logfile 903(default 904.Pa /var/log/pflog ) . 905Check 906.Pa /etc/newsyslog.conf 907to adjust logfile rotation for this. 908.It Va pflog_program 909.Pq Vt str 910Path to 911.Xr pflogd 8 912(default 913.Pa /sbin/pflogd ) . 914.It Va pflog_flags 915.Pq Vt str 916Empty by default. 917This variable contains additional flags passed to the 918.Xr pflogd 8 919program. 920.It Va ftpproxy_enable 921.Pq Vt bool 922Set to 923.Dq Li NO 924by default. 925Setting this to 926.Dq Li YES 927enables 928.Xr ftp-proxy 8 929which supports the 930.Xr pf 4 931packet filter in translating ftp connections. 932.It Va ftpproxy_flags 933.Pq Vt str 934Empty by default. 935This variable contains additional flags passed to the 936.Xr ftp-proxy 8 937program. 938.It Va pfsync_enable 939.Pq Vt bool 940Set to 941.Dq Li NO 942by default. 943Setting this to 944.Dq Li YES 945enables exposing 946.Xr pf 4 947state changes to other hosts over the network by means of 948.Xr pfsync 4 . 949The 950.Va pfsync_syncdev 951variable 952must also be set then. 953.It Va pfsync_syncdev 954.Pq Vt str 955Empty by default. 956This variable specifies the name of the network interface 957.Xr pfsync 4 958should operate through. 959It must be set accordingly if 960.Va pfsync_enable 961is set to 962.Dq Li YES . 963.It Va pfsync_syncpeer 964.Pq Vt str 965Empty by default. 966This variable is optional. 967By default, state change messages are sent out on the synchronisation 968interface using IP multicast packets. 969The protocol is IP protocol 240, PFSYNC, and the multicast group used is 970224.0.0.240. 971When a peer address is specified using the 972.Va pfsync_syncpeer 973option, the peer address is used as a destination for the pfsync 974traffic, and the traffic can then be protected using 975.Xr ipsec 4 . 976See the 977.Xr pfsync 4 978manpage for more details about using 979.Xr ipsec 4 980with 981.Xr pfsync 4 982interfaces. 983.It Va pfsync_ifconfig 984.Pq Vt str 985Empty by default. 986This variable can contain additional options to be passed to the 987.Xr ifconfig 8 988command used to set up 989.Xr pfsync 4 . 990.It Va tcp_extensions 991.Pq Vt bool 992Set to 993.Dq Li YES 994by default. 995Setting this to 996.Dq Li NO 997disables certain TCP options as described by 998.Rs 999.%T "RFC 1323" 1000.Re 1001Setting this to 1002.Dq Li NO 1003might help remedy such problems with connections as randomly hanging 1004or other weird behavior. 1005Some network devices are known 1006to be broken with respect to these options. 1007.It Va log_in_vain 1008.Pq Vt int 1009Set to 0 by default. 1010The 1011.Xr sysctl 8 1012variables, 1013.Va net.inet.tcp.log_in_vain 1014and 1015.Va net.inet.udp.log_in_vain , 1016as described in 1017.Xr tcp 4 1018and 1019.Xr udp 4 , 1020are set to the given value. 1021.It Va tcp_keepalive 1022.Pq Vt bool 1023Set to 1024.Dq Li YES 1025by default. 1026Setting to 1027.Dq Li NO 1028will disable probing idle TCP connections to verify that the 1029peer is still up and reachable. 1030.It Va tcp_drop_synfin 1031.Pq Vt bool 1032Set to 1033.Dq Li NO 1034by default. 1035Setting to 1036.Dq Li YES 1037will cause the kernel to ignore TCP frames that have both 1038the SYN and FIN flags set. 1039This prevents OS fingerprinting, but may 1040break some legitimate applications. 1041.It Va icmp_drop_redirect 1042.Pq Vt bool 1043Set to 1044.Dq Li NO 1045by default. 1046Setting to 1047.Dq Li YES 1048will cause the kernel to ignore ICMP REDIRECT packets. 1049Refer to 1050.Xr icmp 4 1051for more information. 1052.It Va icmp_log_redirect 1053.Pq Vt bool 1054Set to 1055.Dq Li NO 1056by default. 1057Setting to 1058.Dq Li YES 1059will cause the kernel to log ICMP REDIRECT packets. 1060Note that 1061the log messages are not rate-limited, so this option should only be used 1062for troubleshooting networks. 1063Refer to 1064.Xr icmp 4 1065for more information. 1066.It Va icmp_bmcastecho 1067.Pq Vt bool 1068Set to 1069.Dq Li YES 1070to respond to broadcast or multicast ICMP ping packets. 1071Refer to 1072.Xr icmp 4 1073for more information. 1074.It Va ip_portrange_first 1075.Pq Vt int 1076If not set to 1077.Dq Li NO , 1078this is the first port in the default portrange. 1079Refer to 1080.Xr ip 4 1081for more information. 1082.It Va ip_portrange_last 1083.Pq Vt int 1084If not set to 1085.Dq Li NO , 1086this is the last port in the default portrange. 1087Refer to 1088.Xr ip 4 1089for more information. 1090.It Va network_interfaces 1091.Pq Vt str 1092Set to the list of network interfaces to configure on this host or 1093.Dq Li AUTO 1094(the default) for all current interfaces. 1095Setting the 1096.Va network_interfaces 1097variable to anything other than the default is deprecated. 1098Interfaces that the administrator wishes to store configuration for, 1099but not start at boot should be configured with the 1100.Dq Li NOAUTO 1101keyword in their 1102.Va ifconfig_ Ns Aq Ar interface 1103variables as described below. 1104.Pp 1105An 1106.Va ifconfig_ Ns Aq Ar interface 1107variable is also assumed to exist for each value of 1108.Ar interface . 1109When an interface name contains any of the characters 1110.Dq Li .-/+ 1111they are translated to 1112.Dq Li _ 1113before lookup. 1114The variable can contain arguments to 1115.Xr ifconfig 8 , 1116as well as special case-insensitive keywords described below. 1117Such keywords are removed before passing the value to 1118.Xr ifconfig 8 1119while the order of the other arguments is preserved. 1120.Pp 1121It is possible to add IP alias entries using 1122.Xr ifconfig 8 1123syntax with the address family keyword such as 1124.Li inet . 1125Assuming that the interface in question was 1126.Li ed0 , 1127it might look something like this: 1128.Bd -literal 1129ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1130ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1131.Ed 1132.Pp 1133It also possible to configure multiple IP addresses in Classless 1134Inter-Domain Routing 1135.Pq CIDR 1136address notation, 1137whose each address component can be a range like 1138.Li inet 192.0.2.5-23/24 1139or 1140.Li inet6 2001:db8:1-f::1/64 . 1141This notation allows address and prefix length part only, 1142not the other address modifiers. 1143.Pp 1144In the case of 1145.Li 192.0.2.5-23/24 , 1146the address 192.0.2.5 will be configured with the 1147netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1148the non-conflicting netmask /32 as explained in the 1149.Xr ifconfig 8 1150alias section. 1151Note that this special netmask handling is only for 1152.Li inet , 1153not for the other address families such as 1154.Li inet6 . 1155.Pp 1156With the interface in question being 1157.Li ed0 , 1158an example could look like: 1159.Bd -literal 1160ifconfig_ed0_alias2="inet 192.0.2.129/27" 1161ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1162.Ed 1163.Pp 1164and so on. 1165.Pp 1166Note that 1167.Va ipv4_addrs_ Ns Aq Ar interface 1168variable was supported for IPv4 CIDR address notation. 1169It is now deprecated because the functionality was integrated into 1170.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1171though 1172.Va ipv4_addrs_ Ns Aq Ar interface 1173is still supported for backward compatibility. 1174.Pp 1175For each 1176.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1177entry with an address family keyword, 1178its contents are passed to 1179.Xr ifconfig 8 . 1180Execution stops at the first unsuccessful access, so if 1181something like this is present: 1182.Bd -literal 1183ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1184ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1185ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1186ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1187.Ed 1188.Pp 1189Then note that alias4 would 1190.Em not 1191be added since the search would 1192stop with the missing 1193.Dq Li alias3 1194entry. 1195Because of this difficult to manage behavior, 1196there is 1197.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1198variable, which has the same functionality as 1199.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1200and can have all of entries in a variable like the following: 1201.Bd -literal 1202ifconfig_ed0_aliases="\\ 1203 inet 127.0.0.251 netmask 0xffffffff \\ 1204 inet 127.0.0.252 netmask 0xffffffff \\ 1205 inet 127.0.0.253 netmask 0xffffffff \\ 1206 inet 127.0.0.254 netmask 0xffffffff" 1207.Ed 1208.Pp 1209It also supports CIDR notation. 1210.Pp 1211If the 1212.Pa /etc/start_if. Ns Aq Ar interface 1213file is present, it is read and executed by the 1214.Xr sh 1 1215interpreter 1216before configuring the interface as specified in the 1217.Va ifconfig_ Ns Aq Ar interface 1218and 1219.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1220variables. 1221.Pp 1222If a 1223.Va vlans_ Ns Aq Ar interface 1224variable is set, 1225a 1226.Xr vlan 4 1227interface will be created for each item in the list with the 1228.Ar vlandev 1229argument set to 1230.Ar interface . 1231If a vlan interface's name is a number, 1232then that number is used as the vlan tag and the new vlan interface is 1233named 1234.Ar interface . Ns Ar tag . 1235Otherwise, 1236the vlan tag must be specified via a 1237.Va vlan 1238parameter in the 1239.Va create_args_ Ns Aq Ar interface 1240variable. 1241.Pp 1242To create a vlan device named 1243.Li em0.101 1244on 1245.Li em0 1246with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1247.Bd -literal 1248vlans_em0="101" 1249ifconfig_em0_101="inet 192.0.2.1/24" 1250.Ed 1251.Pp 1252To create a vlan device named 1253.Li myvlan 1254on 1255.Li em0 1256with the vlan tag 102: 1257.Bd -literal 1258vlans_em0="myvlan" 1259create_args_myvlan="vlan 102" 1260.Ed 1261.Pp 1262If a 1263.Va wlans_ Ns Aq Ar interface 1264variable is set, 1265an 1266.Xr wlan 4 1267interface will be created for each item in the list with the 1268.Ar wlandev 1269argument set to 1270.Ar interface . 1271Further wlan cloning arguments may be passed to the 1272.Xr ifconfig 8 1273.Cm create 1274command by setting the 1275.Va create_args_ Ns Aq Ar interface 1276variable. 1277One or more 1278.Xr wlan 4 1279devices must be created for each wireless devices as of 1280.Fx 8.0 . 1281Debugging flags for 1282.Xr wlan 4 1283devices as set by 1284.Xr wlandebug 8 1285may be specified with an 1286.Va wlandebug_ Ns Aq Ar interface 1287variable. 1288The contents of this variable will be passed directly to 1289.Xr wlandebug 8 . 1290.Pp 1291If the 1292.Va ifconfig_ Ns Aq Ar interface 1293contains the keyword 1294.Dq Li NOAUTO 1295then the interface will not be configured 1296at boot or by 1297.Pa /etc/pccard_ether 1298when 1299.Va network_interfaces 1300is set to 1301.Dq Li AUTO . 1302.Pp 1303It is possible to bring up an interface with DHCP by adding 1304.Dq Li DHCP 1305to the 1306.Va ifconfig_ Ns Aq Ar interface 1307variable. 1308For instance, to initialize the 1309.Li ed0 1310device via DHCP, 1311it is possible to use something like: 1312.Bd -literal 1313ifconfig_ed0="DHCP" 1314.Ed 1315.Pp 1316If you want to configure your wireless interface with 1317.Xr wpa_supplicant 8 1318for use with WPA, EAP/LEAP or WEP, you need to add 1319.Dq Li WPA 1320to the 1321.Va ifconfig_ Ns Aq Ar interface 1322variable. 1323.Pp 1324On the other hand, if you want to configure your wireless interface with 1325.Xr hostapd 8 , 1326you need to add 1327.Dq Li HOSTAP 1328to the 1329.Va ifconfig_ Ns Aq Ar interface 1330variable. 1331.Xr hostapd 8 1332will use the settings from 1333.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1334.Pp 1335Finally, you can add 1336.Xr ifconfig 8 1337options in this variable, in addition to the 1338.Pa /etc/start_if. Ns Aq Ar interface 1339file. 1340For instance, to configure an 1341.Xr ath 4 1342wireless device in station mode with an address obtained 1343via DHCP, using WPA authentication and 802.11b mode, it is 1344possible to use something like: 1345.Bd -literal 1346wlans_ath0="wlan0" 1347ifconfig_wlan0="DHCP WPA mode 11b" 1348.Ed 1349.Pp 1350In addition to the 1351.Va ifconfig_ Ns Aq Ar interface 1352form, a fallback variable 1353.Va ifconfig_DEFAULT 1354may be configured. 1355It will be used for all interfaces with no 1356.Va ifconfig_ Ns Aq Ar interface 1357variable. 1358This is intended to replace the no longer supported 1359.Va pccard_ifconfig 1360variable. 1361.Pp 1362It is also possible to rename an interface by doing: 1363.Bd -literal 1364ifconfig_ed0_name="net0" 1365ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1366.Ed 1367.It Va ipv6_enable 1368.Pq Vt bool 1369This variable is deprecated. 