1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd January 10, 2021 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _user 196.Pq Vt str 197Run the service under this user account. 198.It Ao Ar name Ac Ns Va _group 199.Pq Vt str 200Run the chrooted service under this system group. 201Unlike the _user 202setting, this setting has no effect if the service is not chrooted. 203.It Ao Ar name Ac Ns Va _fib 204.Pq Vt int 205The 206.Xr setfib 1 207value to run the service under. 208.It Ao Ar name Ac Ns Va _nice 209.Pq Vt int 210The 211.Xr nice 1 212value to run the service under. 213.It Va apm_enable 214.Pq Vt bool 215If set to 216.Dq Li YES , 217enable support for Automatic Power Management with 218the 219.Xr apm 8 220command. 221.It Va apmd_enable 222.Pq Vt bool 223Run 224.Xr apmd 8 225to handle APM event from userland. 226This also enables support for APM. 227.It Va apmd_flags 228.Pq Vt str 229If 230.Va apmd_enable 231is set to 232.Dq Li YES , 233these are the flags to pass to the 234.Xr apmd 8 235daemon. 236.It Va devd_enable 237.Pq Vt bool 238Run 239.Xr devd 8 240to handle device added, removed or unknown events from the kernel. 241.It Va ddb_enable 242.Pq Vt bool 243Run 244.Xr ddb 8 245to install 246.Xr ddb 4 247scripts at boot time. 248.It Va ddb_config 249.Pq Vt str 250Configuration file for 251.Xr ddb 8 . 252Default 253.Pa /etc/ddb.conf . 254.It Va devmatch_enable 255.Pq Vt bool 256If set to 257.Dq Li NO , 258disable auto-loading of kernel modules with 259.Xr devmatch 8 . 260.It Va devmatch_blacklist 261.Pq Vt str 262A whitespace-separated list of kernel modules to be ignored by 263.Xr devmatch 8 . 264.It Va kld_list 265.Pq Vt str 266A whitespace-separated list of kernel modules to load right after 267the local disks are mounted, without any 268.Pa .ko 269extension or path. 270Loading modules at this point in the boot process is 271much faster than doing it via 272.Pa /boot/loader.conf 273for those modules not necessary for mounting local disks. 274.It Va kldxref_enable 275.Pq Vt bool 276Set to 277.Dq Li NO 278by default. 279Set to 280.Dq Li YES 281to automatically rebuild 282.Pa linker.hints 283files with 284.Xr kldxref 8 285at boot time. 286.It Va kldxref_clobber 287.Pq Vt bool 288Set to 289.Dq Li NO 290by default. 291If 292.Va kldxref_enable 293is true, 294setting to 295.Dq Li YES 296will overwrite existing 297.Pa linker.hints 298files at boot time. 299Otherwise, 300only missing 301.Pa linker.hints 302files are generated. 303.It Va kldxref_module_path 304.Pq Vt str 305Empty by default. 306A semi-colon 307.Pq Ql \&; 308delimited list of paths containing 309.Xr kld 4 310modules. 311If empty, 312the contents of the 313.Va kern.module_path 314.Xr sysctl 8 315are used. 316.It Va powerd_enable 317.Pq Vt bool 318If set to 319.Dq Li YES , 320enable the system power control facility with the 321.Xr powerd 8 322daemon. 323.It Va powerd_flags 324.Pq Vt str 325If 326.Va powerd_enable 327is set to 328.Dq Li YES , 329these are the flags to pass to the 330.Xr powerd 8 331daemon. 332.It Va tmpmfs 333Controls the creation of a 334.Pa /tmp 335memory file system. 336Always happens if set to 337.Dq Li YES 338and never happens if set to 339.Dq Li NO . 340If set to anything else, a memory file system is created if 341.Pa /tmp 342is not writable. 343.It Va tmpsize 344Controls the size of a created 345.Pa /tmp 346memory file system. 347.It Va tmpmfs_flags 348Extra options passed to the 349.Xr mdmfs 8 350utility when the memory file system for 351.Pa /tmp 352is created. 353The default is 354.Dq Li "-S" , 355which inhibits the use of softupdates on 356.Pa /tmp 357so that file system space is freed without delay 358after file truncation or deletion. 359See 360.Xr mdmfs 8 361for other options you can use in 362.Va tmpmfs_flags . 363.It Va varmfs 364Controls the creation of a 365.Pa /var 366memory file system. 367Always happens if set to 368.Dq Li YES 369and never happens if set to 370.Dq Li NO . 371If set to anything else, a memory file system is created if 372.Pa /var 373is not writable. 374.It Va varsize 375Controls the size of a created 376.Pa /var 377memory file system. 378.It Va varmfs_flags 379Extra options passed to the 380.Xr mdmfs 8 381utility when the memory file system for 382.Pa /var 383is created. 384The default is 385.Dq Li "-S" , 386which inhibits the use of softupdates on 387.Pa /var 388so that file system space is freed without delay 389after file truncation or deletion. 390See 391.Xr mdmfs 8 392for other options you can use in 393.Va varmfs_flags . 394.It Va populate_var 395Controls the automatic population of the 396.Pa /var 397file system. 398Always happens if set to 399.Dq Li YES 400and never happens if set to 401.Dq Li NO . 402If set to anything else, a memory file system is created if 403.Pa /var 404is not writable. 405Note that this process requires access to certain commands in 406.Pa /usr 407before 408.Pa /usr 409is mounted on normal systems. 410.It Va cleanvar_enable 411.Pq Vt bool 412Clean the 413.Pa /var 414directory. 415.It Va local_startup 416.Pq Vt str 417List of directories to search for startup script files. 418.It Va script_name_sep 419.Pq Vt str 420The field separator to use for breaking down the list of startup script files 421into individual filenames. 422The default is a space. 423It is not necessary to change this unless there are startup scripts with names 424containing spaces. 425.It Va hostapd_enable 426.Pq Vt bool 427Set to 428.Dq Li YES 429to start 430.Xr hostapd 8 431at system boot time. 432.It Va hostname 433.Pq Vt str 434The fully qualified domain name (FQDN) of this host on the network. 435This should almost certainly be set to something meaningful, even if 436there is no network connection. 437If 438.Xr dhclient 8 439is used to set the hostname via DHCP, 440this variable should be set to an empty string. 441Within a 442.Xr jail 8 443the hostname is generally already set and this variable may be absent. 444If this value remains unset when the system is done booting 445your console login will display the default hostname of 446.Dq Amnesiac . 447.It Va nisdomainname 448.Pq Vt str 449The NIS domain name of this host, or 450.Dq Li NO 451if NIS is not used. 452.It Va dhclient_program 453.Pq Vt str 454Path to the DHCP client program 455.Pa ( /sbin/dhclient , 456the 457.Ox 458DHCP client, 459is the default). 460.It Va dhclient_flags 461.Pq Vt str 462Additional flags to pass to the DHCP client program. 463For the 464.Ox 465DHCP client, see the 466.Xr dhclient 8 467manpage for a description of the command line options available. 468.It Va dhclient_flags_ Ns Aq Ar iface 469Additional flags to pass to the DHCP client program running on 470.Ar iface 471only. 472When specified, this variable overrides 473.Va dhclient_flags . 474.It Va background_dhclient 475.Pq Vt bool 476Set to 477.Dq Li YES 478to start the DHCP client in background. 479This can cause trouble with applications depending on 480a working network, but it will provide a faster startup 481in many cases. 482.It Va background_dhclient_ Ns Aq Ar iface 483When specified, this variable overrides the 484.Va background_dhclient 485variable for interface 486.Ar iface 487only. 488.It Va synchronous_dhclient 489.Pq Vt bool 490Set to 491.Dq Li YES 492to start 493.Xr dhclient 8 494synchronously at startup. 495This behavior can be overridden on a per-interface basis by replacing 496the 497.Dq Li DHCP 498keyword in the 499.Va ifconfig_ Ns Aq Ar interface 500variable with 501.Dq Li SYNCDHCP 502or 503.Dq Li NOSYNCDHCP . 504.It Va defaultroute_delay 505.Pq Vt int 506When set to a positive value, wait up to this long after configuring 507DHCP interfaces at startup to give the interfaces time to receive a lease. 508.It Va firewall_enable 509.Pq Vt bool 510Set to 511.Dq Li YES 512to load firewall rules at startup. 513If the kernel was not built with 514.Cd "options IPFIREWALL" , 515the 516.Pa ipfw.ko 517kernel module will be loaded. 518See also 519.Va ipfilter_enable . 520.It Va firewall_script 521.Pq Vt str 522This variable specifies the full path to the firewall script to run. 523The default is 524.Pa /etc/rc.firewall . 525.It Va firewall_type 526.Pq Vt str 527Names the firewall type from the selection in 528.Pa /etc/rc.firewall , 529or the file which contains the local firewall ruleset. 530Valid selections from 531.Pa /etc/rc.firewall 532are: 533.Pp 534.Bl -tag -width ".Li simple" -compact 535.It Li open 536unrestricted IP access 537.It Li closed 538all IP services disabled, except via 539.Dq Li lo0 540.It Li client 541basic protection for a workstation 542.It Li simple 543basic protection for a LAN. 544.El 545.Pp 546If a filename is specified, the full path 547must be given. 548.It Va firewall_quiet 549.Pq Vt bool 550Set to 551.Dq Li YES 552to disable the display of firewall rules on the console during boot. 553.It Va firewall_logging 554.Pq Vt bool 555Set to 556.Dq Li YES 557to enable firewall event logging. 558This is equivalent to the 559.Dv IPFIREWALL_VERBOSE 560kernel option. 561.It Va firewall_logif 562.Pq Vt bool 563Set to 564.Dq Li YES 565to create pseudo interface 566.Li ipfw0 567for logging. 568For more details, see 569.Xr ipfw 8 570manual page. 571.It Va firewall_flags 572.Pq Vt str 573Flags passed to 574.Xr ipfw 8 575if 576.Va firewall_type 577specifies a filename. 578.It Va firewall_coscripts 579.Pq Vt str 580List of executables and/or rc scripts to run after firewall starts/stops. 581Default is empty. 582.\" ----- firewall_nat_enable setting -------------------------------- 583.It Va firewall_nat_enable 584.Pq Vt bool 585The 586.Xr ipfw 8 587equivalent of 588.Va natd_enable . 589Setting this to 590.Dq Li YES 591will automatically load the 592.Xr ipfw 8 593NAT kernel module if 594.Va firewall_enable 595is also set to 596.Dq Li YES . 597.It Va firewall_nat_interface 598.Pq Vt str 599The 600.Xr ipfw 8 601equivalent of 602.Va natd_interface . 603This is the name of the public interface or IP address on which 604kernel NAT should run. 605.It Va firewall_nat_flags 606.Pq Vt str 607Additional configuration parameters for kernel NAT should be placed here. 608.It Va firewall_nat64_enable 609.Pq Vt bool 610Setting this to 611.Dq Li YES 612will automatically load the 613.Xr ipfw 8 614NAT64 kernel module if 615.Va firewall_enable 616is also set to 617.Dq Li YES . 618.It Va firewall_nptv6_enable 619.Pq Vt bool 620Setting this to 621.Dq Li YES 622will automatically load the 623.Xr ipfw 8 624NPTv6 kernel module if 625.Va firewall_enable 626is also set to 627.Dq Li YES . 628.It Va firewall_pmod_enable 629.Pq Vt bool 630Setting this to 631.Dq Li YES 632will automatically load the 633.Xr ipfw 8 634pmod kernel module if 635.Va firewall_enable 636is also set to 637.Dq Li YES . 638.It Va dummynet_enable 639.Pq Vt bool 640Setting this to 641.Dq Li YES 642will automatically load the 643.Xr dummynet 4 644module if 645.Va firewall_enable 646is also set to 647.Dq Li YES . 648.\" ------------------------------------------------------------------- 649.It Va ipfw_netflow_enable 650.Pq Vt bool 651Setting this to 652.Dq Li YES 653will enable netflow logging via 654.Xr ng_netflow 4 655.Pp 656By default a ipfw rule is inserted and all packets are duplicated with 657the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 658port using protocol version 5. 659.It Va ipfw_netflow_hook 660.Pq Vt int 661netflow hook name, must be numerical 662(default 663.Pa 9995 ) . 664.It Va ipfw_netflow_rule 665.Pq Vt int 666ipfw rule number 667(default 668.Pa 1000 ) . 669.It Va ipfw_netflow_ip 670.Pq Vt str 671Destination server ip for receiving netflow data 672(default 673.Pa 127.0.0.1 ) . 674.It Va ipfw_netflow_port 675.Pq Vt int 676Destination server port for receiving netflow data 677(default 678.Pa 9995 ) . 679.It Va ipfw_netflow_version 680.Pq Vt int 681Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 682.It Va ipfw_netflow_fib 683.Pq Vt int 684Only match packet in FIB 685.Pa ipfw_netflow_fib 686(default is undefined meaning all FIBs). 687.It Va natd_program 688.Pq Vt str 689Path to 690.Xr natd 8 . 691.It Va natd_enable 692.Pq Vt bool 693Set to 694.Dq Li YES 695to enable 696.Xr natd 8 . 697.Va firewall_enable 698must also be set to 699.Dq Li YES , 700and 701.Xr divert 4 702sockets must be enabled in the kernel. 703If the kernel was not built with 704.Cd "options IPDIVERT" , 705the 706.Pa ipdivert.ko 707kernel module will be loaded. 708.It Va natd_interface 709.Pq Vt str 710This is the name of the public interface on which 711.Xr natd 8 712should run. 713The interface may be given as an interface name or as an IP address. 714.It Va natd_flags 715.Pq Vt str 716Additional 717.Xr natd 8 718flags should be placed here. 719The 720.Fl n 721or 722.Fl a 723flag is automatically added with the above 724.Va natd_interface 725as an argument. 726.\" ----- ipfilter_enable setting -------------------------------- 727.It Va ipfilter_enable 728.Pq Vt bool 729Set to 730.Dq Li NO 731by default. 732Setting this to 733.Dq Li YES 734enables 735.Xr ipf 8 736packet filtering. 737.Pp 738Typical usage will require putting 739.Bd -literal 740ipfilter_enable="YES" 741ipnat_enable="YES" 742ipmon_enable="YES" 743ipfs_enable="YES" 744.Ed 745.Pp 746into 747.Pa /etc/rc.conf 748and editing 749.Pa /etc/ipf.rules 750and 751.Pa /etc/ipnat.rules 752appropriately. 753.Pp 754Note that 755.Va ipfilter_enable 756and 757.Va ipnat_enable 758can be enabled independently. 759.Va ipmon_enable 760and 761.Va ipfs_enable 762both require at least one of 763.Va ipfilter_enable 764and 765.Va ipnat_enable 766to be enabled. 767.Pp 768Having 769.Bd -literal 770options IPFILTER 771options IPFILTER_LOG 772options IPFILTER_DEFAULT_BLOCK 773.Ed 774.Pp 775in the kernel configuration file is a good idea, too. 776.\" ----- ipfilter_program setting ------------------------------ 777.It Va ipfilter_program 778.Pq Vt str 779Path to 780.Xr ipf 8 781(default 782.Pa /sbin/ipf ) . 783.\" ----- ipfilter_rules setting -------------------------------- 784.It Va ipfilter_rules 785.Pq Vt str 786Set to 787.Pa /etc/ipf.rules 788by default. 