1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd May 4, 2024 26.Dt RC.CONF 5 27.Os 28.Sh NAME 29.Nm rc.conf 30.Nd system configuration information 31.Sh DESCRIPTION 32The file 33.Nm 34contains descriptive information about the local host name, configuration 35details for any potential network interfaces and which services should be 36started up at system initial boot time. 37In new installations, the 38.Nm 39file is generally initialized by the system installation utility. 40.Pp 41The purpose of 42.Nm 43is not to run commands or perform system startup actions 44directly. 45Instead, it is included by the 46various generic startup scripts in 47.Pa /etc 48which conditionalize their 49internal actions according to the settings found there. 50.Pp 51The 52.Pa /etc/rc.conf 53file is included from the file 54.Pa /etc/defaults/rc.conf , 55which specifies the default settings for all the available options. 56Options need only be specified in 57.Pa /etc/rc.conf 58when the system administrator wishes to override these defaults. 59The file 60.Pa /etc/defaults/vendor.conf 61allows vendors to override 62.Fx 63defaults. 64The file 65.Pa /etc/rc.conf.local 66is used to override settings in 67.Pa /etc/rc.conf 68for historical reasons. 69.Pp 70The sysrc(8) command provides a scripting interface to modify system 71config files. 72.Pp 73In addition to 74.Pa /etc/rc.conf.local 75you can also place smaller configuration files for each 76.Xr rc 8 77script in the 78.Pa /etc/rc.conf.d 79directory or 80.Ao Ar dir Ac Ns Pa /rc.conf.d 81directories (where 82.Ao Ar dir Ac 83is each entry specified in 84.Va local_startup , 85but with any trailing 86.Pa /rc.d 87stripped), 88which will be included by the 89.Va load_rc_config 90function. 91For jail configurations you could use the file 92.Pa /etc/rc.conf.d/jail 93to store jail-specific configuration options. 94If 95.Va local_startup 96contains 97.Pa /usr/local/etc/rc.d 98and 99.Pa /opt/conf , 100.Pa /usr/local/etc/rc.conf.d/jail 101and 102.Pa /opt/conf/rc.conf.d/jail 103will be loaded. 104If 105.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 106is a directory, 107all of the files in the directory will be loaded. 108Also see the 109.Va rc_conf_files 110variable below. 111.Pp 112Options are set with 113.Dq Ar name Ns Li = Ns Ar value 114assignments that use 115.Xr sh 1 116syntax. 117The following list provides a name and short description for each 118variable that can be set in the 119.Nm 120file: 121.Bl -tag -width indent-two 122.It Va rc_debug 123.Pq Vt bool 124If set to 125.Dq Li YES , 126enable output of debug messages from rc scripts. 127This variable can be helpful in diagnosing mistakes when 128editing or integrating new scripts. 129Beware that this produces copious output to the terminal and 130.Xr syslog 3 . 131.It Va rc_info 132.Pq Vt bool 133If set to 134.Dq Li NO , 135disable informational messages from the rc scripts. 136Informational messages are displayed when 137a condition that is not serious enough to warrant a warning or 138an error occurs. 139.It Va rc_startmsgs 140.Pq Vt bool 141If set to 142.Dq Li YES , 143show 144.Dq Starting foo: 145when faststart is used (e.g., at boot time). 146.It Va early_late_divider 147.Pq Vt str 148The name of the script that should be used as the 149delimiter between the 150.Dq early 151and 152.Dq late 153stages of the boot process. 154The early stage should contain all the services needed to 155get the disks (local or remote) mounted so that the late 156stage can include scripts contained in the directories 157listed in the 158.Va local_startup 159variable (see below). 160Thus, the two likely candidates for this value are 161.Pa mountcritlocal 162for the typical system, and 163.Pa mountcritremote 164if the system needs remote file 165systems mounted to get access to the 166.Va local_startup 167directories; for example when 168.Pa /usr/local 169is NFS mounted. 170For 171.Pa rc.conf 172within a 173.Xr jail 8 174.Pa NETWORKING 175is likely to be an appropriate value. 176Extreme care should be taken when changing this value, 177and before changing it one should ensure that there are 178adequate provisions to recover from a failed boot 179(such as physical contact with the machine, 180or reliable remote console access). 181.It Va always_force_depends 182.Pq Vt bool 183Various 184.Pa rc.d 185scripts use the force_depend function to check whether required 186services are already running, and to start them if necessary. 187By default during boot time this check is bypassed if the 188required service is enabled in 189.Pa /etc/rc.conf[.local] . 190Setting this option will bypass that check at boot time and 191always test whether or not the service is actually running. 192Enabling this option is likely to increase your boot time if 193services are enabled that utilize the force_depend check. 194.It Ao Ar name Ac Ns Va _chroot 195.Pq Vt str 196.Xr chroot 8 197to this directory before running the service. 198.It Ao Ar name Ac Ns Va _cpuset 199.Pq Vt str 200A list of CPUs to run the service on. 201Passed to 202.Xr cpuset 1 203using the 204.Fl l 205flag. 206.It Ao Ar name Ac Ns Va _fib 207.Pq Vt int 208The 209.Xr setfib 1 210value to run the service under. 211.It Ao Ar name Ac Ns Va _group 212.Pq Vt str 213Run the chrooted service under this system group. 214Unlike the 215.Ao Ar name Ac Ns Va _user 216setting, this setting has no effect if the service is not chrooted. 217.It Ao Ar name Ac Ns Va _limits 218.Pq Vt str 219Resource limits to apply to the service using 220.Xr limits 1 . 221By default, resource limits are based on the login class defined in 222.Ao Ar name Ac Ns Va _login_class . 223.It Ao Ar name Ac Ns Va _login_class 224.Pq Vt str 225Login class to be used with 226.Ao Ar name Ac Ns Va _limits . 227Defaults to 228.Dq Li daemon . 229.It Ao Ar name Ac Ns Va _nice 230.Pq Vt int 231The 232.Xr nice 1 233value to run the service under. 234.It Ao Ar name Ac Ns Va _oomprotect 235.Pq Vt str 236Use 237.Xr protect 1 238to prevent the service from being killed when swap space 239is exhausted. 240Use 241.Dq Li YES 242to protect only the service itself, and 243.Dq Li ALL 244to protect the service and all its child processes. 245.Pp 246Please note that rc scripts which redefine 247.Dl ${argument}_cmd 248.Pq see Xr rc.subr 8 249such as PostgreSQL will not inherit the OOM killer protection. 250.Pp 251This variable has no effect on services running within a 252.Xr jail 8 . 253.It Ao Ar name Ac Ns Va _setup 254.Pq Vt str 255Run the specified setup script right before starting the actual service 256command. 257Useful for automatic configuration file generation. 258.It Ao Ar name Ac Ns Va _umask 259.Pq Vt int 260Run the service using this 261.Xr umask 1 262value. 263.It Ao Ar name Ac Ns Va _user 264.Pq Vt str 265Run the service under this user account. 266.It Va apm_enable 267.Pq Vt bool 268If set to 269.Dq Li YES , 270enable support for Automatic Power Management with 271the 272.Xr apm 8 273command. 274.It Va apmd_enable 275.Pq Vt bool 276Run 277.Xr apmd 8 278to handle APM event from userland. 279This also enables support for APM. 280.It Va apmd_flags 281.Pq Vt str 282If 283.Va apmd_enable 284is set to 285.Dq Li YES , 286these are the flags to pass to the 287.Xr apmd 8 288daemon. 289.It Va devd_enable 290.Pq Vt bool 291Run 292.Xr devd 8 293to handle device added, removed or unknown events from the kernel. 294.It Va ddb_enable 295.Pq Vt bool 296Run 297.Xr ddb 8 298to install 299.Xr ddb 4 300scripts at boot time. 301.It Va ddb_config 302.Pq Vt str 303Configuration file for 304.Xr ddb 8 . 305Default 306.Pa /etc/ddb.conf . 307.It Va devmatch_enable 308.Pq Vt bool 309If set to 310.Dq Li NO , 311disable auto-loading of kernel modules with 312.Xr devmatch 8 . 313.It Va devmatch_blocklist 314.Pq Vt str 315A whitespace-separated list of kernel modules to be ignored by 316.Xr devmatch 8 . 317In addition, the 318.Xr kenv 1 319.Va devmatch_blocklist 320is appended to this variable to allow disabling of 321.Xr devmatch 8 322loaded modules from the boot loader. 323.It Va devmatch_blacklist 324.Pq Vt str 325This variable is deprecated. 326Use 327.Va devmatch_blocklist 328instead. 329A whitespace-separated list of kernel modules to be ignored by 330.Xr devmatch 8 . 331.It Va kld_list 332.Pq Vt str 333A whitespace-separated list of kernel modules to load right after 334the local disks are mounted, without any 335.Pa .ko 336extension or path. 337Loading modules at this point in the boot process is 338much faster than doing it via 339.Pa /boot/loader.conf 340for those modules not necessary for mounting local disks. 341.It Va kldxref_enable 342.Pq Vt bool 343Set to 344.Dq Li NO 345by default. 346Set to 347.Dq Li YES 348to automatically rebuild 349.Pa linker.hints 350files with 351.Xr kldxref 8 352at boot time. 353.It Va kldxref_clobber 354.Pq Vt bool 355Set to 356.Dq Li NO 357by default. 358If 359.Va kldxref_enable 360is true, 361setting to 362.Dq Li YES 363will overwrite existing 364.Pa linker.hints 365files at boot time. 366Otherwise, 367only missing 368.Pa linker.hints 369files are generated. 370.It Va kldxref_module_path 371.Pq Vt str 372Empty by default. 373A semi-colon 374.Pq Ql \&; 375delimited list of paths containing 376.Xr kld 4 377modules. 378If empty, 379the contents of the 380.Va kern.module_path 381.Xr sysctl 8 382are used. 383.It Va powerd_enable 384.Pq Vt bool 385If set to 386.Dq Li YES , 387enable the system power control facility with the 388.Xr powerd 8 389daemon. 390.It Va powerd_flags 391.Pq Vt str 392If 393.Va powerd_enable 394is set to 395.Dq Li YES , 396these are the flags to pass to the 397.Xr powerd 8 398daemon. 399.It Va tmpmfs 400Controls the creation of a 401.Pa /tmp 402memory file system. 403Always happens if set to 404.Dq Li YES 405and never happens if set to 406.Dq Li NO . 407If set to anything else, a memory file system is created if 408.Pa /tmp 409is not writable. 410.It Va tmpsize 411Controls the size of a created 412.Pa /tmp 413memory file system. 414.It Va tmpmfs_flags 415Extra options passed to the 416.Xr mdmfs 8 417utility when the memory file system for 418.Pa /tmp 419is created. 420The default is 421.Dq Li "-S" , 422which inhibits the use of softupdates on 423.Pa /tmp 424so that file system space is freed without delay 425after file truncation or deletion. 426See 427.Xr mdmfs 8 428for other options you can use in 429.Va tmpmfs_flags . 430.It Va varmfs 431Controls the creation of a 432.Pa /var 433memory file system. 434Always happens if set to 435.Dq Li YES 436and never happens if set to 437.Dq Li NO . 438If set to anything else, a memory file system is created if 439.Pa /var 440is not writable. 441.It Va varsize 442Controls the size of a created 443.Pa /var 444memory file system. 445.It Va varmfs_flags 446Extra options passed to the 447.Xr mdmfs 8 448utility when the memory file system for 449.Pa /var 450is created. 451The default is 452.Dq Li "-S" , 453which inhibits the use of softupdates on 454.Pa /var 455so that file system space is freed without delay 456after file truncation or deletion. 457See 458.Xr mdmfs 8 459for other options you can use in 460.Va varmfs_flags . 461.It Va populate_var 462Controls the automatic population of the 463.Pa /var 464file system. 465Always happens if set to 466.Dq Li YES 467and never happens if set to 468.Dq Li NO . 469If set to anything else, a memory file system is created if 470.Pa /var 471is not writable. 472Note that this process requires access to certain commands in 473.Pa /usr 474before 475.Pa /usr 476is mounted on normal systems. 477.It Va cleanvar_enable 478.Pq Vt bool 479Clean the 480.Pa /var 481directory. 482.It Va var_run_enable 483.Pq Vt bool 484Set to "YES" to enable saving of the 485.Pa /var/run 486directory structure into an mtree file at shutdown and the reload of the 487.Pa /var/run 488directory structure at boot. 489.It Va var_run_autosave 490.Pq Vt bool 491In some cases it may be undesirable to save 492.Pa /var/run 493at shutdown. 494When set to "NO" 495.Pa /var/run 496is loaded at reboot but not saved at shutdown. 497Typically in this scenario 498.Ql service var_run save 499would be performed to save a copy of the 500.Pa /var/run 501directory structure once, to be reloaded during all subsequent reboots. 502.It Va var_run_mtree 503.Pq Vt str 504Where to save the 505.Pa /var/run 506mtree. 507The default location is 508.Pa /var/db/mtree/BSD.var-run.mtree . 509.It Va local_startup 510.Pq Vt str 511List of directories to search for startup script files. 512.It Va script_name_sep 513.Pq Vt str 514The field separator to use for breaking down the list of startup script files 515into individual filenames. 516The default is a space. 517It is not necessary to change this unless there are startup scripts with names 518containing spaces. 519.It Va hostapd_enable 520.Pq Vt bool 521Set to 522.Dq Li YES 523to start 524.Xr hostapd 8 525at system boot time. 526.It Va hostname 527.Pq Vt str 528The fully qualified domain name (FQDN) of this host on the network. 529This should almost certainly be set to something meaningful, even if 530there is no network connection. 531If 532.Xr dhclient 8 533is used to set the hostname via DHCP, 534this variable should be set to an empty string. 535Within a 536.Xr jail 8 537the hostname is generally already set and this variable may be absent. 538If this value remains unset when the system is done booting 539your console login will display the default hostname of 540.Dq Amnesiac . 541.It Va nisdomainname 542.Pq Vt str 543The NIS domain name of this host, or 544.Dq Li NO 545if NIS is not used. 546.It Va hostid_enable 547.Pq Vt bool 548If set to 549.Dq Li NO , 550disable the generation or saving of the 551.Pa hostid 552and 553.Pa machine-id 554files at system boot and shutdown. 555.It Va hostid_file 556.Pq Vt str 557Path to the 558.Pa hostid 559file, default 560.Pa /etc/hostid . 561.It Va hostid_uuidgen_flags 562.Pq Vt str 563Flags passed to 564.Xr uuidgen 1 565when generating a software host UUID. 566This is used only if the system cannot determine a hardware UUID. 567Set to 568.Dq Li -r 569by default. 570.It Va machine_id_file 571.Pq Vt str 572Path to the 573.Pa machine-id 574file, default 575.Pa /etc/machine-id . 576.It Va dhclient_program 577.Pq Vt str 578Path to the DHCP client program, defaulting to 579.Pa /sbin/dhclient . 580.It Va dhclient_flags 581.Pq Vt str 582Additional flags to pass to the DHCP client program. 583See the 584.Xr dhclient 8 585manpage for a description of the command line options available. 586.It Va dhclient_flags_ Ns Aq Ar iface 587Additional flags to pass to the DHCP client program running on 588.Ar iface 589only. 590When specified, this variable overrides 591.Va dhclient_flags . 592.It Va background_dhclient 593.Pq Vt bool 594Set to 595.Dq Li YES 596to start the DHCP client in background. 597This can cause trouble with applications depending on 598a working network, but it will provide a faster startup 599in many cases. 600.It Va background_dhclient_ Ns Aq Ar iface 601When specified, this variable overrides the 602.Va background_dhclient 603variable for interface 604.Ar iface 605only. 606.It Va synchronous_dhclient 607.Pq Vt bool 608Set to 609.Dq Li YES 610to start 611.Xr dhclient 8 612synchronously at startup. 613This behavior can be overridden on a per-interface basis by replacing 614the 615.Dq Li DHCP 616keyword in the 617.Va ifconfig_ Ns Aq Ar interface 618variable with 619.Dq Li SYNCDHCP 620or 621.Dq Li NOSYNCDHCP . 622.It Va defaultroute_delay 623.Pq Vt int 624When set to a positive value, wait up to this long after configuring 625DHCP interfaces at startup to give the interfaces time to receive a lease. 626.It Va firewall_enable 627.Pq Vt bool 628Set to 629.Dq Li YES 630to load firewall rules at startup. 