xref: /freebsd/share/man/man5/rc.conf.5 (revision cfd6422a5217410fbd66f7a7a8a64d9d85e61229)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd January 10, 2021
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/defaults/vendor.conf
63allows vendors to override
64.Fx
65defaults.
66The file
67.Pa /etc/rc.conf.local
68is used to override settings in
69.Pa /etc/rc.conf
70for historical reasons.
71.Pp
72The sysrc(8) command provides a scripting interface to modify system
73config files.
74.Pp
75In addition to
76.Pa /etc/rc.conf.local
77you can also place smaller configuration files for each
78.Xr rc 8
79script in the
80.Pa /etc/rc.conf.d
81directory or
82.Ao Ar dir Ac Ns Pa /rc.conf.d
83directories specified in
84.Va local_startup ,
85which will be included by the
86.Va load_rc_config
87function.
88For jail configurations you could use the file
89.Pa /etc/rc.conf.d/jail
90to store jail specific configuration options.
91If
92.Va local_startup
93contains
94.Pa /usr/local/etc/rc.d
95and
96.Pa /opt/conf ,
97.Pa /usr/local/rc.conf.d/jail
98and
99.Pa /opt/conf/rc.conf.d/jail
100will be loaded.
101If
102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
103is a directory,
104all of files in the directory will be loaded.
105Also see the
106.Va rc_conf_files
107variable below.
108.Pp
109Options are set with
110.Dq Ar name Ns Li = Ns Ar value
111assignments that use
112.Xr sh 1
113syntax.
114The following list provides a name and short description for each
115variable that can be set in the
116.Nm
117file:
118.Bl -tag -width indent-two
119.It Va rc_debug
120.Pq Vt bool
121If set to
122.Dq Li YES ,
123enable output of debug messages from rc scripts.
124This variable can be helpful in diagnosing mistakes when
125editing or integrating new scripts.
126Beware that this produces copious output to the terminal and
127.Xr syslog 3 .
128.It Va rc_info
129.Pq Vt bool
130If set to
131.Dq Li NO ,
132disable informational messages from the rc scripts.
133Informational messages are displayed when
134a condition that is not serious enough to warrant a warning or
135an error occurs.
136.It Va rc_startmsgs
137.Pq Vt bool
138If set to
139.Dq Li YES ,
140show
141.Dq Starting foo:
142when faststart is used (e.g., at boot time).
143.It Va early_late_divider
144.Pq Vt str
145The name of the script that should be used as the
146delimiter between the
147.Dq early
148and
149.Dq late
150stages of the boot process.
151The early stage should contain all the services needed to
152get the disks (local or remote) mounted so that the late
153stage can include scripts contained in the directories
154listed in the
155.Va local_startup
156variable (see below).
157Thus, the two likely candidates for this value are
158.Pa mountcritlocal
159for the typical system, and
160.Pa mountcritremote
161if the system needs remote file
162systems mounted to get access to the
163.Va local_startup
164directories; for example when
165.Pa /usr/local
166is NFS mounted.
167For
168.Pa rc.conf
169within a
170.Xr jail 8
171.Pa NETWORKING
172is likely to be an appropriate value.
173Extreme care should be taken when changing this value,
174and before changing it one should ensure that there are
175adequate provisions to recover from a failed boot
176(such as physical contact with the machine,
177or reliable remote console access).
178.It Va always_force_depends
179.Pq Vt bool
180Various
181.Pa rc.d
182scripts use the force_depend function to check whether required
183services are already running, and to start them if necessary.
184By default during boot time this check is bypassed if the
185required service is enabled in
186.Pa /etc/rc.conf[.local] .
187Setting this option will bypass that check at boot time and
188always test whether or not the service is actually running.
189Enabling this option is likely to increase your boot time if
190services are enabled that utilize the force_depend check.
191.It Ao Ar name Ac Ns Va _chroot
192.Pq Vt str
193.Xr chroot 8
194to this directory before running the service.
195.It Ao Ar name Ac Ns Va _user
196.Pq Vt str
197Run the service under this user account.
198.It Ao Ar name Ac Ns Va _group
199.Pq Vt str
200Run the chrooted service under this system group.
201Unlike the _user
202setting, this setting has no effect if the service is not chrooted.
203.It Ao Ar name Ac Ns Va _fib
204.Pq Vt int
205The
206.Xr setfib 1
207value to run the service under.
208.It Ao Ar name Ac Ns Va _nice
209.Pq Vt int
210The
211.Xr nice 1
212value to run the service under.
213.It Va apm_enable
214.Pq Vt bool
215If set to
216.Dq Li YES ,
217enable support for Automatic Power Management with
218the
219.Xr apm 8
220command.
221.It Va apmd_enable
222.Pq Vt bool
223Run
224.Xr apmd 8
225to handle APM event from userland.
226This also enables support for APM.
227.It Va apmd_flags
228.Pq Vt str
229If
230.Va apmd_enable
231is set to
232.Dq Li YES ,
233these are the flags to pass to the
234.Xr apmd 8
235daemon.
236.It Va devd_enable
237.Pq Vt bool
238Run
239.Xr devd 8
240to handle device added, removed or unknown events from the kernel.
241.It Va ddb_enable
242.Pq Vt bool
243Run
244.Xr ddb 8
245to install
246.Xr ddb 4
247scripts at boot time.
248.It Va ddb_config
249.Pq Vt str
250Configuration file for
251.Xr ddb 8 .
252Default
253.Pa /etc/ddb.conf .
254.It Va devmatch_enable
255.Pq Vt bool
256If set to
257.Dq Li NO ,
258disable auto-loading of kernel modules with
259.Xr devmatch 8 .
260.It Va devmatch_blacklist
261.Pq Vt str
262A whitespace-separated list of kernel modules to be ignored by
263.Xr devmatch 8 .
264.It Va kld_list
265.Pq Vt str
266A whitespace-separated list of kernel modules to load right after
267the local disks are mounted, without any
268.Pa .ko
269extension or path.
270Loading modules at this point in the boot process is
271much faster than doing it via
272.Pa /boot/loader.conf
273for those modules not necessary for mounting local disks.
274.It Va kldxref_enable
275.Pq Vt bool
276Set to
277.Dq Li NO
278by default.
279Set to
280.Dq Li YES
281to automatically rebuild
282.Pa linker.hints
283files with
284.Xr kldxref 8
285at boot time.
286.It Va kldxref_clobber
287.Pq Vt bool
288Set to
289.Dq Li NO
290by default.
291If
292.Va kldxref_enable
293is true,
294setting to
295.Dq Li YES
296will overwrite existing
297.Pa linker.hints
298files at boot time.
299Otherwise,
300only missing
301.Pa linker.hints
302files are generated.
303.It Va kldxref_module_path
304.Pq Vt str
305Empty by default.
306A semi-colon
307.Pq Ql \&;
308delimited list of paths containing
309.Xr kld 4
310modules.
311If empty,
312the contents of the
313.Va kern.module_path
314.Xr sysctl 8
315are used.
316.It Va powerd_enable
317.Pq Vt bool
318If set to
319.Dq Li YES ,
320enable the system power control facility with the
321.Xr powerd 8
322daemon.
323.It Va powerd_flags
324.Pq Vt str
325If
326.Va powerd_enable
327is set to
328.Dq Li YES ,
329these are the flags to pass to the
330.Xr powerd 8
331daemon.
332.It Va tmpmfs
333Controls the creation of a
334.Pa /tmp
335memory file system.
336Always happens if set to
337.Dq Li YES
338and never happens if set to
339.Dq Li NO .
340If set to anything else, a memory file system is created if
341.Pa /tmp
342is not writable.
343.It Va tmpsize
344Controls the size of a created
345.Pa /tmp
346memory file system.
347.It Va tmpmfs_flags
348Extra options passed to the
349.Xr mdmfs 8
350utility when the memory file system for
351.Pa /tmp
352is created.
353The default is
354.Dq Li "-S" ,
355which inhibits the use of softupdates on
356.Pa /tmp
357so that file system space is freed without delay
358after file truncation or deletion.
359See
360.Xr mdmfs 8
361for other options you can use in
362.Va tmpmfs_flags .
363.It Va varmfs
364Controls the creation of a
365.Pa /var
366memory file system.
367Always happens if set to
368.Dq Li YES
369and never happens if set to
370.Dq Li NO .
371If set to anything else, a memory file system is created if
372.Pa /var
373is not writable.
374.It Va varsize
375Controls the size of a created
376.Pa /var
377memory file system.
378.It Va varmfs_flags
379Extra options passed to the
380.Xr mdmfs 8
381utility when the memory file system for
382.Pa /var
383is created.
384The default is
385.Dq Li "-S" ,
386which inhibits the use of softupdates on
387.Pa /var
388so that file system space is freed without delay
389after file truncation or deletion.
390See
391.Xr mdmfs 8
392for other options you can use in
393.Va varmfs_flags .
394.It Va populate_var
395Controls the automatic population of the
396.Pa /var
397file system.
398Always happens if set to
399.Dq Li YES
400and never happens if set to
401.Dq Li NO .
402If set to anything else, a memory file system is created if
403.Pa /var
404is not writable.
405Note that this process requires access to certain commands in
406.Pa /usr
407before
408.Pa /usr
409is mounted on normal systems.
410.It Va cleanvar_enable
411.Pq Vt bool
412Clean the
413.Pa /var
414directory.
415.It Va local_startup
416.Pq Vt str
417List of directories to search for startup script files.
418.It Va script_name_sep
419.Pq Vt str
420The field separator to use for breaking down the list of startup script files
421into individual filenames.
422The default is a space.
423It is not necessary to change this unless there are startup scripts with names
424containing spaces.
425.It Va hostapd_enable
426.Pq Vt bool
427Set to
428.Dq Li YES
429to start
430.Xr hostapd 8
431at system boot time.
432.It Va hostname
433.Pq Vt str
434The fully qualified domain name (FQDN) of this host on the network.
435This should almost certainly be set to something meaningful, even if
436there is no network connection.
437If
438.Xr dhclient 8
439is used to set the hostname via DHCP,
440this variable should be set to an empty string.
441Within a
442.Xr jail 8
443the hostname is generally already set and this variable may be absent.
444If this value remains unset when the system is done booting
445your console login will display the default hostname of
446.Dq Amnesiac .
447.It Va nisdomainname
448.Pq Vt str
449The NIS domain name of this host, or
450.Dq Li NO
451if NIS is not used.
452.It Va dhclient_program
453.Pq Vt str
454Path to the DHCP client program
455.Pa ( /sbin/dhclient ,
456the
457.Ox
458DHCP client,
459is the default).
460.It Va dhclient_flags
461.Pq Vt str
462Additional flags to pass to the DHCP client program.
463For the
464.Ox
465DHCP client, see the
466.Xr dhclient 8
467manpage for a description of the command line options available.
468.It Va dhclient_flags_ Ns Aq Ar iface
469Additional flags to pass to the DHCP client program running on
470.Ar iface
471only.
472When specified, this variable overrides
473.Va dhclient_flags .
474.It Va background_dhclient
475.Pq Vt bool
476Set to
477.Dq Li YES
478to start the DHCP client in background.
479This can cause trouble with applications depending on
480a working network, but it will provide a faster startup
481in many cases.
482.It Va background_dhclient_ Ns Aq Ar iface
483When specified, this variable overrides the
484.Va background_dhclient
485variable for interface
486.Ar iface
487only.
488.It Va synchronous_dhclient
489.Pq Vt bool
490Set to
491.Dq Li YES
492to start
493.Xr dhclient 8
494synchronously at startup.
495This behavior can be overridden on a per-interface basis by replacing
496the
497.Dq Li DHCP
498keyword in the
499.Va ifconfig_ Ns Aq Ar interface
500variable with
501.Dq Li SYNCDHCP
502or
503.Dq Li NOSYNCDHCP .
504.It Va defaultroute_delay
505.Pq Vt int
506When set to a positive value, wait up to this long after configuring
507DHCP interfaces at startup to give the interfaces time to receive a lease.
508.It Va firewall_enable
509.Pq Vt bool
510Set to
511.Dq Li YES
512to load firewall rules at startup.
513If the kernel was not built with
514.Cd "options IPFIREWALL" ,
515the
516.Pa ipfw.ko
517kernel module will be loaded.
518See also
519.Va ipfilter_enable .
520.It Va firewall_script
521.Pq Vt str
522This variable specifies the full path to the firewall script to run.
523The default is
524.Pa /etc/rc.firewall .
525.It Va firewall_type
526.Pq Vt str
527Names the firewall type from the selection in
528.Pa /etc/rc.firewall ,
529or the file which contains the local firewall ruleset.
530Valid selections from
531.Pa /etc/rc.firewall
532are:
533.Pp
534.Bl -tag -width ".Li simple" -compact
535.It Li open
536unrestricted IP access
537.It Li closed
538all IP services disabled, except via
539.Dq Li lo0
540.It Li client
541basic protection for a workstation
542.It Li simple
543basic protection for a LAN.
544.El
545.Pp
546If a filename is specified, the full path
547must be given.
548.It Va firewall_quiet
549.Pq Vt bool
550Set to
551.Dq Li YES
552to disable the display of firewall rules on the console during boot.
553.It Va firewall_logging
554.Pq Vt bool
555Set to
556.Dq Li YES
557to enable firewall event logging.
558This is equivalent to the
559.Dv IPFIREWALL_VERBOSE
560kernel option.
561.It Va firewall_logif
562.Pq Vt bool
563Set to
564.Dq Li YES
565to create pseudo interface
566.Li ipfw0
567for logging.
568For more details, see
569.Xr ipfw 8
570manual page.
571.It Va firewall_flags
572.Pq Vt str
573Flags passed to
574.Xr ipfw 8
575if
576.Va firewall_type
577specifies a filename.
578.It Va firewall_coscripts
579.Pq Vt str
580List of executables and/or rc scripts to run after firewall starts/stops.
581Default is empty.
582.\" ----- firewall_nat_enable setting --------------------------------
583.It Va firewall_nat_enable
584.Pq Vt bool
585The
586.Xr ipfw 8
587equivalent of
588.Va natd_enable .
589Setting this to
590.Dq Li YES
591will automatically load the
592.Xr ipfw 8
593NAT kernel module if
594.Va firewall_enable
595is also set to
596.Dq Li YES .
597.It Va firewall_nat_interface
598.Pq Vt str
599The
600.Xr ipfw 8
601equivalent of
602.Va natd_interface .
603This is the name of the public interface or IP address on which
604kernel NAT should run.
605.It Va firewall_nat_flags
606.Pq Vt str
607Additional configuration parameters for kernel NAT should be placed here.
608.It Va firewall_nat64_enable
609.Pq Vt bool
610Setting this to
611.Dq Li YES
612will automatically load the
613.Xr ipfw 8
614NAT64 kernel module if
615.Va firewall_enable
616is also set to
617.Dq Li YES .
618.It Va firewall_nptv6_enable
619.Pq Vt bool
620Setting this to
621.Dq Li YES
622will automatically load the
623.Xr ipfw 8
624NPTv6 kernel module if
625.Va firewall_enable
626is also set to
627.Dq Li YES .
628.It Va firewall_pmod_enable
629.Pq Vt bool
630Setting this to
631.Dq Li YES
632will automatically load the
633.Xr ipfw 8
634pmod kernel module if
635.Va firewall_enable
636is also set to
637.Dq Li YES .
638.It Va dummynet_enable
639.Pq Vt bool
640Setting this to
641.Dq Li YES
642will automatically load the
643.Xr dummynet 4
644module if
645.Va firewall_enable
646is also set to
647.Dq Li YES .
648.\" -------------------------------------------------------------------
649.It Va ipfw_netflow_enable
650.Pq Vt bool
651Setting this to
652.Dq Li YES
653will enable netflow logging via
654.Xr ng_netflow 4
655.Pp
656By default a ipfw rule is inserted and all packets are duplicated with
657the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
658port using protocol version 5.
659.It Va ipfw_netflow_hook
660.Pq Vt int
661netflow hook name, must be numerical
662(default
663.Pa 9995 ) .
664.It Va ipfw_netflow_rule
665.Pq Vt int
666ipfw rule number
667(default
668.Pa 1000 ) .
669.It Va ipfw_netflow_ip
670.Pq Vt str
671Destination server ip for receiving netflow data
672(default
673.Pa 127.0.0.1 ) .