789This variable contains the name of the filter rule definition file. 790The file is expected to be readable for the 791.Xr ipf 8 792command to execute. 793.\" ----- ipv6_ipfilter_rules setting --------------------------- 794.It Va ipv6_ipfilter_rules 795.Pq Vt str 796Set to 797.Pa /etc/ipf6.rules 798by default. 799This variable contains the IPv6 filter rule definition file. 800The file is expected to be readable for the 801.Xr ipf 8 802command to execute. 803.\" ----- ipfilter_flags setting -------------------------------- 804.It Va ipfilter_flags 805.Pq Vt str 806Empty by default. 807This variable contains flags passed to the 808.Xr ipf 8 809program. 810.\" ----- ipnat_enable setting ---------------------------------- 811.It Va ipnat_enable 812.Pq Vt bool 813Set to 814.Dq Li NO 815by default. 816Set it to 817.Dq Li YES 818to enable 819.Xr ipnat 8 820network address translation. 821See 822.Va ipfilter_enable 823for a detailed discussion. 824.\" ----- ipnat_program setting --------------------------------- 825.It Va ipnat_program 826.Pq Vt str 827Path to 828.Xr ipnat 8 829(default 830.Pa /sbin/ipnat ) . 831.\" ----- ipnat_rules setting ----------------------------------- 832.It Va ipnat_rules 833.Pq Vt str 834Set to 835.Pa /etc/ipnat.rules 836by default. 837This variable contains the name of the file 838holding the network address translation definition. 839This file is expected to be readable for the 840.Xr ipnat 8 841command to execute. 842.\" ----- ipnat_flags setting ----------------------------------- 843.It Va ipnat_flags 844.Pq Vt str 845Empty by default. 846This variable contains flags passed to the 847.Xr ipnat 8 848program. 849.\" ----- ipmon_enable setting ---------------------------------- 850.It Va ipmon_enable 851.Pq Vt bool 852Set to 853.Dq Li NO 854by default. 855Set it to 856.Dq Li YES 857to enable 858.Xr ipmon 8 859monitoring (logging 860.Xr ipf 8 861and 862.Xr ipnat 8 863events). 864Setting this variable needs setting 865.Va ipfilter_enable 866or 867.Va ipnat_enable 868too. 869See 870.Va ipfilter_enable 871for a detailed discussion. 872.\" ----- ipmon_program setting --------------------------------- 873.It Va ipmon_program 874.Pq Vt str 875Path to 876.Xr ipmon 8 877(default 878.Pa /sbin/ipmon ) . 879.\" ----- ipmon_flags setting ----------------------------------- 880.It Va ipmon_flags 881.Pq Vt str 882Set to 883.Dq Li -Ds 884by default. 885This variable contains flags passed to the 886.Xr ipmon 8 887program. 888Another typical example would be 889.Dq Fl D Pa /var/log/ipflog 890to have 891.Xr ipmon 8 892log directly to a file bypassing 893.Xr syslogd 8 . 894Make sure to adjust 895.Pa /etc/newsyslog.conf 896in such case like this: 897.Bd -literal 898/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 899.Ed 900.\" ----- ipfs_enable setting ----------------------------------- 901.It Va ipfs_enable 902.Pq Vt bool 903Set to 904.Dq Li NO 905by default. 906Set it to 907.Dq Li YES 908to enable 909.Xr ipfs 8 910saving the filter and NAT state tables during shutdown 911and reloading them during startup again. 912Setting this variable needs setting 913.Va ipfilter_enable 914or 915.Va ipnat_enable 916to 917.Dq Li YES 918too. 919See 920.Va ipfilter_enable 921for a detailed discussion. 922Note that if 923.Va kern_securelevel 924is set to 3, 925.Va ipfs_enable 926cannot be used 927because the raised securelevel will prevent 928.Xr ipfs 8 929from saving the state tables at shutdown time. 930.\" ----- ipfs_program setting ---------------------------------- 931.It Va ipfs_program 932.Pq Vt str 933Path to 934.Xr ipfs 8 935(default 936.Pa /sbin/ipfs ) . 937.\" ----- ipfs_flags setting ------------------------------------ 938.It Va ipfs_flags 939.Pq Vt str 940Empty by default. 941This variable contains flags passed to the 942.Xr ipfs 8 943program. 944.\" ----- end of added ipf hook --------------------------------- 945.It Va pf_enable 946.Pq Vt bool 947Set to 948.Dq Li NO 949by default. 950Setting this to 951.Dq Li YES 952enables 953.Xr pf 4 954packet filtering. 955.Pp 956Typical usage will require putting 957.Pp 958.Dl pf_enable="YES" 959.Pp 960into 961.Pa /etc/rc.conf 962and editing 963.Pa /etc/pf.conf 964appropriately. 965Adding 966.Pp 967.Dl "device pf" 968.Pp 969builds support for 970.Xr pf 4 971into the kernel, otherwise the 972kernel module will be loaded. 973.It Va pf_rules 974.Pq Vt str 975Path to 976.Xr pf 4 977ruleset configuration file 978(default 979.Pa /etc/pf.conf ) . 980.It Va pf_program 981.Pq Vt str 982Path to 983.Xr pfctl 8 984(default 985.Pa /sbin/pfctl ) . 986.It Va pf_flags 987.Pq Vt str 988If 989.Va pf_enable 990is set to 991.Dq Li YES , 992these flags are passed to the 993.Xr pfctl 8 994program when loading the ruleset. 995.It Va pflog_enable 996.Pq Vt bool 997Set to 998.Dq Li NO 999by default. 1000Setting this to 1001.Dq Li YES 1002enables 1003.Xr pflogd 8 1004which logs packets from the 1005.Xr pf 4 1006packet filter. 1007.It Va pflog_logfile 1008.Pq Vt str 1009If 1010.Va pflog_enable 1011is set to 1012.Dq Li YES 1013this controls where 1014.Xr pflogd 8 1015stores the logfile 1016(default 1017.Pa /var/log/pflog ) . 1018Check 1019.Pa /etc/newsyslog.conf 1020to adjust logfile rotation for this. 1021.It Va pflog_program 1022.Pq Vt str 1023Path to 1024.Xr pflogd 8 1025(default 1026.Pa /sbin/pflogd ) . 1027.It Va pflog_flags 1028.Pq Vt str 1029Empty by default. 1030This variable contains additional flags passed to the 1031.Xr pflogd 8 1032program. 1033.It Va pflog_instances 1034.Pq Vt str 1035If logging to more than one 1036.Xr pflog 4 1037interface is desired, 1038.Va pflog_instances 1039is set to the list of 1040.Xr pflogd 8 1041instances that should be started at system boot time. 1042If 1043.Va pflog_instances 1044is set, for each whitespace-separated 1045.Ar element 1046in the list, 1047.Ao Ar element Ac Ns Va _dev 1048and 1049.Ao Ar element Ac Ns Va _logfile 1050elements are assumed to exist. 1051.Ao Ar element Ac Ns Va _dev 1052must contain the 1053.Xr pflog 4 1054interface to be watched by the named 1055.Xr pflogd 8 1056instance. 1057.Ao Ar element Ac Ns Va _logfile 1058must contain the name of the logfile that will be used by the 1059.Xr pflogd 8 1060instance. 1061.It Va ftpproxy_enable 1062.Pq Vt bool 1063Set to 1064.Dq Li NO 1065by default. 1066Setting this to 1067.Dq Li YES 1068enables 1069.Xr ftp-proxy 8 1070which supports the 1071.Xr pf 4 1072packet filter in translating ftp connections. 1073.It Va ftpproxy_flags 1074.Pq Vt str 1075Empty by default. 1076This variable contains additional flags passed to the 1077.Xr ftp-proxy 8 1078program. 1079.It Va ftpproxy_instances 1080.Pq Vt str 1081Empty by default. 1082If multiple instances of 1083.Xr ftp-proxy 8 1084are desired at boot time, 1085.Va ftpproxy_instances 1086should contain a whitespace-separated list of instance names. 1087For each 1088.Ar element 1089in the list, a variable named 1090.Ao Ar element Ac Ns Va _flags 1091should be defined, containing the command-line flags to be passed to the 1092.Xr ftp-proxy 8 1093instance. 1094.It Va pfsync_enable 1095.Pq Vt bool 1096Set to 1097.Dq Li NO 1098by default. 1099Setting this to 1100.Dq Li YES 1101enables exposing 1102.Xr pf 4 1103state changes to other hosts over the network by means of 1104.Xr pfsync 4 . 1105The 1106.Va pfsync_syncdev 1107variable 1108must also be set then. 1109.It Va pfsync_syncdev 1110.Pq Vt str 1111Empty by default. 1112This variable specifies the name of the network interface 1113.Xr pfsync 4 1114should operate through. 1115It must be set accordingly if 1116.Va pfsync_enable 1117is set to 1118.Dq Li YES . 1119.It Va pfsync_syncpeer 1120.Pq Vt str 1121Empty by default. 1122This variable is optional. 1123By default, state change messages are sent out on the synchronisation 1124interface using IP multicast packets. 1125The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1126224.0.0.240. 1127When a peer address is specified using the 1128.Va pfsync_syncpeer 1129option, the peer address is used as a destination for the pfsync 1130traffic, and the traffic can then be protected using 1131.Xr ipsec 4 . 1132See the 1133.Xr pfsync 4 1134manpage for more details about using 1135.Xr ipsec 4 1136with 1137.Xr pfsync 4 1138interfaces. 1139.It Va pfsync_ifconfig 1140.Pq Vt str 1141Empty by default. 1142This variable can contain additional options to be passed to the 1143.Xr ifconfig 8 1144command used to set up 1145.Xr pfsync 4 . 1146.It Va tcp_extensions 1147.Pq Vt bool 1148Set to 1149.Dq Li YES 1150by default. 1151Setting this to 1152.Dq Li NO 1153disables certain TCP options as described by 1154.Rs 1155.%T "RFC 1323" 1156.Re 1157Setting this to 1158.Dq Li NO 1159might help remedy such problems with connections as randomly hanging 1160or other weird behavior. 1161Some network devices are known 1162to be broken with respect to these options. 1163.It Va log_in_vain 1164.Pq Vt int 1165Set to 0 by default. 1166The 1167.Xr sysctl 8 1168variables, 1169.Va net.inet.tcp.log_in_vain 1170and 1171.Va net.inet.udp.log_in_vain , 1172as described in 1173.Xr tcp 4 1174and 1175.Xr udp 4 , 1176are set to the given value. 1177.It Va tcp_keepalive 1178.Pq Vt bool 1179Set to 1180.Dq Li YES 1181by default. 1182Setting to 1183.Dq Li NO 1184will disable probing idle TCP connections to verify that the 1185peer is still up and reachable. 1186.It Va tcp_drop_synfin 1187.Pq Vt bool 1188Set to 1189.Dq Li NO 1190by default. 1191Setting to 1192.Dq Li YES 1193will cause the kernel to ignore TCP frames that have both 1194the SYN and FIN flags set. 1195This prevents OS fingerprinting, but may 1196break some legitimate applications. 1197.It Va icmp_drop_redirect 1198.Pq Vt bool 1199Set to 1200.Dq Li AUTO 1201by default. 1202This setting will be identical to 1203.Dq Li YES , 1204if a dynamicrouting daemon is enabled, because redirect processing may 1205cause performance issues for large routing tables. 1206If no such service is enabled, this setting behaves like a 1207.Dq Li NO . 1208Setting to 1209.Dq Li YES 1210will cause the kernel to ignore ICMP REDIRECT packets. 1211Setting to 1212.Dq Li NO 1213will cause the kernel to process ICMP REDIRECT packets. 1214Refer to 1215.Xr icmp 4 1216for more information. 1217.It Va icmp_log_redirect 1218.Pq Vt bool 1219Set to 1220.Dq Li NO 1221by default. 1222Setting to 1223.Dq Li YES 1224will cause the kernel to log ICMP REDIRECT packets. 1225Note that 1226the log messages are not rate-limited, so this option should only be used 1227for troubleshooting networks. 1228Refer to 1229.Xr icmp 4 1230for more information. 1231.It Va icmp_bmcastecho 1232.Pq Vt bool 1233Set to 1234.Dq Li YES 1235to respond to broadcast or multicast ICMP ping packets. 1236Refer to 1237.Xr icmp 4 1238for more information. 1239.It Va ip_portrange_first 1240.Pq Vt int 1241If not set to 1242.Dq Li NO , 1243this is the first port in the default portrange. 1244Refer to 1245.Xr ip 4 1246for more information. 1247.It Va ip_portrange_last 1248.Pq Vt int 1249If not set to 1250.Dq Li NO , 1251this is the last port in the default portrange. 1252Refer to 1253.Xr ip 4 1254for more information. 1255.It Va network_interfaces 1256.Pq Vt str 1257Set to the list of network interfaces to configure on this host or 1258.Dq Li AUTO 1259(the default) for all current interfaces. 1260Setting the 1261.Va network_interfaces 1262variable to anything other than the default is deprecated. 1263Interfaces that the administrator wishes to store configuration for, 1264but not start at boot should be configured with the 1265.Dq Li NOAUTO 1266keyword in their 1267.Va ifconfig_ Ns Aq Ar interface 1268variables as described below. 1269.Pp 1270An 1271.Va ifconfig_ Ns Aq Ar interface 1272variable is also assumed to exist for each value of 1273.Ar interface . 1274When an interface name contains any of the characters 1275.Dq Li .-/+ 1276they are translated to 1277.Dq Li _ 1278before lookup. 1279The variable can contain arguments to 1280.Xr ifconfig 8 , 1281as well as special case-insensitive keywords described below. 1282Such keywords are removed before passing the value to 1283.Xr ifconfig 8 1284while the order of the other arguments is preserved. 1285.Pp 1286It is possible to add IP alias entries using 1287.Xr ifconfig 8 1288syntax with the address family keyword such as 1289.Li inet . 1290Assuming that the interface in question was 1291.Li em0 , 1292it might look something like this: 1293.Bd -literal 1294ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1295ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1296.Ed 1297.Pp 1298It also possible to configure multiple IP addresses in Classless 1299Inter-Domain Routing 1300.Pq CIDR 1301address notation, 1302whose each address component can be a range like 1303.Li inet 192.0.2.5-23/24 1304or 1305.Li inet6 2001:db8:1-f::1/64 . 1306This notation allows address and prefix length part only, 1307not the other address modifiers. 1308Note that the maximum number of the generated addresses from a range 1309specification is limited to an integer value specified in 1310.Va netif_ipexpand_max 1311in 1312.Nm 1313because a small typo can unexpectedly generate a large number of addresses. 1314The default value is 1315.Li 2048 . 1316It can be increased by adding the following line into 1317.Nm : 1318.Bd -literal 1319netif_ipexpand_max="4096" 1320.Ed 1321.Pp 1322In the case of 1323.Li 192.0.2.5-23/24 , 1324the address 192.0.2.5 will be configured with the 1325netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1326the non-conflicting netmask /32 as explained in the 1327.Xr ifconfig 8 1328alias section. 1329Note that this special netmask handling is only for 1330.Li inet , 1331not for the other address families such as 1332.Li inet6 . 1333.Pp 1334With the interface in question being 1335.Li em0 , 1336an example could look like: 1337.Bd -literal 1338ifconfig_em0_alias2="inet 192.0.2.129/27" 1339ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1340.Ed 1341.Pp 1342and so on. 1343.Pp 1344Note that deprecated 1345.Va ipv4_addrs_ Ns Aq Ar interface 1346variable was supported for IPv4 CIDR address notation. 1347The 1348.