1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd April 21, 2018 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67The sysrc(8) command provides a scripting interface to modify system 68config files. 69.Pp 70In addition to 71.Pa /etc/rc.conf.local 72you can also place smaller configuration files for each 73.Xr rc 8 74script in the 75.Pa /etc/rc.conf.d 76directory or 77.Ao Ar dir Ac Ns Pa /rc.conf.d 78directories specified in 79.Va local_startup , 80which will be included by the 81.Va load_rc_config 82function. 83For jail configurations you could use the file 84.Pa /etc/rc.conf.d/jail 85to store jail specific configuration options. 86If 87.Va local_startup 88contains 89.Pa /usr/local/etc/rc.d 90and 91.Pa /opt/conf , 92.Pa /usr/local/rc.conf.d/jail 93and 94.Pa /opt/conf/rc.conf.d/jail 95will be loaded. 96If 97.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 98is a directory, 99all of files in the directory will be loaded. 100Also see the 101.Va rc_conf_files 102variable below. 103.Pp 104Options are set with 105.Dq Ar name Ns Li = Ns Ar value 106assignments that use 107.Xr sh 1 108syntax. 109The following list provides a name and short description for each 110variable that can be set in the 111.Nm 112file: 113.Bl -tag -width indent-two 114.It Va rc_debug 115.Pq Vt bool 116If set to 117.Dq Li YES , 118enable output of debug messages from rc scripts. 119This variable can be helpful in diagnosing mistakes when 120editing or integrating new scripts. 121Beware that this produces copious output to the terminal and 122.Xr syslog 3 . 123.It Va rc_info 124.Pq Vt bool 125If set to 126.Dq Li NO , 127disable informational messages from the rc scripts. 128Informational messages are displayed when 129a condition that is not serious enough to warrant a warning or 130an error occurs. 131.It Va rc_startmsgs 132.Pq Vt bool 133If set to 134.Dq Li YES , 135show 136.Dq Starting foo: 137when faststart is used (e.g., at boot time). 138.It Va early_late_divider 139.Pq Vt str 140The name of the script that should be used as the 141delimiter between the 142.Dq early 143and 144.Dq late 145stages of the boot process. 146The early stage should contain all the services needed to 147get the disks (local or remote) mounted so that the late 148stage can include scripts contained in the directories 149listed in the 150.Va local_startup 151variable (see below). 152Thus, the two likely candidates for this value are 153.Pa mountcritlocal 154for the typical system, and 155.Pa mountcritremote 156if the system needs remote file 157systems mounted to get access to the 158.Va local_startup 159directories; for example when 160.Pa /usr/local 161is NFS mounted. 162For 163.Pa rc.conf 164within a 165.Xr jail 8 166.Pa NETWORKING 167is likely to be an appropriate value. 168Extreme care should be taken when changing this value, 169and before changing it one should ensure that there are 170adequate provisions to recover from a failed boot 171(such as physical contact with the machine, 172or reliable remote console access). 173.It Va always_force_depends 174.Pq Vt bool 175Various 176.Pa rc.d 177scripts use the force_depend function to check whether required 178services are already running, and to start them if necessary. 179By default during boot time this check is bypassed if the 180required service is enabled in 181.Pa /etc/rc.conf[.local] . 182Setting this option will bypass that check at boot time and 183always test whether or not the service is actually running. 184Enabling this option is likely to increase your boot time if 185services are enabled that utilize the force_depend check. 186.It Ao Ar name Ac Ns Va _chroot 187.Pq Vt str 188.Xr chroot 8 189to this directory before running the service. 190.It Ao Ar name Ac Ns Va _user 191.Pq Vt str 192Run the service under this user account. 193.It Ao Ar name Ac Ns Va _group 194.Pq Vt str 195Run the chrooted service under this system group. 196Unlike the _user 197setting, this setting has no effect if the service is not chrooted. 198.It Ao Ar name Ac Ns Va _fib 199.Pq Vt int 200The 201.Xr setfib 1 202value to run the service under. 203.It Ao Ar name Ac Ns Va _nice 204.Pq Vt int 205The 206.Xr nice 1 207value to run the service under. 208.It Va apm_enable 209.Pq Vt bool 210If set to 211.Dq Li YES , 212enable support for Automatic Power Management with 213the 214.Xr apm 8 215command. 216.It Va apmd_enable 217.Pq Vt bool 218Run 219.Xr apmd 8 220to handle APM event from userland. 221This also enables support for APM. 222.It Va apmd_flags 223.Pq Vt str 224If 225.Va apmd_enable 226is set to 227.Dq Li YES , 228these are the flags to pass to the 229.Xr apmd 8 230daemon. 231.It Va devd_enable 232.Pq Vt bool 233Run 234.Xr devd 8 235to handle device added, removed or unknown events from the kernel. 236.It Va ddb_enable 237.Pq Vt bool 238Run 239.Xr ddb 8 240to install 241.Xr ddb 4 242scripts at boot time. 243.It Va ddb_config 244.Pq Vt str 245Configuration file for 246.Xr ddb 8 . 247Default 248.Pa /etc/ddb.conf . 249.It Va kld_list 250.Pq Vt str 251A list of kernel modules to load right after the local 252disks are mounted. 253Loading modules at this point in the boot process is 254much faster than doing it via 255.Pa /boot/loader.conf 256for those modules not necessary for mounting local disk. 257.It Va kldxref_enable 258.Pq Vt bool 259Set to 260.Dq Li NO 261by default. 262Set to 263.Dq Li YES 264to automatically rebuild 265.Pa linker.hints 266files with 267.Xr kldxref 8 268at boot time. 269.It Va kldxref_clobber 270.Pq Vt bool 271Set to 272.Dq Li NO 273by default. 274If 275.Va kldxref_enable 276is true, 277setting to 278.Dq Li YES 279will overwrite existing 280.Pa linker.hints 281files at boot time. 282Otherwise, 283only missing 284.Pa linker.hints 285files are generated. 286.It Va kldxref_module_path 287.Pq Vt str 288Empty by default. 289A semi-colon 290.Pq Ql \&; 291delimited list of paths containing 292.Xr kld 4 293modules. 294If empty, 295the contents of the 296.Va kern.module_path 297.Xr sysctl 8 298are used. 299.It Va powerd_enable 300.Pq Vt bool 301If set to 302.Dq Li YES , 303enable the system power control facility with the 304.Xr powerd 8 305daemon. 306.It Va powerd_flags 307.Pq Vt str 308If 309.Va powerd_enable 310is set to 311.Dq Li YES , 312these are the flags to pass to the 313.Xr powerd 8 314daemon. 315.It Va tmpmfs 316Controls the creation of a 317.Pa /tmp 318memory file system. 319Always happens if set to 320.Dq Li YES 321and never happens if set to 322.Dq Li NO . 323If set to anything else, a memory file system is created if 324.Pa /tmp 325is not writable. 326.It Va tmpsize 327Controls the size of a created 328.Pa /tmp 329memory file system. 330.It Va tmpmfs_flags 331Extra options passed to the 332.Xr mdmfs 8 333utility when the memory file system for 334.Pa /tmp 335is created. 336The default is 337.Dq Li "-S" , 338which inhibits the use of softupdates on 339.Pa /tmp 340so that file system space is freed without delay 341after file truncation or deletion. 342See 343.Xr mdmfs 8 344for other options you can use in 345.Va tmpmfs_flags . 346.It Va varmfs 347Controls the creation of a 348.Pa /var 349memory file system. 350Always happens if set to 351.Dq Li YES 352and never happens if set to 353.Dq Li NO . 354If set to anything else, a memory file system is created if 355.Pa /var 356is not writable. 357.It Va varsize 358Controls the size of a created 359.Pa /var 360memory file system. 361.It Va varmfs_flags 362Extra options passed to the 363.Xr mdmfs 8 364utility when the memory file system for 365.Pa /var 366is created. 367The default is 368.Dq Li "-S" , 369which inhibits the use of softupdates on 370.Pa /var 371so that file system space is freed without delay 372after file truncation or deletion. 373See 374.Xr mdmfs 8 375for other options you can use in 376.Va varmfs_flags . 377.It Va populate_var 378Controls the automatic population of the 379.Pa /var 380file system. 381Always happens if set to 382.Dq Li YES 383and never happens if set to 384.Dq Li NO . 385If set to anything else, a memory file system is created if 386.Pa /var 387is not writable. 388Note that this process requires access to certain commands in 389.Pa /usr 390before 391.Pa /usr 392is mounted on normal systems. 393.It Va cleanvar_enable 394.Pq Vt bool 395Clean the 396.Pa /var 397directory. 398.It Va local_startup 399.Pq Vt str 400List of directories to search for startup script files. 401.It Va script_name_sep 402.Pq Vt str 403The field separator to use for breaking down the list of startup script files 404into individual filenames. 405The default is a space. 406It is not necessary to change this unless there are startup scripts with names 407containing spaces. 408.It Va hostapd_enable 409.Pq Vt bool 410Set to 411.Dq Li YES 412to start 413.Xr hostapd 8 414at system boot time. 415.It Va hostname 416.Pq Vt str 417The fully qualified domain name (FQDN) of this host on the network. 418This should almost certainly be set to something meaningful, even if 419there is no network connection. 420If 421.Xr dhclient 8 422is used to set the hostname via DHCP, 423this variable should be set to an empty string. 424Within a 425.Xr jail 8 426the hostname is generally already set and this variable may absent. 427If this value remains unset when the system is done booting 428your console login will display the default hostname of 429.Dq Amnesiac . 430.It Va nisdomainname 431.Pq Vt str 432The NIS domain name of this host, or 433.Dq Li NO 434if NIS is not used. 435.It Va dhclient_program 436.Pq Vt str 437Path to the DHCP client program 438.Pa ( /sbin/dhclient , 439the 440.Ox 441DHCP client, 442is the default). 443.It Va dhclient_flags 444.Pq Vt str 445Additional flags to pass to the DHCP client program. 446For the 447.Ox 448DHCP client, see the 449.Xr dhclient 8 450manpage for a description of the command line options available. 451.It Va dhclient_flags_ Ns Aq Ar iface 452Additional flags to pass to the DHCP client program running on 453.Ar iface 454only. 455When specified, this variable overrides 456.Va dhclient_flags . 457.It Va background_dhclient 458.Pq Vt bool 459Set to 460.Dq Li YES 461to start the DHCP client in background. 462This can cause trouble with applications depending on 463a working network, but it will provide a faster startup 464in many cases. 465.It Va background_dhclient_ Ns Aq Ar iface 466When specified, this variable overrides the 467.Va background_dhclient 468variable for interface 469.Ar iface 470only. 471.It Va synchronous_dhclient 472.Pq Vt bool 473Set to 474.Dq Li YES 475to start 476.Xr dhclient 8 477synchronously at startup. 478This behavior can be overridden on a per-interface basis by replacing 479the 480.Dq Li DHCP 481keyword in the 482.Va ifconfig_ Ns Aq Ar interface 483variable with 484.Dq Li SYNCDHCP 485or 486.Dq Li NOSYNCDHCP . 487.It Va defaultroute_delay 488.Pq Vt int 489When set to a positive value, wait up to this long after configuring 490DHCP interfaces at startup to give the interfaces time to receive a lease. 491.It Va firewall_enable 492.Pq Vt bool 493Set to 494.Dq Li YES 495to load firewall rules at startup. 496If the kernel was not built with 497.Cd "options IPFIREWALL" , 498the 499.Pa ipfw.ko 500kernel module will be loaded. 501See also 502.Va ipfilter_enable . 503.It Va firewall_script 504.Pq Vt str 505This variable specifies the full path to the firewall script to run. 506The default is 507.Pa /etc/rc.firewall . 508.It Va firewall_type 509.Pq Vt str 510Names the firewall type from the selection in 511.Pa /etc/rc.firewall , 512or the file which contains the local firewall ruleset. 513Valid selections from 514.Pa /etc/rc.firewall 515are: 516.Pp 517.Bl -tag -width ".Li simple" -compact 518.It Li open 519unrestricted IP access 520.It Li closed 521all IP services disabled, except via 522.Dq Li lo0 523.It Li client 524basic protection for a workstation 525.It Li simple 526basic protection for a LAN. 527.El 528.Pp 529If a filename is specified, the full path 530must be given. 531.It Va firewall_quiet 532.Pq Vt bool 533Set to 534.Dq Li YES 535to disable the display of firewall rules on the console during boot. 536.It Va firewall_logging 537.Pq Vt bool 538Set to 539.Dq Li YES 540to enable firewall event logging. 541This is equivalent to the 542.Dv IPFIREWALL_VERBOSE 543kernel option. 544.It Va firewall_logif 545.Pq Vt bool 546Set to 547.Dq Li YES 548to create pseudo interface 549.Li ipfw0 550for logging. 551For more details, see 552.Xr ipfw 8 553manual page. 554.It Va firewall_flags 555.Pq Vt str 556Flags passed to 557.Xr ipfw 8 558if 559.Va firewall_type 560specifies a filename. 561.It Va firewall_coscripts 562.Pq Vt str 563List of executables and/or rc scripts to run after firewall starts/stops. 564Default is empty. 565.\" ----- firewall_nat_enable setting -------------------------------- 566.It Va firewall_nat_enable 567.Pq Vt bool 568The 569.Xr ipfw 8 570equivalent of 571.Va natd_enable . 572Setting this to 573.Dq Li YES 574enables kernel NAT. 575.Va firewall_enable 576must also be set to 577.Dq Li YES . 578.It Va firewall_nat_interface 579.Pq Vt str 580The 581.Xr ipfw 8 582equivalent of 583.Va natd_interface . 584This is the name of the public interface or IP address on which 585kernel NAT should run. 586.It Va firewall_nat_flags 587.Pq Vt str 588Additional configuration parameters for kernel NAT should be placed here. 589.It Va dummynet_enable 590.Pq Vt bool 591Setting this to 592.Dq Li YES 593will automatically load the 594.Xr dummynet 4 595module if 596.Va firewall_enable 597is also set to 598.Dq Li YES . 599.\" ------------------------------------------------------------------- 600.It Va ipfw_netflow_enable 601.Pq Vt bool 602Setting this to 603.Dq Li YES 604will enable netflow logging via 605.Xr ng_netflow 4 606.Pp 607By default a ipfw rule is inserted and all packets are duplicated with 608the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 609port using protocol version 5. 610.It Va ipfw_netflow_hook 611.Pq Vt int 612netflow hook name, must be numerical 613(default 614.Pa 9995 ) . 615.It Va ipfw_netflow_rule 616.Pq Vt int 617ipfw rule number 618(default 619.Pa 1000 ) . 620.It Va ipfw_netflow_ip 621.Pq Vt str 622Destination server ip for receiving netflow data 623(default 624.Pa 127.0.0.1 ) . 