674.It Va ipfw_netflow_port
675.Pq Vt int
676Destination server port for receiving netflow data
677(default
678.Pa 9995 ) .
679.It Va ipfw_netflow_version
680.Pq Vt int
681Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
682.It Va ipfw_netflow_fib
683.Pq Vt int
684Only match packet in FIB
685.Pa ipfw_netflow_fib
686(default is undefined meaning all FIBs).
687.It Va natd_program
688.Pq Vt str
689Path to
690.Xr natd 8 .
691.It Va natd_enable
692.Pq Vt bool
693Set to
694.Dq Li YES
695to enable
696.Xr natd 8 .
697.Va firewall_enable
698must also be set to
699.Dq Li YES ,
700and
701.Xr divert 4
702sockets must be enabled in the kernel.
703If the kernel was not built with
704.Cd "options IPDIVERT" ,
705the
706.Pa ipdivert.ko
707kernel module will be loaded.
708.It Va natd_interface
709.Pq Vt str
710This is the name of the public interface on which
711.Xr natd 8
712should run.
713The interface may be given as an interface name or as an IP address.
714.It Va natd_flags
715.Pq Vt str
716Additional
717.Xr natd 8
718flags should be placed here.
719The
720.Fl n
721or
722.Fl a
723flag is automatically added with the above
724.Va natd_interface
725as an argument.
726.\" ----- ipfilter_enable setting --------------------------------
727.It Va ipfilter_enable
728.Pq Vt bool
729Set to
730.Dq Li NO
731by default.
732Setting this to
733.Dq Li YES
734enables
735.Xr ipf 8
736packet filtering.
737.Pp
738Typical usage will require putting
739.Bd -literal
740ipfilter_enable="YES"
741ipnat_enable="YES"
742ipmon_enable="YES"
743ipfs_enable="YES"
744.Ed
745.Pp
746into
747.Pa /etc/rc.conf
748and editing
749.Pa /etc/ipf.rules
750and
751.Pa /etc/ipnat.rules
752appropriately.
753.Pp
754Note that
755.Va ipfilter_enable
756and
757.Va ipnat_enable
758can be enabled independently.
759.Va ipmon_enable
760and
761.Va ipfs_enable
762both require at least one of
763.Va ipfilter_enable
764and
765.Va ipnat_enable
766to be enabled.
767.Pp
768Having
769.Bd -literal
770options IPFILTER
771options IPFILTER_LOG
772options IPFILTER_DEFAULT_BLOCK
773.Ed
774.Pp
775in the kernel configuration file is a good idea, too.
776.\" ----- ipfilter_program setting ------------------------------
777.It Va ipfilter_program
778.Pq Vt str
779Path to
780.Xr ipf 8
781(default
782.Pa /sbin/ipf ) .
783.\" ----- ipfilter_rules setting --------------------------------
784.It Va ipfilter_rules
785.Pq Vt str
786Set to
787.Pa /etc/ipf.rules
788by default.
789This variable contains the name of the filter rule definition file.
790The file is expected to be readable for the
791.Xr ipf 8
792command to execute.
793.\" ----- ipv6_ipfilter_rules setting ---------------------------
794.It Va ipv6_ipfilter_rules
795.Pq Vt str
796Set to
797.Pa /etc/ipf6.rules
798by default.
799This variable contains the IPv6 filter rule definition file.
800The file is expected to be readable for the
801.Xr ipf 8
802command to execute.
803.\" ----- ipfilter_flags setting --------------------------------
804.It Va ipfilter_flags
805.Pq Vt str
806Empty by default.
807This variable contains flags passed to the
808.Xr ipf 8
809program.
810.\" ----- ipnat_enable setting ----------------------------------
811.It Va ipnat_enable
812.Pq Vt bool
813Set to
814.Dq Li NO
815by default.
816Set it to
817.Dq Li YES
818to enable
819.Xr ipnat 8
820network address translation.
821See
822.Va ipfilter_enable
823for a detailed discussion.
824.\" ----- ipnat_program setting ---------------------------------
825.It Va ipnat_program
826.Pq Vt str
827Path to
828.Xr ipnat 8
829(default
830.Pa /sbin/ipnat ) .
831.\" ----- ipnat_rules setting -----------------------------------
832.It Va ipnat_rules
833.Pq Vt str
834Set to
835.Pa /etc/ipnat.rules
836by default.
837This variable contains the name of the file
838holding the network address translation definition.
839This file is expected to be readable for the
840.Xr ipnat 8
841command to execute.
842.\" ----- ipnat_flags setting -----------------------------------
843.It Va ipnat_flags
844.Pq Vt str
845Empty by default.
846This variable contains flags passed to the
847.Xr ipnat 8
848program.
849.\" ----- ipmon_enable setting ----------------------------------
850.It Va ipmon_enable
851.Pq Vt bool
852Set to
853.Dq Li NO
854by default.
855Set it to
856.Dq Li YES
857to enable
858.Xr ipmon 8
859monitoring (logging
860.Xr ipf 8
861and
862.Xr ipnat 8
863events).
864Setting this variable needs setting
865.Va ipfilter_enable
866or
867.Va ipnat_enable
868too.
869See
870.Va ipfilter_enable
871for a detailed discussion.
872.\" ----- ipmon_program setting ---------------------------------
873.It Va ipmon_program
874.Pq Vt str
875Path to
876.Xr ipmon 8
877(default
878.Pa /sbin/ipmon ) .
879.\" ----- ipmon_flags setting -----------------------------------
880.It Va ipmon_flags
881.Pq Vt str
882Set to
883.Dq Li -Ds
884by default.
885This variable contains flags passed to the
886.Xr ipmon 8
887program.
888Another typical example would be
889.Dq Fl D Pa /var/log/ipflog
890to have
891.Xr ipmon 8
892log directly to a file bypassing
893.Xr syslogd 8 .
894Make sure to adjust
895.Pa /etc/newsyslog.conf
896in such case like this:
897.Bd -literal
898/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
899.Ed
900.\" ----- ipfs_enable setting -----------------------------------
901.It Va ipfs_enable
902.Pq Vt bool
903Set to
904.Dq Li NO
905by default.
906Set it to
907.Dq Li YES
908to enable
909.Xr ipfs 8
910saving the filter and NAT state tables during shutdown
911and reloading them during startup again.
912Setting this variable needs setting
913.Va ipfilter_enable
914or
915.Va ipnat_enable
916to
917.Dq Li YES
918too.
919See
920.Va ipfilter_enable
921for a detailed discussion.
922Note that if
923.Va kern_securelevel
924is set to 3,
925.Va ipfs_enable
926cannot be used
927because the raised securelevel will prevent
928.Xr ipfs 8
929from saving the state tables at shutdown time.
930.\" ----- ipfs_program setting ----------------------------------
931.It Va ipfs_program
932.Pq Vt str
933Path to
934.Xr ipfs 8
935(default
936.Pa /sbin/ipfs ) .
937.\" ----- ipfs_flags setting ------------------------------------
938.It Va ipfs_flags
939.Pq Vt str
940Empty by default.
941This variable contains flags passed to the
942.Xr ipfs 8
943program.
944.\" ----- end of added ipf hook ---------------------------------
945.It Va pf_enable
946.Pq Vt bool
947Set to
948.Dq Li NO
949by default.
950Setting this to
951.Dq Li YES
952enables
953.Xr pf 4
954packet filtering.
955.Pp
956Typical usage will require putting
957.Pp
958.Dl pf_enable="YES"
959.Pp
960into
961.Pa /etc/rc.conf
962and editing
963.Pa /etc/pf.conf
964appropriately.
965Adding
966.Pp
967.Dl "device pf"
968.Pp
969builds support for
970.Xr pf 4
971into the kernel, otherwise the
972kernel module will be loaded.
973.It Va pf_rules
974.Pq Vt str
975Path to
976.Xr pf 4
977ruleset configuration file
978(default
979.Pa /etc/pf.conf ) .
980.It Va pf_program
981.Pq Vt str
982Path to
983.Xr pfctl 8
984(default
985.Pa /sbin/pfctl ) .
986.It Va pf_flags
987.Pq Vt str
988If
989.Va pf_enable
990is set to
991.Dq Li YES ,
992these flags are passed to the
993.Xr pfctl 8
994program when loading the ruleset.
995.It Va pflog_enable
996.Pq Vt bool
997Set to
998.Dq Li NO
999by default.
1000Setting this to
1001.Dq Li YES
1002enables
1003.Xr pflogd 8
1004which logs packets from the
1005.Xr pf 4
1006packet filter.
1007.It Va pflog_logfile
1008.Pq Vt str
1009If
1010.Va pflog_enable
1011is set to
1012.Dq Li YES
1013this controls where
1014.Xr pflogd 8
1015stores the logfile
1016(default
1017.Pa /var/log/pflog ) .
1018Check
1019.Pa /etc/newsyslog.conf
1020to adjust logfile rotation for this.
1021.It Va pflog_program
1022.Pq Vt str
1023Path to
1024.Xr pflogd 8
1025(default
1026.Pa /sbin/pflogd ) .
1027.It Va pflog_flags
1028.Pq Vt str
1029Empty by default.
1030This variable contains additional flags passed to the
1031.Xr pflogd 8
1032program.
1033.It Va pflog_instances
1034.Pq Vt str
1035If logging to more than one
1036.Xr pflog 4
1037interface is desired,
1038.Va pflog_instances
1039is set to the list of
1040.Xr pflogd 8
1041instances that should be started at system boot time.
1042If
1043.Va pflog_instances
1044is set, for each whitespace-separated
1045.Ar element
1046in the list,
1047.Ao Ar element Ac Ns Va _dev
1048and
1049.Ao Ar element Ac Ns Va _logfile
1050elements are assumed to exist.
1051.Ao Ar element Ac Ns Va _dev
1052must contain the
1053.Xr pflog 4
1054interface to be watched by the named
1055.Xr pflogd 8
1056instance.
1057.Ao Ar element Ac Ns Va _logfile
1058must contain the name of the logfile that will be used by the
1059.Xr pflogd 8
1060instance.
1061.It Va ftpproxy_enable
1062.Pq Vt bool
1063Set to
1064.Dq Li NO
1065by default.
1066Setting this to
1067.Dq Li YES
1068enables
1069.Xr ftp-proxy 8
1070which supports the
1071.Xr pf 4
1072packet filter in translating ftp connections.
1073.It Va ftpproxy_flags
1074.Pq Vt str
1075Empty by default.
1076This variable contains additional flags passed to the
1077.Xr ftp-proxy 8
1078program.
1079.It Va ftpproxy_instances
1080.Pq Vt str
1081Empty by default.
1082If multiple instances of
1083.Xr ftp-proxy 8
1084are desired at boot time,
1085.Va ftpproxy_instances
1086should contain a whitespace-separated list of instance names.
1087For each
1088.Ar element
1089in the list, a variable named
1090.Ao Ar element Ac Ns Va _flags
1091should be defined, containing the command-line flags to be passed to the
1092.Xr ftp-proxy 8
1093instance.
1094.It Va pfsync_enable
1095.Pq Vt bool
1096Set to
1097.Dq Li NO
1098by default.
1099Setting this to
1100.Dq Li YES
1101enables exposing
1102.Xr pf 4
1103state changes to other hosts over the network by means of
1104.Xr pfsync 4 .
1105The
1106.Va pfsync_syncdev
1107variable
1108must also be set then.
1109.It Va pfsync_syncdev
1110.Pq Vt str
1111Empty by default.
1112This variable specifies the name of the network interface
1113.Xr pfsync 4
1114should operate through.
1115It must be set accordingly if
1116.Va pfsync_enable
1117is set to
1118.Dq Li YES .
1119.It Va pfsync_syncpeer
1120.Pq Vt str
1121Empty by default.
1122This variable is optional.
1123By default, state change messages are sent out on the synchronisation
1124interface using IP multicast packets.
1125The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1126224.0.0.240.
1127When a peer address is specified using the
1128.Va pfsync_syncpeer
1129option, the peer address is used as a destination for the pfsync
1130traffic, and the traffic can then be protected using
1131.Xr ipsec 4 .
1132See the
1133.Xr pfsync 4
1134manpage for more details about using
1135.Xr ipsec 4
1136with
1137.Xr pfsync 4
1138interfaces.
1139.It Va pfsync_ifconfig
1140.Pq Vt str
1141Empty by default.
1142This variable can contain additional options to be passed to the
1143.Xr ifconfig 8
1144command used to set up
1145.Xr pfsync 4 .
1146.It Va tcp_extensions
1147.Pq Vt bool
1148Set to
1149.Dq Li YES
1150by default.
1151Setting this to
1152.Dq Li NO
1153disables certain TCP options as described by
1154.Rs
1155.%T "RFC 1323"
1156.Re
1157Setting this to
1158.Dq Li NO
1159might help remedy such problems with connections as randomly hanging
1160or other weird behavior.
1161Some network devices are known
1162to be broken with respect to these options.
1163.It Va log_in_vain
1164.Pq Vt int
1165Set to 0 by default.
1166The
1167.Xr sysctl 8
1168variables,
1169.Va net.inet.tcp.log_in_vain
1170and
1171.Va net.inet.udp.log_in_vain ,
1172as described in
1173.Xr tcp 4
1174and
1175.Xr udp 4 ,
1176are set to the given value.
1177.It Va tcp_keepalive
1178.Pq Vt bool
1179Set to
1180.Dq Li YES
1181by default.
1182Setting to
1183.Dq Li NO
1184will disable probing idle TCP connections to verify that the
1185peer is still up and reachable.
1186.It Va tcp_drop_synfin
1187.Pq Vt bool
1188Set to
1189.Dq Li NO
1190by default.
1191Setting to
1192.Dq Li YES
1193will cause the kernel to ignore TCP frames that have both
1194the SYN and FIN flags set.
1195This prevents OS fingerprinting, but may
1196break some legitimate applications.
1197.It Va icmp_drop_redirect
1198.Pq Vt bool
1199Set to
1200.Dq Li AUTO
1201by default.
1202This setting will be identical to
1203.Dq Li YES ,
1204if a dynamicrouting daemon is enabled, because redirect processing may
1205cause performance issues for large routing tables.
1206If no such service is enabled, this setting behaves like a
1207.Dq Li NO .
1208Setting to
1209.Dq Li YES
1210will cause the kernel to ignore ICMP REDIRECT packets.
1211Setting to
1212.Dq Li NO
1213will cause the kernel to process ICMP REDIRECT packets.
1214Refer to
1215.Xr icmp 4
1216for more information.
1217.It Va icmp_log_redirect
1218.Pq Vt bool
1219Set to
1220.Dq Li NO
1221by default.
1222Setting to
1223.Dq Li YES
1224will cause the kernel to log ICMP REDIRECT packets.
1225Note that
1226the log messages are not rate-limited, so this option should only be used
1227for troubleshooting networks.
1228Refer to
1229.Xr icmp 4
1230for more information.
1231.It Va icmp_bmcastecho
1232.Pq Vt bool
1233Set to
1234.Dq Li YES
1235to respond to broadcast or multicast ICMP ping packets.
1236Refer to
1237.Xr icmp 4
1238for more information.
1239.It Va ip_portrange_first
1240.Pq Vt int
1241If not set to
1242.Dq Li NO ,
1243this is the first port in the default portrange.
1244Refer to
1245.Xr ip 4
1246for more information.
1247.It Va ip_portrange_last
1248.Pq Vt int
1249If not set to
1250.Dq Li NO ,
1251this is the last port in the default portrange.
1252Refer to
1253.Xr ip 4
1254for more information.
1255.It Va network_interfaces
1256.Pq Vt str
1257Set to the list of network interfaces to configure on this host or
1258.Dq Li AUTO
1259(the default) for all current interfaces.
1260Setting the
1261.Va network_interfaces
1262variable to anything other than the default is deprecated.
1263Interfaces that the administrator wishes to store configuration for,
1264but not start at boot should be configured with the
1265.Dq Li NOAUTO
1266keyword in their
1267.Va ifconfig_ Ns Aq Ar interface
1268variables as described below.
1269.Pp
1270An
1271.Va ifconfig_ Ns Aq Ar interface
1272variable is also assumed to exist for each value of
1273.Ar interface .
1274When an interface name contains any of the characters
1275.Dq Li .-/+
1276they are translated to
1277.Dq Li _
1278before lookup.
