xref: /freebsd/share/man/man5/rc.conf.5 (revision cec50dea12481dc578c0805c887ab2097e1c06c5) 
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd April 25, 2004
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility,
42.Xr sysinstall 8 .
43.Pp
44The purpose of
45.Nm
46is not to run commands or perform system startup actions
47directly.
48Instead, it is included by the
49various generic startup scripts in
50.Pa /etc
51which conditionalize their
52internal actions according to the settings found there.
53.Pp
54The
55.Pa /etc/rc.conf
56file is included from the file
57.Pa /etc/defaults/rc.conf ,
58which specifies the default settings for all the available options.
59Options need only be specified in
60.Pa /etc/rc.conf
61when the system administrator wishes to override these defaults.
62The file
63.Pa /etc/rc.conf.local
64is used to override settings in
65.Pa /etc/rc.conf
66for historical reasons.
67See the
68.Va rc_conf_files
69variable below.
70.Pp
71The following list provides a name and short description for each
72variable that can be set in the
73.Nm
74file:
75.Bl -tag -width indent-two
76.It Va rc_debug
77.Pq Vt bool
78If set to
79.Dq Li YES ,
80enable output of debug messages from rc scripts.
81This variable can be helpful in diagnosing mistakes when
82editing or integrating new scripts.
83Beware that this produces copious output to the terminal and
84.Xr syslog 3 .
85.It Va rc_info
86.Pq Vt bool
87If set to
88.Dq Li NO ,
89disable informational messages from the rc scripts.
90Informational messages are displayed when
91a condition that is not serious enough to warrant a warning or
92an error occurs.
93.It Va swapfile
94.Pq Vt str
95If set to
96.Dq Li NO ,
97no swapfile is installed, otherwise the value is used as the full
98pathname to a file to use for additional swap space.
99.It Va apm_enable
100.Pq Vt bool
101If set to
102.Dq Li YES ,
103enable support for Automatic Power Management with
104the
105.Xr apm 8
106command.
107.It Va apmd_enable
108.Pq Vt bool
109Run
110.Xr apmd 8
111to handle APM event from userland.
112This also enables support for APM.
113.It Va apmd_flags
114.Pq Vt str
115If
116.Va apmd_enable
117is set to
118.Dq Li YES ,
119these are the flags to pass to the
120.Xr apmd 8
121daemon.
122.It Va devd_enable
123.Pq Vt bool
124Run
125.Xr devd 8
126to handle device added, removed or unknown events from the kernel.
127.It Va kldxref_enable
128.Pq Vt bool
129Set to
130.Dq Li NO
131by default.
132Set to
133.Dq Li YES
134to automatically rebuild
135.Pa linker.hints
136files with
137.Xr kldxref 8
138at boot time.
139.It Va kldxref_clobber
140.Pq Vt bool
141Set to
142.Dq Li NO
143by default.
144If
145.Va kldxref_enable
146is true,
147setting to
148.Dq Li YES
149will overwrite existing
150.Pa linker.hints
151files at boot time.
152Otherwise,
153only missing
154.Pa linker.hints
155files are generated.
156.It Va kldxref_module_path
157.Pq Vt str
158Empty by default.
159A semi-colon
160.Pq Ql \&;
161delimited list of paths containing
162.Xr kld 4
163modules.
164If empty,
165the contents of the
166.Va kern.module_path
167.Xr sysctl 8
168are used.
169.It Va pccard_enable
170.Pq Vt bool
171If set to
172.Dq Li YES ,
173enable PCCARD support at boot time.
174.It Va pccard_mem
175.Pq Vt str
176Set to PCCARD controller memory address or
177.Dq Li DEFAULT
178for the default value.
179.It Va pccard_ifconfig
180.Pq Vt str
181List of arguments to be passed to
182.Xr ifconfig 8
183at boot time or on
184insertion of the card (e.g.\&
185.Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
186for a fixed address or
187.Dq Li DHCP
188for a DHCP client).
189.It Va pccard_beep
190.Pq Vt int
191If 0,
192set the PCCARD controller to silent mode.
193If 1,
194set it to beep mode.
195If 2,
196set it to melody mode.
197.It Va pccard_conf
198.Pq Vt str
199Path to the configuration file for the
200.Xr pccardd 8
201daemon (e.g.\&
202.Pa /etc/pccard.conf.sample ) .
203.It Va pccardd_flags
204.Pq Vt str
205If
206.Va pccard_enable
207is set to
208.Dq Li YES ,
209these are the flags to pass to the
210.Xr pccardd 8
211daemon.
212.It Va pccard_ether_delay
213.Pq Vt str
214Set the delay before starting
215.Xr dhclient 8
216in the
217.Pa /etc/pccard_ether
218script.
219This defaults to 5 seconds to work around a bug in the
220.Xr ed 4
221driver which can lead to system hangs when using some newer
222.Xr ed 4
223based cards.
224.It Va removable_interfaces
225.Pq Vt str
226List of removable network interfaces to be supported by
227.Pa /etc/pccard_ether .
228.It Va tmpmfs
229Controls the creation of a
230.Pa /tmp
231memory file system.
232Always happens if set to
233.Dq Li YES
234and never happens if set to
235.Dq Li NO .
236If set to anything else, a memory file system is created if
237.Pa /tmp
238is not writable.
239.It Va tmpsize
240Controls the size of a created
241.Pa /tmp
242memory file system.
243.It Va varmfs
244Controls the creation of a
245.Pa /var
246memory file system.
247Always happens if set to
248.Dq Li YES
249and never happens if set to
250.Dq Li NO .
251If set to anything else, a memory file system is created if
252.Pa /var
253is not writable.
254.It Va varsize
255Controls the size of a created
256.Pa /var
257memory file system.
258.It Va populate_var
259Controls the automatic population of the
260.Pa /var
261file system.
262Always happens if set to
263.Dq Li YES
264and never happens if set to
265.Dq Li NO .
266If set to anything else, a memory file system is created if
267.Pa /tmp
268is not writable.
269Note that this process requires access to certain commands in
270.Pa /usr
271before
272.Pa /usr
273is mounted on normal systems.
274.It Va local_startup
275.Pq Vt str
276List of directories to search for startup script files.
277.It Va script_name_sep
278.Pq Vt str
279The field separator to use for breaking down the list of startup script files
280into individual filenames.
281The default is a space.
282It is not necessary to change this unless there are startup scripts with names
283containing spaces.
284.It Va hostname
285.Pq Vt str
286The fully qualified domain name (FQDN) of this host on the network.
287This should almost certainly be set to something meaningful, even if
288there is no network connection.
289If
290.Xr dhclient 8
291is used to set the hostname via DHCP,
292this variable should be set to an empty string.
293.It Va ipv6_enable
294.Pq Vt bool
295Enable support for IPv6 networking.
296Note that this requires that the kernel have been compiled with
297.Cd "options INET6" .
298.It Va nisdomainname
299.Pq Vt str
300The NIS domain name of this host, or
301.Dq Li NO
302if NIS is not used.
303.It Va dhclient_program
304.Pq Vt str
305Path to the DHCP client program
306.Pa ( /sbin/dhclient ,
307the ISC DHCP client,
308is the default).
309.It Va dhclient_flags
310.Pq Vt str
311Additional flags to pass to the DHCP client program.
312For the ISC DHCP client, see the
313.Xr dhclient 8
314manpage for a description of the command line options available.
315.It Va background_dhclient
316.Pq Vt bool
317Set to
318.Dq Li YES
319to start the dhcp client in background.
320This can cause trouble with applications depending on
321a working network, but it will provide a faster startup
322in many cases.
323.It Va firewall_enable
324.Pq Vt bool
325Set to
326.Dq Li YES
327to load firewall rules at startup.
328If the kernel was not built with
329.Cd "options IPFIREWALL" ,
330the
331.Pa ipfw.ko
332kernel module will be loaded.
333See also
334.Va ipfilter_enable .
335.It Va ipv6_firewall_enable
336.Pq Vt bool
337The IPv6 equivalent of
338.Va firewall_enable .
339Set to
340.Dq Li YES
341to load IPv6 firewall rules at startup.
342If the kernel was not built with
343.Cd "options IPV6FIREWALL" ,
344the
345.Pa ip6fw.ko
346kernel module will be loaded.
347.It Va firewall_script
348.Pq Vt str
349This variable specifies the full path to the firewall script to run.
350The default is
351.Pa /etc/rc.firewall .
352.It Va ipv6_firewall_script
353.Pq Vt str
354The IPv6 equivalent of
355.Va firewall_script .
356.It Va firewall_type
357.Pq Vt str
358Names the firewall type from the selection in
359.Pa /etc/rc.firewall ,
360or the file which contains the local firewall ruleset.
361Valid selections from
362.Pa /etc/rc.firewall
363are:
364.Pp
365.Bl -tag -width ".Li simple" -compact
366.It Li open
367unrestricted IP access
368.It Li closed
369all IP services disabled, except via
370.Dq Li lo0
371.It Li client
372basic protection for a workstation
373.It Li simple
374basic protection for a LAN.
375.El
376.Pp
377If a filename is specified, the full path
378must be given.
379.It Va ipv6_firewall_type
380.Pq Vt str
381The IPv6 equivalent of
382.Va firewall_type .
383.It Va firewall_quiet
384.Pq Vt bool
385Set to
386.Dq Li YES
387to disable the display of firewall rules on the console during boot.
388.It Va ipv6_firewall_quiet
389.Pq Vt bool
390The IPv6 equivalent of
391.Va firewall_quiet .
392.It Va firewall_logging
393.Pq Vt bool
394Set to
395.Dq Li YES
396to enable firewall event logging.
397This is equivalent to the
398.Dv IPFIREWALL_VERBOSE
399kernel option.
400.It Va ipv6_firewall_logging
401.Pq Vt bool
402The IPv6 equivalent of
403.Va firewall_logging .
404.It Va firewall_flags
405.Pq Vt str
406Flags passed to
407.Xr ipfw 8
408if
409.Va firewall_type
410specifies a filename.
411.It Va ipv6_firewall_flags
412.Pq Vt str
413The IPv6 equivalent of
414.Va firewall_flags .
415.It Va natd_program
416.Pq Vt str
417Path to
418.Xr natd 8 .
419.It Va natd_enable
420.Pq Vt bool
421Set to
422.Dq Li YES
423to enable
424.Xr natd 8 .
425.Va firewall_enable
426must also be set to
427.Dq Li YES ,
428and
429.Xr divert 4
430sockets must be enabled in the kernel.
431.It Va natd_interface
432.Pq Vt str
433This is the name of the public interface on which
434.Xr natd 8
435should run.
436The interface may be given as an interface name or as an IP address.
437.It Va natd_flags
438.Pq Vt str
439Additional
440.Xr natd 8
441flags should be placed here.
442The
443.Fl n
444or
445.Fl a
446flag is automatically added with the above
447.Va natd_interface
448as an argument.