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1349variable replaces it, though 1350.Va ipv4_addrs_ Ns Aq Ar interface 1351is still supported for backward compatibility. 1352.Pp 1353For each 1354.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1355entry with an address family keyword, 1356its contents are passed to 1357.Xr ifconfig 8 . 1358Execution stops at the first unsuccessful access, so if 1359something like this is present: 1360.Bd -literal 1361ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1362ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1363ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1364ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1365.Ed 1366.Pp 1367Then note that alias4 would 1368.Em not 1369be added since the search would 1370stop with the missing 1371.Dq Li alias3 1372entry. 1373Because of this difficult to manage behavior, 1374there is 1375.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1376variable, which has the same functionality as 1377.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1378and can have all of entries in a variable like the following: 1379.Bd -literal 1380ifconfig_em0_aliases="\\ 1381 inet 127.0.0.251 netmask 0xffffffff \\ 1382 inet 127.0.0.252 netmask 0xffffffff \\ 1383 inet 127.0.0.253 netmask 0xffffffff \\ 1384 inet 127.0.0.254 netmask 0xffffffff" 1385.Ed 1386.Pp 1387It also supports CIDR notation. 1388.Pp 1389If the 1390.Pa /etc/start_if. Ns Aq Ar interface 1391file is present, it is read and executed by the 1392.Xr sh 1 1393interpreter 1394before configuring the interface as specified in the 1395.Va ifconfig_ Ns Aq Ar interface 1396and 1397.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1398variables. 1399.Pp 1400If a 1401.Va vlans_ Ns Aq Ar interface 1402variable is set, 1403a 1404.Xr vlan 4 1405interface will be created for each item in the list with the 1406.Ar vlandev 1407argument set to 1408.Ar interface . 1409If a vlan interface's name is a number, 1410then that number is used as the vlan tag and the new vlan interface is 1411named 1412.Ar interface . Ns Ar tag . 1413Otherwise, 1414the vlan tag must be specified via a 1415.Va vlan 1416parameter in the 1417.Va create_args_ Ns Aq Ar interface 1418variable. 1419.Pp 1420To create a vlan device named 1421.Li em0.101 1422on 1423.Li em0 1424with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1425.Bd -literal 1426vlans_em0="101" 1427ifconfig_em0_101="inet 192.0.2.1/24" 1428.Ed 1429.Pp 1430To create a vlan device named 1431.Li myvlan 1432on 1433.Li em0 1434with the vlan tag 102: 1435.Bd -literal 1436vlans_em0="myvlan" 1437create_args_myvlan="vlan 102" 1438.Ed 1439.Pp 1440If a 1441.Va wlans_ Ns Aq Ar interface 1442variable is set, 1443an 1444.Xr wlan 4 1445interface will be created for each item in the list with the 1446.Ar wlandev 1447argument set to 1448.Ar interface . 1449Further wlan cloning arguments may be passed to the 1450.Xr ifconfig 8 1451.Cm create 1452command by setting the 1453.Va create_args_ Ns Aq Ar interface 1454variable. 1455One or more 1456.Xr wlan 4 1457devices must be created for each wireless devices as of 1458.Fx 8.0 . 1459Debugging flags for 1460.Xr wlan 4 1461devices as set by 1462.Xr wlandebug 8 1463may be specified with an 1464.Va wlandebug_ Ns Aq Ar interface 1465variable. 1466The contents of this variable will be passed directly to 1467.Xr wlandebug 8 . 1468.Pp 1469If the 1470.Va ifconfig_ Ns Aq Ar interface 1471contains the keyword 1472.Dq Li NOAUTO 1473then the interface will not be configured 1474at boot or by 1475.Pa /etc/pccard_ether 1476when 1477.Va network_interfaces 1478is set to 1479.Dq Li AUTO . 1480.Pp 1481It is possible to bring up an interface with DHCP by adding 1482.Dq Li DHCP 1483to the 1484.Va ifconfig_ Ns Aq Ar interface 1485variable. 1486For instance, to initialize the 1487.Li em0 1488device via DHCP, 1489it is possible to use something like: 1490.Bd -literal 1491ifconfig_em0="DHCP" 1492.Ed 1493.Pp 1494If you want to configure your wireless interface with 1495.Xr wpa_supplicant 8 1496for use with WPA, EAP/LEAP or WEP, you need to add 1497.Dq Li WPA 1498to the 1499.Va ifconfig_ Ns Aq Ar interface 1500variable. 1501.Pp 1502On the other hand, if you want to configure your wireless interface with 1503.Xr hostapd 8 , 1504you need to add 1505.Dq Li HOSTAP 1506to the 1507.Va ifconfig_ Ns Aq Ar interface 1508variable. 1509.Xr hostapd 8 1510will use the settings from 1511.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1512.Pp 1513Finally, you can add 1514.Xr ifconfig 8 1515options in this variable, in addition to the 1516.Pa /etc/start_if. Ns Aq Ar interface 1517file. 1518For instance, to configure an 1519.Xr ath 4 1520wireless device in station mode with an address obtained 1521via DHCP, using WPA authentication and 802.11b mode, it is 1522possible to use something like: 1523.Bd -literal 1524wlans_ath0="wlan0" 1525ifconfig_wlan0="DHCP WPA mode 11b" 1526.Ed 1527.Pp 1528In addition to the 1529.Va ifconfig_ Ns Aq Ar interface 1530form, a fallback variable 1531.Va ifconfig_DEFAULT 1532may be configured. 1533It will be used for all interfaces with no 1534.Va ifconfig_ Ns Aq Ar interface 1535variable. 1536This is intended to replace the no longer supported 1537.Va pccard_ifconfig 1538variable. 1539.Pp 1540It is also possible to rename an interface by doing: 1541.Bd -literal 1542ifconfig_em0_name="net0" 1543ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1544.Ed 1545.It Va ipv6_enable 1546.Pq Vt bool 1547This variable is deprecated. 1548Use 1549.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1550and 1551.Va ipv6_activate_all_interfaces 1552if necessary. 1553.Pp 1554If the variable is 1555.Dq Li YES , 1556.Dq Li inet6 accept_rtadv 1557is added to all of 1558.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1559and the 1560.Va ipv6_activate_all_interfaces 1561is defined as 1562.Dq Li YES . 1563.It Va ipv6_prefer 1564.Pq Vt bool 1565This variable is deprecated. 1566Use 1567.Va ip6addrctl_policy 1568instead. 1569.Pp 1570If the variable is 1571.Dq Li YES , 1572the default address selection policy table set by 1573.Xr ip6addrctl 8 1574will be IPv6-preferred. 1575.Pp 1576If the variable is 1577.Dq Li NO , 1578the default address selection policy table set by 1579.Xr ip6addrctl 8 1580will be IPv4-preferred. 1581.It Va ipv6_activate_all_interfaces 1582.Pq Vt bool 1583This controls initial configuration on IPv6-capable 1584interfaces with no corresponding 1585.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1586variable. 1587Note that it is not always necessary to set this variable to 1588.Dq YES 1589to use IPv6 functionality on 1590.Fx . 1591In most cases, just configuring 1592.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1593variables works. 1594.Pp 1595If the variable is 1596.Dq Li NO , 1597all interfaces which do not have a corresponding 1598.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1599variable will be marked as 1600.Dq Li IFDISABLED 1601at creation. 1602This means that all of IPv6 functionality on that interface 1603is completely disabled to enforce a security policy. 1604If the variable is set to 1605.Dq YES , 1606the flag will be cleared on all of the interfaces. 1607.Pp 1608In most cases, just defining an 1609.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1610for an IPv6-capable interface should be sufficient. 1611However, if an interface is added dynamically 1612.Pq by some tunneling protocols such as PPP, for example , 1613it is often difficult to define the variable in advance. 1614In such a case, configuring the 1615.Dq Li IFDISABLED 1616flag can be disabled by setting this variable to 1617.Dq YES . 1618.Pp 1619For more details of the 1620.Dq Li IFDISABLED 1621flag and keywords 1622.Dq Li inet6 ifdisabled , 1623see 1624.Xr ifconfig 8 . 1625.Pp 1626Default is 1627.Dq Li NO . 1628.It Va ipv6_privacy 1629.Pq Vt bool 1630If the variable is 1631.Dq Li YES 1632privacy addresses will be generated for each IPv6 1633interface as described in RFC 4941. 1634.It Va ipv6_network_interfaces 1635.Pq Vt str 1636This is the IPv6 equivalent of 1637.Va network_interfaces . 1638Normally manual configuration of this variable is not needed. 1639.It Va ipv6_cpe_wanif 1640.Pq Vt str 1641If the variable is set to an interface name, 1642the 1643.Xr ifconfig 8 1644options 1645.Dq inet6 -no_radr accept_rtadv 1646will be added to the specified interface automatically before evaluating 1647.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1648and two 1649.Xr sysctl 8 1650variables 1651.Va net.inet6.ip6.rfc6204w3 1652and 1653.Va net.inet6.ip6.no_radr 1654will be set to 1. 1655.Pp 1656This means the specified interface will accept ICMPv6 Router 1657Advertisement messages on that link and add the discovered 1658routers into the Default Router List. 1659While the other interfaces can still accept RA messages if the 1660.Dq inet6 accept_rtadv 1661option is specified, adding 1662routes into the Default Router List will be disabled by 1663.Dq inet6 no_radr 1664option by default. 1665See 1666.Xr ifconfig 8 1667for more details. 1668.Pp 1669Note that ICMPv6 Router Advertisement messages will be 1670accepted even when 1671.Va net.inet6.ip6.forwarding 1672is 1 1673.Pq packet forwarding is enabled 1674when 1675.Va net.inet6.ip6.rfc6204w3 1676is set to 1. 1677.Pp 1678Default is 1679.Dq Li NO . 1680.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1681.Pq Vt str 1682This assigns arbitrary description to an interface. 1683The 1684.Xr sysctl 8 1685variable 1686.Va net.ifdescr_maxlen 1687limits its length. 1688This static setting may be overridden by commands 1689started with dynamic interface configuration utilities 1690like 1691.Xr dhclient 8 1692hooks. 1693The description can be seen with 1694.Xr ifconfig 8 1695command and it may be exported with 1696.Xr bsnmpd 1 1697daemon using its MIB-2 module. 1698.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1699.Pq Vt str 1700IPv6 functionality on an interface should be configured by 1701.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1702instead of setting ifconfig parameters in 1703.Va ifconfig_ Ns Aq Ar interface . 1704If this variable is empty, all of IPv6 configurations on the 1705specified interface by other variables such as 1706.Va ipv6_prefix_ Ns Ao Ar interface Ac 1707will be ignored. 1708.Pp 1709Aliases should be set by 1710.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1711with 1712.Dq Li inet6 1713keyword. 1714For example: 1715.Bd -literal 1716ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1717ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1718.Ed 1719.Pp 1720Interfaces that have an 1721.Dq Li inet6 accept_rtadv 1722keyword in 1723.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1724setting will be automatically configured by SLAAC 1725.Pq StateLess Address AutoConfiguration 1726described in 1727.Rs 1728.%T "RFC 4862" 1729.Re 1730.Pp 1731Note that a link-local address will be automatically configured in 1732addition to the configured global-scope addresses because the IPv6 1733specifications require it on each link. 1734The address is calculated from the MAC address by using an algorithm 1735defined in 1736.Rs 1737.%T "RFC 4862" 1738.%O "Section 5.3" 1739.Re 1740.Pp 1741If only a link-local address is needed on the interface, 1742the following configuration can be used: 1743.Bd -literal 1744ifconfig_em0_ipv6="inet6 auto_linklocal" 1745.Ed 1746.Pp 1747A link-local address can also be configured manually. 1748This is useful for the default router address of an IPv6 router 1749so that it does not change when the network interface 1750card is replaced. 1751For example: 1752.Bd -literal 1753ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1754.Ed 1755.It Va ipv6_prefix_ Ns Aq Ar interface 1756.Pq Vt str 1757If one or more prefixes are defined in 1758.Va ipv6_prefix_ Ns Aq Ar interface 1759addresses based on each prefix and the EUI-64 interface index will be 1760configured on that interface. 1761Note that this variable will be ignored when 1762.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1763is empty. 1764.Pp 1765For example, the following configuration 1766.Bd -literal 1767ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1768.Ed 1769.Pp 1770is equivalent to the following: 1771.Bd -literal 1772ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1773ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1774ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1775ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1776.Ed 1777.Pp 1778These Subnet-Router anycast addresses will be added only when 1779.Va ipv6_gateway_enable 1780is YES. 1781.It Va ipv6_default_interface 1782.Pq Vt str 1783If not set to 1784.Dq Li NO , 1785this is the default output interface for scoped addresses. 1786This works only with ipv6_gateway_enable="NO". 1787.It Va ip6addrctl_enable 1788.Pq Vt bool 1789This variable is to enable configuring default address selection policy table 1790.Pq RFC 3484 . 1791The table can be specified in another variable 1792.Va ip6addrctl_policy . 1793For 1794.Va ip6addrctl_policy 1795the following keywords can be specified: 1796.Dq Li ipv4_prefer , 1797.Dq Li ipv6_prefer , 1798or 1799.Dq Li AUTO . 1800.Pp 1801If 1802.Dq Li ipv4_prefer 1803or 1804.Dq Li ipv6_prefer 1805is specified, 1806.Xr ip6addrctl 8 1807installs a pre-defined policy table described in Section 10.3 1808.Pq IPv4-preferred 1809or 2.1 1810.Pq IPv6-preferred 1811of RFC 3484. 1812.Pp 1813If 1814.Dq Li AUTO 1815is specified, it attempts to read a file 1816.Pa /etc/ip6addrctl.conf 1817first. 1818If this file is found, 1819.Xr ip6addrctl 8 1820reads and installs it. 1821If not found, a policy is automatically set 1822according to 1823.Va ipv6_activate_all_interfaces 1824variable; if the variable is set to 1825.Dq Li YES 1826the IPv6-preferred one is used. 1827Otherwise IPv4-preferred. 1828.Pp 1829The default value of 1830.Va ip6addrctl_enable 1831and 1832.Va ip6addrctl_policy 1833are 1834.Dq Li YES 1835and 1836.Dq Li AUTO , 1837respectively. 