1279The variable can contain arguments to
1280.Xr ifconfig 8 ,
1281as well as special case-insensitive keywords described below.
1282Such keywords are removed before passing the value to
1283.Xr ifconfig 8
1284while the order of the other arguments is preserved.
1285.Pp
1286It is possible to add IP alias entries using
1287.Xr ifconfig 8
1288syntax with the address family keyword such as
1289.Li inet .
1290Assuming that the interface in question was
1291.Li em0 ,
1292it might look something like this:
1293.Bd -literal
1294ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1295ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1296.Ed
1297.Pp
1298It also possible to configure multiple IP addresses in Classless
1299Inter-Domain Routing
1300.Pq CIDR
1301address notation,
1302whose each address component can be a range like
1303.Li inet 192.0.2.5-23/24
1304or
1305.Li inet6 2001:db8:1-f::1/64 .
1306This notation allows address and prefix length part only,
1307not the other address modifiers.
1308Note that the maximum number of the generated addresses from a range
1309specification is limited to an integer value specified in
1310.Va netif_ipexpand_max
1311in
1312.Nm
1313because a small typo can unexpectedly generate a large number of addresses.
1314The default value is
1315.Li 2048 .
1316It can be increased by adding the following line into
1317.Nm :
1318.Bd -literal
1319netif_ipexpand_max="4096"
1320.Ed
1321.Pp
1322In the case of
1323.Li 192.0.2.5-23/24 ,
1324the address 192.0.2.5 will be configured with the
1325netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1326the non-conflicting netmask /32 as explained in the
1327.Xr ifconfig 8
1328alias section.
1329Note that this special netmask handling is only for
1330.Li inet ,
1331not for the other address families such as
1332.Li inet6 .
1333.Pp
1334With the interface in question being
1335.Li em0 ,
1336an example could look like:
1337.Bd -literal
1338ifconfig_em0_alias2="inet 192.0.2.129/27"
1339ifconfig_em0_alias3="inet 192.0.2.1-5/28"
1340.Ed
1341.Pp
1342and so on.
1343.Pp
1344Note that deprecated
1345.Va ipv4_addrs_ Ns Aq Ar interface
1346variable was supported for IPv4 CIDR address notation.
1347The
1348.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1349variable replaces it, though
1350.Va ipv4_addrs_ Ns Aq Ar interface
1351is still supported for backward compatibility.
1352.Pp
1353For each
1354.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1355entry with an address family keyword,
1356its contents are passed to
1357.Xr ifconfig 8 .
1358Execution stops at the first unsuccessful access, so if
1359something like this is present:
1360.Bd -literal
1361ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1362ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1363ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1364ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1365.Ed
1366.Pp
1367Then note that alias4 would
1368.Em not
1369be added since the search would
1370stop with the missing
1371.Dq Li alias3
1372entry.
1373Because of this difficult to manage behavior,
1374there is
1375.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1376variable, which has the same functionality as
1377.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1378and can have all of entries in a variable like the following:
1379.Bd -literal
1380ifconfig_em0_aliases="\\
1381	inet 127.0.0.251 netmask 0xffffffff \\
1382	inet 127.0.0.252 netmask 0xffffffff \\
1383	inet 127.0.0.253 netmask 0xffffffff \\
1384	inet 127.0.0.254 netmask 0xffffffff"
1385.Ed
1386.Pp
1387It also supports CIDR notation.
1388.Pp
1389If the
1390.Pa /etc/start_if. Ns Aq Ar interface
1391file is present, it is read and executed by the
1392.Xr sh 1
1393interpreter
1394before configuring the interface as specified in the
1395.Va ifconfig_ Ns Aq Ar interface
1396and
1397.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1398variables.
1399.Pp
1400If a
1401.Va vlans_ Ns Aq Ar interface
1402variable is set,
1403a
1404.Xr vlan 4
1405interface will be created for each item in the list with the
1406.Ar vlandev
1407argument set to
1408.Ar interface .
1409If a vlan interface's name is a number,
1410then that number is used as the vlan tag and the new vlan interface is
1411named
1412.Ar interface . Ns Ar tag .
1413Otherwise,
1414the vlan tag must be specified via a
1415.Va vlan
1416parameter in the
1417.Va create_args_ Ns Aq Ar interface
1418variable.
1419.Pp
1420To create a vlan device named
1421.Li em0.101
1422on
1423.Li em0
1424with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1425.Bd -literal
1426vlans_em0="101"
1427ifconfig_em0_101="inet 192.0.2.1/24"
1428.Ed
1429.Pp
1430To create a vlan device named
1431.Li myvlan
1432on
1433.Li em0
1434with the vlan tag 102:
1435.Bd -literal
1436vlans_em0="myvlan"
1437create_args_myvlan="vlan 102"
1438.Ed
1439.Pp
1440If a
1441.Va wlans_ Ns Aq Ar interface
1442variable is set,
1443an
1444.Xr wlan 4
1445interface will be created for each item in the list with the
1446.Ar wlandev
1447argument set to
1448.Ar interface .
1449Further wlan cloning arguments may be passed to the
1450.Xr ifconfig 8
1451.Cm create
1452command by setting the
1453.Va create_args_ Ns Aq Ar interface
1454variable.
1455One or more
1456.Xr wlan 4
1457devices must be created for each wireless devices as of
1458.Fx 8.0 .
1459Debugging flags for
1460.Xr wlan 4
1461devices as set by
1462.Xr wlandebug 8
1463may be specified with an
1464.Va wlandebug_ Ns Aq Ar interface
1465variable.
1466The contents of this variable will be passed directly to
1467.Xr wlandebug 8 .
1468.Pp
1469If the
1470.Va ifconfig_ Ns Aq Ar interface
1471contains the keyword
1472.Dq Li NOAUTO
1473then the interface will not be configured
1474at boot or by
1475.Pa /etc/pccard_ether
1476when
1477.Va network_interfaces
1478is set to
1479.Dq Li AUTO .
1480.Pp
1481It is possible to bring up an interface with DHCP by adding
1482.Dq Li DHCP
1483to the
1484.Va ifconfig_ Ns Aq Ar interface
1485variable.
1486For instance, to initialize the
1487.Li em0
1488device via DHCP,
1489it is possible to use something like:
1490.Bd -literal
1491ifconfig_em0="DHCP"
1492.Ed
1493.Pp
1494If you want to configure your wireless interface with
1495.Xr wpa_supplicant 8
1496for use with WPA, EAP/LEAP or WEP, you need to add
1497.Dq Li WPA
1498to the
1499.Va ifconfig_ Ns Aq Ar interface
1500variable.
1501.Pp
1502On the other hand, if you want to configure your wireless interface with
1503.Xr hostapd 8 ,
1504you need to add
1505.Dq Li HOSTAP
1506to the
1507.Va ifconfig_ Ns Aq Ar interface
1508variable.
1509.Xr hostapd 8
1510will use the settings from
1511.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1512.Pp
1513Finally, you can add
1514.Xr ifconfig 8
1515options in this variable, in addition to the
1516.Pa /etc/start_if. Ns Aq Ar interface
1517file.
1518For instance, to configure an
1519.Xr ath 4
1520wireless device in station mode with an address obtained
1521via DHCP, using WPA authentication and 802.11b mode, it is
1522possible to use something like:
1523.Bd -literal
1524wlans_ath0="wlan0"
1525ifconfig_wlan0="DHCP WPA mode 11b"
1526.Ed
1527.Pp
1528In addition to the
1529.Va ifconfig_ Ns Aq Ar interface
1530form, a fallback variable
1531.Va ifconfig_DEFAULT
1532may be configured.
1533It will be used for all interfaces with no
1534.Va ifconfig_ Ns Aq Ar interface
1535variable.
1536This is intended to replace the no longer supported
1537.Va pccard_ifconfig
1538variable.
1539.Pp
1540It is also possible to rename an interface by doing:
1541.Bd -literal
1542ifconfig_em0_name="net0"
1543ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1544.Ed
1545.It Va ipv6_enable
1546.Pq Vt bool
1547This variable is deprecated.
1548Use
1549.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1550and
1551.Va ipv6_activate_all_interfaces
1552if necessary.
1553.Pp
1554If the variable is
1555.Dq Li YES ,
1556.Dq Li inet6 accept_rtadv
1557is added to all of
1558.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1559and the
1560.Va ipv6_activate_all_interfaces
1561is defined as
1562.Dq Li YES .
1563.It Va ipv6_prefer
1564.Pq Vt bool
1565This variable is deprecated.
1566Use
1567.Va ip6addrctl_policy
1568instead.
1569.Pp
1570If the variable is
1571.Dq Li YES ,
1572the default address selection policy table set by
1573.Xr ip6addrctl 8
1574will be IPv6-preferred.
1575.Pp
1576If the variable is
1577.Dq Li NO ,
1578the default address selection policy table set by
1579.Xr ip6addrctl 8
1580will be IPv4-preferred.
1581.It Va ipv6_activate_all_interfaces
1582.Pq Vt bool
1583This controls initial configuration on IPv6-capable
1584interfaces with no corresponding
1585.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1586variable.
1587Note that it is not always necessary to set this variable to
1588.Dq YES
1589to use IPv6 functionality on
1590.Fx .
1591In most cases, just configuring
1592.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1593variables works.
1594.Pp
1595If the variable is
1596.Dq Li NO ,
1597all interfaces which do not have a corresponding
1598.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1599variable will be marked as
1600.Dq Li IFDISABLED
1601at creation.
1602This means that all of IPv6 functionality on that interface
1603is completely disabled to enforce a security policy.
1604If the variable is set to
1605.Dq YES ,
1606the flag will be cleared on all of the interfaces.
1607.Pp
1608In most cases, just defining an
1609.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1610for an IPv6-capable interface should be sufficient.
1611However, if an interface is added dynamically
1612.Pq by some tunneling protocols such as PPP, for example ,
1613it is often difficult to define the variable in advance.
1614In such a case, configuring the
1615.Dq Li IFDISABLED
1616flag can be disabled by setting this variable to
1617.Dq YES .
1618.Pp
1619For more details of the
1620.Dq Li IFDISABLED
1621flag and keywords
1622.Dq Li inet6 ifdisabled ,
1623see
1624.Xr ifconfig 8 .
1625.Pp
1626Default is
1627.Dq Li NO .
1628.It Va ipv6_privacy
1629.Pq Vt bool
1630If the variable is
1631.Dq Li YES
1632privacy addresses will be generated for each IPv6
1633interface as described in RFC 4941.
1634.It Va ipv6_network_interfaces
1635.Pq Vt str
1636This is the IPv6 equivalent of
1637.Va network_interfaces .
1638Normally manual configuration of this variable is not needed.
1639.It Va ipv6_cpe_wanif
1640.Pq Vt str
1641If the variable is set to an interface name,
1642the
1643.Xr ifconfig 8
1644options
1645.Dq inet6 -no_radr accept_rtadv
1646will be added to the specified interface automatically before evaluating
1647.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1648and two
1649.Xr sysctl 8
1650variables
1651.Va net.inet6.ip6.rfc6204w3
1652and
1653.Va net.inet6.ip6.no_radr
1654will be set to 1.
1655.Pp
1656This means the specified interface will accept ICMPv6 Router
1657Advertisement messages on that link and add the discovered
1658routers into the Default Router List.
1659While the other interfaces can still accept RA messages if the
1660.Dq inet6 accept_rtadv
1661option is specified, adding
1662routes into the Default Router List will be disabled by
1663.Dq inet6 no_radr
1664option by default.
1665See
1666.Xr ifconfig 8
1667for more details.
1668.Pp
1669Note that ICMPv6 Router Advertisement messages will be
1670accepted even when
1671.Va net.inet6.ip6.forwarding
1672is 1
1673.Pq packet forwarding is enabled
1674when
1675.Va net.inet6.ip6.rfc6204w3
1676is set to 1.
1677.Pp
1678Default is
1679.Dq Li NO .
1680.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1681.Pq Vt str
1682This assigns arbitrary description to an interface.
1683The
1684.Xr sysctl 8
1685variable
1686.Va net.ifdescr_maxlen
1687limits its length.
1688This static setting may be overridden by commands
1689started with dynamic interface configuration utilities
1690like
1691.Xr dhclient 8
1692hooks.
1693The description can be seen with
1694.Xr ifconfig 8
1695command and it may be exported with
1696.Xr bsnmpd 1
1697daemon using its MIB-2 module.
1698.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1699.Pq Vt str
1700IPv6 functionality on an interface should be configured by
1701.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1702instead of setting ifconfig parameters in
1703.Va ifconfig_ Ns Aq Ar interface .
1704If this variable is empty, all of IPv6 configurations on the
1705specified interface by other variables such as
1706.Va ipv6_prefix_ Ns Ao Ar interface Ac
1707will be ignored.
1708.Pp
1709Aliases should be set by
1710.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1711with
1712.Dq Li inet6
1713keyword.
1714For example:
1715.Bd -literal
1716ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1717ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1718.Ed
1719.Pp
1720Interfaces that have an
1721.Dq Li inet6 accept_rtadv
1722keyword in
1723.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1724setting will be automatically configured by SLAAC
1725.Pq StateLess Address AutoConfiguration
1726described in
1727.Rs
1728.%T "RFC 4862"
1729.Re
1730.Pp
1731Note that a link-local address will be automatically configured in
1732addition to the configured global-scope addresses because the IPv6
1733specifications require it on each link.
1734The address is calculated from the MAC address by using an algorithm
1735defined in
1736.Rs
1737.%T "RFC 4862"
1738.%O "Section 5.3"
1739.Re
1740.Pp
1741If only a link-local address is needed on the interface,
1742the following configuration can be used:
1743.Bd -literal
1744ifconfig_em0_ipv6="inet6 auto_linklocal"
1745.Ed
1746.Pp
1747A link-local address can also be configured manually.
1748This is useful for the default router address of an IPv6 router
1749so that it does not change when the network interface
1750card is replaced.
1751For example:
1752.Bd -literal
1753ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
1754.Ed
1755.It Va ipv6_prefix_ Ns Aq Ar interface
1756.Pq Vt str
1757If one or more prefixes are defined in
1758.Va ipv6_prefix_ Ns Aq Ar interface
1759addresses based on each prefix and the EUI-64 interface index will be
1760configured on that interface.
1761Note that this variable will be ignored when
1762.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1763is empty.
1764.Pp
1765For example, the following configuration
1766.Bd -literal
1767ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
1768.Ed
1769.Pp
1770is equivalent to the following:
1771.Bd -literal
1772ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1773ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1774ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1775ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1776.Ed
1777.Pp
1778These Subnet-Router anycast addresses will be added only when
1779.Va ipv6_gateway_enable
1780is YES.
1781.It Va ipv6_default_interface
1782.Pq Vt str
1783If not set to
1784.Dq Li NO ,
1785this is the default output interface for scoped addresses.
1786This works only with ipv6_gateway_enable="NO".
1787.It Va ip6addrctl_enable
1788.Pq Vt bool
1789This variable is to enable configuring default address selection policy table
1790.Pq RFC 3484 .
1791The table can be specified in another variable
1792.Va ip6addrctl_policy .
1793For
1794.Va ip6addrctl_policy
1795the following keywords can be specified:
1796.Dq Li ipv4_prefer ,
1797.Dq Li ipv6_prefer ,
1798or
1799.Dq Li AUTO .
1800.Pp
1801If
1802.Dq Li ipv4_prefer
1803or
1804.Dq Li ipv6_prefer
1805is specified,
1806.Xr ip6addrctl 8
1807installs a pre-defined policy table described in Section 10.3
1808.Pq IPv4-preferred
1809or 2.1
1810.Pq IPv6-preferred
1811of RFC 3484.
1812.Pp
1813If
1814.Dq Li AUTO
1815is specified, it attempts to read a file
1816.Pa /etc/ip6addrctl.conf
1817first.
1818If this file is found,
1819.Xr ip6addrctl 8
1820reads and installs it.
1821If not found, a policy is automatically set
1822according to
1823.Va ipv6_activate_all_interfaces
1824variable; if the variable is set to
1825.Dq Li YES
1826the IPv6-preferred one is used.
1827Otherwise IPv4-preferred.
1828.Pp
1829The default value of
1830.Va ip6addrctl_enable
1831and
1832.Va ip6addrctl_policy
1833are
1834.Dq Li YES
1835and
1836.Dq Li AUTO ,
1837respectively.