1370Use 1371.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1372and 1373.Va ipv6_activate_all_interfaces 1374if necessary. 1375.Pp 1376If the variable is 1377.Dq Li YES , 1378.Dq Li inet6 accept_rtadv 1379is added to all of 1380.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1381and the 1382.Va ipv6_activate_all_interfaces 1383is defined as 1384.Dq Li YES . 1385.It Va ipv6_prefer 1386.Pq Vt bool 1387This variable is deprecated. 1388Use 1389.Va ip6addrctl_policy 1390instead. 1391.Pp 1392If the variable is 1393.Dq Li YES , 1394the default address selection policy table set by 1395.Xr ip6addrctl 8 1396will be IPv6-preferred. 1397.Pp 1398If the variable is 1399.Dq Li NO , 1400the default address selection policy table set by 1401.Xr ip6addrctl 8 1402will be IPv4-preferred. 1403.It Va ipv6_activate_all_interfaces 1404.Pq Vt bool 1405This controls initial configuration on IPv6-capable 1406interfaces with no corresponding 1407.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1408variable. 1409Note that it is not always necessary to set this variable to 1410.Dq YES 1411to use IPv6 functionality on 1412.Fx . 1413In most cases, just configuring 1414.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1415variables works. 1416.Pp 1417If the variable is 1418.Dq Li NO , 1419all interfaces which do not have a corresponding 1420.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1421variable will be marked as 1422.Dq Li IFDISABLED 1423at creation. 1424This means that all of IPv6 functionality on that interface 1425is completely disabled to enforce a security policy. 1426If the variable is set to 1427.Dq YES , 1428the flag will be cleared on all of the interfaces. 1429.Pp 1430In most cases, just defining an 1431.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1432for an IPv6-capable interface should be sufficient. 1433However, if an interface is added dynamically 1434.Pq by some tunneling protocols such as PPP, for example , 1435it is often difficult to define the variable in advance. 1436In such a case, configuring the 1437.Dq Li IFDISABLED 1438flag can be disabled by setting this variable to 1439.Dq YES . 1440.Pp 1441For more details of the 1442.Dq Li IFDISABLED 1443flag and keywords 1444.Dq Li inet6 ifdisabled , 1445see 1446.Xr ifconfig 8 . 1447.Pp 1448Default is 1449.Dq Li NO . 1450.It Va ipv6_privacy 1451.Pq Vt bool 1452If the variable is 1453.Dq Li YES 1454privacy addresses will be generated for each IPv6 1455interface as described in RFC 4941. 1456.It Va ipv6_network_interfaces 1457.Pq Vt str 1458This is the IPv6 equivalent of 1459.Va network_interfaces . 1460Normally manual configuration of this variable is not needed. 1461.Pp 1462.It Va ipv6_cpe_wanif 1463.Pq Vt str 1464If the variable is set to an interface name, 1465the 1466.Xr ifconfig 8 1467options 1468.Dq inet6 -no_radr accept_rtadv 1469will be added to the specified interface automatically before evaluating 1470.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1471and two 1472.Xr sysctl 8 1473variables 1474.Va net.inet6.ip6.rfc6204w3 1475and 1476.Va net.inet6.ip6.no_radr 1477will be set to 1. 1478.Pp 1479This means the specified interface will accept ICMPv6 Router 1480Advertisement messages on that link and add the discovered 1481routers into the Default Router List. 1482While the other interfaces can still accept RA messages if the 1483.Dq inet6 accept_rtadv 1484option is specified, adding 1485routes into the Default Router List will be disabled by 1486.Dq inet6 no_radr 1487option by default. 1488See 1489.Xr ifconfig 8 1490for more details. 1491.Pp 1492Note that ICMPv6 Router Advertisement messages will be 1493accepted even when 1494.Va net.inet6.ip6.forwarding 1495is 1 1496.Pq packet forwarding is enabled 1497when 1498.Va net.inet6.ip6.rfc6204w3 1499is set to 1. 1500.Pp 1501Default is 1502.Dq Li NO . 1503.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1504.Pq Vt str 1505IPv6 functionality on an interface should be configured by 1506.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1507instead of setting ifconfig parameters in 1508.Va ifconfig_ Ns Aq Ar interface . 1509If this variable is empty, all of IPv6 configurations on the 1510specified interface by other variables such as 1511.Va ipv6_prefix_ Ns Ao Ar interface Ac 1512will be ignored. 1513.Pp 1514Aliases should be set by 1515.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1516with 1517.Dq Li inet6 1518keyword. 1519For example: 1520.Bd -literal 1521ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1522ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1523.Ed 1524.Pp 1525Interfaces that have an 1526.Dq Li inet6 accept_rtadv 1527keyword in 1528.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1529setting will be automatically configured by SLAAC 1530.Pq StateLess Address AutoConfiguration 1531described in 1532.Rs 1533.%T "RFC 4862" 1534.Re 1535.Pp 1536Note that a link-local address will be automatically configured in 1537addition to the configured global-scope addresses because the IPv6 1538specifications require it on each link. 1539The address is calculated from the MAC address by using an algorithm 1540defined in 1541.Rs 1542.%T "RFC 4862" 1543.%O "Section 5.3" 1544.Re 1545.Pp 1546If only a link-local address is needed on the interface, 1547the following configuration can be used: 1548.Bd -literal 1549ifconfig_ed0_ipv6="inet6 auto_linklocal" 1550.Ed 1551.Pp 1552A link-local address can also be configured manually. 1553This is useful for the default router address of an IPv6 router 1554so that it does not change when the network interface 1555card is replaced. 1556For example: 1557.Bd -literal 1558ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1559.Ed 1560.It Va ipv6_prefix_ Ns Aq Ar interface 1561.Pq Vt str 1562If one or more prefixes are defined in 1563.Va ipv6_prefix_ Ns Aq Ar interface 1564addresses based on each prefix and the EUI-64 interface index will be 1565configured on that interface. 1566Note that this variable will be ignored when 1567.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1568is empty. 1569.Pp 1570For example, the following configuration 1571.Bd -literal 1572ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1573.Ed 1574.Pp 1575is equivalent to the following: 1576.Bd -literal 1577ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1578ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1579ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1580ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1581.Ed 1582.Pp 1583These Subnet-Router anycast addresses will be added only when 1584.Va ipv6_gateway_enable 1585is YES. 1586.It Va ipv6_default_interface 1587.Pq Vt str 1588If not set to 1589.Dq Li NO , 1590this is the default output interface for scoped addresses. 1591This works only with ipv6_gateway_enable="NO". 1592.It Va ip6addrctl_enable 1593.Pq Vt bool 1594This variable is to enable configuring default address selection policy table 1595.Pq RFC 3484 . 1596The table can be specified in another variable 1597.Va ip6addrctl_policy . 1598For 1599.Va ip6addrctl_policy 1600the following keywords can be specified: 1601.Dq Li ipv4_prefer , 1602.Dq Li ipv6_prefer , 1603or 1604.Dq Li AUTO . 1605.Pp 1606If 1607.Dq Li ipv4_prefer 1608or 1609.Dq Li ipv6_prefer 1610is specified, 1611.Xr ip6addrctl 8 1612installs a pre-defined policy table described in Section 2.1 1613.Pq IPv6-preferred 1614or 10.3 1615.Pq IPv4-preferred 1616of RFC 3484. 1617.Pp 1618If 1619.Dq Li AUTO 1620is specified, it attempts to read a file 1621.Pa /etc/ip6addrctl.conf 1622first. 1623If this file is found, 1624.Xr ip6addrctl 8 1625reads and installs it. 1626If not found, a policy is automatically set 1627according to 1628.Va ipv6_activate_all_interfaces 1629variable; if the variable is set to 1630.Dq Li YES 1631the IPv6-preferred one is used. 1632Otherwise IPv4-preferred. 1633.Pp 1634The default value of 1635.Va ip6addrctl_enable 1636and 1637.Va ip6addrctl_policy 1638are 1639.Dq Li YES 1640and 1641.Dq Li AUTO , 1642respectively. 1643.It Va cloned_interfaces 1644.Pq Vt str 1645Set to the list of clonable network interfaces to create on this host. 1646Further cloning arguments may be passed to the 1647.Xr ifconfig 8 1648.Cm create 1649command for each interface by setting the 1650.Va create_args_ Ns Aq Ar interface 1651variable. 1652If an interface name is specified with 1653.Dq :sticky 1654keyword, 1655the interface will not be destroyed even when 1656.Pa rc.d/netif 1657script is invoked with 1658.Dq stop 1659argument. 1660This is useful when reconfiguring the interface without destroying it. 1661Entries in 1662.Va cloned_interfaces 1663are automatically appended to 1664.Va network_interfaces 1665for configuration. 1666.It Va cloned_interfaces_sticky 1667.Pq Vt bool 1668This variable is to globally enable functionality of 1669.Dq :sticky 1670keyword in 1671.Va cloned_interfaces 1672for all interfaces. 1673The default value is 1674.Dq NO . 1675Even if this variable is specified to 1676.Dq YES , 1677.Dq :nosticky 1678keyword can be used to override it on per interface basis. 1679.It Va fec_interfaces 1680.Pq Vt str 1681Set to the list of 1682.Xr ng_fec 4 1683Fast EtherChannel interfaces to configure on this host. 1684A 1685.Va fecconfig_ Ns Aq Ar interface 1686variable is assumed to exist for each value of 1687.Ar interface . 1688The value of this variable is used to configure link aggregated interfaces 1689according to the syntax of the 1690.Cm NGM_FEC_ADD_IFACE 1691to 1692.Xr ngctl 8 1693msg. 1694Additionally, this option ensures that each listed interface is created 1695via the 1696.Cm mkpeer 1697command to 1698.Xr ngctl 8 1699before attempting to configure it. 1700For example: 1701.Bd -literal 1702fec_interfaces="fec0" 1703fecconfig_fec0="em0 em1" 1704ifconfig_fec0="DHCP" 1705.Ed 1706.It Va gif_interfaces 1707.Pq Vt str 1708This variable is deprecated in favor of 1709.Va cloned_interfaces . 1710Set to the list of 1711.Xr gif 4 1712tunnel interfaces to configure on this host. 1713A 1714.Va gifconfig_ Ns Aq Ar interface 1715variable is assumed to exist for each value of 1716.Ar interface . 1717The value of this variable is used to configure the link layer of the 1718tunnel according to the syntax of the 1719.Cm tunnel 1720option to 1721.Xr ifconfig 8 . 1722Additionally, this option ensures that each listed interface is created 1723via the 1724.Cm create 1725option to 1726.Xr ifconfig 8 1727before attempting to configure it. 1728.It Va sppp_interfaces 1729.Pq Vt str 1730Set to the list of 1731.Xr sppp 4 1732interfaces to configure on this host. 1733A 1734.Va spppconfig_ Ns Aq Ar interface 1735variable is assumed to exist for each value of 1736.Ar interface . 1737Each interface should also be configured by a general 1738.Va ifconfig_ Ns Aq Ar interface 1739setting. 1740Refer to 1741.Xr spppcontrol 8 1742for more information about available options. 1743.It Va ppp_enable 1744.Pq Vt bool 1745If set to 1746.Dq Li YES , 1747run the 1748.Xr ppp 8 1749daemon. 1750.It Va ppp_profile 1751.Pq Vt str 1752The name of the profile to use from 1753.Pa /etc/ppp/ppp.conf . 1754Also used for per-profile overrides of 1755.Va ppp_mode 1756and 1757.Va ppp_nat , 1758and 1759.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1760When the profile name contains any of the characters 1761.Dq Li .-/+ 1762they are translated to 1763.Dq Li _ 1764for the proposes of the override variable names. 1765.It Va ppp_mode 1766.Pq Vt str 1767Mode in which to run the 1768.Xr ppp 8 1769daemon. 1770.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1771.Pq Vt str 1772Overrides the global 1773.Va ppp_mode 1774for 1775.Ar profile . 1776Accepted modes are 1777.Dq Li auto , 1778.Dq Li ddial , 1779.Dq Li direct 1780and 1781.Dq Li dedicated . 1782See the manual for a full description. 1783.It Va ppp_nat 1784.Pq Vt bool 1785If set to 1786.Dq Li YES , 1787enables network address translation. 1788Used in conjunction with 1789.Va gateway_enable 1790allows hosts on private network addresses access to the Internet using 1791this host as a network address translating router. 1792.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1793.Pq Vt str 1794Overrides the global 1795.Va ppp_nat 1796for 1797.Ar profile . 1798.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1799.Pq Vt int 1800Set the unit number to be used for this profile. 