625.It Va ipfw_netflow_port 626.Pq Vt int 627Destination server port for receiving netflow data 628(default 629.Pa 9995 ) . 630.It Va ipfw_netflow_version 631.Pq Vt int 632Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 633.It Va ipfw_netflow_fib 634.Pq Vt int 635Only match packet in FIB 636.Pa ipfw_netflow_fib 637(default is undefined meaning all FIBs). 638.It Va natd_program 639.Pq Vt str 640Path to 641.Xr natd 8 . 642.It Va natd_enable 643.Pq Vt bool 644Set to 645.Dq Li YES 646to enable 647.Xr natd 8 . 648.Va firewall_enable 649must also be set to 650.Dq Li YES , 651and 652.Xr divert 4 653sockets must be enabled in the kernel. 654If the kernel was not built with 655.Cd "options IPDIVERT" , 656the 657.Pa ipdivert.ko 658kernel module will be loaded. 659.It Va natd_interface 660.Pq Vt str 661This is the name of the public interface on which 662.Xr natd 8 663should run. 664The interface may be given as an interface name or as an IP address. 665.It Va natd_flags 666.Pq Vt str 667Additional 668.Xr natd 8 669flags should be placed here. 670The 671.Fl n 672or 673.Fl a 674flag is automatically added with the above 675.Va natd_interface 676as an argument. 677.\" ----- ipfilter_enable setting -------------------------------- 678.It Va ipfilter_enable 679.Pq Vt bool 680Set to 681.Dq Li NO 682by default. 683Setting this to 684.Dq Li YES 685enables 686.Xr ipf 8 687packet filtering. 688.Pp 689Typical usage will require putting 690.Bd -literal 691ipfilter_enable="YES" 692ipnat_enable="YES" 693ipmon_enable="YES" 694ipfs_enable="YES" 695.Ed 696.Pp 697into 698.Pa /etc/rc.conf 699and editing 700.Pa /etc/ipf.rules 701and 702.Pa /etc/ipnat.rules 703appropriately. 704.Pp 705Note that 706.Va ipfilter_enable 707and 708.Va ipnat_enable 709can be enabled independently. 710.Va ipmon_enable 711and 712.Va ipfs_enable 713both require at least one of 714.Va ipfilter_enable 715and 716.Va ipnat_enable 717to be enabled. 718.Pp 719Having 720.Bd -literal 721options IPFILTER 722options IPFILTER_LOG 723options IPFILTER_DEFAULT_BLOCK 724.Ed 725.Pp 726in the kernel configuration file is a good idea, too. 727.\" ----- ipfilter_program setting ------------------------------ 728.It Va ipfilter_program 729.Pq Vt str 730Path to 731.Xr ipf 8 732(default 733.Pa /sbin/ipf ) . 734.\" ----- ipfilter_rules setting -------------------------------- 735.It Va ipfilter_rules 736.Pq Vt str 737Set to 738.Pa /etc/ipf.rules 739by default. 740This variable contains the name of the filter rule definition file. 741The file is expected to be readable for the 742.Xr ipf 8 743command to execute. 744.\" ----- ipv6_ipfilter_rules setting --------------------------- 745.It Va ipv6_ipfilter_rules 746.Pq Vt str 747Set to 748.Pa /etc/ipf6.rules 749by default. 750This variable contains the IPv6 filter rule definition file. 751The file is expected to be readable for the 752.Xr ipf 8 753command to execute. 754.\" ----- ipfilter_flags setting -------------------------------- 755.It Va ipfilter_flags 756.Pq Vt str 757Empty by default. 758This variable contains flags passed to the 759.Xr ipf 8 760program. 761.\" ----- ipnat_enable setting ---------------------------------- 762.It Va ipnat_enable 763.Pq Vt bool 764Set to 765.Dq Li NO 766by default. 767Set it to 768.Dq Li YES 769to enable 770.Xr ipnat 8 771network address translation. 772See 773.Va ipfilter_enable 774for a detailed discussion. 775.\" ----- ipnat_program setting --------------------------------- 776.It Va ipnat_program 777.Pq Vt str 778Path to 779.Xr ipnat 8 780(default 781.Pa /sbin/ipnat ) . 782.\" ----- ipnat_rules setting ----------------------------------- 783.It Va ipnat_rules 784.Pq Vt str 785Set to 786.Pa /etc/ipnat.rules 787by default. 788This variable contains the name of the file 789holding the network address translation definition. 790This file is expected to be readable for the 791.Xr ipnat 8 792command to execute. 793.\" ----- ipnat_flags setting ----------------------------------- 794.It Va ipnat_flags 795.Pq Vt str 796Empty by default. 797This variable contains flags passed to the 798.Xr ipnat 8 799program. 800.\" ----- ipmon_enable setting ---------------------------------- 801.It Va ipmon_enable 802.Pq Vt bool 803Set to 804.Dq Li NO 805by default. 806Set it to 807.Dq Li YES 808to enable 809.Xr ipmon 8 810monitoring (logging 811.Xr ipf 8 812and 813.Xr ipnat 8 814events). 815Setting this variable needs setting 816.Va ipfilter_enable 817or 818.Va ipnat_enable 819too. 820See 821.Va ipfilter_enable 822for a detailed discussion. 823.\" ----- ipmon_program setting --------------------------------- 824.It Va ipmon_program 825.Pq Vt str 826Path to 827.Xr ipmon 8 828(default 829.Pa /sbin/ipmon ) . 830.\" ----- ipmon_flags setting ----------------------------------- 831.It Va ipmon_flags 832.Pq Vt str 833Set to 834.Dq Li -Ds 835by default. 836This variable contains flags passed to the 837.Xr ipmon 8 838program. 839Another typical example would be 840.Dq Fl D Pa /var/log/ipflog 841to have 842.Xr ipmon 8 843log directly to a file bypassing 844.Xr syslogd 8 . 845Make sure to adjust 846.Pa /etc/newsyslog.conf 847in such case like this: 848.Bd -literal 849/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 850.Ed 851.\" ----- ipfs_enable setting ----------------------------------- 852.It Va ipfs_enable 853.Pq Vt bool 854Set to 855.Dq Li NO 856by default. 857Set it to 858.Dq Li YES 859to enable 860.Xr ipfs 8 861saving the filter and NAT state tables during shutdown 862and reloading them during startup again. 863Setting this variable needs setting 864.Va ipfilter_enable 865or 866.Va ipnat_enable 867to 868.Dq Li YES 869too. 870See 871.Va ipfilter_enable 872for a detailed discussion. 873Note that if 874.Va kern_securelevel 875is set to 3, 876.Va ipfs_enable 877cannot be used 878because the raised securelevel will prevent 879.Xr ipfs 8 880from saving the state tables at shutdown time. 881.\" ----- ipfs_program setting ---------------------------------- 882.It Va ipfs_program 883.Pq Vt str 884Path to 885.Xr ipfs 8 886(default 887.Pa /sbin/ipfs ) . 888.\" ----- ipfs_flags setting ------------------------------------ 889.It Va ipfs_flags 890.Pq Vt str 891Empty by default. 892This variable contains flags passed to the 893.Xr ipfs 8 894program. 895.\" ----- end of added ipf hook --------------------------------- 896.It Va pf_enable 897.Pq Vt bool 898Set to 899.Dq Li NO 900by default. 901Setting this to 902.Dq Li YES 903enables 904.Xr pf 4 905packet filtering. 906.Pp 907Typical usage will require putting 908.Pp 909.Dl pf_enable="YES" 910.Pp 911into 912.Pa /etc/rc.conf 913and editing 914.Pa /etc/pf.conf 915appropriately. 916Adding 917.Pp 918.Dl "device pf" 919.Pp 920builds support for 921.Xr pf 4 922into the kernel, otherwise the 923kernel module will be loaded. 924.It Va pf_rules 925.Pq Vt str 926Path to 927.Xr pf 4 928ruleset configuration file 929(default 930.Pa /etc/pf.conf ) . 931.It Va pf_program 932.Pq Vt str 933Path to 934.Xr pfctl 8 935(default 936.Pa /sbin/pfctl ) . 937.It Va pf_flags 938.Pq Vt str 939If 940.Va pf_enable 941is set to 942.Dq Li YES , 943these flags are passed to the 944.Xr pfctl 8 945program when loading the ruleset. 946.It Va pflog_enable 947.Pq Vt bool 948Set to 949.Dq Li NO 950by default. 951Setting this to 952.Dq Li YES 953enables 954.Xr pflogd 8 955which logs packets from the 956.Xr pf 4 957packet filter. 958.It Va pflog_logfile 959.Pq Vt str 960If 961.Va pflog_enable 962is set to 963.Dq Li YES 964this controls where 965.Xr pflogd 8 966stores the logfile 967(default 968.Pa /var/log/pflog ) . 969Check 970.Pa /etc/newsyslog.conf 971to adjust logfile rotation for this. 972.It Va pflog_program 973.Pq Vt str 974Path to 975.Xr pflogd 8 976(default 977.Pa /sbin/pflogd ) . 978.It Va pflog_flags 979.Pq Vt str 980Empty by default. 981This variable contains additional flags passed to the 982.Xr pflogd 8 983program. 984.It Va pflog_instances 985.Pq Vt str 986If logging to more than one 987.Xr pflog 4 988interface is desired, 989.Va pflog_instances 990is set to the list of 991.Xr pflogd 8 992instances that should be started at system boot time. 993If 994.Va pflog_instances 995is set, for each whitespace-separated 996.Ar element 997in the list, 998.Ao Ar element Ac Ns Va _dev 999and 1000.Ao Ar element Ac Ns Va _logfile 1001elements are assumed to exist. 1002.Ao Ar element Ac Ns Va _dev 1003must contain the 1004.Xr pflog 4 1005interface to be watched by the named 1006.Xr pflogd 8 1007instance. 1008.Ao Ar element Ac Ns Va _logfile 1009must contain the name of the logfile that will be used by the 1010.Xr pflogd 8 1011instance. 1012.It Va ftpproxy_enable 1013.Pq Vt bool 1014Set to 1015.Dq Li NO 1016by default. 1017Setting this to 1018.Dq Li YES 1019enables 1020.Xr ftp-proxy 8 1021which supports the 1022.Xr pf 4 1023packet filter in translating ftp connections. 1024.It Va ftpproxy_flags 1025.Pq Vt str 1026Empty by default. 1027This variable contains additional flags passed to the 1028.Xr ftp-proxy 8 1029program. 1030.It Va ftpproxy_instances 1031.Pq Vt str 1032Empty by default. 1033If multiple instances of 1034.Xr ftp-proxy 8 1035are desired at boot time, 1036.Va ftpproxy_instances 1037should contain a whitespace-separated list of instance names. 1038For each 1039.Ar element 1040in the list, a variable named 1041.Ao Ar element Ac Ns Va _flags 1042should be defined, containing the command-line flags to be passed to the 1043.Xr ftp-proxy 8 1044instance. 1045.It Va pfsync_enable 1046.Pq Vt bool 1047Set to 1048.Dq Li NO 1049by default. 1050Setting this to 1051.Dq Li YES 1052enables exposing 1053.Xr pf 4 1054state changes to other hosts over the network by means of 1055.Xr pfsync 4 . 1056The 1057.Va pfsync_syncdev 1058variable 1059must also be set then. 1060.It Va pfsync_syncdev 1061.Pq Vt str 1062Empty by default. 1063This variable specifies the name of the network interface 1064.Xr pfsync 4 1065should operate through. 1066It must be set accordingly if 1067.Va pfsync_enable 1068is set to 1069.Dq Li YES . 1070.It Va pfsync_syncpeer 1071.Pq Vt str 1072Empty by default. 1073This variable is optional. 1074By default, state change messages are sent out on the synchronisation 1075interface using IP multicast packets. 1076The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1077224.0.0.240. 1078When a peer address is specified using the 1079.Va pfsync_syncpeer 1080option, the peer address is used as a destination for the pfsync 1081traffic, and the traffic can then be protected using 1082.Xr ipsec 4 . 1083See the 1084.Xr pfsync 4 1085manpage for more details about using 1086.Xr ipsec 4 1087with 1088.Xr pfsync 4 1089interfaces. 1090.It Va pfsync_ifconfig 1091.Pq Vt str 1092Empty by default. 1093This variable can contain additional options to be passed to the 1094.Xr ifconfig 8 1095command used to set up 1096.Xr pfsync 4 . 1097.It Va tcp_extensions 1098.Pq Vt bool 1099Set to 1100.Dq Li YES 1101by default. 1102Setting this to 1103.Dq Li NO 1104disables certain TCP options as described by 1105.Rs 1106.%T "RFC 1323" 1107.Re 1108Setting this to 1109.Dq Li NO 1110might help remedy such problems with connections as randomly hanging 1111or other weird behavior. 1112Some network devices are known 1113to be broken with respect to these options. 1114.It Va log_in_vain 1115.Pq Vt int 1116Set to 0 by default. 1117The 1118.Xr sysctl 8 1119variables, 1120.Va net.inet.tcp.log_in_vain 1121and 1122.Va net.inet.udp.log_in_vain , 1123as described in 1124.Xr tcp 4 1125and 1126.Xr udp 4 , 1127are set to the given value. 1128.It Va tcp_keepalive 1129.Pq Vt bool 1130Set to 1131.Dq Li YES 1132by default. 1133Setting to 1134.Dq Li NO 1135will disable probing idle TCP connections to verify that the 1136peer is still up and reachable. 1137.It Va tcp_drop_synfin 1138.Pq Vt bool 1139Set to 1140.Dq Li NO 1141by default. 1142Setting to 1143.Dq Li YES 1144will cause the kernel to ignore TCP frames that have both 1145the SYN and FIN flags set. 1146This prevents OS fingerprinting, but may 1147break some legitimate applications. 1148.It Va icmp_drop_redirect 1149.Pq Vt bool 1150Set to 1151.Dq Li NO 1152by default. 1153Setting to 1154.Dq Li YES 1155will cause the kernel to ignore ICMP REDIRECT packets. 1156Refer to 1157.Xr icmp 4 1158for more information. 1159.It Va icmp_log_redirect 1160.Pq Vt bool 1161Set to 1162.Dq Li NO 1163by default. 1164Setting to 1165.Dq Li YES 1166will cause the kernel to log ICMP REDIRECT packets. 1167Note that 1168the log messages are not rate-limited, so this option should only be used 1169for troubleshooting networks. 1170Refer to 1171.Xr icmp 4 1172for more information. 1173.It Va icmp_bmcastecho 1174.Pq Vt bool 1175Set to 1176.Dq Li YES 1177to respond to broadcast or multicast ICMP ping packets. 1178Refer to 1179.Xr icmp 4 1180for more information. 1181.It Va ip_portrange_first 1182.Pq Vt int 1183If not set to 1184.Dq Li NO , 1185this is the first port in the default portrange. 1186Refer to 1187.Xr ip 4 1188for more information. 1189.It Va ip_portrange_last 1190.Pq Vt int 1191If not set to 1192.Dq Li NO , 1193this is the last port in the default portrange. 1194Refer to 1195.Xr ip 4 1196for more information. 1197.It Va network_interfaces 1198.Pq Vt str 1199Set to the list of network interfaces to configure on this host or 1200.Dq Li AUTO 1201(the default) for all current interfaces. 1202Setting the 1203.Va network_interfaces 1204variable to anything other than the default is deprecated. 1205Interfaces that the administrator wishes to store configuration for, 1206but not start at boot should be configured with the 1207.Dq Li NOAUTO 1208keyword in their 1209.Va ifconfig_ Ns Aq Ar interface 1210variables as described below. 1211.Pp 1212An 1213.Va ifconfig_ Ns Aq Ar interface 1214variable is also assumed to exist for each value of 1215.Ar interface . 1216When an interface name contains any of the characters 1217.Dq Li .-/+ 1218they are translated to 1219.Dq Li _ 1220before lookup. 1221The variable can contain arguments to 1222.Xr ifconfig 8 , 1223as well as special case-insensitive keywords described below. 1224Such keywords are removed before passing the value to 1225.Xr ifconfig 8 1226while the order of the other arguments is preserved. 