449.\" ----- ipfilter_enable setting --------------------------------
450.It Va ipfilter_enable
451.Pq Vt bool
452Set to
453.Dq Li NO
454by default.
455Setting this to
456.Dq Li YES
457enables
458.Xr ipf 8
459packet filtering.
460.Pp
461Typical usage will require putting
462.Bd -literal
463ipfilter_enable="YES"
464ipnat_enable="YES"
465ipmon_enable="YES"
466ipfs_enable="YES"
467.Ed
468.Pp
469into
470.Pa /etc/rc.conf
471and editing
472.Pa /etc/ipf.rules
473and
474.Pa /etc/ipnat.rules
475appropriately.
476.Pp
477Note that
478.Va ipfilter_enable
479and
480.Va ipnat_enable
481can be enabled independently.
482.Va ipmon_enable
483and
484.Va ipfs_enable
485both require at least one of
486.Va ipfilter_enable
487and
488.Va ipnat_enable
489to be enabled.
490.Pp
491Having
492.Bd -literal
493options IPFILTER
494options IPFILTER_LOG
495options IPFILTER_DEFAULT_BLOCK
496.Ed
497.Pp
498in the kernel configuration file is a good idea, too.
499.\" ----- ipfilter_program setting ------------------------------
500.It Va ipfilter_program
501.Pq Vt str
502Path to
503.Xr ipf 8
504(default
505.Pa /sbin/ipf ) .
506.\" ----- ipfilter_rules setting --------------------------------
507.It Va ipfilter_rules
508.Pq Vt str
509Set to
510.Pa /etc/ipf.rules
511by default.
512This variable contains the name of the filter rule definition file.
513The file is expected to be readable for the
514.Xr ipf 8
515command to execute.
516.\" ----- ipv6_ipfilter_rules setting ---------------------------
517.It Va ipv6_ipfilter_rules
518.Pq Vt str
519Set to
520.Pa /etc/ipf6.rules
521by default.
522This variable contains the IPv6 filter rule definition file.
523The file is expected to be readable for the
524.Xr ipf 8
525command to execute.
526.\" ----- ipfilter_flags setting --------------------------------
527.It Va ipfilter_flags
528.Pq Vt str
529Empty by default.
530This variable contains flags passed to the
531.Xr ipf 8
532program.
533.\" ----- ipnat_enable setting ----------------------------------
534.It Va ipnat_enable
535.Pq Vt bool
536Set to
537.Dq Li NO
538by default.
539Set it to
540.Dq Li YES
541to enable
542.Xr ipnat 1
543network address translation.
544See
545.Va ipfilter_enable
546for a detailed discussion.
547.\" ----- ipnat_program setting ---------------------------------
548.It Va ipnat_program
549.Pq Vt str
550Path to
551.Xr ipnat 1
552(default
553.Pa /sbin/ipnat ) .
554.\" ----- ipnat_rules setting -----------------------------------
555.It Va ipnat_rules
556.Pq Vt str
557Set to
558.Pa /etc/ipnat.rules
559by default.
560This variable contains the name of the file
561holding the network address translation definition.
562This file is expected to be readable for the
563.Xr ipnat 1
564command to execute.
565.\" ----- ipnat_flags setting -----------------------------------
566.It Va ipnat_flags
567.Pq Vt str
568Empty by default.
569This variable contains flags passed to the
570.Xr ipnat 1
571program.
572.\" ----- ipmon_enable setting ----------------------------------
573.It Va ipmon_enable
574.Pq Vt bool
575Set to
576.Dq Li NO
577by default.
578Set it to
579.Dq Li YES
580to enable
581.Xr ipmon 8
582monitoring (logging
583.Xr ipf 8
584and
585.Xr ipnat 1
586events).
587Setting this variable needs setting
588.Va ipfilter_enable
589or
590.Va ipnat_enable
591too.
592See
593.Va ipfilter_enable
594for a detailed discussion.
595.\" ----- ipmon_program setting ---------------------------------
596.It Va ipmon_program
597.Pq Vt str
598Path to
599.Xr ipmon 8
600(default
601.Pa /sbin/ipmon ) .
602.\" ----- ipmon_flags setting -----------------------------------
603.It Va ipmon_flags
604.Pq Vt str
605Set to
606.Dq Li -Ds
607by default.
608This variable contains flags passed to the
609.Xr ipmon 8
610program.
611Another typical example would be
612.Dq Fl D Pa /var/log/ipflog
613to have
614.Xr ipmon 8
615log directly to a file bypassing
616.Xr syslogd 8 .
617Make sure to adjust
618.Pa /etc/newsyslog.conf
619in such case like this:
620.Bd -literal
621/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
622.Ed
623.\" ----- ipfs_enable setting -----------------------------------
624.It Va ipfs_enable
625.Pq Vt bool
626Set to
627.Dq Li NO
628by default.
629Set it to
630.Dq Li YES
631to enable
632.Xr ipfs 8
633saving the filter and NAT state tables during shutdown
634and reloading them during startup again.
635Setting this variable needs setting
636.Va ipfilter_enable
637or
638.Va ipnat_enable
639to
640.Dq Li YES
641too.
642See
643.Va ipfilter_enable
644for a detailed discussion.
645Note that if
646.Va kern_securelevel
647is set to 3,
648.Va ipfs_enable
649cannot be used
650because the raised securelevel will prevent
651.Xr ipfs 8
652from saving the state tables at shutdown time.
653.\" ----- ipfs_program setting ----------------------------------
654.It Va ipfs_program
655.Pq Vt str
656Path to
657.Xr ipfs 8
658(default
659.Pa /sbin/ipfs ) .
660.\" ----- ipfs_flags setting ------------------------------------
661.It Va ipfs_flags
662.Pq Vt str
663Empty by default.
664This variable contains flags passed to the
665.Xr ipfs 8
666program.
667.\" ----- end of added ipf hook ---------------------------------
668.It Va pf_enable
669.Pq Vt bool
670Set to
671.Dq Li NO
672by default.
673Setting this to
674.Dq Li YES
675enables
676.Xr pf 4
677packet filtering.
678.Pp
679Typical usage will require putting
680.Pp
681.Dl pf_enable="YES"
682.Pp
683into
684.Pa /etc/rc.conf
685and editing
686.Pa /etc/pf.conf
687appropriately.
688.Pp
689Having
690.Bd -literal -offset indent
691options PFIL_HOOKS
692options RANDOM_IP_ID
693.Ed
694.Pp
695in the kernel configuration file is required for use as a
696.Xr kld 4
697module.
698.Pp
699.Dl "device pf"
700.Pp
701builds it into the kernel.
702.It Va pf_rules
703.Pq Vt str
704Path to
705.Xr pf 4
706ruleset configuration file
707(default
708.Pa /etc/pf.conf ) .
709.It Va pf_program
710.Pq Vt str
711Path to
712.Xr pfctl 8
713(default
714.Pa /sbin/pfctl ) .
715.It Va pf_flags
716.Pq Vt str
717If
718.Va pf_enable
719is set to
720.Dq Li YES ,
721these flags are passed to the
722.Xr pfctl 8
723program when loading the ruleset.
724.It Va pflog_enable
725.Pq Vt bool
726Set to
727.Dq Li NO
728by default.
729Setting this to
730.Dq Li YES
731enables
732.Xr pflogd 8
733which logs packtes from the
734.Xr pf 4
735packet filter.
736.It Va pflog_logfile
737.Pq Vt str
738If
739.Va pflog_enable
740is set to
741.Dq Li YES
742this controls where
743.Xr pflogd 8
744stores the logfile
745(default
746.Pa /var/log/pflog ) .
747Check
748.Pa /etc/newsyslog.conf
749to adjust logfile rotation for this.
750.It Va pflog_program
751.Pq Vt str
752Path to
753.Xr pflogd 8
754(default
755.Pa /sbin/pflogd ) .
756.It Va pflog_flags
757.Pq Vt str
758Empty by default.
759This variable contains additional flags passed to the
760.Xr pflogd 8
761program.
762.It Va tcp_extensions
763.Pq Vt bool
764Set to
765.Dq Li YES
766by default.
767Setting this to
768.Dq Li NO
769disables certain TCP options as described by
770.Rs
771.%T "RFC 1323"
772.Re
773Setting this to
774.Dq Li NO
775might help remedy such problems with connections as randomly hanging
776or other weird behavior.
777Some network devices are known
778to be broken with respect to these options.
779.It Va log_in_vain
780.Pq Vt int
781Set to 0 by default.
782The
783.Xr sysctl 8
784variables,
785.Va net.inet.tcp.log_in_vain
786and
787.Va net.inet.udp.log_in_vain ,
788as described in
789.Xr tcp 4
790and
791.Xr udp 4 ,
792are set to the given value.
793.It Va tcp_keepalive
794.Pq Vt bool
795Set to
796.Dq Li YES
797by default.
798Setting to
799.Dq Li NO
800will disable probing idle TCP connections to verify that the
801peer is still up and reachable.
802.It Va tcp_drop_synfin
803.Pq Vt bool
804Set to
805.Dq Li NO
806by default.
807Setting to
808.Dq Li YES
809will cause the kernel to ignore TCP frames that have both
810the SYN and FIN flags set.
811This prevents OS fingerprinting, but may
812break some legitimate applications.
813This option is only available if the
814kernel was built with the
815.Dv TCP_DROP_SYNFIN
816option.
817.It Va icmp_drop_redirect
818.Pq Vt bool
819Set to
820.Dq Li NO
821by default.
822Setting to
823.Dq Li YES
824will cause the kernel to ignore ICMP REDIRECT packets.
825Refer to
826.Xr icmp 4
827for more information.
828.It Va icmp_log_redirect
829.Pq Vt bool
830Set to
831.Dq Li NO
832by default.
833Setting to
834.Dq Li YES
835will cause the kernel to log ICMP REDIRECT packets.
836Note that
837the log messages are not rate-limited, so this option should only be used
838for troubleshooting networks.
839Refer to
840.Xr icmp 4
841for more information.
842.It Va icmp_bmcastecho
843.Pq Vt bool
844Set to
845.Dq Li YES
846to respond to broadcast or multicast ICMP ping packets.
847Refer to
848.Xr icmp 4
849for more information.
850.It Va ip_portrange_first
851.Pq Vt int
852If not set to
853.Dq Li NO ,
854this is the first port in the default portrange.
855Refer to
856.Xr ip 4
857for more information.
858.It Va ip_portrange_last
859.Pq Vt int
860If not set to
861.Dq Li NO ,
862this is the last port in the default portrange.
863Refer to
864.Xr ip 4
865for more information.
866.It Va network_interfaces
867.Pq Vt str
868Set to the list of network interfaces to configure on this host.
869For example, if the only network devices in the system are the loopback
870device
871.Pq Li lo0
872and a NIC using the
873.Xr ed 4
874driver,
875this could be set to
876.Dq Li "lo0 ed0" .