1838.It Va cloned_interfaces 1839.Pq Vt str 1840Set to the list of clonable network interfaces to create on this host. 1841Further cloning arguments may be passed to the 1842.Xr ifconfig 8 1843.Cm create 1844command for each interface by setting the 1845.Va create_args_ Ns Aq Ar interface 1846variable. 1847If an interface name is specified with 1848.Dq :sticky 1849keyword, 1850the interface will not be destroyed even when 1851.Pa rc.d/netif 1852script is invoked with 1853.Dq stop 1854argument. 1855This is useful when reconfiguring the interface without destroying it. 1856Entries in 1857.Va cloned_interfaces 1858are automatically appended to 1859.Va network_interfaces 1860for configuration. 1861.It Va cloned_interfaces_sticky 1862.Pq Vt bool 1863This variable is to globally enable functionality of 1864.Dq :sticky 1865keyword in 1866.Va cloned_interfaces 1867for all interfaces. 1868The default value is 1869.Dq NO . 1870Even if this variable is specified to 1871.Dq YES , 1872.Dq :nosticky 1873keyword can be used to override it on per interface basis. 1874.It Va gif_interfaces 1875Set to the list of 1876.Xr gif 4 1877tunnel interfaces to configure on this host. 1878A 1879.Va gifconfig_ Ns Aq Ar interface 1880variable is assumed to exist for each value of 1881.Ar interface . 1882The value of this variable is used to configure the link layer of the 1883tunnel using the 1884.Cm tunnel 1885option to 1886.Xr ifconfig . 1887Additionally, this option ensures that each listed interface is created 1888via the 1889.Cm create 1890option to 1891.Xr ifconfig 1892before attempting to configure it. 1893.Pp 1894For example, configure two 1895.Xr gif 1896interfaces with: 1897.Bd -literal 1898gif_interfaces="gif0 gif1" 1899gifconfig_gif0="100.64.0.1 100.64.0.2" 1900ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1901gifconfig_gif1="inet6 2a00::1 2a01::1" 1902ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1903.Ed 1904.It Va sppp_interfaces 1905.Pq Vt str 1906Set to the list of 1907.Xr sppp 4 1908interfaces to configure on this host. 1909A 1910.Va spppconfig_ Ns Aq Ar interface 1911variable is assumed to exist for each value of 1912.Ar interface . 1913Each interface should also be configured by a general 1914.Va ifconfig_ Ns Aq Ar interface 1915setting. 1916Refer to 1917.Xr spppcontrol 8 1918for more information about available options. 1919.It Va ppp_enable 1920.Pq Vt bool 1921If set to 1922.Dq Li YES , 1923run the 1924.Xr ppp 8 1925daemon. 1926.It Va ppp_profile 1927.Pq Vt str 1928The name of the profile to use from 1929.Pa /etc/ppp/ppp.conf . 1930Also used for per-profile overrides of 1931.Va ppp_mode 1932and 1933.Va ppp_nat , 1934and 1935.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1936When the profile name contains any of the characters 1937.Dq Li .-/+ 1938they are translated to 1939.Dq Li _ 1940for the proposes of the override variable names. 1941.It Va ppp_mode 1942.Pq Vt str 1943Mode in which to run the 1944.Xr ppp 8 1945daemon. 1946.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1947.Pq Vt str 1948Overrides the global 1949.Va ppp_mode 1950for 1951.Ar profile . 1952Accepted modes are 1953.Dq Li auto , 1954.Dq Li ddial , 1955.Dq Li direct 1956and 1957.Dq Li dedicated . 1958See the manual for a full description. 1959.It Va ppp_nat 1960.Pq Vt bool 1961If set to 1962.Dq Li YES , 1963enables network address translation. 1964Used in conjunction with 1965.Va gateway_enable 1966allows hosts on private network addresses access to the Internet using 1967this host as a network address translating router. 1968Default is 1969.Dq Li YES . 1970.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1971.Pq Vt str 1972Overrides the global 1973.Va ppp_nat 1974for 1975.Ar profile . 1976.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1977.Pq Vt int 1978Set the unit number to be used for this profile. 1979See the manual description of 1980.Fl unit Ns Ar N 1981for details. 1982.It Va ppp_user 1983.Pq Vt str 1984The name of the user under which 1985.Xr ppp 8 1986should be started. 1987By 1988default, 1989.Xr ppp 8 1990is started as 1991.Dq Li root . 1992.It Va rc_conf_files 1993.Pq Vt str 1994This option is used to specify a list of files that will override 1995the settings in 1996.Pa /etc/defaults/rc.conf . 1997The files will be read in the order in which they are specified and should 1998include the full path to the file. 1999By default, the files specified are 2000.Pa /etc/rc.conf 2001and 2002.Pa /etc/rc.conf.local 2003.It Va zfs_enable 2004.Pq Vt bool 2005If set to 2006.Dq Li YES , 2007.Pa /etc/rc.d/zfs 2008will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2009(ZVOLs). 2010.It Va gptboot_enable 2011.Pq Vt bool 2012If set to 2013.Dq Li YES , 2014.Pa /etc/rc.d/gptboot 2015will log if the system successfully (or not) booted from a GPT partition, 2016which had the 2017.Ar bootonce 2018attribute set using 2019.Xr gpart 8 2020utility. 2021.It Va gbde_autoattach_all 2022.Pq Vt bool 2023If set to 2024.Dq Li YES , 2025.Pa /etc/rc.d/gbde 2026will attempt to automatically initialize your .bde devices in 2027.Pa /etc/fstab . 2028.It Va gbde_devices 2029.Pq Vt str 2030List the devices that the script should try to attach, 2031or 2032.Dq Li AUTO . 2033.It Va gbde_lockdir 2034.Pq Vt str 2035The directory where the 2036.Xr gbde 4 2037lockfiles are located. 2038The default lockfile directory is 2039.Pa /etc . 2040.Pp 2041The lockfile for each individual 2042.Xr gbde 4 2043device can be overridden by setting the variable 2044.Va gbde_lock_ Ns Aq Ar device , 2045where 2046.Ar device 2047is the encrypted device without the 2048.Dq Pa /dev/ 2049and 2050.Dq Pa .bde 2051parts. 2052.It Va gbde_attach_attempts 2053.Pq Vt int 2054Number of times to attempt attaching to a 2055.Xr gbde 4 2056device, i.e., how many times the user is asked for the pass-phrase. 2057Default is 3. 2058.It Va geli_devices 2059.Pq Vt str 2060List of devices to automatically attach on boot. 2061Note that .eli devices from 2062.Pa /etc/fstab 2063are automatically appended to this list. 2064.It Va geli_groups 2065.Pq Vt str 2066List of groups containing devices to automatically attach on boot with the same 2067keyfiles and passphrase. 2068This must be accompanied with a corresponding 2069.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2070variable. 2071.It Va geli_tries 2072.Pq Vt int 2073Number of times user is asked for the pass-phrase. 2074If empty, it will be taken from 2075.Va kern.geom.eli.tries 2076sysctl variable. 2077.It Va geli_default_flags 2078.Pq Vt str 2079Default flags to use by 2080.Xr geli 8 2081when configuring disk encryption. 2082Flags can be configured for every device separately by defining the 2083.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2084variable, and for every group separately by defining the 2085.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2086variable. 2087.It Va geli_autodetach 2088.Pq Vt str 2089Specifies if GELI devices should be marked for detach on last close after 2090file systems are mounted. 2091Default is 2092.Dq Li YES . 2093This can be changed for every device separately by defining the 2094.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2095variable. 2096.It Va root_rw_mount 2097.Pq Vt bool 2098Set to 2099.Dq Li YES 2100by default. 2101After the file systems are checked at boot time, the root file system 2102is remounted as read-write if this is set to 2103.Dq Li YES . 2104Diskless systems that mount their root file system from a read-only remote 2105NFS share should set this to 2106.Dq Li NO 2107in their 2108.Pa rc.conf . 2109.It Va fsck_y_enable 2110.Pq Vt bool 2111If set to 2112.Dq Li YES , 2113.Xr fsck 8 2114will be run with the 2115.Fl y 2116flag if the initial preen 2117of the file systems fails. 2118.It Va background_fsck 2119.Pq Vt bool 2120If set to 2121.Dq Li NO , 2122the system will not attempt to run 2123.Xr fsck 8 2124in the background where possible. 2125.It Va background_fsck_delay 2126.Pq Vt int 2127The amount of time in seconds to sleep before starting a background 2128.Xr fsck 8 . 2129It defaults to sixty seconds to allow large applications such as 2130the X server to start before disk I/O bandwidth is monopolized by 2131.Xr fsck 8 . 2132If set to a negative number, the background file system check will be 2133delayed indefinitely to allow the administrator to run it at a more 2134convenient time. 2135For example it may be run from 2136.Xr cron 8 2137by adding a line like 2138.Pp 2139.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2140.Pp 2141to 2142.Pa /etc/crontab . 2143.It Va netfs_types 2144.Pq Vt str 2145List of file system types that are network-based. 2146This list should generally not be modified by end users. 2147Use 2148.Va extra_netfs_types 2149instead. 2150.It Va extra_netfs_types 2151.Pq Vt str 2152If set to something other than 2153.Dq Li NO 2154(the default), 2155this variable extends the list of file system types 2156for which automatic mounting at startup by 2157.Xr rc 8 2158should be delayed until the network is initialized. 2159It should contain 2160a whitespace-separated list of network file system descriptor pairs, 2161each consisting of a file system type as passed to 2162.Xr mount 8 2163and a human-readable, one-word description, 2164joined with a colon 2165.Pq Ql \&: . 2166Extending the default list in this way is only necessary 2167when third party file system types are used. 2168.It Va syslogd_enable 2169.Pq Vt bool 2170If set to 2171.Dq Li YES , 2172run the 2173.Xr syslogd 8 2174daemon. 2175.It Va syslogd_program 2176.Pq Vt str 2177Path to 2178.Xr syslogd 8 2179(default 2180.Pa /usr/sbin/syslogd ) . 2181.It Va syslogd_flags 2182.Pq Vt str 2183If 2184.Va syslogd_enable 2185is set to 2186.Dq Li YES , 2187these are the flags to pass to 2188.Xr syslogd 8 . 2189.It Va inetd_enable 2190.Pq Vt bool 2191If set to 2192.Dq Li YES , 2193run the 2194.Xr inetd 8 2195daemon. 2196.It Va inetd_program 2197.Pq Vt str 2198Path to 2199.Xr inetd 8 2200(default 2201.Pa /usr/sbin/inetd ) . 2202.It Va inetd_flags 2203.Pq Vt str 2204If 2205.Va inetd_enable 2206is set to 2207.Dq Li YES , 2208these are the flags to pass to 2209.Xr inetd 8 . 2210.It Va hastd_enable 2211.Pq Vt bool 2212If set to 2213.Dq Li YES , 2214run the 2215.Xr hastd 8 2216daemon. 2217.It Va hastd_program 2218.Pq Vt str 2219Path to 2220.Xr hastd 8 2221(default 2222.Pa /sbin/hastd ) . 2223.It Va hastd_flags 2224.Pq Vt str 2225If 2226.Va hastd_enable 2227is set to 2228.Dq Li YES , 2229these are the flags to pass to 2230.Xr hastd 8 . 2231.It Va local_unbound_enable 2232.Pq Vt bool 2233If set to 2234.Dq Li YES , 2235run the 2236.Xr unbound 8 2237daemon as a local caching resolver. 2238.It Va kdc_enable 2239.Pq Vt bool 2240Set to 2241.Dq Li YES 2242to start a Kerberos 5 authentication server 2243at boot time. 2244.It Va kdc_program 2245.Pq Vt str 2246If 2247.Va kdc_enable 2248is set to 2249.Dq Li YES 2250this is the path to Kerberos 5 Authentication Server. 2251.It Va kdc_flags 2252.Pq Vt str 2253Empty by default. 2254This variable contains additional flags to be passed to the Kerberos 5 2255authentication server. 2256.It Va kadmind_enable 2257.Pq Vt bool 2258Set to 2259.Dq Li YES 2260to start 2261.Xr kadmind 8 , 2262the Kerberos 5 Administration Daemon; set to 2263.Dq Li NO 2264on a slave server. 2265.It Va kadmind_program 2266.Pq Vt str 2267If 2268.Va kadmind_enable 2269is set to 2270.Dq Li YES 2271this is the path to Kerberos 5 Administration Daemon. 2272.It Va kpasswdd_enable 2273.Pq Vt bool 2274Set to 2275.Dq Li YES 2276to start 2277.Xr kpasswdd 8 , 2278the Kerberos 5 Password-Changing Daemon; set to 2279.Dq Li NO 2280on a slave server. 2281.It Va kpasswdd_program 2282.Pq Vt str 2283If 2284.Va kpasswdd_enable 2285is set to 2286.Dq Li YES 2287this is the path to Kerberos 5 Password-Changing Daemon. 2288.It Va kfd_enable 2289.Pq Vt bool 2290Set to 2291.Dq Li YES 2292to start 2293.Xr kfd 8 , 2294the Kerberos 5 ticket forwarding daemon, at the boot time. 2295.It Va kfd_program 2296.Pq Vt str 2297Path to 2298.Xr kfd 8 2299(default 2300.Pa /usr/libexec/kfd ) . 2301.It Va rwhod_enable 2302.Pq Vt bool 2303If set to 2304.Dq Li YES , 2305run the 2306.Xr rwhod 8 2307daemon at boot time. 2308.It Va rwhod_flags 2309.Pq Vt str 2310If 2311.Va rwhod_enable 2312is set to 2313.Dq Li YES , 2314these are the flags to pass to it. 2315.It Va amd_enable 2316.Pq Vt bool 2317If set to 2318.Dq Li YES , 2319run the 2320.Xr amd 8 2321daemon at boot time. 2322.It Va amd_flags 2323.Pq Vt str 2324If 2325.Va amd_enable 2326is set to 2327.Dq Li YES , 2328these are the flags to pass to it. 2329See the 2330.Xr amd 8 2331manpage for more information. 2332.It Va amd_map_program 2333.Pq Vt str 2334If set, 2335the specified program is run to get the list of 2336.Xr amd 8 2337maps. 2338For example, if the 2339.Xr amd 8 2340maps are stored in NIS, one can set this to 2341run 2342.Xr ypcat 1 2343to get a list of 2344.Xr amd 8 2345maps from the 2346.Pa amd.master 2347NIS map. 2348.It Va update_motd 2349.Pq Vt bool 2350If set to 2351.Dq Li YES , 2352.Pa /etc/motd 2353will be updated at boot time to reflect the kernel release 2354being run. 2355If set to 2356.Dq Li NO , 2357.Pa /etc/motd 2358will not be updated. 2359.It Va nfs_client_enable 2360.Pq Vt bool 2361If set to 2362.Dq Li YES , 2363run the NFS client daemons at boot time. 2364.It Va nfs_access_cache 2365.Pq Vt int 2366If 2367.Va nfs_client_enable 2368is set to 2369.Dq Li YES , 2370this can be set to 2371.Dq Li 0 2372to disable NFS ACCESS RPC caching, or to the number of seconds for which 2373NFS ACCESS 2374results should be cached. 2375A value of 2-10 seconds will substantially reduce network 2376traffic for many NFS operations. 2377.It Va nfs_server_enable 2378.Pq Vt bool 2379If set to 2380.Dq Li YES , 2381run the NFS server daemons at boot time. 2382.It Va nfs_server_flags 2383.Pq Vt str 2384If 2385.Va nfs_server_enable 2386is set to 2387.Dq Li YES , 2388these are the flags to pass to the 2389.Xr nfsd 8 2390daemon. 2391.It Va nfsv4_server_enable 2392.Pq Vt bool 2393If 2394.Va nfs_server_enable 2395is set to 2396.Dq Li YES 2397and 2398.Va nfsv4_server_enable 2399are set to 2400.Dq Li YES , 2401enable the server for NFSv4 as well as NFSv2 and NFSv3. 