1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd October 24, 2018 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67The sysrc(8) command provides a scripting interface to modify system 68config files. 69.Pp 70In addition to 71.Pa /etc/rc.conf.local 72you can also place smaller configuration files for each 73.Xr rc 8 74script in the 75.Pa /etc/rc.conf.d 76directory or 77.Ao Ar dir Ac Ns Pa /rc.conf.d 78directories specified in 79.Va local_startup , 80which will be included by the 81.Va load_rc_config 82function. 83For jail configurations you could use the file 84.Pa /etc/rc.conf.d/jail 85to store jail specific configuration options. 86If 87.Va local_startup 88contains 89.Pa /usr/local/etc/rc.d 90and 91.Pa /opt/conf , 92.Pa /usr/local/rc.conf.d/jail 93and 94.Pa /opt/conf/rc.conf.d/jail 95will be loaded. 96If 97.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 98is a directory, 99all of files in the directory will be loaded. 100Also see the 101.Va rc_conf_files 102variable below. 103.Pp 104Options are set with 105.Dq Ar name Ns Li = Ns Ar value 106assignments that use 107.Xr sh 1 108syntax. 109The following list provides a name and short description for each 110variable that can be set in the 111.Nm 112file: 113.Bl -tag -width indent-two 114.It Va rc_debug 115.Pq Vt bool 116If set to 117.Dq Li YES , 118enable output of debug messages from rc scripts. 119This variable can be helpful in diagnosing mistakes when 120editing or integrating new scripts. 121Beware that this produces copious output to the terminal and 122.Xr syslog 3 . 123.It Va rc_info 124.Pq Vt bool 125If set to 126.Dq Li NO , 127disable informational messages from the rc scripts. 128Informational messages are displayed when 129a condition that is not serious enough to warrant a warning or 130an error occurs. 131.It Va rc_startmsgs 132.Pq Vt bool 133If set to 134.Dq Li YES , 135show 136.Dq Starting foo: 137when faststart is used (e.g., at boot time). 138.It Va early_late_divider 139.Pq Vt str 140The name of the script that should be used as the 141delimiter between the 142.Dq early 143and 144.Dq late 145stages of the boot process. 146The early stage should contain all the services needed to 147get the disks (local or remote) mounted so that the late 148stage can include scripts contained in the directories 149listed in the 150.Va local_startup 151variable (see below). 152Thus, the two likely candidates for this value are 153.Pa mountcritlocal 154for the typical system, and 155.Pa mountcritremote 156if the system needs remote file 157systems mounted to get access to the 158.Va local_startup 159directories; for example when 160.Pa /usr/local 161is NFS mounted. 162For 163.Pa rc.conf 164within a 165.Xr jail 8 166.Pa NETWORKING 167is likely to be an appropriate value. 168Extreme care should be taken when changing this value, 169and before changing it one should ensure that there are 170adequate provisions to recover from a failed boot 171(such as physical contact with the machine, 172or reliable remote console access). 173.It Va always_force_depends 174.Pq Vt bool 175Various 176.Pa rc.d 177scripts use the force_depend function to check whether required 178services are already running, and to start them if necessary. 179By default during boot time this check is bypassed if the 180required service is enabled in 181.Pa /etc/rc.conf[.local] . 182Setting this option will bypass that check at boot time and 183always test whether or not the service is actually running. 184Enabling this option is likely to increase your boot time if 185services are enabled that utilize the force_depend check. 