1801See the manual description of 1802.Fl unit Ns Ar N 1803for details. 1804.It Va ppp_user 1805.Pq Vt str 1806The name of the user under which 1807.Xr ppp 8 1808should be started. 1809By 1810default, 1811.Xr ppp 8 1812is started as 1813.Dq Li root . 1814.It Va rc_conf_files 1815.Pq Vt str 1816This option is used to specify a list of files that will override 1817the settings in 1818.Pa /etc/defaults/rc.conf . 1819The files will be read in the order in which they are specified and should 1820include the full path to the file. 1821By default, the files specified are 1822.Pa /etc/rc.conf 1823and 1824.Pa /etc/rc.conf.local 1825.It Va zfs_enable 1826.Pq Vt bool 1827If set to 1828.Dq Li YES , 1829.Pa /etc/rc.d/zfs 1830will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1831(ZVOLs). 1832.It Va gptboot_enable 1833.Pq Vt bool 1834If set to 1835.Dq Li YES , 1836.Pa /etc/rc.d/gptboot 1837will log if the system successfully (or not) booted from a GPT partition, 1838which had the 1839.Ar bootonce 1840attribute set using 1841.Xr gpart 8 1842utility. 1843.It Va gbde_autoattach_all 1844.Pq Vt bool 1845If set to 1846.Dq Li YES , 1847.Pa /etc/rc.d/gbde 1848will attempt to automatically initialize your .bde devices in 1849.Pa /etc/fstab . 1850.It Va gbde_devices 1851.Pq Vt str 1852List the devices that the script should try to attach, 1853or 1854.Dq Li AUTO . 1855.It Va gbde_lockdir 1856.Pq Vt str 1857The directory where the 1858.Xr gbde 4 1859lockfiles are located. 1860The default lockfile directory is 1861.Pa /etc . 1862.Pp 1863The lockfile for each individual 1864.Xr gbde 4 1865device can be overridden by setting the variable 1866.Va gbde_lock_ Ns Aq Ar device , 1867where 1868.Ar device 1869is the encrypted device without the 1870.Dq Pa /dev/ 1871and 1872.Dq Pa .bde 1873parts. 1874.It Va gbde_attach_attempts 1875.Pq Vt int 1876Number of times to attempt attaching to a 1877.Xr gbde 4 1878device, i.e., how many times the user is asked for the pass-phrase. 1879Default is 3. 1880.It Va geli_devices 1881.Pq Vt str 1882List of devices to automatically attach on boot. 1883Note that .eli devices from 1884.Pa /etc/fstab 1885are automatically appended to this list. 1886.It Va geli_tries 1887.Pq Vt int 1888Number of times user is asked for the pass-phrase. 1889If empty, it will be taken from 1890.Va kern.geom.eli.tries 1891sysctl variable. 1892.It Va geli_default_flags 1893.Pq Vt str 1894Default flags to use by 1895.Xr geli 8 1896when configuring disk encryption. 1897Flags can be configured for every device separately by defining 1898.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1899variable. 1900.It Va geli_autodetach 1901.Pq Vt str 1902Specifies if GELI devices should be marked for detach on last close after 1903file systems are mounted. 1904Default is 1905.Dq Li YES . 1906This can be changed for every device separately by defining 1907.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1908variable. 1909.It Va root_rw_mount 1910.Pq Vt bool 1911Set to 1912.Dq Li YES 1913by default. 1914After the file systems are checked at boot time, the root file system 1915is remounted as read-write if this is set to 1916.Dq Li YES . 1917Diskless systems that mount their root file system from a read-only remote 1918NFS share should set this to 1919.Dq Li NO 1920in their 1921.Pa rc.conf . 1922.It Va fsck_y_enable 1923.Pq Vt bool 1924If set to 1925.Dq Li YES , 1926.Xr fsck 8 1927will be run with the 1928.Fl y 1929flag if the initial preen 1930of the file systems fails. 1931.It Va background_fsck 1932.Pq Vt bool 1933If set to 1934.Dq Li YES , 1935the system will attempt to run 1936.Xr fsck 8 1937in the background where possible. 1938.It Va background_fsck_delay 1939.Pq Vt int 1940The amount of time in seconds to sleep before starting a background 1941.Xr fsck 8 . 1942It defaults to sixty seconds to allow large applications such as 1943the X server to start before disk I/O bandwidth is monopolized by 1944.Xr fsck 8 . 1945If set to a negative number, the background file system check will be 1946delayed indefinitely to allow the administrator to run it at a more 1947convenient time. 1948For example it may be run from 1949.Xr cron 8 1950by adding a line like 1951.Pp 1952.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1953.Pp 1954to 1955.Pa /etc/crontab . 1956.It Va netfs_types 1957.Pq Vt str 1958List of file system types that are network-based. 1959This list should generally not be modified by end users. 1960Use 1961.Va extra_netfs_types 1962instead. 1963.It Va extra_netfs_types 1964.Pq Vt str 1965If set to something other than 1966.Dq Li NO 1967(the default), 1968this variable extends the list of file system types 1969for which automatic mounting at startup by 1970.Xr rc 8 1971should be delayed until the network is initialized. 1972It should contain 1973a whitespace-separated list of network file system descriptor pairs, 1974each consisting of a file system type as passed to 1975.Xr mount 8 1976and a human-readable, one-word description, 1977joined with a colon 1978.Pq Ql \&: . 1979Extending the default list in this way is only necessary 1980when third party file system types are used. 1981.It Va syslogd_enable 1982.Pq Vt bool 1983If set to 1984.Dq Li YES , 1985run the 1986.Xr syslogd 8 1987daemon. 1988.It Va syslogd_program 1989.Pq Vt str 1990Path to 1991.Xr syslogd 8 1992(default 1993.Pa /usr/sbin/syslogd ) . 1994.It Va syslogd_flags 1995.Pq Vt str 1996If 1997.Va syslogd_enable 1998is set to 1999.Dq Li YES , 2000these are the flags to pass to 2001.Xr syslogd 8 . 2002.It Va inetd_enable 2003.Pq Vt bool 2004If set to 2005.Dq Li YES , 2006run the 2007.Xr inetd 8 2008daemon. 2009.It Va inetd_program 2010.Pq Vt str 2011Path to 2012.Xr inetd 8 2013(default 2014.Pa /usr/sbin/inetd ) . 2015.It Va inetd_flags 2016.Pq Vt str 2017If 2018.Va inetd_enable 2019is set to 2020.Dq Li YES , 2021these are the flags to pass to 2022.Xr inetd 8 . 2023.It Va hastd_enable 2024.Pq Vt bool 2025If set to 2026.Dq Li YES , 2027run the 2028.Xr hastd 8 2029daemon. 2030.It Va hastd_program 2031.Pq Vt str 2032Path to 2033.Xr hastd 8 2034(default 2035.Pa /sbin/hastd ) . 2036.It Va hastd_flags 2037.Pq Vt str 2038If 2039.Va hastd_enable 2040is set to 2041.Dq Li YES , 2042these are the flags to pass to 2043.Xr hastd 8 . 2044.It Va named_enable 2045.Pq Vt bool 2046If set to 2047.Dq Li YES , 2048run the 2049.Xr named 8 2050daemon. 2051.It Va named_program 2052.Pq Vt str 2053Path to 2054.Xr named 8 2055(default 2056.Pa /usr/sbin/named ) . 2057.It Va named_conf 2058.Pq Vt str 2059Path to 2060.Xr named 8 2061configuration file, (default 2062.Pa /etc/namedb/named.conf ) . 2063.It Va named_flags 2064.Pq Vt str 2065If 2066.Va named_enable 2067is set to 2068.Dq Li YES , 2069these are the flags to pass to 2070.Xr named 8 . 2071.It Va named_uid 2072.Pq Vt str 2073The user that the 2074.Xr named 8 2075process should be run as. 2076.It Va named_chrootdir 2077.Pq Vt str 2078The root directory for a name server run in a 2079.Xr chroot 8 2080environment (default 2081.Pa /var/named ) . 2082If left empty 2083.Xr named 8 2084will not be run in a 2085.Xr chroot 8 2086environment. 2087.It Va named_chroot_autoupdate 2088.Pq Vt bool 2089Set to 2090.Dq Li NO 2091to disable automatic update of the 2092.Xr chroot 8 2093environment. 2094.It Va named_symlink_enable 2095.Pq Vt bool 2096Set to 2097.Dq Li NO 2098to disable symlinking of 2099daemon's PID file 2100into the 2101.Xr chroot 8 2102environment. 2103.It Va named_wait 2104.Pq Vt bool 2105Set to have 2106.Pa /etc/rc.d/named 2107loop until working name service is established. 2108.It Va named_wait_host 2109.Pq Vt str 2110Name of host to lookup for the named_wait option. 2111(Default localhost) 2112.It Va named_auto_forward 2113.Pq Vt bool 2114Set to enable automatic creation of a forwarder 2115configuration file derived from 2116.Pa /etc/resolv.conf . 2117.It Va named_auto_forward_only 2118.Pq Vt bool 2119Set to change the default forwarder configuration from 2120.Dq forward first 2121to 2122.Dq forward only . 2123.It Va kerberos5_server_enable 2124.Pq Vt bool 2125Set to 2126.Dq Li YES 2127to start a Kerberos 5 authentication server 2128at boot time. 2129.It Va kerberos5_server 2130.Pq Vt str 2131If 2132.Va kerberos5_server_enable 2133is set to 2134.Dq Li YES 2135this is the path to Kerberos 5 Authentication Server. 2136.It Va kerberos5_server_flags 2137.Pq Vt str 2138Empty by default. 2139This variable contains additional flags to be passed to the Kerberos 5 2140authentication server. 2141.It Va kadmind5_server_enable 2142.Pq Vt bool 2143Set to 2144.Dq Li YES 2145to start 2146.Xr kadmind 8 , 2147the Kerberos 5 Administration Daemon; set to 2148.Dq Li NO 2149on a slave server. 2150.It Va kadmind5_server 2151.Pq Vt str 2152If 2153.Va kadmind5_server_enable 2154is set to 2155.Dq Li YES 2156this is the path to Kerberos 5 Administration Daemon. 2157.It Va kpasswdd_server_enable 2158.Pq Vt bool 2159Set to 2160.Dq Li YES 2161to start 2162.Xr kpasswdd 8 , 2163the Kerberos 5 Password-Changing Daemon; set to 2164.Dq Li NO 2165on a slave server. 2166.It Va kpasswdd_server 2167.Pq Vt str 2168If 2169.Va kpasswdd_server_enable 2170is set to 2171.Dq Li YES 2172this is the path to Kerberos 5 Password-Changing Daemon. 2173.It Va kfd_enable 2174.Pq Vt bool 2175Set to 2176.Dq Li YES 2177to start 2178.Xr kfd 8 , 2179the Kerberos 5 ticket forwarding daemon, at the boot time. 2180.It Va kfd_program 2181.Pq Vt str 2182Path to 2183.Xr kfd 8 2184(default 2185.Pa /usr/libexec/kfd ) . 2186.It Va rwhod_enable 2187.Pq Vt bool 2188If set to 2189.Dq Li YES , 2190run the 2191.Xr rwhod 8 2192daemon at boot time. 2193.It Va rwhod_flags 2194.Pq Vt str 2195If 2196.Va rwhod_enable 2197is set to 2198.Dq Li YES , 2199these are the flags to pass to it. 2200.It Va amd_enable 2201.Pq Vt bool 2202If set to 2203.Dq Li YES , 2204run the 2205.Xr amd 8 2206daemon at boot time. 2207.It Va amd_flags 2208.Pq Vt str 2209If 2210.Va amd_enable 2211is set to 2212.Dq Li YES , 2213these are the flags to pass to it. 2214See the 2215.Xr amd 8 2216manpage for more information. 2217.It Va amd_map_program 2218.Pq Vt str 2219If set, 2220the specified program is run to get the list of 2221.Xr amd 8 2222maps. 2223For example, if the 2224.Xr amd 8 2225maps are stored in NIS, one can set this to 2226run 2227.Xr ypcat 1 2228to get a list of 2229.Xr amd 8 2230maps from the 2231.Pa amd.master 2232NIS map. 2233.It Va update_motd 2234.Pq Vt bool 2235If set to 2236.Dq Li YES , 2237.Pa /etc/motd 2238will be updated at boot time to reflect the kernel release 2239being run. 2240If set to 2241.Dq Li NO , 2242.Pa /etc/motd 2243will not be updated. 2244.It Va nfs_client_enable 2245.Pq Vt bool 2246If set to 2247.Dq Li YES , 2248run the NFS client daemons at boot time. 2249.It Va nfs_access_cache 2250.Pq Vt int 2251If 2252.Va nfs_client_enable 2253is set to 2254.Dq Li YES , 2255this can be set to 2256.Dq Li 0 2257to disable NFS ACCESS RPC caching, or to the number of seconds for which 2258NFS ACCESS 2259results should be cached. 2260A value of 2-10 seconds will substantially reduce network 2261traffic for many NFS operations. 2262.It Va nfs_server_enable 2263.Pq Vt bool 2264If set to 2265.Dq Li YES , 2266run the NFS server daemons at boot time. 2267.It Va nfs_server_flags 2268.Pq Vt str 2269If 2270.Va nfs_server_enable 2271is set to 2272.Dq Li YES , 2273these are the flags to pass to the 2274.Xr nfsd 8 2275daemon. 2276.It Va nfsv4_server_enable 2277.Pq Vt bool 2278If 2279.Va nfs_server_enable 2280is set to 2281.Dq Li YES 2282and 2283.Va nfsv4_server_enable 2284are set to 2285.Dq Li YES , 2286enable the server for NFSv4 as well as NFSv2 and NFSv3. 2287.It Va nfsuserd_enable 2288.Pq Vt bool 2289If 2290.Va nfsuserd_enable 2291is set to 2292.Dq Li YES , 2293run the nfsuserd daemon, which is needed for NFSv4 in order 2294to map between user/group names vs uid/gid numbers. 2295If 2296.Va nfsv4_server_enable 2297is set to 2298.Dq Li YES , 2299this will be forced enabled. 2300.It Va nfsuserd_flags 2301.Pq Vt str 2302If 2303.Va nfsuserd_enable 2304is set to 2305.Dq Li YES , 2306these are the flags to pass to the 2307.Xr nfsuserd 8 2308daemon. 2309.It Va nfscbd_enable 2310.Pq Vt bool 2311If 2312.Va nfscbd_enable 2313is set to 2314.Dq Li YES , 2315run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2316.It Va nfscbd_flags 2317.Pq Vt str 2318If 2319.Va nfscbd_enable 2320is set to 2321.Dq Li YES , 2322these are the flags to pass to the 2323.Xr nfscbd 8 2324daemon. 