631If the kernel was not built with 632.Cd "options IPFIREWALL" , 633the 634.Pa ipfw.ko 635kernel module will be loaded. 636See also 637.Va ipfilter_enable . 638.It Va firewall_script 639.Pq Vt str 640This variable specifies the full path to the firewall script to run. 641The default is 642.Pa /etc/rc.firewall . 643.It Va firewall_type 644.Pq Vt str 645Names the firewall type from the selection in 646.Pa /etc/rc.firewall , 647or the file which contains the local firewall ruleset. 648Valid selections from 649.Pa /etc/rc.firewall 650are: 651.Pp 652.Bl -tag -width ".Li workstation" -compact 653.It Li open 654unrestricted IP access 655.It Li closed 656all IP services disabled, except via 657.Dq Li lo0 658.It Li client 659basic protection for a workstation 660.It Li workstation 661basic protection for a workstation using stateful firewalling 662.It Li simple 663basic protection for a LAN. 664.El 665.Pp 666If a filename is specified, the full path 667must be given. 668.Pp 669Most of the predefined rulesets define additional configuration variables. 670These are documented in 671.Pa /etc/rc.firewall . 672.It Va firewall_quiet 673.Pq Vt bool 674Set to 675.Dq Li YES 676to disable the display of firewall rules on the console during boot. 677.It Va firewall_logging 678.Pq Vt bool 679Set to 680.Dq Li YES 681to enable firewall event logging. 682This is equivalent to the 683.Dv IPFIREWALL_VERBOSE 684kernel option. 685.It Va firewall_logif 686.Pq Vt bool 687Set to 688.Dq Li YES 689to create pseudo interface 690.Li ipfw0 691for logging. 692For more details, see 693.Xr ipfw 8 694manual page. 695.It Va firewall_flags 696.Pq Vt str 697Flags passed to 698.Xr ipfw 8 699if 700.Va firewall_type 701specifies a filename. 702.It Va firewall_coscripts 703.Pq Vt str 704List of executables and/or rc scripts to run after firewall starts/stops. 705Default is empty. 706.\" ----- firewall_nat_enable setting -------------------------------- 707.It Va firewall_nat_enable 708.Pq Vt bool 709The 710.Xr ipfw 8 711equivalent of 712.Va natd_enable . 713Setting this to 714.Dq Li YES 715will automatically load the 716.Xr ipfw 8 717NAT kernel module if 718.Va firewall_enable 719is also set to 720.Dq Li YES . 721.It Va firewall_nat_interface 722.Pq Vt str 723The 724.Xr ipfw 8 725equivalent of 726.Va natd_interface . 727This is the name of the public interface or IP address on which 728kernel NAT should run. 729.It Va firewall_nat_flags 730.Pq Vt str 731Additional configuration parameters for kernel NAT should be placed here. 732.It Va firewall_nat64_enable 733.Pq Vt bool 734Setting this to 735.Dq Li YES 736will automatically load the 737.Xr ipfw 8 738NAT64 kernel module if 739.Va firewall_enable 740is also set to 741.Dq Li YES . 742.It Va firewall_nptv6_enable 743.Pq Vt bool 744Setting this to 745.Dq Li YES 746will automatically load the 747.Xr ipfw 8 748NPTv6 kernel module if 749.Va firewall_enable 750is also set to 751.Dq Li YES . 752.It Va firewall_pmod_enable 753.Pq Vt bool 754Setting this to 755.Dq Li YES 756will automatically load the 757.Xr ipfw 8 758pmod kernel module if 759.Va firewall_enable 760is also set to 761.Dq Li YES . 762.It Va dummynet_enable 763.Pq Vt bool 764Setting this to 765.Dq Li YES 766will automatically load the 767.Xr dummynet 4 768module if 769.Va firewall_enable 770is also set to 771.Dq Li YES . 772.\" ------------------------------------------------------------------- 773.It Va ipfw_netflow_enable 774.Pq Vt bool 775Setting this to 776.Dq Li YES 777will enable netflow logging via 778.Xr ng_netflow 4 . 779.Pp 780By default a ipfw rule is inserted and all packets are duplicated with 781the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 782port using protocol version 5. 783.It Va ipfw_netflow_hook 784.Pq Vt int 785netflow hook name, must be numerical 786(default 787.Pa 9995 ) . 788.It Va ipfw_netflow_rule 789.Pq Vt int 790ipfw rule number 791(default 792.Pa 1000 ) . 793.It Va ipfw_netflow_ip 794.Pq Vt str 795Destination server ip for receiving netflow data 796(default 797.Pa 127.0.0.1 ) . 798.It Va ipfw_netflow_port 799.Pq Vt int 800Destination server port for receiving netflow data 801(default 802.Pa 9995 ) . 803.It Va ipfw_netflow_version 804.Pq Vt int 805Do not set for using version 5 of the netflow protocol, set it to 9 for using 806version 9. 807.It Va ipfw_netflow_fib 808.Pq Vt int 809Only match packet in FIB 810.Pa ipfw_netflow_fib 811(default is undefined meaning all FIBs). 812.It Va natd_program 813.Pq Vt str 814Path to 815.Xr natd 8 . 816.It Va natd_enable 817.Pq Vt bool 818Set to 819.Dq Li YES 820to enable 821.Xr natd 8 . 822.Va firewall_enable 823must also be set to 824.Dq Li YES , 825and 826.Xr divert 4 827sockets must be enabled in the kernel. 828If the kernel was not built with 829.Cd "options IPDIVERT" , 830the 831.Pa ipdivert.ko 832kernel module will be loaded. 833.It Va natd_interface 834.Pq Vt str 835This is the name of the public interface on which 836.Xr natd 8 837should run. 838The interface may be given as an interface name or as an IP address. 839.It Va natd_flags 840.Pq Vt str 841Additional 842.Xr natd 8 843flags should be placed here. 844The 845.Fl n 846or 847.Fl a 848flag is automatically added with the above 849.Va natd_interface 850as an argument. 851.\" ----- ipfilter_enable setting -------------------------------- 852.It Va ipfilter_enable 853.Pq Vt bool 854Set to 855.Dq Li NO 856by default. 857Setting this to 858.Dq Li YES 859enables 860.Xr ipf 8 861packet filtering. 862.Pp 863Typical usage will require putting 864.Bd -literal 865ipfilter_enable="YES" 866ipnat_enable="YES" 867ipmon_enable="YES" 868ipfs_enable="YES" 869.Ed 870.Pp 871into 872.Pa /etc/rc.conf 873and editing 874.Pa /etc/ipf.rules 875and 876.Pa /etc/ipnat.rules 877appropriately. 878.Pp 879Note that 880.Va ipfilter_enable 881and 882.Va ipnat_enable 883can be enabled independently. 884.Va ipmon_enable 885and 886.Va ipfs_enable 887both require at least one of 888.Va ipfilter_enable 889and 890.Va ipnat_enable 891to be enabled. 892.Pp 893Having 894.Bd -literal 895options IPFILTER 896options IPFILTER_LOG 897options IPFILTER_DEFAULT_BLOCK 898.Ed 899.Pp 900in the kernel configuration file is a good idea, too. 901.\" ----- ipfilter_program setting ------------------------------ 902.It Va ipfilter_program 903.Pq Vt str 904Path to 905.Xr ipf 8 906(default 907.Pa /sbin/ipf ) . 908.\" ----- ipfilter_rules setting -------------------------------- 909.It Va ipfilter_rules 910.Pq Vt str 911Set to 912.Pa /etc/ipf.rules 913by default. 914This variable contains the name of the filter rule definition file. 915The file is expected to be readable for the 916.Xr ipf 8 917command to execute. 918.\" ----- ipfilter_flags setting -------------------------------- 919.It Va ipfilter_flags 920.Pq Vt str 921Empty by default. 922This variable contains flags passed to the 923.Xr ipf 8 924program. 925.\" ----- ipnat_enable setting ---------------------------------- 926.It Va ipnat_enable 927.Pq Vt bool 928Set to 929.Dq Li NO 930by default. 931Set it to 932.Dq Li YES 933to enable 934.Xr ipnat 8 935network address translation. 936See 937.Va ipfilter_enable 938for a detailed discussion. 939.\" ----- ipnat_program setting --------------------------------- 940.It Va ipnat_program 941.Pq Vt str 942Path to 943.Xr ipnat 8 944(default 945.Pa /sbin/ipnat ) . 946.\" ----- ipnat_rules setting ----------------------------------- 947.It Va ipnat_rules 948.Pq Vt str 949Set to 950.Pa /etc/ipnat.rules 951by default. 952This variable contains the name of the file 953holding the network address translation definition. 954This file is expected to be readable for the 955.Xr ipnat 8 956command to execute. 957.\" ----- ipnat_flags setting ----------------------------------- 958.It Va ipnat_flags 959.Pq Vt str 960Empty by default. 961This variable contains flags passed to the 962.Xr ipnat 8 963program. 964.\" ----- ipmon_enable setting ---------------------------------- 965.It Va ipmon_enable 966.Pq Vt bool 967Set to 968.Dq Li NO 969by default. 970Set it to 971.Dq Li YES 972to enable 973.Xr ipmon 8 974monitoring (logging 975.Xr ipf 8 976and 977.Xr ipnat 8 978events). 979Setting this variable needs setting 980.Va ipfilter_enable 981or 982.Va ipnat_enable 983too. 984See 985.Va ipfilter_enable 986for a detailed discussion. 987.\" ----- ipmon_program setting --------------------------------- 988.It Va ipmon_program 989.Pq Vt str 990Path to 991.Xr ipmon 8 992(default 993.Pa /sbin/ipmon ) . 994.\" ----- ipmon_flags setting ----------------------------------- 995.It Va ipmon_flags 996.Pq Vt str 997Set to 998.Dq Li -Ds 999by default. 1000This variable contains flags passed to the 1001.Xr ipmon 8 1002program. 1003Another typical example would be 1004.Dq Fl D Pa /var/log/ipflog 1005to have 1006.Xr ipmon 8 1007log directly to a file bypassing 1008.Xr syslogd 8 . 1009Make sure to adjust 1010.Pa /etc/newsyslog.conf 1011in such case like this: 1012.Bd -literal 1013/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 1014.Ed 1015.\" ----- ipfs_enable setting ----------------------------------- 1016.It Va ipfs_enable 1017.Pq Vt bool 1018Set to 1019.Dq Li NO 1020by default. 1021Set it to 1022.Dq Li YES 1023to enable 1024.Xr ipfs 8 1025saving the filter and NAT state tables during shutdown 1026and reloading them during startup again. 1027Setting this variable needs setting 1028.Va ipfilter_enable 1029or 1030.Va ipnat_enable 1031to 1032.Dq Li YES 1033too. 1034See 1035.Va ipfilter_enable 1036for a detailed discussion. 1037Note that if 1038.Va kern_securelevel 1039is set to 3, 1040.Va ipfs_enable 1041cannot be used 1042because the raised securelevel will prevent 1043.Xr ipfs 8 1044from saving the state tables at shutdown time. 1045.\" ----- ipfs_program setting ---------------------------------- 1046.It Va ipfs_program 1047.Pq Vt str 1048Path to 1049.Xr ipfs 8 1050(default 1051.Pa /sbin/ipfs ) . 1052.\" ----- ipfs_flags setting ------------------------------------ 1053.It Va ipfs_flags 1054.Pq Vt str 1055Empty by default. 1056This variable contains flags passed to the 1057.Xr ipfs 8 1058program. 1059.\" ----- end of added ipf hook --------------------------------- 1060.It Va pf_enable 1061.Pq Vt bool 1062Set to 1063.Dq Li NO 1064by default. 1065Setting this to 1066.Dq Li YES 1067enables 1068.Xr pf 4 1069packet filtering. 1070.Pp 1071Typical usage will require putting 1072.Pp 1073.Dl pf_enable="YES" 1074.Pp 1075into 1076.Pa /etc/rc.conf 1077and editing 1078.Pa /etc/pf.conf 1079appropriately. 1080Adding 1081.Pp 1082.Dl "device pf" 1083.Pp 1084builds support for 1085.Xr pf 4 1086into the kernel, otherwise the 1087kernel module will be loaded. 1088.It Va pf_rules 1089.Pq Vt str 1090Path to 1091.Xr pf 4 1092ruleset configuration file 1093(default 1094.Pa /etc/pf.conf ) . 1095.It Va pf_program 1096.Pq Vt str 1097Path to 1098.Xr pfctl 8 1099(default 1100.Pa /sbin/pfctl ) . 1101.It Va pf_flags 1102.Pq Vt str 1103If 1104.Va pf_enable 1105is set to 1106.Dq Li YES , 1107these flags are passed to the 1108.Xr pfctl 8 1109program when loading the ruleset. 1110.It Va pf_fallback_rules_enable 1111.Pq Vt bool 1112Set to 1113.Dq Li NO 1114by default. 1115Setting this to 1116.Dq Li YES 1117enables loading 1118.Va pf_fallback_rules_file 1119or 1120.Va pf_fallback_rules 1121in case of a problem when loading the ruleset in 1122.Va pf_rules . 1123.It Va pf_fallback_rules_file 1124.Pq Vt str 1125Path to a pf ruleset to load in case of failure when loading the 1126ruleset in 1127.Va pf_rules 1128(default 1129.Pa /etc/pf-fallback.conf ) . 1130.It Va pf_fallback_rules 1131.Pq Vt str 1132A pf ruleset to load in case of failure when loading the ruleset in 1133.Va pf_rules 1134and 1135.Va pf_fallback_rules_file 1136is not found. 1137Multiple rules can be set as follows: 1138.Bd -literal 1139pf_fallback_rules="\\ 1140 block drop log all\\ 1141 pass in quick on em0" 1142.Pp 1143.Ed 1144The default fallback rule is 1145.Dq block drop log all 1146.It Va pflog_enable 1147.Pq Vt bool 1148Set to 1149.Dq Li NO 1150by default. 1151Setting this to 1152.Dq Li YES 1153enables 1154.Xr pflogd 8 1155which logs packets from the 1156.Xr pf 4 1157packet filter. 1158.It Va pflog_logfile 1159.Pq Vt str 1160If 1161.Va pflog_enable 1162is set to 1163.Dq Li YES 1164this controls where 1165.Xr pflogd 8 1166stores the logfile 1167(default 1168.Pa /var/log/pflog ) . 1169Check 1170.Pa /etc/newsyslog.conf 1171to adjust logfile rotation for this. 1172.It Va pflog_program 1173.Pq Vt str 1174Path to 1175.Xr pflogd 8 1176(default 1177.Pa /sbin/pflogd ) . 1178.It Va pflog_flags 1179.Pq Vt str 1180Empty by default. 1181This variable contains additional flags passed to the 1182.Xr pflogd 8 1183program. 1184.It Va pflog_instances 1185.Pq Vt str 1186If logging to more than one 1187.Xr pflog 4 1188interface is desired, 1189.Va pflog_instances 1190is set to the list of 1191.Xr pflogd 8 1192instances that should be started at system boot time. 1193If 1194.Va pflog_instances 1195is set, for each whitespace-separated 1196.Ar element 1197in the list, 1198.Ao Ar element Ac Ns Va _dev 1199and 1200.Ao Ar element Ac Ns Va _logfile 1201elements are assumed to exist. 1202.Ao Ar element Ac Ns Va _dev 1203must contain the 1204.Xr pflog 4 1205interface to be watched by the named 1206.Xr pflogd 8 1207instance. 1208.Ao Ar element Ac Ns Va _logfile 1209must contain the name of the logfile that will be used by the 1210.Xr pflogd 8 1211instance. 1212.It Va ftpproxy_enable 1213.Pq Vt bool 1214Set to 1215.Dq Li NO 1216by default. 1217Setting this to 1218.Dq Li YES 1219enables 1220.Xr ftp-proxy 8 1221which supports the 1222.Xr pf 4 1223packet filter in translating ftp connections. 1224.It Va ftpproxy_flags 1225.Pq Vt str 1226Empty by default. 1227This variable contains additional flags passed to the 1228.Xr ftp-proxy 8 1229program. 1230.It Va ftpproxy_instances 1231.Pq Vt str 1232Empty by default. 1233If multiple instances of 1234.Xr ftp-proxy 8 1235are desired at boot time, 1236.Va ftpproxy_instances 1237should contain a whitespace-separated list of instance names. 1238For each 1239.Ar element 1240in the list, a variable named 1241.Ao Ar element Ac Ns Va _flags 1242should be defined, containing the command-line flags to be passed to the 1243.Xr ftp-proxy 8 1244instance. 1245.It Va pfsync_enable 1246.Pq Vt bool 1247Set to 1248.Dq Li NO 1249by default. 1250Setting this to 1251.Dq Li YES 1252enables exposing 1253.Xr pf 4 1254state changes to other hosts over the network by means of 1255.Xr pfsync 4 . 1256The 1257.Va pfsync_syncdev 1258variable 1259must also be set then. 1260.It Va pfsync_syncdev 1261.Pq Vt str 1262Empty by default. 1263This variable specifies the name of the network interface 1264.Xr pfsync 4 1265should operate through. 1266It must be set accordingly if 1267.Va pfsync_enable 1268is set to 1269.Dq Li YES . 1270.It Va pfsync_syncpeer 1271.Pq Vt str 1272Empty by default. 1273This variable is optional. 1274By default, state change messages are sent out on the synchronisation 1275interface using IP multicast packets. 1276The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1277224.0.0.240. 1278When a peer address is specified using the 1279.Va pfsync_syncpeer 1280option, the peer address is used as a destination for the pfsync 1281traffic, and the traffic can then be protected using 1282.Xr ipsec 4 . 1283See the 1284.Xr pfsync 4 1285manpage for more details about using 1286.Xr ipsec 4 1287with 1288.Xr pfsync 4 1289interfaces. 1290.It Va pfsync_ifconfig 1291.Pq Vt str 1292Empty by default. 1293This variable can contain additional options to be passed to the 1294.Xr ifconfig 8 1295command used to set up 1296.Xr pfsync 4 . 1297.It Va tcp_extensions 1298.Pq Vt bool 1299Set to 1300.Dq Li YES 1301by default. 1302Setting this to 1303.Dq Li NO 1304disables certain TCP options as described by 1305.Rs 1306.