877An
878.Va ifconfig_ Ns Aq Ar interface
879variable is also assumed to exist for each value of
880.Ar interface .
881It is also possible to add IP alias entries here in cases where
882multiple IP addresses registered against a single interface
883are desired.
884Assuming that the interface in question was
885.Li ed0 ,
886it might look
887something like this:
888.Bd -literal
889ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
890ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
891.Ed
892.Pp
893And so on.
894For each
895.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
896entry that is found,
897its contents are passed to
898.Xr ifconfig 8 .
899Execution stops at the first unsuccessful access, so if
900something like this is present:
901.Bd -literal
902ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
903ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
904ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
905ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
906.Ed
907.Pp
908Then note that alias4 would
909.Em not
910be added since the search would
911stop with the missing alias3 entry.
912.Pp
913If the
914.Pa /etc/start_if. Ns Aq Ar interface
915file is present, it is read and executed by the
916.Xr sh 1
917interpreter
918before configuring the interface as specified in the
919.Va ifconfig_ Ns Aq Ar interface
920and
921.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
922variables.
923.Pp
924It is possible to bring up an interface with DHCP by setting the
925.Va ifconfig_ Ns Aq Ar interface
926variable to
927.Dq Li DHCP .
928For instance, to initialize the
929.Li ed0
930device via DHCP,
931it is possible to use something like:
932.Bd -literal
933ifconfig_ed0="DHCP"
934.Ed
935.It Va ipv6_network_interfaces
936.Pq Vt str
937This is the IPv6 equivalent of
938.Va network_interfaces .
939Instead of setting the ifconfig variables as
940.Va ifconfig_ Ns Aq Ar interface
941they should be set as
942.Va ipv6_ifconfig_ Ns Aq Ar interface .
943Aliases should be set as
944.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
945.Va ipv6_prefix_ Ns Aq Ar interface
946does something.
947Interfaces that do not have a
948.Va ipv6_ifconfig_ Ns Aq Ar interface
949setting will be auto configured by
950.Xr rtsol 8
951if the
952.Va ipv6_gateway_enable
953is set to
954.Dq Li NO .
955Note that the IPv6 networking code does not support the
956.Pa /etc/start_if. Ns Aq Ar interface
957files.
958.It Va ipv6_default_interface
959.Pq Vt str
960If not set to
961.Dq Li NO ,
962this is the default output interface for scoped addresses.
963Now this works only for IPv6 link local multicast addresses.
964.It Va cloned_interfaces
965.Pq Vt str
966Set to the list of clonable network interfaces to create on this host.
967Entries in
968.Va cloned_interfaces
969are automatically appended to
970.Va network_interfaces
971for configuration.
972.It Va gif_interfaces
973.Pq Vt str
974Set to the list of
975.Xr gif 4
976tunnel interfaces to configure on this host.
977A
978.Va gifconfig_ Ns Aq Ar interface
979variable is assumed to exist for each value of
980.Ar interface .
981The value of this variable is used to configure the link layer of the
982tunnel according to the syntax of the
983.Cm tunnel
984option to
985.Xr ifconfig 8 .
986Additionally, this option ensures that each listed interface is created
987via the
988.Cm create
989option to
990.Xr ifconfig 8
991before attempting to configure it.
992.It Va sppp_interfaces
993.Pq Vt str
994Set to the list of
995.Xr sppp 4
996interfaces to configure on this host.
997A
998.Va spppconfig_ Ns Aq Ar interface
999variable is assumed to exist for each value of
1000.Ar interface .
1001Each interface should also be configured by a general
1002.Va ifconfig_ Ns Aq Ar interface
1003setting.
1004Refer to
1005.Xr spppcontrol 8
1006for more information about available options.
1007.It Va ppp_enable
1008.Pq Vt bool
1009If set to
1010.Dq Li YES ,
1011run the
1012.Xr ppp 8
1013daemon.
1014.It Va ppp_mode
1015.Pq Vt str
1016Mode in which to run the
1017.Xr ppp 8
1018daemon.
1019Accepted modes are
1020.Dq Li auto ,
1021.Dq Li ddial ,
1022.Dq Li direct
1023and
1024.Dq Li dedicated .
1025See the manual for a full description.
1026.It Va ppp_nat
1027.Pq Vt bool
1028If set to
1029.Dq Li YES ,
1030enables network address translation.
1031Used in conjunction with
1032.Va gateway_enable
1033allows hosts on private network addresses access to the Internet using
1034this host as a network address translating router.
1035.It Va ppp_profile
1036.Pq Vt str
1037The name of the profile to use from
1038.Pa /etc/ppp/ppp.conf .
1039.It Va ppp_user
1040.Pq Vt str
1041The name of the user under which
1042.Xr ppp 8
1043should be started.
1044By
1045default,
1046.Xr ppp 8
1047is started as
1048.Dq Li root .
1049.It Va rc_conf_files
1050.Pq Vt str
1051This option is used to specify a list of files that will override
1052the settings in
1053.Pa /etc/defaults/rc.conf .
1054The files will be read in the order in which they are specified and should
1055include the full path to the file.
1056By default, the files specified are
1057.Pa /etc/rc.conf
1058and
1059.Pa /etc/rc.conf.local
1060.It Va gbde_autoattach_all
1061.Pq Vt bool
1062If set to
1063.Dq Li YES ,
1064.Pa /etc/rc.d/gbde
1065will attempt to automatically initialize your .bde devices in
1066.Pa /etc/fstab .
1067.It Va gbde_devices
1068.Pq Vt str
1069List the devices that the script should try to attach,
1070or
1071.Dq Li AUTO .
1072.It Va gbde_lockdir
1073.Pq Vt str
1074The directory where the
1075.Xr gbde 4
1076lockfiles are located.
1077The default lockfile directory is
1078.Pa /etc .
1079.Pp
1080The lockfile for each individual
1081.Xr gbde 4
1082device can be overridden by setting the variable
1083.Va gbde_lock_ Ns Aq Ar device ,
1084where
1085.Ar device
1086is the encrypted device without the
1087.Dq Pa /dev/
1088and
1089.Dq Pa .bde
1090parts.
1091.It Va gbde_attach_attempts
1092.Pq Vt int
1093Number of times to attempt attaching to a
1094.Xr gbde 4
1095device, i.e. how many times the user is asked for the pass-phrase.
1096Default is 3.
1097.It Va gbde_swap_enable
1098.Pq Vt bool
1099If set to
1100.Dq Li YES ,
1101any .bde swap devices listed in
1102.Pa /etc/fstab
1103will be initialized with a random, one-shot key.
1104Note that this makes recovery of kernel dumps impossible.
1105.It Va fsck_y_enable
1106.Pq Vt bool
1107If set to
1108.Dq Li YES ,
1109.Xr fsck 8
1110will be run with the
1111.Fl y
1112flag if the initial preen
1113of the file systems fails.
1114.It Va background_fsck
1115.Pq Vt bool
1116If set to
1117.Dq Li YES ,
1118the system will attempt to run
1119.Xr fsck 8
1120in the background where possible.
1121.It Va background_fsck_delay
1122.Pq Vt int
1123The amount of time in seconds to sleep before starting a background
1124.Xr fsck 8 .
1125It defaults to sixty seconds to allow large applications such as
1126the X server to start before disk I/O bandwidth is monopolized by
1127.Xr fsck 8 .
1128.It Va netfs_types
1129.Pq Vt str
1130List of file system types that are network-based.
1131This list should generally not be modified by end users.
1132Use
1133.Va extra_netfs_types
1134instead.
1135.It Va extra_netfs_types
1136.Pq Vt str
1137If set to something other than
1138.Dq Li NO
1139(the default),
1140this variable extends the list of file system types
1141for which automatic mounting at startup by
1142.Xr rc 8
1143should be delayed until the network is initialized.
1144It should contain
1145a whitespace-separated list of network file system descriptor pairs,
1146each consisting of a file system type as passed to
1147.Xr mount 8
1148and a human-readable, one-word description,
1149joined with a colon
1150.Pq Ql \&: .
1151Extending the default list in this way is only necessary
1152when third party file system types are used.
1153.It Va syslogd_enable
1154.Pq Vt bool
1155If set to
1156.Dq Li YES ,
1157run the
1158.Xr syslogd 8
1159daemon.
1160.It Va syslogd_program
1161.Pq Vt str
1162Path to
1163.Xr syslogd 8
1164(default
1165.Pa /usr/sbin/syslogd ) .
1166.It Va syslogd_flags
1167.Pq Vt str
1168If
1169.Va syslogd_enable
1170is set to
1171.Dq Li YES ,
1172these are the flags to pass to
1173.Xr syslogd 8 .
1174.It Va inetd_enable
1175.Pq Vt bool
1176If set to
1177.Dq Li YES ,
1178run the
1179.Xr inetd 8
1180daemon.
1181.It Va inetd_program
1182.Pq Vt str
1183Path to
1184.Xr inetd 8
1185(default
1186.Pa /usr/sbin/inetd ) .
1187.It Va inetd_flags
1188.Pq Vt str
1189If
1190.Va inetd_enable
1191is set to
1192.Dq Li YES ,
1193these are the flags to pass to
1194.Xr inetd 8 .
1195.It Va named_enable
1196.Pq Vt bool
1197If set to
1198.Dq Li YES ,
1199run the
1200.Xr named 8
1201daemon.
1202.It Va named_program
1203.Pq Vt str
1204Path to
1205.Xr named 8
1206(default
1207.Pa /usr/sbin/named ) .
1208.It Va named_flags
1209.Pq Vt str
1210If
1211.Va named_enable
1212is set to
1213.Dq Li YES ,
1214these are the flags to pass to
1215.Xr named 8 .
1216.It Va named_pidfile
1217.Pq Vt str
1218This is the default path to the
1219.Xr named 8
1220daemon's PID file.
1221Change it if you change the location in
1222.Xr named.conf 5 .
1223.It Va named_chrootdir
1224.Pq Vt str
1225The root directory for a name server run in a
1226.Xr chroot 8
1227environment.
1228If left empty
1229.Xr named 8
1230will not be run in a
1231.Xr chroot 8
1232environment.
1233This variable has no effect if
1234.Va named_rcng
1235is not enabled.
1236This variable is experimental.
1237It may be removed or changed in the near future.
1238.It Va named_chroot_autoupdate
1239.Pq Vt bool
1240Set to
1241.Dq Li NO
1242to disable automatic syncing of libraries and
1243other system files between the root file system and the
1244.Xr chroot 8 .
1245This variable has no effect if
1246.Va named_rcng
1247is not enabled.
1248This variable is experimental.
1249It may be removed or changed in the near future.
1250.It Va named_symlink_enable
1251.Pq Vt bool
1252Set to
1253.Dq Li NO
1254to disable symlinking of
1255.Va named_pidfile
1256and
1257.Pa /var/run/ndc
1258into the
1259.Xr chroot 8
1260environment in which
1261.Xr named 8
1262is running.