2325.It Va oldnfs_server_enable 2326.Pq Vt bool 2327If 2328.Va oldnfs_server_enable 2329is set to 2330.Dq Li YES , 2331force the NFS server daemons to run the old NFS server code 2332that does not support NFSv4. 2333.It Va mountd_enable 2334.Pq Vt bool 2335If set to 2336.Dq Li YES , 2337and no 2338.Va nfs_server_enable 2339is set, start 2340.Xr mountd 8 , 2341but not 2342.Xr nfsd 8 2343daemon. 2344It is commonly needed to run CFS without real NFS used. 2345.It Va mountd_flags 2346.Pq Vt str 2347If 2348.Va mountd_enable 2349is set to 2350.Dq Li YES , 2351these are the flags to pass to the 2352.Xr mountd 8 2353daemon. 2354.It Va weak_mountd_authentication 2355.Pq Vt bool 2356If set to 2357.Dq Li YES , 2358allow services like PCNFSD to make non-privileged mount 2359requests. 2360.It Va nfs_reserved_port_only 2361.Pq Vt bool 2362If set to 2363.Dq Li YES , 2364provide NFS services only on a secure port. 2365.It Va nfs_bufpackets 2366.Pq Vt int 2367If set to a number, indicates the number of packets worth of 2368socket buffer space to reserve on an NFS client. 2369The kernel default is typically 4. 2370Using a higher number may be 2371useful on gigabit networks to improve performance. 2372The minimum value is 23732 and the maximum is 64. 2374.It Va rpc_lockd_enable 2375.Pq Vt bool 2376If set to 2377.Dq Li YES 2378and also an NFS server or client, run 2379.Xr rpc.lockd 8 2380at boot time. 2381.It Va rpc_lockd_flags 2382.Pq Vt str 2383If 2384.Va rpc_lockd_enable 2385is set to 2386.Dq Li YES , 2387these are the flags to pass to the 2388.Xr rpc.lockd 8 2389daemon. 2390.It Va rpc_statd_enable 2391.Pq Vt bool 2392If set to 2393.Dq Li YES 2394and also an NFS server or client, run 2395.Xr rpc.statd 8 2396at boot time. 2397.It Va rpc_statd_flags 2398.Pq Vt str 2399If 2400.Va rpc_statd_enable 2401is set to 2402.Dq Li YES , 2403these are the flags to pass to the 2404.Xr rpc.statd 8 2405daemon. 2406.It Va rpcbind_program 2407.Pq Vt str 2408Path to 2409.Xr rpcbind 8 2410(default 2411.Pa /usr/sbin/rpcbind ) . 2412.It Va rpcbind_enable 2413.Pq Vt bool 2414If set to 2415.Dq Li YES , 2416run the 2417.Xr rpcbind 8 2418service at boot time. 2419.It Va rpcbind_flags 2420.Pq Vt str 2421If 2422.Va rpcbind_enable 2423is set to 2424.Dq Li YES , 2425these are the flags to pass to the 2426.Xr rpcbind 8 2427daemon. 2428.It Va keyserv_enable 2429.Pq Vt bool 2430If set to 2431.Dq Li YES , 2432run the 2433.Xr keyserv 8 2434daemon on boot for running Secure RPC. 2435.It Va keyserv_flags 2436.Pq Vt str 2437If 2438.Va keyserv_enable 2439is set to 2440.Dq Li YES , 2441these are the flags to pass to 2442.Xr keyserv 8 2443daemon. 2444.It Va pppoed_enable 2445.Pq Vt bool 2446If set to 2447.Dq Li YES , 2448run the 2449.Xr pppoed 8 2450daemon at boot time to provide PPP over Ethernet services. 2451.It Va pppoed_ Ns Aq Ar provider 2452.Pq Vt str 2453.Xr pppoed 8 2454listens to requests to this 2455.Ar provider 2456and ultimately runs 2457.Xr ppp 8 2458with a 2459.Ar system 2460argument of the same name. 2461.It Va pppoed_flags 2462.Pq Vt str 2463Additional flags to pass to 2464.Xr pppoed 8 . 2465.It Va pppoed_interface 2466.Pq Vt str 2467The network interface to run 2468.Xr pppoed 8 2469on. 2470This is mandatory when 2471.Va pppoed_enable 2472is set to 2473.Dq Li YES . 2474.It Va timed_enable 2475.Pq Vt bool 2476If set to 2477.Dq Li YES , 2478run the 2479.Xr timed 8 2480service at boot time. 2481This command is intended for networks of 2482machines where a consistent 2483.Dq "network time" 2484for all hosts must be established. 2485This is often useful in large NFS 2486environments where time stamps on files are expected to be consistent 2487network-wide. 2488.It Va timed_flags 2489.Pq Vt str 2490If 2491.Va timed_enable 2492is set to 2493.Dq Li YES , 2494these are the flags to pass to the 2495.Xr timed 8 2496service. 2497.It Va ntpdate_enable 2498.Pq Vt bool 2499If set to 2500.Dq Li YES , 2501run 2502.Xr ntpdate 8 2503at system startup. 2504This command is intended to 2505synchronize the system clock only 2506.Em once 2507from some standard reference. 2508.It Va ntpdate_config 2509.Pq Vt str 2510Configuration file for 2511.Xr ntpdate 8 . 2512Default 2513.Pa /etc/ntp.conf . 2514.It Va ntpdate_hosts 2515.Pq Vt str 2516A whitespace-separated list of NTP servers to synchronize with at startup. 2517The default is to use the servers listed in 2518.Va ntpdate_config , 2519if that file exists. 2520.It Va ntpdate_program 2521.Pq Vt str 2522Path to 2523.Xr ntpdate 8 2524(default 2525.Pa /usr/sbin/ntpdate ) . 2526.It Va ntpdate_flags 2527.Pq Vt str 2528If 2529.Va ntpdate_enable 2530is set to 2531.Dq Li YES , 2532these are the flags to pass to the 2533.Xr ntpdate 8 2534command (typically a hostname). 2535.It Va ntpd_enable 2536.Pq Vt bool 2537If set to 2538.Dq Li YES , 2539run the 2540.Xr ntpd 8 2541command at boot time. 2542.It Va ntpd_program 2543.Pq Vt str 2544Path to 2545.Xr ntpd 8 2546(default 2547.Pa /usr/sbin/ntpd ) . 2548.It Va ntpd_config 2549.Pq Vt str 2550Path to 2551.Xr ntpd 8 2552configuration file. 2553Default 2554.Pa /etc/ntp.conf . 2555.It Va ntpd_flags 2556.Pq Vt str 2557If 2558.Va ntpd_enable 2559is set to 2560.Dq Li YES , 2561these are the flags to pass to the 2562.Xr ntpd 8 2563daemon. 2564.It Va ntpd_sync_on_start 2565.Pq Vt bool 2566If set to 2567.Dq Li YES , 2568.Xr ntpd 8 2569is run with the 2570.Fl g 2571flag, which syncs the system's clock on startup. 2572See 2573.Xr ntpd 8 2574for more information regarding the 2575.Fl g 2576option. 2577This is a preferred alternative to using 2578.Xr ntpdate 8 2579or specifying the 2580.Va ntpdate_enable 2581variable. 2582.It Va nis_client_enable 2583.Pq Vt bool 2584If set to 2585.Dq Li YES , 2586run the 2587.Xr ypbind 8 2588service at system boot time. 2589.It Va nis_client_flags 2590.Pq Vt str 2591If 2592.Va nis_client_enable 2593is set to 2594.Dq Li YES , 2595these are the flags to pass to the 2596.Xr ypbind 8 2597service. 2598.It Va nis_ypset_enable 2599.Pq Vt bool 2600If set to 2601.Dq Li YES , 2602run the 2603.Xr ypset 8 2604daemon at system boot time. 2605.It Va nis_ypset_flags 2606.Pq Vt str 2607If 2608.Va nis_ypset_enable 2609is set to 2610.Dq Li YES , 2611these are the flags to pass to the 2612.Xr ypset 8 2613daemon. 2614.It Va nis_server_enable 2615.Pq Vt bool 2616If set to 2617.Dq Li YES , 2618run the 2619.Xr ypserv 8 2620daemon at system boot time. 2621.It Va nis_server_flags 2622.Pq Vt str 2623If 2624.Va nis_server_enable 2625is set to 2626.Dq Li YES , 2627these are the flags to pass to the 2628.Xr ypserv 8 2629daemon. 2630.It Va nis_ypxfrd_enable 2631.Pq Vt bool 2632If set to 2633.Dq Li YES , 2634run the 2635.Xr rpc.ypxfrd 8 2636daemon at system boot time. 2637.It Va nis_ypxfrd_flags 2638.Pq Vt str 2639If 2640.Va nis_ypxfrd_enable 2641is set to 2642.Dq Li YES , 2643these are the flags to pass to the 2644.Xr rpc.ypxfrd 8 2645daemon. 2646.It Va nis_yppasswdd_enable 2647.Pq Vt bool 2648If set to 2649.Dq Li YES , 2650run the 2651.Xr rpc.yppasswdd 8 2652daemon at system boot time. 2653.It Va nis_yppasswdd_flags 2654.Pq Vt str 2655If 2656.Va nis_yppasswdd_enable 2657is set to 2658.Dq Li YES , 2659these are the flags to pass to the 2660.Xr rpc.yppasswdd 8 2661daemon. 2662.It Va rpc_ypupdated_enable 2663.Pq Vt bool 2664If set to 2665.Dq Li YES , 2666run the 2667.Nm rpc.ypupdated 2668daemon at system boot time. 2669.It Va bsnmpd_enable 2670.Pq Vt bool 2671If set to 2672.Dq Li YES , 2673run the 2674.Xr bsnmpd 1 2675daemon at system boot time. 2676Be sure to understand the security implications of running SNMP daemon 2677on your host. 2678.It Va bsnmpd_flags 2679.Pq Vt str 2680If 2681.Va bsnmpd_enable 2682is set to 2683.Dq Li YES , 2684these are the flags to pass to the 2685.Xr bsnmpd 1 2686daemon. 2687.It Va defaultrouter 2688.Pq Vt str 2689If not set to 2690.Dq Li NO , 2691create a default route to this host name or IP address 2692(use an IP address if this router is also required to get to the 2693name server!). 2694.It Va ipv6_defaultrouter 2695.Pq Vt str 2696The IPv6 equivalent of 2697.Va defaultrouter . 2698.It Va static_arp_pairs 2699.Pq Vt str 2700Set to the list of static ARP pairs that are to be added at system 2701boot time. 2702For each whitespace separated 2703.Ar element 2704in the value, a 2705.Va static_arp_ Ns Aq Ar element 2706variable is assumed to exist whose contents will later be passed to a 2707.Dq Nm arp Cm -S 2708operation. 2709For example 2710.Bd -literal 2711static_arp_pairs="gw" 2712static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2713.Ed 2714.It Va static_ndp_pairs 2715.Pq Vt str 2716Set to the list of static NDP pairs that are to be added at system 2717boot time. 2718For each whitespace separated 2719.Ar element 2720in the value, a 2721.Va static_ndp_ Ns Aq Ar element 2722variable is assumed to exist whose contents will later be passed to a 2723.Dq Nm ndp Cm -s 2724operation. 2725For example 2726.Bd -literal 2727static_ndp_pairs="gw" 2728static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2729.Ed 2730.It Va static_routes 2731.Pq Vt str 2732Set to the list of static routes that are to be added at system 2733boot time. 2734If not set to 2735.Dq Li NO 2736then for each whitespace separated 2737.Ar element 2738in the value, a 2739.Va route_ Ns Aq Ar element 2740variable is assumed to exist 2741whose contents will later be passed to a 2742.Dq Nm route Cm add 2743operation. 2744For example: 2745.Bd -literal 2746static_routes="ext mcast:gif0 gif0local:gif0" 2747route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2748route_mcast="-net 224.0.0.0/4 -iface gif0" 2749route_gif0local="-host 169.254.1.1 -iface lo0" 2750.Ed 2751.Pp 2752When an 2753.Ar element 2754is in the form of 2755.Li name:ifname , 2756the route is specific to the interface 2757.Li ifname . 2758.It Va ipv6_static_routes 2759.Pq Vt str 2760The IPv6 equivalent of 2761.Va static_routes . 2762If not set to 2763.Dq Li NO 2764then for each whitespace separated 2765.Ar element 2766in the value, a 2767.Va ipv6_route_ Ns Aq Ar element 2768variable is assumed to exist 2769whose contents will later be passed to a 2770.Dq Nm route Cm add Fl inet6 2771operation. 2772.It Va natm_static_routes 2773.Pq Vt str 2774The 2775.Xr natmip 4 2776equivalent of 2777.Va static_routes . 2778If not empty then for each whitespace separated 2779.Ar element 2780in the value, a 2781.Va route_ Ns Aq Ar element 2782variable is assumed to exist whose contents will later be passed to a 2783.Dq Nm atmconfig Cm natm Cm add 2784operation. 2785.It Va gateway_enable 2786.Pq Vt bool 2787If set to 2788.Dq Li YES , 2789configure host to act as an IP router, e.g.\& to forward packets 2790between interfaces. 2791.It Va ipv6_gateway_enable 2792.Pq Vt bool 2793The IPv6 equivalent of 2794.Va gateway_enable . 2795.It Va routed_enable 2796.Pq Vt bool 2797If set to 2798.Dq Li YES , 2799run a routing daemon of some sort, based on the 2800settings of 2801.Va routed_program 2802and 2803.Va routed_flags . 2804.It Va route6d_enable 2805.Pq Vt bool 2806The IPv6 equivalent of 2807.Va routed_enable . 2808If set to 2809.Dq Li YES , 2810run a routing daemon of some sort, based on the 2811settings of 2812.Va route6d_program 2813and 2814.Va route6d_flags . 2815.It Va routed_program 2816.Pq Vt str 2817If 2818.Va routed_enable 2819is set to 2820.Dq Li YES , 2821this is the name of the routing daemon to use. 2822.It Va route6d_program 2823.Pq Vt str 2824The IPv6 equivalent of 2825.Va routed_program . 2826.It Va routed_flags 2827.Pq Vt str 2828If 2829.Va routed_enable 2830is set to 2831.Dq Li YES , 2832these are the flags to pass to the routing daemon. 2833.It Va route6d_flags 2834.Pq Vt str 2835The IPv6 equivalent of 2836.Va routed_flags . 2837.It Va mrouted_enable 2838.Pq Vt bool 2839If set to 2840.Dq Li YES , 2841run the multicast routing daemon, 2842.Xr mrouted 8 . 2843.It Va mroute6d_enable 2844.Pq Vt bool 2845The IPv6 equivalent of 2846.Va mrouted_enable . 2847If set to 2848.Dq Li YES , 2849run the IPv6 multicast routing daemon. 2850.Pp 2851Note that multicast routing daemons are no longer included in the 2852.Fx 2853base system, however, both 2854.Xr mrouted 8 2855and 2856.Xr pim6dd 8 2857may be installed from the 2858.Fx 2859Ports Collection. 2860.It Va mrouted_flags 2861.Pq Vt str 2862If 2863.Va mrouted_enable 2864is set to 2865.Dq Li YES , 2866these are the flags to pass to the 2867.Xr mrouted 8 2868daemon. 