%T "RFC 1323" 1307.Re 1308Setting this to 1309.Dq Li NO 1310might help remedy such problems with connections as randomly hanging 1311or other weird behavior. 1312Some network devices are known 1313to be broken with respect to these options. 1314.It Va log_in_vain 1315.Pq Vt int 1316Set to 0 by default. 1317The 1318.Xr sysctl 8 1319variables, 1320.Va net.inet.tcp.log_in_vain 1321and 1322.Va net.inet.udp.log_in_vain , 1323as described in 1324.Xr tcp 4 1325and 1326.Xr udp 4 , 1327are set to the given value. 1328.It Va tcp_keepalive 1329.Pq Vt bool 1330Set to 1331.Dq Li YES 1332by default. 1333Setting to 1334.Dq Li NO 1335will disable probing idle TCP connections to verify that the 1336peer is still up and reachable. 1337.It Va tcp_drop_synfin 1338.Pq Vt bool 1339Set to 1340.Dq Li NO 1341by default. 1342Setting to 1343.Dq Li YES 1344will cause the kernel to ignore TCP frames that have both 1345the SYN and FIN flags set. 1346This prevents OS fingerprinting, but may 1347break some legitimate applications. 1348.It Va icmp_drop_redirect 1349.Pq Vt bool 1350Set to 1351.Dq Li AUTO 1352by default. 1353This setting will be identical to 1354.Dq Li YES , 1355if a dynamic routing daemon is enabled, because redirect processing may 1356cause performance issues for large routing tables. 1357If no such service is enabled, this setting behaves like a 1358.Dq Li NO . 1359Setting to 1360.Dq Li YES 1361will cause the kernel to ignore ICMP REDIRECT packets. 1362Setting to 1363.Dq Li NO 1364will cause the kernel to process ICMP REDIRECT packets. 1365Refer to 1366.Xr icmp 4 1367for more information. 1368.It Va icmp_log_redirect 1369.Pq Vt bool 1370Set to 1371.Dq Li NO 1372by default. 1373Setting to 1374.Dq Li YES 1375will cause the kernel to log ICMP REDIRECT packets. 1376Note that 1377the log messages are not rate-limited, so this option should only be used 1378for troubleshooting networks. 1379Refer to 1380.Xr icmp 4 1381for more information. 1382.It Va icmp_bmcastecho 1383.Pq Vt bool 1384Set to 1385.Dq Li YES 1386to respond to broadcast or multicast ICMP ping packets. 1387Refer to 1388.Xr icmp 4 1389for more information. 1390.It Va ip_portrange_first 1391.Pq Vt int 1392If not set to 1393.Dq Li NO , 1394this is the first port in the default portrange. 1395Refer to 1396.Xr ip 4 1397for more information. 1398.It Va ip_portrange_last 1399.Pq Vt int 1400If not set to 1401.Dq Li NO , 1402this is the last port in the default portrange. 1403Refer to 1404.Xr ip 4 1405for more information. 1406.It Va network_interfaces 1407.Pq Vt str 1408Set to the list of network interfaces to configure on this host or 1409.Dq Li AUTO 1410(the default) for all current interfaces. 1411Setting the 1412.Va network_interfaces 1413variable to anything other than the default is deprecated. 1414Interfaces that the administrator wishes to store configuration for, 1415but not start at boot should be configured with the 1416.Dq Li NOAUTO 1417keyword in their 1418.Va ifconfig_ Ns Aq Ar interface 1419variables as described below. 1420.Pp 1421An 1422.Va ifconfig_ Ns Aq Ar interface 1423variable is assumed to exist for each value of 1424.Ar interface . 1425When an interface name contains any of the characters 1426.Dq Li .-/+ 1427they are translated to 1428.Dq Li _ 1429before lookup. 1430For example, the interface 1431.Va em0.102 1432would be configured using the variable 1433.Va ifconfig_em0_102 . 1434.Pp 1435The variable can contain arguments to 1436.Xr ifconfig 8 , 1437as well as special case-insensitive keywords described below. 1438Such keywords are removed before passing the value to 1439.Xr ifconfig 8 1440while the order of the other arguments is preserved. 1441.Pp 1442For example, to assign the IPv4 address 192.0.2.1/24 to the interface em0: 1443.Bd -literal 1444ifconfig_em0="inet 192.0.2.1/24 up" 1445.Ed 1446.Pp 1447If the variable 1448.Va ifconfig_ Ns Ao Ar interface Ac Ns Pa _ipv6 1449is set, then 1450.Va ifconfig_ Ns Aq Ar interface 1451does not need to be set unless an IPv4 address should also be assigned to 1452the interface. 1453.Pp 1454It is possible to add IP alias entries using 1455.Xr ifconfig 8 1456syntax with the address family keyword such as 1457.Li inet . 1458Assuming that the interface in question was 1459.Li em0 , 1460it might look something like this: 1461.Bd -literal 1462ifconfig_em0_alias0="inet 127.0.0.253/32" 1463ifconfig_em0_alias1="inet 127.0.0.254/32" 1464.Ed 1465.Pp 1466It also possible to configure multiple IP addresses in Classless 1467Inter-Domain Routing 1468.Pq CIDR 1469address notation, 1470whose each address component can be a range like 1471.Li inet 192.0.2.5-23/24 1472or 1473.Li inet6 2001:db8:1-f::1/64 . 1474This notation allows address and prefix length part only, 1475not the other address modifiers. 1476Note that the maximum number of the generated addresses from a range 1477specification is limited to an integer value specified in 1478.Va netif_ipexpand_max 1479in 1480.Nm 1481because a small typo can unexpectedly generate a large number of addresses. 1482The default value is 1483.Li 2048 . 1484It can be increased by adding the following line into 1485.Nm : 1486.Bd -literal 1487netif_ipexpand_max="4096" 1488.Ed 1489.Pp 1490In the case of 1491.Li 192.0.2.5-23/24 , 1492the address 192.0.2.5 will be configured with the prefix length /24 and the 1493addresses 192.0.2.6 to 192.0.2.23 with the non-conflicting prefix length /32 as 1494explained in the 1495.Xr ifconfig 8 1496alias section. 1497Note that this special CIDR handling is only for 1498.Li inet , 1499not for the other address families such as 1500.Li inet6 . 1501.Pp 1502With the interface in question being 1503.Li em0 , 1504an example could look like: 1505.Bd -literal 1506ifconfig_em0_alias2="inet 192.0.2.129/27" 1507ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1508.Ed 1509.Pp 1510and so on. 1511.Pp 1512Note that deprecated 1513.Va ipv4_addrs_ Ns Aq Ar interface 1514variable was supported for IPv4 CIDR address notation. 1515The 1516.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1517variable replaces it, though 1518.Va ipv4_addrs_ Ns Aq Ar interface 1519is still supported for backward compatibility. 1520.Pp 1521For each 1522.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1523entry with an address family keyword, 1524its contents are passed to 1525.Xr ifconfig 8 . 1526Execution stops at the first unsuccessful access, so if 1527something like this is present: 1528.Bd -literal 1529ifconfig_em0_alias0="inet 127.0.0.251/32" 1530ifconfig_em0_alias1="inet 127.0.0.252/32" 1531ifconfig_em0_alias2="inet 127.0.0.253/32" 1532ifconfig_em0_alias4="inet 127.0.0.254/32" 1533.Ed 1534.Pp 1535Then note that alias4 would 1536.Em not 1537be added since the search would 1538stop with the missing 1539.Dq Li alias3 1540entry. 1541Because of this difficult to manage behavior, 1542there is 1543.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1544variable, which has the same functionality as 1545.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1546and can have all of the entries in a variable like the following: 1547.Bd -literal 1548ifconfig_em0_aliases="\\ 1549 inet 127.0.0.251/32 \\ 1550 inet 127.0.0.252/32 \\ 1551 inet 127.0.0.253/32 \\ 1552 inet 127.0.0.254/32" 1553.Ed 1554.Pp 1555It also supports netmask notation for backward compatibility. 1556.Pp 1557If the 1558.Pa /etc/start_if . Ns Aq Ar interface 1559file is present, it is read and executed by the 1560.Xr sh 1 1561interpreter 1562before configuring the interface as specified in the 1563.Va ifconfig_ Ns Aq Ar interface 1564and 1565.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1566variables. 1567.Pp 1568If a 1569.Va vlans_ Ns Aq Ar interface 1570variable is set, 1571a 1572.Xr vlan 4 1573interface will be created for each item in the list with the 1574.Ar vlandev 1575argument set to 1576.Ar interface . 1577If a vlan interface's name is a number, 1578then that number is used as the vlan tag and the new vlan interface is 1579named 1580.Ar interface . Ns Ar tag . 1581Otherwise, 1582the vlan tag must be specified via a 1583.Va vlan 1584parameter in the 1585.Va create_args_ Ns Aq Ar interface 1586variable. 1587.Pp 1588To create a vlan device named 1589.Li em0.101 1590on 1591.Li em0 1592with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24: 1593.Bd -literal 1594vlans_em0="101" 1595ifconfig_em0_101="inet 192.0.2.1/24" 1596.Ed 1597.Pp 1598To create a vlan device named 1599.Li myvlan 1600on 1601.Li em0 1602with the vlan tag 102: 1603.Bd -literal 1604vlans_em0="myvlan" 1605create_args_myvlan="vlan 102" 1606.Ed 1607.Pp 1608If a 1609.Va wlans_ Ns Aq Ar interface 1610variable is set, 1611an 1612.Xr wlan 4 1613interface will be created for each item in the list with the 1614.Ar wlandev 1615argument set to 1616.Ar interface . 1617Further wlan cloning arguments may be passed to the 1618.Xr ifconfig 8 1619.Cm create 1620command by setting the 1621.Va create_args_ Ns Aq Ar interface 1622variable. 1623One or more 1624.Xr wlan 4 1625devices must be created for each wireless device as of 1626.Fx 8.0 . 1627Debugging flags for 1628.Xr wlan 4 1629devices as set by 1630.Xr wlandebug 8 1631may be specified with an 1632.Va wlandebug_ Ns Aq Ar interface 1633variable. 1634The contents of this variable will be passed directly to 1635.Xr wlandebug 8 . 1636.Pp 1637If the 1638.Va ifconfig_ Ns Aq Ar interface 1639contains the keyword 1640.Dq Li NOAUTO 1641then the interface will not be configured 1642at boot or by 1643.Pa /etc/pccard_ether 1644when 1645.Va network_interfaces 1646is set to 1647.Dq Li AUTO . 1648.Pp 1649It is possible to bring up an interface with DHCP by adding 1650.Dq Li DHCP 1651to the 1652.Va ifconfig_ Ns Aq Ar interface 1653variable. 1654For instance, to initialize the 1655.Li em0 1656device via DHCP, 1657it is possible to use something like: 1658.Bd -literal 1659ifconfig_em0="DHCP" 1660.Ed 1661.Pp 1662If you want to configure your wireless interface with 1663.Xr wpa_supplicant 8 1664for use with WPA, EAP/LEAP or WEP, you need to add 1665.Dq Li WPA 1666to the 1667.Va ifconfig_ Ns Aq Ar interface 1668variable. 1669.Pp 1670On the other hand, if you want to configure your wireless interface with 1671.Xr hostapd 8 , 1672you need to add 1673.Dq Li HOSTAP 1674to the 1675.Va ifconfig_ Ns Aq Ar interface 1676variable. 1677.Xr hostapd 8 1678will use the settings from 1679.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1680.Pp 1681Finally, you can add 1682.Xr ifconfig 8 1683options in this variable, in addition to the 1684.Pa /etc/start_if . Ns Aq Ar interface 1685file. 1686For instance, to configure an 1687.Xr ath 4 1688wireless device in station mode with an address obtained 1689via DHCP, using WPA authentication and 802.11b mode, it is 1690possible to use something like: 1691.Bd -literal 1692wlans_ath0="wlan0" 1693ifconfig_wlan0="DHCP WPA mode 11b" 1694.Ed 1695.Pp 1696In addition to the 1697.Va ifconfig_ Ns Aq Ar interface 1698form, a fallback variable 1699.Va ifconfig_DEFAULT 1700may be configured. 1701It will be used for all interfaces with no 1702.Va ifconfig_ Ns Aq Ar interface 1703variable. 1704.Pp 1705It is also possible to rename an interface by doing: 1706.Bd -literal 1707ifconfig_em0_name="net0" 1708ifconfig_net0="inet 192.0.2.1/24" 1709.Ed 1710.It Va ipv6_enable 1711.Pq Vt bool 1712This variable is deprecated. 1713Use 1714.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1715and 1716.Va ipv6_activate_all_interfaces 1717if necessary. 1718.Pp 1719If the variable is 1720.Dq Li YES , 1721.Dq Li inet6 accept_rtadv 1722is added to all of 1723.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1724and the 1725.Va ipv6_activate_all_interfaces 1726is defined as 1727.Dq Li YES . 1728.It Va ipv6_prefer 1729.Pq Vt bool 1730This variable is deprecated. 1731Use 1732.Va ip6addrctl_policy 1733instead. 1734.Pp 1735If the variable is 1736.Dq Li YES , 1737the default address selection policy table set by 1738.Xr ip6addrctl 8 1739will be IPv6-preferred. 1740.Pp 1741If the variable is 1742.Dq Li NO , 1743the default address selection policy table set by 1744.Xr ip6addrctl 8 1745will be IPv4-preferred. 1746.It Va ipv6_activate_all_interfaces 1747.Pq Vt bool 1748This controls initial configuration on IPv6-capable 1749interfaces with no corresponding 1750.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1751variable. 1752Note that it is not always necessary to set this variable to 1753.Dq YES 1754to use IPv6 functionality on 1755.Fx . 1756In most cases, just configuring 1757.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1758variables works. 1759.Pp 1760If the variable is 1761.Dq Li NO , 1762all interfaces which do not have a corresponding 1763.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1764variable will be marked as 1765.Dq Li IFDISABLED 1766at creation. 1767This means that all IPv6 functionality on that interface 1768is completely disabled to enforce a security policy. 1769If the variable is set to 1770.Dq YES , 1771the flag will be cleared on all of the interfaces. 1772.Pp 1773In most cases, just defining an 1774.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1775for an IPv6-capable interface should be sufficient. 1776However, if an interface is added dynamically 1777.Pq by some tunneling protocols such as PPP, for example , 1778it is often difficult to define the variable in advance. 1779In such a case, configuring the 1780.Dq Li IFDISABLED 1781flag can be disabled by setting this variable to 1782.Dq YES . 1783.Pp 1784For more details of the 1785.Dq Li IFDISABLED 1786flag and keywords 1787.Dq Li inet6 ifdisabled , 1788see 1789.Xr ifconfig 8 . 1790.Pp 1791Default is 1792.Dq Li NO . 1793.It Va ipv6_privacy 1794.Pq Vt bool 1795If the variable is 1796.Dq Li YES 1797privacy addresses will be generated for each IPv6 1798interface as described in RFC 4941. 1799.It Va ipv6_network_interfaces 1800.Pq Vt str 1801This is the IPv6 equivalent of 1802.Va network_interfaces . 1803Normally manual configuration of this variable is not needed. 1804.It Va ipv6_cpe_wanif 1805.Pq Vt str 1806If the variable is set to an interface name, 1807the 1808.Xr ifconfig 8 1809options 1810.Dq inet6 -no_radr accept_rtadv 1811will be added to the specified interface automatically before evaluating 1812.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1813and two 1814.Xr sysctl 8 1815variables 1816.Va net.inet6.ip6.rfc6204w3 1817and 1818.Va net.inet6.ip6.no_radr 1819will be set to 1. 1820.Pp 1821This means the specified interface will accept ICMPv6 Router 1822Advertisement messages on that link and add the discovered 1823routers into the Default Router List. 1824While the other interfaces can still accept RA messages if the 1825.Dq inet6 accept_rtadv 1826option is specified, adding 1827routes into the Default Router List will be disabled by 1828.Dq inet6 no_radr 1829option by default. 1830See 1831.Xr ifconfig 8 1832for more details. 1833.Pp 1834Note that ICMPv6 Router Advertisement messages will be 1835accepted even when 1836.Va net.inet6.ip6.forwarding 1837is 1 1838.Pq packet forwarding is enabled 1839when 1840.Va net.inet6.ip6.rfc6204w3 1841is set to 1. 1842.Pp 1843Default is 1844.Dq Li NO . 1845.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1846.Pq Vt str 1847This assigns arbitrary description to an interface. 1848The 1849.Xr sysctl 8 1850variable 1851.Va net.ifdescr_maxlen 1852limits its length. 1853This static setting may be overridden by commands 1854started with dynamic interface configuration utilities 1855like 1856.Xr dhclient 8 1857hooks. 1858The description can be seen with 1859.Xr ifconfig 8 1860command and it may be exported with 1861.Xr bsnmpd 1 1862daemon using its MIB-2 module. 1863.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1864.Pq Vt str 1865IPv6 functionality on an interface should be configured by 1866.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1867instead of setting ifconfig parameters in 1868.Va ifconfig_ Ns Aq Ar interface . 