1838.It Va cloned_interfaces
1839.Pq Vt str
1840Set to the list of clonable network interfaces to create on this host.
1841Further cloning arguments may be passed to the
1842.Xr ifconfig 8
1843.Cm create
1844command for each interface by setting the
1845.Va create_args_ Ns Aq Ar interface
1846variable.
1847If an interface name is specified with
1848.Dq :sticky
1849keyword,
1850the interface will not be destroyed even when
1851.Pa rc.d/netif
1852script is invoked with
1853.Dq stop
1854argument.
1855This is useful when reconfiguring the interface without destroying it.
1856Entries in
1857.Va cloned_interfaces
1858are automatically appended to
1859.Va network_interfaces
1860for configuration.
1861.It Va cloned_interfaces_sticky
1862.Pq Vt bool
1863This variable is to globally enable functionality of
1864.Dq :sticky
1865keyword in
1866.Va cloned_interfaces
1867for all interfaces.
1868The default value is
1869.Dq NO .
1870Even if this variable is specified to
1871.Dq YES ,
1872.Dq :nosticky
1873keyword can be used to override it on per interface basis.
1874.It Va gif_interfaces
1875Set to the list of
1876.Xr gif 4
1877tunnel interfaces to configure on this host.
1878A
1879.Va gifconfig_ Ns Aq Ar interface
1880variable is assumed to exist for each value of
1881.Ar interface .
1882The value of this variable is used to configure the link layer of the
1883tunnel using the
1884.Cm tunnel
1885option to
1886.Xr ifconfig .
1887Additionally, this option ensures that each listed interface is created
1888via the
1889.Cm create
1890option to
1891.Xr ifconfig
1892before attempting to configure it.
1893.Pp
1894For example, configure two
1895.Xr gif
1896interfaces with:
1897.Bd -literal
1898gif_interfaces="gif0 gif1"
1899gifconfig_gif0="100.64.0.1 100.64.0.2"
1900ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
1901gifconfig_gif1="inet6 2a00::1 2a01::1"
1902ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
1903.Ed
1904.It Va sppp_interfaces
1905.Pq Vt str
1906Set to the list of
1907.Xr sppp 4
1908interfaces to configure on this host.
1909A
1910.Va spppconfig_ Ns Aq Ar interface
1911variable is assumed to exist for each value of
1912.Ar interface .
1913Each interface should also be configured by a general
1914.Va ifconfig_ Ns Aq Ar interface
1915setting.
1916Refer to
1917.Xr spppcontrol 8
1918for more information about available options.
1919.It Va ppp_enable
1920.Pq Vt bool
1921If set to
1922.Dq Li YES ,
1923run the
1924.Xr ppp 8
1925daemon.
1926.It Va ppp_profile
1927.Pq Vt str
1928The name of the profile to use from
1929.Pa /etc/ppp/ppp.conf .
1930Also used for per-profile overrides of
1931.Va ppp_mode
1932and
1933.Va ppp_nat ,
1934and
1935.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1936When the profile name contains any of the characters
1937.Dq Li .-/+
1938they are translated to
1939.Dq Li _
1940for the proposes of the override variable names.
1941.It Va ppp_mode
1942.Pq Vt str
1943Mode in which to run the
1944.Xr ppp 8
1945daemon.
1946.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1947.Pq Vt str
1948Overrides the global
1949.Va ppp_mode
1950for
1951.Ar profile .
1952Accepted modes are
1953.Dq Li auto ,
1954.Dq Li ddial ,
1955.Dq Li direct
1956and
1957.Dq Li dedicated .
1958See the manual for a full description.
1959.It Va ppp_nat
1960.Pq Vt bool
1961If set to
1962.Dq Li YES ,
1963enables network address translation.
1964Used in conjunction with
1965.Va gateway_enable
1966allows hosts on private network addresses access to the Internet using
1967this host as a network address translating router.
1968Default is
1969.Dq Li YES .
1970.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1971.Pq Vt str
1972Overrides the global
1973.Va ppp_nat
1974for
1975.Ar profile .
1976.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1977.Pq Vt int
1978Set the unit number to be used for this profile.
1979See the manual description of
1980.Fl unit Ns Ar N
1981for details.
1982.It Va ppp_user
1983.Pq Vt str
1984The name of the user under which
1985.Xr ppp 8
1986should be started.
1987By
1988default,
1989.Xr ppp 8
1990is started as
1991.Dq Li root .
1992.It Va rc_conf_files
1993.Pq Vt str
1994This option is used to specify a list of files that will override
1995the settings in
1996.Pa /etc/defaults/rc.conf .
1997The files will be read in the order in which they are specified and should
1998include the full path to the file.
1999By default, the files specified are
2000.Pa /etc/rc.conf
2001and
2002.Pa /etc/rc.conf.local
2003.It Va zfs_enable
2004.Pq Vt bool
2005If set to
2006.Dq Li YES ,
2007.Pa /etc/rc.d/zfs
2008will attempt to automatically mount ZFS file systems and initialize ZFS volumes
2009(ZVOLs).
2010.It Va gptboot_enable
2011.Pq Vt bool
2012If set to
2013.Dq Li YES ,
2014.Pa /etc/rc.d/gptboot
2015will log if the system successfully (or not) booted from a GPT partition,
2016which had the
2017.Ar bootonce
2018attribute set using
2019.Xr gpart 8
2020utility.
2021.It Va gbde_autoattach_all
2022.Pq Vt bool
2023If set to
2024.Dq Li YES ,
2025.Pa /etc/rc.d/gbde
2026will attempt to automatically initialize your .bde devices in
2027.Pa /etc/fstab .
2028.It Va gbde_devices
2029.Pq Vt str
2030List the devices that the script should try to attach,
2031or
2032.Dq Li AUTO .
2033.It Va gbde_lockdir
2034.Pq Vt str
2035The directory where the
2036.Xr gbde 4
2037lockfiles are located.
2038The default lockfile directory is
2039.Pa /etc .
2040.Pp
2041The lockfile for each individual
2042.Xr gbde 4
2043device can be overridden by setting the variable
2044.Va gbde_lock_ Ns Aq Ar device ,
2045where
2046.Ar device
2047is the encrypted device without the
2048.Dq Pa /dev/
2049and
2050.Dq Pa .bde
2051parts.
2052.It Va gbde_attach_attempts
2053.Pq Vt int
2054Number of times to attempt attaching to a
2055.Xr gbde 4
2056device, i.e., how many times the user is asked for the pass-phrase.
2057Default is 3.
2058.It Va geli_devices
2059.Pq Vt str
2060List of devices to automatically attach on boot.
2061Note that .eli devices from
2062.Pa /etc/fstab
2063are automatically appended to this list.
2064.It Va geli_groups
2065.Pq Vt str
2066List of groups containing devices to automatically attach on boot with the same
2067keyfiles and passphrase.
2068This must be accompanied with a corresponding
2069.Va geli_ Ns Ao Ar group Ac Ns Va _devices
2070variable.
2071.It Va geli_tries
2072.Pq Vt int
2073Number of times user is asked for the pass-phrase.
2074If empty, it will be taken from
2075.Va kern.geom.eli.tries
2076sysctl variable.
2077.It Va geli_default_flags
2078.Pq Vt str
2079Default flags to use by
2080.Xr geli 8
2081when configuring disk encryption.
2082Flags can be configured for every device separately by defining the
2083.Va geli_ Ns Ao Ar device Ac Ns Va _flags
2084variable, and for every group separately by defining the
2085.Va geli_ Ns Ao Ar group Ac Ns Va _flags
2086variable.
2087.It Va geli_autodetach
2088.Pq Vt str
2089Specifies if GELI devices should be marked for detach on last close after
2090file systems are mounted.
2091Default is
2092.Dq Li YES .
2093This can be changed for every device separately by defining the
2094.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2095variable.
2096.It Va root_rw_mount
2097.Pq Vt bool
2098Set to
2099.Dq Li YES
2100by default.
2101After the file systems are checked at boot time, the root file system
2102is remounted as read-write if this is set to
2103.Dq Li YES .
2104Diskless systems that mount their root file system from a read-only remote
2105NFS share should set this to
2106.Dq Li NO
2107in their
2108.Pa rc.conf .
2109.It Va fsck_y_enable
2110.Pq Vt bool
2111If set to
2112.Dq Li YES ,
2113.Xr fsck 8
2114will be run with the
2115.Fl y
2116flag if the initial preen
2117of the file systems fails.
2118.It Va background_fsck
2119.Pq Vt bool
2120If set to
2121.Dq Li NO ,
2122the system will not attempt to run
2123.Xr fsck 8
2124in the background where possible.
2125.It Va background_fsck_delay
2126.Pq Vt int
2127The amount of time in seconds to sleep before starting a background
2128.Xr fsck 8 .
2129It defaults to sixty seconds to allow large applications such as
2130the X server to start before disk I/O bandwidth is monopolized by
2131.Xr fsck 8 .
2132If set to a negative number, the background file system check will be
2133delayed indefinitely to allow the administrator to run it at a more
2134convenient time.
2135For example it may be run from
2136.Xr cron 8
2137by adding a line like
2138.Pp
2139.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2140.Pp
2141to
2142.Pa /etc/crontab .
2143.It Va netfs_types
2144.Pq Vt str
2145List of file system types that are network-based.
2146This list should generally not be modified by end users.
2147Use
2148.Va extra_netfs_types
2149instead.
2150.It Va extra_netfs_types
2151.Pq Vt str
2152If set to something other than
2153.Dq Li NO
2154(the default),
2155this variable extends the list of file system types
2156for which automatic mounting at startup by
2157.Xr rc 8
2158should be delayed until the network is initialized.
2159It should contain
2160a whitespace-separated list of network file system descriptor pairs,
2161each consisting of a file system type as passed to
2162.Xr mount 8
2163and a human-readable, one-word description,
2164joined with a colon
2165.Pq Ql \&: .
2166Extending the default list in this way is only necessary
2167when third party file system types are used.
2168.It Va syslogd_enable
2169.Pq Vt bool
2170If set to
2171.Dq Li YES ,
2172run the
2173.Xr syslogd 8
2174daemon.
2175.It Va syslogd_program
2176.Pq Vt str
2177Path to
2178.Xr syslogd 8
2179(default
2180.Pa /usr/sbin/syslogd ) .
2181.It Va syslogd_flags
2182.Pq Vt str
2183If
2184.Va syslogd_enable
2185is set to
2186.Dq Li YES ,
2187these are the flags to pass to
2188.Xr syslogd 8 .
2189.It Va inetd_enable
2190.Pq Vt bool
2191If set to
2192.Dq Li YES ,
2193run the
2194.Xr inetd 8
2195daemon.
2196.It Va inetd_program
2197.Pq Vt str
2198Path to
2199.Xr inetd 8
2200(default
2201.Pa /usr/sbin/inetd ) .
2202.It Va inetd_flags
2203.Pq Vt str
2204If
2205.Va inetd_enable
2206is set to
2207.Dq Li YES ,
2208these are the flags to pass to
2209.Xr inetd 8 .
2210.It Va hastd_enable
2211.Pq Vt bool
2212If set to
2213.Dq Li YES ,
2214run the
2215.Xr hastd 8
2216daemon.
2217.It Va hastd_program
2218.Pq Vt str
2219Path to
2220.Xr hastd 8
2221(default
2222.Pa /sbin/hastd ) .
2223.It Va hastd_flags
2224.Pq Vt str
2225If
2226.Va hastd_enable
2227is set to
2228.Dq Li YES ,
2229these are the flags to pass to
2230.Xr hastd 8 .
2231.It Va local_unbound_enable
2232.Pq Vt bool
2233If set to
2234.Dq Li YES ,
2235run the
2236.Xr unbound 8
2237daemon as a local caching resolver.
2238.It Va kdc_enable
2239.Pq Vt bool
2240Set to
2241.Dq Li YES
2242to start a Kerberos 5 authentication server
2243at boot time.
2244.It Va kdc_program
2245.Pq Vt str
2246If
2247.Va kdc_enable
2248is set to
2249.Dq Li YES
2250this is the path to Kerberos 5 Authentication Server.
2251.It Va kdc_flags
2252.Pq Vt str
2253Empty by default.
2254This variable contains additional flags to be passed to the Kerberos 5
2255authentication server.
2256.It Va kadmind_enable
2257.Pq Vt bool
2258Set to
2259.Dq Li YES
2260to start
2261.Xr kadmind 8 ,
2262the Kerberos 5 Administration Daemon; set to
2263.Dq Li NO
2264on a slave server.
2265.It Va kadmind_program
2266.Pq Vt str
2267If
2268.Va kadmind_enable
2269is set to
2270.Dq Li YES
2271this is the path to Kerberos 5 Administration Daemon.
2272.It Va kpasswdd_enable
2273.Pq Vt bool
2274Set to
2275.Dq Li YES
2276to start
2277.Xr kpasswdd 8 ,
2278the Kerberos 5 Password-Changing Daemon; set to
2279.Dq Li NO
2280on a slave server.
2281.It Va kpasswdd_program
2282.Pq Vt str
2283If
2284.Va kpasswdd_enable
2285is set to
2286.Dq Li YES
2287this is the path to Kerberos 5 Password-Changing Daemon.
2288.It Va kfd_enable
2289.Pq Vt bool
2290Set to
2291.Dq Li YES
2292to start
2293.Xr kfd 8 ,
2294the Kerberos 5 ticket forwarding daemon, at the boot time.
2295.It Va kfd_program
2296.Pq Vt str
2297Path to
2298.Xr kfd 8
2299(default
2300.Pa /usr/libexec/kfd ) .
2301.It Va rwhod_enable
2302.Pq Vt bool
2303If set to
2304.Dq Li YES ,
2305run the
2306.Xr rwhod 8
2307daemon at boot time.
2308.It Va rwhod_flags
2309.Pq Vt str
2310If
2311.Va rwhod_enable
2312is set to
2313.Dq Li YES ,
2314these are the flags to pass to it.
2315.It Va amd_enable
2316.Pq Vt bool
2317If set to
2318.Dq Li YES ,
2319run the
2320.Xr amd 8
2321daemon at boot time.
2322.It Va amd_flags
2323.Pq Vt str
2324If
2325.Va amd_enable
2326is set to
2327.Dq Li YES ,
2328these are the flags to pass to it.
2329See the
2330.Xr amd 8
2331manpage for more information.
2332.It Va amd_map_program
2333.Pq Vt str
2334If set,
2335the specified program is run to get the list of
2336.Xr amd 8
2337maps.
2338For example, if the
2339.Xr amd 8
2340maps are stored in NIS, one can set this to
2341run
2342.Xr ypcat 1
2343to get a list of
2344.Xr amd 8
2345maps from the
2346.Pa amd.master
2347NIS map.
2348.It Va update_motd
2349.Pq Vt bool
2350If set to
2351.Dq Li YES ,
2352.Pa /etc/motd
2353will be updated at boot time to reflect the kernel release
2354being run.
2355If set to
2356.Dq Li NO ,
2357.Pa /etc/motd
2358will not be updated.
2359.It Va nfs_client_enable
2360.Pq Vt bool
2361If set to
2362.Dq Li YES ,
2363run the NFS client daemons at boot time.
2364.It Va nfs_access_cache
2365.Pq Vt int
2366If
2367.Va nfs_client_enable
2368is set to
2369.Dq Li YES ,
2370this can be set to
2371.Dq Li 0
2372to disable NFS ACCESS RPC caching, or to the number of seconds for which
2373NFS ACCESS
2374results should be cached.
2375A value of 2-10 seconds will substantially reduce network
2376traffic for many NFS operations.
2377.It Va nfs_server_enable
2378.Pq Vt bool
2379If set to
2380.Dq Li YES ,
2381run the NFS server daemons at boot time.
2382.It Va nfs_server_flags
2383.Pq Vt str
2384If
2385.Va nfs_server_enable
2386is set to
2387.Dq Li YES ,
2388these are the flags to pass to the
2389.Xr nfsd 8
2390daemon.
2391.It Va nfsv4_server_enable
2392.Pq Vt bool
2393If
2394.Va nfs_server_enable
2395is set to
2396.Dq Li YES
2397and
2398.Va nfsv4_server_enable
2399are set to
2400.Dq Li YES ,
2401enable the server for NFSv4 as well as NFSv2 and NFSv3.