1227.Pp 1228It is possible to add IP alias entries using 1229.Xr ifconfig 8 1230syntax with the address family keyword such as 1231.Li inet . 1232Assuming that the interface in question was 1233.Li ed0 , 1234it might look something like this: 1235.Bd -literal 1236ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1237ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1238.Ed 1239.Pp 1240It also possible to configure multiple IP addresses in Classless 1241Inter-Domain Routing 1242.Pq CIDR 1243address notation, 1244whose each address component can be a range like 1245.Li inet 192.0.2.5-23/24 1246or 1247.Li inet6 2001:db8:1-f::1/64 . 1248This notation allows address and prefix length part only, 1249not the other address modifiers. 1250Note that the maximum number of the generated addresses from a range 1251specification is limited to an integer value specified in 1252.Va netif_ipexpand_max 1253in 1254.Nm 1255because a small typo can unexpectedly generate a large number of addresses. 1256The default value is 1257.Li 2048 . 1258It can be increased by adding the following line into 1259.Nm : 1260.Bd -literal 1261netif_ipexpand_max="4096" 1262.Ed 1263.Pp 1264In the case of 1265.Li 192.0.2.5-23/24 , 1266the address 192.0.2.5 will be configured with the 1267netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1268the non-conflicting netmask /32 as explained in the 1269.Xr ifconfig 8 1270alias section. 1271Note that this special netmask handling is only for 1272.Li inet , 1273not for the other address families such as 1274.Li inet6 . 1275.Pp 1276With the interface in question being 1277.Li ed0 , 1278an example could look like: 1279.Bd -literal 1280ifconfig_ed0_alias2="inet 192.0.2.129/27" 1281ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1282.Ed 1283.Pp 1284and so on. 1285.Pp 1286Note that 1287.Va ipv4_addrs_ Ns Aq Ar interface 1288variable was supported for IPv4 CIDR address notation. 1289It is now deprecated because the functionality was integrated into 1290.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1291though 1292.Va ipv4_addrs_ Ns Aq Ar interface 1293is still supported for backward compatibility. 1294.Pp 1295For each 1296.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1297entry with an address family keyword, 1298its contents are passed to 1299.Xr ifconfig 8 . 1300Execution stops at the first unsuccessful access, so if 1301something like this is present: 1302.Bd -literal 1303ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1304ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1305ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1306ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1307.Ed 1308.Pp 1309Then note that alias4 would 1310.Em not 1311be added since the search would 1312stop with the missing 1313.Dq Li alias3 1314entry. 1315Because of this difficult to manage behavior, 1316there is 1317.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1318variable, which has the same functionality as 1319.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1320and can have all of entries in a variable like the following: 1321.Bd -literal 1322ifconfig_ed0_aliases="\\ 1323 inet 127.0.0.251 netmask 0xffffffff \\ 1324 inet 127.0.0.252 netmask 0xffffffff \\ 1325 inet 127.0.0.253 netmask 0xffffffff \\ 1326 inet 127.0.0.254 netmask 0xffffffff" 1327.Ed 1328.Pp 1329It also supports CIDR notation. 1330.Pp 1331If the 1332.Pa /etc/start_if. Ns Aq Ar interface 1333file is present, it is read and executed by the 1334.Xr sh 1 1335interpreter 1336before configuring the interface as specified in the 1337.Va ifconfig_ Ns Aq Ar interface 1338and 1339.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1340variables. 1341.Pp 1342If a 1343.Va vlans_ Ns Aq Ar interface 1344variable is set, 1345a 1346.Xr vlan 4 1347interface will be created for each item in the list with the 1348.Ar vlandev 1349argument set to 1350.Ar interface . 1351If a vlan interface's name is a number, 1352then that number is used as the vlan tag and the new vlan interface is 1353named 1354.Ar interface . Ns Ar tag . 1355Otherwise, 1356the vlan tag must be specified via a 1357.Va vlan 1358parameter in the 1359.Va create_args_ Ns Aq Ar interface 1360variable. 1361.Pp 1362To create a vlan device named 1363.Li em0.101 1364on 1365.Li em0 1366with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1367.Bd -literal 1368vlans_em0="101" 1369ifconfig_em0_101="inet 192.0.2.1/24" 1370.Ed 1371.Pp 1372To create a vlan device named 1373.Li myvlan 1374on 1375.Li em0 1376with the vlan tag 102: 1377.Bd -literal 1378vlans_em0="myvlan" 1379create_args_myvlan="vlan 102" 1380.Ed 1381.Pp 1382If a 1383.Va wlans_ Ns Aq Ar interface 1384variable is set, 1385an 1386.Xr wlan 4 1387interface will be created for each item in the list with the 1388.Ar wlandev 1389argument set to 1390.Ar interface . 1391Further wlan cloning arguments may be passed to the 1392.Xr ifconfig 8 1393.Cm create 1394command by setting the 1395.Va create_args_ Ns Aq Ar interface 1396variable. 1397One or more 1398.Xr wlan 4 1399devices must be created for each wireless devices as of 1400.Fx 8.0 . 1401Debugging flags for 1402.Xr wlan 4 1403devices as set by 1404.Xr wlandebug 8 1405may be specified with an 1406.Va wlandebug_ Ns Aq Ar interface 1407variable. 1408The contents of this variable will be passed directly to 1409.Xr wlandebug 8 . 1410.Pp 1411If the 1412.Va ifconfig_ Ns Aq Ar interface 1413contains the keyword 1414.Dq Li NOAUTO 1415then the interface will not be configured 1416at boot or by 1417.Pa /etc/pccard_ether 1418when 1419.Va network_interfaces 1420is set to 1421.Dq Li AUTO . 1422.Pp 1423It is possible to bring up an interface with DHCP by adding 1424.Dq Li DHCP 1425to the 1426.Va ifconfig_ Ns Aq Ar interface 1427variable. 1428For instance, to initialize the 1429.Li ed0 1430device via DHCP, 1431it is possible to use something like: 1432.Bd -literal 1433ifconfig_ed0="DHCP" 1434.Ed 1435.Pp 1436If you want to configure your wireless interface with 1437.Xr wpa_supplicant 8 1438for use with WPA, EAP/LEAP or WEP, you need to add 1439.Dq Li WPA 1440to the 1441.Va ifconfig_ Ns Aq Ar interface 1442variable. 1443.Pp 1444On the other hand, if you want to configure your wireless interface with 1445.Xr hostapd 8 , 1446you need to add 1447.Dq Li HOSTAP 1448to the 1449.Va ifconfig_ Ns Aq Ar interface 1450variable. 1451.Xr hostapd 8 1452will use the settings from 1453.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1454.Pp 1455Finally, you can add 1456.Xr ifconfig 8 1457options in this variable, in addition to the 1458.Pa /etc/start_if. Ns Aq Ar interface 1459file. 1460For instance, to configure an 1461.Xr ath 4 1462wireless device in station mode with an address obtained 1463via DHCP, using WPA authentication and 802.11b mode, it is 1464possible to use something like: 1465.Bd -literal 1466wlans_ath0="wlan0" 1467ifconfig_wlan0="DHCP WPA mode 11b" 1468.Ed 1469.Pp 1470In addition to the 1471.Va ifconfig_ Ns Aq Ar interface 1472form, a fallback variable 1473.Va ifconfig_DEFAULT 1474may be configured. 1475It will be used for all interfaces with no 1476.Va ifconfig_ Ns Aq Ar interface 1477variable. 1478This is intended to replace the no longer supported 1479.Va pccard_ifconfig 1480variable. 1481.Pp 1482It is also possible to rename an interface by doing: 1483.Bd -literal 1484ifconfig_ed0_name="net0" 1485ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1486.Ed 1487.It Va ipv6_enable 1488.Pq Vt bool 1489This variable is deprecated. 1490Use 1491.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1492and 1493.Va ipv6_activate_all_interfaces 1494if necessary. 1495.Pp 1496If the variable is 1497.Dq Li YES , 1498.Dq Li inet6 accept_rtadv 1499is added to all of 1500.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1501and the 1502.Va ipv6_activate_all_interfaces 1503is defined as 1504.Dq Li YES . 1505.It Va ipv6_prefer 1506.Pq Vt bool 1507This variable is deprecated. 1508Use 1509.Va ip6addrctl_policy 1510instead. 1511.Pp 1512If the variable is 1513.Dq Li YES , 1514the default address selection policy table set by 1515.Xr ip6addrctl 8 1516will be IPv6-preferred. 1517.Pp 1518If the variable is 1519.Dq Li NO , 1520the default address selection policy table set by 1521.Xr ip6addrctl 8 1522will be IPv4-preferred. 1523.It Va ipv6_activate_all_interfaces 1524.Pq Vt bool 1525This controls initial configuration on IPv6-capable 1526interfaces with no corresponding 1527.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1528variable. 1529Note that it is not always necessary to set this variable to 1530.Dq YES 1531to use IPv6 functionality on 1532.Fx . 1533In most cases, just configuring 1534.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1535variables works. 1536.Pp 1537If the variable is 1538.Dq Li NO , 1539all interfaces which do not have a corresponding 1540.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1541variable will be marked as 1542.Dq Li IFDISABLED 1543at creation. 1544This means that all of IPv6 functionality on that interface 1545is completely disabled to enforce a security policy. 1546If the variable is set to 1547.Dq YES , 1548the flag will be cleared on all of the interfaces. 1549.Pp 1550In most cases, just defining an 1551.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1552for an IPv6-capable interface should be sufficient. 1553However, if an interface is added dynamically 1554.Pq by some tunneling protocols such as PPP, for example , 1555it is often difficult to define the variable in advance. 1556In such a case, configuring the 1557.Dq Li IFDISABLED 1558flag can be disabled by setting this variable to 1559.Dq YES . 1560.Pp 1561For more details of the 1562.Dq Li IFDISABLED 1563flag and keywords 1564.Dq Li inet6 ifdisabled , 1565see 1566.Xr ifconfig 8 . 1567.Pp 1568Default is 1569.Dq Li NO . 1570.It Va ipv6_privacy 1571.Pq Vt bool 1572If the variable is 1573.Dq Li YES 1574privacy addresses will be generated for each IPv6 1575interface as described in RFC 4941. 1576.It Va ipv6_network_interfaces 1577.Pq Vt str 1578This is the IPv6 equivalent of 1579.Va network_interfaces . 1580Normally manual configuration of this variable is not needed. 1581.It Va ipv6_cpe_wanif 1582.Pq Vt str 1583If the variable is set to an interface name, 1584the 1585.Xr ifconfig 8 1586options 1587.Dq inet6 -no_radr accept_rtadv 1588will be added to the specified interface automatically before evaluating 1589.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1590and two 1591.Xr sysctl 8 1592variables 1593.Va net.inet6.ip6.rfc6204w3 1594and 1595.Va net.inet6.ip6.no_radr 1596will be set to 1. 1597.Pp 1598This means the specified interface will accept ICMPv6 Router 1599Advertisement messages on that link and add the discovered 1600routers into the Default Router List. 1601While the other interfaces can still accept RA messages if the 1602.Dq inet6 accept_rtadv 1603option is specified, adding 1604routes into the Default Router List will be disabled by 1605.Dq inet6 no_radr 1606option by default. 1607See 1608.Xr ifconfig 8 1609for more details. 1610.Pp 1611Note that ICMPv6 Router Advertisement messages will be 1612accepted even when 1613.Va net.inet6.ip6.forwarding 1614is 1 1615.Pq packet forwarding is enabled 1616when 1617.Va net.inet6.ip6.rfc6204w3 1618is set to 1. 1619.Pp 1620Default is 1621.Dq Li NO . 1622.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1623.Pq Vt str 1624This assigns arbitrary description to an interface. 1625The 1626.Xr sysctl 8 1627variable 1628.Va net.ifdescr_maxlen 1629limits its length. 1630This static setting may be overridden by commands 1631started with dynamic interface configuration utilities 1632like 1633.Xr dhclient 8 1634hooks. The description can be seen with 1635.Xr ifconfig 8 1636command and it may be exported with 1637.Xr bsnmpd 1 1638daemon using its MIB-2 module. 1639.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1640.Pq Vt str 1641IPv6 functionality on an interface should be configured by 1642.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1643instead of setting ifconfig parameters in 1644.Va ifconfig_ Ns Aq Ar interface . 1645If this variable is empty, all of IPv6 configurations on the 1646specified interface by other variables such as 1647.Va ipv6_prefix_ Ns Ao Ar interface Ac 1648will be ignored. 1649.Pp 1650Aliases should be set by 1651.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1652with 1653.Dq Li inet6 1654keyword. 1655For example: 1656.Bd -literal 1657ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1658ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1659.Ed 1660.Pp 1661Interfaces that have an 1662.Dq Li inet6 accept_rtadv 1663keyword in 1664.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1665setting will be automatically configured by SLAAC 1666.Pq StateLess Address AutoConfiguration 1667described in 1668.Rs 1669.%T "RFC 4862" 1670.Re 1671.Pp 1672Note that a link-local address will be automatically configured in 1673addition to the configured global-scope addresses because the IPv6 1674specifications require it on each link. 1675The address is calculated from the MAC address by using an algorithm 1676defined in 1677.Rs 1678.%T "RFC 4862" 1679.%O "Section 5.3" 1680.Re 1681.Pp 1682If only a link-local address is needed on the interface, 1683the following configuration can be used: 1684.Bd -literal 1685ifconfig_ed0_ipv6="inet6 auto_linklocal" 1686.Ed 1687.Pp 1688A link-local address can also be configured manually. 1689This is useful for the default router address of an IPv6 router 1690so that it does not change when the network interface 1691card is replaced. 1692For example: 1693.Bd -literal 1694ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1695.Ed 1696.It Va ipv6_prefix_ Ns Aq Ar interface 1697.Pq Vt str 1698If one or more prefixes are defined in 1699.Va ipv6_prefix_ Ns Aq Ar interface 1700addresses based on each prefix and the EUI-64 interface index will be 1701configured on that interface. 1702Note that this variable will be ignored when 1703.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1704is empty. 