1869If this variable is empty, all IPv6 configurations on the 1870specified interface by other variables such as 1871.Va ipv6_prefix_ Ns Ao Ar interface Ac 1872will be ignored. 1873.Pp 1874Aliases should be set by 1875.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1876with 1877.Dq Li inet6 1878keyword. 1879For example: 1880.Bd -literal 1881ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1882ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1883.Ed 1884.Pp 1885Interfaces that have an 1886.Dq Li inet6 accept_rtadv 1887keyword in 1888.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1889setting will be automatically configured by SLAAC 1890.Pq StateLess Address AutoConfiguration 1891described in 1892.Rs 1893.%T "RFC 4862" 1894.Re 1895.Pp 1896Note that a link-local address will be automatically configured in 1897addition to the configured global-scope addresses because the IPv6 1898specifications require it on each link. 1899The address is calculated from the MAC address by using an algorithm 1900defined in 1901.Rs 1902.%T "RFC 4862" 1903.%O "Section 5.3" 1904.Re 1905.Pp 1906If only a link-local address is needed on the interface, 1907the following configuration can be used: 1908.Bd -literal 1909ifconfig_em0_ipv6="inet6 auto_linklocal" 1910.Ed 1911.Pp 1912A link-local address can also be configured manually. 1913This is useful for the default router address of an IPv6 router 1914so that it does not change when the network interface 1915card is replaced. 1916For example: 1917.Bd -literal 1918ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1919.Ed 1920.It Va ipv6_prefix_ Ns Aq Ar interface 1921.Pq Vt str 1922If one or more prefixes are defined in 1923.Va ipv6_prefix_ Ns Aq Ar interface 1924addresses based on each prefix and the EUI-64 interface index will be 1925configured on that interface. 1926Note that this variable will be ignored when 1927.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1928is empty. 1929.Pp 1930For example, the following configuration 1931.Bd -literal 1932ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1933.Ed 1934.Pp 1935is equivalent to the following: 1936.Bd -literal 1937ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1938ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1939ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1940ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1941.Ed 1942.Pp 1943These Subnet-Router anycast addresses will be added only when 1944.Va ipv6_gateway_enable 1945is YES. 1946.It Va ipv6_default_interface 1947.Pq Vt str 1948If not set to 1949.Dq Li NO , 1950this is the default output interface for scoped addresses. 1951This works only with ipv6_gateway_enable="NO". 1952.It Va ip6addrctl_enable 1953.Pq Vt bool 1954This variable is to enable configuring default address selection policy table 1955.Pq RFC 3484 . 1956The table can be specified in another variable 1957.Va ip6addrctl_policy . 1958For 1959.Va ip6addrctl_policy 1960the following keywords can be specified: 1961.Dq Li ipv4_prefer , 1962.Dq Li ipv6_prefer , 1963or 1964.Dq Li AUTO . 1965.Pp 1966If 1967.Dq Li ipv4_prefer 1968or 1969.Dq Li ipv6_prefer 1970is specified, 1971.Xr ip6addrctl 8 1972installs a pre-defined policy table described in Section 10.3 1973.Pq IPv4-preferred 1974or 2.1 1975.Pq IPv6-preferred 1976of RFC 3484. 1977.Pp 1978If 1979.Dq Li AUTO 1980is specified, it attempts to read a file 1981.Pa /etc/ip6addrctl.conf 1982first. 1983If this file is found, 1984.Xr ip6addrctl 8 1985reads and installs it. 1986If not found, a policy is automatically set 1987according to 1988.Va ipv6_activate_all_interfaces 1989variable; if the variable is set to 1990.Dq Li YES 1991the IPv6-preferred one is used. 1992Otherwise IPv4-preferred. 1993.Pp 1994The default value of 1995.Va ip6addrctl_enable 1996and 1997.Va ip6addrctl_policy 1998are 1999.Dq Li YES 2000and 2001.Dq Li AUTO , 2002respectively. 2003.It Va cloned_interfaces 2004.Pq Vt str 2005Set to the list of clonable network interfaces to create on this host. 2006Further cloning arguments may be passed to the 2007.Xr ifconfig 8 2008.Cm create 2009command for each interface by setting the 2010.Va create_args_ Ns Aq Ar interface 2011variable. 2012If an interface name is specified with 2013.Dq :sticky 2014keyword, 2015the interface will not be destroyed even when 2016.Pa rc.d/netif 2017script is invoked with 2018.Dq stop 2019argument. 2020This is useful when reconfiguring the interface without destroying it. 2021Entries in 2022.Va cloned_interfaces 2023are automatically appended to 2024.Va network_interfaces 2025for configuration. 2026.It Va cloned_interfaces_sticky 2027.Pq Vt bool 2028This variable is to globally enable functionality of 2029.Dq :sticky 2030keyword in 2031.Va cloned_interfaces 2032for all interfaces. 2033The default value is 2034.Dq NO . 2035Even if this variable is specified to 2036.Dq YES , 2037.Dq :nosticky 2038keyword can be used to override it on per interface basis. 2039.It Va gif_interfaces 2040Set to the list of 2041.Xr gif 4 2042tunnel interfaces to configure on this host. 2043A 2044.Va gifconfig_ Ns Aq Ar interface 2045variable is assumed to exist for each value of 2046.Ar interface . 2047The value of this variable is used to configure the link layer of the 2048tunnel using the 2049.Cm tunnel 2050option to 2051.Xr ifconfig 8 . 2052Additionally, this option ensures that each listed interface is created 2053via the 2054.Cm create 2055option to 2056.Xr ifconfig 8 2057before attempting to configure it. 2058.Pp 2059For example, configure two 2060.Xr gif 4 2061interfaces with: 2062.Bd -literal 2063gif_interfaces="gif0 gif1" 2064gifconfig_gif0="100.64.0.1 100.64.0.2" 2065ifconfig_gif0="inet 10.0.0.1/30 10.0.0.2" 2066gifconfig_gif1="inet6 2a00::1 2a01::1" 2067ifconfig_gif1="inet 10.1.0.1/30 10.1.0.2" 2068.Ed 2069.It Va ppp_enable 2070.Pq Vt bool 2071If set to 2072.Dq Li YES , 2073run the 2074.Xr ppp 8 2075daemon. 2076.It Va ppp_profile 2077.Pq Vt str 2078The name of the profile to use from 2079.Pa /etc/ppp/ppp.conf . 2080Also used for per-profile overrides of 2081.Va ppp_mode 2082and 2083.Va ppp_nat , 2084and 2085.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2086When the profile name contains any of the characters 2087.Dq Li .-/+ 2088they are translated to 2089.Dq Li _ 2090for the proposes of the override variable names. 2091.It Va ppp_mode 2092.Pq Vt str 2093Mode in which to run the 2094.Xr ppp 8 2095daemon. 2096.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2097.Pq Vt str 2098Overrides the global 2099.Va ppp_mode 2100for 2101.Ar profile . 2102Accepted modes are 2103.Dq Li auto , 2104.Dq Li ddial , 2105.Dq Li direct 2106and 2107.Dq Li dedicated . 2108See the manual for a full description. 2109.It Va ppp_nat 2110.Pq Vt bool 2111If set to 2112.Dq Li YES , 2113enables network address translation. 2114Used in conjunction with 2115.Va gateway_enable 2116allows hosts on private network addresses access to the Internet using 2117this host as a network address translating router. 2118Default is 2119.Dq Li YES . 2120.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2121.Pq Vt str 2122Overrides the global 2123.Va ppp_nat 2124for 2125.Ar profile . 2126.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2127.Pq Vt int 2128Set the unit number to be used for this profile. 2129See the manual description of 2130.Fl unit Ns Ar N 2131for details. 2132.It Va ppp_user 2133.Pq Vt str 2134The name of the user under which 2135.Xr ppp 8 2136should be started. 2137By 2138default, 2139.Xr ppp 8 2140is started as 2141.Dq Li root . 2142.It Va rc_conf_files 2143.Pq Vt str 2144This option is used to specify a list of files that will override 2145the settings in 2146.Pa /etc/defaults/rc.conf . 2147The files will be read in the order in which they are specified and should 2148include the full path to the file. 2149By default, the files specified are 2150.Pa /etc/rc.conf 2151and 2152.Pa /etc/rc.conf.local . 2153.It Va zfs_enable 2154.Pq Vt bool 2155If set to 2156.Dq Li YES , 2157.Pa /etc/rc.d/zfs 2158will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2159(ZVOLs). 2160.It Va zpool_reguid 2161.Pq Vt str 2162A space-separated list of ZFS pool names for which new pool GUIDs should be 2163assigned upon first boot. 2164This is useful when using a ZFS pool copied from a template, such as a virtual 2165machine image. 2166.It Va zpool_upgrade 2167.Pq Vt str 2168A space-separated list of ZFS pool names for which the version should be 2169upgraded upon first boot. 2170This is useful when using a ZFS pool generated by the 2171.Xr makefs 8 2172utility. 2173.It Va gptboot_enable 2174.Pq Vt bool 2175If set to 2176.Dq Li YES , 2177.Pa /etc/rc.d/gptboot 2178will log if the system successfully (or not) booted from a GPT partition, 2179which had the 2180.Ar bootonce 2181attribute set using 2182.Xr gpart 8 2183utility. 2184.It Va geli_devices 2185.Pq Vt str 2186List of devices to automatically attach on boot. 2187Note that .eli devices from 2188.Pa /etc/fstab 2189are automatically appended to this list. 2190.It Va geli_groups 2191.Pq Vt str 2192List of groups containing devices to automatically attach on boot with the same 2193keyfiles and passphrase. 2194This must be accompanied with a corresponding 2195.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2196variable. 2197.It Va geli_tries 2198.Pq Vt int 2199Number of times user is asked for the pass-phrase. 2200If empty, it will be taken from 2201.Va kern.geom.eli.tries 2202sysctl variable. 2203.It Va geli_default_flags 2204.Pq Vt str 2205Default flags to use by 2206.Xr geli 8 2207when configuring disk encryption. 2208Flags can be configured for every device separately by defining the 2209.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2210variable, and for every group separately by defining the 2211.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2212variable. 2213.It Va geli_autodetach 2214.Pq Vt str 2215Specifies if GELI devices should be marked for detach on last close after 2216file systems are mounted. 2217Default is 2218.Dq Li YES . 2219This can be changed for every device separately by defining the 2220.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2221variable. 2222.It Va root_rw_mount 2223.Pq Vt bool 2224Set to 2225.Dq Li YES 2226by default. 2227After the file systems are checked at boot time, the root file system 2228is remounted as read-write if this is set to 2229.Dq Li YES . 2230Diskless systems that mount their root file system from a read-only remote 2231NFS share should set this to 2232.Dq Li NO 2233in their 2234.Pa rc.conf . 2235.It Va fsck_y_enable 2236.Pq Vt bool 2237If set to 2238.Dq Li YES , 2239.Xr fsck 8 2240will be run with the 2241.Fl y 2242flag if the initial preen 2243of the file systems fails. 2244.It Va background_fsck 2245.Pq Vt bool 2246If set to 2247.Dq Li NO , 2248the system will not attempt to run 2249.Xr fsck 8 2250in the background where possible. 2251.It Va background_fsck_delay 2252.Pq Vt int 2253The amount of time in seconds to sleep before starting a background 2254.Xr fsck 8 . 2255It defaults to sixty seconds to allow large applications such as 2256the X server to start before disk I/O bandwidth is monopolized by 2257.Xr fsck 8 . 2258If set to a negative number, the background file system check will be 2259delayed indefinitely to allow the administrator to run it at a more 2260convenient time. 2261For example it may be run from 2262.Xr cron 8 2263by adding a line like 2264.Pp 2265.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2266.Pp 2267to 2268.Pa /etc/crontab . 2269.It Va netfs_types 2270.Pq Vt str 2271List of file system types that are network-based. 2272This list should generally not be modified by end users. 2273Use 2274.Va extra_netfs_types 2275instead. 2276.It Va extra_netfs_types 2277.Pq Vt str 2278If set to something other than 2279.Dq Li NO 2280(the default), 2281this variable extends the list of file system types 2282for which automatic mounting at startup by 2283.Xr rc 8 2284should be delayed until the network is initialized. 2285It should contain 2286a whitespace-separated list of network file system descriptor pairs, 2287each consisting of a file system type as passed to 2288.Xr mount 8 2289and a human-readable, one-word description, 2290joined with a colon 2291.Pq Ql \&: . 2292Extending the default list in this way is only necessary 2293when third party file system types are used. 2294.It Va syslogd_enable 2295.Pq Vt bool 2296If set to 2297.Dq Li YES , 2298run the 2299.Xr syslogd 8 2300daemon. 2301Note, the 2302.Va syslogd_oomprotect 2303variable is set to 2304.Dq Li YES 2305by default in 2306.Pa /etc/defaults/rc.conf . 2307.It Va syslogd_program 2308.Pq Vt str 2309Path to 2310.Xr syslogd 8 2311(default 2312.Pa /usr/sbin/syslogd ) . 2313.It Va syslogd_flags 2314.Pq Vt str 2315If 2316.Va syslogd_enable 2317is set to 2318.Dq Li YES , 2319these are the flags to pass to 2320.Xr syslogd 8 . 2321.It Va inetd_enable 2322.Pq Vt bool 2323If set to 2324.Dq Li YES , 2325run the 2326.Xr inetd 8 2327daemon. 2328.It Va inetd_program 2329.Pq Vt str 2330Path to 2331.Xr inetd 8 2332(default 2333.Pa /usr/sbin/inetd ) . 2334.It Va inetd_flags 2335.Pq Vt str 2336If 2337.Va inetd_enable 2338is set to 2339.Dq Li YES , 2340these are the flags to pass to 2341.Xr inetd 8 . 2342.It Va hastd_enable 2343.Pq Vt bool 2344If set to 2345.Dq Li YES , 2346run the 2347.Xr hastd 8 2348daemon. 2349.It Va hastd_program 2350.Pq Vt str 2351Path to 2352.Xr hastd 8 2353(default 2354.Pa /sbin/hastd ) . 2355.It Va hastd_flags 2356.Pq Vt str 2357If 2358.Va hastd_enable 2359is set to 2360.Dq Li YES , 2361these are the flags to pass to 2362.Xr hastd 8 . 2363.It Va local_unbound_enable 2364.Pq Vt bool 2365If set to 2366.Dq Li YES , 2367run the 2368.Xr unbound 8 2369daemon as a local caching DNS resolver. 2370Note, the 2371.Va local_unbound_oomprotect 2372variable is set to 2373.Dq Li YES 2374by default in 2375.Pa /etc/defaults/rc.conf . 2376.It Va nscd_enable 2377.Pq Vt bool 2378Set to 2379.Dq Li YES 2380to start the 2381.Xr nscd 8 2382caching daemon for the 2383.Nm nsswitch 2384subsystem. 2385.It Va nscd_flags 2386.Pq Vt str 2387If 2388.Va nscd_enable 2389is set to 2390.Dq Li YES , 2391these flags are passed to 2392.Xr nscd 8 . 2393.It Va kdc_enable 2394.Pq Vt bool 2395Set to 2396.Dq Li YES 2397to start a Kerberos 5 authentication server 2398at boot time. 2399.It Va kdc_program 2400.Pq Vt str 2401If 2402.Va kdc_enable 2403is set to 2404.Dq Li YES 2405this is the path to Kerberos 5 Authentication Server. 2406.It Va kdc_flags 2407.Pq Vt str 2408Empty by default. 2409This variable contains additional flags to be passed to the Kerberos 5 2410authentication server. 2411.It Va kadmind_enable 2412.Pq Vt bool 2413Set to 2414.Dq Li YES 2415to start 2416.Xr kadmind 8 , 2417the Kerberos 5 Administration Daemon; set to 2418.Dq Li NO 2419on a slave server. 2420.It Va kadmind_program 2421.Pq Vt str 2422If 2423.Va kadmind_enable 2424is set to 2425.Dq Li YES 2426this is the path to Kerberos 5 Administration Daemon. 2427.It Va kpasswdd_enable 2428.Pq Vt bool 2429Set to 2430.Dq Li YES 2431to start 2432.Xr kpasswdd 8 , 2433the Kerberos 5 Password-Changing Daemon; set to 2434.Dq Li NO 2435on a slave server. 2436.It Va kpasswdd_program 2437.Pq Vt str 2438If 2439.Va kpasswdd_enable 2440is set to 2441.Dq Li YES 2442this is the path to Kerberos 5 Password-Changing Daemon. 2443.It Va kfd_enable 2444.Pq Vt bool 2445Set to 2446.Dq Li YES 2447to start 2448.Xr kfd 8 , 2449the Kerberos 5 ticket forwarding daemon, at the boot time. 2450.It Va kfd_program 2451.Pq Vt str 2452Path to 2453.Xr kfd 8 2454(default 2455.Pa /usr/libexec/kfd ) . 