2402.It Va nfsuserd_enable
2403.Pq Vt bool
2404If
2405.Va nfsuserd_enable
2406is set to
2407.Dq Li YES ,
2408run the nfsuserd daemon, which is needed for NFSv4 in order
2409to map between user/group names vs uid/gid numbers.
2410If
2411.Va nfsv4_server_enable
2412is set to
2413.Dq Li YES ,
2414this will be forced enabled.
2415.It Va nfsuserd_flags
2416.Pq Vt str
2417If
2418.Va nfsuserd_enable
2419is set to
2420.Dq Li YES ,
2421these are the flags to pass to the
2422.Xr nfsuserd 8
2423daemon.
2424.It Va nfscbd_enable
2425.Pq Vt bool
2426If
2427.Va nfscbd_enable
2428is set to
2429.Dq Li YES ,
2430run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2431.It Va nfscbd_flags
2432.Pq Vt str
2433If
2434.Va nfscbd_enable
2435is set to
2436.Dq Li YES ,
2437these are the flags to pass to the
2438.Xr nfscbd 8
2439daemon.
2440.It Va mountd_enable
2441.Pq Vt bool
2442If set to
2443.Dq Li YES ,
2444and no
2445.Va nfs_server_enable
2446is set, start
2447.Xr mountd 8 ,
2448but not
2449.Xr nfsd 8
2450daemon.
2451It is commonly needed to run CFS without real NFS used.
2452.It Va mountd_flags
2453.Pq Vt str
2454If
2455.Va mountd_enable
2456is set to
2457.Dq Li YES ,
2458these are the flags to pass to the
2459.Xr mountd 8
2460daemon.
2461.It Va weak_mountd_authentication
2462.Pq Vt bool
2463If set to
2464.Dq Li YES ,
2465allow services like PCNFSD to make non-privileged mount
2466requests.
2467.It Va nfs_reserved_port_only
2468.Pq Vt bool
2469If set to
2470.Dq Li YES ,
2471provide NFS services only on a secure port.
2472.It Va nfs_bufpackets
2473.Pq Vt int
2474If set to a number, indicates the number of packets worth of
2475socket buffer space to reserve on an NFS client.
2476The kernel default is typically 4.
2477Using a higher number may be
2478useful on gigabit networks to improve performance.
2479The minimum value is
24802 and the maximum is 64.
2481.It Va rpc_lockd_enable
2482.Pq Vt bool
2483If set to
2484.Dq Li YES
2485and also an NFS server or client, run
2486.Xr rpc.lockd 8
2487at boot time.
2488.It Va rpc_lockd_flags
2489.Pq Vt str
2490If
2491.Va rpc_lockd_enable
2492is set to
2493.Dq Li YES ,
2494these are the flags to pass to the
2495.Xr rpc.lockd 8
2496daemon.
2497.It Va rpc_statd_enable
2498.Pq Vt bool
2499If set to
2500.Dq Li YES
2501and also an NFS server or client, run
2502.Xr rpc.statd 8
2503at boot time.
2504.It Va rpc_statd_flags
2505.Pq Vt str
2506If
2507.Va rpc_statd_enable
2508is set to
2509.Dq Li YES ,
2510these are the flags to pass to the
2511.Xr rpc.statd 8
2512daemon.
2513.It Va rpcbind_program
2514.Pq Vt str
2515Path to
2516.Xr rpcbind 8
2517(default
2518.Pa /usr/sbin/rpcbind ) .
2519.It Va rpcbind_enable
2520.Pq Vt bool
2521If set to
2522.Dq Li YES ,
2523run the
2524.Xr rpcbind 8
2525service at boot time.
2526.It Va rpcbind_flags
2527.Pq Vt str
2528If
2529.Va rpcbind_enable
2530is set to
2531.Dq Li YES ,
2532these are the flags to pass to the
2533.Xr rpcbind 8
2534daemon.
2535.It Va keyserv_enable
2536.Pq Vt bool
2537If set to
2538.Dq Li YES ,
2539run the
2540.Xr keyserv 8
2541daemon on boot for running Secure RPC.
2542.It Va keyserv_flags
2543.Pq Vt str
2544If
2545.Va keyserv_enable
2546is set to
2547.Dq Li YES ,
2548these are the flags to pass to
2549.Xr keyserv 8
2550daemon.
2551.It Va pppoed_enable
2552.Pq Vt bool
2553If set to
2554.Dq Li YES ,
2555run the
2556.Xr pppoed 8
2557daemon at boot time to provide PPP over Ethernet services.
2558.It Va pppoed_ Ns Aq Ar provider
2559.Pq Vt str
2560.Xr pppoed 8
2561listens to requests to this
2562.Ar provider
2563and ultimately runs
2564.Xr ppp 8
2565with a
2566.Ar system
2567argument of the same name.
2568.It Va pppoed_flags
2569.Pq Vt str
2570Additional flags to pass to
2571.Xr pppoed 8 .
2572.It Va pppoed_interface
2573.Pq Vt str
2574The network interface to run
2575.Xr pppoed 8
2576on.
2577This is mandatory when
2578.Va pppoed_enable
2579is set to
2580.Dq Li YES .
2581.It Va timed_enable
2582.Pq Vt bool
2583If set to
2584.Dq Li YES ,
2585run the
2586.Xr timed 8
2587service at boot time.
2588This command is intended for networks of
2589machines where a consistent
2590.Dq "network time"
2591for all hosts must be established.
2592This is often useful in large NFS
2593environments where time stamps on files are expected to be consistent
2594network-wide.
2595.It Va timed_flags
2596.Pq Vt str
2597If
2598.Va timed_enable
2599is set to
2600.Dq Li YES ,
2601these are the flags to pass to the
2602.Xr timed 8
2603service.
2604.It Va ntpdate_enable
2605.Pq Vt bool
2606If set to
2607.Dq Li YES ,
2608run
2609.Xr ntpdate 8
2610at system startup.
2611This command is intended to
2612synchronize the system clock only
2613.Em once
2614from some standard reference.
2615.Pp
2616Note that the use of the
2617.Va ntpd_sync_on_start
2618variable is a preferred alternative to the
2619.Xr ntpdate 8
2620utility as
2621.Xr ntpdate 8
2622is to be retired from the NTP distribution.
2623.It Va ntpdate_config
2624.Pq Vt str
2625Configuration file for
2626.Xr ntpdate 8 .
2627Default
2628.Pa /etc/ntp.conf .
2629.It Va ntpdate_hosts
2630.Pq Vt str
2631A whitespace-separated list of NTP servers to synchronize with at startup.
2632The default is to use the servers listed in
2633.Va ntpdate_config ,
2634if that file exists.
2635.It Va ntpdate_program
2636.Pq Vt str
2637Path to
2638.Xr ntpdate 8
2639(default
2640.Pa /usr/sbin/ntpdate ) .
2641.It Va ntpdate_flags
2642.Pq Vt str
2643If
2644.Va ntpdate_enable
2645is set to
2646.Dq Li YES ,
2647these are the flags to pass to the
2648.Xr ntpdate 8
2649command (typically a hostname).
2650.It Va ntpd_enable
2651.Pq Vt bool
2652If set to
2653.Dq Li YES ,
2654run the
2655.Xr ntpd 8
2656command at boot time.
2657.It Va ntpd_program
2658.Pq Vt str
2659Path to
2660.Xr ntpd 8
2661(default
2662.Pa /usr/sbin/ntpd ) .
2663.It Va ntpd_config
2664.Pq Vt str
2665Path to
2666.Xr ntpd 8
2667configuration file.
2668Default
2669.Pa /etc/ntp.conf .
2670.It Va ntpd_flags
2671.Pq Vt str
2672If
2673.Va ntpd_enable
2674is set to
2675.Dq Li YES ,
2676these are the flags to pass to the
2677.Xr ntpd 8
2678daemon.
2679.It Va ntpd_sync_on_start
2680.Pq Vt bool
2681If set to
2682.Dq Li YES ,
2683.Xr ntpd 8
2684is run with the
2685.Fl g
2686flag, which syncs the system's clock on startup.
2687See
2688.Xr ntpd 8
2689for more information regarding the
2690.Fl g
2691option.
2692This is a preferred alternative to using
2693.Xr ntpdate 8
2694or specifying the
2695.Va ntpdate_enable
2696variable.
2697.It Va nis_client_enable
2698.Pq Vt bool
2699If set to
2700.Dq Li YES ,
2701run the
2702.Xr ypbind 8
2703service at system boot time.
2704.It Va nis_client_flags
2705.Pq Vt str
2706If
2707.Va nis_client_enable
2708is set to
2709.Dq Li YES ,
2710these are the flags to pass to the
2711.Xr ypbind 8
2712service.
2713.It Va nis_ypldap_enable
2714.Pq Vt bool
2715If set to
2716.Dq Li YES ,
2717run the
2718.Xr ypldap 8
2719daemon at system boot time.
2720.It Va nis_ypldap_flags
2721.Pq Vt str
2722If
2723.Va nis.ypldap_enable
2724is set to
2725.Dq Li YES ,
2726these are the flags to pass to the
2727.Xr ypldap 8
2728daemon.
2729.It Va nis_ypset_enable
2730.Pq Vt bool
2731If set to
2732.Dq Li YES ,
2733run the
2734.Xr ypset 8
2735daemon at system boot time.
2736.It Va nis_ypset_flags
2737.Pq Vt str
2738If
2739.Va nis_ypset_enable
2740is set to
2741.Dq Li YES ,
2742these are the flags to pass to the
2743.Xr ypset 8
2744daemon.
2745.It Va nis_server_enable
2746.Pq Vt bool
2747If set to
2748.Dq Li YES ,
2749run the
2750.Xr ypserv 8
2751daemon at system boot time.
2752.It Va nis_server_flags
2753.Pq Vt str
2754If
2755.Va nis_server_enable
2756is set to
2757.Dq Li YES ,
2758these are the flags to pass to the
2759.Xr ypserv 8
2760daemon.
2761.It Va nis_ypxfrd_enable
2762.Pq Vt bool
2763If set to
2764.Dq Li YES ,
2765run the
2766.Xr rpc.ypxfrd 8
2767daemon at system boot time.
2768.It Va nis_ypxfrd_flags
2769.Pq Vt str
2770If
2771.Va nis_ypxfrd_enable
2772is set to
2773.Dq Li YES ,
2774these are the flags to pass to the
2775.Xr rpc.ypxfrd 8
2776daemon.
2777.It Va nis_yppasswdd_enable
2778.Pq Vt bool
2779If set to
2780.Dq Li YES ,
2781run the
2782.Xr rpc.yppasswdd 8
2783daemon at system boot time.
2784.It Va nis_yppasswdd_flags
2785.Pq Vt str
2786If
2787.Va nis_yppasswdd_enable
2788is set to
2789.Dq Li YES ,
2790these are the flags to pass to the
2791.Xr rpc.yppasswdd 8
2792daemon.
2793.It Va rpc_ypupdated_enable
2794.Pq Vt bool
2795If set to
2796.Dq Li YES ,
2797run the
2798.Nm rpc.ypupdated
2799daemon at system boot time.
2800.It Va bsnmpd_enable
2801.Pq Vt bool
2802If set to
2803.Dq Li YES ,
2804run the
2805.Xr bsnmpd 1
2806daemon at system boot time.
2807Be sure to understand the security implications of running SNMP daemon
2808on your host.
2809.It Va bsnmpd_flags
2810.Pq Vt str
2811If
2812.Va bsnmpd_enable
2813is set to
2814.Dq Li YES ,
2815these are the flags to pass to the
2816.Xr bsnmpd 1
2817daemon.
2818.It Va defaultrouter
2819.Pq Vt str
2820If not set to
2821.Dq Li NO ,
2822create a default route to this host name or IP address
2823(use an IP address if this router is also required to get to the
2824name server!).
2825.It Va ipv6_defaultrouter
2826.Pq Vt str
2827The IPv6 equivalent of
2828.Va defaultrouter .
2829.It Va static_arp_pairs
2830.Pq Vt str
2831Set to the list of static ARP pairs that are to be added at system
2832boot time.
2833For each whitespace separated
2834.Ar element
2835in the value, a
2836.Va static_arp_ Ns Aq Ar element
2837variable is assumed to exist whose contents will later be passed to a
2838.Dq Nm arp Cm -S
2839operation.
2840For example
2841.Bd -literal
2842static_arp_pairs="gw"
2843static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2844.Ed
2845.It Va static_ndp_pairs
2846.Pq Vt str
2847Set to the list of static NDP pairs that are to be added at system
2848boot time.
2849For each whitespace separated
2850.Ar element
2851in the value, a
2852.Va static_ndp_ Ns Aq Ar element
2853variable is assumed to exist whose contents will later be passed to a
2854.Dq Nm ndp Cm -s
2855operation.
2856For example
2857.Bd -literal
2858static_ndp_pairs="gw"
2859static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2860.Ed
2861.It Va static_routes
2862.Pq Vt str
2863Set to the list of static routes that are to be added at system
2864boot time.
2865If not set to
2866.Dq Li NO
2867then for each whitespace separated
2868.Ar element
2869in the value, a
2870.Va route_ Ns Aq Ar element
2871variable is assumed to exist
2872whose contents will later be passed to a
2873.Dq Nm route Cm add
2874operation.
2875For example:
2876.Bd -literal
2877static_routes="ext mcast:gif0 gif0local:gif0"
2878route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2879route_mcast="-net 224.0.0.0/4 -iface gif0"
2880route_gif0local="-host 169.254.1.1 -iface lo0"
2881.Ed
2882.Pp
2883When an
2884.Ar element
2885is in the form of
2886.Li name:ifname ,
2887the route is specific to the interface
2888.Li ifname .
2889.It Va ipv6_static_routes
2890.Pq Vt str
2891The IPv6 equivalent of
2892.Va static_routes .
2893If not set to
2894.Dq Li NO
2895then for each whitespace separated
2896.Ar element
2897in the value, a
2898.Va ipv6_route_ Ns Aq Ar element
2899variable is assumed to exist
2900whose contents will later be passed to a
2901.Dq Nm route Cm add Fl inet6
2902operation.
2903.It Va gateway_enable
2904.Pq Vt bool
2905If set to
2906.Dq Li YES ,
2907configure host to act as an IP router, e.g.\& to forward packets
2908between interfaces.
2909.It Va ipv6_gateway_enable
2910.Pq Vt bool
2911The IPv6 equivalent of
2912.Va gateway_enable .
2913.It Va routed_enable
2914.Pq Vt bool
2915If set to
2916.Dq Li YES ,
2917run a routing daemon of some sort, based on the
2918settings of
2919.Va routed_program
2920and
2921.Va routed_flags .
2922.It Va route6d_enable
2923.Pq Vt bool
2924The IPv6 equivalent of
2925.Va routed_enable .
2926If set to
2927.Dq Li YES ,
2928run a routing daemon of some sort, based on the
2929settings of
2930.Va route6d_program
2931and
2932.Va route6d_flags .
2933.It Va routed_program
2934.Pq Vt str
2935If
2936.Va routed_enable
2937is set to
2938.Dq Li YES ,
2939this is the name of the routing daemon to use.
2940.It Va route6d_program
2941.Pq Vt str
2942The IPv6 equivalent of
2943.Va routed_program .
2944.It Va routed_flags
2945.Pq Vt str
2946If
2947.Va routed_enable
2948is set to
2949.Dq Li YES ,
2950these are the flags to pass to the routing daemon.
2951.It Va route6d_flags
2952.Pq Vt str
2953The IPv6 equivalent of
2954.Va routed_flags .
2955.It Va rtadvd_enable
2956.Pq Vt bool
2957If set to
2958.Dq Li YES ,
2959run the
2960.Xr rtadvd 8
2961daemon at boot time.
2962The
2963.Xr rtadvd 8
2964utility sends ICMPv6 Router Advertisement messages to
2965the interfaces specified in
2966.Va rtadvd_interfaces .
2967This should only be enabled with great care.
2968You may want to fine-tune
2969.Xr rtadvd.conf 5 .
2970.It Va rtadvd_interfaces
2971.Pq Vt str
2972If
2973.Va rtadvd_enable
2974is set to
2975.Dq Li YES
2976this is the list of interfaces to use.
2977.It Va arpproxy_all
2978.Pq Vt bool
2979If set to
2980.Dq Li YES ,
2981enable global proxy ARP.