2869.It Va mroute6d_flags 2870.Pq Vt str 2871The IPv6 equivalent of 2872.Va mrouted_flags . 2873If 2874.Va mroute6d_enable 2875is set to 2876.Dq Li YES , 2877these are the flags passed to the IPv6 multicast routing daemon. 2878.It Va mroute6d_program 2879.Pq Vt str 2880If 2881.Va mroute6d_enable 2882is set to 2883.Dq Li YES , 2884this is the path to the IPv6 multicast routing daemon. 2885.It Va rtadvd_enable 2886.Pq Vt bool 2887If set to 2888.Dq Li YES , 2889run the 2890.Xr rtadvd 8 2891daemon at boot time. 2892The 2893.Xr rtadvd 8 2894utility sends ICMPv6 Router Advertisement messages to 2895the interfaces specified in 2896.Va rtadvd_interfaces . 2897This should only be enabled with great care. 2898You may want to fine-tune 2899.Xr rtadvd.conf 5 . 2900.It Va rtadvd_interfaces 2901.Pq Vt str 2902If 2903.Va rtadvd_enable 2904is set to 2905.Dq Li YES 2906this is the list of interfaces to use. 2907.It Va ipxgateway_enable 2908.Pq Vt bool 2909If set to 2910.Dq Li YES , 2911enable the routing of IPX traffic. 2912.It Va ipxrouted_enable 2913.Pq Vt bool 2914If set to 2915.Dq Li YES , 2916run the 2917.Xr IPXrouted 8 2918daemon at system boot time. 2919.It Va ipxrouted_flags 2920.Pq Vt str 2921If 2922.Va ipxrouted_enable 2923is set to 2924.Dq Li YES , 2925these are the flags to pass to the 2926.Xr IPXrouted 8 2927daemon. 2928.It Va arpproxy_all 2929.Pq Vt bool 2930If set to 2931.Dq Li YES , 2932enable global proxy ARP. 2933.It Va forward_sourceroute 2934.Pq Vt bool 2935If set to 2936.Dq Li YES 2937and 2938.Va gateway_enable 2939is also set to 2940.Dq Li YES , 2941source-routed packets are forwarded. 2942.It Va accept_sourceroute 2943.Pq Vt bool 2944If set to 2945.Dq Li YES , 2946the system will accept source-routed packets directed at it. 2947.It Va rarpd_enable 2948.Pq Vt bool 2949If set to 2950.Dq Li YES , 2951run the 2952.Xr rarpd 8 2953daemon at system boot time. 2954.It Va rarpd_flags 2955.Pq Vt str 2956If 2957.Va rarpd_enable 2958is set to 2959.Dq Li YES , 2960these are the flags to pass to the 2961.Xr rarpd 8 2962daemon. 2963.It Va bootparamd_enable 2964.Pq Vt bool 2965If set to 2966.Dq Li YES , 2967run the 2968.Xr bootparamd 8 2969daemon at system boot time. 2970.It Va bootparamd_flags 2971.Pq Vt str 2972If 2973.Va bootparamd_enable 2974is set to 2975.Dq Li YES , 2976these are the flags to pass to the 2977.Xr bootparamd 8 2978daemon. 2979.It Va stf_interface_ipv4addr 2980.Pq Vt str 2981If not set to 2982.Dq Li NO , 2983this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2984interface). 2985Specify this entry to enable the 6to4 interface. 2986.It Va stf_interface_ipv4plen 2987.Pq Vt int 2988Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2989An effective value is 0-31. 2990.It Va stf_interface_ipv6_ifid 2991.Pq Vt str 2992IPv6 interface ID for 2993.Xr stf 4 . 2994This can be set to 2995.Dq Li AUTO . 2996.It Va stf_interface_ipv6_slaid 2997.Pq Vt str 2998IPv6 Site Level Aggregator for 2999.Xr stf 4 . 3000.It Va ipv6_faith_prefix 3001.Pq Vt str 3002If not set to 3003.Dq Li NO , 3004this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 3005translator. 3006You also need 3007.Xr faithd 8 3008setup. 3009.It Va ipv6_ipv4mapping 3010.Pq Vt bool 3011If set to 3012.Dq Li YES 3013this enables IPv4 mapped IPv6 address communication (like 3014.Li ::ffff:a.b.c.d ) . 3015.It Va rtsold_enable 3016.Pq Vt bool 3017Set to 3018.Dq Li YES 3019to enable the 3020.Xr rtsold 8 3021daemon to send ICMPv6 Router Solicitation messages. 3022.It Va rtsold_flags 3023.Pq Vt str 3024If 3025.Va rtsold_enable 3026is set to 3027.Dq Li YES , 3028these are the flags to pass to 3029.Xr rtsold 8 . 3030.It Va rtsol_flags 3031.Pq Vt str 3032For interfaces configured with the 3033.Dq Li inet6 accept_rtadv 3034keyword, these are the flags to pass to 3035.Xr rtsol 8 . 3036.Pp 3037Note that 3038.Va rtsold_enable 3039is mutually exclusive to 3040.Va rtsol_flags ; 3041.Va rtsold_enable 3042takes precedence. 3043.It Va atm_enable 3044.Pq Vt bool 3045Set to 3046.Dq Li YES 3047to enable the configuration of ATM interfaces at system boot time. 3048For all of the ATM variables described below, please refer to the 3049.Xr atm 8 3050manual page for further details on the available command parameters. 3051Also refer to the files in 3052.Pa /usr/share/examples/atm 3053for more detailed configuration information. 3054.It Va atm_load 3055.Pq Vt str 3056This is a list of physical ATM interface drivers to load. 3057Typical values are 3058.Dq Li hfa_pci 3059and/or 3060.Dq Li hea_pci . 3061.It Va atm_netif_ Ns Aq Ar intf 3062.Pq Vt str 3063For the ATM physical interface 3064.Ar intf , 3065this variable defines the name prefix and count for the ATM network 3066interfaces to be created. 3067The value will be passed as the parameters of an 3068.Dq Nm atm Cm "set netif" Ar intf 3069command. 3070.It Va atm_sigmgr_ Ns Aq Ar intf 3071.Pq Vt str 3072For the ATM physical interface 3073.Ar intf , 3074this variable defines the ATM signalling manager to be used. 3075The value will be passed as the parameters of an 3076.Dq Nm atm Cm attach Ar intf 3077command. 3078.It Va atm_prefix_ Ns Aq Ar intf 3079.Pq Vt str 3080For the ATM physical interface 3081.Ar intf , 3082this variable defines the NSAP prefix for interfaces using a UNI signalling 3083manager. 3084If set to 3085.Dq Li ILMI , 3086the prefix will automatically be set via the 3087.Xr ilmid 8 3088daemon. 3089Otherwise, the value will be passed as the parameters of an 3090.Dq Nm atm Cm "set prefix" Ar intf 3091command. 3092.It Va atm_macaddr_ Ns Aq Ar intf 3093.Pq Vt str 3094For the ATM physical interface 3095.Ar intf , 3096this variable defines the MAC address for interfaces using a UNI signalling 3097manager. 3098If set to 3099.Dq Li NO , 3100the hardware MAC address contained in the ATM interface card will be used. 3101Otherwise, the value will be passed as the parameters of an 3102.Dq Nm atm Cm "set mac" Ar intf 3103command. 3104.It Va atm_arpserver_ Ns Aq Ar netif 3105.Pq Vt str 3106For the ATM network interface 3107.Ar netif , 3108this variable defines the ATM address for a host which is to provide ATMARP 3109service. 3110This variable is only applicable to interfaces using a UNI signalling 3111manager. 3112If set to 3113.Dq Li local , 3114this host will become an ATMARP server. 3115The value will be passed as the parameters of an 3116.Dq Nm atm Cm "set arpserver" Ar netif 3117command. 3118.It Va atm_scsparp_ Ns Aq Ar netif 3119.Pq Vt bool 3120If set to 3121.Dq Li YES , 3122SCSP/ATMARP service for the network interface 3123.Ar netif 3124will be initiated using the 3125.Xr scspd 8 3126and 3127.Xr atmarpd 8 3128daemons. 3129This variable is only applicable if 3130.Va atm_arpserver_ Ns Aq Ar netif 3131is set to 3132.Dq Li local . 3133.It Va atm_pvcs 3134.Pq Vt str 3135Set to the list of ATM PVCs to be added at system 3136boot time. 3137For each whitespace separated 3138.Ar element 3139in the value, an 3140.Va atm_pvc_ Ns Aq Ar element 3141variable is assumed to exist. 3142The value of each of these variables 3143will be passed as the parameters of an 3144.Dq Nm atm Cm "add pvc" 3145command. 3146.It Va atm_arps 3147.Pq Vt str 3148Set to the list of permanent ATM ARP entries to be added 3149at system boot time. 3150For each whitespace separated 3151.Ar element 3152in the value, an 3153.Va atm_arp_ Ns Aq Ar element 3154variable is assumed to exist. 3155The value of each of these variables 3156will be passed as the parameters of an 3157.Dq Nm atm Cm "add arp" 3158command. 3159.It Va natm_interfaces 3160.Pq Vt str 3161Set to the list of 3162.Xr natm 4 3163interfaces that will also be used for HARP through 3164.Xr harp 4 . 3165If this list is not empty all interfaces in the list will be brought up 3166with 3167.Xr ifconfig 8 3168and 3169.Xr harp 4 3170will be loaded. 3171For this to work the interface drivers must be either compiled into the 3172kernel or must reside on the root partition. 3173.It Va keybell 3174.Pq Vt str 3175The keyboard bell sound. 3176Set to 3177.Dq Li normal , 3178.Dq Li visual , 3179.Dq Li off , 3180or 3181.Dq Li NO 3182if the default behavior is desired. 3183For details, refer to the 3184.Xr kbdcontrol 1 3185manpage. 3186.It Va keyboard 3187.Pq Vt str 3188If set to a non-null string, the virtual console's keyboard input is 3189set to this device. 3190.It Va keymap 3191.Pq Vt str 3192If set to 3193.Dq Li NO , 3194no keymap is installed, otherwise the value is used to install 3195the keymap file in 3196.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3197.It Va keyrate 3198.Pq Vt str 3199The keyboard repeat speed. 3200Set to 3201.Dq Li slow , 3202.Dq Li normal , 3203.Dq Li fast , 3204or 3205.Dq Li NO 3206if the default behavior is desired. 3207.It Va keychange 3208.Pq Vt str 3209If not set to 3210.Dq Li NO , 3211attempt to program the function keys with the value. 3212The value should 3213be a single string of the form: 3214.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3215.It Va cursor 3216.Pq Vt str 3217Can be set to the value of 3218.Dq Li normal , 3219.Dq Li blink , 3220.Dq Li destructive , 3221or 3222.Dq Li NO 3223to set the cursor behavior explicitly or choose the default behavior. 3224.It Va scrnmap 3225.Pq Vt str 3226If set to 3227.Dq Li NO , 3228no screen map is installed, otherwise the value is used to install 3229the screen map file in 3230.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3231.It Va font8x16 3232.Pq Vt str 3233If set to 3234.Dq Li NO , 3235the default 8x16 font value is used for screen size requests, otherwise 3236the value in 3237.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3238is used. 3239.It Va font8x14 3240.Pq Vt str 3241If set to 3242.Dq Li NO , 3243the default 8x14 font value is used for screen size requests, otherwise 3244the value in 3245.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3246is used. 3247.It Va font8x8 3248.Pq Vt str 3249If set to 3250.Dq Li NO , 3251the default 8x8 font value is used for screen size requests, otherwise 3252the value in 3253.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3254is used. 3255.It Va blanktime 3256.Pq Vt int 3257If set to 3258.Dq Li NO , 3259the default screen blanking interval is used, otherwise it is set 3260to 3261.Ar value 3262seconds. 3263.It Va saver 3264.Pq Vt str 3265If not set to 3266.Dq Li NO , 3267this is the actual screen saver to use 3268.Li ( blank , snake , daemon , 3269etc). 3270.It Va moused_nondefault_enable 3271.Pq Vt str 3272If set to 3273.Dq Li NO , 3274the mouse device specified on 3275the command line is not automatically treated as enabled by the 3276.Pa /etc/rc.d/moused 3277script. 3278Having this variable set to 3279.Dq Li YES 3280allows a 3281.Xr usb 4 3282mouse, 3283for example, 3284to be enabled as soon as it is plugged in. 3285.It Va moused_enable 3286.Pq Vt str 3287If set to 3288.Dq Li YES , 3289the 3290.Xr moused 8 3291daemon is started for doing cut/paste selection on the console. 3292.It Va moused_type 3293.Pq Vt str 3294This is the protocol type of the mouse connected to this host. 3295This variable must be set if 3296.Va moused_enable 3297is set to 3298.Dq Li YES . 3299The 3300.Xr moused 8 3301daemon 3302is able to detect the appropriate mouse type automatically in many cases. 3303Set this variable to 3304.Dq Li auto 3305to let the daemon detect it, or 3306select one from the following list if the automatic detection fails. 3307.Pp 3308If the mouse is attached to the PS/2 mouse port, choose 3309.Dq Li auto 3310or 3311.Dq Li ps/2 , 3312regardless of the brand and model of the mouse. 3313Likewise, if the 3314mouse is attached to the bus mouse port, choose 3315.Dq Li auto 3316or 3317.Dq Li busmouse . 3318All other protocols are for serial mice and will not work with 3319the PS/2 and bus mice. 3320If this is a USB mouse, 3321.Dq Li auto 3322is the only protocol type which will work. 3323.Pp 3324.Bl -tag -width ".Li x10mouseremote" -compact 3325.It Li microsoft 3326Microsoft mouse (serial) 3327.It Li intellimouse 3328Microsoft IntelliMouse (serial) 3329.It Li mousesystems 3330Mouse systems Corp.\& mouse (serial) 3331.It Li mmseries 3332MM Series mouse (serial) 3333.It Li logitech 3334Logitech mouse (serial) 3335.It Li busmouse 3336A bus mouse 3337.It Li mouseman 3338Logitech MouseMan and TrackMan (serial) 3339.It Li glidepoint 3340ALPS GlidePoint (serial) 3341.It Li thinkingmouse 3342Kensington ThinkingMouse (serial) 3343.It Li ps/2 3344PS/2 mouse 3345.It Li mmhittab 3346MM HitTablet (serial) 3347.It Li x10mouseremote 3348X10 MouseRemote (serial) 3349.It Li versapad 3350Interlink VersaPad (serial) 3351.El 3352.Pp 3353Even if the mouse is not in the above list, it may be compatible 3354with one in the list. 3355Refer to the manual page for 3356.Xr moused 8 3357for compatibility information. 