2456.It Va rwhod_enable 2457.Pq Vt bool 2458If set to 2459.Dq Li YES , 2460run the 2461.Xr rwhod 8 2462daemon at boot time. 2463.It Va rwhod_flags 2464.Pq Vt str 2465If 2466.Va rwhod_enable 2467is set to 2468.Dq Li YES , 2469these are the flags to pass to it. 2470.It Va update_motd 2471.Pq Vt bool 2472If set to 2473.Dq Li YES , 2474.Pa /var/run/motd 2475will be updated at boot time to reflect the kernel release 2476being run. 2477If set to 2478.Dq Li NO , 2479.Pa /var/run/motd 2480will not be updated. 2481.It Va nfs_client_enable 2482.Pq Vt bool 2483If set to 2484.Dq Li YES , 2485run the NFS client daemons at boot time. 2486.It Va nfs_access_cache 2487.Pq Vt int 2488If 2489.Va nfs_client_enable 2490is set to 2491.Dq Li YES , 2492this can be set to 2493.Dq Li 0 2494to disable NFS ACCESS RPC caching, or to the number of seconds for which 2495NFS ACCESS 2496results should be cached. 2497A value of 2-10 seconds will substantially reduce network 2498traffic for many NFS operations. 2499.It Va nfs_server_enable 2500.Pq Vt bool 2501If set to 2502.Dq Li YES , 2503run the NFS server daemons at boot time. 2504.It Va nfs_server_flags 2505.Pq Vt str 2506If 2507.Va nfs_server_enable 2508is set to 2509.Dq Li YES , 2510these are the flags to pass to the 2511.Xr nfsd 8 2512daemon. 2513.It Va nfsv4_server_enable 2514.Pq Vt bool 2515If 2516.Va nfs_server_enable 2517is set to 2518.Dq Li YES 2519and 2520.Va nfsv4_server_enable 2521is set to 2522.Dq Li YES , 2523enable the server for NFSv4 as well as NFSv2 and NFSv3. 2524.It Va nfsv4_server_only 2525.Pq Vt bool 2526If 2527.Va nfs_server_enable 2528is set to 2529.Dq Li YES 2530and 2531.Va nfsv4_server_only 2532is set to 2533.Dq Li YES , 2534enable the NFS server for NFSv4 only. 2535.It Va nfs_server_maxio 2536.Pq Vt int 2537value to set vfs.nfsd.srvmaxio to, which is the 2538maximum I/O size for the NFS server. 2539.It Va tlsclntd_enable 2540.Pq Vt bool 2541If set to 2542.Dq Li YES , 2543run the 2544.Xr rpc.tlsclntd 8 2545daemon, which is needed for NFS-over-TLS NFS mounts. 2546.It Va tlsservd_enable 2547.Pq Vt bool 2548If set to 2549.Dq Li YES , 2550run the 2551.Xr rpc.tlsservd 8 2552daemon, which is needed for the 2553.Xr nfsd 8 2554to support NFS-over-TLS NFS mounts. 2555.It Va nfsuserd_enable 2556.Pq Vt bool 2557If 2558.Va nfsuserd_enable 2559is set to 2560.Dq Li YES , 2561run the nfsuserd daemon, which is needed for NFSv4 in order 2562to map between user/group names vs uid/gid numbers. 2563If 2564.Va nfsv4_server_enable 2565is set to 2566.Dq Li YES , 2567this will be forced enabled. 2568.It Va nfsuserd_flags 2569.Pq Vt str 2570If 2571.Va nfsuserd_enable 2572is set to 2573.Dq Li YES , 2574these are the flags to pass to the 2575.Xr nfsuserd 8 2576daemon. 2577.It Va nfscbd_enable 2578.Pq Vt bool 2579If 2580.Va nfscbd_enable 2581is set to 2582.Dq Li YES , 2583run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2584.It Va nfscbd_flags 2585.Pq Vt str 2586If 2587.Va nfscbd_enable 2588is set to 2589.Dq Li YES , 2590these are the flags to pass to the 2591.Xr nfscbd 8 2592daemon. 2593.It Va mountd_enable 2594.Pq Vt bool 2595If set to 2596.Dq Li YES , 2597and no 2598.Va nfs_server_enable 2599is set, start 2600.Xr mountd 8 , 2601but not 2602.Xr nfsd 8 2603daemon. 2604It is commonly needed to run CFS without real NFS used. 2605.It Va mountd_flags 2606.Pq Vt str 2607If 2608.Va mountd_enable 2609is set to 2610.Dq Li YES , 2611these are the flags to pass to the 2612.Xr mountd 8 2613daemon. 2614.It Va weak_mountd_authentication 2615.Pq Vt bool 2616If set to 2617.Dq Li YES , 2618allow services like PCNFSD to make non-privileged mount 2619requests. 2620.It Va nfs_reserved_port_only 2621.Pq Vt bool 2622If set to 2623.Dq Li YES , 2624provide NFS services only on a secure port. 2625.It Va nfs_bufpackets 2626.Pq Vt int 2627If set to a number, indicates the number of packets worth of 2628socket buffer space to reserve on an NFS client. 2629The kernel default is typically 4. 2630Using a higher number may be 2631useful on gigabit networks to improve performance. 2632The minimum value is 26332 and the maximum is 64. 2634.It Va rpc_lockd_enable 2635.Pq Vt bool 2636If set to 2637.Dq Li YES 2638and also an NFS server or client, run 2639.Xr rpc.lockd 8 2640at boot time. 2641.It Va rpc_lockd_flags 2642.Pq Vt str 2643If 2644.Va rpc_lockd_enable 2645is set to 2646.Dq Li YES , 2647these are the flags to pass to the 2648.Xr rpc.lockd 8 2649daemon. 2650.It Va rpc_statd_enable 2651.Pq Vt bool 2652If set to 2653.Dq Li YES 2654and also an NFS server or client, run 2655.Xr rpc.statd 8 2656at boot time. 2657.It Va rpc_statd_flags 2658.Pq Vt str 2659If 2660.Va rpc_statd_enable 2661is set to 2662.Dq Li YES , 2663these are the flags to pass to the 2664.Xr rpc.statd 8 2665daemon. 2666.It Va rpcbind_program 2667.Pq Vt str 2668Path to 2669.Xr rpcbind 8 2670(default 2671.Pa /usr/sbin/rpcbind ) . 2672.It Va rpcbind_enable 2673.Pq Vt bool 2674If set to 2675.Dq Li YES , 2676run the 2677.Xr rpcbind 8 2678service at boot time. 2679.It Va rpcbind_flags 2680.Pq Vt str 2681If 2682.Va rpcbind_enable 2683is set to 2684.Dq Li YES , 2685these are the flags to pass to the 2686.Xr rpcbind 8 2687daemon. 2688.It Va keyserv_enable 2689.Pq Vt bool 2690If set to 2691.Dq Li YES , 2692run the 2693.Xr keyserv 8 2694daemon on boot for running Secure RPC. 2695.It Va keyserv_flags 2696.Pq Vt str 2697If 2698.Va keyserv_enable 2699is set to 2700.Dq Li YES , 2701these are the flags to pass to 2702.Xr keyserv 8 2703daemon. 2704.It Va pppoed_enable 2705.Pq Vt bool 2706If set to 2707.Dq Li YES , 2708run the 2709.Xr pppoed 8 2710daemon at boot time to provide PPP over Ethernet services. 2711.It Va pppoed_ Ns Aq Ar provider 2712.Pq Vt str 2713.Xr pppoed 8 2714listens to requests to this 2715.Ar provider 2716and ultimately runs 2717.Xr ppp 8 2718with a 2719.Ar system 2720argument of the same name. 2721.It Va pppoed_flags 2722.Pq Vt str 2723Additional flags to pass to 2724.Xr pppoed 8 . 2725.It Va pppoed_interface 2726.Pq Vt str 2727The network interface to run 2728.Xr pppoed 8 2729on. 2730This is mandatory when 2731.Va pppoed_enable 2732is set to 2733.Dq Li YES . 2734.It Va ntpdate_enable 2735.Pq Vt bool 2736If set to 2737.Dq Li YES , 2738run 2739.Xr ntpdate 8 2740at system startup. 2741This command is intended to 2742synchronize the system clock only 2743.Em once 2744from some standard reference. 2745.Pp 2746Note that the use of the 2747.Va ntpd_sync_on_start 2748variable is a preferred alternative to the 2749.Xr ntpdate 8 2750utility as 2751.Xr ntpdate 8 2752is to be retired from the NTP distribution. 2753.It Va ntpdate_config 2754.Pq Vt str 2755Configuration file for 2756.Xr ntpdate 8 . 2757Default 2758.Pa /etc/ntp.conf . 2759.It Va ntpdate_hosts 2760.Pq Vt str 2761A whitespace-separated list of NTP servers to synchronize with at startup. 2762The default is to use the servers listed in 2763.Va ntpdate_config , 2764if that file exists. 2765.It Va ntpdate_program 2766.Pq Vt str 2767Path to 2768.Xr ntpdate 8 2769(default 2770.Pa /usr/sbin/ntpdate ) . 2771.It Va ntpdate_flags 2772.Pq Vt str 2773If 2774.Va ntpdate_enable 2775is set to 2776.Dq Li YES , 2777these are the flags to pass to the 2778.Xr ntpdate 8 2779command (typically a hostname). 2780.It Va ntpd_enable 2781.Pq Vt bool 2782If set to 2783.Dq Li YES , 2784run the 2785.Xr ntpd 8 2786command at boot time. 2787.It Va ntpd_program 2788.Pq Vt str 2789Path to 2790.Xr ntpd 8 2791(default 2792.Pa /usr/sbin/ntpd ) . 2793.It Va ntpd_config 2794.Pq Vt str 2795Path to 2796.Xr ntpd 8 2797configuration file. 2798Default 2799.Pa /etc/ntp.conf . 2800.It Va ntpd_flags 2801.Pq Vt str 2802If 2803.Va ntpd_enable 2804is set to 2805.Dq Li YES , 2806these are the flags to pass to the 2807.Xr ntpd 8 2808daemon. 2809.It Va ntpd_sync_on_start 2810.Pq Vt bool 2811If set to 2812.Dq Li YES , 2813.Xr ntpd 8 2814is run with the 2815.Fl g 2816flag, which syncs the system's clock on startup. 2817See 2818.Xr ntpd 8 2819for more information regarding the 2820.Fl g 2821option. 2822This is a preferred alternative to using 2823.Xr ntpdate 8 2824or specifying the 2825.Va ntpdate_enable 2826variable. 2827.It Va nis_client_enable 2828.Pq Vt bool 2829If set to 2830.Dq Li YES , 2831run the 2832.Xr ypbind 8 2833service at system boot time. 2834.It Va nis_client_flags 2835.Pq Vt str 2836If 2837.Va nis_client_enable 2838is set to 2839.Dq Li YES , 2840these are the flags to pass to the 2841.Xr ypbind 8 2842service. 2843.It Va nis_ypldap_enable 2844.Pq Vt bool 2845If set to 2846.Dq Li YES , 2847run the 2848.Xr ypldap 8 2849daemon at system boot time. 2850.It Va nis_ypldap_flags 2851.Pq Vt str 2852If 2853.Va nis.ypldap_enable 2854is set to 2855.Dq Li YES , 2856these are the flags to pass to the 2857.Xr ypldap 8 2858daemon. 2859.It Va nis_ypset_enable 2860.Pq Vt bool 2861If set to 2862.Dq Li YES , 2863run the 2864.Xr ypset 8 2865daemon at system boot time. 2866.It Va nis_ypset_flags 2867.Pq Vt str 2868If 2869.Va nis_ypset_enable 2870is set to 2871.Dq Li YES , 2872these are the flags to pass to the 2873.Xr ypset 8 2874daemon. 2875.It Va nis_server_enable 2876.Pq Vt bool 2877If set to 2878.Dq Li YES , 2879run the 2880.Xr ypserv 8 2881daemon at system boot time. 2882.It Va nis_server_flags 2883.Pq Vt str 2884If 2885.Va nis_server_enable 2886is set to 2887.Dq Li YES , 2888these are the flags to pass to the 2889.Xr ypserv 8 2890daemon. 2891.It Va nis_ypxfrd_enable 2892.Pq Vt bool 2893If set to 2894.Dq Li YES , 2895run the 2896.Xr rpc.ypxfrd 8 2897daemon at system boot time. 2898.It Va nis_ypxfrd_flags 2899.Pq Vt str 2900If 2901.Va nis_ypxfrd_enable 2902is set to 2903.Dq Li YES , 2904these are the flags to pass to the 2905.Xr rpc.ypxfrd 8 2906daemon. 2907.It Va nis_yppasswdd_enable 2908.Pq Vt bool 2909If set to 2910.Dq Li YES , 2911run the 2912.Xr rpc.yppasswdd 8 2913daemon at system boot time. 2914.It Va nis_yppasswdd_flags 2915.Pq Vt str 2916If 2917.Va nis_yppasswdd_enable 2918is set to 2919.Dq Li YES , 2920these are the flags to pass to the 2921.Xr rpc.yppasswdd 8 2922daemon. 2923.It Va rpc_ypupdated_enable 2924.Pq Vt bool 2925If set to 2926.Dq Li YES , 2927run the 2928.Nm rpc.ypupdated 2929daemon at system boot time. 2930.It Va bsnmpd_enable 2931.Pq Vt bool 2932If set to 2933.Dq Li YES , 2934run the 2935.Xr bsnmpd 1 2936daemon at system boot time. 2937Be sure to understand the security implications of running an SNMP daemon 2938on your host. 2939.It Va bsnmpd_flags 2940.Pq Vt str 2941If 2942.Va bsnmpd_enable 2943is set to 2944.Dq Li YES , 2945these are the flags to pass to the 2946.Xr bsnmpd 1 2947daemon. 2948.It Va defaultrouter 2949.Pq Vt str 2950If not set to 2951.Dq Li NO , 2952create a default route to this host name or IP address 2953(use an IP address if this router is also required to get to the 2954name server!). 2955.It Va defaultrouter_fibN 2956.Pq Vt str 2957If not set to 2958.Dq Li NO , 2959create a default route in FIB N to this host name or IP address. 2960.It Va ipv6_defaultrouter 2961.Pq Vt str 2962The IPv6 equivalent of 2963.Va defaultrouter . 2964.It Va ipv6_defaultrouter_fibN 2965.Pq Vt str 2966The IPv6 equivalent of 2967.Va defaultrouter_fibN . 2968.It Va static_arp_pairs 2969.Pq Vt str 2970Set to the list of static ARP pairs that are to be added at system 2971boot time. 2972For each whitespace separated 2973.Ar element 2974in the value, a 2975.Va static_arp_ Ns Aq Ar element 2976variable is assumed to exist whose contents will later be passed to a 2977.Dq Nm arp Cm -S 2978operation. 2979For example 2980.Bd -literal 2981static_arp_pairs="gw" 2982static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2983.Ed 2984.It Va static_ndp_pairs 2985.Pq Vt str 2986Set to the list of static NDP pairs that are to be added at system 2987boot time. 2988For each whitespace separated 2989.Ar element 2990in the value, a 2991.Va static_ndp_ Ns Aq Ar element 2992variable is assumed to exist whose contents will later be passed to a 2993.Dq Nm ndp Cm -s 2994operation. 2995For example 2996.Bd -literal 2997static_ndp_pairs="gw" 2998static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2999.Ed 3000.It Va static_routes 3001.Pq Vt str 3002Set to the list of static routes that are to be added at system 3003boot time. 3004If not set to 3005.Dq Li NO 3006then for each whitespace separated 3007.Ar element 3008in the value, a 3009.Va route_ Ns Aq Ar element 3010variable is assumed to exist 3011whose contents will later be passed to a 3012.Dq Nm route Cm add 3013operation. 3014For example: 3015.Bd -literal 3016static_routes="ext mcast:gif0 gif0local:gif0" 3017route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 3018route_mcast="-net 224.0.0.0/4 -iface gif0" 3019route_gif0local="-host 169.254.1.1 -iface lo0" 3020.Ed 3021.Pp 3022When an 3023.Ar element 3024is in the form of 3025.Li name:ifname , 3026the route is specific to the interface 3027.Li ifname . 3028.It Va ipv6_static_routes 3029.Pq Vt str 3030The IPv6 equivalent of 3031.Va static_routes . 3032If not set to 3033.Dq Li NO 3034then for each whitespace separated 3035.Ar element 3036in the value, a 3037.Va ipv6_route_ Ns Aq Ar element 3038variable is assumed to exist 3039whose contents will later be passed to a 3040.Dq Nm route Cm add Fl inet6 3041operation. 3042.It Va gateway_enable 3043.Pq Vt bool 3044If set to 3045.Dq Li YES , 3046configure host to act as an IP router, e.g.\& to forward packets 3047between interfaces. 3048.It Va ipv6_gateway_enable 3049.Pq Vt bool 3050The IPv6 equivalent of 3051.Va gateway_enable . 3052.It Va routed_enable 3053.Pq Vt bool 3054If set to 3055.Dq Li YES , 3056run a routing daemon of some sort, based on the 3057settings of 3058.Va routed_program 3059and 3060.Va routed_flags . 3061.It Va route6d_enable 3062.Pq Vt bool 3063The IPv6 equivalent of 3064.Va routed_enable . 3065If set to 3066.Dq Li YES , 3067run a routing daemon of some sort, based on the 3068settings of 3069.Va route6d_program 3070and 3071.Va route6d_flags . 3072.It Va routed_program 3073.Pq Vt str 3074If 3075.Va routed_enable 3076is set to 3077.Dq Li YES , 3078this is the name of the routing daemon to use. 3079The default is 3080.Xr routed 8 . 3081.It Va route6d_program 3082.Pq Vt str 3083The IPv6 equivalent of 3084.Va routed_program . 3085The default is 3086.Xr route6d 8 . 3087.It Va routed_flags 3088.Pq Vt str 3089If 3090.Va routed_enable 3091is set to 3092.Dq Li YES , 3093these are the flags to pass to the routing daemon. 3094.It Va route6d_flags 3095.Pq Vt str 3096The IPv6 equivalent of 3097.Va routed_flags . 3098.It Va rtadvd_enable 3099.Pq Vt bool 3100If set to 3101.Dq Li YES , 3102run the 3103.Xr rtadvd 8 3104daemon at boot time. 3105The 3106.Xr rtadvd 8 3107utility sends ICMPv6 Router Advertisement messages to 3108the interfaces specified in 3109.Va rtadvd_interfaces . 3110This should only be enabled with great care. 3111You may want to fine-tune 3112.Xr rtadvd.conf 5 . 3113.It Va rtadvd_interfaces 3114.Pq Vt str 3115If 3116.Va rtadvd_enable 3117is set to 3118.Dq Li YES 3119this is the list of interfaces to use. 3120.It Va arpproxy_all 3121.Pq Vt bool 3122If set to 3123.Dq Li YES , 3124enable global proxy ARP. 3125.It Va forward_sourceroute 3126.Pq Vt bool 3127If set to 3128.Dq Li YES 3129and 3130.Va gateway_enable 3131is also set to 3132.Dq Li YES , 3133source-routed packets are forwarded. 3134.It Va accept_sourceroute 3135.Pq Vt bool 3136If set to 3137.Dq Li YES , 3138the system will accept source-routed packets directed at it. 3139.It Va rarpd_enable 3140.Pq Vt bool 3141If set to 3142.Dq Li YES , 3143run the 3144.Xr rarpd 8 3145daemon at system boot time. 3146.It Va rarpd_flags 3147.Pq Vt str 3148If 3149.Va rarpd_enable 3150is set to 3151.Dq Li YES , 3152these are the flags to pass to the 3153.Xr rarpd 8 3154daemon. 3155.It Va bootparamd_enable 3156.Pq Vt bool 3157If set to 3158.Dq Li YES , 3159run the 3160.Xr bootparamd 8 3161daemon at system boot time. 3162.It Va bootparamd_flags 3163.Pq Vt str 3164If 3165.Va bootparamd_enable 3166is set to 3167.Dq Li YES , 3168these are the flags to pass to the 3169.Xr bootparamd 8 3170daemon. 