2402.It Va nfsuserd_enable 2403.Pq Vt bool 2404If 2405.Va nfsuserd_enable 2406is set to 2407.Dq Li YES , 2408run the nfsuserd daemon, which is needed for NFSv4 in order 2409to map between user/group names vs uid/gid numbers. 2410If 2411.Va nfsv4_server_enable 2412is set to 2413.Dq Li YES , 2414this will be forced enabled. 2415.It Va nfsuserd_flags 2416.Pq Vt str 2417If 2418.Va nfsuserd_enable 2419is set to 2420.Dq Li YES , 2421these are the flags to pass to the 2422.Xr nfsuserd 8 2423daemon. 2424.It Va nfscbd_enable 2425.Pq Vt bool 2426If 2427.Va nfscbd_enable 2428is set to 2429.Dq Li YES , 2430run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2431.It Va nfscbd_flags 2432.Pq Vt str 2433If 2434.Va nfscbd_enable 2435is set to 2436.Dq Li YES , 2437these are the flags to pass to the 2438.Xr nfscbd 8 2439daemon. 2440.It Va mountd_enable 2441.Pq Vt bool 2442If set to 2443.Dq Li YES , 2444and no 2445.Va nfs_server_enable 2446is set, start 2447.Xr mountd 8 , 2448but not 2449.Xr nfsd 8 2450daemon. 2451It is commonly needed to run CFS without real NFS used. 2452.It Va mountd_flags 2453.Pq Vt str 2454If 2455.Va mountd_enable 2456is set to 2457.Dq Li YES , 2458these are the flags to pass to the 2459.Xr mountd 8 2460daemon. 2461.It Va weak_mountd_authentication 2462.Pq Vt bool 2463If set to 2464.Dq Li YES , 2465allow services like PCNFSD to make non-privileged mount 2466requests. 2467.It Va nfs_reserved_port_only 2468.Pq Vt bool 2469If set to 2470.Dq Li YES , 2471provide NFS services only on a secure port. 2472.It Va nfs_bufpackets 2473.Pq Vt int 2474If set to a number, indicates the number of packets worth of 2475socket buffer space to reserve on an NFS client. 2476The kernel default is typically 4. 2477Using a higher number may be 2478useful on gigabit networks to improve performance. 2479The minimum value is 24802 and the maximum is 64. 2481.It Va rpc_lockd_enable 2482.Pq Vt bool 2483If set to 2484.Dq Li YES 2485and also an NFS server or client, run 2486.Xr rpc.lockd 8 2487at boot time. 2488.It Va rpc_lockd_flags 2489.Pq Vt str 2490If 2491.Va rpc_lockd_enable 2492is set to 2493.Dq Li YES , 2494these are the flags to pass to the 2495.Xr rpc.lockd 8 2496daemon. 2497.It Va rpc_statd_enable 2498.Pq Vt bool 2499If set to 2500.Dq Li YES 2501and also an NFS server or client, run 2502.Xr rpc.statd 8 2503at boot time. 2504.It Va rpc_statd_flags 2505.Pq Vt str 2506If 2507.Va rpc_statd_enable 2508is set to 2509.Dq Li YES , 2510these are the flags to pass to the 2511.Xr rpc.statd 8 2512daemon. 2513.It Va rpcbind_program 2514.Pq Vt str 2515Path to 2516.Xr rpcbind 8 2517(default 2518.Pa /usr/sbin/rpcbind ) . 2519.It Va rpcbind_enable 2520.Pq Vt bool 2521If set to 2522.Dq Li YES , 2523run the 2524.Xr rpcbind 8 2525service at boot time. 2526.It Va rpcbind_flags 2527.Pq Vt str 2528If 2529.Va rpcbind_enable 2530is set to 2531.Dq Li YES , 2532these are the flags to pass to the 2533.Xr rpcbind 8 2534daemon. 2535.It Va keyserv_enable 2536.Pq Vt bool 2537If set to 2538.Dq Li YES , 2539run the 2540.Xr keyserv 8 2541daemon on boot for running Secure RPC. 2542.It Va keyserv_flags 2543.Pq Vt str 2544If 2545.Va keyserv_enable 2546is set to 2547.Dq Li YES , 2548these are the flags to pass to 2549.Xr keyserv 8 2550daemon. 2551.It Va pppoed_enable 2552.Pq Vt bool 2553If set to 2554.Dq Li YES , 2555run the 2556.Xr pppoed 8 2557daemon at boot time to provide PPP over Ethernet services. 2558.It Va pppoed_ Ns Aq Ar provider 2559.Pq Vt str 2560.Xr pppoed 8 2561listens to requests to this 2562.Ar provider 2563and ultimately runs 2564.Xr ppp 8 2565with a 2566.Ar system 2567argument of the same name. 2568.It Va pppoed_flags 2569.Pq Vt str 2570Additional flags to pass to 2571.Xr pppoed 8 . 2572.It Va pppoed_interface 2573.Pq Vt str 2574The network interface to run 2575.Xr pppoed 8 2576on. 2577This is mandatory when 2578.Va pppoed_enable 2579is set to 2580.Dq Li YES . 2581.It Va timed_enable 2582.Pq Vt bool 2583If set to 2584.Dq Li YES , 2585run the 2586.Xr timed 8 2587service at boot time. 2588This command is intended for networks of 2589machines where a consistent 2590.Dq "network time" 2591for all hosts must be established. 2592This is often useful in large NFS 2593environments where time stamps on files are expected to be consistent 2594network-wide. 2595.It Va timed_flags 2596.Pq Vt str 2597If 2598.Va timed_enable 2599is set to 2600.Dq Li YES , 2601these are the flags to pass to the 2602.Xr timed 8 2603service. 2604.It Va ntpdate_enable 2605.Pq Vt bool 2606If set to 2607.Dq Li YES , 2608run 2609.Xr ntpdate 8 2610at system startup. 2611This command is intended to 2612synchronize the system clock only 2613.Em once 2614from some standard reference. 2615.Pp 2616Note that the use of the 2617.Va ntpd_sync_on_start 2618variable is a preferred alternative to the 2619.Xr ntpdate 8 2620utility as 2621.Xr ntpdate 8 2622is to be retired from the NTP distribution. 2623.It Va ntpdate_config 2624.Pq Vt str 2625Configuration file for 2626.Xr ntpdate 8 . 2627Default 2628.Pa /etc/ntp.conf . 2629.It Va ntpdate_hosts 2630.Pq Vt str 2631A whitespace-separated list of NTP servers to synchronize with at startup. 2632The default is to use the servers listed in 2633.Va ntpdate_config , 2634if that file exists. 2635.It Va ntpdate_program 2636.Pq Vt str 2637Path to 2638.Xr ntpdate 8 2639(default 2640.Pa /usr/sbin/ntpdate ) . 2641.It Va ntpdate_flags 2642.Pq Vt str 2643If 2644.Va ntpdate_enable 2645is set to 2646.Dq Li YES , 2647these are the flags to pass to the 2648.Xr ntpdate 8 2649command (typically a hostname). 2650.It Va ntpd_enable 2651.Pq Vt bool 2652If set to 2653.Dq Li YES , 2654run the 2655.Xr ntpd 8 2656command at boot time. 2657.It Va ntpd_program 2658.Pq Vt str 2659Path to 2660.Xr ntpd 8 2661(default 2662.Pa /usr/sbin/ntpd ) . 2663.It Va ntpd_config 2664.Pq Vt str 2665Path to 2666.Xr ntpd 8 2667configuration file. 2668Default 2669.Pa /etc/ntp.conf . 2670.It Va ntpd_flags 2671.Pq Vt str 2672If 2673.Va ntpd_enable 2674is set to 2675.Dq Li YES , 2676these are the flags to pass to the 2677.Xr ntpd 8 2678daemon. 2679.It Va ntpd_sync_on_start 2680.Pq Vt bool 2681If set to 2682.Dq Li YES , 2683.Xr ntpd 8 2684is run with the 2685.Fl g 2686flag, which syncs the system's clock on startup. 2687See 2688.Xr ntpd 8 2689for more information regarding the 2690.Fl g 2691option. 2692This is a preferred alternative to using 2693.Xr ntpdate 8 2694or specifying the 2695.Va ntpdate_enable 2696variable. 2697.It Va nis_client_enable 2698.Pq Vt bool 2699If set to 2700.Dq Li YES , 2701run the 2702.Xr ypbind 8 2703service at system boot time. 2704.It Va nis_client_flags 2705.Pq Vt str 2706If 2707.Va nis_client_enable 2708is set to 2709.Dq Li YES , 2710these are the flags to pass to the 2711.Xr ypbind 8 2712service. 2713.It Va nis_ypldap_enable 2714.Pq Vt bool 2715If set to 2716.Dq Li YES , 2717run the 2718.Xr ypldap 8 2719daemon at system boot time. 2720.It Va nis_ypldap_flags 2721.Pq Vt str 2722If 2723.Va nis.ypldap_enable 2724is set to 2725.Dq Li YES , 2726these are the flags to pass to the 2727.Xr ypldap 8 2728daemon. 2729.It Va nis_ypset_enable 2730.Pq Vt bool 2731If set to 2732.Dq Li YES , 2733run the 2734.Xr ypset 8 2735daemon at system boot time. 2736.It Va nis_ypset_flags 2737.Pq Vt str 2738If 2739.Va nis_ypset_enable 2740is set to 2741.Dq Li YES , 2742these are the flags to pass to the 2743.Xr ypset 8 2744daemon. 2745.It Va nis_server_enable 2746.Pq Vt bool 2747If set to 2748.Dq Li YES , 2749run the 2750.Xr ypserv 8 2751daemon at system boot time. 2752.It Va nis_server_flags 2753.Pq Vt str 2754If 2755.Va nis_server_enable 2756is set to 2757.Dq Li YES , 2758these are the flags to pass to the 2759.Xr ypserv 8 2760daemon. 2761.It Va nis_ypxfrd_enable 2762.Pq Vt bool 2763If set to 2764.Dq Li YES , 2765run the 2766.Xr rpc.ypxfrd 8 2767daemon at system boot time. 2768.It Va nis_ypxfrd_flags 2769.Pq Vt str 2770If 2771.Va nis_ypxfrd_enable 2772is set to 2773.Dq Li YES , 2774these are the flags to pass to the 2775.Xr rpc.ypxfrd 8 2776daemon. 2777.It Va nis_yppasswdd_enable 2778.Pq Vt bool 2779If set to 2780.Dq Li YES , 2781run the 2782.Xr rpc.yppasswdd 8 2783daemon at system boot time. 2784.It Va nis_yppasswdd_flags 2785.Pq Vt str 2786If 2787.Va nis_yppasswdd_enable 2788is set to 2789.Dq Li YES , 2790these are the flags to pass to the 2791.Xr rpc.yppasswdd 8 2792daemon. 2793.It Va rpc_ypupdated_enable 2794.Pq Vt bool 2795If set to 2796.Dq Li YES , 2797run the 2798.Nm rpc.ypupdated 2799daemon at system boot time. 2800.It Va bsnmpd_enable 2801.Pq Vt bool 2802If set to 2803.Dq Li YES , 2804run the 2805.Xr bsnmpd 1 2806daemon at system boot time. 2807Be sure to understand the security implications of running SNMP daemon 2808on your host. 2809.It Va bsnmpd_flags 2810.Pq Vt str 2811If 2812.Va bsnmpd_enable 2813is set to 2814.Dq Li YES , 2815these are the flags to pass to the 2816.Xr bsnmpd 1 2817daemon. 2818.It Va defaultrouter 2819.Pq Vt str 2820If not set to 2821.Dq Li NO , 2822create a default route to this host name or IP address 2823(use an IP address if this router is also required to get to the 2824name server!). 2825.It Va ipv6_defaultrouter 2826.Pq Vt str 2827The IPv6 equivalent of 2828.Va defaultrouter . 2829.It Va static_arp_pairs 2830.Pq Vt str 2831Set to the list of static ARP pairs that are to be added at system 2832boot time. 2833For each whitespace separated 2834.Ar element 2835in the value, a 2836.Va static_arp_ Ns Aq Ar element 2837variable is assumed to exist whose contents will later be passed to a 2838.Dq Nm arp Cm -S 2839operation. 2840For example 2841.Bd -literal 2842static_arp_pairs="gw" 2843static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2844.Ed 2845.It Va static_ndp_pairs 2846.Pq Vt str 2847Set to the list of static NDP pairs that are to be added at system 2848boot time. 2849For each whitespace separated 2850.Ar element 2851in the value, a 2852.Va static_ndp_ Ns Aq Ar element 2853variable is assumed to exist whose contents will later be passed to a 2854.Dq Nm ndp Cm -s 2855operation. 2856For example 2857.Bd -literal 2858static_ndp_pairs="gw" 2859static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2860.Ed 2861.It Va static_routes 2862.Pq Vt str 2863Set to the list of static routes that are to be added at system 2864boot time. 2865If not set to 2866.Dq Li NO 2867then for each whitespace separated 2868.Ar element 2869in the value, a 2870.Va route_ Ns Aq Ar element 2871variable is assumed to exist 2872whose contents will later be passed to a 2873.Dq Nm route Cm add 2874operation. 2875For example: 2876.Bd -literal 2877static_routes="ext mcast:gif0 gif0local:gif0" 2878route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2879route_mcast="-net 224.0.0.0/4 -iface gif0" 2880route_gif0local="-host 169.254.1.1 -iface lo0" 2881.Ed 2882.Pp 2883When an 2884.Ar element 2885is in the form of 2886.Li name:ifname , 2887the route is specific to the interface 2888.Li ifname . 2889.It Va ipv6_static_routes 2890.Pq Vt str 2891The IPv6 equivalent of 2892.Va static_routes . 2893If not set to 2894.Dq Li NO 2895then for each whitespace separated 2896.Ar element 2897in the value, a 2898.Va ipv6_route_ Ns Aq Ar element 2899variable is assumed to exist 2900whose contents will later be passed to a 2901.Dq Nm route Cm add Fl inet6 2902operation. 2903.It Va gateway_enable 2904.Pq Vt bool 2905If set to 2906.Dq Li YES , 2907configure host to act as an IP router, e.g.\& to forward packets 2908between interfaces. 2909.It Va ipv6_gateway_enable 2910.Pq Vt bool 2911The IPv6 equivalent of 2912.Va gateway_enable . 2913.It Va routed_enable 2914.Pq Vt bool 2915If set to 2916.Dq Li YES , 2917run a routing daemon of some sort, based on the 2918settings of 2919.Va routed_program 2920and 2921.Va routed_flags . 2922.It Va route6d_enable 2923.Pq Vt bool 2924The IPv6 equivalent of 2925.Va routed_enable . 2926If set to 2927.Dq Li YES , 2928run a routing daemon of some sort, based on the 2929settings of 2930.Va route6d_program 2931and 2932.Va route6d_flags . 2933.It Va routed_program 2934.Pq Vt str 2935If 2936.Va routed_enable 2937is set to 2938.Dq Li YES , 2939this is the name of the routing daemon to use. 2940.It Va route6d_program 2941.Pq Vt str 2942The IPv6 equivalent of 2943.Va routed_program . 2944.It Va routed_flags 2945.Pq Vt str 2946If 2947.Va routed_enable 2948is set to 2949.Dq Li YES , 2950these are the flags to pass to the routing daemon. 2951.It Va route6d_flags 2952.Pq Vt str 2953The IPv6 equivalent of 2954.Va routed_flags . 2955.It Va rtadvd_enable 2956.Pq Vt bool 2957If set to 2958.Dq Li YES , 2959run the 2960.Xr rtadvd 8 2961daemon at boot time. 2962The 2963.Xr rtadvd 8 2964utility sends ICMPv6 Router Advertisement messages to 2965the interfaces specified in 2966.Va rtadvd_interfaces . 2967This should only be enabled with great care. 2968You may want to fine-tune 2969.Xr rtadvd.conf 5 . 2970.It Va rtadvd_interfaces 2971.Pq Vt str 2972If 2973.Va rtadvd_enable 2974is set to 2975.Dq Li YES 2976this is the list of interfaces to use. 2977.It Va arpproxy_all 2978.Pq Vt bool 2979If set to 2980.Dq Li YES , 2981enable global proxy ARP. 2982.It Va forward_sourceroute 2983.Pq Vt bool 2984If set to 2985.Dq Li YES 2986and 2987.Va gateway_enable 2988is also set to 2989.Dq Li YES , 2990source-routed packets are forwarded. 2991.It Va accept_sourceroute 2992.Pq Vt bool 2993If set to 2994.Dq Li YES , 2995the system will accept source-routed packets directed at it. 2996.It Va rarpd_enable 2997.Pq Vt bool 2998If set to 2999.Dq Li YES , 3000run the 3001.Xr rarpd 8 3002daemon at system boot time. 3003.It Va rarpd_flags 3004.Pq Vt str 3005If 3006.Va rarpd_enable 3007is set to 3008.Dq Li YES , 3009these are the flags to pass to the 3010.Xr rarpd 8 3011daemon. 3012.It Va bootparamd_enable 3013.Pq Vt bool 3014If set to 3015.Dq Li YES , 3016run the 3017.Xr bootparamd 8 3018daemon at system boot time. 3019.It Va bootparamd_flags 3020.Pq Vt str 3021If 3022.Va bootparamd_enable 3023is set to 3024.Dq Li YES , 3025these are the flags to pass to the 3026.Xr bootparamd 8 3027daemon. 