1705.Pp 1706For example, the following configuration 1707.Bd -literal 1708ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1709.Ed 1710.Pp 1711is equivalent to the following: 1712.Bd -literal 1713ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1714ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1715ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1716ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1717.Ed 1718.Pp 1719These Subnet-Router anycast addresses will be added only when 1720.Va ipv6_gateway_enable 1721is YES. 1722.It Va ipv6_default_interface 1723.Pq Vt str 1724If not set to 1725.Dq Li NO , 1726this is the default output interface for scoped addresses. 1727This works only with ipv6_gateway_enable="NO". 1728.It Va ip6addrctl_enable 1729.Pq Vt bool 1730This variable is to enable configuring default address selection policy table 1731.Pq RFC 3484 . 1732The table can be specified in another variable 1733.Va ip6addrctl_policy . 1734For 1735.Va ip6addrctl_policy 1736the following keywords can be specified: 1737.Dq Li ipv4_prefer , 1738.Dq Li ipv6_prefer , 1739or 1740.Dq Li AUTO . 1741.Pp 1742If 1743.Dq Li ipv4_prefer 1744or 1745.Dq Li ipv6_prefer 1746is specified, 1747.Xr ip6addrctl 8 1748installs a pre-defined policy table described in Section 2.1 1749.Pq IPv6-preferred 1750or 10.3 1751.Pq IPv4-preferred 1752of RFC 3484. 1753.Pp 1754If 1755.Dq Li AUTO 1756is specified, it attempts to read a file 1757.Pa /etc/ip6addrctl.conf 1758first. 1759If this file is found, 1760.Xr ip6addrctl 8 1761reads and installs it. 1762If not found, a policy is automatically set 1763according to 1764.Va ipv6_activate_all_interfaces 1765variable; if the variable is set to 1766.Dq Li YES 1767the IPv6-preferred one is used. 1768Otherwise IPv4-preferred. 1769.Pp 1770The default value of 1771.Va ip6addrctl_enable 1772and 1773.Va ip6addrctl_policy 1774are 1775.Dq Li YES 1776and 1777.Dq Li AUTO , 1778respectively. 1779.It Va cloned_interfaces 1780.Pq Vt str 1781Set to the list of clonable network interfaces to create on this host. 1782Further cloning arguments may be passed to the 1783.Xr ifconfig 8 1784.Cm create 1785command for each interface by setting the 1786.Va create_args_ Ns Aq Ar interface 1787variable. 1788If an interface name is specified with 1789.Dq :sticky 1790keyword, 1791the interface will not be destroyed even when 1792.Pa rc.d/netif 1793script is invoked with 1794.Dq stop 1795argument. 1796This is useful when reconfiguring the interface without destroying it. 1797Entries in 1798.Va cloned_interfaces 1799are automatically appended to 1800.Va network_interfaces 1801for configuration. 1802.It Va cloned_interfaces_sticky 1803.Pq Vt bool 1804This variable is to globally enable functionality of 1805.Dq :sticky 1806keyword in 1807.Va cloned_interfaces 1808for all interfaces. 1809The default value is 1810.Dq NO . 1811Even if this variable is specified to 1812.Dq YES , 1813.Dq :nosticky 1814keyword can be used to override it on per interface basis. 1815.It Va gif_interfaces 1816.Pq Vt str 1817This variable is deprecated in favor of 1818.Va cloned_interfaces . 1819Set to the list of 1820.Xr gif 4 1821tunnel interfaces to configure on this host. 1822For each 1823.Xr gif 1824tunnel interface, set a variable named 1825.Va ifconfig_ Ns Aq Ar interface 1826with the parameters for the 1827.Xr ifconfig 8 1828command to configure the link level for 1829.Ar interface 1830with the 1831.Cm tunnel 1832option. 1833The value of this variable is used to configure the link layer of the 1834tunnel using the 1835.Cm tunnel 1836option to 1837.Xr ifconfig . 1838For example, configure two 1839.Xr gif 1840interfaces with: 1841.Bd -literal -offset indent 1842gif_interfaces="gif0 gif1" 1843ifconfig_gif0="tunnel src_addr0 dst_addr0" 1844ifconfig_gif1="tunnel src_addr1 dst_addr1" 1845.Ed 1846.Pp 1847Additionally, this option ensures that each listed interface is created 1848via the 1849.Cm create 1850option to 1851.Xr ifconfig . 1852This example also works with 1853.Va cloned_interfaces 1854instead of 1855.Va gif_interfaces . 1856.It Va sppp_interfaces 1857.Pq Vt str 1858Set to the list of 1859.Xr sppp 4 1860interfaces to configure on this host. 1861A 1862.Va spppconfig_ Ns Aq Ar interface 1863variable is assumed to exist for each value of 1864.Ar interface . 1865Each interface should also be configured by a general 1866.Va ifconfig_ Ns Aq Ar interface 1867setting. 1868Refer to 1869.Xr spppcontrol 8 1870for more information about available options. 1871.It Va ppp_enable 1872.Pq Vt bool 1873If set to 1874.Dq Li YES , 1875run the 1876.Xr ppp 8 1877daemon. 1878.It Va ppp_profile 1879.Pq Vt str 1880The name of the profile to use from 1881.Pa /etc/ppp/ppp.conf . 1882Also used for per-profile overrides of 1883.Va ppp_mode 1884and 1885.Va ppp_nat , 1886and 1887.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1888When the profile name contains any of the characters 1889.Dq Li .-/+ 1890they are translated to 1891.Dq Li _ 1892for the proposes of the override variable names. 1893.It Va ppp_mode 1894.Pq Vt str 1895Mode in which to run the 1896.Xr ppp 8 1897daemon. 1898.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1899.Pq Vt str 1900Overrides the global 1901.Va ppp_mode 1902for 1903.Ar profile . 1904Accepted modes are 1905.Dq Li auto , 1906.Dq Li ddial , 1907.Dq Li direct 1908and 1909.Dq Li dedicated . 1910See the manual for a full description. 1911.It Va ppp_nat 1912.Pq Vt bool 1913If set to 1914.Dq Li YES , 1915enables network address translation. 1916Used in conjunction with 1917.Va gateway_enable 1918allows hosts on private network addresses access to the Internet using 1919this host as a network address translating router. 1920.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1921.Pq Vt str 1922Overrides the global 1923.Va ppp_nat 1924for 1925.Ar profile . 1926.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1927.Pq Vt int 1928Set the unit number to be used for this profile. 1929See the manual description of 1930.Fl unit Ns Ar N 1931for details. 1932.It Va ppp_user 1933.Pq Vt str 1934The name of the user under which 1935.Xr ppp 8 1936should be started. 1937By 1938default, 1939.Xr ppp 8 1940is started as 1941.Dq Li root . 1942.It Va rc_conf_files 1943.Pq Vt str 1944This option is used to specify a list of files that will override 1945the settings in 1946.Pa /etc/defaults/rc.conf . 1947The files will be read in the order in which they are specified and should 1948include the full path to the file. 1949By default, the files specified are 1950.Pa /etc/rc.conf 1951and 1952.Pa /etc/rc.conf.local 1953.It Va zfs_enable 1954.Pq Vt bool 1955If set to 1956.Dq Li YES , 1957.Pa /etc/rc.d/zfs 1958will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1959(ZVOLs). 1960.It Va gptboot_enable 1961.Pq Vt bool 1962If set to 1963.Dq Li YES , 1964.Pa /etc/rc.d/gptboot 1965will log if the system successfully (or not) booted from a GPT partition, 1966which had the 1967.Ar bootonce 1968attribute set using 1969.Xr gpart 8 1970utility. 1971.It Va gbde_autoattach_all 1972.Pq Vt bool 1973If set to 1974.Dq Li YES , 1975.Pa /etc/rc.d/gbde 1976will attempt to automatically initialize your .bde devices in 1977.Pa /etc/fstab . 1978.It Va gbde_devices 1979.Pq Vt str 1980List the devices that the script should try to attach, 1981or 1982.Dq Li AUTO . 1983.It Va gbde_lockdir 1984.Pq Vt str 1985The directory where the 1986.Xr gbde 4 1987lockfiles are located. 1988The default lockfile directory is 1989.Pa /etc . 1990.Pp 1991The lockfile for each individual 1992.Xr gbde 4 1993device can be overridden by setting the variable 1994.Va gbde_lock_ Ns Aq Ar device , 1995where 1996.Ar device 1997is the encrypted device without the 1998.Dq Pa /dev/ 1999and 2000.Dq Pa .bde 2001parts. 2002.It Va gbde_attach_attempts 2003.Pq Vt int 2004Number of times to attempt attaching to a 2005.Xr gbde 4 2006device, i.e., how many times the user is asked for the pass-phrase. 2007Default is 3. 2008.It Va geli_devices 2009.Pq Vt str 2010List of devices to automatically attach on boot. 2011Note that .eli devices from 2012.Pa /etc/fstab 2013are automatically appended to this list. 2014.It Va geli_tries 2015.Pq Vt int 2016Number of times user is asked for the pass-phrase. 2017If empty, it will be taken from 2018.Va kern.geom.eli.tries 2019sysctl variable. 2020.It Va geli_default_flags 2021.Pq Vt str 2022Default flags to use by 2023.Xr geli 8 2024when configuring disk encryption. 2025Flags can be configured for every device separately by defining 2026.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2027variable. 2028.It Va geli_autodetach 2029.Pq Vt str 2030Specifies if GELI devices should be marked for detach on last close after 2031file systems are mounted. 2032Default is 2033.Dq Li YES . 2034This can be changed for every device separately by defining 2035.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2036variable. 2037.It Va root_rw_mount 2038.Pq Vt bool 2039Set to 2040.Dq Li YES 2041by default. 2042After the file systems are checked at boot time, the root file system 2043is remounted as read-write if this is set to 2044.Dq Li YES . 2045Diskless systems that mount their root file system from a read-only remote 2046NFS share should set this to 2047.Dq Li NO 2048in their 2049.Pa rc.conf . 2050.It Va fsck_y_enable 2051.Pq Vt bool 2052If set to 2053.Dq Li YES , 2054.Xr fsck 8 2055will be run with the 2056.Fl y 2057flag if the initial preen 2058of the file systems fails. 2059.It Va background_fsck 2060.Pq Vt bool 2061If set to 2062.Dq Li NO , 2063the system will not attempt to run 2064.Xr fsck 8 2065in the background where possible. 2066.It Va background_fsck_delay 2067.Pq Vt int 2068The amount of time in seconds to sleep before starting a background 2069.Xr fsck 8 . 2070It defaults to sixty seconds to allow large applications such as 2071the X server to start before disk I/O bandwidth is monopolized by 2072.Xr fsck 8 . 2073If set to a negative number, the background file system check will be 2074delayed indefinitely to allow the administrator to run it at a more 2075convenient time. 2076For example it may be run from 2077.Xr cron 8 2078by adding a line like 2079.Pp 2080.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2081.Pp 2082to 2083.Pa /etc/crontab . 2084.It Va netfs_types 2085.Pq Vt str 2086List of file system types that are network-based. 2087This list should generally not be modified by end users. 2088Use 2089.Va extra_netfs_types 2090instead. 2091.It Va extra_netfs_types 2092.Pq Vt str 2093If set to something other than 2094.Dq Li NO 2095(the default), 2096this variable extends the list of file system types 2097for which automatic mounting at startup by 2098.Xr rc 8 2099should be delayed until the network is initialized. 2100It should contain 2101a whitespace-separated list of network file system descriptor pairs, 2102each consisting of a file system type as passed to 2103.Xr mount 8 2104and a human-readable, one-word description, 2105joined with a colon 2106.Pq Ql \&: . 2107Extending the default list in this way is only necessary 2108when third party file system types are used. 2109.It Va syslogd_enable 2110.Pq Vt bool 2111If set to 2112.Dq Li YES , 2113run the 2114.Xr syslogd 8 2115daemon. 2116.It Va syslogd_program 2117.Pq Vt str 2118Path to 2119.Xr syslogd 8 2120(default 2121.Pa /usr/sbin/syslogd ) . 2122.It Va syslogd_flags 2123.Pq Vt str 2124If 2125.Va syslogd_enable 2126is set to 2127.Dq Li YES , 2128these are the flags to pass to 2129.Xr syslogd 8 . 2130.It Va inetd_enable 2131.Pq Vt bool 2132If set to 2133.Dq Li YES , 2134run the 2135.Xr inetd 8 2136daemon. 2137.It Va inetd_program 2138.Pq Vt str 2139Path to 2140.Xr inetd 8 2141(default 2142.Pa /usr/sbin/inetd ) . 2143.It Va inetd_flags 2144.Pq Vt str 2145If 2146.Va inetd_enable 2147is set to 2148.Dq Li YES , 2149these are the flags to pass to 2150.Xr inetd 8 . 2151.It Va hastd_enable 2152.Pq Vt bool 2153If set to 2154.Dq Li YES , 2155run the 2156.Xr hastd 8 2157daemon. 2158.It Va hastd_program 2159.Pq Vt str 2160Path to 2161.Xr hastd 8 2162(default 2163.Pa /sbin/hastd ) . 2164.It Va hastd_flags 2165.Pq Vt str 2166If 2167.Va hastd_enable 2168is set to 2169.Dq Li YES , 2170these are the flags to pass to 2171.Xr hastd 8 . 2172.It Va local_unbound_enable 2173.Pq Vt bool 2174If set to 2175.Dq Li YES , 2176run the 2177.Xr unbound 8 2178daemon as a local caching resolver. 2179.It Va kdc_enable 2180.Pq Vt bool 2181Set to 2182.Dq Li YES 2183to start a Kerberos 5 authentication server 2184at boot time. 2185.It Va kdc_program 2186.Pq Vt str 2187If 2188.Va kdc_enable 2189is set to 2190.Dq Li YES 2191this is the path to Kerberos 5 Authentication Server. 2192.It Va kdc_flags 2193.Pq Vt str 2194Empty by default. 2195This variable contains additional flags to be passed to the Kerberos 5 2196authentication server. 2197.It Va kadmind_enable 2198.Pq Vt bool 2199Set to 2200.Dq Li YES 2201to start 2202.Xr kadmind 8 , 2203the Kerberos 5 Administration Daemon; set to 2204.Dq Li NO 2205on a slave server. 2206.It Va kadmind_program 2207.Pq Vt str 2208If 2209.Va kadmind_enable 2210is set to 2211.Dq Li YES 2212this is the path to Kerberos 5 Administration Daemon. 2213.It Va kpasswdd_enable 2214.Pq Vt bool 2215Set to 2216.Dq Li YES 2217to start 2218.Xr kpasswdd 8 , 2219the Kerberos 5 Password-Changing Daemon; set to 2220.Dq Li NO 2221on a slave server. 2222.It Va kpasswdd_program 2223.Pq Vt str 2224If 2225.Va kpasswdd_enable 2226is set to 2227.Dq Li YES 2228this is the path to Kerberos 5 Password-Changing Daemon. 2229.It Va kfd_enable 2230.Pq Vt bool 2231Set to 2232.Dq Li YES 2233to start 2234.Xr kfd 8 , 2235the Kerberos 5 ticket forwarding daemon, at the boot time. 2236.It Va kfd_program 2237.Pq Vt str 2238Path to 2239.Xr kfd 8 2240(default 2241.Pa /usr/libexec/kfd ) . 2242.It Va rwhod_enable 2243.Pq Vt bool 2244If set to 2245.Dq Li YES , 2246run the 2247.Xr rwhod 8 2248daemon at boot time. 2249.It Va rwhod_flags 2250.Pq Vt str 2251If 2252.Va rwhod_enable 2253is set to 2254.Dq Li YES , 2255these are the flags to pass to it. 2256.It Va amd_enable 2257.Pq Vt bool 2258If set to 2259.Dq Li YES , 2260run the 2261.Xr amd 8 2262daemon at boot time. 2263.It Va amd_flags 2264.Pq Vt str 2265If 2266.Va amd_enable 2267is set to 2268.Dq Li YES , 2269these are the flags to pass to it. 2270See the 2271.Xr amd 8 2272manpage for more information. 