3358.Pp 3359It should also be noted that while this is enabled, any 3360other client of the mouse (such as an X server) should access 3361the mouse through the virtual mouse device, 3362.Pa /dev/sysmouse , 3363and configure it as a 3364.Dq Li sysmouse 3365type mouse, since all 3366mouse data is converted to this single canonical format when 3367using 3368.Xr moused 8 . 3369If the client program does not support the 3370.Dq Li sysmouse 3371type, 3372specify the 3373.Dq Li mousesystems 3374type. 3375It is the second preferred type. 3376.It Va moused_port 3377.Pq Vt str 3378If 3379.Va moused_enable 3380is set to 3381.Dq Li YES , 3382this is the actual port the mouse is on. 3383It might be 3384.Pa /dev/cuau0 3385for a COM1 serial mouse, 3386.Pa /dev/psm0 3387for a PS/2 mouse or 3388.Pa /dev/mse0 3389for a bus mouse, for example. 3390.It Va moused_flags 3391.Pq Vt str 3392If 3393.Va moused_flags 3394is set, its value is used as an additional set of flags to pass to the 3395.Xr moused 8 3396daemon. 3397.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3398When 3399.Va moused_nondefault_enable 3400is enabled, and a 3401.Xr moused 8 3402daemon is started for a non-default port, the 3403.Va "moused_" Ns Ar XXX Ns Va "_flags" 3404set of options has precedence over and replaces the default 3405.Va moused_flags 3406(where 3407.Ar XXX 3408is the name of the non-default port, i.e.,\& 3409.Ar ums0 ) . 3410By setting 3411.Va "moused_" Ns Ar XXX Ns Va "_flags" 3412it is possible to set up a different set of default flags for each 3413.Xr moused 8 3414instance. 3415For example, you can use 3416.Dq Li "-3" 3417for the default 3418.Va moused_flags 3419to make your laptop's touchpad more comfortable to use, 3420but an empty set of options for 3421.Va moused_ums0_flags 3422when your 3423.Xr usb 4 3424mouse has three or more buttons. 3425.It Va mousechar_start 3426.Pq Vt int 3427If set to 3428.Dq Li NO , 3429the default mouse cursor character range 3430.Li 0xd0 Ns - Ns Li 0xd3 3431is used, 3432otherwise the range start is set 3433to 3434.Ar value 3435character, see 3436.Xr vidcontrol 1 . 3437Use if the default range is occupied in the language code table. 3438.It Va allscreens_flags 3439.Pq Vt str 3440If set, 3441.Xr vidcontrol 1 3442is run with these options for each of the virtual terminals 3443.Pq Pa /dev/ttyv* . 3444For example, 3445.Dq Fl m Cm on 3446will enable the mouse pointer on all virtual terminals 3447if 3448.Va moused_enable 3449is set to 3450.Dq Li YES . 3451.It Va allscreens_kbdflags 3452.Pq Vt str 3453If set, 3454.Xr kbdcontrol 1 3455is run with these options for each of the virtual terminals 3456.Pq Pa /dev/ttyv* . 3457For example, 3458.Dq Fl h Li 200 3459will set the 3460.Xr syscons 4 3461scrollback (history) buffer to 200 lines. 3462.It Va cron_enable 3463.Pq Vt bool 3464If set to 3465.Dq Li YES , 3466run the 3467.Xr cron 8 3468daemon at system boot time. 3469.It Va cron_program 3470.Pq Vt str 3471Path to 3472.Xr cron 8 3473(default 3474.Pa /usr/sbin/cron ) . 3475.It Va cron_flags 3476.Pq Vt str 3477If 3478.Va cron_enable 3479is set to 3480.Dq Li YES , 3481these are the flags to pass to 3482.Xr cron 8 . 3483.It Va cron_dst 3484.Pq Vt bool 3485If set to 3486.Dq Li YES , 3487enable the special handling of transitions to and from the 3488Daylight Saving Time in 3489.Xr cron 8 3490(equivalent to using the flag 3491.Fl s ) . 3492.It Va lpd_program 3493.Pq Vt str 3494Path to 3495.Xr lpd 8 3496(default 3497.Pa /usr/sbin/lpd ) . 3498.It Va lpd_enable 3499.Pq Vt bool 3500If set to 3501.Dq Li YES , 3502run the 3503.Xr lpd 8 3504daemon at system boot time. 3505.It Va lpd_flags 3506.Pq Vt str 3507If 3508.Va lpd_enable 3509is set to 3510.Dq Li YES , 3511these are the flags to pass to the 3512.Xr lpd 8 3513daemon. 3514.It Va chkprintcap_enable 3515.Pq Vt bool 3516If set to 3517.Dq Li YES , 3518run the 3519.Xr chkprintcap 8 3520command before starting the 3521.Xr lpd 8 3522daemon. 3523.It Va chkprintcap_flags 3524.Pq Vt str 3525If 3526.Va lpd_enable 3527and 3528.Va chkprintcap_enable 3529are set to 3530.Dq Li YES , 3531these are the flags to pass to the 3532.Xr chkprintcap 8 3533program. 3534The default is 3535.Dq Li -d , 3536which causes missing directories to be created. 3537.It Va mta_start_script 3538.Pq Vt str 3539This variable specifies the full path to the script to run to start 3540a mail transfer agent. 3541The default is 3542.Pa /etc/rc.sendmail . 3543The 3544.Va sendmail_* 3545variables which 3546.Pa /etc/rc.sendmail 3547uses are documented in the 3548.Xr rc.sendmail 8 3549manual page. 3550.It Va dumpdev 3551.Pq Vt str 3552Indicates the device (usually a swap partition) to which a crash dump 3553should be written in the event of a system crash. 3554If the value of this variable is 3555.Dq Li AUTO , 3556the first suitable swap device listed in 3557.Pa /etc/fstab 3558will be used as dump device. 3559Otherwise, the value of this variable is passed as the argument to 3560.Xr dumpon 8 . 3561To disable crash dumps, set this variable to 3562.Dq Li NO . 3563.It Va dumpdir 3564.Pq Vt str 3565When the system reboots after a crash and a crash dump is found on the 3566device specified by the 3567.Va dumpdev 3568variable, 3569.Xr savecore 8 3570will save that crash dump and a copy of the kernel to the directory 3571specified by the 3572.Va dumpdir 3573variable. 3574The default value is 3575.Pa /var/crash . 3576Set to 3577.Dq Li NO 3578to not run 3579.Xr savecore 8 3580at boot time when 3581.Va dumpdir 3582is set. 3583.It Va savecore_flags 3584.Pq Vt str 3585If crash dumps are enabled, these are the flags to pass to the 3586.Xr savecore 8 3587utility. 3588.It Va quota_enable 3589.Pq Vt bool 3590Set to 3591.Dq Li YES 3592to turn on user and group disk quotas on system startup via the 3593.Xr quotaon 8 3594command for all file systems marked as having quotas enabled in 3595.Pa /etc/fstab . 3596The kernel must be built with 3597.Cd "options QUOTA" 3598for disk quotas to function. 3599.It Va check_quotas 3600.Pq Vt bool 3601Set to 3602.Dq Li YES 3603to enable user and group disk quota checking via the 3604.Xr quotacheck 8 3605command. 3606.It Va quotacheck_flags 3607.Pq Vt str 3608If 3609.Va quota_enable 3610is set to 3611.Dq Li YES , 3612and 3613.Va check_quotas 3614is set to 3615.Dq Li YES , 3616these are the flags to pass to the 3617.Xr quotacheck 8 3618utility. 3619The default is 3620.Dq Li "-a" , 3621which checks quotas for all file systems with quotas enabled in 3622.Pa /etc/fstab . 3623.It Va quotaon_flags 3624.Pq Vt str 3625If 3626.Va quota_enable 3627is set to 3628.Dq Li YES , 3629these are the flags to pass to the 3630.Xr quotaon 8 3631utility. 3632The default is 3633.Dq Li "-a" , 3634which enables quotas for all file systems with quotas enabled in 3635.Pa /etc/fstab . 3636.It Va quotaoff_flags 3637.Pq Vt str 3638If 3639.Va quota_enable 3640is set to 3641.Dq Li YES , 3642these are the flags to pass to the 3643.Xr quotaoff 8 3644utility when shutting down the quota system. 3645The default is 3646.Dq Li "-a" , 3647which disables quotas for all file systems with quotas enabled in 3648.Pa /etc/fstab . 3649.It Va accounting_enable 3650.Pq Vt bool 3651Set to 3652.Dq Li YES 3653to enable system accounting through the 3654.Xr accton 8 3655facility. 3656.It Va ibcs2_enable 3657.Pq Vt bool 3658Set to 3659.Dq Li YES 3660to enable iBCS2 (SCO) binary emulation at system initial boot 3661time. 3662.It Va ibcs2_loaders 3663.Pq Vt str 3664If not set to 3665.Dq Li NO 3666and if 3667.Va ibcs2_enable 3668is set to 3669.Dq Li YES , 3670this specifies a list of additional iBCS2 loaders to enable. 3671.It Va linux_enable 3672.Pq Vt bool 3673Set to 3674.Dq Li YES 3675to enable Linux/ELF binary emulation at system initial 3676boot time. 3677.It Va svr4_enable 3678.Pq Vt bool 3679If set to 3680.Dq Li YES , 3681enable SysVR4 emulation at boot time. 3682.It Va sysvipc_enable 3683.Pq Vt bool 3684If set to 3685.Dq Li YES , 3686load System V IPC primitives at boot time. 3687.It Va clear_tmp_enable 3688.Pq Vt bool 3689Set to 3690.Dq Li YES 3691to have 3692.Pa /tmp 3693cleaned at startup. 3694.It Va clear_tmp_X 3695.Pq Vt bool 3696Set to 3697.Dq Li NO 3698to disable removing of X11 lock files, 3699and the removal and (secure) recreation 3700of the various socket directories for X11 3701related programs. 3702.It Va ldconfig_paths 3703.Pq Vt str 3704Set to the list of shared library paths to use with 3705.Xr ldconfig 8 . 3706NOTE: 3707.Pa /usr/lib 3708will always be added first, so it need not appear in this list. 3709.It Va ldconfig32_paths 3710.Pq Vt str 3711Set to the list of 32-bit compatibility shared library paths to 3712use with 3713.Xr ldconfig 8 . 3714.It Va ldconfig_paths_aout 3715.Pq Vt str 3716Set to the list of shared library paths to use with 3717.Xr ldconfig 8 3718legacy 3719.Xr a.out 5 3720support. 3721.It Va ldconfig_insecure 3722.Pq Vt bool 3723The 3724.Xr ldconfig 8 3725utility normally refuses to use directories 3726which are writable by anyone except root. 3727Set this variable to 3728.Dq Li YES 3729to disable that security check during system startup. 3730.It Va ldconfig_local_dirs 3731.Pq Vt str 3732Set to the list of local 3733.Xr ldconfig 8 3734directories. 3735The names of all files in the directories listed will be 3736passed as arguments to 3737.Xr ldconfig 8 . 3738.It Va ldconfig_local32_dirs 3739.Pq Vt str 3740Set to the list of local 32-bit compatibility 3741.Xr ldconfig 8 3742directories. 3743The names of all files in the directories listed will be 3744passed as arguments to 3745.Dq Nm ldconfig Fl 32 . 3746.It Va kern_securelevel_enable 3747.Pq Vt bool 3748Set to 3749.Dq Li YES 3750to set the kernel security level at system startup. 3751.It Va kern_securelevel 3752.Pq Vt int 3753The kernel security level to set at startup. 3754The allowed range of 3755.Ar value 3756ranges from \-1 (the compile time default) to 3 (the 3757most secure). 3758See 3759.Xr security 7 3760for the list of possible security levels and their effect 3761on system operation. 3762.It Va sshd_program 3763.Pq Vt str 3764Path to the SSH server program 3765.Pa ( /usr/sbin/sshd 3766is the default). 3767.It Va sshd_enable 3768.Pq Vt bool 3769Set to 3770.Dq Li YES 3771to start 3772.Xr sshd 8 3773at system boot time. 3774.It Va sshd_flags 3775.Pq Vt str 3776If 3777.Va sshd_enable 3778is set to 3779.Dq Li YES , 3780these are the flags to pass to the 3781.Xr sshd 8 3782daemon. 3783.It Va ftpd_program 3784.Pq Vt str 3785Path to the FTP server program 3786.Pa ( /usr/libexec/ftpd 3787is the default). 3788.It Va ftpd_enable 3789.Pq Vt bool 3790Set to 3791.Dq Li YES 3792to start 3793.Xr ftpd 8 3794as a stand-alone daemon at system boot time. 3795.It Va ftpd_flags 3796.Pq Vt str 3797If 3798.Va ftpd_enable 3799is set to 3800.Dq Li YES , 3801these are the additional flags to pass to the 3802.Xr ftpd 8 3803daemon. 3804.It Va watchdogd_enable 3805.Pq Vt bool 3806If set to 3807.Dq Li YES , 3808start the 3809.Xr watchdogd 8 3810daemon at boot time. 3811This requires that the kernel have been compiled with a 3812.Xr watchdog 4 3813compatible device. 3814.It Va watchdogd_flags 3815.Pq Vt str 3816If 3817.Va watchdogd_enable 3818is set to 3819.Dq Li YES , 3820these are the flags passed to the 3821.Xr watchdogd 8 3822daemon. 3823.It Va devfs_rulesets 3824.Pq Vt str 3825List of files containing sets of rules for 3826.Xr devfs 8 . 3827.It Va devfs_system_ruleset 3828.Pq Vt str 3829Rule name(s) to apply to the system 3830.Pa /dev 3831itself. 3832.It Va devfs_set_rulesets 3833.Pq Vt str 3834Pairs of already-mounted 3835.Pa dev 3836directories and rulesets that should be applied to them. 3837For example: /mount/dev=ruleset_name 3838.It Va devfs_load_rulesets 3839.Pq Vt bool 3840If set, always load the default rulesets listed in 3841.Va devfs_rulesets . 3842.It Va performance_cx_lowest 3843.Pq Vt str 3844CPU idle state to use while on AC power. 3845The string 3846.Dq Li LOW 3847indicates that 3848.Xr acpi 4 3849should use the lowest power state available while 3850.Dq Li HIGH 3851indicates that the lowest latency state (less power savings) should be used. 3852.It Va performance_cpu_freq 3853.Pq Vt str 3854CPU clock frequency to use while on AC power. 