1263This variable has no effect if
1264.Va named_rcng
1265is not enabled.
1266This variable is experimental.
1267It may be removed or changed in the near future.
1268.It Va kerberos5_server_enable
1269.Pq Vt bool
1270Set to
1271.Dq Li YES
1272to start a Kerberos 5 authentication server
1273at boot time.
1274.It Va kerberos5_server
1275.Pq Vt str
1276If
1277.Va kerberos5_server_enable
1278is set to
1279.Dq Li YES
1280this is the path to Kerberos 5 Authentication Server.
1281.It Va kadmind5_server_enable
1282.Pq Vt bool
1283Set to
1284.Dq Li YES
1285to start
1286.Xr kadmind 8 ,
1287the Kerberos 5 Administration Daemon; set to
1288.Dq Li NO
1289on a slave server.
1290.It Va kadmind5_server
1291.Pq Vt str
1292If
1293.Va kadmind5_server_enable
1294is set to
1295.Dq Li YES
1296this is the path to Kerberos 5 Administration Daemon.
1297.It Va kpasswdd_server_enable
1298.Pq Vt bool
1299Set to
1300.Dq Li YES
1301to start
1302.Xr kpasswdd 8 ,
1303the Kerberos 5 Password-Changing Daemon; set to
1304.Dq Li NO
1305on a slave server.
1306.It Va kpasswdd_server
1307.Pq Vt str
1308If
1309.Va kpasswdd_server_enable
1310is set to
1311.Dq Li YES
1312this is the path to Kerberos 5 Password-Changing Daemon.
1313.It Va rwhod_enable
1314.Pq Vt bool
1315If set to
1316.Dq Li YES ,
1317run the
1318.Xr rwhod 8
1319daemon at boot time.
1320.It Va rwhod_flags
1321.Pq Vt str
1322If
1323.Va rwhod_enable
1324is set to
1325.Dq Li YES ,
1326these are the flags to pass to it.
1327.It Va amd_enable
1328.Pq Vt bool
1329If set to
1330.Dq Li YES ,
1331run the
1332.Xr amd 8
1333daemon at boot time.
1334.It Va amd_flags
1335.Pq Vt str
1336If
1337.Va amd_enable
1338is set to
1339.Dq Li YES ,
1340these are the flags to pass to it.
1341See the
1342.Xr amd 8
1343manpage for more information.
1344.It Va amd_map_program
1345.Pq Vt str
1346If set,
1347the specified program is run to get the list of
1348.Xr amd 8
1349maps.
1350For example, if the
1351.Xr amd 8
1352maps are stored in NIS, one can set this to
1353run
1354.Xr ypcat 1
1355to get a list of
1356.Xr amd 8
1357maps from the
1358.Pa amd.master
1359NIS map.
1360.It Va update_motd
1361.Pq Vt bool
1362If set to
1363.Dq Li YES ,
1364.Pa /etc/motd
1365will be updated at boot time to reflect the kernel release
1366being run.
1367If set to
1368.Dq Li NO ,
1369.Pa /etc/motd
1370will not be updated.
1371.It Va nfs_client_enable
1372.Pq Vt bool
1373If set to
1374.Dq Li YES ,
1375run the NFS client daemons at boot time.
1376.It Va nfs_access_cache
1377.Pq Vt int
1378If
1379.Va nfs_client_enable
1380is set to
1381.Dq Li YES ,
1382this can be set to
1383.Dq Li 0
1384to disable NFS ACCESS RPC caching, or to the number of seconds for which
1385NFS ACCESS
1386results should be cached.
1387A value of 2-10 seconds will substantially reduce network
1388traffic for many NFS operations.
1389.It Va nfs_server_enable
1390.Pq Vt bool
1391If set to
1392.Dq Li YES ,
1393run the NFS server daemons at boot time.
1394.It Va nfs_server_flags
1395.Pq Vt str
1396If
1397.Va nfs_server_enable
1398is set to
1399.Dq Li YES ,
1400these are the flags to pass to the
1401.Xr nfsd 8
1402daemon.
1403.It Va mountd_enable
1404.Pq Vt bool
1405If set to
1406.Dq Li YES ,
1407and no
1408.Va nfs_server_enable
1409is set, start
1410.Xr mountd 8 ,
1411but not
1412.Xr nfsd 8
1413daemon.
1414It is commonly needed to run CFS without real NFS used.
1415.It Va mountd_flags
1416.Pq Vt str
1417If
1418.Va mountd_enable
1419is set to
1420.Dq Li YES ,
1421these are the flags to pass to the
1422.Xr mountd 8
1423daemon.
1424.It Va weak_mountd_authentication
1425.Pq Vt bool
1426If set to
1427.Dq Li YES ,
1428allow services like PCNFSD to make non-privileged mount
1429requests.
1430.It Va nfs_reserved_port_only
1431.Pq Vt bool
1432If set to
1433.Dq Li YES ,
1434provide NFS services only on a secure port.
1435.It Va nfs_bufpackets
1436.Pq Vt int
1437If set to a number, indicates the number of packets worth of
1438socket buffer space to reserve on an NFS client.
1439The kernel default is typically 4.
1440Using a higher number may be
1441useful on gigabit networks to improve performance.
1442The minimum value is
14432 and the maximum is 64.
1444.It Va rpc_lockd_enable
1445.Pq Vt bool
1446If set to
1447.Dq Li YES
1448and also an NFS server, run
1449.Xr rpc.lockd 8
1450at boot time.
1451.It Va rpc_statd_enable
1452.Pq Vt bool
1453If set to
1454.Dq Li YES
1455and also an NFS server, run
1456.Xr rpc.statd 8
1457at boot time.
1458.It Va rpcbind_program
1459.Pq Vt str
1460Path to
1461.Xr rpcbind 8
1462(default
1463.Pa /usr/sbin/rpcbind ) .
1464.It Va rpcbind_enable
1465.Pq Vt bool
1466If set to
1467.Dq Li YES ,
1468run the
1469.Xr rpcbind 8
1470service at boot time.
1471.It Va rpcbind_flags
1472.Pq Vt str
1473If
1474.Va rpcbind_enable
1475is set to
1476.Dq Li YES ,
1477these are the flags to pass to the
1478.Xr rpcbind 8
1479daemon.
1480.It Va keyserv_enable
1481.Pq Vt bool
1482If set to
1483.Dq Li YES ,
1484run the
1485.Xr keyserv 8
1486daemon on boot for running Secure RPC.
1487.It Va keyserv_flags
1488.Pq Vt str
1489If
1490.Va keyserv_enable
1491is set to
1492.Dq Li YES ,
1493these are the flags to pass to
1494.Xr keyserv 8
1495daemon.
1496.It Va pppoed_enable
1497.Pq Vt bool
1498If set to
1499.Dq Li YES ,
1500run the
1501.Xr pppoed 8
1502daemon at boot time to provide PPP over Ethernet services.
1503.It Va pppoed_ Ns Ar provider
1504.Pq Vt str
1505.Xr pppoed 8
1506listens to requests to this
1507.Ar provider
1508and ultimately runs
1509.Xr ppp 8
1510with a
1511.Ar system
1512argument of the same name.
1513.It Va pppoed_flags
1514.Pq Vt str
1515Additional flags to pass to
1516.Xr pppoed 8 .
1517.It Va pppoed_interface
1518.Pq Vt str
1519The network interface to run
1520.Xr pppoed 8
1521on.
1522This is mandatory when
1523.Va pppoed_enable
1524is set to
1525.Dq Li YES .
1526.It Va timed_enable
1527.Pq Vt bool
1528If set to
1529.Dq Li YES ,
1530run the
1531.Xr timed 8
1532service at boot time.
1533This command is intended for networks of
1534machines where a consistent
1535.Dq "network time"
1536for all hosts must be established.
1537This is often useful in large NFS
1538environments where time stamps on files are expected to be consistent
1539network-wide.
1540.It Va timed_flags
1541.Pq Vt str
1542If
1543.Va timed_enable
1544is set to
1545.Dq Li YES ,
1546these are the flags to pass to the
1547.Xr timed 8
1548service.
1549.It Va ntpdate_enable
1550.Pq Vt bool
1551If set to
1552.Dq Li YES ,
1553run
1554.Xr ntpdate 8
1555at system startup.
1556This command is intended to
1557synchronize the system clock only
1558.Em once
1559from some standard reference.
1560An option to set this up initially
1561(from a list of known servers) is also provided by the
1562.Xr sysinstall 8
1563program when the system is first installed.
1564.It Va ntpdate_hosts
1565.Pq Vt str
1566A whitespace-separated list of NTP servers to synchronize with at startup.
1567The default is to use the servers listed in
1568.Pa /etc/ntp.conf ,
1569if that file exists.
1570.It Va ntpdate_program
1571.Pq Vt str
1572Path to
1573.Xr ntpdate 8
1574(default
1575.Pa /usr/sbin/ntpdate ) .
1576.It Va ntpdate_flags
1577.Pq Vt str
1578If
1579.Va ntpdate_enable
1580is set to
1581.Dq Li YES ,
1582these are the flags to pass to the
1583.Xr ntpdate 8
1584command (typically a hostname).
1585.It Va ntpd_enable
1586.Pq Vt bool
1587If set to
1588.Dq Li YES ,
1589run the
1590.Xr ntpd 8
1591command at boot time.
1592.It Va ntpd_program
1593.Pq Vt str
1594Path to
1595.Xr ntpd 8
1596(default
1597.Pa /usr/sbin/ntpd ) .
1598.It Va ntpd_flags
1599.Pq Vt str
1600If
1601.Va ntpd_enable
1602is set to
1603.Dq Li YES ,
1604these are the flags to pass to the
1605.Xr ntpd 8
1606daemon.
1607.It Va ntpd_sync_on_start
1608.Pq Vt bool
1609If set to
1610.Dq Li YES ,
1611.Xr ntpd 8
1612is run with the
1613.Op Fl g
1614flag, which syncs the system's clock on startup.
1615See
1616.Xr ntpd 8
1617for more information regarding the
1618.Op Fl g
1619option.
1620This is a preferred alternative to using
1621.Xr ntpdate 1
1622or specifying the
1623.Pa /etc/rc.conf
1624tunable
1625.Op Ar ntpdate_enable .
1626.It Va nis_client_enable
1627.Pq Vt bool
1628If set to
1629.Dq Li YES ,
1630run the
1631.Xr ypbind 8
1632service at system boot time.
1633.It Va nis_client_flags
1634.Pq Vt str
1635If
1636.Va nis_client_enable
1637is set to
1638.Dq Li YES ,
1639these are the flags to pass to the
1640.Xr ypbind 8
1641service.
1642.It Va nis_ypset_enable
1643.Pq Vt bool
1644If set to
1645.Dq Li YES ,
1646run the
1647.Xr ypset 8
1648daemon at system boot time.