2982.It Va forward_sourceroute
2983.Pq Vt bool
2984If set to
2985.Dq Li YES
2986and
2987.Va gateway_enable
2988is also set to
2989.Dq Li YES ,
2990source-routed packets are forwarded.
2991.It Va accept_sourceroute
2992.Pq Vt bool
2993If set to
2994.Dq Li YES ,
2995the system will accept source-routed packets directed at it.
2996.It Va rarpd_enable
2997.Pq Vt bool
2998If set to
2999.Dq Li YES ,
3000run the
3001.Xr rarpd 8
3002daemon at system boot time.
3003.It Va rarpd_flags
3004.Pq Vt str
3005If
3006.Va rarpd_enable
3007is set to
3008.Dq Li YES ,
3009these are the flags to pass to the
3010.Xr rarpd 8
3011daemon.
3012.It Va bootparamd_enable
3013.Pq Vt bool
3014If set to
3015.Dq Li YES ,
3016run the
3017.Xr bootparamd 8
3018daemon at system boot time.
3019.It Va bootparamd_flags
3020.Pq Vt str
3021If
3022.Va bootparamd_enable
3023is set to
3024.Dq Li YES ,
3025these are the flags to pass to the
3026.Xr bootparamd 8
3027daemon.
3028.It Va stf_interface_ipv4addr
3029.Pq Vt str
3030If not set to
3031.Dq Li NO ,
3032this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
3033interface).
3034Specify this entry to enable the 6to4 interface.
3035.It Va stf_interface_ipv4plen
3036.Pq Vt int
3037Prefix length for 6to4 IPv4 addresses, to limit peer address range.
3038An effective value is 0-31.
3039.It Va stf_interface_ipv6_ifid
3040.Pq Vt str
3041IPv6 interface ID for
3042.Xr stf 4 .
3043This can be set to
3044.Dq Li AUTO .
3045.It Va stf_interface_ipv6_slaid
3046.Pq Vt str
3047IPv6 Site Level Aggregator for
3048.Xr stf 4 .
3049.It Va ipv6_ipv4mapping
3050.Pq Vt bool
3051If set to
3052.Dq Li YES
3053this enables IPv4 mapped IPv6 address communication (like
3054.Li ::ffff:a.b.c.d ) .
3055.It Va rtsold_enable
3056.Pq Vt bool
3057Set to
3058.Dq Li YES
3059to enable the
3060.Xr rtsold 8
3061daemon to send ICMPv6 Router Solicitation messages.
3062.It Va rtsold_flags
3063.Pq Vt str
3064If
3065.Va rtsold_enable
3066is set to
3067.Dq Li YES ,
3068these are the flags to pass to
3069.Xr rtsold 8 .
3070.It Va rtsol_flags
3071.Pq Vt str
3072For interfaces configured with the
3073.Dq Li inet6 accept_rtadv
3074keyword, these are the flags to pass to
3075.Xr rtsol 8 .
3076.Pp
3077Note that
3078.Va rtsold_enable
3079is mutually exclusive to
3080.Va rtsol_flags ;
3081.Va rtsold_enable
3082takes precedence.
3083.It Va keybell
3084.Pq Vt str
3085The keyboard bell sound.
3086Set to
3087.Dq Li normal ,
3088.Dq Li visual ,
3089.Dq Li off ,
3090or
3091.Dq Li NO
3092if the default behavior is desired.
3093For details, refer to the
3094.Xr kbdcontrol 1
3095manpage.
3096.It Va keyboard
3097.Pq Vt str
3098If set to a non-null string, the virtual console's keyboard input is
3099set to this device.
3100.It Va keymap
3101.Pq Vt str
3102If set to
3103.Dq Li NO ,
3104no keymap is installed, otherwise the value is used to install
3105the keymap file found in
3106.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3107(if using
3108.Xr syscons 4 ) or
3109.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3110(if using
3111.Xr vt 4 ) .
3112.It Va keyrate
3113.Pq Vt str
3114The keyboard repeat speed.
3115Set to
3116.Dq Li slow ,
3117.Dq Li normal ,
3118.Dq Li fast ,
3119or
3120.Dq Li NO
3121if the default behavior is desired.
3122.It Va keychange
3123.Pq Vt str
3124If not set to
3125.Dq Li NO ,
3126attempt to program the function keys with the value.
3127The value should
3128be a single string of the form:
3129.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3130.It Va cursor
3131.Pq Vt str
3132Can be set to the value of
3133.Dq Li normal ,
3134.Dq Li blink ,
3135.Dq Li destructive ,
3136or
3137.Dq Li NO
3138to set the cursor behavior explicitly or choose the default behavior.
3139.It Va scrnmap
3140.Pq Vt str
3141If set to
3142.Dq Li NO ,
3143no screen map is installed, otherwise the value is used to install
3144the screen map file in
3145.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3146This parameter is ignored when using
3147.Xr vt 4
3148as the console driver.
3149.It Va font8x16
3150.Pq Vt str
3151If set to
3152.Dq Li NO ,
3153the default 8x16 font value is used for screen size requests, otherwise
3154the value in
3155.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3156or
3157.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3158is used (depending on the console driver being used).
3159.It Va font8x14
3160.Pq Vt str
3161If set to
3162.Dq Li NO ,
3163the default 8x14 font value is used for screen size requests, otherwise
3164the value in
3165.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3166or
3167.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3168is used (depending on the console driver being used).
3169.It Va font8x8
3170.Pq Vt str
3171If set to
3172.Dq Li NO ,
3173the default 8x8 font value is used for screen size requests, otherwise
3174the value in
3175.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3176or
3177.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3178is used (depending on the console driver being used).
3179.It Va blanktime
3180.Pq Vt int
3181If set to
3182.Dq Li NO ,
3183the default screen blanking interval is used, otherwise it is set
3184to
3185.Ar value
3186seconds.
3187.It Va saver
3188.Pq Vt str
3189If not set to
3190.Dq Li NO ,
3191this is the actual screen saver to use
3192.Li ( blank , snake , daemon ,
3193etc).
3194.It Va moused_nondefault_enable
3195.Pq Vt str
3196If set to
3197.Dq Li NO ,
3198the mouse device specified on
3199the command line is not automatically treated as enabled by the
3200.Pa /etc/rc.d/moused
3201script.
3202Having this variable set to
3203.Dq Li YES
3204allows a
3205.Xr usb 4
3206mouse,
3207for example,
3208to be enabled as soon as it is plugged in.
3209.It Va moused_enable
3210.Pq Vt str
3211If set to
3212.Dq Li YES ,
3213the
3214.Xr moused 8
3215daemon is started for doing cut/paste selection on the console.
3216.It Va moused_type
3217.Pq Vt str
3218This is the protocol type of the mouse connected to this host.
3219This variable must be set if
3220.Va moused_enable
3221is set to
3222.Dq Li YES .
3223The
3224.Xr moused 8
3225daemon
3226is able to detect the appropriate mouse type automatically in many cases.
3227Set this variable to
3228.Dq Li auto
3229to let the daemon detect it, or
3230select one from the following list if the automatic detection fails.
3231.Pp
3232If the mouse is attached to the PS/2 mouse port, choose
3233.Dq Li auto
3234or
3235.Dq Li ps/2 ,
3236regardless of the brand and model of the mouse.
3237Likewise, if the
3238mouse is attached to the bus mouse port, choose
3239.Dq Li auto
3240or
3241.Dq Li busmouse .
3242All other protocols are for serial mice and will not work with
3243the PS/2 and bus mice.
3244If this is a USB mouse,
3245.Dq Li auto
3246is the only protocol type which will work.
3247.Pp
3248.Bl -tag -width ".Li x10mouseremote" -compact
3249.It Li microsoft
3250Microsoft mouse (serial)
3251.It Li intellimouse
3252Microsoft IntelliMouse (serial)
3253.It Li mousesystems
3254Mouse systems Corp.\& mouse (serial)
3255.It Li mmseries
3256MM Series mouse (serial)
3257.It Li logitech
3258Logitech mouse (serial)
3259.It Li busmouse
3260A bus mouse
3261.It Li mouseman
3262Logitech MouseMan and TrackMan (serial)
3263.It Li glidepoint
3264ALPS GlidePoint (serial)
3265.It Li thinkingmouse
3266Kensington ThinkingMouse (serial)
3267.It Li ps/2
3268PS/2 mouse
3269.It Li mmhittab
3270MM HitTablet (serial)
3271.It Li x10mouseremote
3272X10 MouseRemote (serial)
3273.It Li versapad
3274Interlink VersaPad (serial)
3275.El
3276.Pp
3277Even if the mouse is not in the above list, it may be compatible
3278with one in the list.
3279Refer to the manual page for
3280.Xr moused 8
3281for compatibility information.
3282.Pp
3283It should also be noted that while this is enabled, any
3284other client of the mouse (such as an X server) should access
3285the mouse through the virtual mouse device,
3286.Pa /dev/sysmouse ,
3287and configure it as a
3288.Dq Li sysmouse
3289type mouse, since all
3290mouse data is converted to this single canonical format when
3291using
3292.Xr moused 8 .
3293If the client program does not support the
3294.Dq Li sysmouse
3295type,
3296specify the
3297.Dq Li mousesystems
3298type.
3299It is the second preferred type.
3300.It Va moused_port
3301.Pq Vt str
3302If
3303.Va moused_enable
3304is set to
3305.Dq Li YES ,
3306this is the actual port the mouse is on.
3307It might be
3308.Pa /dev/cuau0
3309for a COM1 serial mouse, or
3310.Pa /dev/psm0
3311for a PS/2 mouse, for example.
3312.It Va moused_flags
3313.Pq Vt str
3314If
3315.Va moused_flags
3316is set, its value is used as an additional set of flags to pass to the
3317.Xr moused 8
3318daemon.
3319.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3320When
3321.Va moused_nondefault_enable
3322is enabled, and a
3323.Xr moused 8
3324daemon is started for a non-default port, the
3325.Va "moused_" Ns Ar XXX Ns Va "_flags"
3326set of options has precedence over and replaces the default
3327.Va moused_flags
3328(where
3329.Ar XXX
3330is the name of the non-default port, i.e.,\&
3331.Ar ums0 ) .
3332By setting
3333.Va "moused_" Ns Ar XXX Ns Va "_flags"
3334it is possible to set up a different set of default flags for each
3335.Xr moused 8
3336instance.
3337For example, you can use
3338.Dq Li "-3"
3339for the default
3340.Va moused_flags
3341to make your laptop's touchpad more comfortable to use,
3342but an empty set of options for
3343.Va moused_ums0_flags
3344when your
3345.Xr usb 4
3346mouse has three or more buttons.
3347.It Va mousechar_start
3348.Pq Vt int
3349If set to
3350.Dq Li NO ,
3351the default mouse cursor character range
3352.Li 0xd0 Ns - Ns Li 0xd3
3353is used,
3354otherwise the range start is set
3355to
3356.Ar value
3357character, see
3358.Xr vidcontrol 1 .
3359Use if the default range is occupied in the language code table.
3360.It Va allscreens_flags
3361.Pq Vt str
3362If set,
3363.Xr vidcontrol 1
3364is run with these options for each of the virtual terminals
3365.Pq Pa /dev/ttyv* .
3366For example,
3367.Dq Fl m Cm on
3368will enable the mouse pointer on all virtual terminals
3369if
3370.Va moused_enable
3371is set to
3372.Dq Li YES .
3373.It Va allscreens_kbdflags
3374.Pq Vt str
3375If set,
3376.Xr kbdcontrol 1
3377is run with these options for each of the virtual terminals
3378.Pq Pa /dev/ttyv* .
3379For example,
3380.Dq Fl h Li 200
3381will set the
3382.Xr syscons 4
3383or
3384.Xr vt 4
3385scrollback (history) buffer to 200 lines.
3386.It Va cron_enable
3387.Pq Vt bool
3388If set to
3389.Dq Li YES ,
3390run the
3391.Xr cron 8
3392daemon at system boot time.
3393.It Va cron_program
3394.Pq Vt str
3395Path to
3396.Xr cron 8
3397(default
3398.Pa /usr/sbin/cron ) .
3399.It Va cron_flags
3400.Pq Vt str
3401If
3402.Va cron_enable
3403is set to
3404.Dq Li YES ,
3405these are the flags to pass to
3406.Xr cron 8 .
3407.It Va cron_dst
3408.Pq Vt bool
3409If set to
3410.Dq Li YES ,
3411enable the special handling of transitions to and from the
3412Daylight Saving Time in
3413.Xr cron 8
3414(equivalent to using the flag
3415.Fl s ) .
3416.It Va lpd_program
3417.Pq Vt str
3418Path to
3419.Xr lpd 8
3420(default
3421.Pa /usr/sbin/lpd ) .
3422.It Va lpd_enable
3423.Pq Vt bool
3424If set to
3425.Dq Li YES ,
3426run the
3427.Xr lpd 8
3428daemon at system boot time.
3429.It Va lpd_flags
3430.Pq Vt str
3431If
3432.Va lpd_enable
3433is set to
3434.Dq Li YES ,
3435these are the flags to pass to the
3436.Xr lpd 8
3437daemon.
3438.It Va chkprintcap_enable
3439.Pq Vt bool
3440If set to
3441.Dq Li YES ,
3442run the
3443.Xr chkprintcap 8
3444command before starting the
3445.Xr lpd 8
3446daemon.
3447.It Va chkprintcap_flags
3448.Pq Vt str
3449If
3450.Va lpd_enable
3451and
3452.Va chkprintcap_enable
3453are set to
3454.Dq Li YES ,
3455these are the flags to pass to the
3456.Xr chkprintcap 8
3457program.
3458The default is
3459.Dq Li -d ,
3460which causes missing directories to be created.
3461.It Va mta_start_script
3462.Pq Vt str
3463This variable specifies the full path to the script to run to start
3464a mail transfer agent.
3465The default is
3466.Pa /etc/rc.sendmail .
3467The
3468.Va sendmail_*
3469variables which
3470.Pa /etc/rc.sendmail
3471uses are documented in the
3472.Xr rc.sendmail 8
3473manual page.
3474.It Va dumpdev
3475.Pq Vt str
3476Indicates the device (usually a swap partition) to which a crash dump
3477should be written in the event of a system crash.
3478If the value of this variable is
3479.Dq Li AUTO ,
3480the first suitable swap device listed in
3481.Pa /etc/fstab
3482will be used as dump device.
3483Otherwise, the value of this variable is passed as the argument to
3484.Xr dumpon 8
3485and
3486.Xr savecore 8 .
3487To disable crash dumps, set this variable to
3488.Dq Li NO .
3489.It Va dumpon_flags
3490.Pq Vt str
3491Flags to pass to
3492.Xr dumpon 8
3493when configuring
3494.Va dumpdev
3495as the system dump device.
3496.It Va dumpdir
3497.Pq Vt str
3498When the system reboots after a crash and a crash dump is found on the
3499device specified by the
3500.Va dumpdev
3501variable,
3502.Xr savecore 8
3503will save that crash dump and a copy of the kernel to the directory
3504specified by the
3505.Va dumpdir
3506variable.
3507The default value is
3508.Pa /var/crash .
3509Set to
3510.Dq Li NO
3511to not run
3512.Xr savecore 8
3513at boot time when
3514.Va dumpdir
3515is set.
3516.It Va savecore_enable
3517.Pq Vt bool
3518If set to
3519.Dq Li NO ,
3520disable automatic extraction of the crash dump from the
3521.Va dumpdev .
3522.It Va savecore_flags
3523.Pq Vt str
3524If crash dumps are enabled, these are the flags to pass to the
3525.Xr savecore 8
3526utility.
3527.It Va quota_enable
3528.Pq Vt bool
3529Set to
3530.Dq Li YES
3531to turn on user and group disk quotas on system startup via the
3532.Xr quotaon 8
3533command for all file systems marked as having quotas enabled in
3534.Pa /etc/fstab .
3535The kernel must be built with
3536.Cd "options QUOTA"
3537for disk quotas to function.
3538.It Va check_quotas
3539.Pq Vt bool
3540Set to
3541.Dq Li YES
3542to enable user and group disk quota checking via the
3543.Xr quotacheck 8
3544command.
3545.It Va quotacheck_flags
3546.Pq Vt str
3547If
3548.Va quota_enable
3549is set to
3550.Dq Li YES ,
3551and
3552.Va check_quotas
3553is set to
3554.Dq Li YES ,
3555these are the flags to pass to the
3556.Xr quotacheck 8
3557utility.