3855The string 3856.Dq Li LOW 3857indicates that 3858.Xr cpufreq 4 3859should use the lowest frequency available while 3860.Dq Li HIGH 3861indicates that the highest frequency (less power savings) should be used. 3862.It Va economy_cx_lowest 3863.Pq Vt str 3864CPU idle state to use when off AC power. 3865The string 3866.Dq Li LOW 3867indicates that 3868.Xr acpi 4 3869should use the lowest power state available while 3870.Dq Li HIGH 3871indicates that the lowest latency state (less power savings) should be used. 3872.It Va economy_cpu_freq 3873.Pq Vt str 3874CPU clock frequency to use when off AC power. 3875The string 3876.Dq Li LOW 3877indicates that 3878.Xr cpufreq 4 3879should use the lowest frequency available while 3880.Dq Li HIGH 3881indicates that the highest frequency (less power savings) should be used. 3882.It Va jail_enable 3883.Pq Vt bool 3884If set to 3885.Dq Li NO , 3886any configured jails will not be started. 3887.It Va jail_parallel_start 3888.Pq Vt bool 3889If set to 3890.Dq Li YES , 3891all configured jails will be started in the background (in parallel). 3892.It Va jail_list 3893.Pq Vt str 3894A space separated list of names for jails. 3895This is purely a configuration aid to help identify and 3896configure multiple jails. 3897The names specified in this list will be used to 3898identify settings common to an instance of a jail, 3899and should contain alphanumeric characters only. 3900The literal jail name of 3901.Dq Li 0 3902.Pq zero 3903is not allowed. 3904.Pp 3905Assuming that the jail in question was named 3906.Li vjail , 3907you would have the following dependent variables: 3908.Bd -literal 3909jail_vjail_hostname="jail.example.com" 3910jail_vjail_ip="192.0.2.100" 3911jail_vjail_rootdir="/var/jails/vjail/root" 3912.Ed 3913.Pp 3914.It Va jail_flags 3915.Pq Vt str 3916Unset by default. 3917When set, use as default value for 3918.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3919for every jail in 3920.Va jail_list . 3921.It Va jail_interface 3922.Pq Vt str 3923Unset by default. 3924When set, use as default value for 3925.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3926for every jail in 3927.Va jail_list . 3928.It Va jail_fstab 3929.Pq Vt str 3930Unset by default. 3931When set, use as default value for 3932.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3933for every jail in 3934.Va jail_list . 3935.It Va jail_mount_enable 3936.Pq Vt bool 3937Set to 3938.Dq Li NO 3939by default. 3940When set to 3941.Dq Li YES , 3942sets 3943.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3944to 3945.Dq Li YES 3946by default for every jail in 3947.Va jail_list . 3948.It Va jail_devfs_ruleset 3949.Pq Vt str 3950Unset by default. 3951When set, sets 3952.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3953to given value for every jail in 3954.Va jail_list . 3955.It Va jail_devfs_enable 3956.Pq Vt bool 3957Set to 3958.Dq Li NO 3959by default. 3960When set to 3961.Dq Li YES , 3962sets 3963.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3964to 3965.Dq Li YES 3966by default for every jail in 3967.Va jail_list . 3968.It Va jail_fdescfs_enable 3969.Pq Vt bool 3970Set to 3971.Dq Li NO 3972by default. 3973When set to 3974.Dq Li YES , 3975sets 3976.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3977to 3978.Dq Li YES 3979by default for every jail in 3980.Va jail_list . 3981.It Va jail_procfs_enable 3982.Pq Vt bool 3983Set to 3984.Dq Li NO 3985by default. 3986When set to 3987.Dq Li YES , 3988sets 3989.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3990to 3991.Dq Li YES 3992by default for every jail in 3993.Va jail_list . 3994.It Va jail_exec_prestart Ns Aq Ar N 3995.Pq Vt str 3996Unset by default. 3997When set, use as default value for 3998.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3999for every jail in 4000.Va jail_list . 4001.It Va jail_exec_start 4002.Pq Vt str 4003Unset by default. 4004When set, use as default value for 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4006for every jail in 4007.Va jail_list . 4008.It Va jail_exec_afterstart Ns Aq Ar N 4009.Pq Vt str 4010Unset by default. 4011When set, use as default value for 4012.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4013for every jail in 4014.Va jail_list . 4015.It Va jail_exec_poststart Ns Aq Ar N 4016.Pq Vt str 4017Unset by default. 4018When set, use as default value for 4019.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4020for every jail in 4021.Va jail_list . 4022.It Va jail_exec_prestop Ns Aq Ar N 4023.Pq Vt str 4024Unset by default. 4025When set, use as default value for 4026.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4027for every jail in 4028.Va jail_list . 4029.It Va jail_exec_stop 4030Unset by default. 4031When set, use as default value for 4032.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4033for every jail in 4034.Va jail_list . 4035.It Va jail_exec_poststop Ns Aq Ar N 4036.Pq Vt str 4037Unset by default. 4038When set, use as default value for 4039.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4040for every jail in 4041.Va jail_list . 4042.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4043.Pq Vt str 4044Unset by default. 4045Set to the root directory used by jail 4046.Va jname . 4047.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4048.Pq Vt str 4049Unset by default. 4050Set to the fully qualified domain name (FQDN) assigned to jail 4051.Va jname . 4052.It Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4053.Pq Vt str 4054Unset by default. 4055Set extra parameters for jail 4056.Va jname , 4057such as 4058.Dq Li allow.chflags 4059or 4060.Dq Li children.max . 4061See 4062.Xr jail 8 4063for a list of available parameters. 4064Note that the following parameters are already defined by 4065.Pa rc.d/jail 4066script out of their corresponding 4067.Nm 4068variables: 4069.Bl -tag -width "host.hostname" -offset indent 4070.It Li path 4071set from 4072.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4073.It Li host.hostname 4074set from 4075.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4076.It Li command 4077set from 4078.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4079.It Li ip4.addr 4080set if 4081.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4082contains IPv4 addresses 4083.It Li ip6.addr 4084set if 4085.Va jail_ Ns Ao Ar jname Ac Ns Va _ip6 4086contains IPv6 addresses 4087.El 4088.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4089.Pq Vt str 4090Unset by default. 4091Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 4092The argument can be a sole address or a comma separated list of addresses. 4093Additionally each address can be prefixed by the name of an interface 4094followed by a pipe to overwrite 4095.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4096or 4097.Va jail_interface 4098and/or suffixed by a netmask, prefixlen or prefix. 4099In case no netmask, prefixlen or prefix is given, 4100.Sq /32 4101will be used for IPv4 and 4102.Sq /128 4103will be used for an IPv6 address. 4104If no address is given for the jail then the jail will be started with 4105no networking support. 4106.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4107.Pq Vt str 4108Unset by default. 4109Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 4110The sequence starts with 4111.Dq Li _multi0 4112and the numbers have to be strictly ascending. 4113These entries follow the same syntax as their primary 4114.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4115entry. 4116The order of the entries can be important as the first address for 4117each address family found will be the primary address of the jail. 4118See 4119.Va ip-addresses 4120option in 4121.Xr jail 8 4122for more details. 4123.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4124.Pq Vt str 4125Set to 4126.Dq Li -l -U root 4127by default. 4128These are flags to pass to 4129.Xr jail 8 . 4130.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4131.Pq Vt str 4132Unset by default. 4133When set, sets the interface to use when setting IP address alias. 4134Note that the alias is created at jail startup and removed at jail shutdown. 4135.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4136.Pq Vt str 4137Unset by default. 4138When set, the jail is started with the specified forwarding table (sometimes 4139referred to as a routing table) via 4140.Xr setfib 1 . 4141.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4142.Pq Vt str 4143Set to 4144.Pa /etc/fstab. Ns Aq Ar jname 4145by default. 4146This is the file system information file to use for jail 4147.Va jname . 4148.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4149.Pq Vt bool 4150Set to 4151.Dq Li NO 4152by default. 4153When set to 4154.Dq Li YES , 4155mount all file systems from 4156.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4157at jail startup. 4158.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 4159.Pq Vt str 4160Unset by default. 4161When set, defines the device file system ruleset file to use for jail 4162.Va jname . 4163.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4164.Pq Vt bool 4165Set to 4166.Dq Li NO 4167by default. 4168When set to 4169.Dq Li YES , 4170mount the device file system inside jail 4171.Ar jname 4172at jail startup. 4173.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4174.Pq Vt bool 4175Set to 4176.Dq Li NO 4177by default. 4178When set to 4179.Dq Li YES , 4180mount the file-descriptor file system inside jail 4181.Ar jname 4182at jail startup. 4183.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 4184.Pq Vt bool 4185Set to 4186.Dq Li NO 4187by default. 4188When set to 4189.Dq Li YES , 4190mount the process file system inside jail 4191.Ar jname 4192at jail startup. 4193.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 4194.Pq Vt str 4195Unset by default. 4196This is the command run as 4197.Ar N Ns 4198th command 4199before jail startup, where 4200.Ar N 4201is 0, 1, and so on. 4202It is run outside the jail. 4203.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4204.Pq Vt str 4205Set to 4206.Dq Li /bin/sh /etc/rc 4207by default. 4208This is the command executed in a jail at jail startup. 4209.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4210.Pq Vt str 4211Unset by default. 4212This is the command run as 4213.Ar N Ns 4214th command 4215in a jail 4216after jail startup, where 4217.Ar N 4218is 1, 2, and so on. 4219.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4220.Pq Vt str 4221Unset by default. 4222This is the command run as 4223.Ar N Ns 4224th command 4225after jail startup, where 4226.Ar N 4227is 0, 1, and so on. 4228It is run outside the jail. 4229.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4230.Pq Vt str 4231Unset by default. 4232This is the command run as 4233.Ar N Ns 4234th command 4235before jail shutdown, where 4236.Ar N 4237is 0, 1, and so on. 4238It is run outside the jail. 4239.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4240.Pq Vt str 4241Set to 4242.Dq Li /bin/sh /etc/rc.shutdown 4243by default. 4244This is the command executed in a jail at jail shutdown. 4245.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4246.Pq Vt str 4247Unset by default. 4248This is the command run as 4249.Ar N Ns 4250th command 4251after jail shutdown, where 4252.Ar N 4253is 0, 1, and so on. 4254It is run outside the jail. 4255.It Va jail_set_hostname_allow 4256.Pq Vt bool 4257If set to 4258.Dq Li NO , 4259do not allow the root user in a jail to set its hostname. 4260.It Va jail_socket_unixiproute_only 4261.Pq Vt bool 4262If set to 4263.Dq Li YES , 4264do not allow any sockets, 4265besides UNIX/IP/route sockets, 4266to be used within a jail. 4267.It Va jail_sysvipc_allow 4268.Pq Vt bool 4269If set to 4270.Dq Li YES , 4271allow applications within a jail to use System V IPC. 4272.\" ----------------------------------------------------- 4273.It Va harvest_interrupt 4274.Pq Vt bool 4275Set to 4276.Dq Li YES 4277to use hardware interrupts as an entropy source. 4278Refer to 4279.Xr random 4 4280for more information. 4281.It Va harvest_ethernet 4282.Pq Vt bool 4283Set to 4284.Dq Li YES 4285to use LAN traffic as an entropy source. 4286Refer to 4287.Xr random 4 4288for more information. 4289.It Va harvest_p_to_p 4290.Pq Vt bool 4291Set to 4292.Dq Li YES 4293to use serial line traffic as an entropy source. 4294Refer to 4295.Xr random 4 4296for more information. 