1649.It Va nis_ypset_flags
1650.Pq Vt str
1651If
1652.Va nis_ypset_enable
1653is set to
1654.Dq Li YES ,
1655these are the flags to pass to the
1656.Xr ypset 8
1657daemon.
1658.It Va nis_server_enable
1659.Pq Vt bool
1660If set to
1661.Dq Li YES ,
1662run the
1663.Xr ypserv 8
1664daemon at system boot time.
1665.It Va nis_server_flags
1666.Pq Vt str
1667If
1668.Va nis_server_enable
1669is set to
1670.Dq Li YES ,
1671these are the flags to pass to the
1672.Xr ypserv 8
1673daemon.
1674.It Va nis_ypxfrd_enable
1675.Pq Vt bool
1676If set to
1677.Dq Li YES ,
1678run the
1679.Xr rpc.ypxfrd 8
1680daemon at system boot time.
1681.It Va nis_ypxfrd_flags
1682.Pq Vt str
1683If
1684.Va nis_ypxfrd_enable
1685is set to
1686.Dq Li YES ,
1687these are the flags to pass to the
1688.Xr rpc.ypxfrd 8
1689daemon.
1690.It Va nis_yppasswdd_enable
1691.Pq Vt bool
1692If set to
1693.Dq Li YES ,
1694run the
1695.Xr rpc.yppasswdd 8
1696daemon at system boot time.
1697.It Va nis_yppasswdd_flags
1698.Pq Vt str
1699If
1700.Va nis_yppasswdd_enable
1701is set to
1702.Dq Li YES ,
1703these are the flags to pass to the
1704.Xr rpc.yppasswdd 8
1705daemon.
1706.It Va rpc_ypupdated_enable
1707.Pq Vt bool
1708If set to
1709.Dq Li YES ,
1710run the
1711.Nm rpc.ypupdated
1712daemon at system boot time.
1713.It Va defaultrouter
1714.Pq Vt str
1715If not set to
1716.Dq Li NO ,
1717create a default route to this host name or IP address
1718(use an IP address if this router is also required to get to the
1719name server!).
1720.It Va ipv6_defaultrouter
1721.Pq Vt str
1722The IPv6 equivalent of
1723.Va defaultrouter .
1724.It Va static_routes
1725.Pq Vt str
1726Set to the list of static routes that are to be added at system
1727boot time.
1728If not set to
1729.Dq Li NO
1730then for each whitespace separated
1731.Ar element
1732in the value, a
1733.Va route_ Ns Aq Ar element
1734variable is assumed to exist
1735whose contents will later be passed to a
1736.Dq Nm route Cm add
1737operation.
1738For example:
1739.Bd -literal
1740static_routes="mcast gif0local"
1741route_mcast="-net 224.0.0.0/4 -iface gif0"
1742route_gif0local="-host 169.254.1.1 -iface lo0"
1743.Ed
1744.It Va ipv6_static_routes
1745.Pq Vt str
1746The IPv6 equivalent of
1747.Va static_routes .
1748If not set to
1749.Dq Li NO
1750then for each whitespace separated
1751.Ar element
1752in the value, a
1753.Va ipv6_route_ Ns Aq Ar element
1754variable is assumed to exist
1755whose contents will later be passed to a
1756.Dq Nm route Cm add Fl inet6
1757operation.
1758.It Va natm_static_routes
1759.Pq Vt str
1760The
1761.Xr natmip 4
1762equivalent of
1763.Va static_routes .
1764If not empty then for each whitespace separated
1765.Ar element
1766in the value, a
1767.Va route_ Ns Aq Ar element
1768variable is assumed to exist whose contents will later be passed to a
1769.Dq Nm atmconfig Cm natm Cm add
1770operation.
1771.It Va gateway_enable
1772.Pq Vt bool
1773If set to
1774.Dq Li YES ,
1775configure host to act as an IP router, e.g.\& to forward packets
1776between interfaces.
1777.It Va ipv6_gateway_enable
1778.Pq Vt bool
1779The IPv6 equivalent of
1780.Va gateway_enable .
1781.It Va router_enable
1782.Pq Vt bool
1783If set to
1784.Dq Li YES ,
1785run a routing daemon of some sort, based on the
1786settings of
1787.Va router
1788and
1789.Va router_flags .
1790.It Va ipv6_router_enable
1791.Pq Vt bool
1792The IPv6 equivalent of
1793.Va router_enable .
1794If set to
1795.Dq Li YES ,
1796run a routing daemon of some sort, based on the
1797settings of
1798.Va ipv6_router
1799and
1800.Va ipv6_router_flags .
1801.It Va router
1802.Pq Vt str
1803If
1804.Va router_enable
1805is set to
1806.Dq Li YES ,
1807this is the name of the routing daemon to use.
1808.It Va ipv6_router
1809.Pq Vt str
1810The IPv6 equivalent of
1811.Va router .
1812.It Va router_flags
1813.Pq Vt str
1814If
1815.Va router_enable
1816is set to
1817.Dq Li YES ,
1818these are the flags to pass to the routing daemon.
1819.It Va ipv6_router_flags
1820.Pq Vt str
1821The IPv6 equivalent of
1822.Va router_flags .
1823.It Va mrouted_enable
1824.Pq Vt bool
1825If set to
1826.Dq Li YES ,
1827run the multicast routing daemon,
1828.Xr mrouted 8 .
1829.It Va mroute6d_enable
1830.Pq Vt bool
1831The IPv6 equivalent of
1832.Va mrouted_enable .
1833If set to
1834.Dq Li YES ,
1835run the IPv6 multicast routing daemon.
1836Note that no IPv6 multicast routing daemon is included in the
1837.Fx
1838base system but
1839.Xr pim6dd 8
1840can be installed from the
1841.Fx
1842Ports Collection.
1843.It Va mrouted_flags
1844.Pq Vt str
1845If
1846.Va mrouted_enable
1847is set to
1848.Dq Li YES ,
1849these are the flags to pass to the
1850.Xr mrouted 8
1851daemon.
1852.It Va mroute6d_flags
1853.Pq Vt str
1854The IPv6 equivalent of
1855.Va mrouted_flags .
1856If
1857.Va mroute6d_enable
1858is set to
1859.Dq Li YES ,
1860these are the flags passed to the IPv6 multicast routing daemon.
1861.It Va mroute6d_program
1862.Pq Vt str
1863If
1864.Va mroute6d_enable
1865is set to
1866.Dq Li YES ,
1867this is the path to the IPv6 multicast routing daemon.
1868.It Va rtadvd_enable
1869.Pq Vt bool
1870If set to
1871.Dq Li YES ,
1872run the
1873.Xr rtadvd 8
1874daemon at boot time.
1875.Xr rtadvd 8
1876will only run if
1877.Va ipv6_gateway_enable
1878is also set to
1879.Dq Li YES .
1880The
1881.Xr rtadvd 8
1882utility sends router advertisement packets to the interfaces specified in
1883.Va rtadvd_interfaces
1884and should only be enabled with great care.
1885You may want to fine-tune
1886.Xr rtadvd.conf 5 .
1887.It Va rtadvd_interfaces
1888.Pq Vt str
1889If
1890.Va rtadvd_enable
1891is set to
1892.Dq Li YES
1893this is the list of interfaces to use.
1894.It Va ipxgateway_enable
1895.Pq Vt bool
1896If set to
1897.Dq Li YES ,
1898enable the routing of IPX traffic.
1899.It Va ipxrouted_enable
1900.Pq Vt bool
1901If set to
1902.Dq Li YES ,
1903run the
1904.Xr IPXrouted 8
1905daemon at system boot time.
1906.It Va ipxrouted_flags
1907.Pq Vt str
1908If
1909.Va ipxrouted_enable
1910is set to
1911.Dq Li YES ,
1912these are the flags to pass to the
1913.Xr IPXrouted 8
1914daemon.
1915.It Va arpproxy_all
1916.Pq Vt bool
1917If set to
1918.Dq Li YES ,
1919enable global proxy ARP.
1920.It Va forward_sourceroute
1921.Pq Vt bool
1922If set to
1923.Dq Li YES
1924and
1925.Va gateway_enable
1926is also set to
1927.Dq Li YES ,
1928source-routed packets are forwarded.
1929.It Va accept_sourceroute
1930.Pq Vt bool
1931If set to
1932.Dq Li YES ,
1933the system will accept source-routed packets directed at it.
1934.It Va rarpd_enable
1935.Pq Vt bool
1936If set to
1937.Dq Li YES ,
1938run the
1939.Xr rarpd 8
1940daemon at system boot time.
1941.It Va rarpd_flags
1942.Pq Vt str
1943If
1944.Va rarpd_enable
1945is set to
1946.Dq Li YES ,
1947these are the flags to pass to the
1948.Xr rarpd 8
1949daemon.
1950.It Va bootparamd_enable
1951.Pq Vt bool
1952If set to
1953.Dq Li YES ,
1954run the
1955.Xr bootparamd 8
1956daemon at system boot time.
1957.It Va bootparamd_flags
1958.Pq Vt str
1959If
1960.Va bootparamd_enable
1961is set to
1962.Dq Li YES ,
1963these are the flags to pass to the
1964.Xr bootparamd 8
1965daemon.
1966.It Va stf_interface_ipv4addr
1967.Pq Vt str
1968If not set to
1969.Dq Li NO ,
1970this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
1971interface).
1972Specify this entry to enable the 6to4 interface.
1973.It Va stf_interface_ipv4plen
1974.Pq Vt int
1975Prefix length for 6to4 IPv4 addresses, to limit peer address range.
1976An effective value is 0-31.
1977.It Va stf_interface_ipv6_ifid
1978.Pq Vt str
1979IPv6 interface ID for
1980.Xr stf 4 .
1981This can be set to
1982.Dq Li AUTO .
1983.It Va stf_interface_ipv6_slaid
1984.Pq Vt str
1985IPv6 Site Level Aggregator for
1986.Xr stf 4 .
1987.It Va ipv6_faith_prefix
1988.Pq Vt str
1989If not set to
1990.Dq Li NO ,
1991this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
1992translator.
1993You also need
1994.Xr faithd 8
1995setup.
1996.It Va ipv6_ipv4mapping
1997.Pq Vt bool
1998If set to
1999.Dq Li YES
2000this enables IPv4 mapped IPv6 address communication (like
2001.Li ::ffff:a.b.c.d ) .
2002.It Va atm_enable
2003.Pq Vt bool
2004Set to
2005.Dq Li YES
2006to enable the configuration of ATM interfaces at system boot time.
2007For all of the ATM variables described below, please refer to the
2008.Xr atm 8
2009man page for further details on the available command parameters.
2010Also refer to the files in
2011.Pa /usr/share/examples/atm
2012for more detailed configuration information.
2013.It Va atm_load
2014.Pq Vt str
2015This is a list of physical ATM interface drivers to load.