186.It Ao Ar name Ac Ns Va _chroot 187.Pq Vt str 188.Xr chroot 8 189to this directory before running the service. 190.It Ao Ar name Ac Ns Va _user 191.Pq Vt str 192Run the service under this user account. 193.It Ao Ar name Ac Ns Va _group 194.Pq Vt str 195Run the chrooted service under this system group. 196Unlike the _user 197setting, this setting has no effect if the service is not chrooted. 198.It Ao Ar name Ac Ns Va _fib 199.Pq Vt int 200The 201.Xr setfib 1 202value to run the service under. 203.It Ao Ar name Ac Ns Va _nice 204.Pq Vt int 205The 206.Xr nice 1 207value to run the service under. 208.It Va apm_enable 209.Pq Vt bool 210If set to 211.Dq Li YES , 212enable support for Automatic Power Management with 213the 214.Xr apm 8 215command. 216.It Va apmd_enable 217.Pq Vt bool 218Run 219.Xr apmd 8 220to handle APM event from userland. 221This also enables support for APM. 222.It Va apmd_flags 223.Pq Vt str 224If 225.Va apmd_enable 226is set to 227.Dq Li YES , 228these are the flags to pass to the 229.Xr apmd 8 230daemon. 231.It Va devd_enable 232.Pq Vt bool 233Run 234.Xr devd 8 235to handle device added, removed or unknown events from the kernel. 236.It Va ddb_enable 237.Pq Vt bool 238Run 239.Xr ddb 8 240to install 241.Xr ddb 4 242scripts at boot time. 243.It Va ddb_config 244.Pq Vt str 245Configuration file for 246.Xr ddb 8 . 247Default 248.Pa /etc/ddb.conf . 249.It Va kld_list 250.Pq Vt str 251A list of kernel modules to load right after the local 252disks are mounted. 253Loading modules at this point in the boot process is 254much faster than doing it via 255.Pa /boot/loader.conf 256for those modules not necessary for mounting local disk. 257.It Va kldxref_enable 258.Pq Vt bool 259Set to 260.Dq Li NO 261by default. 262Set to 263.Dq Li YES 264to automatically rebuild 265.Pa linker.hints 266files with 267.Xr kldxref 8 268at boot time. 269.It Va kldxref_clobber 270.Pq Vt bool 271Set to 272.Dq Li NO 273by default. 274If 275.Va kldxref_enable 276is true, 277setting to 278.Dq Li YES 279will overwrite existing 280.Pa linker.hints 281files at boot time. 282Otherwise, 283only missing 284.Pa linker.hints 285files are generated. 286.It Va kldxref_module_path 287.Pq Vt str 288Empty by default. 289A semi-colon 290.Pq Ql \&; 291delimited list of paths containing 292.Xr kld 4 293modules. 294If empty, 295the contents of the 296.Va kern.module_path 297.Xr sysctl 8 298are used. 299.It Va powerd_enable 300.Pq Vt bool 301If set to 302.Dq Li YES , 303enable the system power control facility with the 304.Xr powerd 8 305daemon. 306.It Va powerd_flags 307.Pq Vt str 308If 309.Va powerd_enable 310is set to 311.Dq Li YES , 312these are the flags to pass to the 313.Xr powerd 8 314daemon. 315.It Va tmpmfs 316Controls the creation of a 317.Pa /tmp 318memory file system. 319Always happens if set to 320.Dq Li YES 321and never happens if set to 322.Dq Li NO . 323If set to anything else, a memory file system is created if 324.Pa /tmp 325is not writable. 326.It Va tmpsize 327Controls the size of a created 328.Pa /tmp 329memory file system. 330.It Va tmpmfs_flags 331Extra options passed to the 332.Xr mdmfs 8 333utility when the memory file system for 334.Pa /tmp 335is created. 336The default is 337.Dq Li "-S" , 338which inhibits the use of softupdates on 339.Pa /tmp 340so that file system space is freed without delay 341after file truncation or deletion. 342See 343.Xr mdmfs 8 344for other options you can use in 345.Va tmpmfs_flags . 346.It Va varmfs 347Controls the creation of a 348.Pa /var 349memory file system. 