3028.It Va stf_interface_ipv4addr 3029.Pq Vt str 3030If not set to 3031.Dq Li NO , 3032this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3033interface). 3034Specify this entry to enable the 6to4 interface. 3035.It Va stf_interface_ipv4plen 3036.Pq Vt int 3037Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3038An effective value is 0-31. 3039.It Va stf_interface_ipv6_ifid 3040.Pq Vt str 3041IPv6 interface ID for 3042.Xr stf 4 . 3043This can be set to 3044.Dq Li AUTO . 3045.It Va stf_interface_ipv6_slaid 3046.Pq Vt str 3047IPv6 Site Level Aggregator for 3048.Xr stf 4 . 3049.It Va ipv6_ipv4mapping 3050.Pq Vt bool 3051If set to 3052.Dq Li YES 3053this enables IPv4 mapped IPv6 address communication (like 3054.Li ::ffff:a.b.c.d ) . 3055.It Va rtsold_enable 3056.Pq Vt bool 3057Set to 3058.Dq Li YES 3059to enable the 3060.Xr rtsold 8 3061daemon to send ICMPv6 Router Solicitation messages. 3062.It Va rtsold_flags 3063.Pq Vt str 3064If 3065.Va rtsold_enable 3066is set to 3067.Dq Li YES , 3068these are the flags to pass to 3069.Xr rtsold 8 . 3070.It Va rtsol_flags 3071.Pq Vt str 3072For interfaces configured with the 3073.Dq Li inet6 accept_rtadv 3074keyword, these are the flags to pass to 3075.Xr rtsol 8 . 3076.Pp 3077Note that 3078.Va rtsold_enable 3079is mutually exclusive to 3080.Va rtsol_flags ; 3081.Va rtsold_enable 3082takes precedence. 3083.It Va keybell 3084.Pq Vt str 3085The keyboard bell sound. 3086Set to 3087.Dq Li normal , 3088.Dq Li visual , 3089.Dq Li off , 3090or 3091.Dq Li NO 3092if the default behavior is desired. 3093For details, refer to the 3094.Xr kbdcontrol 1 3095manpage. 3096.It Va keyboard 3097.Pq Vt str 3098If set to a non-null string, the virtual console's keyboard input is 3099set to this device. 3100.It Va keymap 3101.Pq Vt str 3102If set to 3103.Dq Li NO , 3104no keymap is installed, otherwise the value is used to install 3105the keymap file found in 3106.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3107(if using 3108.Xr syscons 4 ) or 3109.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3110(if using 3111.Xr vt 4 ) . 3112.It Va keyrate 3113.Pq Vt str 3114The keyboard repeat speed. 3115Set to 3116.Dq Li slow , 3117.Dq Li normal , 3118.Dq Li fast , 3119or 3120.Dq Li NO 3121if the default behavior is desired. 3122.It Va keychange 3123.Pq Vt str 3124If not set to 3125.Dq Li NO , 3126attempt to program the function keys with the value. 3127The value should 3128be a single string of the form: 3129.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3130.It Va cursor 3131.Pq Vt str 3132Can be set to the value of 3133.Dq Li normal , 3134.Dq Li blink , 3135.Dq Li destructive , 3136or 3137.Dq Li NO 3138to set the cursor behavior explicitly or choose the default behavior. 3139.It Va scrnmap 3140.Pq Vt str 3141If set to 3142.Dq Li NO , 3143no screen map is installed, otherwise the value is used to install 3144the screen map file in 3145.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3146This parameter is ignored when using 3147.Xr vt 4 3148as the console driver. 3149.It Va font8x16 3150.Pq Vt str 3151If set to 3152.Dq Li NO , 3153the default 8x16 font value is used for screen size requests, otherwise 3154the value in 3155.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3156or 3157.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3158is used (depending on the console driver being used). 3159.It Va font8x14 3160.Pq Vt str 3161If set to 3162.Dq Li NO , 3163the default 8x14 font value is used for screen size requests, otherwise 3164the value in 3165.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3166or 3167.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3168is used (depending on the console driver being used). 3169.It Va font8x8 3170.Pq Vt str 3171If set to 3172.Dq Li NO , 3173the default 8x8 font value is used for screen size requests, otherwise 3174the value in 3175.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3176or 3177.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3178is used (depending on the console driver being used). 3179.It Va blanktime 3180.Pq Vt int 3181If set to 3182.Dq Li NO , 3183the default screen blanking interval is used, otherwise it is set 3184to 3185.Ar value 3186seconds. 3187.It Va saver 3188.Pq Vt str 3189If not set to 3190.Dq Li NO , 3191this is the actual screen saver to use 3192.Li ( blank , snake , daemon , 3193etc). 3194.It Va moused_nondefault_enable 3195.Pq Vt str 3196If set to 3197.Dq Li NO , 3198the mouse device specified on 3199the command line is not automatically treated as enabled by the 3200.Pa /etc/rc.d/moused 3201script. 3202Having this variable set to 3203.Dq Li YES 3204allows a 3205.Xr usb 4 3206mouse, 3207for example, 3208to be enabled as soon as it is plugged in. 3209.It Va moused_enable 3210.Pq Vt str 3211If set to 3212.Dq Li YES , 3213the 3214.Xr moused 8 3215daemon is started for doing cut/paste selection on the console. 3216.It Va moused_type 3217.Pq Vt str 3218This is the protocol type of the mouse connected to this host. 3219This variable must be set if 3220.Va moused_enable 3221is set to 3222.Dq Li YES . 3223The 3224.Xr moused 8 3225daemon 3226is able to detect the appropriate mouse type automatically in many cases. 3227Set this variable to 3228.Dq Li auto 3229to let the daemon detect it, or 3230select one from the following list if the automatic detection fails. 3231.Pp 3232If the mouse is attached to the PS/2 mouse port, choose 3233.Dq Li auto 3234or 3235.Dq Li ps/2 , 3236regardless of the brand and model of the mouse. 3237Likewise, if the 3238mouse is attached to the bus mouse port, choose 3239.Dq Li auto 3240or 3241.Dq Li busmouse . 3242All other protocols are for serial mice and will not work with 3243the PS/2 and bus mice. 3244If this is a USB mouse, 3245.Dq Li auto 3246is the only protocol type which will work. 3247.Pp 3248.Bl -tag -width ".Li x10mouseremote" -compact 3249.It Li microsoft 3250Microsoft mouse (serial) 3251.It Li intellimouse 3252Microsoft IntelliMouse (serial) 3253.It Li mousesystems 3254Mouse systems Corp.\& mouse (serial) 3255.It Li mmseries 3256MM Series mouse (serial) 3257.It Li logitech 3258Logitech mouse (serial) 3259.It Li busmouse 3260A bus mouse 3261.It Li mouseman 3262Logitech MouseMan and TrackMan (serial) 3263.It Li glidepoint 3264ALPS GlidePoint (serial) 3265.It Li thinkingmouse 3266Kensington ThinkingMouse (serial) 3267.It Li ps/2 3268PS/2 mouse 3269.It Li mmhittab 3270MM HitTablet (serial) 3271.It Li x10mouseremote 3272X10 MouseRemote (serial) 3273.It Li versapad 3274Interlink VersaPad (serial) 3275.El 3276.Pp 3277Even if the mouse is not in the above list, it may be compatible 3278with one in the list. 3279Refer to the manual page for 3280.Xr moused 8 3281for compatibility information. 3282.Pp 3283It should also be noted that while this is enabled, any 3284other client of the mouse (such as an X server) should access 3285the mouse through the virtual mouse device, 3286.Pa /dev/sysmouse , 3287and configure it as a 3288.Dq Li sysmouse 3289type mouse, since all 3290mouse data is converted to this single canonical format when 3291using 3292.Xr moused 8 . 3293If the client program does not support the 3294.Dq Li sysmouse 3295type, 3296specify the 3297.Dq Li mousesystems 3298type. 3299It is the second preferred type. 3300.It Va moused_port 3301.Pq Vt str 3302If 3303.Va moused_enable 3304is set to 3305.Dq Li YES , 3306this is the actual port the mouse is on. 3307It might be 3308.Pa /dev/cuau0 3309for a COM1 serial mouse, or 3310.Pa /dev/psm0 3311for a PS/2 mouse, for example. 3312.It Va moused_flags 3313.Pq Vt str 3314If 3315.Va moused_flags 3316is set, its value is used as an additional set of flags to pass to the 3317.Xr moused 8 3318daemon. 3319.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3320When 3321.Va moused_nondefault_enable 3322is enabled, and a 3323.Xr moused 8 3324daemon is started for a non-default port, the 3325.Va "moused_" Ns Ar XXX Ns Va "_flags" 3326set of options has precedence over and replaces the default 3327.Va moused_flags 3328(where 3329.Ar XXX 3330is the name of the non-default port, i.e.,\& 3331.Ar ums0 ) . 3332By setting 3333.Va "moused_" Ns Ar XXX Ns Va "_flags" 3334it is possible to set up a different set of default flags for each 3335.Xr moused 8 3336instance. 3337For example, you can use 3338.Dq Li "-3" 3339for the default 3340.Va moused_flags 3341to make your laptop's touchpad more comfortable to use, 3342but an empty set of options for 3343.Va moused_ums0_flags 3344when your 3345.Xr usb 4 3346mouse has three or more buttons. 3347.It Va mousechar_start 3348.Pq Vt int 3349If set to 3350.Dq Li NO , 3351the default mouse cursor character range 3352.Li 0xd0 Ns - Ns Li 0xd3 3353is used, 3354otherwise the range start is set 3355to 3356.Ar value 3357character, see 3358.Xr vidcontrol 1 . 3359Use if the default range is occupied in the language code table. 3360.It Va allscreens_flags 3361.Pq Vt str 3362If set, 3363.Xr vidcontrol 1 3364is run with these options for each of the virtual terminals 3365.Pq Pa /dev/ttyv* . 3366For example, 3367.Dq Fl m Cm on 3368will enable the mouse pointer on all virtual terminals 3369if 3370.Va moused_enable 3371is set to 3372.Dq Li YES . 3373.It Va allscreens_kbdflags 3374.Pq Vt str 3375If set, 3376.Xr kbdcontrol 1 3377is run with these options for each of the virtual terminals 3378.Pq Pa /dev/ttyv* . 3379For example, 3380.Dq Fl h Li 200 3381will set the 3382.Xr syscons 4 3383or 3384.Xr vt 4 3385scrollback (history) buffer to 200 lines. 3386.It Va cron_enable 3387.Pq Vt bool 3388If set to 3389.Dq Li YES , 3390run the 3391.Xr cron 8 3392daemon at system boot time. 3393.It Va cron_program 3394.Pq Vt str 3395Path to 3396.Xr cron 8 3397(default 3398.Pa /usr/sbin/cron ) . 3399.It Va cron_flags 3400.Pq Vt str 3401If 3402.Va cron_enable 3403is set to 3404.Dq Li YES , 3405these are the flags to pass to 3406.Xr cron 8 . 3407.It Va cron_dst 3408.Pq Vt bool 3409If set to 3410.Dq Li YES , 3411enable the special handling of transitions to and from the 3412Daylight Saving Time in 3413.Xr cron 8 3414(equivalent to using the flag 3415.Fl s ) . 3416.It Va lpd_program 3417.Pq Vt str 3418Path to 3419.Xr lpd 8 3420(default 3421.Pa /usr/sbin/lpd ) . 3422.It Va lpd_enable 3423.Pq Vt bool 3424If set to 3425.Dq Li YES , 3426run the 3427.Xr lpd 8 3428daemon at system boot time. 3429.It Va lpd_flags 3430.Pq Vt str 3431If 3432.Va lpd_enable 3433is set to 3434.Dq Li YES , 3435these are the flags to pass to the 3436.Xr lpd 8 3437daemon. 3438.It Va chkprintcap_enable 3439.Pq Vt bool 3440If set to 3441.Dq Li YES , 3442run the 3443.Xr chkprintcap 8 3444command before starting the 3445.Xr lpd 8 3446daemon. 3447.It Va chkprintcap_flags 3448.Pq Vt str 3449If 3450.Va lpd_enable 3451and 3452.Va chkprintcap_enable 3453are set to 3454.Dq Li YES , 3455these are the flags to pass to the 3456.Xr chkprintcap 8 3457program. 3458The default is 3459.Dq Li -d , 3460which causes missing directories to be created. 3461.It Va mta_start_script 3462.Pq Vt str 3463This variable specifies the full path to the script to run to start 3464a mail transfer agent. 3465The default is 3466.Pa /etc/rc.sendmail . 3467The 3468.Va sendmail_* 3469variables which 3470.Pa /etc/rc.sendmail 3471uses are documented in the 3472.Xr rc.sendmail 8 3473manual page. 3474.It Va dumpdev 3475.Pq Vt str 3476Indicates the device (usually a swap partition) to which a crash dump 3477should be written in the event of a system crash. 3478If the value of this variable is 3479.Dq Li AUTO , 3480the first suitable swap device listed in 3481.Pa /etc/fstab 3482will be used as dump device. 3483Otherwise, the value of this variable is passed as the argument to 3484.Xr dumpon 8 3485and 3486.Xr savecore 8 . 3487To disable crash dumps, set this variable to 3488.Dq Li NO . 3489.It Va dumpon_flags 3490.Pq Vt str 3491Flags to pass to 3492.Xr dumpon 8 3493when configuring 3494.Va dumpdev 3495as the system dump device. 3496.It Va dumpdir 3497.Pq Vt str 3498When the system reboots after a crash and a crash dump is found on the 3499device specified by the 3500.Va dumpdev 3501variable, 3502.Xr savecore 8 3503will save that crash dump and a copy of the kernel to the directory 3504specified by the 3505.Va dumpdir 3506variable. 3507The default value is 3508.Pa /var/crash . 3509Set to 3510.Dq Li NO 3511to not run 3512.Xr savecore 8 3513at boot time when 3514.Va dumpdir 3515is set. 3516.It Va savecore_enable 3517.Pq Vt bool 3518If set to 3519.Dq Li NO , 3520disable automatic extraction of the crash dump from the 3521.Va dumpdev . 3522.It Va savecore_flags 3523.Pq Vt str 3524If crash dumps are enabled, these are the flags to pass to the 3525.Xr savecore 8 3526utility. 3527.It Va quota_enable 3528.Pq Vt bool 3529Set to 3530.Dq Li YES 3531to turn on user and group disk quotas on system startup via the 3532.Xr quotaon 8 3533command for all file systems marked as having quotas enabled in 3534.Pa /etc/fstab . 3535The kernel must be built with 3536.Cd "options QUOTA" 3537for disk quotas to function. 3538.It Va check_quotas 3539.Pq Vt bool 3540Set to 3541.Dq Li YES 3542to enable user and group disk quota checking via the 3543.Xr quotacheck 8 3544command. 3545.It Va quotacheck_flags 3546.Pq Vt str 3547If 3548.Va quota_enable 3549is set to 3550.Dq Li YES , 3551and 3552.Va check_quotas 3553is set to 3554.Dq Li YES , 3555these are the flags to pass to the 3556.Xr quotacheck 8 3557utility. 3558The default is 3559.Dq Li "-a" , 3560which checks quotas for all file systems with quotas enabled in 3561.Pa /etc/fstab . 3562.It Va quotaon_flags 3563.Pq Vt str 3564If 3565.Va quota_enable 3566is set to 3567.Dq Li YES , 3568these are the flags to pass to the 3569.Xr quotaon 8 3570utility. 3571The default is 3572.Dq Li "-a" , 3573which enables quotas for all file systems with quotas enabled in 3574.Pa /etc/fstab . 3575.It Va quotaoff_flags 3576.Pq Vt str 3577If 3578.Va quota_enable 3579is set to 3580.Dq Li YES , 3581these are the flags to pass to the 3582.Xr quotaoff 8 3583utility when shutting down the quota system. 