3171.It Va stf_interface_ipv4addr 3172.Pq Vt str 3173If not set to 3174.Dq Li NO , 3175this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3176interface). 3177Specify this entry to enable the 6to4 interface. 3178.It Va stf_interface_ipv4plen 3179.Pq Vt int 3180Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3181An effective value is 0-31. 3182.It Va stf_interface_ipv6_ifid 3183.Pq Vt str 3184IPv6 interface ID for 3185.Xr stf 4 . 3186This can be set to 3187.Dq Li AUTO . 3188.It Va stf_interface_ipv6_slaid 3189.Pq Vt str 3190IPv6 Site Level Aggregator for 3191.Xr stf 4 . 3192.It Va ipv6_ipv4mapping 3193.Pq Vt bool 3194If set to 3195.Dq Li YES 3196this enables IPv4 mapped IPv6 address communication (like 3197.Li ::ffff:a.b.c.d ) . 3198.It Va rtsold_enable 3199.Pq Vt bool 3200Set to 3201.Dq Li YES 3202to enable the 3203.Xr rtsold 8 3204daemon to send ICMPv6 Router Solicitation messages. 3205.It Va rtsold_flags 3206.Pq Vt str 3207If 3208.Va rtsold_enable 3209is set to 3210.Dq Li YES , 3211these are the flags to pass to 3212.Xr rtsold 8 . 3213.It Va rtsol_flags 3214.Pq Vt str 3215For interfaces configured with the 3216.Dq Li inet6 accept_rtadv 3217keyword, these are the flags to pass to 3218.Xr rtsol 8 . 3219.Pp 3220Note that 3221.Va rtsold_enable 3222is mutually exclusive to 3223.Va rtsol_flags ; 3224.Va rtsold_enable 3225takes precedence. 3226.It Va keybell 3227.Pq Vt str 3228The keyboard bell sound. 3229Set to 3230.Dq Li normal , 3231.Dq Li visual , 3232.Dq Li off , 3233or 3234.Dq Li NO 3235if the default behavior is desired. 3236For details, refer to the 3237.Xr kbdcontrol 1 3238manpage. 3239.It Va keyboard 3240.Pq Vt str 3241If set to a non-null string, the virtual console's keyboard input is 3242set to this device. 3243.It Va keymap 3244.Pq Vt str 3245If set to 3246.Dq Li NO , 3247no keymap is installed, otherwise the value is used to install 3248the keymap file found in 3249.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3250(if using 3251.Xr syscons 4 ) or 3252.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3253(if using 3254.Xr vt 4 ) . 3255.It Va keyrate 3256.Pq Vt str 3257The keyboard repeat speed. 3258Set to 3259.Dq Li slow , 3260.Dq Li normal , 3261.Dq Li fast , 3262or 3263.Dq Li NO 3264if the default behavior is desired. 3265.It Va keychange 3266.Pq Vt str 3267If not set to 3268.Dq Li NO , 3269attempt to program the function keys with the value. 3270The value should 3271be a single string of the form: 3272.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3273.It Va cursor 3274.Pq Vt str 3275Can be set to the value of 3276.Dq Li normal , 3277.Dq Li blink , 3278.Dq Li destructive , 3279or 3280.Dq Li NO 3281to set the cursor behavior explicitly or choose the default behavior. 3282.It Va scrnmap 3283.Pq Vt str 3284If set to 3285.Dq Li NO , 3286no screen map is installed, otherwise the value is used to install 3287the screen map file in 3288.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3289This parameter is ignored when using 3290.Xr vt 4 3291as the console driver. 3292.It Va font8x16 3293.Pq Vt str 3294If set to 3295.Dq Li NO , 3296the default 8x16 font value is used for screen size requests, otherwise 3297the value in 3298.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3299or 3300.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3301is used (depending on the console driver being used). 3302.It Va font8x14 3303.Pq Vt str 3304If set to 3305.Dq Li NO , 3306the default 8x14 font value is used for screen size requests, otherwise 3307the value in 3308.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3309or 3310.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3311is used (depending on the console driver being used). 3312.It Va font8x8 3313.Pq Vt str 3314If set to 3315.Dq Li NO , 3316the default 8x8 font value is used for screen size requests, otherwise 3317the value in 3318.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3319or 3320.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3321is used (depending on the console driver being used). 3322.It Va blanktime 3323.Pq Vt int 3324If set to 3325.Dq Li NO , 3326the default screen blanking interval is used, otherwise it is set 3327to 3328.Ar value 3329seconds. 3330.It Va saver 3331.Pq Vt str 3332If not set to 3333.Dq Li NO , 3334this is the actual screen saver to use 3335.Li ( blank , snake , daemon , 3336etc). 3337.It Va moused_nondefault_enable 3338.Pq Vt str 3339If set to 3340.Dq Li NO , 3341the mouse device specified on 3342the command line is not automatically treated as enabled by the 3343.Pa /etc/rc.d/moused 3344script. 3345Having this variable set to 3346.Dq Li YES 3347allows a 3348.Xr usb 4 3349mouse, 3350for example, 3351to be enabled as soon as it is plugged in. 3352.It Va moused_enable 3353.Pq Vt str 3354If set to 3355.Dq Li YES , 3356the 3357.Xr moused 8 3358daemon is started for doing cut/paste selection on the console. 3359.It Va moused_type 3360.Pq Vt str 3361This is the protocol type of the mouse connected to this host. 3362This variable must be set if 3363.Va moused_enable 3364is set to 3365.Dq Li YES , 3366but defaults to 3367.Dq Li auto 3368as the 3369.Xr moused 8 3370daemon 3371is able to detect the appropriate mouse type automatically in many cases. 3372Set this variable to 3373one from the following list if the automatic detection fails. 3374.Pp 3375If the mouse is attached to the PS/2 mouse port, choose 3376.Dq Li auto 3377or 3378.Dq Li ps/2 , 3379regardless of the brand and model of the mouse. 3380Likewise, if the 3381mouse is attached to the bus mouse port, choose 3382.Dq Li auto 3383or 3384.Dq Li busmouse . 3385All other protocols are for serial mice and will not work with 3386the PS/2 and bus mice. 3387If this is a USB mouse, 3388.Dq Li auto 3389is the only protocol type which will work. 3390.Pp 3391.Bl -tag -width ".Li x10mouseremote" -compact 3392.It Li microsoft 3393Microsoft mouse (serial) 3394.It Li intellimouse 3395Microsoft IntelliMouse (serial) 3396.It Li mousesystems 3397Mouse systems Corp.\& mouse (serial) 3398.It Li mmseries 3399MM Series mouse (serial) 3400.It Li logitech 3401Logitech mouse (serial) 3402.It Li busmouse 3403A bus mouse 3404.It Li mouseman 3405Logitech MouseMan and TrackMan (serial) 3406.It Li glidepoint 3407ALPS GlidePoint (serial) 3408.It Li thinkingmouse 3409Kensington ThinkingMouse (serial) 3410.It Li ps/2 3411PS/2 mouse 3412.It Li mmhittab 3413MM HitTablet (serial) 3414.It Li x10mouseremote 3415X10 MouseRemote (serial) 3416.It Li versapad 3417Interlink VersaPad (serial) 3418.El 3419.Pp 3420Even if the mouse is not in the above list, it may be compatible 3421with one in the list. 3422Refer to the manual page for 3423.Xr moused 8 3424for compatibility information. 3425.Pp 3426It should also be noted that while this is enabled, any 3427other client of the mouse (such as an X server) should access 3428the mouse through the virtual mouse device, 3429.Pa /dev/sysmouse , 3430and configure it as a 3431.Dq Li sysmouse 3432type mouse, since all 3433mouse data is converted to this single canonical format when 3434using 3435.Xr moused 8 . 3436If the client program does not support the 3437.Dq Li sysmouse 3438type, 3439specify the 3440.Dq Li mousesystems 3441type. 3442It is the second preferred type. 3443.It Va moused_port 3444.Pq Vt str 3445If 3446.Va moused_enable 3447is set to 3448.Dq Li YES , 3449this is the actual port the mouse is on. 3450It might be 3451.Pa /dev/cuau0 3452for a COM1 serial mouse, or 3453.Pa /dev/psm0 3454for a PS/2 mouse, for example. 3455.It Va moused_flags 3456.Pq Vt str 3457If 3458.Va moused_flags 3459is set, its value is used as an additional set of flags to pass to the 3460.Xr moused 8 3461daemon. 3462.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3463When 3464.Va moused_nondefault_enable 3465is enabled, and a 3466.Xr moused 8 3467daemon is started for a non-default port, the 3468.Va "moused_" Ns Ar XXX Ns Va "_flags" 3469set of options has precedence over and replaces the default 3470.Va moused_flags 3471(where 3472.Ar XXX 3473is the name of the non-default port, i.e.,\& 3474.Ar ums0 ) . 3475By setting 3476.Va "moused_" Ns Ar XXX Ns Va "_flags" 3477it is possible to set up a different set of default flags for each 3478.Xr moused 8 3479instance. 3480For example, you can use 3481.Dq Li "-3" 3482for the default 3483.Va moused_flags 3484to make your laptop's touchpad more comfortable to use, 3485but an empty set of options for 3486.Va moused_ums0_flags 3487when your 3488.Xr usb 4 3489mouse has three or more buttons. 3490.It Va mousechar_start 3491.Pq Vt int 3492If set to 3493.Dq Li NO , 3494the default mouse cursor character range 3495.Li 0xd0 Ns - Ns Li 0xd3 3496is used, 3497otherwise the range start is set 3498to 3499.Ar value 3500character, see 3501.Xr vidcontrol 1 . 3502Use if the default range is occupied in the language code table. 3503.It Va allscreens_flags 3504.Pq Vt str 3505If set, 3506.Xr vidcontrol 1 3507is run with these options for each of the virtual terminals 3508.Pq Pa /dev/ttyv* . 3509For example, 3510.Dq Fl m Cm on 3511will enable the mouse pointer on all virtual terminals 3512if 3513.Va moused_enable 3514is set to 3515.Dq Li YES . 3516.It Va allscreens_kbdflags 3517.Pq Vt str 3518If set, 3519.Xr kbdcontrol 1 3520is run with these options for each of the virtual terminals 3521.Pq Pa /dev/ttyv* . 3522For example, 3523.Dq Fl h Li 200 3524will set the 3525.Xr syscons 4 3526or 3527.Xr vt 4 3528scrollback (history) buffer to 200 lines. 3529.It Va cron_enable 3530.Pq Vt bool 3531If set to 3532.Dq Li YES , 3533run the 3534.Xr cron 8 3535daemon at system boot time. 3536.It Va cron_program 3537.Pq Vt str 3538Path to 3539.Xr cron 8 3540(default 3541.Pa /usr/sbin/cron ) . 3542.It Va cron_flags 3543.Pq Vt str 3544If 3545.Va cron_enable 3546is set to 3547.Dq Li YES , 3548these are the flags to pass to 3549.Xr cron 8 . 3550.It Va cron_dst 3551.Pq Vt bool 3552If set to 3553.Dq Li YES , 3554enable the special handling of transitions to and from the 3555Daylight Saving Time in 3556.Xr cron 8 3557(equivalent to using the flag 3558.Fl s ) . 3559.It Va lpd_program 3560.Pq Vt str 3561Path to 3562.Xr lpd 8 3563(default 3564.Pa /usr/sbin/lpd ) . 3565.It Va lpd_enable 3566.Pq Vt bool 3567If set to 3568.Dq Li YES , 3569run the 3570.Xr lpd 8 3571daemon at system boot time. 3572.It Va lpd_flags 3573.Pq Vt str 3574If 3575.Va lpd_enable 3576is set to 3577.Dq Li YES , 3578these are the flags to pass to the 3579.Xr lpd 8 3580daemon. 3581.It Va chkprintcap_enable 3582.Pq Vt bool 3583If set to 3584.Dq Li YES , 3585run the 3586.Xr chkprintcap 8 3587command before starting the 3588.Xr lpd 8 3589daemon. 3590.It Va chkprintcap_flags 3591.Pq Vt str 3592If 3593.Va lpd_enable 3594and 3595.Va chkprintcap_enable 3596are set to 3597.Dq Li YES , 3598these are the flags to pass to the 3599.Xr chkprintcap 8 3600program. 3601The default is 3602.Dq Li -d , 3603which causes missing directories to be created. 3604.It Va dumpdev 3605.Pq Vt str 3606Indicates the device (usually a swap partition) to which a crash dump 3607should be written in the event of a system crash. 3608If the value of this variable is 3609.Dq Li AUTO , 3610the first suitable swap device listed in 3611.Pa /etc/fstab 3612will be used as dump device. 3613Otherwise, the value of this variable is passed as the argument to 3614.Xr dumpon 8 3615and 3616.Xr savecore 8 . 3617To disable crash dumps, set this variable to 3618.Dq Li NO . 3619.It Va dumpon_flags 3620.Pq Vt str 3621Flags to pass to 3622.Xr dumpon 8 3623when configuring 3624.Va dumpdev 3625as the system dump device. 3626.It Va dumpdir 3627.Pq Vt str 3628When the system reboots after a crash and a crash dump is found on the 3629device specified by the 3630.Va dumpdev 3631variable, 3632.Xr savecore 8 3633will save that crash dump and a copy of the kernel to the directory 3634specified by the 3635.Va dumpdir 3636variable. 3637The default value is 3638.Pa /var/crash . 3639Set to 3640.Dq Li NO 3641to not run 3642.Xr savecore 8 3643at boot time when 3644.Va dumpdir 3645is set. 3646.It Va savecore_enable 3647.Pq Vt bool 3648If set to 3649.Dq Li NO , 3650disable automatic extraction of the crash dump from the 3651.Va dumpdev . 3652.It Va savecore_flags 3653.Pq Vt str 3654If crash dumps are enabled, these are the flags to pass to the 3655.Xr savecore 8 3656utility. 3657.It Va quota_enable 3658.Pq Vt bool 3659Set to 3660.Dq Li YES 3661to turn on user and group disk quotas on system startup via the 3662.Xr quotaon 8 3663command for all file systems marked as having quotas enabled in 3664.Pa /etc/fstab . 3665The kernel must be built with 3666.Cd "options QUOTA" 3667for disk quotas to function. 3668.It Va check_quotas 3669.Pq Vt bool 3670Set to 3671.Dq Li YES 3672to enable user and group disk quota checking via the 3673.Xr quotacheck 8 3674command. 3675.It Va quotacheck_flags 3676.Pq Vt str 3677If 3678.Va quota_enable 3679is set to 3680.Dq Li YES , 3681and 3682.Va check_quotas 3683is set to 3684.Dq Li YES , 3685these are the flags to pass to the 3686.Xr quotacheck 8 3687utility. 3688The default is 3689.Dq Li "-a" , 3690which checks quotas for all file systems with quotas enabled in 3691.Pa /etc/fstab . 3692.It Va quotaon_flags 3693.Pq Vt str 3694If 3695.Va quota_enable 3696is set to 3697.Dq Li YES , 3698these are the flags to pass to the 3699.Xr quotaon 8 3700utility. 3701The default is 3702.Dq Li "-a" , 3703which enables quotas for all file systems with quotas enabled in 3704.Pa /etc/fstab . 3705.It Va quotaoff_flags 3706.Pq Vt str 3707If 3708.Va quota_enable 3709is set to 3710.Dq Li YES , 3711these are the flags to pass to the 3712.Xr quotaoff 8 3713utility when shutting down the quota system. 3714The default is 3715.Dq Li "-a" , 3716which disables quotas for all file systems with quotas enabled in 3717.Pa /etc/fstab . 3718.It Va accounting_enable 3719.Pq Vt bool 3720Set to 3721.Dq Li YES 3722to enable system accounting through the 3723.Xr accton 8 3724facility. 3725.It Va firstboot_sentinel 3726.Pq Vt str 3727This variable specifies the full path to a 3728.Dq first boot 3729sentinel file. 3730If a file exists with this path, 3731.Pa rc.d 3732scripts with the 3733.Dq firstboot 3734keyword will be run on startup and the sentinel file will be deleted 3735after the boot process completes. 3736The sentinel file must be located on a writable file system which is 3737mounted no later than 3738.Va early_late_divider 3739to function properly. 3740The default is 3741.Pa /firstboot . 3742.It Va linux_enable 3743.Pq Vt bool 3744Set to 3745.Dq Li YES 3746to enable Linux/ELF binary emulation at system initial 3747boot time. 3748.It Va sysvipc_enable 3749.Pq Vt bool 3750If set to 3751.Dq Li YES , 3752load System V IPC primitives at boot time. 3753.It Va clear_tmp_enable 3754.Pq Vt bool 3755Set to 3756.Dq Li YES 3757to have 3758.Pa /tmp 3759cleaned at startup. 3760.It Va clear_tmp_X 3761.Pq Vt bool 3762Set to 3763.Dq Li NO 3764to disable removing of X11 lock files, 3765and the removal and (secure) recreation 3766of the various socket directories for X11 3767related programs. 3768.It Va ldconfig_paths 3769.Pq Vt str 3770Set to the list of shared library paths to use with 3771.Xr ldconfig 8 . 3772NOTE: 3773.Pa /lib 3774and 3775.Pa /usr/lib 3776will always be added first, so they need not appear in this list. 3777.It Va ldconfig32_paths 3778.Pq Vt str 3779Set to the list of 32-bit compatibility shared library paths to 3780use with 3781.Xr ldconfig 8 . 3782.It Va ldconfig_insecure 3783.Pq Vt bool 3784The 3785.Xr ldconfig 8 3786utility normally refuses to use directories 3787which are writable by anyone except root. 3788Set this variable to 3789.Dq Li YES 3790to disable that security check during system startup. 