350Always happens if set to 351.Dq Li YES 352and never happens if set to 353.Dq Li NO . 354If set to anything else, a memory file system is created if 355.Pa /var 356is not writable. 357.It Va varsize 358Controls the size of a created 359.Pa /var 360memory file system. 361.It Va varmfs_flags 362Extra options passed to the 363.Xr mdmfs 8 364utility when the memory file system for 365.Pa /var 366is created. 367The default is 368.Dq Li "-S" , 369which inhibits the use of softupdates on 370.Pa /var 371so that file system space is freed without delay 372after file truncation or deletion. 373See 374.Xr mdmfs 8 375for other options you can use in 376.Va varmfs_flags . 377.It Va populate_var 378Controls the automatic population of the 379.Pa /var 380file system. 381Always happens if set to 382.Dq Li YES 383and never happens if set to 384.Dq Li NO . 385If set to anything else, a memory file system is created if 386.Pa /var 387is not writable. 388Note that this process requires access to certain commands in 389.Pa /usr 390before 391.Pa /usr 392is mounted on normal systems. 393.It Va cleanvar_enable 394.Pq Vt bool 395Clean the 396.Pa /var 397directory. 398.It Va local_startup 399.Pq Vt str 400List of directories to search for startup script files. 401.It Va script_name_sep 402.Pq Vt str 403The field separator to use for breaking down the list of startup script files 404into individual filenames. 405The default is a space. 406It is not necessary to change this unless there are startup scripts with names 407containing spaces. 408.It Va hostapd_enable 409.Pq Vt bool 410Set to 411.Dq Li YES 412to start 413.Xr hostapd 8 414at system boot time. 415.It Va hostname 416.Pq Vt str 417The fully qualified domain name (FQDN) of this host on the network. 418This should almost certainly be set to something meaningful, even if 419there is no network connection. 420If 421.Xr dhclient 8 422is used to set the hostname via DHCP, 423this variable should be set to an empty string. 424Within a 425.Xr jail 8 426the hostname is generally already set and this variable may absent. 427If this value remains unset when the system is done booting 428your console login will display the default hostname of 429.Dq Amnesiac . 430.It Va nisdomainname 431.Pq Vt str 432The NIS domain name of this host, or 433.Dq Li NO 434if NIS is not used. 435.It Va dhclient_program 436.Pq Vt str 437Path to the DHCP client program 438.Pa ( /sbin/dhclient , 439the 440.Ox 441DHCP client, 442is the default). 443.It Va dhclient_flags 444.Pq Vt str 445Additional flags to pass to the DHCP client program. 446For the 447.Ox 448DHCP client, see the 449.Xr dhclient 8 450manpage for a description of the command line options available. 451.It Va dhclient_flags_ Ns Aq Ar iface 452Additional flags to pass to the DHCP client program running on 453.Ar iface 454only. 455When specified, this variable overrides 456.Va dhclient_flags . 457.It Va background_dhclient 458.Pq Vt bool 459Set to 460.Dq Li YES 461to start the DHCP client in background. 462This can cause trouble with applications depending on 463a working network, but it will provide a faster startup 464in many cases. 465.It Va background_dhclient_ Ns Aq Ar iface 466When specified, this variable overrides the 467.Va background_dhclient 468variable for interface 469.Ar iface 470only. 471.It Va synchronous_dhclient 472.Pq Vt bool 473Set to 474.Dq Li YES 475to start 476.Xr dhclient 8 477synchronously at startup. 