3558The default is
3559.Dq Li "-a" ,
3560which checks quotas for all file systems with quotas enabled in
3561.Pa /etc/fstab .
3562.It Va quotaon_flags
3563.Pq Vt str
3564If
3565.Va quota_enable
3566is set to
3567.Dq Li YES ,
3568these are the flags to pass to the
3569.Xr quotaon 8
3570utility.
3571The default is
3572.Dq Li "-a" ,
3573which enables quotas for all file systems with quotas enabled in
3574.Pa /etc/fstab .
3575.It Va quotaoff_flags
3576.Pq Vt str
3577If
3578.Va quota_enable
3579is set to
3580.Dq Li YES ,
3581these are the flags to pass to the
3582.Xr quotaoff 8
3583utility when shutting down the quota system.
3584The default is
3585.Dq Li "-a" ,
3586which disables quotas for all file systems with quotas enabled in
3587.Pa /etc/fstab .
3588.It Va accounting_enable
3589.Pq Vt bool
3590Set to
3591.Dq Li YES
3592to enable system accounting through the
3593.Xr accton 8
3594facility.
3595.It Va firstboot_sentinel
3596.Pq Vt str
3597This variable specifies the full path to a
3598.Dq first boot
3599sentinel file.
3600If a file exists with this path,
3601.Pa rc.d
3602scripts with the
3603.Dq firstboot
3604keyword will be run on startup and the sentinel file will be deleted
3605after the boot process completes.
3606The sentinel file must be located on a writable file system which is
3607mounted no later than
3608.Va early_late_divider
3609to function properly.
3610The default is
3611.Pa /firstboot .
3612.It Va linux_enable
3613.Pq Vt bool
3614Set to
3615.Dq Li YES
3616to enable Linux/ELF binary emulation at system initial
3617boot time.
3618.It Va sysvipc_enable
3619.Pq Vt bool
3620If set to
3621.Dq Li YES ,
3622load System V IPC primitives at boot time.
3623.It Va clear_tmp_enable
3624.Pq Vt bool
3625Set to
3626.Dq Li YES
3627to have
3628.Pa /tmp
3629cleaned at startup.
3630.It Va clear_tmp_X
3631.Pq Vt bool
3632Set to
3633.Dq Li NO
3634to disable removing of X11 lock files,
3635and the removal and (secure) recreation
3636of the various socket directories for X11
3637related programs.
3638.It Va ldconfig_paths
3639.Pq Vt str
3640Set to the list of shared library paths to use with
3641.Xr ldconfig 8 .
3642NOTE:
3643.Pa /lib
3644and
3645.Pa /usr/lib
3646will always be added first, so they need not appear in this list.
3647.It Va ldconfig32_paths
3648.Pq Vt str
3649Set to the list of 32-bit compatibility shared library paths to
3650use with
3651.Xr ldconfig 8 .
3652.It Va ldconfig_insecure
3653.Pq Vt bool
3654The
3655.Xr ldconfig 8
3656utility normally refuses to use directories
3657which are writable by anyone except root.
3658Set this variable to
3659.Dq Li YES
3660to disable that security check during system startup.
3661.It Va ldconfig_local_dirs
3662.Pq Vt str
3663Set to the list of local
3664.Xr ldconfig 8
3665directories.
3666The names of all files in the directories listed will be
3667passed as arguments to
3668.Xr ldconfig 8 .
3669.It Va ldconfig_local32_dirs
3670.Pq Vt str
3671Set to the list of local 32-bit compatibility
3672.Xr ldconfig 8
3673directories.
3674The names of all files in the directories listed will be
3675passed as arguments to
3676.Dq Nm ldconfig Fl 32 .
3677.It Va kern_securelevel_enable
3678.Pq Vt bool
3679Set to
3680.Dq Li YES
3681to set the kernel security level at system startup.
3682.It Va kern_securelevel
3683.Pq Vt int
3684The kernel security level to set at startup.
3685The allowed range of
3686.Ar value
3687ranges from \-1 (the compile time default) to 3 (the
3688most secure).
3689See
3690.Xr security 7
3691for the list of possible security levels and their effect
3692on system operation.
3693.It Va sshd_program
3694.Pq Vt str
3695Path to the SSH server program
3696.Pa ( /usr/sbin/sshd
3697is the default).
3698.It Va sshd_enable
3699.Pq Vt bool
3700Set to
3701.Dq Li YES
3702to start
3703.Xr sshd 8
3704at system boot time.
3705.It Va sshd_flags
3706.Pq Vt str
3707If
3708.Va sshd_enable
3709is set to
3710.Dq Li YES ,
3711these are the flags to pass to the
3712.Xr sshd 8
3713daemon.
3714.It Va ftpd_program
3715.Pq Vt str
3716Path to the FTP server program
3717.Pa ( /usr/libexec/ftpd
3718is the default).
3719.It Va ftpd_enable
3720.Pq Vt bool
3721Set to
3722.Dq Li YES
3723to start
3724.Xr ftpd 8
3725as a stand-alone daemon at system boot time.
3726.It Va ftpd_flags
3727.Pq Vt str
3728If
3729.Va ftpd_enable
3730is set to
3731.Dq Li YES ,
3732these are the additional flags to pass to the
3733.Xr ftpd 8
3734daemon.
3735.It Va watchdogd_enable
3736.Pq Vt bool
3737If set to
3738.Dq Li YES ,
3739start the
3740.Xr watchdogd 8
3741daemon at boot time.
3742This requires that the kernel have been compiled with a
3743.Xr watchdog 4
3744compatible device.
3745.It Va watchdogd_flags
3746.Pq Vt str
3747If
3748.Va watchdogd_enable
3749is set to
3750.Dq Li YES ,
3751these are the flags passed to the
3752.Xr watchdogd 8
3753daemon.
3754.It Va watchdogd_timeout
3755.Pq Vt int
3756If
3757.Va watchdogd_enable
3758is set to
3759.Dq Li YES ,
3760this is a timeout that will be used by the
3761.Xr watchdogd 8
3762daemon.
3763If this option is set, it overrides
3764.Fl t
3765in
3766.Va watchdogd_flags .
3767.It Va watchdogd_shutdown_timeout
3768.Pq Vt int
3769If
3770.Va watchdogd_enable
3771is set to
3772.Dq Li YES ,
3773this is a timeout that will be set by the
3774.Xr watchdogd 8
3775daemon when it exits during the system shutdown.
3776This timeout will not be set when returning to the single-user mode
3777or when the watchdogd service is stopped individually using the
3778.Xr service 8
3779command or the rc.d script.
3780Note that the timeout will be applied if
3781.Xr watchdogd 8
3782is stopped outside of
3783.Xr rc 8
3784framework.
3785If this option is set, it overrides
3786.Fl x
3787in
3788.Va watchdogd_flags .
3789.It Va devfs_rulesets
3790.Pq Vt str
3791List of files containing sets of rules for
3792.Xr devfs 8 .
3793.It Va devfs_system_ruleset
3794.Pq Vt str
3795Rule name(s) to apply to the system
3796.Pa /dev
3797itself.
3798.It Va devfs_set_rulesets
3799.Pq Vt str
3800Pairs of already-mounted
3801.Pa dev
3802directories and rulesets that should be applied to them.
3803For example: /mount/dev=ruleset_name
3804.It Va devfs_load_rulesets
3805.Pq Vt bool
3806If set, always load the default rulesets listed in
3807.Va devfs_rulesets .
3808.It Va performance_cx_lowest
3809.Pq Vt str
3810CPU idle state to use while on AC power.
3811The string
3812.Dq Li LOW
3813indicates that
3814.Xr acpi 4
3815should use the lowest power state available while
3816.Dq Li HIGH
3817indicates that the lowest latency state (less power savings) should be used.
3818.It Va performance_cpu_freq
3819.Pq Vt str
3820CPU clock frequency to use while on AC power.
3821The string
3822.Dq Li LOW
3823indicates that
3824.Xr cpufreq 4
3825should use the lowest frequency available while
3826.Dq Li HIGH
3827indicates that the highest frequency (less power savings) should be used.
3828.It Va economy_cx_lowest
3829.Pq Vt str
3830CPU idle state to use when off AC power.
3831The string
3832.Dq Li LOW
3833indicates that
3834.Xr acpi 4
3835should use the lowest power state available while
3836.Dq Li HIGH
3837indicates that the lowest latency state (less power savings) should be used.
3838.It Va economy_cpu_freq
3839.Pq Vt str
3840CPU clock frequency to use when off AC power.
3841The string
3842.Dq Li LOW
3843indicates that
3844.Xr cpufreq 4
3845should use the lowest frequency available while
3846.Dq Li HIGH
3847indicates that the highest frequency (less power savings) should be used.
3848.It Va jail_enable
3849.Pq Vt bool
3850If set to
3851.Dq Li NO ,
3852any configured jails will not be started.
3853.It Va jail_conf
3854.Pq Vt str
3855The configuration filename used by
3856.Xr jail 8
3857utility.
3858The default value is
3859.Pa /etc/jail.conf .
3860.It Va jail_parallel_start
3861.Pq Vt bool
3862If set to
3863.Dq Li YES ,
3864all configured jails will be started in the background (in parallel).
3865.It Va jail_flags
3866.Pq Vt str
3867Unset by default.
3868When set, use as default value for
3869.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3870for every jail in
3871.Va jail_list .
3872.It Va jail_list
3873.Pq Vt str
3874A space-delimited list of jail names.
3875When left empty, all of the
3876.Xr jail 8
3877instances defined in the configuration file are started.
3878The names specified in this list control the jail startup order.
3879.Xr jail 8
3880instances missing from
3881.Va jail_list
3882must be started manually.
3883Note that a jail's
3884.Va depend
3885parameter in the configuration file may override this list.
3886.It Va jail_reverse_stop
3887.Pq Vt bool
3888When set to
3889.Dq Li YES ,
3890all configured jails in
3891.Va jail_list
3892are stopped in reverse order.
3893.It Va jail_ Ns * variables
3894Note that older releases supported per-jail configuration via
3895.Nm
3896variables.
3897For example,
3898hostname of a jail named
3899.Li vjail
3900was able to be set by
3901.Li jail_vjail_hostname .
3902These per-jail configuration variables are now obsolete in favor of
3903.Xr jail 8
3904configuration file.
3905For backward compatibility,
3906when per-jail configuration variables are defined,
3907.Xr jail 8
3908configuration files are created as
3909.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3910and used.
3911.Pp
3912The following per-jail parameters are handled by
3913.Pa rc.d/jail
3914script out of their corresponding
3915.Nm
3916variables.
3917In addition to them, parameters in
3918.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3919will be added to the configuration file.
3920They must be a semi-colon
3921.Pq Ql \&;
3922delimited list of
3923.Dq key=value .
3924For more details,
3925see
3926.Xr jail 8
3927manual page.
3928.Bl  -tag -width "host.hostname" -offset indent
3929.It Li path
3930set from
3931.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3932.It Li host.hostname
3933set from
3934.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3935.It Li exec.consolelog
3936set from
3937.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3938The default value is
3939.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3940.It Li interface
3941set from
3942.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3943.It Li vnet.interface
3944set from
3945.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3946This implies
3947.Li vnet
3948parameter will be enabled and cannot be specified with
3949.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3950.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3951and/or
3952.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3953at the same time.
3954.It Li fstab
3955set from
3956.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3957.It Li mount
3958set from
3959.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
3960.It Li exec.fib
3961set from
3962.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3963.It Li exec.start
3964set from
3965.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
3966The parameter name was
3967.Li command
3968in some older releases.
3969.It Li exec.prestart
3970set from
3971.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
3972.It Li exec.poststart
3973set from
3974.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
3975.It Li exec.stop
3976set from
3977.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3978.It Li exec.prestop
3979set from
3980.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
3981.It Li exec.poststop
3982set from
3983.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
3984.It Li ip4.addr
3985set if
3986.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3987or
3988.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3989contain IPv4 addresses
3990.It Li ip6.addr
3991set if
3992.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3993or
3994.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3995contain IPv6 addresses
3996.It Li allow.mount
3997set from
3998.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3999.It Li mount.devfs
4000set from
4001.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
4002.It Li devfs_ruleset
4003set from
4004.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
4005This must be an integer,
4006not a string.
4007.It Li mount.fdescfs
4008set from
4009.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
4010.It Li allow.set_hostname
4011set from
4012.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4013.It Li allow.rawsocket
4014set from
4015.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4016.It Li allow.sysvipc
4017set from
4018.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4019.El
4020.\" -----------------------------------------------------
4021.It Va harvest_mask
4022.Pq Vt int
4023Set to a bit-mask
4024representing the entropy sources
4025you wish to harvest.
4026Refer to
4027.Xr random 4
4028for more information.
4029.It Va entropy_dir
4030.Pq Vt str
4031Set to
4032.Dq Li NO
4033to disable caching entropy via
4034.Xr cron 8 .
4035Otherwise set to the directory
4036in which the entropy files are stored.
4037To be useful,
4038there must be
4039a system cron job
4040that regularly writes and rotates
4041files here.
4042All files found
4043will be used at boot time.
4044The default is
4045.Pa /var/db/entropy .
4046.It Va entropy_file
4047.Pq Vt str
4048Set to
4049.Dq Li NO
4050to disable caching entropy through reboots.
4051Otherwise set to the name
4052of a file used to store cached entropy.
4053This file should be located
4054on a file system that is readable
4055before all the volumes specified in
4056.Xr fstab 5
4057are mounted.
4058By default,
4059.Pa /entropy
4060is used,
4061but if
4062.Pa /var/db/entropy-file
4063is found it will also be used.
4064This will be of some use to
4065.Xr bsdinstall 8 .
4066.It Va entropy_boot_file
4067.Pq Vt str
4068Set to
4069.Dq Li NO
4070to disable
4071very early caching entropy
4072through reboots.
4073Otherwise set to the filename
4074used to read
4075very early reboot cached entropy.
4076This file should be located where
4077.Xr loader 8
4078can read it.
4079See also
4080.Xr loader.conf 5 .
4081The default location is
4082.Pa /boot/entropy .
4083.It Va entropy_save_sz
4084.Pq Vt int
4085Size of the entropy cache files saved by
4086.Nm save-entropy
4087periodically.
4088.It Va entropy_save_num
4089.Pq Vt int
4090Number of entropy cache files to save by
4091.Nm save-entropy
4092periodically.
4093.It Va ipsec_enable
4094.Pq Vt bool
4095Set to
4096.Dq Li YES
4097to run
4098.Xr setkey 8
4099on
4100.Va ipsec_file
4101at boot time.
4102.It Va ipsec_file
4103.Pq Vt str
4104Configuration file for
4105.Xr setkey 8 .
4106.It Va dmesg_enable
4107.Pq Vt bool
4108Set to
4109.Dq Li YES
4110to save
4111.Xr dmesg 8
4112to
4113.Pa /var/run/dmesg.boot
4114on boot.
4115.It Va rcshutdown_timeout
4116.Pq Vt int
4117If set, start a watchdog timer in the background which will terminate
4118.Pa rc.shutdown
4119if
4120.Xr shutdown 8
4121has not completed within the specified time (in seconds).
4122Notice that in addition to this soft timeout,
4123.Xr init 8
4124also applies a hard timeout for the execution of
4125.Pa rc.shutdown .
4126This is configured via
4127.Xr sysctl 8
4128variable
4129.Va kern.init_shutdown_timeout
4130and defaults to 120 seconds.
4131Setting the value of
4132.Va rcshutdown_timeout
4133to more than 120 seconds will have no effect until the
4134.Xr sysctl 8
4135variable
4136.Va kern.init_shutdown_timeout
4137is also increased.
4138.It Va virecover_enable
4139.Pq Vt bool
4140Set to
4141.Dq Li NO
4142to prevent the system from trying to
4143recover pre-maturely terminated
4144.Xr vi 1
4145sessions.
4146.It Va ugidfw_enable
4147.Pq Vt bool
4148Set to
4149.Dq Li YES
4150to load the
4151.Xr mac_bsdextended 4
4152module upon system initialization and load a default
4153ruleset file.
4154.It Va bsdextended_script
4155.Pq Vt str
4156The default
4157.Xr mac_bsdextended 4
4158ruleset file to load.