2016Typical values are
2017.Dq Li hfa_pci
2018and/or
2019.Dq Li hea_pci .
2020.It Va atm_netif_ Ns Aq Ar intf
2021.Pq Vt str
2022For the ATM physical interface
2023.Ar intf ,
2024this variable defines the name prefix and count for the ATM network
2025interfaces to be created.
2026The value will be passed as the parameters of an
2027.Dq Nm atm Cm "set netif" Ar intf
2028command.
2029.It Va atm_sigmgr_ Ns Aq Ar intf
2030.Pq Vt str
2031For the ATM physical interface
2032.Ar intf ,
2033this variable defines the ATM signalling manager to be used.
2034The value will be passed as the parameters of an
2035.Dq Nm atm Cm attach Ar intf
2036command.
2037.It Va atm_prefix_ Ns Aq Ar intf
2038.Pq Vt str
2039For the ATM physical interface
2040.Ar intf ,
2041this variable defines the NSAP prefix for interfaces using a UNI signalling
2042manager.
2043If set to
2044.Dq Li ILMI ,
2045the prefix will automatically be set via the
2046.Xr ilmid 8
2047daemon.
2048Otherwise, the value will be passed as the parameters of an
2049.Dq Nm atm Cm "set prefix" Ar intf
2050command.
2051.It Va atm_macaddr_ Ns Aq Ar intf
2052.Pq Vt str
2053For the ATM physical interface
2054.Ar intf ,
2055this variable defines the MAC address for interfaces using a UNI signalling
2056manager.
2057If set to
2058.Dq Li NO ,
2059the hardware MAC address contained in the ATM interface card will be used.
2060Otherwise, the value will be passed as the parameters of an
2061.Dq Nm atm Cm "set mac" Ar intf
2062command.
2063.It Va atm_arpserver_ Ns Aq Ar netif
2064.Pq Vt str
2065For the ATM network interface
2066.Ar netif ,
2067this variable defines the ATM address for a host which is to provide ATMARP
2068service.
2069This variable is only applicable to interfaces using a UNI signalling
2070manager.
2071If set to
2072.Dq Li local ,
2073this host will become an ATMARP server.
2074The value will be passed as the parameters of an
2075.Dq Nm atm Cm "set arpserver" Ar netif
2076command.
2077.It Va atm_scsparp_ Ns Aq Ar netif
2078.Pq Vt bool
2079If set to
2080.Dq Li YES ,
2081SCSP/ATMARP service for the network interface
2082.Ar netif
2083will be initiated using the
2084.Xr scspd 8
2085and
2086.Xr atmarpd 8
2087daemons.
2088This variable is only applicable if
2089.Va atm_arpserver_ Ns Aq Ar netif
2090is set to
2091.Dq Li local .
2092.It Va atm_pvcs
2093.Pq Vt str
2094Set to the list of ATM PVCs to be added at system
2095boot time.
2096For each whitespace separated
2097.Ar element
2098in the value, an
2099.Va atm_pvc_ Ns Aq Ar element
2100variable is assumed to exist.
2101The value of each of these variables
2102will be passed as the parameters of an
2103.Dq Nm atm Cm "add pvc"
2104command.
2105.It Va atm_arps
2106.Pq Vt str
2107Set to the list of permanent ATM ARP entries to be added
2108at system boot time.
2109For each whitespace separated
2110.Ar element
2111in the value, an
2112.Va atm_arp_ Ns Aq Ar element
2113variable is assumed to exist.
2114The value of each of these variables
2115will be passed as the parameters of an
2116.Dq Nm atm Cm "add arp"
2117command.
2118.It Va natm_interfaces
2119.Pq Vt str
2120Set to the list of
2121.Xr natm 4
2122interfaces that will also be used for HARP through
2123.Xr harp 4 .
2124If this list is not empty all interfaces in the list will be brought up
2125with
2126.Xr ifconfig 8
2127and
2128.Xr harp 4
2129will be loaded.
2130For this to work the interface drivers must be either compiled into the
2131kernel or must reside on the root partition.
2132.It Va keybell
2133.Pq Vt str
2134The keyboard bell sound.
2135Set to
2136.Dq Li normal ,
2137.Dq Li visual ,
2138.Dq Li off ,
2139or
2140.Dq Li NO
2141if the default behavior is desired.
2142For details, refer to the
2143.Xr kbdcontrol 1
2144manpage.
2145.It Va keyboard
2146.Pq Vt str
2147If set to a non-null string, the virtual console's keyboard input is
2148set to this device.
2149.It Va keymap
2150.Pq Vt str
2151If set to
2152.Dq Li NO ,
2153no keymap is installed, otherwise the value is used to install
2154the keymap file in
2155.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2156.It Va keyrate
2157.Pq Vt str
2158The keyboard repeat speed.
2159Set to
2160.Dq Li slow ,
2161.Dq Li normal ,
2162.Dq Li fast ,
2163or
2164.Dq Li NO
2165if the default behavior is desired.
2166.It Va keychange
2167.Pq Vt str
2168If not set to
2169.Dq Li NO ,
2170attempt to program the function keys with the value.
2171The value should
2172be a single string of the form:
2173.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2174.It Va cursor
2175.Pq Vt str
2176Can be set to the value of
2177.Dq Li normal ,
2178.Dq Li blink ,
2179.Dq Li destructive ,
2180or
2181.Dq Li NO
2182to set the cursor behavior explicitly or choose the default behavior.
2183.It Va scrnmap
2184.Pq Vt str
2185If set to
2186.Dq Li NO ,
2187no screen map is installed, otherwise the value is used to install
2188the screen map file in
2189.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2190.It Va font8x16
2191.Pq Vt str
2192If set to
2193.Dq Li NO ,
2194the default 8x16 font value is used for screen size requests, otherwise
2195the value in
2196.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2197is used.
2198.It Va font8x14
2199.Pq Vt str
2200If set to
2201.Dq Li NO ,
2202the default 8x14 font value is used for screen size requests, otherwise
2203the value in
2204.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2205is used.
2206.It Va font8x8
2207.Pq Vt str
2208If set to
2209.Dq Li NO ,
2210the default 8x8 font value is used for screen size requests, otherwise
2211the value in
2212.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2213is used.
2214.It Va blanktime
2215.Pq Vt int
2216If set to
2217.Dq Li NO ,
2218the default screen blanking interval is used, otherwise it is set
2219to
2220.Ar value
2221seconds.
2222.It Va saver
2223.Pq Vt str
2224If not set to
2225.Dq Li NO ,
2226this is the actual screen saver to use
2227.Li ( blank , snake , daemon ,
2228etc).
2229.It Va moused_enable
2230.Pq Vt str
2231If set to
2232.Dq Li YES ,
2233the
2234.Xr moused 8
2235daemon is started for doing cut/paste selection on the console.
2236.It Va moused_type
2237.Pq Vt str
2238This is the protocol type of the mouse connected to this host.
2239This variable must be set if
2240.Va moused_enable
2241is set to
2242.Dq Li YES .
2243The
2244.Xr moused 8
2245daemon
2246is able to detect the appropriate mouse type automatically in many cases.
2247Set this variable to
2248.Dq Li auto
2249to let the daemon detect it, or
2250select one from the following list if the automatic detection fails.
2251.Pp
2252If the mouse is attached to the PS/2 mouse port, choose
2253.Dq Li auto
2254or
2255.Dq Li ps/2 ,
2256regardless of the brand and model of the mouse.
2257Likewise, if the
2258mouse is attached to the bus mouse port, choose
2259.Dq Li auto
2260or
2261.Dq Li busmouse .
2262All other protocols are for serial mice and will not work with
2263the PS/2 and bus mice.
2264If this is a USB mouse,
2265.Dq Li auto
2266is the only protocol type which will work.
2267.Pp
2268.Bl -tag -width ".Li x10mouseremote" -compact
2269.It Li microsoft
2270Microsoft mouse (serial)
2271.It Li intellimouse
2272Microsoft IntelliMouse (serial)
2273.It Li mousesystems
2274Mouse systems Corp.\& mouse (serial)
2275.It Li mmseries
2276MM Series mouse (serial)
2277.It Li logitech
2278Logitech mouse (serial)
2279.It Li busmouse
2280A bus mouse
2281.It Li mouseman
2282Logitech MouseMan and TrackMan (serial)
2283.It Li glidepoint
2284ALPS GlidePoint (serial)
2285.It Li thinkingmouse
2286Kensington ThinkingMouse (serial)
2287.It Li ps/2
2288PS/2 mouse
2289.It Li mmhittab
2290MM HitTablet (serial)
2291.It Li x10mouseremote
2292X10 MouseRemote (serial)
2293.It Li versapad
2294Interlink VersaPad (serial)
2295.El
2296.Pp
2297Even if the mouse is not in the above list, it may be compatible
2298with one in the list.
2299Refer to the man page for
2300.Xr moused 8
2301for compatibility information.
2302.Pp
2303It should also be noted that while this is enabled, any
2304other client of the mouse (such as an X server) should access
2305the mouse through the virtual mouse device,
2306.Pa /dev/sysmouse ,
2307and configure it as a
2308.Dq Li sysmouse
2309type mouse, since all
2310mouse data is converted to this single canonical format when
2311using
2312.Xr moused 8 .
2313If the client program does not support the
2314.Dq Li sysmouse
2315type,
2316specify the
2317.Dq Li mousesystems
2318type.
2319It is the second preferred type.
2320.It Va moused_port
2321.Pq Vt str
2322If
2323.Va moused_enable
2324is set to
2325.Dq Li YES ,
2326this is the actual port the mouse is on.
2327It might be
2328.Pa /dev/cuaa0
2329for a COM1 serial mouse,
2330.Pa /dev/psm0
2331for a PS/2 mouse or
2332.Pa /dev/mse0
2333for a bus mouse, for example.
2334.It Va moused_flags
2335.Pq Vt str
2336If
2337.Va moused_type
2338is set, these are the additional flags to pass to the
2339.Xr moused 8
2340daemon.
2341.It Va mousechar_start
2342.Pq Vt int
2343If set to
2344.Dq Li NO ,
2345the default mouse cursor character range
2346.Li 0xd0 Ns - Ns Li 0xd3
2347is used,
2348otherwise the range start is set
2349to
2350.Ar value
2351character, see
2352.Xr vidcontrol 1 .
2353Use if the default range is occupied in the language code table.
2354.It Va allscreens_flags
2355.Pq Vt str
2356If set,
2357.Xr vidcontrol 1
2358is run with these options for each of the virtual terminals
2359.Pq Pa /dev/ttyv* .
2360For example,
2361.Dq Fl m Cm on
2362will enable the mouse pointer on all virtual terminals
2363if
2364.Va moused_enable
2365is set to
2366.Dq Li YES .
2367.It Va allscreens_kbdflags
2368.Pq Vt str
2369If set,
2370.Xr kbdcontrol 1
2371is run with these options for each of the virtual terminals
2372.Pq Pa /dev/ttyv* .