2273.It Va amd_map_program 2274.Pq Vt str 2275If set, 2276the specified program is run to get the list of 2277.Xr amd 8 2278maps. 2279For example, if the 2280.Xr amd 8 2281maps are stored in NIS, one can set this to 2282run 2283.Xr ypcat 1 2284to get a list of 2285.Xr amd 8 2286maps from the 2287.Pa amd.master 2288NIS map. 2289.It Va update_motd 2290.Pq Vt bool 2291If set to 2292.Dq Li YES , 2293.Pa /etc/motd 2294will be updated at boot time to reflect the kernel release 2295being run. 2296If set to 2297.Dq Li NO , 2298.Pa /etc/motd 2299will not be updated. 2300.It Va nfs_client_enable 2301.Pq Vt bool 2302If set to 2303.Dq Li YES , 2304run the NFS client daemons at boot time. 2305.It Va nfs_access_cache 2306.Pq Vt int 2307If 2308.Va nfs_client_enable 2309is set to 2310.Dq Li YES , 2311this can be set to 2312.Dq Li 0 2313to disable NFS ACCESS RPC caching, or to the number of seconds for which 2314NFS ACCESS 2315results should be cached. 2316A value of 2-10 seconds will substantially reduce network 2317traffic for many NFS operations. 2318.It Va nfs_server_enable 2319.Pq Vt bool 2320If set to 2321.Dq Li YES , 2322run the NFS server daemons at boot time. 2323.It Va nfs_server_flags 2324.Pq Vt str 2325If 2326.Va nfs_server_enable 2327is set to 2328.Dq Li YES , 2329these are the flags to pass to the 2330.Xr nfsd 8 2331daemon. 2332.It Va nfsv4_server_enable 2333.Pq Vt bool 2334If 2335.Va nfs_server_enable 2336is set to 2337.Dq Li YES 2338and 2339.Va nfsv4_server_enable 2340are set to 2341.Dq Li YES , 2342enable the server for NFSv4 as well as NFSv2 and NFSv3. 2343.It Va nfsuserd_enable 2344.Pq Vt bool 2345If 2346.Va nfsuserd_enable 2347is set to 2348.Dq Li YES , 2349run the nfsuserd daemon, which is needed for NFSv4 in order 2350to map between user/group names vs uid/gid numbers. 2351If 2352.Va nfsv4_server_enable 2353is set to 2354.Dq Li YES , 2355this will be forced enabled. 2356.It Va nfsuserd_flags 2357.Pq Vt str 2358If 2359.Va nfsuserd_enable 2360is set to 2361.Dq Li YES , 2362these are the flags to pass to the 2363.Xr nfsuserd 8 2364daemon. 2365.It Va nfscbd_enable 2366.Pq Vt bool 2367If 2368.Va nfscbd_enable 2369is set to 2370.Dq Li YES , 2371run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2372.It Va nfscbd_flags 2373.Pq Vt str 2374If 2375.Va nfscbd_enable 2376is set to 2377.Dq Li YES , 2378these are the flags to pass to the 2379.Xr nfscbd 8 2380daemon. 2381.It Va mountd_enable 2382.Pq Vt bool 2383If set to 2384.Dq Li YES , 2385and no 2386.Va nfs_server_enable 2387is set, start 2388.Xr mountd 8 , 2389but not 2390.Xr nfsd 8 2391daemon. 2392It is commonly needed to run CFS without real NFS used. 2393.It Va mountd_flags 2394.Pq Vt str 2395If 2396.Va mountd_enable 2397is set to 2398.Dq Li YES , 2399these are the flags to pass to the 2400.Xr mountd 8 2401daemon. 2402.It Va weak_mountd_authentication 2403.Pq Vt bool 2404If set to 2405.Dq Li YES , 2406allow services like PCNFSD to make non-privileged mount 2407requests. 2408.It Va nfs_reserved_port_only 2409.Pq Vt bool 2410If set to 2411.Dq Li YES , 2412provide NFS services only on a secure port. 2413.It Va nfs_bufpackets 2414.Pq Vt int 2415If set to a number, indicates the number of packets worth of 2416socket buffer space to reserve on an NFS client. 2417The kernel default is typically 4. 2418Using a higher number may be 2419useful on gigabit networks to improve performance. 2420The minimum value is 24212 and the maximum is 64. 2422.It Va rpc_lockd_enable 2423.Pq Vt bool 2424If set to 2425.Dq Li YES 2426and also an NFS server or client, run 2427.Xr rpc.lockd 8 2428at boot time. 2429.It Va rpc_lockd_flags 2430.Pq Vt str 2431If 2432.Va rpc_lockd_enable 2433is set to 2434.Dq Li YES , 2435these are the flags to pass to the 2436.Xr rpc.lockd 8 2437daemon. 2438.It Va rpc_statd_enable 2439.Pq Vt bool 2440If set to 2441.Dq Li YES 2442and also an NFS server or client, run 2443.Xr rpc.statd 8 2444at boot time. 2445.It Va rpc_statd_flags 2446.Pq Vt str 2447If 2448.Va rpc_statd_enable 2449is set to 2450.Dq Li YES , 2451these are the flags to pass to the 2452.Xr rpc.statd 8 2453daemon. 2454.It Va rpcbind_program 2455.Pq Vt str 2456Path to 2457.Xr rpcbind 8 2458(default 2459.Pa /usr/sbin/rpcbind ) . 2460.It Va rpcbind_enable 2461.Pq Vt bool 2462If set to 2463.Dq Li YES , 2464run the 2465.Xr rpcbind 8 2466service at boot time. 2467.It Va rpcbind_flags 2468.Pq Vt str 2469If 2470.Va rpcbind_enable 2471is set to 2472.Dq Li YES , 2473these are the flags to pass to the 2474.Xr rpcbind 8 2475daemon. 2476.It Va keyserv_enable 2477.Pq Vt bool 2478If set to 2479.Dq Li YES , 2480run the 2481.Xr keyserv 8 2482daemon on boot for running Secure RPC. 2483.It Va keyserv_flags 2484.Pq Vt str 2485If 2486.Va keyserv_enable 2487is set to 2488.Dq Li YES , 2489these are the flags to pass to 2490.Xr keyserv 8 2491daemon. 2492.It Va pppoed_enable 2493.Pq Vt bool 2494If set to 2495.Dq Li YES , 2496run the 2497.Xr pppoed 8 2498daemon at boot time to provide PPP over Ethernet services. 2499.It Va pppoed_ Ns Aq Ar provider 2500.Pq Vt str 2501.Xr pppoed 8 2502listens to requests to this 2503.Ar provider 2504and ultimately runs 2505.Xr ppp 8 2506with a 2507.Ar system 2508argument of the same name. 2509.It Va pppoed_flags 2510.Pq Vt str 2511Additional flags to pass to 2512.Xr pppoed 8 . 2513.It Va pppoed_interface 2514.Pq Vt str 2515The network interface to run 2516.Xr pppoed 8 2517on. 2518This is mandatory when 2519.Va pppoed_enable 2520is set to 2521.Dq Li YES . 2522.It Va timed_enable 2523.Pq Vt bool 2524If set to 2525.Dq Li YES , 2526run the 2527.Xr timed 8 2528service at boot time. 2529This command is intended for networks of 2530machines where a consistent 2531.Dq "network time" 2532for all hosts must be established. 2533This is often useful in large NFS 2534environments where time stamps on files are expected to be consistent 2535network-wide. 2536.It Va timed_flags 2537.Pq Vt str 2538If 2539.Va timed_enable 2540is set to 2541.Dq Li YES , 2542these are the flags to pass to the 2543.Xr timed 8 2544service. 2545.It Va ntpdate_enable 2546.Pq Vt bool 2547If set to 2548.Dq Li YES , 2549run 2550.Xr ntpdate 8 2551at system startup. 2552This command is intended to 2553synchronize the system clock only 2554.Em once 2555from some standard reference. 2556.It Va ntpdate_config 2557.Pq Vt str 2558Configuration file for 2559.Xr ntpdate 8 . 2560Default 2561.Pa /etc/ntp.conf . 2562.It Va ntpdate_hosts 2563.Pq Vt str 2564A whitespace-separated list of NTP servers to synchronize with at startup. 2565The default is to use the servers listed in 2566.Va ntpdate_config , 2567if that file exists. 2568.It Va ntpdate_program 2569.Pq Vt str 2570Path to 2571.Xr ntpdate 8 2572(default 2573.Pa /usr/sbin/ntpdate ) . 2574.It Va ntpdate_flags 2575.Pq Vt str 2576If 2577.Va ntpdate_enable 2578is set to 2579.Dq Li YES , 2580these are the flags to pass to the 2581.Xr ntpdate 8 2582command (typically a hostname). 2583.It Va ntpd_enable 2584.Pq Vt bool 2585If set to 2586.Dq Li YES , 2587run the 2588.Xr ntpd 8 2589command at boot time. 2590.It Va ntpd_program 2591.Pq Vt str 2592Path to 2593.Xr ntpd 8 2594(default 2595.Pa /usr/sbin/ntpd ) . 2596.It Va ntpd_config 2597.Pq Vt str 2598Path to 2599.Xr ntpd 8 2600configuration file. 2601Default 2602.Pa /etc/ntp.conf . 2603.It Va ntpd_flags 2604.Pq Vt str 2605If 2606.Va ntpd_enable 2607is set to 2608.Dq Li YES , 2609these are the flags to pass to the 2610.Xr ntpd 8 2611daemon. 2612.It Va ntpd_sync_on_start 2613.Pq Vt bool 2614If set to 2615.Dq Li YES , 2616.Xr ntpd 8 2617is run with the 2618.Fl g 2619flag, which syncs the system's clock on startup. 2620See 2621.Xr ntpd 8 2622for more information regarding the 2623.Fl g 2624option. 2625This is a preferred alternative to using 2626.Xr ntpdate 8 2627or specifying the 2628.Va ntpdate_enable 2629variable. 2630.It Va nis_client_enable 2631.Pq Vt bool 2632If set to 2633.Dq Li YES , 2634run the 2635.Xr ypbind 8 2636service at system boot time. 2637.It Va nis_client_flags 2638.Pq Vt str 2639If 2640.Va nis_client_enable 2641is set to 2642.Dq Li YES , 2643these are the flags to pass to the 2644.Xr ypbind 8 2645service. 2646.It Va nis_ypldap_enable 2647.Pq Vt bool 2648If set to 2649.Dq Li YES , 2650run the 2651.Xr ypldap 8 2652daemon at system boot time. 2653.It Va nis_ypldap_flags 2654.Pq Vt str 2655If 2656.Va nis.ypldap_enable 2657is set to 2658.Dq Li YES , 2659these are the flags to pass to the 2660.Xr ypldap 8 2661daemon. 2662.It Va nis_ypset_enable 2663.Pq Vt bool 2664If set to 2665.Dq Li YES , 2666run the 2667.Xr ypset 8 2668daemon at system boot time. 2669.It Va nis_ypset_flags 2670.Pq Vt str 2671If 2672.Va nis_ypset_enable 2673is set to 2674.Dq Li YES , 2675these are the flags to pass to the 2676.Xr ypset 8 2677daemon. 2678.It Va nis_server_enable 2679.Pq Vt bool 2680If set to 2681.Dq Li YES , 2682run the 2683.Xr ypserv 8 2684daemon at system boot time. 2685.It Va nis_server_flags 2686.Pq Vt str 2687If 2688.Va nis_server_enable 2689is set to 2690.Dq Li YES , 2691these are the flags to pass to the 2692.Xr ypserv 8 2693daemon. 2694.It Va nis_ypxfrd_enable 2695.Pq Vt bool 2696If set to 2697.Dq Li YES , 2698run the 2699.Xr rpc.ypxfrd 8 2700daemon at system boot time. 2701.It Va nis_ypxfrd_flags 2702.Pq Vt str 2703If 2704.Va nis_ypxfrd_enable 2705is set to 2706.Dq Li YES , 2707these are the flags to pass to the 2708.Xr rpc.ypxfrd 8 2709daemon. 2710.It Va nis_yppasswdd_enable 2711.Pq Vt bool 2712If set to 2713.Dq Li YES , 2714run the 2715.Xr rpc.yppasswdd 8 2716daemon at system boot time. 2717.It Va nis_yppasswdd_flags 2718.Pq Vt str 2719If 2720.Va nis_yppasswdd_enable 2721is set to 2722.Dq Li YES , 2723these are the flags to pass to the 2724.Xr rpc.yppasswdd 8 2725daemon. 2726.It Va rpc_ypupdated_enable 2727.Pq Vt bool 2728If set to 2729.Dq Li YES , 2730run the 2731.Nm rpc.ypupdated 2732daemon at system boot time. 2733.It Va bsnmpd_enable 2734.Pq Vt bool 2735If set to 2736.Dq Li YES , 2737run the 2738.Xr bsnmpd 1 2739daemon at system boot time. 2740Be sure to understand the security implications of running SNMP daemon 2741on your host. 2742.It Va bsnmpd_flags 2743.Pq Vt str 2744If 2745.Va bsnmpd_enable 2746is set to 2747.Dq Li YES , 2748these are the flags to pass to the 2749.Xr bsnmpd 1 2750daemon. 2751.It Va defaultrouter 2752.Pq Vt str 2753If not set to 2754.Dq Li NO , 2755create a default route to this host name or IP address 2756(use an IP address if this router is also required to get to the 2757name server!). 2758.It Va ipv6_defaultrouter 2759.Pq Vt str 2760The IPv6 equivalent of 2761.Va defaultrouter . 2762.It Va static_arp_pairs 2763.Pq Vt str 2764Set to the list of static ARP pairs that are to be added at system 2765boot time. 2766For each whitespace separated 2767.Ar element 2768in the value, a 2769.Va static_arp_ Ns Aq Ar element 2770variable is assumed to exist whose contents will later be passed to a 2771.Dq Nm arp Cm -S 2772operation. 2773For example 2774.Bd -literal 2775static_arp_pairs="gw" 2776static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2777.Ed 2778.It Va static_ndp_pairs 2779.Pq Vt str 2780Set to the list of static NDP pairs that are to be added at system 2781boot time. 2782For each whitespace separated 2783.Ar element 2784in the value, a 2785.Va static_ndp_ Ns Aq Ar element 2786variable is assumed to exist whose contents will later be passed to a 2787.Dq Nm ndp Cm -s 2788operation. 2789For example 2790.Bd -literal 2791static_ndp_pairs="gw" 2792static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2793.Ed 2794.It Va static_routes 2795.Pq Vt str 2796Set to the list of static routes that are to be added at system 2797boot time. 2798If not set to 2799.Dq Li NO 2800then for each whitespace separated 2801.Ar element 2802in the value, a 2803.Va route_ Ns Aq Ar element 2804variable is assumed to exist 2805whose contents will later be passed to a 2806.Dq Nm route Cm add 2807operation. 2808For example: 2809.Bd -literal 2810static_routes="ext mcast:gif0 gif0local:gif0" 2811route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2812route_mcast="-net 224.0.0.0/4 -iface gif0" 2813route_gif0local="-host 169.254.1.1 -iface lo0" 2814.Ed 2815.Pp 2816When an 2817.Ar element 2818is in the form of 2819.Li name:ifname , 2820the route is specific to the interface 2821.Li ifname . 2822.It Va ipv6_static_routes 2823.Pq Vt str 2824The IPv6 equivalent of 2825.Va static_routes . 2826If not set to 2827.Dq Li NO 2828then for each whitespace separated 2829.Ar element 2830in the value, a 2831.Va ipv6_route_ Ns Aq Ar element 2832variable is assumed to exist 2833whose contents will later be passed to a 2834.Dq Nm route Cm add Fl inet6 2835operation. 2836.It Va gateway_enable 2837.Pq Vt bool 2838If set to 2839.Dq Li YES , 2840configure host to act as an IP router, e.g.\& to forward packets 2841between interfaces. 2842.It Va ipv6_gateway_enable 2843.Pq Vt bool 2844The IPv6 equivalent of 2845.Va gateway_enable . 2846.It Va routed_enable 2847.Pq Vt bool 2848If set to 2849.Dq Li YES , 2850run a routing daemon of some sort, based on the 2851settings of 2852.Va routed_program 2853and 2854.Va routed_flags . 2855.It Va route6d_enable 2856.Pq Vt bool 2857The IPv6 equivalent of 2858.Va routed_enable . 2859If set to 2860.Dq Li YES , 2861run a routing daemon of some sort, based on the 2862settings of 2863.Va route6d_program 2864and 2865.Va route6d_flags . 2866.It Va routed_program 2867.Pq Vt str 2868If 2869.Va routed_enable 2870is set to 2871.Dq Li YES , 2872this is the name of the routing daemon to use. 2873.It Va route6d_program 2874.Pq Vt str 2875The IPv6 equivalent of 2876.Va routed_program . 2877.It Va routed_flags 2878.Pq Vt str 2879If 2880.Va routed_enable 2881is set to 2882.Dq Li YES , 2883these are the flags to pass to the routing daemon. 2884.It Va route6d_flags 2885.Pq Vt str 2886The IPv6 equivalent of 2887.Va routed_flags . 2888.It Va rtadvd_enable 2889.Pq Vt bool 2890If set to 2891.Dq Li YES , 2892run the 2893.Xr rtadvd 8 2894daemon at boot time. 2895The 2896.Xr rtadvd 8 2897utility sends ICMPv6 Router Advertisement messages to 2898the interfaces specified in 2899.Va rtadvd_interfaces . 2900This should only be enabled with great care. 2901You may want to fine-tune 2902.Xr rtadvd.conf 5 . 