4159The default value of this variable is
4160.Pa /etc/rc.bsdextended .
4161.It Va newsyslog_enable
4162.Pq Vt bool
4163If set to
4164.Dq Li YES ,
4165run
4166.Xr newsyslog 8
4167command at startup.
4168.It Va newsyslog_flags
4169.Pq Vt str
4170If
4171.Va newsyslog_enable
4172is set to
4173.Dq Li YES ,
4174these are the flags to pass to the
4175.Xr newsyslog 8
4176program.
4177The default is
4178.Dq Li -CN ,
4179which causes log files flagged with a
4180.Cm C
4181to be created.
4182.It Va mdconfig_md Ns Aq Ar X
4183.Pq Vt str
4184Arguments to
4185.Xr mdconfig 8
4186for
4187.Xr md 4
4188device
4189.Ar X .
4190At minimum a
4191.Fl t Ar type
4192must be specified and either a
4193.Fl s Ar size
4194for malloc or swap backed
4195.Xr md 4
4196devices or a
4197.Fl f Ar file
4198for vnode backed
4199.Xr md 4
4200devices.
4201Note that
4202.Va mdconfig_md Ns Aq Ar X
4203variables are evaluated until one variable is unset or null.
4204.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4205.Pq Vt str
4206Optional arguments passed to
4207.Xr newfs 8
4208to initialize
4209.Xr md 4
4210device
4211.Ar X .
4212.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4213.Pq Vt str
4214An ownership specification passed to
4215.Xr chown 8
4216after the specified
4217.Xr md 4
4218device
4219.Ar X
4220has been mounted.
4221Both the
4222.Xr md 4
4223device and the mount point will be changed.
4224.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4225.Pq Vt str
4226A mode string passed to
4227.Xr chmod 1
4228after the specified
4229.Xr md 4
4230device
4231.Ar X
4232has been mounted.
4233Both the
4234.Xr md 4
4235device and the mount point will be changed.
4236.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4237.Pq Vt str
4238Files to be copied to the mount point of the
4239.Xr md 4
4240device
4241.Ar X
4242after it has been mounted.
4243.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4244.Pq Vt str
4245Command to execute after the specified
4246.Xr md 4
4247device
4248.Ar X
4249has been mounted.
4250Note that the command is passed to
4251.Ic eval
4252and that both
4253.Va _dev
4254and
4255.Va _mp
4256variables can be used to reference respectively the
4257.Xr md 4
4258device and the mount point.
4259Assuming that the
4260.Xr md 4
4261device is
4262.Li md0 ,
4263one could set the following:
4264.Bd -literal
4265mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4266.Ed
4267.It Va autobridge_interfaces
4268.Pq Vt str
4269Set to the list of bridge interfaces that will have newly arriving interfaces
4270checked against to be automatically added.
4271If not set to
4272.Dq Li NO
4273then for each whitespace separated
4274.Ar element
4275in the value, a
4276.Va autobridge_ Ns Aq Ar element
4277variable is assumed to exist which has a whitespace separated list of interface
4278names to match, these names can use wildcards.
4279For example:
4280.Bd -literal
4281autobridge_interfaces="bridge0"
4282autobridge_bridge0="tap* dc0 vlan[345]"
4283.Ed
4284.It Va mixer_enable
4285.Pq Vt bool
4286If set to
4287.Dq Li YES ,
4288enable support for sound mixer.
4289.It Va hcsecd_enable
4290.Pq Vt bool
4291If set to
4292.Dq Li YES ,
4293enable Bluetooth security daemon.
4294.It Va hcsecd_config
4295.Pq Vt str
4296Configuration file for
4297.Xr hcsecd 8 .
4298Default
4299.Pa /etc/bluetooth/hcsecd.conf .
4300.It Va sdpd_enable
4301.Pq Vt bool
4302If set to
4303.Dq Li YES ,
4304enable Bluetooth Service Discovery Protocol daemon.
4305.It Va sdpd_control
4306.Pq Vt str
4307Path to
4308.Xr sdpd 8
4309control socket.
4310Default
4311.Pa /var/run/sdp .
4312.It Va sdpd_groupname
4313.Pq Vt str
4314Sets
4315.Xr sdpd 8
4316group to run as after it initializes.
4317Default
4318.Dq Li nobody .
4319.It Va sdpd_username
4320.Pq Vt str
4321Sets
4322.Xr sdpd 8
4323user to run as after it initializes.
4324Default
4325.Dq Li nobody .
4326.It Va bthidd_enable
4327.Pq Vt bool
4328If set to
4329.Dq Li YES ,
4330enable Bluetooth Human Interface Device daemon.
4331.It Va bthidd_config
4332.Pq Vt str
4333Configuration file for
4334.Xr bthidd 8 .
4335Default
4336.Pa /etc/bluetooth/bthidd.conf .
4337.It Va bthidd_hids
4338.Pq Vt str
4339Path to a file, where
4340.Xr bthidd 8
4341will store information about known HID devices.
4342Default
4343.Pa /var/db/bthidd.hids .
4344.It Va rfcomm_pppd_server_enable
4345.Pq Vt bool
4346If set to
4347.Dq Li YES ,
4348enable Bluetooth RFCOMM PPP wrapper daemon.
4349.It Va rfcomm_pppd_server_profile
4350.Pq Vt str
4351The name of the profile to use from
4352.Pa /etc/ppp/ppp.conf .
4353Multiple profiles can be specified here.
4354Also used to specify per-profile overrides.
4355When the profile name contains any of the characters
4356.Dq Li .-/+
4357they are translated to
4358.Dq Li _
4359for the proposes of the override variable names.
4360.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4361.Pq Vt str
4362Overrides local address to listen on.
4363By default
4364.Xr rfcomm_pppd 8
4365will listen on
4366.Dq Li ANY
4367address.
4368The address can be specified as BD_ADDR or name.
4369.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4370.Pq Vt str
4371Overrides local RFCOMM channel to listen on.
4372By default
4373.Xr rfcomm_pppd 8
4374will listen on RFCOMM channel 1.
4375Must set properly if multiple profiles used in the same time.
4376.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4377.Pq Vt bool
4378Tells
4379.Xr rfcomm_pppd 8
4380if it should register Serial Port service on the specified RFCOMM channel.
4381Default
4382.Dq Li NO .
4383.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4384.Pq Vt bool
4385Tells
4386.Xr rfcomm_pppd 8
4387if it should register Dial-Up Networking service on the specified
4388RFCOMM channel.
4389Default
4390.Dq Li NO .
4391.It Va ubthidhci_enable
4392.Pq Vt bool
4393If set to
4394.Dq Li YES ,
4395change the USB Bluetooth controller from HID mode to HCI mode.
4396You also need to specify the location of USB Bluetooth controller with the
4397.Va ubthidhci_busnum
4398and
4399.Va ubthidhci_addr
4400variables.
4401.It Va ubthidhci_busnum
4402Bus number where the USB Bluetooth controller is located.
4403Check the output of
4404.Xr usbconfig 8
4405on your system to find this information.
4406.It Va ubthidhci_addr
4407Bus address of the USB Bluetooth controller.
4408Check the output of
4409.Xr usbconfig 8
4410on your system to find this information.
4411.It Va netwait_enable
4412.Pq Vt bool
4413If set to
4414.Dq Li YES ,
4415delays the start of network-reliant services until
4416.Va netwait_if
4417is up and ICMP packets to a destination defined in
4418.Va netwait_ip
4419are flowing.
4420Link state is examined first, followed by
4421.Dq Li pinging
4422an IP address to verify network usability.
4423If no destination can be reached or timeouts are exceeded,
4424network services are started anyway with no guarantee that
4425the network is usable.
4426Use of this variable requires both
4427.Va netwait_ip
4428and
4429.Va netwait_if
4430to be set.
4431.It Va netwait_ip
4432.Pq Vt str
4433Empty by default.
4434This variable contains a space-delimited list of IP addresses to
4435.Xr ping 8 .
4436DNS hostnames should not be used as resolution is not guaranteed
4437to be functional at this point.
4438If multiple IP addresses are specified,
4439each will be tried until one is successful or the list is exhausted.
4440.It Va netwait_timeout
4441.Pq Vt int
4442Indicates the total number of seconds to perform a
4443.Dq Li ping
4444against each IP address in
4445.Va netwait_ip ,
4446at a rate of one ping per second.
4447If any of the pings are successful,
4448full network connectivity is considered reliable.
4449The default is 60.
4450.It Va netwait_if
4451.Pq Vt str
4452Empty by default.
4453Defines the name of the network interface on which watch for link.
4454.Xr ifconfig 8
4455is used to monitor the interface, looking for
4456.Dq Li status: no carrier .
4457Once gone, the link is considered up.
4458This can be a
4459.Xr vlan 4
4460interface if desired.
4461.It Va netwait_if_timeout
4462.Pq Vt int
4463Defines the total number of seconds to wait for link to become usable,
4464polled at a 1-second interval.
4465The default is 30.
4466.It Va rctl_enable
4467.Pq Vt bool
4468If set to
4469.Dq Li YES ,
4470load
4471.Xr rctl 8
4472rules from the defined ruleset.
4473The kernel must be built with
4474.Cd "options RACCT"
4475and
4476.Cd "options RCTL" .
4477.It Va rctl_rules
4478.Pq Vt str
4479Set to
4480.Pa /etc/rctl.conf
4481by default.
4482This variables contains the
4483.Xr rctl.conf 5
4484ruleset to load for
4485.Xr rctl 8 .
4486.It Va iovctl_files
4487.Pq Vt str
4488A space-separated list of configuration files used by
4489.Xr iovctl 8 .
4490The default value is an empty string.
4491.It Va autofs_enable
4492.Pq Vt bool
4493If set to
4494.Dq Li YES ,
4495start the
4496.Xr automount 8
4497utility and the
4498.Xr automountd 8
4499and
4500.Xr autounmountd 8
4501daemons at boot time.
4502.It Va automount_flags
4503.Pq Vt str
4504If
4505.Va autofs_enable
4506is set to
4507.Dq Li YES ,
4508these are the flags to pass to the
4509.Xr automount 8
4510program.
4511By default no flags are passed.
4512.It Va automountd_flags
4513.Pq Vt str
4514If
4515.Va autofs_enable
4516is set to
4517.Dq Li YES ,
4518these are the flags to pass to the
4519.Xr automountd 8
4520daemon.
4521By default no flags are passed.
4522.It Va autounmountd_flags
4523.Pq Vt str
4524If
4525.Va autofs_enable
4526is set to
4527.Dq Li YES ,
4528these are the flags to pass to the
4529.Xr autounmountd 8
4530daemon.
4531By default no flags are passed.
4532.It Va ctld_enable
4533.Pq Vt bool
4534If set to
4535.Dq Li YES ,
4536start the
4537.Xr ctld 8
4538daemon at boot time.
4539.It Va iscsid_enable
4540.Pq Vt bool
4541If set to
4542.Dq Li YES ,
4543start the
4544.Xr iscsid 8
4545daemon at boot time.
4546.It Va iscsictl_enable
4547.Pq Vt bool
4548If set to
4549.Dq Li YES ,
4550start the
4551.Xr iscsictl 8
4552utility at boot time.
4553.It Va iscsictl_flags
4554.Pq Vt str
4555If
4556.Va iscsictl_enable
4557is set to
4558.Dq Li YES ,
4559these are the flags to pass to the
4560.Xr iscsictl 8
4561program.
4562The default is
4563.Dq Li -Aa ,
4564which configures sessions based on the
4565.Pa /etc/iscsi.conf
4566configuration file.
4567.It Va cfumass_enable
4568.Pq Vt bool
4569If set to
4570.Dq Li YES ,
4571create and export an USB LUN using
4572.Xr cfumass 4
4573at boot time.
4574.It Va cfumass_dir
4575.Pq Vt str
4576The directory where the files exported by USB LUN are located.
4577The default directory is
4578.Pa /var/cfumass .
4579.It Va service_delete_empty
4580.Pq Vt bool
4581If set to
4582.Dq Li YES ,
4583.Ql Li service delete
4584removes empty
4585.Dq Li rc.conf.d
4586files.
4587.It Va zfs_bootonce_activate
4588.Pq Vt bool
4589If set to
4590.Dq Li YES ,
4591and a boot environment marked bootonce is successfully booted,
4592it will be made permanently active.
4593.El
4594.Sh FILES
4595.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4596.It Pa /etc/defaults/rc.conf
4597.It Pa /etc/defaults/vendor.conf
4598.It Pa /etc/rc.conf
4599.It Pa /etc/rc.conf.local
4600.El
4601.Sh SEE ALSO
4602.Xr chmod 1 ,
4603.Xr gdb 1 ,
4604.Xr info 1 ,
4605.Xr kbdcontrol 1 ,
4606.Xr makewhatis 1 ,
4607.Xr sh 1 ,
4608.Xr vi 1 ,
4609.Xr vidcontrol 1 ,
4610.Xr bridge 4 ,
4611.Xr dummynet 4 ,
4612.Xr ip 4 ,
4613.Xr ipf 4 ,
4614.Xr ipfw 4 ,
4615.Xr ipnat 4 ,
4616.Xr kld 4 ,
4617.Xr pf 4 ,
4618.Xr pflog 4 ,
4619.Xr pfsync 4 ,
4620.Xr tcp 4 ,
4621.Xr udp 4 ,
4622.Xr exports 5 ,
4623.Xr fstab 5 ,
4624.Xr ipf 5 ,
4625.Xr ipnat 5 ,
4626.Xr jail.conf 5 ,
4627.Xr loader.conf 5 ,
4628.Xr motd 5 ,
4629.Xr newsyslog.conf 5 ,
4630.Xr pf.conf 5 ,
4631.Xr security 7 ,
4632.Xr accton 8 ,
4633.Xr amd 8 ,
4634.Xr apm 8 ,
4635.Xr bsdinstall 8 ,
4636.Xr bthidd 8 ,
4637.Xr chkprintcap 8 ,
4638.Xr chown 8 ,
4639.Xr cron 8 ,
4640.Xr devfs 8 ,
4641.Xr dhclient 8 ,
4642.Xr ftpd 8 ,
4643.Xr geli 8 ,
4644.Xr hcsecd 8 ,
4645.Xr ifconfig 8 ,
4646.Xr inetd 8 ,
4647.Xr iovctl 8 ,
4648.Xr ipf 8 ,
4649.Xr ipfw 8 ,
4650.Xr ipnat 8 ,
4651.Xr jail 8 ,
4652.Xr kldxref 8 ,
4653.Xr loader 8 ,
4654.Xr lpd 8 ,
4655.Xr mdconfig 8 ,
4656.Xr mdmfs 8 ,
4657.Xr mixer 8 ,
4658.Xr mountd 8 ,
4659.Xr moused 8 ,
4660.Xr newfs 8 ,
4661.Xr newsyslog 8 ,
4662.Xr nfsd 8 ,
4663.Xr ntpd 8 ,
4664.Xr ntpdate 8 ,
4665.Xr pfctl 8 ,
4666.Xr pflogd 8 ,
4667.Xr ping 8 ,
4668.Xr powerd 8 ,
4669.Xr quotacheck 8 ,
4670.Xr quotaon 8 ,
4671.Xr rc 8 ,
4672.Xr rc.sendmail 8 ,
4673.Xr rfcomm_pppd 8 ,
4674.Xr route 8 ,
4675.Xr routed 8 ,
4676.Xr rpc.lockd 8 ,
4677.Xr rpc.statd 8 ,
4678.Xr rpcbind 8 ,
4679.Xr rwhod 8 ,
4680.Xr savecore 8 ,
4681.Xr sdpd 8 ,
4682.Xr service 8 ,
4683.Xr sshd 8 ,
4684.Xr swapon 8 ,
4685.Xr sysctl 8 ,
4686.Xr syslogd 8 ,
4687.Xr sysrc 8 ,
4688.Xr timed 8 ,
4689.Xr unbound 8 ,
4690.Xr usbconfig 8 ,
4691.Xr wlandebug 8 ,
4692.Xr yp 8 ,
4693.Xr ypbind 8 ,
4694.Xr ypserv 8 ,
4695.Xr ypset 8
4696.Sh HISTORY
4697The
4698.Nm
4699file appeared in
4700.Fx 2.2.2 .
4701.Sh AUTHORS
4702.An Jordan K. Hubbard .
4703