3791.It Va ldconfig_local_dirs 3792.Pq Vt str 3793Set to the list of local 3794.Xr ldconfig 8 3795directories. 3796The names of all files in the directories listed will be 3797passed as arguments to 3798.Xr ldconfig 8 . 3799.It Va ldconfig_local32_dirs 3800.Pq Vt str 3801Set to the list of local 32-bit compatibility 3802.Xr ldconfig 8 3803directories. 3804The names of all files in the directories listed will be 3805passed as arguments to 3806.Dq Nm ldconfig Fl 32 . 3807.It Va kern_securelevel_enable 3808.Pq Vt bool 3809Set to 3810.Dq Li YES 3811to set the kernel security level at system startup. 3812.It Va kern_securelevel 3813.Pq Vt int 3814The kernel security level to set at startup. 3815The allowed range of 3816.Ar value 3817ranges from \-1 (the compile time default) to 3 (the 3818most secure). 3819See 3820.Xr security 7 3821for the list of possible security levels and their effect 3822on system operation. 3823.It Va sshd_program 3824.Pq Vt str 3825Path to the SSH server program 3826.Pa ( /usr/sbin/sshd 3827is the default). 3828.It Va sshd_enable 3829.Pq Vt bool 3830Set to 3831.Dq Li YES 3832to start 3833.Xr sshd 8 3834at system boot time. 3835Note, the 3836.Va sshd_oomprotect 3837variable is set to 3838.Dq Li YES 3839by default in 3840.Pa /etc/defaults/rc.conf . 3841.It Va sshd_flags 3842.Pq Vt str 3843If 3844.Va sshd_enable 3845is set to 3846.Dq Li YES , 3847these are the flags to pass to the 3848.Xr sshd 8 3849daemon. 3850.It Va ftpd_program 3851.Pq Vt str 3852Path to the FTP server program 3853.Pa ( /usr/libexec/ftpd 3854is the default). 3855.It Va ftpd_enable 3856.Pq Vt bool 3857Set to 3858.Dq Li YES 3859to start 3860.Xr ftpd 8 3861as a stand-alone daemon at system boot time. 3862.It Va ftpd_flags 3863.Pq Vt str 3864If 3865.Va ftpd_enable 3866is set to 3867.Dq Li YES , 3868these are the additional flags to pass to the 3869.Xr ftpd 8 3870daemon. 3871.It Va watchdogd_enable 3872.Pq Vt bool 3873If set to 3874.Dq Li YES , 3875start the 3876.Xr watchdogd 8 3877daemon at boot time. 3878This requires that the kernel have been compiled with a 3879.Xr watchdog 4 3880compatible device. 3881.It Va watchdogd_flags 3882.Pq Vt str 3883If 3884.Va watchdogd_enable 3885is set to 3886.Dq Li YES , 3887these are the flags passed to the 3888.Xr watchdogd 8 3889daemon. 3890.It Va watchdogd_timeout 3891.Pq Vt int 3892If 3893.Va watchdogd_enable 3894is set to 3895.Dq Li YES , 3896this is a timeout that will be used by the 3897.Xr watchdogd 8 3898daemon. 3899If this option is set, it overrides 3900.Fl t 3901in 3902.Va watchdogd_flags . 3903.It Va watchdogd_shutdown_timeout 3904.Pq Vt int 3905If 3906.Va watchdogd_enable 3907is set to 3908.Dq Li YES , 3909this is a timeout that will be set by the 3910.Xr watchdogd 8 3911daemon when it exits during the system shutdown. 3912This timeout will not be set when returning to the single-user mode 3913or when the watchdogd service is stopped individually using the 3914.Xr service 8 3915command or the rc.d script. 3916Note that the timeout will be applied if 3917.Xr watchdogd 8 3918is stopped outside of 3919.Xr rc 8 3920framework. 3921If this option is set, it overrides 3922.Fl x 3923in 3924.Va watchdogd_flags . 3925.It Va devfs_rulesets 3926.Pq Vt str 3927List of files containing sets of rules for 3928.Xr devfs 8 . 3929.It Va devfs_system_ruleset 3930.Pq Vt str 3931Rule name(s) to apply to the system 3932.Pa /dev 3933itself. 3934.It Va devfs_set_rulesets 3935.Pq Vt str 3936Pairs of already-mounted 3937.Pa dev 3938directories and rulesets that should be applied to them. 3939For example: /mount/dev=ruleset_name 3940.It Va devfs_load_rulesets 3941.Pq Vt bool 3942If set, always load the default rulesets listed in 3943.Va devfs_rulesets . 3944.It Va performance_cx_lowest 3945.Pq Vt str 3946CPU idle state to use while on AC power. 3947The string 3948.Dq Li LOW 3949indicates that 3950.Xr acpi 4 3951should use the lowest power state available while 3952.Dq Li HIGH 3953indicates that the lowest latency state (less power savings) should be used. 3954.It Va performance_cpu_freq 3955.Pq Vt str 3956CPU clock frequency to use while on AC power. 3957The string 3958.Dq Li LOW 3959indicates that 3960.Xr cpufreq 4 3961should use the lowest frequency available while 3962.Dq Li HIGH 3963indicates that the highest frequency (less power savings) should be used. 3964.It Va economy_cx_lowest 3965.Pq Vt str 3966CPU idle state to use when off AC power. 3967The string 3968.Dq Li LOW 3969indicates that 3970.Xr acpi 4 3971should use the lowest power state available while 3972.Dq Li HIGH 3973indicates that the lowest latency state (less power savings) should be used. 3974.It Va economy_cpu_freq 3975.Pq Vt str 3976CPU clock frequency to use when off AC power. 3977The string 3978.Dq Li LOW 3979indicates that 3980.Xr cpufreq 4 3981should use the lowest frequency available while 3982.Dq Li HIGH 3983indicates that the highest frequency (less power savings) should be used. 3984.It Va jail_enable 3985.Pq Vt bool 3986If set to 3987.Dq Li NO , 3988any configured jails will not be started. 3989.It Va jail_conf 3990.Pq Vt str 3991The configuration filename used by 3992.Xr jail 8 3993utility. 3994The default value is 3995.Pa /etc/jail.conf . 3996.Pa /etc/jail\&. Ns Ao Va jname Ac Ns Pa .conf 3997and 3998.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf 3999will also be used if 4000.Ao Va jname Ac 4001is set in 4002.Va jail_list . 4003.It Va jail_parallel_start 4004.Pq Vt bool 4005If set to 4006.Dq Li YES , 4007all configured jails will be started in the background (in parallel). 4008.It Va jail_flags 4009.Pq Vt str 4010Unset by default. 4011When set, use as default value for 4012.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4013for every jail in 4014.Va jail_list . 4015.It Va jail_list 4016.Pq Vt str 4017A space-delimited list of jail names. 4018When left empty, all of the 4019.Xr jail 8 4020instances defined in the configuration file are started. 4021The names specified in this list control the jail startup order. 4022.Xr jail 8 4023instances missing from 4024.Va jail_list 4025must be started manually. 4026Note that a jail's 4027.Va depend 4028parameter in the configuration file may override this list. 4029.It Va jail_reverse_stop 4030.Pq Vt bool 4031When set to 4032.Dq Li YES , 4033all configured jails in 4034.Va jail_list 4035are stopped in reverse order. 4036.It Va jail_ Ns * variables 4037Note that older releases supported per-jail configuration via 4038.Nm 4039variables. 4040For example, 4041hostname of a jail named 4042.Li vjail 4043was able to be set by 4044.Li jail_vjail_hostname . 4045These per-jail configuration variables are now obsolete in favor of 4046.Xr jail 8 4047configuration file. 4048For backward compatibility, 4049when per-jail configuration variables are defined, 4050.Xr jail 8 4051configuration files are created as 4052.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4053and used. 4054.Pp 4055The following per-jail parameters are handled by 4056.Pa rc.d/jail 4057script out of their corresponding 4058.Nm 4059variables. 4060In addition to them, parameters in 4061.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4062will be added to the configuration file. 4063They must be a semi-colon 4064.Pq Ql \&; 4065delimited list of 4066.Dq key=value . 4067For more details, 4068see 4069.Xr jail 8 4070manual page. 4071.Bl -tag -width "host.hostname" -offset indent 4072.It Li path 4073set from 4074.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4075.It Li host.hostname 4076set from 4077.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4078.It Li exec.consolelog 4079set from 4080.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4081The default value is 4082.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4083.It Li interface 4084set from 4085.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4086.It Li vnet.interface 4087set from 4088.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4089This implies 4090.Li vnet 4091parameter will be enabled and cannot be specified with 4092.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4093.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4094and/or 4095.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4096at the same time. 4097.It Li fstab 4098set from 4099.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4100.It Li mount 4101set from 4102.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4103.It Li exec.fib 4104set from 4105.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4106.It Li exec.start 4107set from 4108.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4109The parameter name was 4110.Li command 4111in some older releases. 4112.It Li exec.prestart 4113set from 4114.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4115.It Li exec.poststart 4116set from 4117.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4118.It Li exec.stop 4119set from 4120.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4121.It Li exec.prestop 4122set from 4123.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4124.It Li exec.poststop 4125set from 4126.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4127.It Li ip4.addr 4128set if 4129.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4130or 4131.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4132contain IPv4 addresses 4133.It Li ip6.addr 4134set if 4135.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4136or 4137.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4138contain IPv6 addresses 4139.It Li allow.mount 4140set from 4141.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4142.It Li mount.devfs 4143set from 4144.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4145.It Li devfs_ruleset 4146set from 4147.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4148This must be an integer, 4149not a string. 4150.It Li mount.fdescfs 4151set from 4152.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4153.It Li allow.set_hostname 4154set from 4155.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4156.It Li allow.rawsocket 4157set from 4158.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4159.It Li allow.sysvipc 4160set from 4161.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4162.El 4163.\" ----------------------------------------------------- 4164.It Va harvest_mask 4165.Pq Vt int 4166Set to a bit-mask 4167representing the entropy sources 4168you wish to harvest. 4169Refer to 4170.Xr random 4 4171for more information. 4172.It Va entropy_dir 4173.Pq Vt str 4174Set to 4175.Dq Li NO 4176to disable caching entropy via 4177.Xr cron 8 . 4178Otherwise set to the directory 4179in which the entropy files are stored. 4180To be useful, 4181there must be 4182a system cron job 4183that regularly writes and rotates 4184files here. 4185All files found 4186will be used at boot time. 4187The default is 4188.Pa /var/db/entropy . 4189.It Va entropy_file 4190.Pq Vt str 4191Set to 4192.Dq Li NO 4193to disable caching entropy through reboots. 4194Otherwise set to the name 4195of a file used to store cached entropy. 4196This file should be located 4197on a file system that is readable 4198before all the volumes specified in 4199.Xr fstab 5 4200are mounted. 4201By default, 4202.Pa /entropy 4203is used, 4204but if 4205.Pa /var/db/entropy-file 4206is found it will also be used. 4207This will be of some use to 4208.Xr bsdinstall 8 . 4209.It Va entropy_boot_file 4210.Pq Vt str 4211Set to 4212.Dq Li NO 4213to disable 4214very early caching entropy 4215through reboots. 4216Otherwise set to the filename 4217used to read 4218very early reboot cached entropy. 4219This file should be located where 4220.Xr loader 8 4221can read it. 4222See also 4223.Xr loader.conf 5 . 4224The default location is 4225.Pa /boot/entropy . 4226.It Va entropy_save_sz 4227.Pq Vt int 4228Size of the entropy cache files saved by 4229.Nm save-entropy 4230periodically. 4231.It Va entropy_save_num 4232.Pq Vt int 4233Number of entropy cache files to save by 4234.Nm save-entropy 4235periodically. 4236.It Va ipsec_enable 4237.Pq Vt bool 4238Set to 4239.Dq Li YES 4240to run 4241.Xr setkey 8 4242on 4243.Va ipsec_file 4244at boot time. 4245.It Va ipsec_file 4246.Pq Vt str 4247Configuration file for 4248.Xr setkey 8 . 4249.It Va dmesg_enable 4250.Pq Vt bool 4251Set to 4252.Dq Li YES 4253to save 4254.Xr dmesg 8 4255to 4256.Pa /var/run/dmesg.boot 4257on boot. 4258.It Va rcshutdown_timeout 4259.Pq Vt int 4260If set, start a watchdog timer in the background which will terminate 4261.Pa rc.shutdown 4262if 4263.Xr shutdown 8 4264has not completed within the specified time (in seconds). 4265Notice that in addition to this soft timeout, 4266.Xr init 8 4267also applies a hard timeout for the execution of 4268.Pa rc.shutdown . 4269This is configured via 4270.Xr sysctl 8 4271variable 4272.Va kern.init_shutdown_timeout 4273and defaults to 120 seconds. 4274Setting the value of 4275.Va rcshutdown_timeout 4276to more than 120 seconds will have no effect until the 4277.Xr sysctl 8 4278variable 4279.Va kern.init_shutdown_timeout 4280is also increased. 4281.It Va virecover_enable 4282.Pq Vt bool 4283Set to 4284.Dq Li NO 4285to prevent the system from trying to 4286recover prematurely terminated 4287.Xr vi 1 4288sessions. 4289.It Va ugidfw_enable 4290.Pq Vt bool 4291Set to 4292.Dq Li YES 4293to load the 4294.Xr mac_bsdextended 4 4295module upon system initialization and load a default 4296ruleset file. 4297.It Va bsdextended_script 4298.Pq Vt str 4299The default 4300.Xr mac_bsdextended 4 4301ruleset file to load. 4302The default value of this variable is 4303.Pa /etc/rc.bsdextended . 4304.It Va newsyslog_enable 4305.Pq Vt bool 4306If set to 4307.Dq Li YES , 4308run 4309.Xr newsyslog 8 4310command at startup. 4311.It Va newsyslog_flags 4312.Pq Vt str 4313If 4314.Va newsyslog_enable 4315is set to 4316.Dq Li YES , 4317these are the flags to pass to the 4318.Xr newsyslog 8 4319program. 4320The default is 4321.Dq Li -CN , 4322which causes log files flagged with a 4323.Cm C 4324to be created. 4325.It Va mdconfig_md Ns Aq Ar X 4326.Pq Vt str 4327Arguments to 4328.Xr mdconfig 8 4329for 4330.Xr md 4 4331device 4332.Ar X . 4333At minimum a 4334.Fl t Ar type 4335must be specified and either a 4336.Fl s Ar size 4337for malloc or swap backed 4338.Xr md 4 4339devices or a 4340.Fl f Ar file 4341for vnode backed 4342.Xr md 4 4343devices. 4344Note that 4345.Va mdconfig_md Ns Aq Ar X 4346variables are evaluated until one variable is unset or null. 4347.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4348.Pq Vt str 4349Optional arguments passed to 4350.Xr newfs 8 4351to initialize 4352.Xr md 4 4353device 4354.Ar X . 4355.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4356.Pq Vt str 4357An ownership specification passed to 4358.Xr chown 8 4359after the specified 4360.Xr md 4 4361device 4362.Ar X 4363has been mounted. 4364Both the 4365.Xr md 4 4366device and the mount point will be changed. 4367.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4368.Pq Vt str 4369A mode string passed to 4370.Xr chmod 1 4371after the specified 4372.Xr md 4 4373device 4374.Ar X 4375has been mounted. 4376Both the 4377.Xr md 4 4378device and the mount point will be changed. 4379.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4380.Pq Vt str 4381Files to be copied to the mount point of the 4382.Xr md 4 4383device 4384.Ar X 4385after it has been mounted. 4386.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4387.Pq Vt str 4388Command to execute after the specified 4389.Xr md 4 4390device 4391.Ar X 4392has been mounted. 4393Note that the command is passed to 4394.Ic eval 4395and that both 4396.Va _dev 4397and 4398.Va _mp 4399variables can be used to reference respectively the 4400.Xr md 4 4401device and the mount point. 