2903.It Va rtadvd_interfaces 2904.Pq Vt str 2905If 2906.Va rtadvd_enable 2907is set to 2908.Dq Li YES 2909this is the list of interfaces to use. 2910.It Va arpproxy_all 2911.Pq Vt bool 2912If set to 2913.Dq Li YES , 2914enable global proxy ARP. 2915.It Va forward_sourceroute 2916.Pq Vt bool 2917If set to 2918.Dq Li YES 2919and 2920.Va gateway_enable 2921is also set to 2922.Dq Li YES , 2923source-routed packets are forwarded. 2924.It Va accept_sourceroute 2925.Pq Vt bool 2926If set to 2927.Dq Li YES , 2928the system will accept source-routed packets directed at it. 2929.It Va rarpd_enable 2930.Pq Vt bool 2931If set to 2932.Dq Li YES , 2933run the 2934.Xr rarpd 8 2935daemon at system boot time. 2936.It Va rarpd_flags 2937.Pq Vt str 2938If 2939.Va rarpd_enable 2940is set to 2941.Dq Li YES , 2942these are the flags to pass to the 2943.Xr rarpd 8 2944daemon. 2945.It Va bootparamd_enable 2946.Pq Vt bool 2947If set to 2948.Dq Li YES , 2949run the 2950.Xr bootparamd 8 2951daemon at system boot time. 2952.It Va bootparamd_flags 2953.Pq Vt str 2954If 2955.Va bootparamd_enable 2956is set to 2957.Dq Li YES , 2958these are the flags to pass to the 2959.Xr bootparamd 8 2960daemon. 2961.It Va stf_interface_ipv4addr 2962.Pq Vt str 2963If not set to 2964.Dq Li NO , 2965this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2966interface). 2967Specify this entry to enable the 6to4 interface. 2968.It Va stf_interface_ipv4plen 2969.Pq Vt int 2970Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2971An effective value is 0-31. 2972.It Va stf_interface_ipv6_ifid 2973.Pq Vt str 2974IPv6 interface ID for 2975.Xr stf 4 . 2976This can be set to 2977.Dq Li AUTO . 2978.It Va stf_interface_ipv6_slaid 2979.Pq Vt str 2980IPv6 Site Level Aggregator for 2981.Xr stf 4 . 2982.It Va ipv6_ipv4mapping 2983.Pq Vt bool 2984If set to 2985.Dq Li YES 2986this enables IPv4 mapped IPv6 address communication (like 2987.Li ::ffff:a.b.c.d ) . 2988.It Va rtsold_enable 2989.Pq Vt bool 2990Set to 2991.Dq Li YES 2992to enable the 2993.Xr rtsold 8 2994daemon to send ICMPv6 Router Solicitation messages. 2995.It Va rtsold_flags 2996.Pq Vt str 2997If 2998.Va rtsold_enable 2999is set to 3000.Dq Li YES , 3001these are the flags to pass to 3002.Xr rtsold 8 . 3003.It Va rtsol_flags 3004.Pq Vt str 3005For interfaces configured with the 3006.Dq Li inet6 accept_rtadv 3007keyword, these are the flags to pass to 3008.Xr rtsol 8 . 3009.Pp 3010Note that 3011.Va rtsold_enable 3012is mutually exclusive to 3013.Va rtsol_flags ; 3014.Va rtsold_enable 3015takes precedence. 3016.It Va keybell 3017.Pq Vt str 3018The keyboard bell sound. 3019Set to 3020.Dq Li normal , 3021.Dq Li visual , 3022.Dq Li off , 3023or 3024.Dq Li NO 3025if the default behavior is desired. 3026For details, refer to the 3027.Xr kbdcontrol 1 3028manpage. 3029.It Va keyboard 3030.Pq Vt str 3031If set to a non-null string, the virtual console's keyboard input is 3032set to this device. 3033.It Va keymap 3034.Pq Vt str 3035If set to 3036.Dq Li NO , 3037no keymap is installed, otherwise the value is used to install 3038the keymap file found in 3039.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3040(if using 3041.Xr syscons 4 ) or 3042.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3043(if using 3044.Xr vt 4 ) . 3045.It Va keyrate 3046.Pq Vt str 3047The keyboard repeat speed. 3048Set to 3049.Dq Li slow , 3050.Dq Li normal , 3051.Dq Li fast , 3052or 3053.Dq Li NO 3054if the default behavior is desired. 3055.It Va keychange 3056.Pq Vt str 3057If not set to 3058.Dq Li NO , 3059attempt to program the function keys with the value. 3060The value should 3061be a single string of the form: 3062.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3063.It Va cursor 3064.Pq Vt str 3065Can be set to the value of 3066.Dq Li normal , 3067.Dq Li blink , 3068.Dq Li destructive , 3069or 3070.Dq Li NO 3071to set the cursor behavior explicitly or choose the default behavior. 3072.It Va scrnmap 3073.Pq Vt str 3074If set to 3075.Dq Li NO , 3076no screen map is installed, otherwise the value is used to install 3077the screen map file in 3078.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3079This parameter is ignored when using 3080.Xr vt 4 3081as the console driver. 3082.It Va font8x16 3083.Pq Vt str 3084If set to 3085.Dq Li NO , 3086the default 8x16 font value is used for screen size requests, otherwise 3087the value in 3088.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3089or 3090.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3091is used (depending on the console driver being used). 3092.It Va font8x14 3093.Pq Vt str 3094If set to 3095.Dq Li NO , 3096the default 8x14 font value is used for screen size requests, otherwise 3097the value in 3098.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3099or 3100.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3101is used (depending on the console driver being used). 3102.It Va font8x8 3103.Pq Vt str 3104If set to 3105.Dq Li NO , 3106the default 8x8 font value is used for screen size requests, otherwise 3107the value in 3108.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3109or 3110.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3111is used (depending on the console driver being used). 3112.It Va blanktime 3113.Pq Vt int 3114If set to 3115.Dq Li NO , 3116the default screen blanking interval is used, otherwise it is set 3117to 3118.Ar value 3119seconds. 3120.It Va saver 3121.Pq Vt str 3122If not set to 3123.Dq Li NO , 3124this is the actual screen saver to use 3125.Li ( blank , snake , daemon , 3126etc). 3127.It Va moused_nondefault_enable 3128.Pq Vt str 3129If set to 3130.Dq Li NO , 3131the mouse device specified on 3132the command line is not automatically treated as enabled by the 3133.Pa /etc/rc.d/moused 3134script. 3135Having this variable set to 3136.Dq Li YES 3137allows a 3138.Xr usb 4 3139mouse, 3140for example, 3141to be enabled as soon as it is plugged in. 3142.It Va moused_enable 3143.Pq Vt str 3144If set to 3145.Dq Li YES , 3146the 3147.Xr moused 8 3148daemon is started for doing cut/paste selection on the console. 3149.It Va moused_type 3150.Pq Vt str 3151This is the protocol type of the mouse connected to this host. 3152This variable must be set if 3153.Va moused_enable 3154is set to 3155.Dq Li YES . 3156The 3157.Xr moused 8 3158daemon 3159is able to detect the appropriate mouse type automatically in many cases. 3160Set this variable to 3161.Dq Li auto 3162to let the daemon detect it, or 3163select one from the following list if the automatic detection fails. 3164.Pp 3165If the mouse is attached to the PS/2 mouse port, choose 3166.Dq Li auto 3167or 3168.Dq Li ps/2 , 3169regardless of the brand and model of the mouse. 3170Likewise, if the 3171mouse is attached to the bus mouse port, choose 3172.Dq Li auto 3173or 3174.Dq Li busmouse . 3175All other protocols are for serial mice and will not work with 3176the PS/2 and bus mice. 3177If this is a USB mouse, 3178.Dq Li auto 3179is the only protocol type which will work. 3180.Pp 3181.Bl -tag -width ".Li x10mouseremote" -compact 3182.It Li microsoft 3183Microsoft mouse (serial) 3184.It Li intellimouse 3185Microsoft IntelliMouse (serial) 3186.It Li mousesystems 3187Mouse systems Corp.\& mouse (serial) 3188.It Li mmseries 3189MM Series mouse (serial) 3190.It Li logitech 3191Logitech mouse (serial) 3192.It Li busmouse 3193A bus mouse 3194.It Li mouseman 3195Logitech MouseMan and TrackMan (serial) 3196.It Li glidepoint 3197ALPS GlidePoint (serial) 3198.It Li thinkingmouse 3199Kensington ThinkingMouse (serial) 3200.It Li ps/2 3201PS/2 mouse 3202.It Li mmhittab 3203MM HitTablet (serial) 3204.It Li x10mouseremote 3205X10 MouseRemote (serial) 3206.It Li versapad 3207Interlink VersaPad (serial) 3208.El 3209.Pp 3210Even if the mouse is not in the above list, it may be compatible 3211with one in the list. 3212Refer to the manual page for 3213.Xr moused 8 3214for compatibility information. 3215.Pp 3216It should also be noted that while this is enabled, any 3217other client of the mouse (such as an X server) should access 3218the mouse through the virtual mouse device, 3219.Pa /dev/sysmouse , 3220and configure it as a 3221.Dq Li sysmouse 3222type mouse, since all 3223mouse data is converted to this single canonical format when 3224using 3225.Xr moused 8 . 3226If the client program does not support the 3227.Dq Li sysmouse 3228type, 3229specify the 3230.Dq Li mousesystems 3231type. 3232It is the second preferred type. 3233.It Va moused_port 3234.Pq Vt str 3235If 3236.Va moused_enable 3237is set to 3238.Dq Li YES , 3239this is the actual port the mouse is on. 3240It might be 3241.Pa /dev/cuau0 3242for a COM1 serial mouse, 3243.Pa /dev/psm0 3244for a PS/2 mouse or 3245.Pa /dev/mse0 3246for a bus mouse, for example. 3247.It Va moused_flags 3248.Pq Vt str 3249If 3250.Va moused_flags 3251is set, its value is used as an additional set of flags to pass to the 3252.Xr moused 8 3253daemon. 3254.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3255When 3256.Va moused_nondefault_enable 3257is enabled, and a 3258.Xr moused 8 3259daemon is started for a non-default port, the 3260.Va "moused_" Ns Ar XXX Ns Va "_flags" 3261set of options has precedence over and replaces the default 3262.Va moused_flags 3263(where 3264.Ar XXX 3265is the name of the non-default port, i.e.,\& 3266.Ar ums0 ) . 3267By setting 3268.Va "moused_" Ns Ar XXX Ns Va "_flags" 3269it is possible to set up a different set of default flags for each 3270.Xr moused 8 3271instance. 3272For example, you can use 3273.Dq Li "-3" 3274for the default 3275.Va moused_flags 3276to make your laptop's touchpad more comfortable to use, 3277but an empty set of options for 3278.Va moused_ums0_flags 3279when your 3280.Xr usb 4 3281mouse has three or more buttons. 3282.It Va mousechar_start 3283.Pq Vt int 3284If set to 3285.Dq Li NO , 3286the default mouse cursor character range 3287.Li 0xd0 Ns - Ns Li 0xd3 3288is used, 3289otherwise the range start is set 3290to 3291.Ar value 3292character, see 3293.Xr vidcontrol 1 . 3294Use if the default range is occupied in the language code table. 3295.It Va allscreens_flags 3296.Pq Vt str 3297If set, 3298.Xr vidcontrol 1 3299is run with these options for each of the virtual terminals 3300.Pq Pa /dev/ttyv* . 3301For example, 3302.Dq Fl m Cm on 3303will enable the mouse pointer on all virtual terminals 3304if 3305.Va moused_enable 3306is set to 3307.Dq Li YES . 3308.It Va allscreens_kbdflags 3309.Pq Vt str 3310If set, 3311.Xr kbdcontrol 1 3312is run with these options for each of the virtual terminals 3313.Pq Pa /dev/ttyv* . 3314For example, 3315.Dq Fl h Li 200 3316will set the 3317.Xr syscons 4 3318or 3319.Xr vt 4 3320scrollback (history) buffer to 200 lines. 3321.It Va cron_enable 3322.Pq Vt bool 3323If set to 3324.Dq Li YES , 3325run the 3326.Xr cron 8 3327daemon at system boot time. 3328.It Va cron_program 3329.Pq Vt str 3330Path to 3331.Xr cron 8 3332(default 3333.Pa /usr/sbin/cron ) . 3334.It Va cron_flags 3335.Pq Vt str 3336If 3337.Va cron_enable 3338is set to 3339.Dq Li YES , 3340these are the flags to pass to 3341.Xr cron 8 . 3342.It Va cron_dst 3343.Pq Vt bool 3344If set to 3345.Dq Li YES , 3346enable the special handling of transitions to and from the 3347Daylight Saving Time in 3348.Xr cron 8 3349(equivalent to using the flag 3350.Fl s ) . 3351.It Va lpd_program 3352.Pq Vt str 3353Path to 3354.Xr lpd 8 3355(default 3356.Pa /usr/sbin/lpd ) . 3357.It Va lpd_enable 3358.Pq Vt bool 3359If set to 3360.Dq Li YES , 3361run the 3362.Xr lpd 8 3363daemon at system boot time. 3364.It Va lpd_flags 3365.Pq Vt str 3366If 3367.Va lpd_enable 3368is set to 3369.Dq Li YES , 3370these are the flags to pass to the 3371.Xr lpd 8 3372daemon. 3373.It Va chkprintcap_enable 3374.Pq Vt bool 3375If set to 3376.Dq Li YES , 3377run the 3378.Xr chkprintcap 8 3379command before starting the 3380.Xr lpd 8 3381daemon. 3382.It Va chkprintcap_flags 3383.Pq Vt str 3384If 3385.Va lpd_enable 3386and 3387.Va chkprintcap_enable 3388are set to 3389.Dq Li YES , 3390these are the flags to pass to the 3391.Xr chkprintcap 8 3392program. 3393The default is 3394.Dq Li -d , 3395which causes missing directories to be created. 3396.It Va mta_start_script 3397.Pq Vt str 3398This variable specifies the full path to the script to run to start 3399a mail transfer agent. 3400The default is 3401.Pa /etc/rc.sendmail . 3402The 3403.Va sendmail_* 3404variables which 3405.Pa /etc/rc.sendmail 3406uses are documented in the 3407.Xr rc.sendmail 8 3408manual page. 3409.It Va dumpdev 3410.Pq Vt str 3411Indicates the device (usually a swap partition) to which a crash dump 3412should be written in the event of a system crash. 3413If the value of this variable is 3414.Dq Li AUTO , 3415the first suitable swap device listed in 3416.Pa /etc/fstab 3417will be used as dump device. 3418Otherwise, the value of this variable is passed as the argument to 3419.Xr dumpon 8 . 3420To disable crash dumps, set this variable to 3421.Dq Li NO . 3422.It Va dumpon_flags 3423.Pq Vt str 3424Flags to pass to 3425.Xr dumpon 8 3426when configuring 3427.Va dumpdev 3428as the system dump device. 3429.It Va dumpdir 3430.Pq Vt str 3431When the system reboots after a crash and a crash dump is found on the 3432device specified by the 3433.Va dumpdev 3434variable, 3435.Xr savecore 8 3436will save that crash dump and a copy of the kernel to the directory 3437specified by the 3438.Va dumpdir 3439variable. 3440The default value is 3441.Pa /var/crash . 3442Set to 3443.Dq Li NO 3444to not run 3445.Xr savecore 8 3446at boot time when 3447.Va dumpdir 3448is set. 3449.It Va savecore_enable 3450.Pq Vt bool 3451If set to 3452.Dq Li NO , 3453disable automatic extraction of the crash dump from the 3454.Va dumpdev . 3455.It Va savecore_flags 3456.Pq Vt str 3457If crash dumps are enabled, these are the flags to pass to the 3458.Xr savecore 8 3459utility. 3460.It Va quota_enable 3461.Pq Vt bool 3462Set to 3463.Dq Li YES 3464to turn on user and group disk quotas on system startup via the 3465.Xr quotaon 8 3466command for all file systems marked as having quotas enabled in 3467.Pa /etc/fstab . 3468The kernel must be built with 3469.Cd "options QUOTA" 3470for disk quotas to function. 