2373For example,
2374.Dq Fl h Li 200
2375will set the
2376.Xr syscons 4
2377scrollback (history) buffer to 200 lines.
2378.It Va cron_enable
2379.Pq Vt bool
2380If set to
2381.Dq Li YES ,
2382run the
2383.Xr cron 8
2384daemon at system boot time.
2385.It Va cron_program
2386.Pq Vt str
2387Path to
2388.Xr cron 8
2389(default
2390.Pa /usr/sbin/cron ) .
2391.It Va cron_flags
2392.Pq Vt str
2393If
2394.Va cron_enable
2395is set to
2396.Dq Li YES ,
2397these are the flags to pass to
2398.Xr cron 8 .
2399.It Va cron_dst
2400.Pq Vt bool
2401If set to
2402.Dq Li YES ,
2403enable the special handling of transitions to and from the
2404Daylight Saving Time in
2405.Xr cron 8
2406(equivalent to using the flag
2407.Fl s ) .
2408.It Va lpd_program
2409.Pq Vt str
2410Path to
2411.Xr lpd 8
2412(default
2413.Pa /usr/sbin/lpd ) .
2414.It Va lpd_enable
2415.Pq Vt bool
2416If set to
2417.Dq Li YES ,
2418run the
2419.Xr lpd 8
2420daemon at system boot time.
2421.It Va lpd_flags
2422.Pq Vt str
2423If
2424.Va lpd_enable
2425is set to
2426.Dq Li YES ,
2427these are the flags to pass to the
2428.Xr lpd 8
2429daemon.
2430.It Va mta_start_script
2431.Pq Vt str
2432This variable specifies the full path to the script to run to start
2433a mail transfer agent.
2434The default is
2435.Pa /etc/rc.sendmail .
2436The
2437.Va sendmail_*
2438variables which
2439.Pa /etc/rc.sendmail
2440uses are documented in the
2441.Xr rc.sendmail 8
2442man page.
2443.It Va dumpdev
2444.Pq Vt str
2445Indicates the device (usually a swap partition) to which a crash dump
2446should be written in the event of a system crash.
2447The value of this variable is passed as the argument to
2448.Xr dumpon 8 .
2449To disable crash dumps, set this variable to
2450.Dq Li NO .
2451.It Va dumpdir
2452.Pq Vt str
2453When the system reboots after a crash and a crash dump is found on the
2454device specified by the
2455.Va dumpdev
2456variable,
2457.Xr savecore 8
2458will save that crash dump and a copy of the kernel to the directory
2459specified by the
2460.Va dumpdir
2461variable.
2462The default value is
2463.Pa /var/crash .
2464Set to
2465.Dq Li NO
2466to not run
2467.Xr savecore 8
2468at boot time when
2469.Va dumpdir
2470is set.
2471.It Va savecore_flags
2472.Pq Vt str
2473If crash dumps are enabled, these are the flags to pass to the
2474.Xr savecore 8
2475utility.
2476.It Va enable_quotas
2477.Pq Vt bool
2478Set to
2479.Dq Li YES
2480to turn on user disk quotas on system startup via the
2481.Xr quotaon 8
2482command.
2483.It Va check_quotas
2484.Pq Vt bool
2485Set to
2486.Dq Li YES
2487to enable user disk quota checking via the
2488.Xr quotacheck 8
2489command.
2490.It Va accounting_enable
2491.Pq Vt bool
2492Set to
2493.Dq Li YES
2494to enable system accounting through the
2495.Xr accton 8
2496facility.
2497.It Va ibcs2_enable
2498.Pq Vt bool
2499Set to
2500.Dq Li YES
2501to enable iBCS2 (SCO) binary emulation at system initial boot
2502time.
2503.It Va ibcs2_loaders
2504.Pq Vt str
2505If not set to
2506.Dq Li NO
2507and if
2508.Va ibcs2_enable
2509is set to
2510.Dq Li YES ,
2511this specifies a list of additional iBCS2 loaders to enable.
2512.It Va linux_enable
2513.Pq Vt bool
2514Set to
2515.Dq Li YES
2516to enable Linux/ELF binary emulation at system initial
2517boot time.
2518.It Va osf1_enable
2519.Pq Vt bool
2520Set to
2521.Dq Li YES
2522to enable OSF/1 (Digital UNIX) binary emulation at system
2523initial boot time.
2524(alpha)
2525.It Va svr4_enable
2526.Pq Vt bool
2527If set to
2528.Dq Li YES ,
2529enable SysVR4 emulation at boot time.
2530.It Va sysvipc_enable
2531.Pq Vt bool
2532If set to
2533.Dq Li YES ,
2534load System V IPC primitives at boot time.
2535.It Va clear_tmp_enable
2536.Pq Vt bool
2537Set to
2538.Dq Li YES
2539to have
2540.Pa /tmp
2541cleaned at startup.
2542.It Va ldconfig_paths
2543.Pq Vt str
2544Set to the list of shared library paths to use with
2545.Xr ldconfig 8 .
2546NOTE:
2547.Pa /usr/lib
2548will always be added first, so it need not appear in this list.
2549.It Va ldconfig_paths_aout
2550.Pq Vt str
2551Set to the list of shared library paths to use with
2552.Xr ldconfig 8
2553legacy
2554.Xr a.out 5
2555support.
2556.It Va ldconfig_insecure
2557.Pq Vt bool
2558The
2559.Xr ldconfig 8
2560utility normally refuses to use directories
2561which are writable by anyone except root.
2562Set this variable to
2563.Dq Li YES
2564to disable that security check during system startup.
2565.It Va kern_securelevel_enable
2566.Pq Vt bool
2567Set to
2568.Dq Li YES
2569to set the kernel security level at system startup.
2570.It Va kern_securelevel
2571.Pq Vt int
2572The kernel security level to set at startup.
2573The allowed range of
2574.Ar value
2575ranges from \-1 (the compile time default) to 3 (the
2576most secure).
2577See
2578.Xr init 8
2579for the list of possible security levels and their effect
2580on system operation.
2581.It Va lomac_enable
2582.Pq Vt bool
2583Set to
2584.Dq Li YES
2585to enable Low Watermark Mandatory Access Control (LOMAC) at boot time.
2586This security model enforces integrity constraints for system processes;
2587see
2588.Xr lomac 4
2589for a complete description of the LOMAC model, as well as its impact
2590on system operation.
2591.It Va start_vinum
2592.Pq Vt bool
2593Set to
2594.Dq Li YES
2595to start
2596.Xr vinum 8
2597at system boot time.
2598.It Va sshd_program
2599.Pq Vt str
2600Path to the SSH server program
2601.Pa ( /usr/sbin/sshd
2602is the default).
2603.It Va sshd_enable
2604.Pq Vt bool
2605Set to
2606.Dq Li YES
2607to start
2608.Xr sshd 8
2609at system boot time.
2610.It Va sshd_flags
2611.Pq Vt str
2612If
2613.Va sshd_enable
2614is set to
2615.Dq Li YES ,
2616these are the flags to pass to the
2617.Xr sshd 8
2618daemon.
2619.It Va usbd_enable
2620.Pq Vt bool
2621If set to
2622.Dq Li YES ,
2623run the
2624.Xr usbd 8
2625daemon at boot time.
2626.It Va usbd_flags
2627.Pq Vt str
2628If
2629.Va usbd_enable
2630is set to
2631.Dq Li YES ,
2632these are the flags passed to the
2633.Xr usbd 8
2634daemon.
2635.It Va watchdogd_enable
2636.Pq Vt bool
2637If set to
2638.Dq Li YES ,
2639start the
2640.Xr watchdogd 8
2641daemon at boot time.
2642This requires that the kernel have been compiled with a
2643.Xr watchdog 4
2644compatible device.
2645.It Va watchdogd_flags
2646.Pq Vt str
2647If
2648.Va watchdogd_enable
2649is set to
2650.Dq Li YES ,
2651these are the flags passed to the
2652.Xr watchdogd 8
2653daemon.
2654.It Va jail_enable
2655.Pq Vt bool
2656If set to
2657.Dq Li NO ,
2658any configured jails will not be started.
2659.It Va jail_list
2660.Pq Vt str
2661A space separated list of names for jails.
2662This is purely a configuration aid to help identify and
2663configure multiple jails.
2664The names specified in this list will be used to
2665identify settings common to an instance of a jail.
2666Assuming that the jail in question was named
2667.Li vjail ,
2668you would have the following dependant variables:
2669.Bd -literal
2670jail_vjail_hostname="jail.example.com"
2671jail_vjail_ip="192.168.1.100"
2672jail_vjail_rootdir="/var/jails/vjail/root"
2673jail_vjail_exec="/bin/sh /etc/rc"
2674.Ed
2675.Pp
2676The last one is optional.
2677It defaults to
2678.Pa /etc/rc
2679if it is not set.
2680.It Va jail_set_hostname_allow
2681.Pq Vt bool
2682If set to
2683.Dq Li NO ,
2684do not allow the root user in a jail to set its hostname.
2685.It Va jail_socket_unixiproute_only
2686.Pq Vt bool
2687If set to
2688.Dq Li NO ,
2689do not allow any protocol,
2690besides TCP/IP,
2691to be used within a jail.
2692.It Va jail_sysvipc_allow
2693.Pq Vt bool
2694If set to
2695.Dq Li YES ,
2696allow applications within a jail to use System V IPC.
2697.It Va unaligned_print
2698.Pq Vt bool
2699If set to
2700.Dq Li NO ,
2701unaligned access warnings will not be printed.
2702(alpha)
2703.\" ----- isdn settings ---------------------------------
2704.It Va isdn_enable
2705.Pq Vt bool
2706Set to
2707.Dq Li NO
2708by default.
2709When set to
2710.Dq Li YES ,
2711starts the
2712.Xr isdnd 8
2713daemon
2714at system boot time.
2715.It Va isdn_flags
2716.Pq Vt str
2717Set to
2718.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2719by default.
2720Additional flags to pass to
2721.Xr isdnd 8
2722(but see
2723.Va isdn_fsdev
2724and
2725.Va isdn_ttype
2726for certain tunable parameters).
2727.It Va isdn_ttype
2728.Pq Vt str
2729Set to
2730.Dq Li cons25
2731by default.
2732The terminal type of the output device when
2733.Xr isdnd 8
2734operates in full-screen mode.
2735.It Va isdn_screenflags
2736.Pq Vt str
2737Set to
2738.Dq Li NO
2739by default.
2740The video mode for full-screen mode (only for
2741.Xr syscons 4
2742console driver, see
2743.Xr vidcontrol 1
2744for valid modes).
2745.It Va isdn_fsdev
2746.Pq Vt str
2747Set to
2748.Dq Li NO
2749by default.