4297.It Va entropy_dir 4298.Pq Vt str 4299Set to 4300.Dq Li NO 4301to disable caching entropy via 4302.Xr cron 8 . 4303Otherwise set to the directory used to store entropy files in. 4304.It Va entropy_file 4305.Pq Vt str 4306Set to 4307.Dq Li NO 4308to disable caching entropy through reboots. 4309Otherwise set to the filename used to store cached entropy through 4310reboots. 4311This file should be located on the root file system to seed the 4312.Xr random 4 4313device as early as possible in the boot process. 4314.It Va entropy_save_sz 4315.Pq Vt int 4316Size of the entropy cache files saved by 4317.Nm save-entropy 4318periodically. 4319.It Va entropy_save_num 4320.Pq Vt int 4321Number of entropy cache files to save by 4322.Nm save-entropy 4323periodically. 4324.It Va ipsec_enable 4325.Pq Vt bool 4326Set to 4327.Dq Li YES 4328to run 4329.Xr setkey 8 4330on 4331.Va ipsec_file 4332at boot time. 4333.It Va ipsec_file 4334.Pq Vt str 4335Configuration file for 4336.Xr setkey 8 . 4337.It Va dmesg_enable 4338.Pq Vt bool 4339Set to 4340.Dq Li YES 4341to save 4342.Xr dmesg 8 4343to 4344.Pa /var/run/dmesg.boot 4345on boot. 4346.It Va rcshutdown_timeout 4347.Pq Vt int 4348If set, start a watchdog timer in the background which will terminate 4349.Pa rc.shutdown 4350if 4351.Xr shutdown 8 4352has not completed within the specified time (in seconds). 4353Notice that in addition to this soft timeout, 4354.Xr init 8 4355also applies a hard timeout for the execution of 4356.Pa rc.shutdown . 4357This is configured via 4358.Xr sysctl 8 4359variable 4360.Va kern.init_shutdown_timeout 4361and defaults to 120 seconds. 4362Setting the value of 4363.Va rcshutdown_timeout 4364to more than 120 seconds will have no effect until the 4365.Xr sysctl 8 4366variable 4367.Va kern.init_shutdown_timeout 4368is also increased. 4369.It Va virecover_enable 4370.Pq Vt bool 4371Set to 4372.Dq Li NO 4373to prevent the system from trying to 4374recover pre-maturely terminated 4375.Xr vi 1 4376sessions. 4377.It Va ugidfw_enable 4378.Pq Vt bool 4379Set to 4380.Dq Li YES 4381to load the 4382.Xr mac_bsdextended 4 4383module upon system initialization and load a default 4384ruleset file. 4385.It Va bsdextended_script 4386.Pq Vt str 4387The default 4388.Xr mac_bsdextended 4 4389ruleset file to load. 4390The default value of this variable is 4391.Pa /etc/rc.bsdextended . 4392.It Va newsyslog_enable 4393.Pq Vt bool 4394If set to 4395.Dq Li YES , 4396run 4397.Xr newsyslog 8 4398command at startup. 4399.It Va newsyslog_flags 4400.Pq Vt str 4401If 4402.Va newsyslog_enable 4403is set to 4404.Dq Li YES , 4405these are the flags to pass to the 4406.Xr newsyslog 8 4407program. 4408The default is 4409.Dq Li -CN , 4410which causes log files flagged with a 4411.Cm C 4412to be created. 4413.It Va mdconfig_md Ns Aq Ar X 4414.Pq Vt str 4415Arguments to 4416.Xr mdconfig 8 4417for 4418.Xr md 4 4419device 4420.Ar X . 4421At minimum a 4422.Fl t Ar type 4423must be specified and either a 4424.Fl s Ar size 4425for malloc or swap backed 4426.Xr md 4 4427devices or a 4428.Fl f Ar file 4429for vnode backed 4430.Xr md 4 4431devices. 4432Note that 4433.Va mdconfig_md Ns Aq Ar X 4434variables are evaluated until one variable is unset or null. 4435.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4436.Pq Vt str 4437Optional arguments passed to 4438.Xr newfs 8 4439to initialize 4440.Xr md 4 4441device 4442.Ar X . 4443.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4444.Pq Vt str 4445An ownership specification passed to 4446.Xr chown 8 4447after the specified 4448.Xr md 4 4449device 4450.Ar X 4451has been mounted. 4452Both the 4453.Xr md 4 4454device and the mount point will be changed. 4455.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4456.Pq Vt str 4457A mode string passed to 4458.Xr chmod 1 4459after the specified 4460.Xr md 4 4461device 4462.Ar X 4463has been mounted. 4464Both the 4465.Xr md 4 4466device and the mount point will be changed. 4467.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4468.Pq Vt str 4469Files to be copied to the mount point of the 4470.Xr md 4 4471device 4472.Ar X 4473after it has been mounted. 4474.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4475.Pq Vt str 4476Command to execute after the specified 4477.Xr md 4 4478device 4479.Ar X 4480has been mounted. 4481Note that the command is passed to 4482.Ic eval 4483and that both 4484.Va _dev 4485and 4486.Va _mp 4487variables can be used to reference respectively the 4488.Xr md 4 4489device and the mount point. 4490Assuming that the 4491.Xr md 4 4492device is 4493.Li md0 , 4494one could set the following: 4495.Bd -literal 4496mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4497.Ed 4498.It Va autobridge_interfaces 4499.Pq Vt str 4500Set to the list of bridge interfaces that will have newly arriving interfaces 4501checked against to be automatically added. 4502If not set to 4503.Dq Li NO 4504then for each whitespace separated 4505.Ar element 4506in the value, a 4507.Va autobridge_ Ns Aq Ar element 4508variable is assumed to exist which has a whitespace separated list of interface 4509names to match, these names can use wildcards. 4510For example: 4511.Bd -literal 4512autobridge_interfaces="bridge0" 4513autobridge_bridge0="tap* dc0 vlan[345]" 4514.Ed 4515.It Va mixer_enable 4516.Pq Vt bool 4517If set to 4518.Dq Li YES , 4519enable support for sound mixer. 4520.It Va hcsecd_enable 4521.Pq Vt bool 4522If set to 4523.Dq Li YES , 4524enable Bluetooth security daemon. 4525.It Va hcsecd_config 4526.Pq Vt str 4527Configuration file for 4528.Xr hcsecd 8 . 4529Default 4530.Pa /etc/bluetooth/hcsecd.conf . 4531.It Va sdpd_enable 4532.Pq Vt bool 4533If set to 4534.Dq Li YES , 4535enable Bluetooth Service Discovery Protocol daemon. 4536.It Va sdpd_control 4537.Pq Vt str 4538Path to 4539.Xr sdpd 8 4540control socket. 4541Default 4542.Pa /var/run/sdp . 4543.It Va sdpd_groupname 4544.Pq Vt str 4545Sets 4546.Xr sdpd 8 4547group to run as after it initializes. 4548Default 4549.Dq Li nobody . 4550.It Va sdpd_username 4551.Pq Vt str 4552Sets 4553.Xr sdpd 8 4554user to run as after it initializes. 4555Default 4556.Dq Li nobody . 4557.It Va bthidd_enable 4558.Pq Vt bool 4559If set to 4560.Dq Li YES , 4561enable Bluetooth Human Interface Device daemon. 4562.It Va bthidd_config 4563.Pq Vt str 4564Configuration file for 4565.Xr bthidd 8 . 4566Default 4567.Pa /etc/bluetooth/bthidd.conf . 4568.It Va bthidd_hids 4569.Pq Vt str 4570Path to a file, where 4571.Xr bthidd 8 4572will store information about known HID devices. 4573Default 4574.Pa /var/db/bthidd.hids . 4575.It Va rfcomm_pppd_server_enable 4576.Pq Vt bool 4577If set to 4578.Dq Li YES , 4579enable Bluetooth RFCOMM PPP wrapper daemon. 4580.It Va rfcomm_pppd_server_profile 4581.Pq Vt str 4582The name of the profile to use from 4583.Pa /etc/ppp/ppp.conf . 4584Multiple profiles can be specified here. 4585Also used to specify per-profile overrides. 4586When the profile name contains any of the characters 4587.Dq Li .-/+ 4588they are translated to 4589.Dq Li _ 4590for the proposes of the override variable names. 4591.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4592.Pq Vt str 4593Overrides local address to listen on. 4594By default 4595.Xr rfcomm_pppd 8 4596will listen on 4597.Dq Li ANY 4598address. 4599The address can be specified as BD_ADDR or name. 4600.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4601.Pq Vt str 4602Overrides local RFCOMM channel to listen on. 4603By default 4604.Xr rfcomm_pppd 8 4605will listen on RFCOMM channel 1. 4606Must set properly if multiple profiles used in the same time. 4607.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4608.Pq Vt bool 4609Tells 4610.Xr rfcomm_pppd 8 4611if it should register Serial Port service on the specified RFCOMM channel. 4612Default 4613.Dq Li NO . 4614.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4615.Pq Vt bool 4616Tells 4617.Xr rfcomm_pppd 8 4618if it should register Dial-Up Networking service on the specified 4619RFCOMM channel. 4620Default 4621.Dq Li NO . 4622.It Va ubthidhci_enable 4623.Pq Vt bool 4624If set to 4625.Dq Li YES , 4626change the USB Bluetooth controller from HID mode to HCI mode. 4627You also need to specify the location of USB Bluetooth controller with the 4628.Va ubthidhci_busnum 4629and 4630.Va ubthidhci_addr 4631variables. 4632.It Va ubthidhci_busnum 4633Bus number where the USB Bluetooth controller is located. 4634Check the output of 4635.Xr usbconfig 8 4636on your system to find this information. 4637.It Va ubthidhci_addr 4638Bus address of the USB Bluetooth controller. 4639Check the output of 4640.Xr usbconfig 8 4641on your system to find this information. 4642.It Va netwait_enable 4643.Pq Vt bool 4644If set to 4645.Dq Li YES , 4646delays the start of network-reliant services until 4647.Va netwait_if 4648is up and ICMP packets to a destination defined in 4649.Va netwait_ip 4650are flowing. 4651Link state is examined first, followed by 4652.Dq Li pinging 4653an IP address to verify network usability. 4654If no destination can be reached or timeouts are exceeded, 4655network services are started anyway with no guarantee that 4656the network is usable. 4657Use of this variable requires both 4658.Va netwait_ip 4659and 4660.Va netwait_if 4661to be set. 4662.It Va netwait_ip 4663.Pq Vt str 4664Empty by default. 4665This variable contains a space-delimited list of IP addresses to 4666.Xr ping 8 . 4667DNS hostnames should not be used as resolution is not guaranteed 4668to be functional at this point. 4669If multiple IP addresses are specified, 4670each will be tried until one is successful or the list is exhausted. 4671.It Va netwait_timeout 4672.Pq Vt int 4673Indicates the total number of seconds to perform a 4674.Dq Li ping 4675against each IP address in 4676.Va netwait_ip , 4677at a rate of one ping per second. 4678If any of the pings are successful, 4679full network connectivity is considered reliable. 4680The default is 60. 4681.It Va netwait_if 4682.Pq Vt str 4683Empty by default. 4684Defines the name of the network interface on which watch for link. 4685.Xr ifconfig 8 4686is used to monitor the interface, looking for 4687.Dq Li status: no carrier . 4688Once gone, the link is considered up. 4689This can be a 4690.Xr vlan 4 4691interface if desired. 4692.It Va netwait_if_timeout 4693.Pq Vt int 4694Defines the total number of seconds to wait for link to become usable, 4695polled at a 1-second interval. 4696The default is 30. 4697.El 4698.Sh FILES 4699.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4700.It Pa /etc/defaults/rc.conf 4701.It Pa /etc/rc.conf 4702.It Pa /etc/rc.conf.local 4703.El 4704.Sh SEE ALSO 4705.Xr catman 1 , 4706.Xr chmod 1 , 4707.Xr gdb 1 , 4708.Xr info 1 , 4709.Xr kbdcontrol 1 , 4710.Xr makewhatis 1 , 4711.Xr sh 1 , 4712.Xr vi 1 , 4713.Xr vidcontrol 1 , 4714.Xr bridge 4 , 4715.Xr dummynet 4 , 4716.Xr ip 4 , 4717.Xr ipf 4 , 4718.Xr ipfw 4 , 4719.Xr ipnat 4 , 4720.Xr kld 4 , 4721.Xr pf 4 , 4722.Xr pflog 4 , 4723.Xr pfsync 4 , 4724.Xr tcp 4 , 4725.Xr udp 4 , 4726.Xr exports 5 , 4727.Xr fstab 5 , 4728.Xr ipf 5 , 4729.Xr ipnat 5 , 4730.Xr motd 5 , 4731.Xr newsyslog.conf 5 , 4732.Xr pf.conf 5 , 4733.Xr security 7 , 4734.Xr accton 8 , 4735.Xr amd 8 , 4736.Xr apm 8 , 4737.Xr atm 8 , 4738.Xr bthidd 8 , 4739.Xr chkprintcap 8 , 4740.Xr chown 8 , 4741.Xr cron 8 , 4742.Xr devfs 8 , 4743.Xr dhclient 8 , 4744.Xr ftpd 8 , 4745.Xr geli 8 , 4746.Xr hcsecd 8 , 4747.Xr ifconfig 8 , 4748.Xr inetd 8 , 4749.Xr ipf 8 , 4750.Xr ipfw 8 , 4751.Xr ipnat 8 , 4752.Xr jail 8 , 4753.Xr kldxref 8 , 4754.Xr lpd 8 , 4755.Xr mdconfig 8 , 4756.Xr mdmfs 8 , 4757.Xr mixer 8 , 4758.Xr mountd 8 , 4759.Xr moused 8 , 4760.Xr mrouted 8 , 4761.Xr named 8 , 4762.Xr newfs 8 , 4763.Xr newsyslog 8 , 4764.Xr nfsd 8 , 4765.Xr ntpd 8 , 4766.Xr ntpdate 8 , 4767.Xr pfctl 8 , 4768.Xr pflogd 8 , 4769.Xr ping 8 , 4770.Xr powerd 8 , 4771.Xr quotacheck 8 , 4772.Xr quotaon 8 , 4773.Xr rc 8 , 4774.Xr rc.sendmail 8 , 4775.Xr rfcomm_pppd 8 , 4776.Xr route 8 , 4777.Xr routed 8 , 4778.Xr rpcbind 8 , 4779.Xr rpc.lockd 8 , 4780.Xr rpc.statd 8 , 4781.Xr rwhod 8 , 4782.Xr savecore 8 , 4783.Xr sdpd 8 , 4784.Xr sshd 8 , 4785.Xr swapon 8 , 4786.Xr sysctl 8 , 4787.Xr syslogd 8 , 4788.Xr timed 8 , 4789.Xr usbconfig 8 , 4790.Xr wlandebug 8 , 4791.Xr yp 8 , 4792.Xr ypbind 8 , 4793.Xr ypserv 8 , 4794.Xr ypset 8 4795.Sh HISTORY 4796The 4797.Nm 4798file appeared in 4799.Fx 2.2.2 . 4800.Sh AUTHORS 4801.An Jordan K. Hubbard . 4802