3471.It Va check_quotas 3472.Pq Vt bool 3473Set to 3474.Dq Li YES 3475to enable user and group disk quota checking via the 3476.Xr quotacheck 8 3477command. 3478.It Va quotacheck_flags 3479.Pq Vt str 3480If 3481.Va quota_enable 3482is set to 3483.Dq Li YES , 3484and 3485.Va check_quotas 3486is set to 3487.Dq Li YES , 3488these are the flags to pass to the 3489.Xr quotacheck 8 3490utility. 3491The default is 3492.Dq Li "-a" , 3493which checks quotas for all file systems with quotas enabled in 3494.Pa /etc/fstab . 3495.It Va quotaon_flags 3496.Pq Vt str 3497If 3498.Va quota_enable 3499is set to 3500.Dq Li YES , 3501these are the flags to pass to the 3502.Xr quotaon 8 3503utility. 3504The default is 3505.Dq Li "-a" , 3506which enables quotas for all file systems with quotas enabled in 3507.Pa /etc/fstab . 3508.It Va quotaoff_flags 3509.Pq Vt str 3510If 3511.Va quota_enable 3512is set to 3513.Dq Li YES , 3514these are the flags to pass to the 3515.Xr quotaoff 8 3516utility when shutting down the quota system. 3517The default is 3518.Dq Li "-a" , 3519which disables quotas for all file systems with quotas enabled in 3520.Pa /etc/fstab . 3521.It Va accounting_enable 3522.Pq Vt bool 3523Set to 3524.Dq Li YES 3525to enable system accounting through the 3526.Xr accton 8 3527facility. 3528.It Va ibcs2_enable 3529.Pq Vt bool 3530Set to 3531.Dq Li YES 3532to enable iBCS2 (SCO) binary emulation at system initial boot 3533time. 3534.It Va ibcs2_loaders 3535.Pq Vt str 3536If not set to 3537.Dq Li NO 3538and if 3539.Va ibcs2_enable 3540is set to 3541.Dq Li YES , 3542this specifies a list of additional iBCS2 loaders to enable. 3543.It Va firstboot_sentinel 3544.Pq Vt str 3545This variable specifies the full path to a 3546.Dq first boot 3547sentinel file. 3548If a file exists with this path, 3549.Pa rc.d 3550scripts with the 3551.Dq firstboot 3552keyword will be run on startup and the sentinel file will be deleted 3553after the boot process completes. 3554The sentinel file must be located on a writable file system which is 3555mounted no later than 3556.Va early_late_divider 3557to function properly. 3558The default is 3559.Pa /firstboot . 3560.It Va linux_enable 3561.Pq Vt bool 3562Set to 3563.Dq Li YES 3564to enable Linux/ELF binary emulation at system initial 3565boot time. 3566.It Va sysvipc_enable 3567.Pq Vt bool 3568If set to 3569.Dq Li YES , 3570load System V IPC primitives at boot time. 3571.It Va clear_tmp_enable 3572.Pq Vt bool 3573Set to 3574.Dq Li YES 3575to have 3576.Pa /tmp 3577cleaned at startup. 3578.It Va clear_tmp_X 3579.Pq Vt bool 3580Set to 3581.Dq Li NO 3582to disable removing of X11 lock files, 3583and the removal and (secure) recreation 3584of the various socket directories for X11 3585related programs. 3586.It Va ldconfig_paths 3587.Pq Vt str 3588Set to the list of shared library paths to use with 3589.Xr ldconfig 8 . 3590NOTE: 3591.Pa /usr/lib 3592will always be added first, so it need not appear in this list. 3593.It Va ldconfig32_paths 3594.Pq Vt str 3595Set to the list of 32-bit compatibility shared library paths to 3596use with 3597.Xr ldconfig 8 . 3598.It Va ldconfig_paths_aout 3599.Pq Vt str 3600Set to the list of shared library paths to use with 3601.Xr ldconfig 8 3602legacy 3603.Xr a.out 5 3604support. 3605.It Va ldconfig_insecure 3606.Pq Vt bool 3607The 3608.Xr ldconfig 8 3609utility normally refuses to use directories 3610which are writable by anyone except root. 3611Set this variable to 3612.Dq Li YES 3613to disable that security check during system startup. 3614.It Va ldconfig_local_dirs 3615.Pq Vt str 3616Set to the list of local 3617.Xr ldconfig 8 3618directories. 3619The names of all files in the directories listed will be 3620passed as arguments to 3621.Xr ldconfig 8 . 3622.It Va ldconfig_local32_dirs 3623.Pq Vt str 3624Set to the list of local 32-bit compatibility 3625.Xr ldconfig 8 3626directories. 3627The names of all files in the directories listed will be 3628passed as arguments to 3629.Dq Nm ldconfig Fl 32 . 3630.It Va kern_securelevel_enable 3631.Pq Vt bool 3632Set to 3633.Dq Li YES 3634to set the kernel security level at system startup. 3635.It Va kern_securelevel 3636.Pq Vt int 3637The kernel security level to set at startup. 3638The allowed range of 3639.Ar value 3640ranges from \-1 (the compile time default) to 3 (the 3641most secure). 3642See 3643.Xr security 7 3644for the list of possible security levels and their effect 3645on system operation. 3646.It Va sshd_program 3647.Pq Vt str 3648Path to the SSH server program 3649.Pa ( /usr/sbin/sshd 3650is the default). 3651.It Va sshd_enable 3652.Pq Vt bool 3653Set to 3654.Dq Li YES 3655to start 3656.Xr sshd 8 3657at system boot time. 3658.It Va sshd_flags 3659.Pq Vt str 3660If 3661.Va sshd_enable 3662is set to 3663.Dq Li YES , 3664these are the flags to pass to the 3665.Xr sshd 8 3666daemon. 3667.It Va ftpd_program 3668.Pq Vt str 3669Path to the FTP server program 3670.Pa ( /usr/libexec/ftpd 3671is the default). 3672.It Va ftpd_enable 3673.Pq Vt bool 3674Set to 3675.Dq Li YES 3676to start 3677.Xr ftpd 8 3678as a stand-alone daemon at system boot time. 3679.It Va ftpd_flags 3680.Pq Vt str 3681If 3682.Va ftpd_enable 3683is set to 3684.Dq Li YES , 3685these are the additional flags to pass to the 3686.Xr ftpd 8 3687daemon. 3688.It Va watchdogd_enable 3689.Pq Vt bool 3690If set to 3691.Dq Li YES , 3692start the 3693.Xr watchdogd 8 3694daemon at boot time. 3695This requires that the kernel have been compiled with a 3696.Xr watchdog 4 3697compatible device. 3698.It Va watchdogd_flags 3699.Pq Vt str 3700If 3701.Va watchdogd_enable 3702is set to 3703.Dq Li YES , 3704these are the flags passed to the 3705.Xr watchdogd 8 3706daemon. 3707.It Va devfs_rulesets 3708.Pq Vt str 3709List of files containing sets of rules for 3710.Xr devfs 8 . 3711.It Va devfs_system_ruleset 3712.Pq Vt str 3713Rule name(s) to apply to the system 3714.Pa /dev 3715itself. 3716.It Va devfs_set_rulesets 3717.Pq Vt str 3718Pairs of already-mounted 3719.Pa dev 3720directories and rulesets that should be applied to them. 3721For example: /mount/dev=ruleset_name 3722.It Va devfs_load_rulesets 3723.Pq Vt bool 3724If set, always load the default rulesets listed in 3725.Va devfs_rulesets . 3726.It Va performance_cx_lowest 3727.Pq Vt str 3728CPU idle state to use while on AC power. 3729The string 3730.Dq Li LOW 3731indicates that 3732.Xr acpi 4 3733should use the lowest power state available while 3734.Dq Li HIGH 3735indicates that the lowest latency state (less power savings) should be used. 3736.It Va performance_cpu_freq 3737.Pq Vt str 3738CPU clock frequency to use while on AC power. 3739The string 3740.Dq Li LOW 3741indicates that 3742.Xr cpufreq 4 3743should use the lowest frequency available while 3744.Dq Li HIGH 3745indicates that the highest frequency (less power savings) should be used. 3746.It Va economy_cx_lowest 3747.Pq Vt str 3748CPU idle state to use when off AC power. 3749The string 3750.Dq Li LOW 3751indicates that 3752.Xr acpi 4 3753should use the lowest power state available while 3754.Dq Li HIGH 3755indicates that the lowest latency state (less power savings) should be used. 3756.It Va economy_cpu_freq 3757.Pq Vt str 3758CPU clock frequency to use when off AC power. 3759The string 3760.Dq Li LOW 3761indicates that 3762.Xr cpufreq 4 3763should use the lowest frequency available while 3764.Dq Li HIGH 3765indicates that the highest frequency (less power savings) should be used. 3766.It Va jail_enable 3767.Pq Vt bool 3768If set to 3769.Dq Li NO , 3770any configured jails will not be started. 3771.It Va jail_conf 3772.Pq Vt str 3773The configuration filename used by 3774.Xr jail 8 3775utility. 3776The default value is 3777.Pa /etc/jail.conf . 3778.It Va jail_parallel_start 3779.Pq Vt bool 3780If set to 3781.Dq Li YES , 3782all configured jails will be started in the background (in parallel). 3783.It Va jail_flags 3784.Pq Vt str 3785Unset by default. 3786When set, use as default value for 3787.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3788for every jail in 3789.Va jail_list . 3790.It Va jail_list 3791.Pq Vt str 3792A space-delimited list of jail names. 3793When left empty, all of the 3794.Xr jail 8 3795instances defined in the configuration file are started. 3796The names specified in this list control the jail startup order. 3797.Xr jail 8 3798instances missing from 3799.Va jail_list 3800must be started manually. 3801Note that a jail's 3802.Va depend 3803parameter in the configuration file may override this list. 3804.It Va jail_reverse_stop 3805.Pq Vt bool 3806When set to 3807.Dq Li YES , 3808all configured jails in 3809.Va jail_list 3810are stopped in reverse order. 3811.It Va jail_* variables 3812Note that older releases supported per-jail configuration via 3813.Nm 3814variables. 3815For example, 3816hostname of a jail named 3817.Li vjail 3818was able to be set by 3819.Li jail_vjail_hostname . 3820These per-jail configuration variables are now obsolete in favor of 3821.Xr jail 8 3822configuration file. 3823For backward compatibility, 3824when per-jail configuration variables are defined, 3825.Xr jail 8 3826configuration files are created as 3827.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3828and used. 3829.Pp 3830The following per-jail parameters are handled by 3831.Pa rc.d/jail 3832script out of their corresponding 3833.Nm 3834variables. 3835In addition to them, parameters in 3836.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3837will be added to the configuration file. 3838They must be a semi-colon 3839.Pq Ql \&; 3840delimited list of 3841.Dq key=value . 3842For more details, 3843see 3844.Xr jail 8 3845manual page. 3846.Bl -tag -width "host.hostname" -offset indent 3847.It Li path 3848set from 3849.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3850.It Li host.hostname 3851set from 3852.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3853.It Li exec.consolelog 3854set from 3855.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3856The default value is 3857.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3858.It Li interface 3859set from 3860.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3861.It Li vnet.interface 3862set from 3863.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3864This implies 3865.Li vnet 3866parameter will be enabled and cannot be specified with 3867.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3868.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3869and/or 3870.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3871at the same time. 3872.It Li fstab 3873set from 3874.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3875.It Li mount 3876set from 3877.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3878.It Li exec.fib 3879set from 3880.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3881.It Li exec.start 3882set from 3883.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3884The parameter name was 3885.Li command 3886in some older releases. 3887.It Li exec.prestart 3888set from 3889.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3890.It Li exec.poststart 3891set from 3892.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3893.It Li exec.stop 3894set from 3895.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3896.It Li exec.prestop 3897set from 3898.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3899.It Li exec.poststop 3900set from 3901.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3902.It Li ip4.addr 3903set if 3904.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3905or 3906.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3907contain IPv4 addresses 3908.It Li ip6.addr 3909set if 3910.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3911or 3912.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3913contain IPv6 addresses 3914.It Li allow.mount 3915set from 3916.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3917.It Li mount.devfs 3918set from 3919.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3920.It Li devfs_ruleset 3921set from 3922.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3923This must be an integer, 3924not a string. 3925.It Li mount.fdescfs 3926set from 3927.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3928.It Li allow.set_hostname 3929set from 3930.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3931.It Li allow.rawsocket 3932set from 3933.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3934.It Li allow.sysvipc 3935set from 3936.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 3937.El 3938.\" ----------------------------------------------------- 3939.It Va harvest_mask 3940.Pq Vt int 3941Set to a bit-mask 3942representing the entropy sources 3943you wish to harvest. 3944Refer to 3945.Xr random 4 3946for more information. 3947.It Va entropy_dir 3948.Pq Vt str 3949Set to 3950.Dq Li NO 3951to disable caching entropy via 3952.Xr cron 8 . 3953Otherwise set to the directory 3954in which the entropy files are stored. 3955To be useful, 3956there must be 3957a system cron job 3958that regularly writes and rotates 3959files here. 3960All files found 3961will be used at boot time. 3962The default is 3963.Pa /var/db/entropy . 3964.It Va entropy_file 3965.Pq Vt str 3966Set to 3967.Dq Li NO 3968to disable caching entropy through reboots. 3969Otherwise set to the name 3970of a file used to store cached entropy. 3971This file should be located 3972on a file system that is readable 3973before all the volumes specified in 3974.Xr fstab 5 3975are mounted. 3976By default, 3977.Pa /entropy 3978is used, 3979but if 3980.Pa /var/db/entropy-file 3981is found it will also be used. 3982This will be of some use to 3983.Xr bsdinstall 8 . 3984.It Va entropy_boot_file 3985.Pq Vt str 3986Set to 3987.Dq Li NO 3988to disable 3989very early caching entropy 3990through reboots. 3991Otherwise set to the filename 3992used to read 3993very early reboot cached entropy. 3994This file should be located where 3995.Xr loader 8 3996can read it. 3997See also 3998.Xr loader.conf 5 . 3999The default location is 4000.Pa /boot/entropy . 4001.It Va entropy_save_sz 4002.Pq Vt int 4003Size of the entropy cache files saved by 4004.Nm save-entropy 4005periodically. 