4402Assuming that the 4403.Xr md 4 4404device is 4405.Li md0 , 4406one could set the following: 4407.Bd -literal 4408mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4409.Ed 4410.It Va autobridge_interfaces 4411.Pq Vt str 4412Set to the list of bridge interfaces that will have newly arriving interfaces 4413checked against to be automatically added. 4414If not set to 4415.Dq Li NO 4416then for each whitespace separated 4417.Ar element 4418in the value, a 4419.Va autobridge_ Ns Aq Ar element 4420variable is assumed to exist which has a whitespace separated list of interface 4421names to match, these names can use wildcards. 4422For example: 4423.Bd -literal 4424autobridge_interfaces="bridge0" 4425autobridge_bridge0="tap* dc0 vlan[345]" 4426.Ed 4427.It Va mixer_enable 4428.Pq Vt bool 4429If set to 4430.Dq Li YES , 4431enable support for sound mixer. 4432.It Va hcsecd_enable 4433.Pq Vt bool 4434If set to 4435.Dq Li YES , 4436enable Bluetooth security daemon. 4437.It Va hcsecd_config 4438.Pq Vt str 4439Configuration file for 4440.Xr hcsecd 8 . 4441Default 4442.Pa /etc/bluetooth/hcsecd.conf . 4443.It Va sdpd_enable 4444.Pq Vt bool 4445If set to 4446.Dq Li YES , 4447enable Bluetooth Service Discovery Protocol daemon. 4448.It Va sdpd_control 4449.Pq Vt str 4450Path to 4451.Xr sdpd 8 4452control socket. 4453Default 4454.Pa /var/run/sdp . 4455.It Va sdpd_groupname 4456.Pq Vt str 4457Sets 4458.Xr sdpd 8 4459group to run as after it initializes. 4460Default 4461.Dq Li nobody . 4462.It Va sdpd_username 4463.Pq Vt str 4464Sets 4465.Xr sdpd 8 4466user to run as after it initializes. 4467Default 4468.Dq Li nobody . 4469.It Va bthidd_enable 4470.Pq Vt bool 4471If set to 4472.Dq Li YES , 4473enable Bluetooth Human Interface Device daemon. 4474.It Va bthidd_config 4475.Pq Vt str 4476Configuration file for 4477.Xr bthidd 8 . 4478Default 4479.Pa /etc/bluetooth/bthidd.conf . 4480.It Va bthidd_hids 4481.Pq Vt str 4482Path to a file, where 4483.Xr bthidd 8 4484will store information about known HID devices. 4485Default 4486.Pa /var/db/bthidd.hids . 4487.It Va rfcomm_pppd_server_enable 4488.Pq Vt bool 4489If set to 4490.Dq Li YES , 4491enable Bluetooth RFCOMM PPP wrapper daemon. 4492.It Va rfcomm_pppd_server_profile 4493.Pq Vt str 4494The name of the profile to use from 4495.Pa /etc/ppp/ppp.conf . 4496Multiple profiles can be specified here. 4497Also used to specify per-profile overrides. 4498When the profile name contains any of the characters 4499.Dq Li .-/+ 4500they are translated to 4501.Dq Li _ 4502for the proposes of the override variable names. 4503.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4504.Pq Vt str 4505Overrides local address to listen on. 4506By default 4507.Xr rfcomm_pppd 8 4508will listen on 4509.Dq Li ANY 4510address. 4511The address can be specified as BD_ADDR or name. 4512.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4513.Pq Vt str 4514Overrides local RFCOMM channel to listen on. 4515By default 4516.Xr rfcomm_pppd 8 4517will listen on RFCOMM channel 1. 4518Must set properly if multiple profiles used in the same time. 4519.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4520.Pq Vt bool 4521Tells 4522.Xr rfcomm_pppd 8 4523if it should register Serial Port service on the specified RFCOMM channel. 4524Default 4525.Dq Li NO . 4526.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4527.Pq Vt bool 4528Tells 4529.Xr rfcomm_pppd 8 4530if it should register Dial-Up Networking service on the specified 4531RFCOMM channel. 4532Default 4533.Dq Li NO . 4534.It Va ubthidhci_enable 4535.Pq Vt bool 4536If set to 4537.Dq Li YES , 4538change the USB Bluetooth controller from HID mode to HCI mode. 4539You also need to specify the location of USB Bluetooth controller with the 4540.Va ubthidhci_busnum 4541and 4542.Va ubthidhci_addr 4543variables. 4544.It Va ubthidhci_busnum 4545Bus number where the USB Bluetooth controller is located. 4546Check the output of 4547.Xr usbconfig 8 4548on your system to find this information. 4549.It Va ubthidhci_addr 4550Bus address of the USB Bluetooth controller. 4551Check the output of 4552.Xr usbconfig 8 4553on your system to find this information. 4554.It Va utx_enable 4555.Pq Vt bool 4556Set to 4557.Dq Li YES 4558to enable user accounting through the 4559.Xr utx 8 4560facility. 4561.It Va netwait_enable 4562.Pq Vt bool 4563If set to 4564.Dq Li YES , 4565delays the start of network-reliant services until 4566.Va netwait_if 4567is up and ICMP packets to a destination defined in 4568.Va netwait_ip 4569are flowing. 4570Link state is examined first, followed by 4571.Dq Li pinging 4572an IP address to verify network usability. 4573If no destination can be reached or timeouts are exceeded, 4574network services are started anyway with no guarantee that 4575the network is usable. 4576Use of this variable requires both 4577.Va netwait_ip 4578and 4579.Va netwait_if 4580to be set. 4581.It Va netwait_ip 4582.Pq Vt str 4583Empty by default. 4584This variable contains a space-delimited list of IP addresses to 4585.Xr ping 8 . 4586DNS hostnames should not be used as resolution is not guaranteed 4587to be functional at this point. 4588If multiple IP addresses are specified, 4589each will be tried until one is successful or the list is exhausted. 4590.It Va netwait_timeout 4591.Pq Vt int 4592Indicates the total number of seconds to perform a 4593.Dq Li ping 4594against each IP address in 4595.Va netwait_ip , 4596at a rate of one ping per second. 4597If any of the pings are successful, 4598full network connectivity is considered reliable. 4599The default is 60. 4600.It Va netwait_if 4601.Pq Vt str 4602Empty by default. 4603Defines the name of the network interface on which watch for link. 4604.Xr ifconfig 8 4605is used to monitor the interface, looking for 4606.Dq Li status: no carrier . 4607Once gone, the link is considered up. 4608This can be a 4609.Xr vlan 4 4610interface if desired. 4611.It Va netwait_if_timeout 4612.Pq Vt int 4613Defines the total number of seconds to wait for link to become usable, 4614polled at a 1-second interval. 4615The default is 30. 4616.It Va rctl_enable 4617.Pq Vt bool 4618If set to 4619.Dq Li YES , 4620load 4621.Xr rctl 8 4622rules from the defined ruleset. 4623The kernel must be built with 4624.Cd "options RACCT" 4625and 4626.Cd "options RCTL" . 4627.It Va rctl_rules 4628.Pq Vt str 4629Set to 4630.Pa /etc/rctl.conf 4631by default. 4632This variables contains the 4633.Xr rctl.conf 5 4634ruleset to load for 4635.Xr rctl 8 . 4636.It Va iovctl_files 4637.Pq Vt str 4638A space-separated list of configuration files used by 4639.Xr iovctl 8 . 4640The default value is an empty string. 4641.It Va autofs_enable 4642.Pq Vt bool 4643If set to 4644.Dq Li YES , 4645start the 4646.Xr automount 8 4647utility and the 4648.Xr automountd 8 4649and 4650.Xr autounmountd 8 4651daemons at boot time. 4652.It Va automount_flags 4653.Pq Vt str 4654If 4655.Va autofs_enable 4656is set to 4657.Dq Li YES , 4658these are the flags to pass to the 4659.Xr automount 8 4660program. 4661By default no flags are passed. 4662.It Va automountd_flags 4663.Pq Vt str 4664If 4665.Va autofs_enable 4666is set to 4667.Dq Li YES , 4668these are the flags to pass to the 4669.Xr automountd 8 4670daemon. 4671By default no flags are passed. 4672.It Va autounmountd_flags 4673.Pq Vt str 4674If 4675.Va autofs_enable 4676is set to 4677.Dq Li YES , 4678these are the flags to pass to the 4679.Xr autounmountd 8 4680daemon. 4681By default no flags are passed. 4682.It Va ctld_enable 4683.Pq Vt bool 4684If set to 4685.Dq Li YES , 4686start the 4687.Xr ctld 8 4688daemon at boot time. 4689.It Va iscsid_enable 4690.Pq Vt bool 4691If set to 4692.Dq Li YES , 4693start the 4694.Xr iscsid 8 4695daemon at boot time. 4696.It Va iscsictl_enable 4697.Pq Vt bool 4698If set to 4699.Dq Li YES , 4700start the 4701.Xr iscsictl 8 4702utility at boot time. 4703.It Va iscsictl_flags 4704.Pq Vt str 4705If 4706.Va iscsictl_enable 4707is set to 4708.Dq Li YES , 4709these are the flags to pass to the 4710.Xr iscsictl 8 4711program. 4712The default is 4713.Dq Li -Aa , 4714which configures sessions based on the 4715.Pa /etc/iscsi.conf 4716configuration file. 4717.It Va cfumass_enable 4718.Pq Vt bool 4719If set to 4720.Dq Li YES , 4721create and export an USB LUN using 4722.Xr cfumass 4 4723at boot time. 4724.It Va cfumass_dir 4725.Pq Vt str 4726The directory where the files exported by USB LUN are located. 4727The default directory is 4728.Pa /var/cfumass . 4729.It Va service_delete_empty 4730.Pq Vt bool 4731If set to 4732.Dq Li YES , 4733.Ql Li service delete 4734removes empty 4735.Dq Li rc.conf.d 4736files. 4737.It Va zfs_bootonce_activate 4738.Pq Vt bool 4739If set to 4740.Dq Li YES , 4741and a boot environment marked bootonce is successfully booted, 4742it will be made permanently active. 4743.It Va zfskeys_enable 4744.Pq Vt bool 4745If set to 4746.Dq Li YES , 4747enable auto-loading of encryption keys for encrypted ZFS datasets. 4748For every dataset the script will first load the appropriate encryption key 4749and then attempt to unlock the dataset. 4750.Pp 4751The script operates only on datasets which are encrypted with 4752ZFS native encryption 4753and have a ZFS 4754.Dq Li keylocation 4755dataset property beginning with 4756.Dq Li file:// . 4757.It Va zfskeys_datasets 4758.Pq Vt str 4759A whitespace-separated list of ZFS datasets to unlock. 4760The list is empty by default, 4761which means that the script will attempt to unlock all datasets. 4762.It Va zfskeys_timeout 4763.Pq Vt int 4764Define the total number of seconds to wait for the zfskeys script 4765to unlock an encrypted dataset. 4766The default is 10. 4767.It Va sendmail_enable 4768.Pq Vt str 4769If set to 4770.Dq Li YES , 4771run the 4772.Xr sendmail 8 4773daemon at system boot time. 4774If set to 4775.Dq Li NO , 4776do not run a 4777.Xr sendmail 8 4778daemon to listen for incoming network mail. 4779This does not preclude a 4780.Xr sendmail 8 4781daemon listening on the SMTP port of the loopback interface. 4782The 4783.Dq Li NONE 4784option sets each 4785.Va sendmail_enable , 4786.Va sendmail_submit_enable , 4787.Va sendmail_outbound_enable , 4788.Va sendmail_msp_queue_enable 4789to 4790.Dq Li NO . 4791.It Va sendmail_cert_create 4792.Pq Vt str 4793If 4794.Va sendmail_enable 4795is set to 4796.Dq Li YES , 4797create a signed certificate 4798.Pa /etc/mail/certs/host.cert 4799representing 4800.Pa /etc/mail/certs/host.key 4801by the CA certificate in 4802.Pa /etc/mail/certs/cacert.pem . 4803This will enable connecting hosts to negotiate STARTTLS allowing incoming 4804email to be encrypted in transit. 4805.Xr sendmail 8 4806needs to be configured to use these generated files. 4807The default configuration in 4808.Pa /etc/mail/freebsd.mc 4809has the required options in it. 4810.It Va sendmail_cert_cn 4811.Pq Vt str 4812If 4813.Va sendmail_enable 4814is set to 4815.Dq Li YES 4816and 4817.Va sendmail_cert_create 4818is set to 4819.Dq Li YES , 4820this is the Common Name (CN) of the certificate that will be created. 4821If 4822.Va sendmail_cert_cn 4823is not set, the system's hostname will be used. 4824If there is no hostname set, 4825.Dq Li amnesiac 4826will be used. 4827.It Va sendmail_flags 4828.Pq Vt str 4829If 4830.Va sendmail_enable 4831is set to 4832.Dq Li YES , 4833these are the flags to pass to the 4834.Xr sendmail 8 4835daemon. 4836.It Va sendmail_submit_enable 4837.Pq Vt bool 4838If set to 4839.Dq Li YES 4840and 4841.Va sendmail_enable 4842is set to 4843.Dq Li NO , 4844run 4845.Xr sendmail 8 4846using 4847.Va sendmail_submit_flags 4848instead of 4849.Va sendmail_flags . 4850This is intended to allow local mail submission via 4851a localhost-only listening SMTP service required for running 4852.Xr sendmail 8 4853as a non-set-user-ID binary. 4854Note that this does not work inside 4855.Xr jail 2 4856systems, as jails do not allow binding to just the localhost interface. 4857.It Va sendmail_submit_flags 4858.Pq Vt str 4859If 4860.Va sendmail_enable 4861is set to 4862.Dq Li NO 4863and 4864.Va sendmail_submit_enable 4865is set to 4866.Dq Li YES , 4867these are the flags to pass to the 4868.Xr sendmail 8 4869daemon. 4870.It Va sendmail_outbound_enable 4871.Pq Vt bool 4872If set to 4873.Dq Li YES 4874and both 4875.Va sendmail_enable 4876and 4877.Va sendmail_submit_enable 4878are set to 4879.Dq Li NO , 4880run 4881.Xr sendmail 8 4882using 4883.Va sendmail_outbound_flags 4884instead of 4885.Va sendmail_flags . 4886This is intended to allow local mail queue management 4887for systems that do not offer a listening SMTP service. 4888.It Va sendmail_outbound_flags 4889.Pq Vt str 4890If both 4891.Va sendmail_enable 4892and 4893.Va sendmail_submit_enable 4894are set to 4895.Dq Li NO 4896and 4897.Va sendmail_outbound_enable 4898is set to 4899.Dq Li YES , 4900these are the flags to pass to the 4901.Xr sendmail 8 4902daemon. 4903.It Va sendmail_msp_queue_enable 4904.Pq Vt bool 4905If set to 4906.Dq Li YES , 4907start a client (MSP) queue runner 4908.Xr sendmail 8 4909daemon at system boot time. 4910As of sendmail 8.12, a separate queue is used for command line 4911submissions. 4912The client queue runner ensures that nothing is 4913left behind in the submission queue. 4914.It Va sendmail_msp_queue_flags 4915.Pq Vt str 4916If 4917.Va sendmail_msp_queue_enable 4918is set to 4919daemon. 4920.Dq Li YES , 4921these are the flags to pass to the 4922.Xr sendmail 8 4923.El 4924.Sh FILES 4925.Bl -tag -width "/etc/defaults/rc.conf" -compact 4926.It Pa /etc/defaults/rc.conf 4927.It Pa /etc/defaults/vendor.conf 4928.It Pa /etc/rc.conf 4929.It Pa /etc/rc.conf.local 4930.It Pa /etc/rc.conf.d/ 4931.El 4932.Sh SEE ALSO 4933.Xr chmod 1 , 4934.Xr cpuset 1 , 4935.Xr gdb 1 Pq Pa ports/devel/gdb , 4936.Xr kbdcontrol 1 , 4937.Xr limits 1 , 4938.Xr protect 1 , 4939.Xr sh 1 , 4940.Xr umask 1 , 4941.Xr uuidgen 1 , 4942.Xr vi 1 , 4943.Xr vidcontrol 1 , 4944.Xr bridge 4 , 4945.Xr dummynet 4 , 4946.Xr ip 4 , 4947.Xr ipf 4 , 4948.Xr ipfw 4 , 4949.Xr ipnat 4 , 4950.Xr kld 4 , 4951.Xr pf 4 , 4952.Xr pflog 4 , 4953.Xr pfsync 4 , 4954.Xr tcp 4 , 4955.Xr udp 4 , 4956.Xr exports 5 , 4957.Xr fstab 5 , 4958.Xr ipf 5 , 4959.Xr ipnat 5 , 4960.Xr jail.conf 5 , 4961.Xr loader.conf 5 , 4962.Xr login.conf 5 , 4963.Xr motd 5 , 4964.Xr newsyslog.conf 5 , 4965.Xr pf.conf 5 , 4966.Xr firewall 7 , 4967.Xr growfs 7 , 4968.Xr security 7 , 4969.Xr tuning 7 , 4970.Xr accton 8 , 4971.Xr apm 8 , 4972.Xr bsdinstall 8 , 4973.Xr bthidd 8 , 4974.Xr chkprintcap 8 , 4975.Xr chown 8 , 4976.Xr cron 8 , 4977.Xr devfs 8 , 4978.Xr dhclient 8 , 4979.Xr ftpd 8 , 4980.Xr geli 8 , 4981.Xr hcsecd 8 , 4982.Xr ifconfig 8 , 4983.Xr inetd 8 , 4984.Xr iovctl 8 , 4985.Xr ipf 8 , 4986.Xr ipfw 8 , 4987.Xr ipnat 8 , 4988.Xr jail 8 , 4989.Xr kldxref 8 , 4990.Xr loader 8 , 4991.Xr lpd 8 , 4992.Xr makewhatis 8 , 4993.Xr mdconfig 8 , 4994.Xr mdmfs 8 , 4995.Xr mixer 8 , 4996.Xr mountd 8 , 4997.Xr moused 8 , 4998.Xr newfs 8 , 4999.Xr newsyslog 8 , 5000.Xr nfsd 8 , 5001.Xr ntpd 8 , 5002.Xr ntpdate 8 , 5003.Xr pfctl 8 , 5004.Xr pflogd 8 , 5005.Xr ping 8 , 5006.Xr powerd 8 , 5007.Xr quotacheck 8 , 5008.Xr quotaon 8 , 5009.Xr rc 8 , 5010.Xr rc.subr 8 , 5011.Xr rcorder 8 , 5012.Xr rfcomm_pppd 8 , 5013.Xr route 8 , 5014.Xr route6d 8 , 5015.Xr routed 8 , 5016.Xr rpc.lockd 8 , 5017.Xr rpc.statd 8 , 5018.Xr rpc.tlsclntd 8 , 5019.Xr rpc.tlsservd 8 , 5020.Xr rpcbind 8 , 5021.Xr rwhod 8 , 5022.Xr savecore 8 , 5023.Xr sdpd 8 , 5024.Xr sendmail 8 , 5025.Xr service 8 , 5026.Xr sshd 8 , 5027.Xr swapon 8 , 5028.Xr sysctl 8 , 5029.Xr syslogd 8 , 5030.Xr sysrc 8 , 5031.Xr unbound 8 , 5032.Xr usbconfig 8 , 5033.Xr utx 8 , 5034.Xr wlandebug 8 , 5035.Xr yp 8 , 5036.Xr ypbind 8 , 5037.Xr ypserv 8 , 5038.Xr ypset 8 5039.Sh HISTORY 5040The 5041.Nm 5042file appeared in 5043.Fx 2.2.2 . 5044.Sh AUTHORS 5045.An Jordan K. Hubbard . 5046