2750The output device for
2751.Xr isdnd 8
2752in full-screen mode (or
2753.Dq Li NO
2754for daemon mode).
2755.It Va isdn_trace
2756.Pq Vt bool
2757Set to
2758.Dq Li NO
2759by default.
2760When set to
2761.Dq Li YES ,
2762enables the ISDN protocol trace utility
2763.Xr isdntrace 8
2764at system boot time.
2765.It Va isdn_traceflags
2766.Pq Vt str
2767Set to
2768.Dq Fl f Pa /var/tmp/isdntrace0
2769by default.
2770Flags for
2771.Xr isdntrace 8 .
2772.\" -----------------------------------------------------
2773.It Va pcvt_verbose
2774.Pq Vt bool
2775Set to
2776.Dq Li NO
2777by default.
2778When set to
2779.Dq Li YES ,
2780verbose messages about the actions done by the start script are displayed.
2781.Em Note :
2782the
2783.Xr pcvt 4
2784driver must be compiled into the kernel before the
2785.Xr pcvt 4
2786related
2787options described here take any effect.
2788.It Va pcvt_keymap
2789.Pq Vt str
2790Set to
2791.Dq Li NO
2792by default.
2793Use this to configure a national keyboard mapping found in the
2794.Pa /usr/share/misc/keycap.pcvt
2795file of keyboard mappings.
2796(See also the manual pages
2797.Xr keycap 5
2798and
2799.Xr keycap 3
2800for usage of
2801.Xr pcvt 4 Ns 's
2802keycap database and the manual page
2803.Xr kcon 1
2804option
2805.Fl m
2806for national keyboard mapping configuration.)
2807.It Va pcvt_keydel
2808.Pq Vt int
2809Set to
2810.Dq Li NO
2811by default.
2812Used to set the keyboard key repeat delay value.
2813Valid values are
2814in the range 0..3 for delay values of 250, 500, 750 and 1000 msec.
2815(See also the
2816.Xr kcon 1
2817manual page.)
2818.It Va pcvt_keyrate
2819.Pq Vt int
2820Set to
2821.Dq Li NO
2822by default.
2823Used to set the keyboard key repetition rate value.
2824Valid values are
2825in the range 0..31 for repetition values of 2..30 characters per second.
2826.It Va pcvt_keyrepeat
2827.Pq Vt bool
2828Set to
2829.Dq Li NO
2830by default.
2831Set to
2832.Dq Li YES
2833to enable automatic keyboard key repeating.
2834.It Va pcvt_force24
2835.Pq Vt bool
2836Set to
2837.Dq Li NO
2838by default.
2839Set to
2840.Dq Li YES
2841to force
2842.Xr pcvt 4
2843to use 24 lines only (in 25 lines mode) for compatibility
2844with the original
2845.Tn VT220
2846terminal.
2847.It Va pcvt_hpext
2848.Pq Vt bool
2849Set to
2850.Dq Li NO
2851by default.
2852Set to
2853.Dq Li YES
2854to enable the display and functionality of function key labels (as found
2855on
2856.Tn Hewlett-Packard
2857terminals such as the
2858.Tn HP2392A
2859and the
2860.Tn HP700/92
2861in
2862.Tn ANSI
2863mode).
2864.It Va pcvt_lines
2865.Pq Vt int
2866Set to
2867.Dq Li NO
2868by default resulting in a value of 25.
2869Used to set the number of lines on the screen.
2870For VGA displays, valid
2871values are 25, 28, 40 and 50 lines.
2872(See also the
2873.Xr scon 1
2874manual page.)
2875.It Va pcvt_blanktime
2876.Pq Vt int
2877Set to
2878.Dq Li NO
2879by default.
2880Used to set the screen saver timeout in seconds for values greater than
2881zero.
2882.It Va pcvt_cursorh
2883.Pq Vt int
2884Set to
2885.Dq Li NO
2886by default.
2887Used to set the cursor top scanline.
2888(See also the
2889.Xr cursor 1
2890manual page.)
2891.It Va pcvt_cursorl
2892.Pq Vt int
2893Set to
2894.Dq Li NO
2895by default.
2896Used to set the cursor bottom scanline.
2897.It Va pcvt_monohigh
2898.Pq Vt bool
2899Set to
2900.Dq Li NO
2901by default.
2902Set to
2903.Dq Li YES
2904to set intensity to high on monochrome monitors.
2905(See also the
2906.Xr scon 1
2907manual page, option
2908.Fl p ,
2909for more information on changing VGA palette
2910values.)
2911.It Va harvest_interrupt
2912.Pq Vt bool
2913Set to
2914.Dq Li YES
2915to use hardware interrupts as an entropy source.
2916Refer to
2917.Xr random 4
2918for more information.
2919.It Va harvest_ethernet
2920.Pq Vt bool
2921Set to
2922.Dq Li YES
2923to use LAN traffic as an entropy source.
2924Refer to
2925.Xr random 4
2926for more information.
2927.It Va harvest_p_to_p
2928.Pq Vt bool
2929Set to
2930.Dq Li YES
2931to use serial line traffic as an entropy source.
2932Refer to
2933.Xr random 4
2934for more information.
2935.It Va entropy_dir
2936.Pq Vt str
2937Set to
2938.Dq Li NO
2939to disable caching entropy via
2940.Xr cron 8 .
2941Otherwise set to the directory used to store entropy files in.
2942.It Va entropy_file
2943.Pq Vt str
2944Set to
2945.Dq Li NO
2946to disable caching entropy through reboots.
2947Otherwise set to the filename used to store cached entropy through
2948reboots.
2949This file should be located on the root file system to seed the
2950.Xr random 4
2951device as early as possible in the boot process.
2952.It Va entropy_save_sz
2953.Pq Vt int
2954Size of the entropy cache files saved by
2955.Nm save-entropy
2956periodically.
2957.It Va entropy_save_num
2958.Pq Vt int
2959Number of entropy cache files to save by
2960.Nm save-entropy
2961periodically.
2962.It Va ipsec_enable
2963.Pq Vt bool
2964Set to
2965.Dq Li YES
2966to run
2967.Xr setkey 8
2968on
2969.Va ipsec_file
2970at boot time.
2971.It Va ipsec_file
2972.Pq Vt str
2973Configuration file for
2974.Xr setkey 8 .
2975.It Va dmesg_enable
2976.Pq Vt bool
2977Set to
2978.Dq Li YES
2979to save
2980.Xr dmesg 8
2981to
2982.Pa /var/run/dmesg.boot
2983on boot.
2984.It Va rcshutdown_timeout
2985.Pq Vt int
2986If set, start a watchdog timer in the background which will terminate
2987.Pa rc.shutdown
2988if
2989.Xr shutdown 8
2990has not completed within the specified time (in seconds).
2991.It Va virecover_enable
2992.Pq Vt bool
2993Set to
2994.Dq Li NO
2995to prevent the system from trying to
2996recover pre-maturely terminated
2997.Xr vi 1
2998sessions.
2999.It Va ramdisk_units
3000.Pq Vt str
3001A list of one or more ramdisk units to configure with
3002.Xr mdconfig 8
3003and
3004.Xr newfs 8
3005in time to be mounted from
3006.Xr fstab 5 .
3007Each listed unit
3008.Ar X
3009must specify at least a
3010.Ar type
3011in a
3012.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3013variable.
3014.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3015.Pq Vt str
3016Arguments to
3017.Xr mdconfig 8
3018for ramdisk
3019.Ar X .
3020At minimum a
3021.Fl t Ar type
3022must be specified, where
3023.Ar type
3024must be one of
3025.Cm malloc
3026or
3027.Cm swap .
3028.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs
3029.Pq Vt str
3030Optional arguments passed to
3031.Xr newfs 8
3032to initialize ramdisk
3033.Ar X .
3034.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner
3035.Pq Vt str
3036An ownership specification passed to
3037.Xr chown 8
3038after the specified ramdisk unit
3039.Ar X
3040has been mounted.
3041Both the
3042.Xr md 4
3043device and the mount point will be changed.
3044.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms
3045.Pq Vt str
3046A mode string passed to
3047.Xr chmod 1
3048after the specified ramdisk unit
3049.Ar X
3050has been mounted.
3051Both the
3052.Xr md 4
3053device and the mount point will be changed.
3054.El
3055.Sh FILES
3056.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
3057.It Pa /etc/defaults/rc.conf
3058.It Pa /etc/rc.conf
3059.It Pa /etc/rc.conf.local
3060.El
3061.Sh SEE ALSO
3062.Xr catman 1 ,
3063.Xr chmod 1 ,
3064.Xr gdb 1 ,
3065.Xr info 1 ,
3066.Xr kbdcontrol 1 ,
3067.Xr makewhatis 1 ,
3068.Xr vi 1 ,
3069.Xr vidcontrol 1 ,
3070.Xr ip 4 ,
3071.Xr kld 4 ,
3072.Xr tcp 4 ,
3073.Xr udp 4 ,
3074.Xr exports 5 ,
3075.Xr motd 5 ,
3076.Xr newsyslog.conf 5 ,
3077.Xr accton 8 ,
3078.Xr amd 8 ,
3079.Xr apm 8 ,
3080.Xr atm 8 ,
3081.Xr chown 8 ,
3082.Xr cron 8 ,
3083.Xr dhclient 8 ,
3084.Xr ifconfig 8 ,
3085.Xr inetd 8 ,
3086.Xr isdnd 8 ,
3087.Xr isdntrace 8 ,
3088.Xr kldxref 8 ,
3089.Xr lpd 8 ,
3090.Xr mdconfig 8 ,
3091.Xr mountd 8 ,
3092.Xr moused 8 ,
3093.Xr mrouted 8 ,
3094.Xr named 8 ,
3095.Xr newfs 8 ,
3096.Xr nfsd 8 ,
3097.Xr ntpd 8 ,
3098.Xr ntpdate 8 ,
3099.Xr pcnfsd 8 ,
3100.Xr quotacheck 8 ,
3101.Xr quotaon 8 ,
3102.Xr rc 8 ,
3103.Xr rc.sendmail 8 ,
3104.Xr route 8 ,
3105.Xr routed 8 ,
3106.Xr rpcbind 8 ,
3107.Xr rpc.lockd 8 ,
3108.Xr rpc.statd 8 ,
3109.Xr rwhod 8 ,
3110.Xr savecore 8 ,
3111.Xr sshd 8 ,
3112.Xr swapon 8 ,
3113.Xr sysctl 8 ,
3114.Xr syslogd 8 ,
3115.Xr timed 8 ,
3116.Xr usbd 8 ,
3117.Xr vinum 8 ,
3118.Xr yp 8 ,
3119.Xr ypbind 8 ,
3120.Xr ypserv 8 ,
3121.Xr ypset 8
3122.Sh HISTORY
3123The
3124.Nm
3125file appeared in
3126.Fx 2.2.2 .
3127.Sh AUTHORS
3128.An Jordan K. Hubbard .
3129