4006.It Va entropy_save_num 4007.Pq Vt int 4008Number of entropy cache files to save by 4009.Nm save-entropy 4010periodically. 4011.It Va ipsec_enable 4012.Pq Vt bool 4013Set to 4014.Dq Li YES 4015to run 4016.Xr setkey 8 4017on 4018.Va ipsec_file 4019at boot time. 4020.It Va ipsec_file 4021.Pq Vt str 4022Configuration file for 4023.Xr setkey 8 . 4024.It Va dmesg_enable 4025.Pq Vt bool 4026Set to 4027.Dq Li YES 4028to save 4029.Xr dmesg 8 4030to 4031.Pa /var/run/dmesg.boot 4032on boot. 4033.It Va rcshutdown_timeout 4034.Pq Vt int 4035If set, start a watchdog timer in the background which will terminate 4036.Pa rc.shutdown 4037if 4038.Xr shutdown 8 4039has not completed within the specified time (in seconds). 4040Notice that in addition to this soft timeout, 4041.Xr init 8 4042also applies a hard timeout for the execution of 4043.Pa rc.shutdown . 4044This is configured via 4045.Xr sysctl 8 4046variable 4047.Va kern.init_shutdown_timeout 4048and defaults to 120 seconds. 4049Setting the value of 4050.Va rcshutdown_timeout 4051to more than 120 seconds will have no effect until the 4052.Xr sysctl 8 4053variable 4054.Va kern.init_shutdown_timeout 4055is also increased. 4056.It Va virecover_enable 4057.Pq Vt bool 4058Set to 4059.Dq Li NO 4060to prevent the system from trying to 4061recover pre-maturely terminated 4062.Xr vi 1 4063sessions. 4064.It Va ugidfw_enable 4065.Pq Vt bool 4066Set to 4067.Dq Li YES 4068to load the 4069.Xr mac_bsdextended 4 4070module upon system initialization and load a default 4071ruleset file. 4072.It Va bsdextended_script 4073.Pq Vt str 4074The default 4075.Xr mac_bsdextended 4 4076ruleset file to load. 4077The default value of this variable is 4078.Pa /etc/rc.bsdextended . 4079.It Va newsyslog_enable 4080.Pq Vt bool 4081If set to 4082.Dq Li YES , 4083run 4084.Xr newsyslog 8 4085command at startup. 4086.It Va newsyslog_flags 4087.Pq Vt str 4088If 4089.Va newsyslog_enable 4090is set to 4091.Dq Li YES , 4092these are the flags to pass to the 4093.Xr newsyslog 8 4094program. 4095The default is 4096.Dq Li -CN , 4097which causes log files flagged with a 4098.Cm C 4099to be created. 4100.It Va mdconfig_md Ns Aq Ar X 4101.Pq Vt str 4102Arguments to 4103.Xr mdconfig 8 4104for 4105.Xr md 4 4106device 4107.Ar X . 4108At minimum a 4109.Fl t Ar type 4110must be specified and either a 4111.Fl s Ar size 4112for malloc or swap backed 4113.Xr md 4 4114devices or a 4115.Fl f Ar file 4116for vnode backed 4117.Xr md 4 4118devices. 4119Note that 4120.Va mdconfig_md Ns Aq Ar X 4121variables are evaluated until one variable is unset or null. 4122.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4123.Pq Vt str 4124Optional arguments passed to 4125.Xr newfs 8 4126to initialize 4127.Xr md 4 4128device 4129.Ar X . 4130.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4131.Pq Vt str 4132An ownership specification passed to 4133.Xr chown 8 4134after the specified 4135.Xr md 4 4136device 4137.Ar X 4138has been mounted. 4139Both the 4140.Xr md 4 4141device and the mount point will be changed. 4142.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4143.Pq Vt str 4144A mode string passed to 4145.Xr chmod 1 4146after the specified 4147.Xr md 4 4148device 4149.Ar X 4150has been mounted. 4151Both the 4152.Xr md 4 4153device and the mount point will be changed. 4154.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4155.Pq Vt str 4156Files to be copied to the mount point of the 4157.Xr md 4 4158device 4159.Ar X 4160after it has been mounted. 4161.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4162.Pq Vt str 4163Command to execute after the specified 4164.Xr md 4 4165device 4166.Ar X 4167has been mounted. 4168Note that the command is passed to 4169.Ic eval 4170and that both 4171.Va _dev 4172and 4173.Va _mp 4174variables can be used to reference respectively the 4175.Xr md 4 4176device and the mount point. 4177Assuming that the 4178.Xr md 4 4179device is 4180.Li md0 , 4181one could set the following: 4182.Bd -literal 4183mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4184.Ed 4185.It Va autobridge_interfaces 4186.Pq Vt str 4187Set to the list of bridge interfaces that will have newly arriving interfaces 4188checked against to be automatically added. 4189If not set to 4190.Dq Li NO 4191then for each whitespace separated 4192.Ar element 4193in the value, a 4194.Va autobridge_ Ns Aq Ar element 4195variable is assumed to exist which has a whitespace separated list of interface 4196names to match, these names can use wildcards. 4197For example: 4198.Bd -literal 4199autobridge_interfaces="bridge0" 4200autobridge_bridge0="tap* dc0 vlan[345]" 4201.Ed 4202.It Va mixer_enable 4203.Pq Vt bool 4204If set to 4205.Dq Li YES , 4206enable support for sound mixer. 4207.It Va hcsecd_enable 4208.Pq Vt bool 4209If set to 4210.Dq Li YES , 4211enable Bluetooth security daemon. 4212.It Va hcsecd_config 4213.Pq Vt str 4214Configuration file for 4215.Xr hcsecd 8 . 4216Default 4217.Pa /etc/bluetooth/hcsecd.conf . 4218.It Va sdpd_enable 4219.Pq Vt bool 4220If set to 4221.Dq Li YES , 4222enable Bluetooth Service Discovery Protocol daemon. 4223.It Va sdpd_control 4224.Pq Vt str 4225Path to 4226.Xr sdpd 8 4227control socket. 4228Default 4229.Pa /var/run/sdp . 4230.It Va sdpd_groupname 4231.Pq Vt str 4232Sets 4233.Xr sdpd 8 4234group to run as after it initializes. 4235Default 4236.Dq Li nobody . 4237.It Va sdpd_username 4238.Pq Vt str 4239Sets 4240.Xr sdpd 8 4241user to run as after it initializes. 4242Default 4243.Dq Li nobody . 4244.It Va bthidd_enable 4245.Pq Vt bool 4246If set to 4247.Dq Li YES , 4248enable Bluetooth Human Interface Device daemon. 4249.It Va bthidd_config 4250.Pq Vt str 4251Configuration file for 4252.Xr bthidd 8 . 4253Default 4254.Pa /etc/bluetooth/bthidd.conf . 4255.It Va bthidd_hids 4256.Pq Vt str 4257Path to a file, where 4258.Xr bthidd 8 4259will store information about known HID devices. 4260Default 4261.Pa /var/db/bthidd.hids . 4262.It Va rfcomm_pppd_server_enable 4263.Pq Vt bool 4264If set to 4265.Dq Li YES , 4266enable Bluetooth RFCOMM PPP wrapper daemon. 4267.It Va rfcomm_pppd_server_profile 4268.Pq Vt str 4269The name of the profile to use from 4270.Pa /etc/ppp/ppp.conf . 4271Multiple profiles can be specified here. 4272Also used to specify per-profile overrides. 4273When the profile name contains any of the characters 4274.Dq Li .-/+ 4275they are translated to 4276.Dq Li _ 4277for the proposes of the override variable names. 4278.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4279.Pq Vt str 4280Overrides local address to listen on. 4281By default 4282.Xr rfcomm_pppd 8 4283will listen on 4284.Dq Li ANY 4285address. 4286The address can be specified as BD_ADDR or name. 4287.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4288.Pq Vt str 4289Overrides local RFCOMM channel to listen on. 4290By default 4291.Xr rfcomm_pppd 8 4292will listen on RFCOMM channel 1. 4293Must set properly if multiple profiles used in the same time. 4294.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4295.Pq Vt bool 4296Tells 4297.Xr rfcomm_pppd 8 4298if it should register Serial Port service on the specified RFCOMM channel. 4299Default 4300.Dq Li NO . 4301.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4302.Pq Vt bool 4303Tells 4304.Xr rfcomm_pppd 8 4305if it should register Dial-Up Networking service on the specified 4306RFCOMM channel. 4307Default 4308.Dq Li NO . 4309.It Va ubthidhci_enable 4310.Pq Vt bool 4311If set to 4312.Dq Li YES , 4313change the USB Bluetooth controller from HID mode to HCI mode. 4314You also need to specify the location of USB Bluetooth controller with the 4315.Va ubthidhci_busnum 4316and 4317.Va ubthidhci_addr 4318variables. 4319.It Va ubthidhci_busnum 4320Bus number where the USB Bluetooth controller is located. 4321Check the output of 4322.Xr usbconfig 8 4323on your system to find this information. 4324.It Va ubthidhci_addr 4325Bus address of the USB Bluetooth controller. 4326Check the output of 4327.Xr usbconfig 8 4328on your system to find this information. 4329.It Va netwait_enable 4330.Pq Vt bool 4331If set to 4332.Dq Li YES , 4333delays the start of network-reliant services until 4334.Va netwait_if 4335is up and ICMP packets to a destination defined in 4336.Va netwait_ip 4337are flowing. 4338Link state is examined first, followed by 4339.Dq Li pinging 4340an IP address to verify network usability. 4341If no destination can be reached or timeouts are exceeded, 4342network services are started anyway with no guarantee that 4343the network is usable. 4344Use of this variable requires both 4345.Va netwait_ip 4346and 4347.Va netwait_if 4348to be set. 4349.It Va netwait_ip 4350.Pq Vt str 4351Empty by default. 4352This variable contains a space-delimited list of IP addresses to 4353.Xr ping 8 . 4354DNS hostnames should not be used as resolution is not guaranteed 4355to be functional at this point. 4356If multiple IP addresses are specified, 4357each will be tried until one is successful or the list is exhausted. 4358.It Va netwait_timeout 4359.Pq Vt int 4360Indicates the total number of seconds to perform a 4361.Dq Li ping 4362against each IP address in 4363.Va netwait_ip , 4364at a rate of one ping per second. 4365If any of the pings are successful, 4366full network connectivity is considered reliable. 4367The default is 60. 4368.It Va netwait_if 4369.Pq Vt str 4370Empty by default. 4371Defines the name of the network interface on which watch for link. 4372.Xr ifconfig 8 4373is used to monitor the interface, looking for 4374.Dq Li status: no carrier . 4375Once gone, the link is considered up. 4376This can be a 4377.Xr vlan 4 4378interface if desired. 4379.It Va netwait_if_timeout 4380.Pq Vt int 4381Defines the total number of seconds to wait for link to become usable, 4382polled at a 1-second interval. 4383The default is 30. 4384.It Va rctl_enable 4385.Pq Vt bool 4386If set to 4387.Dq Li YES , 4388load 4389.Xr rctl 8 4390rules from the defined ruleset. 4391The kernel must be built with 4392.Cd "options RACCT" 4393and 4394.Cd "options RCTL" . 4395.It Va rctl_rules 4396.Pq Vt str 4397Set to 4398.Pa /etc/rctl.conf 4399by default. 4400This variables contains the 4401.Xr rctl.conf 5 4402ruleset to load for 4403.Xr rctl 8 . 4404.It Va iovctl_files 4405.Pq Vt str 4406A space-separated list of configuration files used by 4407.Xr iovctl 8 . 4408The default value is an empty string. 4409.It Va autofs_enable 4410.Pq Vt bool 4411If set to 4412.Dq Li YES , 4413start the 4414.Xr automount 8 4415utility and the 4416.Xr automountd 8 4417and 4418.Xr autounmountd 8 4419daemons at boot time. 4420.It Va automount_flags 4421.Pq Vt str 4422If 4423.Va autofs_enable 4424is set to 4425.Dq Li YES , 4426these are the flags to pass to the 4427.Xr automount 8 4428program. 4429By default no flags are passed. 4430.It Va automountd_flags 4431.Pq Vt str 4432If 4433.Va autofs_enable 4434is set to 4435.Dq Li YES , 4436these are the flags to pass to the 4437.Xr automountd 8 4438daemon. 4439By default no flags are passed. 4440.It Va autounmountd_flags 4441.Pq Vt str 4442If 4443.Va autofs_enable 4444is set to 4445.Dq Li YES , 4446these are the flags to pass to the 4447.Xr autounmountd 8 4448daemon. 4449By default no flags are passed. 4450.It Va ctld_enable 4451.Pq Vt bool 4452If set to 4453.Dq Li YES , 4454start the 4455.Xr ctld 8 4456daemon at boot time. 4457.It Va iscsid_enable 4458.Pq Vt bool 4459If set to 4460.Dq Li YES , 4461start the 4462.Xr iscsid 8 4463daemon at boot time. 4464.It Va iscsictl_enable 4465.Pq Vt bool 4466If set to 4467.Dq Li YES , 4468start the 4469.Xr iscsictl 8 4470utility at boot time. 4471.It Va iscsictl_flags 4472.Pq Vt str 4473If 4474.Va iscsictl_enable 4475is set to 4476.Dq Li YES , 4477these are the flags to pass to the 4478.Xr iscsictl 8 4479program. 4480The default is 4481.Dq Li -Aa , 4482which configures sessions based on the 4483.Pa /etc/iscsi.conf 4484configuration file. 4485.It Va cfumass_enable 4486.Pq Vt bool 4487If set to 4488.Dq Li YES , 4489create and export an USB LUN using 4490.Xr cfumass 4 4491at boot time. 4492.It Va cfumass_dir 4493.Pq Vt str 4494The directory where the files exported by USB LUN are located. 4495The default directory is 4496.Pa /var/cfumass . 4497.El 4498.Sh FILES 4499.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4500.It Pa /etc/defaults/rc.conf 4501.It Pa /etc/rc.conf 4502.It Pa /etc/rc.conf.local 4503.El 4504.Sh SEE ALSO 4505.Xr chmod 1 , 4506.Xr gdb 1 , 4507.Xr info 1 , 4508.Xr kbdcontrol 1 , 4509.Xr makewhatis 1 , 4510.Xr sh 1 , 4511.Xr vi 1 , 4512.Xr vidcontrol 1 , 4513.Xr bridge 4 , 4514.Xr dummynet 4 , 4515.Xr ip 4 , 4516.Xr ipf 4 , 4517.Xr ipfw 4 , 4518.Xr ipnat 4 , 4519.Xr kld 4 , 4520.Xr pf 4 , 4521.Xr pflog 4 , 4522.Xr pfsync 4 , 4523.Xr tcp 4 , 4524.Xr udp 4 , 4525.Xr exports 5 , 4526.Xr fstab 5 , 4527.Xr ipf 5 , 4528.Xr ipnat 5 , 4529.Xr jail.conf 5 , 4530.Xr loader.conf 5 , 4531.Xr motd 5 , 4532.Xr newsyslog.conf 5 , 4533.Xr pf.conf 5 , 4534.Xr security 7 , 4535.Xr accton 8 , 4536.Xr amd 8 , 4537.Xr apm 8 , 4538.Xr bsdinstall 8 , 4539.Xr bthidd 8 , 4540.Xr chkprintcap 8 , 4541.Xr chown 8 , 4542.Xr cron 8 , 4543.Xr devfs 8 , 4544.Xr dhclient 8 , 4545.Xr ftpd 8 , 4546.Xr geli 8 , 4547.Xr hcsecd 8 , 4548.Xr ifconfig 8 , 4549.Xr inetd 8 , 4550.Xr iovctl 8 , 4551.Xr ipf 8 , 4552.Xr ipfw 8 , 4553.Xr ipnat 8 , 4554.Xr jail 8 , 4555.Xr kldxref 8 , 4556.Xr loader 8 , 4557.Xr lpd 8 , 4558.Xr mdconfig 8 , 4559.Xr mdmfs 8 , 4560.Xr mixer 8 , 4561.Xr mountd 8 , 4562.Xr moused 8 , 4563.Xr newfs 8 , 4564.Xr newsyslog 8 , 4565.Xr nfsd 8 , 4566.Xr ntpd 8 , 4567.Xr ntpdate 8 , 4568.Xr pfctl 8 , 4569.Xr pflogd 8 , 4570.Xr ping 8 , 4571.Xr powerd 8 , 4572.Xr quotacheck 8 , 4573.Xr quotaon 8 , 4574.Xr rc 8 , 4575.Xr rc.sendmail 8 , 4576.Xr rfcomm_pppd 8 , 4577.Xr route 8 , 4578.Xr routed 8 , 4579.Xr rpc.lockd 8 , 4580.Xr rpc.statd 8 , 4581.Xr rpcbind 8 , 4582.Xr rwhod 8 , 4583.Xr savecore 8 , 4584.Xr sdpd 8 , 4585.Xr sshd 8 , 4586.Xr swapon 8 , 4587.Xr sysctl 8 , 4588.Xr syslogd 8 , 4589.Xr sysrc 8 , 4590.Xr timed 8 , 4591.Xr unbound 8 , 4592.Xr usbconfig 8 , 4593.Xr wlandebug 8 , 4594.Xr yp 8 , 4595.Xr ypbind 8 , 4596.Xr ypserv 8 , 4597.Xr ypset 8 4598.Sh HISTORY 4599The 4600.Nm 4601file appeared in 4602.Fx 2.2.2 . 4603.Sh AUTHORS 4604.An Jordan K. Hubbard . 4605