3584The default is 3585.Dq Li "-a" , 3586which disables quotas for all file systems with quotas enabled in 3587.Pa /etc/fstab . 3588.It Va accounting_enable 3589.Pq Vt bool 3590Set to 3591.Dq Li YES 3592to enable system accounting through the 3593.Xr accton 8 3594facility. 3595.It Va firstboot_sentinel 3596.Pq Vt str 3597This variable specifies the full path to a 3598.Dq first boot 3599sentinel file. 3600If a file exists with this path, 3601.Pa rc.d 3602scripts with the 3603.Dq firstboot 3604keyword will be run on startup and the sentinel file will be deleted 3605after the boot process completes. 3606The sentinel file must be located on a writable file system which is 3607mounted no later than 3608.Va early_late_divider 3609to function properly. 3610The default is 3611.Pa /firstboot . 3612.It Va linux_enable 3613.Pq Vt bool 3614Set to 3615.Dq Li YES 3616to enable Linux/ELF binary emulation at system initial 3617boot time. 3618.It Va sysvipc_enable 3619.Pq Vt bool 3620If set to 3621.Dq Li YES , 3622load System V IPC primitives at boot time. 3623.It Va clear_tmp_enable 3624.Pq Vt bool 3625Set to 3626.Dq Li YES 3627to have 3628.Pa /tmp 3629cleaned at startup. 3630.It Va clear_tmp_X 3631.Pq Vt bool 3632Set to 3633.Dq Li NO 3634to disable removing of X11 lock files, 3635and the removal and (secure) recreation 3636of the various socket directories for X11 3637related programs. 3638.It Va ldconfig_paths 3639.Pq Vt str 3640Set to the list of shared library paths to use with 3641.Xr ldconfig 8 . 3642NOTE: 3643.Pa /lib 3644and 3645.Pa /usr/lib 3646will always be added first, so they need not appear in this list. 3647.It Va ldconfig32_paths 3648.Pq Vt str 3649Set to the list of 32-bit compatibility shared library paths to 3650use with 3651.Xr ldconfig 8 . 3652.It Va ldconfig_insecure 3653.Pq Vt bool 3654The 3655.Xr ldconfig 8 3656utility normally refuses to use directories 3657which are writable by anyone except root. 3658Set this variable to 3659.Dq Li YES 3660to disable that security check during system startup. 3661.It Va ldconfig_local_dirs 3662.Pq Vt str 3663Set to the list of local 3664.Xr ldconfig 8 3665directories. 3666The names of all files in the directories listed will be 3667passed as arguments to 3668.Xr ldconfig 8 . 3669.It Va ldconfig_local32_dirs 3670.Pq Vt str 3671Set to the list of local 32-bit compatibility 3672.Xr ldconfig 8 3673directories. 3674The names of all files in the directories listed will be 3675passed as arguments to 3676.Dq Nm ldconfig Fl 32 . 3677.It Va kern_securelevel_enable 3678.Pq Vt bool 3679Set to 3680.Dq Li YES 3681to set the kernel security level at system startup. 3682.It Va kern_securelevel 3683.Pq Vt int 3684The kernel security level to set at startup. 3685The allowed range of 3686.Ar value 3687ranges from \-1 (the compile time default) to 3 (the 3688most secure). 3689See 3690.Xr security 7 3691for the list of possible security levels and their effect 3692on system operation. 3693.It Va sshd_program 3694.Pq Vt str 3695Path to the SSH server program 3696.Pa ( /usr/sbin/sshd 3697is the default). 3698.It Va sshd_enable 3699.Pq Vt bool 3700Set to 3701.Dq Li YES 3702to start 3703.Xr sshd 8 3704at system boot time. 3705.It Va sshd_flags 3706.Pq Vt str 3707If 3708.Va sshd_enable 3709is set to 3710.Dq Li YES , 3711these are the flags to pass to the 3712.Xr sshd 8 3713daemon. 3714.It Va ftpd_program 3715.Pq Vt str 3716Path to the FTP server program 3717.Pa ( /usr/libexec/ftpd 3718is the default). 3719.It Va ftpd_enable 3720.Pq Vt bool 3721Set to 3722.Dq Li YES 3723to start 3724.Xr ftpd 8 3725as a stand-alone daemon at system boot time. 3726.It Va ftpd_flags 3727.Pq Vt str 3728If 3729.Va ftpd_enable 3730is set to 3731.Dq Li YES , 3732these are the additional flags to pass to the 3733.Xr ftpd 8 3734daemon. 3735.It Va watchdogd_enable 3736.Pq Vt bool 3737If set to 3738.Dq Li YES , 3739start the 3740.Xr watchdogd 8 3741daemon at boot time. 3742This requires that the kernel have been compiled with a 3743.Xr watchdog 4 3744compatible device. 3745.It Va watchdogd_flags 3746.Pq Vt str 3747If 3748.Va watchdogd_enable 3749is set to 3750.Dq Li YES , 3751these are the flags passed to the 3752.Xr watchdogd 8 3753daemon. 3754.It Va watchdogd_timeout 3755.Pq Vt int 3756If 3757.Va watchdogd_enable 3758is set to 3759.Dq Li YES , 3760this is a timeout that will be used by the 3761.Xr watchdogd 8 3762daemon. 3763If this option is set, it overrides 3764.Fl t 3765in 3766.Va watchdogd_flags . 3767.It Va watchdogd_shutdown_timeout 3768.Pq Vt int 3769If 3770.Va watchdogd_enable 3771is set to 3772.Dq Li YES , 3773this is a timeout that will be set by the 3774.Xr watchdogd 8 3775daemon when it exits during the system shutdown. 3776This timeout will not be set when returning to the single-user mode 3777or when the watchdogd service is stopped individually using the 3778.Xr service 8 3779command or the rc.d script. 3780Note that the timeout will be applied if 3781.Xr watchdogd 8 3782is stopped outside of 3783.Xr rc 8 3784framework. 3785If this option is set, it overrides 3786.Fl x 3787in 3788.Va watchdogd_flags . 3789.It Va devfs_rulesets 3790.Pq Vt str 3791List of files containing sets of rules for 3792.Xr devfs 8 . 3793.It Va devfs_system_ruleset 3794.Pq Vt str 3795Rule name(s) to apply to the system 3796.Pa /dev 3797itself. 3798.It Va devfs_set_rulesets 3799.Pq Vt str 3800Pairs of already-mounted 3801.Pa dev 3802directories and rulesets that should be applied to them. 3803For example: /mount/dev=ruleset_name 3804.It Va devfs_load_rulesets 3805.Pq Vt bool 3806If set, always load the default rulesets listed in 3807.Va devfs_rulesets . 3808.It Va performance_cx_lowest 3809.Pq Vt str 3810CPU idle state to use while on AC power. 3811The string 3812.Dq Li LOW 3813indicates that 3814.Xr acpi 4 3815should use the lowest power state available while 3816.Dq Li HIGH 3817indicates that the lowest latency state (less power savings) should be used. 3818.It Va performance_cpu_freq 3819.Pq Vt str 3820CPU clock frequency to use while on AC power. 3821The string 3822.Dq Li LOW 3823indicates that 3824.Xr cpufreq 4 3825should use the lowest frequency available while 3826.Dq Li HIGH 3827indicates that the highest frequency (less power savings) should be used. 3828.It Va economy_cx_lowest 3829.Pq Vt str 3830CPU idle state to use when off AC power. 3831The string 3832.Dq Li LOW 3833indicates that 3834.Xr acpi 4 3835should use the lowest power state available while 3836.Dq Li HIGH 3837indicates that the lowest latency state (less power savings) should be used. 3838.It Va economy_cpu_freq 3839.Pq Vt str 3840CPU clock frequency to use when off AC power. 3841The string 3842.Dq Li LOW 3843indicates that 3844.Xr cpufreq 4 3845should use the lowest frequency available while 3846.Dq Li HIGH 3847indicates that the highest frequency (less power savings) should be used. 3848.It Va jail_enable 3849.Pq Vt bool 3850If set to 3851.Dq Li NO , 3852any configured jails will not be started. 3853.It Va jail_conf 3854.Pq Vt str 3855The configuration filename used by 3856.Xr jail 8 3857utility. 3858The default value is 3859.Pa /etc/jail.conf . 3860.It Va jail_parallel_start 3861.Pq Vt bool 3862If set to 3863.Dq Li YES , 3864all configured jails will be started in the background (in parallel). 3865.It Va jail_flags 3866.Pq Vt str 3867Unset by default. 3868When set, use as default value for 3869.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3870for every jail in 3871.Va jail_list . 3872.It Va jail_list 3873.Pq Vt str 3874A space-delimited list of jail names. 3875When left empty, all of the 3876.Xr jail 8 3877instances defined in the configuration file are started. 3878The names specified in this list control the jail startup order. 3879.Xr jail 8 3880instances missing from 3881.Va jail_list 3882must be started manually. 3883Note that a jail's 3884.Va depend 3885parameter in the configuration file may override this list. 3886.It Va jail_reverse_stop 3887.Pq Vt bool 3888When set to 3889.Dq Li YES , 3890all configured jails in 3891.Va jail_list 3892are stopped in reverse order. 3893.It Va jail_ Ns * variables 3894Note that older releases supported per-jail configuration via 3895.Nm 3896variables. 3897For example, 3898hostname of a jail named 3899.Li vjail 3900was able to be set by 3901.Li jail_vjail_hostname . 3902These per-jail configuration variables are now obsolete in favor of 3903.Xr jail 8 3904configuration file. 3905For backward compatibility, 3906when per-jail configuration variables are defined, 3907.Xr jail 8 3908configuration files are created as 3909.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3910and used. 3911.Pp 3912The following per-jail parameters are handled by 3913.Pa rc.d/jail 3914script out of their corresponding 3915.Nm 3916variables. 3917In addition to them, parameters in 3918.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3919will be added to the configuration file. 3920They must be a semi-colon 3921.Pq Ql \&; 3922delimited list of 3923.Dq key=value . 3924For more details, 3925see 3926.Xr jail 8 3927manual page. 3928.Bl -tag -width "host.hostname" -offset indent 3929.It Li path 3930set from 3931.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3932.It Li host.hostname 3933set from 3934.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3935.It Li exec.consolelog 3936set from 3937.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3938The default value is 3939.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3940.It Li interface 3941set from 3942.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3943.It Li vnet.interface 3944set from 3945.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3946This implies 3947.Li vnet 3948parameter will be enabled and cannot be specified with 3949.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3951and/or 3952.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3953at the same time. 3954.It Li fstab 3955set from 3956.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3957.It Li mount 3958set from 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3960.It Li exec.fib 3961set from 3962.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3963.It Li exec.start 3964set from 3965.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3966The parameter name was 3967.Li command 3968in some older releases. 3969.It Li exec.prestart 3970set from 3971.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3972.It Li exec.poststart 3973set from 3974.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3975.It Li exec.stop 3976set from 3977.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3978.It Li exec.prestop 3979set from 3980.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3981.It Li exec.poststop 3982set from 3983.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3984.It Li ip4.addr 3985set if 3986.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3987or 3988.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3989contain IPv4 addresses 3990.It Li ip6.addr 3991set if 3992.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3993or 3994.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3995contain IPv6 addresses 3996.It Li allow.mount 3997set from 3998.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3999.It Li mount.devfs 4000set from 4001.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4002.It Li devfs_ruleset 4003set from 4004.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4005This must be an integer, 4006not a string. 4007.It Li mount.fdescfs 4008set from 4009.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4010.It Li allow.set_hostname 4011set from 4012.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4013.It Li allow.rawsocket 4014set from 4015.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4016.It Li allow.sysvipc 4017set from 4018.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4019.El 4020.\" ----------------------------------------------------- 4021.It Va harvest_mask 4022.Pq Vt int 4023Set to a bit-mask 4024representing the entropy sources 4025you wish to harvest. 4026Refer to 4027.Xr random 4 4028for more information. 4029.It Va entropy_dir 4030.Pq Vt str 4031Set to 4032.Dq Li NO 4033to disable caching entropy via 4034.Xr cron 8 . 4035Otherwise set to the directory 4036in which the entropy files are stored. 4037To be useful, 4038there must be 4039a system cron job 4040that regularly writes and rotates 4041files here. 4042All files found 4043will be used at boot time. 4044The default is 4045.Pa /var/db/entropy . 4046.It Va entropy_file 4047.Pq Vt str 4048Set to 4049.Dq Li NO 4050to disable caching entropy through reboots. 4051Otherwise set to the name 4052of a file used to store cached entropy. 4053This file should be located 4054on a file system that is readable 4055before all the volumes specified in 4056.Xr fstab 5 4057are mounted. 4058By default, 4059.Pa /entropy 4060is used, 4061but if 4062.Pa /var/db/entropy-file 4063is found it will also be used. 4064This will be of some use to 4065.Xr bsdinstall 8 . 4066.It Va entropy_boot_file 4067.Pq Vt str 4068Set to 4069.Dq Li NO 4070to disable 4071very early caching entropy 4072through reboots. 4073Otherwise set to the filename 4074used to read 4075very early reboot cached entropy. 4076This file should be located where 4077.Xr loader 8 4078can read it. 4079See also 4080.Xr loader.conf 5 . 4081The default location is 4082.Pa /boot/entropy . 4083.It Va entropy_save_sz 4084.Pq Vt int 4085Size of the entropy cache files saved by 4086.Nm save-entropy 4087periodically. 4088.It Va entropy_save_num 4089.Pq Vt int 4090Number of entropy cache files to save by 4091.Nm save-entropy 4092periodically. 4093.It Va ipsec_enable 4094.Pq Vt bool 4095Set to 4096.Dq Li YES 4097to run 4098.Xr setkey 8 4099on 4100.Va ipsec_file 4101at boot time. 4102.It Va ipsec_file 4103.Pq Vt str 4104Configuration file for 4105.Xr setkey 8 . 4106.It Va dmesg_enable 4107.Pq Vt bool 4108Set to 4109.Dq Li YES 4110to save 4111.Xr dmesg 8 4112to 4113.Pa /var/run/dmesg.boot 4114on boot. 4115.It Va rcshutdown_timeout 4116.Pq Vt int 4117If set, start a watchdog timer in the background which will terminate 4118.Pa rc.shutdown 4119if 4120.Xr shutdown 8 4121has not completed within the specified time (in seconds). 