478This behavior can be overridden on a per-interface basis by replacing 479the 480.Dq Li DHCP 481keyword in the 482.Va ifconfig_ Ns Aq Ar interface 483variable with 484.Dq Li SYNCDHCP 485or 486.Dq Li NOSYNCDHCP . 487.It Va defaultroute_delay 488.Pq Vt int 489When set to a positive value, wait up to this long after configuring 490DHCP interfaces at startup to give the interfaces time to receive a lease. 491.It Va firewall_enable 492.Pq Vt bool 493Set to 494.Dq Li YES 495to load firewall rules at startup. 496If the kernel was not built with 497.Cd "options IPFIREWALL" , 498the 499.Pa ipfw.ko 500kernel module will be loaded. 501See also 502.Va ipfilter_enable . 503.It Va firewall_script 504.Pq Vt str 505This variable specifies the full path to the firewall script to run. 506The default is 507.Pa /etc/rc.firewall . 508.It Va firewall_type 509.Pq Vt str 510Names the firewall type from the selection in 511.Pa /etc/rc.firewall , 512or the file which contains the local firewall ruleset. 513Valid selections from 514.Pa /etc/rc.firewall 515are: 516.Pp 517.Bl -tag -width ".Li simple" -compact 518.It Li open 519unrestricted IP access 520.It Li closed 521all IP services disabled, except via 522.Dq Li lo0 523.It Li client 524basic protection for a workstation 525.It Li simple 526basic protection for a LAN. 527.El 528.Pp 529If a filename is specified, the full path 530must be given. 531.It Va firewall_quiet 532.Pq Vt bool 533Set to 534.Dq Li YES 535to disable the display of firewall rules on the console during boot. 536.It Va firewall_logging 537.Pq Vt bool 538Set to 539.Dq Li YES 540to enable firewall event logging. 541This is equivalent to the 542.Dv IPFIREWALL_VERBOSE 543kernel option. 544.It Va firewall_logif 545.Pq Vt bool 546Set to 547.Dq Li YES 548to create pseudo interface 549.Li ipfw0 550for logging. 551For more details, see 552.Xr ipfw 8 553manual page. 554.It Va firewall_flags 555.Pq Vt str 556Flags passed to 557.Xr ipfw 8 558if 559.Va firewall_type 560specifies a filename. 561.It Va firewall_coscripts 562.Pq Vt str 563List of executables and/or rc scripts to run after firewall starts/stops. 564Default is empty. 565.\" ----- firewall_nat_enable setting -------------------------------- 566.It Va firewall_nat_enable 567.Pq Vt bool 568The 569.Xr ipfw 8 570equivalent of 571.Va natd_enable . 572Setting this to 573.Dq Li YES 574enables kernel NAT. 575.Va firewall_enable 576must also be set to 577.Dq Li YES . 578.It Va firewall_nat_interface 579.Pq Vt str 580The 581.Xr ipfw 8 582equivalent of 583.Va natd_interface . 584This is the name of the public interface or IP address on which 585kernel NAT should run. 586.It Va firewall_nat_flags 587.Pq Vt str 588Additional configuration parameters for kernel NAT should be placed here. 589.It Va dummynet_enable 590.Pq Vt bool 591Setting this to 592.Dq Li YES 593will automatically load the 594.Xr dummynet 4 595module if 596.Va firewall_enable 597is also set to 598.Dq Li YES . 599.\" ------------------------------------------------------------------- 600.It Va ipfw_netflow_enable 601.Pq Vt bool 602Setting this to 603.Dq Li YES 604will enable netflow logging via 605.Xr ng_netflow 4 606.Pp 607By default a ipfw rule is inserted and all packets are duplicated with 608the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 609port using protocol version 5. 610.It Va ipfw_netflow_hook 611.Pq Vt int 612netflow hook name, must be numerical 613(default 614.Pa 9995 ) . 615.It Va ipfw_netflow_rule 616.Pq Vt int 617ipfw rule number 618(default 619.Pa 1000 ) . 620.It Va ipfw_netflow_ip 621.Pq Vt str 622Destination server ip for receiving netflow data 623(default 624.Pa 127.0.0.1 ) . 