4122Notice that in addition to this soft timeout, 4123.Xr init 8 4124also applies a hard timeout for the execution of 4125.Pa rc.shutdown . 4126This is configured via 4127.Xr sysctl 8 4128variable 4129.Va kern.init_shutdown_timeout 4130and defaults to 120 seconds. 4131Setting the value of 4132.Va rcshutdown_timeout 4133to more than 120 seconds will have no effect until the 4134.Xr sysctl 8 4135variable 4136.Va kern.init_shutdown_timeout 4137is also increased. 4138.It Va virecover_enable 4139.Pq Vt bool 4140Set to 4141.Dq Li NO 4142to prevent the system from trying to 4143recover pre-maturely terminated 4144.Xr vi 1 4145sessions. 4146.It Va ugidfw_enable 4147.Pq Vt bool 4148Set to 4149.Dq Li YES 4150to load the 4151.Xr mac_bsdextended 4 4152module upon system initialization and load a default 4153ruleset file. 4154.It Va bsdextended_script 4155.Pq Vt str 4156The default 4157.Xr mac_bsdextended 4 4158ruleset file to load. 4159The default value of this variable is 4160.Pa /etc/rc.bsdextended . 4161.It Va newsyslog_enable 4162.Pq Vt bool 4163If set to 4164.Dq Li YES , 4165run 4166.Xr newsyslog 8 4167command at startup. 4168.It Va newsyslog_flags 4169.Pq Vt str 4170If 4171.Va newsyslog_enable 4172is set to 4173.Dq Li YES , 4174these are the flags to pass to the 4175.Xr newsyslog 8 4176program. 4177The default is 4178.Dq Li -CN , 4179which causes log files flagged with a 4180.Cm C 4181to be created. 4182.It Va mdconfig_md Ns Aq Ar X 4183.Pq Vt str 4184Arguments to 4185.Xr mdconfig 8 4186for 4187.Xr md 4 4188device 4189.Ar X . 4190At minimum a 4191.Fl t Ar type 4192must be specified and either a 4193.Fl s Ar size 4194for malloc or swap backed 4195.Xr md 4 4196devices or a 4197.Fl f Ar file 4198for vnode backed 4199.Xr md 4 4200devices. 4201Note that 4202.Va mdconfig_md Ns Aq Ar X 4203variables are evaluated until one variable is unset or null. 4204.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4205.Pq Vt str 4206Optional arguments passed to 4207.Xr newfs 8 4208to initialize 4209.Xr md 4 4210device 4211.Ar X . 4212.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4213.Pq Vt str 4214An ownership specification passed to 4215.Xr chown 8 4216after the specified 4217.Xr md 4 4218device 4219.Ar X 4220has been mounted. 4221Both the 4222.Xr md 4 4223device and the mount point will be changed. 4224.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4225.Pq Vt str 4226A mode string passed to 4227.Xr chmod 1 4228after the specified 4229.Xr md 4 4230device 4231.Ar X 4232has been mounted. 4233Both the 4234.Xr md 4 4235device and the mount point will be changed. 4236.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4237.Pq Vt str 4238Files to be copied to the mount point of the 4239.Xr md 4 4240device 4241.Ar X 4242after it has been mounted. 4243.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4244.Pq Vt str 4245Command to execute after the specified 4246.Xr md 4 4247device 4248.Ar X 4249has been mounted. 4250Note that the command is passed to 4251.Ic eval 4252and that both 4253.Va _dev 4254and 4255.Va _mp 4256variables can be used to reference respectively the 4257.Xr md 4 4258device and the mount point. 4259Assuming that the 4260.Xr md 4 4261device is 4262.Li md0 , 4263one could set the following: 4264.Bd -literal 4265mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4266.Ed 4267.It Va autobridge_interfaces 4268.Pq Vt str 4269Set to the list of bridge interfaces that will have newly arriving interfaces 4270checked against to be automatically added. 4271If not set to 4272.Dq Li NO 4273then for each whitespace separated 4274.Ar element 4275in the value, a 4276.Va autobridge_ Ns Aq Ar element 4277variable is assumed to exist which has a whitespace separated list of interface 4278names to match, these names can use wildcards. 4279For example: 4280.Bd -literal 4281autobridge_interfaces="bridge0" 4282autobridge_bridge0="tap* dc0 vlan[345]" 4283.Ed 4284.It Va mixer_enable 4285.Pq Vt bool 4286If set to 4287.Dq Li YES , 4288enable support for sound mixer. 4289.It Va hcsecd_enable 4290.Pq Vt bool 4291If set to 4292.Dq Li YES , 4293enable Bluetooth security daemon. 4294.It Va hcsecd_config 4295.Pq Vt str 4296Configuration file for 4297.Xr hcsecd 8 . 4298Default 4299.Pa /etc/bluetooth/hcsecd.conf . 4300.It Va sdpd_enable 4301.Pq Vt bool 4302If set to 4303.Dq Li YES , 4304enable Bluetooth Service Discovery Protocol daemon. 4305.It Va sdpd_control 4306.Pq Vt str 4307Path to 4308.Xr sdpd 8 4309control socket. 4310Default 4311.Pa /var/run/sdp . 4312.It Va sdpd_groupname 4313.Pq Vt str 4314Sets 4315.Xr sdpd 8 4316group to run as after it initializes. 4317Default 4318.Dq Li nobody . 4319.It Va sdpd_username 4320.Pq Vt str 4321Sets 4322.Xr sdpd 8 4323user to run as after it initializes. 4324Default 4325.Dq Li nobody . 4326.It Va bthidd_enable 4327.Pq Vt bool 4328If set to 4329.Dq Li YES , 4330enable Bluetooth Human Interface Device daemon. 4331.It Va bthidd_config 4332.Pq Vt str 4333Configuration file for 4334.Xr bthidd 8 . 4335Default 4336.Pa /etc/bluetooth/bthidd.conf . 4337.It Va bthidd_hids 4338.Pq Vt str 4339Path to a file, where 4340.Xr bthidd 8 4341will store information about known HID devices. 4342Default 4343.Pa /var/db/bthidd.hids . 4344.It Va rfcomm_pppd_server_enable 4345.Pq Vt bool 4346If set to 4347.Dq Li YES , 4348enable Bluetooth RFCOMM PPP wrapper daemon. 4349.It Va rfcomm_pppd_server_profile 4350.Pq Vt str 4351The name of the profile to use from 4352.Pa /etc/ppp/ppp.conf . 4353Multiple profiles can be specified here. 4354Also used to specify per-profile overrides. 4355When the profile name contains any of the characters 4356.Dq Li .-/+ 4357they are translated to 4358.Dq Li _ 4359for the proposes of the override variable names. 4360.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4361.Pq Vt str 4362Overrides local address to listen on. 4363By default 4364.Xr rfcomm_pppd 8 4365will listen on 4366.Dq Li ANY 4367address. 4368The address can be specified as BD_ADDR or name. 4369.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4370.Pq Vt str 4371Overrides local RFCOMM channel to listen on. 4372By default 4373.Xr rfcomm_pppd 8 4374will listen on RFCOMM channel 1. 4375Must set properly if multiple profiles used in the same time. 4376.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4377.Pq Vt bool 4378Tells 4379.Xr rfcomm_pppd 8 4380if it should register Serial Port service on the specified RFCOMM channel. 4381Default 4382.Dq Li NO . 4383.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4384.Pq Vt bool 4385Tells 4386.Xr rfcomm_pppd 8 4387if it should register Dial-Up Networking service on the specified 4388RFCOMM channel. 4389Default 4390.Dq Li NO . 4391.It Va ubthidhci_enable 4392.Pq Vt bool 4393If set to 4394.Dq Li YES , 4395change the USB Bluetooth controller from HID mode to HCI mode. 4396You also need to specify the location of USB Bluetooth controller with the 4397.Va ubthidhci_busnum 4398and 4399.Va ubthidhci_addr 4400variables. 4401.It Va ubthidhci_busnum 4402Bus number where the USB Bluetooth controller is located. 4403Check the output of 4404.Xr usbconfig 8 4405on your system to find this information. 4406.It Va ubthidhci_addr 4407Bus address of the USB Bluetooth controller. 4408Check the output of 4409.Xr usbconfig 8 4410on your system to find this information. 4411.It Va netwait_enable 4412.Pq Vt bool 4413If set to 4414.Dq Li YES , 4415delays the start of network-reliant services until 4416.Va netwait_if 4417is up and ICMP packets to a destination defined in 4418.Va netwait_ip 4419are flowing. 4420Link state is examined first, followed by 4421.Dq Li pinging 4422an IP address to verify network usability. 4423If no destination can be reached or timeouts are exceeded, 4424network services are started anyway with no guarantee that 4425the network is usable. 4426Use of this variable requires both 4427.Va netwait_ip 4428and 4429.Va netwait_if 4430to be set. 4431.It Va netwait_ip 4432.Pq Vt str 4433Empty by default. 4434This variable contains a space-delimited list of IP addresses to 4435.Xr ping 8 . 4436DNS hostnames should not be used as resolution is not guaranteed 4437to be functional at this point. 4438If multiple IP addresses are specified, 4439each will be tried until one is successful or the list is exhausted. 4440.It Va netwait_timeout 4441.Pq Vt int 4442Indicates the total number of seconds to perform a 4443.Dq Li ping 4444against each IP address in 4445.Va netwait_ip , 4446at a rate of one ping per second. 4447If any of the pings are successful, 4448full network connectivity is considered reliable. 4449The default is 60. 4450.It Va netwait_if 4451.Pq Vt str 4452Empty by default. 4453Defines the name of the network interface on which watch for link. 4454.Xr ifconfig 8 4455is used to monitor the interface, looking for 4456.Dq Li status: no carrier . 4457Once gone, the link is considered up. 4458This can be a 4459.Xr vlan 4 4460interface if desired. 4461.It Va netwait_if_timeout 4462.Pq Vt int 4463Defines the total number of seconds to wait for link to become usable, 4464polled at a 1-second interval. 4465The default is 30. 4466.It Va rctl_enable 4467.Pq Vt bool 4468If set to 4469.Dq Li YES , 4470load 4471.Xr rctl 8 4472rules from the defined ruleset. 4473The kernel must be built with 4474.Cd "options RACCT" 4475and 4476.Cd "options RCTL" . 4477.It Va rctl_rules 4478.Pq Vt str 4479Set to 4480.Pa /etc/rctl.conf 4481by default. 4482This variables contains the 4483.Xr rctl.conf 5 4484ruleset to load for 4485.Xr rctl 8 . 4486.It Va iovctl_files 4487.Pq Vt str 4488A space-separated list of configuration files used by 4489.Xr iovctl 8 . 4490The default value is an empty string. 4491.It Va autofs_enable 4492.Pq Vt bool 4493If set to 4494.Dq Li YES , 4495start the 4496.Xr automount 8 4497utility and the 4498.Xr automountd 8 4499and 4500.Xr autounmountd 8 4501daemons at boot time. 4502.It Va automount_flags 4503.Pq Vt str 4504If 4505.Va autofs_enable 4506is set to 4507.Dq Li YES , 4508these are the flags to pass to the 4509.Xr automount 8 4510program. 4511By default no flags are passed. 4512.It Va automountd_flags 4513.Pq Vt str 4514If 4515.Va autofs_enable 4516is set to 4517.Dq Li YES , 4518these are the flags to pass to the 4519.Xr automountd 8 4520daemon. 4521By default no flags are passed. 4522.It Va autounmountd_flags 4523.Pq Vt str 4524If 4525.Va autofs_enable 4526is set to 4527.Dq Li YES , 4528these are the flags to pass to the 4529.Xr autounmountd 8 4530daemon. 4531By default no flags are passed. 4532.It Va ctld_enable 4533.Pq Vt bool 4534If set to 4535.Dq Li YES , 4536start the 4537.Xr ctld 8 4538daemon at boot time. 4539.It Va iscsid_enable 4540.Pq Vt bool 4541If set to 4542.Dq Li YES , 4543start the 4544.Xr iscsid 8 4545daemon at boot time. 4546.It Va iscsictl_enable 4547.Pq Vt bool 4548If set to 4549.Dq Li YES , 4550start the 4551.Xr iscsictl 8 4552utility at boot time. 4553.It Va iscsictl_flags 4554.Pq Vt str 4555If 4556.Va iscsictl_enable 4557is set to 4558.Dq Li YES , 4559these are the flags to pass to the 4560.Xr iscsictl 8 4561program. 4562The default is 4563.Dq Li -Aa , 4564which configures sessions based on the 4565.Pa /etc/iscsi.conf 4566configuration file. 4567.It Va cfumass_enable 4568.Pq Vt bool 4569If set to 4570.Dq Li YES , 4571create and export an USB LUN using 4572.Xr cfumass 4 4573at boot time. 4574.It Va cfumass_dir 4575.Pq Vt str 4576The directory where the files exported by USB LUN are located. 4577The default directory is 4578.Pa /var/cfumass . 4579.It Va service_delete_empty 4580.Pq Vt bool 4581If set to 4582.Dq Li YES , 4583.Ql Li service delete 4584removes empty 4585.Dq Li rc.conf.d 4586files. 4587.It Va zfs_bootonce_activate 4588.Pq Vt bool 4589If set to 4590.Dq Li YES , 4591and a boot environment marked bootonce is successfully booted, 4592it will be made permanently active. 4593.El 4594.Sh FILES 4595.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4596.It Pa /etc/defaults/rc.conf 4597.It Pa /etc/defaults/vendor.conf 4598.It Pa /etc/rc.conf 4599.It Pa /etc/rc.conf.local 4600.El 4601.Sh SEE ALSO 4602.Xr chmod 1 , 4603.Xr gdb 1 , 4604.Xr info 1 , 4605.Xr kbdcontrol 1 , 4606.Xr makewhatis 1 , 4607.Xr sh 1 , 4608.Xr vi 1 , 4609.Xr vidcontrol 1 , 4610.Xr bridge 4 , 4611.Xr dummynet 4 , 4612.Xr ip 4 , 4613.Xr ipf 4 , 4614.Xr ipfw 4 , 4615.Xr ipnat 4 , 4616.Xr kld 4 , 4617.Xr pf 4 , 4618.Xr pflog 4 , 4619.Xr pfsync 4 , 4620.Xr tcp 4 , 4621.Xr udp 4 , 4622.Xr exports 5 , 4623.Xr fstab 5 , 4624.Xr ipf 5 , 4625.Xr ipnat 5 , 4626.Xr jail.conf 5 , 4627.Xr loader.conf 5 , 4628.Xr motd 5 , 4629.Xr newsyslog.conf 5 , 4630.Xr pf.conf 5 , 4631.Xr security 7 , 4632.Xr accton 8 , 4633.Xr amd 8 , 4634.Xr apm 8 , 4635.Xr bsdinstall 8 , 4636.Xr bthidd 8 , 4637.Xr chkprintcap 8 , 4638.Xr chown 8 , 4639.Xr cron 8 , 4640.Xr devfs 8 , 4641.Xr dhclient 8 , 4642.Xr ftpd 8 , 4643.Xr geli 8 , 4644.Xr hcsecd 8 , 4645.Xr ifconfig 8 , 4646.Xr inetd 8 , 4647.Xr iovctl 8 , 4648.Xr ipf 8 , 4649.Xr ipfw 8 , 4650.Xr ipnat 8 , 4651.Xr jail 8 , 4652.Xr kldxref 8 , 4653.Xr loader 8 , 4654.Xr lpd 8 , 4655.Xr mdconfig 8 , 4656.Xr mdmfs 8 , 4657.Xr mixer 8 , 4658.Xr mountd 8 , 4659.Xr moused 8 , 4660.Xr newfs 8 , 4661.Xr newsyslog 8 , 4662.Xr nfsd 8 , 4663.Xr ntpd 8 , 4664.Xr ntpdate 8 , 4665.Xr pfctl 8 , 4666.Xr pflogd 8 , 4667.Xr ping 8 , 4668.Xr powerd 8 , 4669.Xr quotacheck 8 , 4670.Xr quotaon 8 , 4671.Xr rc 8 , 4672.Xr rc.sendmail 8 , 4673.Xr rfcomm_pppd 8 , 4674.Xr route 8 , 4675.Xr routed 8 , 4676.Xr rpc.lockd 8 , 4677.Xr rpc.statd 8 , 4678.Xr rpcbind 8 , 4679.Xr rwhod 8 , 4680.Xr savecore 8 , 4681.Xr sdpd 8 , 4682.Xr service 8 , 4683.Xr sshd 8 , 4684.Xr swapon 8 , 4685.Xr sysctl 8 , 4686.Xr syslogd 8 , 4687.Xr sysrc 8 , 4688.Xr timed 8 , 4689.Xr unbound 8 , 4690.Xr usbconfig 8 , 4691.Xr wlandebug 8 , 4692.Xr yp 8 , 4693.Xr ypbind 8 , 4694.Xr ypserv 8 , 4695.Xr ypset 8 4696.Sh HISTORY 4697The 4698.Nm 4699file appeared in 4700.Fx 2.2.2 . 4701.Sh AUTHORS 4702.An Jordan K. Hubbard . 4703