625.It Va ipfw_netflow_port 626.Pq Vt int 627Destination server port for receiving netflow data 628(default 629.Pa 9995 ) . 630.It Va ipfw_netflow_version 631.Pq Vt int 632Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 633.It Va ipfw_netflow_fib 634.Pq Vt int 635Only match packet in FIB 636.Pa ipfw_netflow_fib 637(default is undefined meaning all FIBs). 638.It Va natd_program 639.Pq Vt str 640Path to 641.Xr natd 8 . 642.It Va natd_enable 643.Pq Vt bool 644Set to 645.Dq Li YES 646to enable 647.Xr natd 8 . 648.Va firewall_enable 649must also be set to 650.Dq Li YES , 651and 652.Xr divert 4 653sockets must be enabled in the kernel. 654If the kernel was not built with 655.Cd "options IPDIVERT" , 656the 657.Pa ipdivert.ko 658kernel module will be loaded. 659.It Va natd_interface 660.Pq Vt str 661This is the name of the public interface on which 662.Xr natd 8 663should run. 664The interface may be given as an interface name or as an IP address. 665.It Va natd_flags 666.Pq Vt str 667Additional 668.Xr natd 8 669flags should be placed here. 670The 671.Fl n 672or 673.Fl a 674flag is automatically added with the above 675.Va natd_interface 676as an argument. 677.\" ----- ipfilter_enable setting -------------------------------- 678.It Va ipfilter_enable 679.Pq Vt bool 680Set to 681.Dq Li NO 682by default. 683Setting this to 684.Dq Li YES 685enables 686.Xr ipf 8 687packet filtering. 688.Pp 689Typical usage will require putting 690.Bd -literal 691ipfilter_enable="YES" 692ipnat_enable="YES" 693ipmon_enable="YES" 694ipfs_enable="YES" 695.Ed 696.Pp 697into 698.Pa /etc/rc.conf 699and editing 700.Pa /etc/ipf.rules 701and 702.Pa /etc/ipnat.rules 703appropriately. 704.Pp 705Note that 706.Va ipfilter_enable 707and 708.Va ipnat_enable 709can be enabled independently. 710.Va ipmon_enable 711and 712.Va ipfs_enable 713both require at least one of 714.Va ipfilter_enable 715and 716.Va ipnat_enable 717to be enabled. 718.Pp 719Having 720.Bd -literal 721options IPFILTER 722options IPFILTER_LOG 723options IPFILTER_DEFAULT_BLOCK 724.Ed 725.Pp 726in the kernel configuration file is a good idea, too. 727.\" ----- ipfilter_program setting ------------------------------ 728.It Va ipfilter_program 729.Pq Vt str 730Path to 731.Xr ipf 8 732(default 733.Pa /sbin/ipf ) . 734.\" ----- ipfilter_rules setting -------------------------------- 735.It Va ipfilter_rules 736.Pq Vt str 737Set to 738.Pa /etc/ipf.rules 739by default. 740This variable contains the name of the filter rule definition file. 741The file is expected to be readable for the 742.Xr ipf 8 743command to execute. 744.\" ----- ipv6_ipfilter_rules setting --------------------------- 745.It Va ipv6_ipfilter_rules 746.Pq Vt str 747Set to 748.Pa /etc/ipf6.rules 749by default. 750This variable contains the IPv6 filter rule definition file. 751The file is expected to be readable for the 752.Xr ipf 8 753command to execute. 754.\" ----- ipfilter_flags setting -------------------------------- 755.It Va ipfilter_flags 756.Pq Vt str 757Empty by default. 758This variable contains flags passed to the 759.Xr ipf 8 760program. 761.\" ----- ipnat_enable setting ---------------------------------- 762.It Va ipnat_enable 763.Pq Vt bool 764Set to 765.Dq Li NO 766by default. 767Set it to 768.Dq Li YES 769to enable 770.Xr ipnat 8 771network address translation. 772See 773.Va ipfilter_enable 774for a detailed discussion. 775.\" ----- ipnat_program setting --------------------------------- 776.It Va ipnat_program 777.Pq Vt str 778Path to 779.Xr ipnat 8 780(default 781.Pa /sbin/ipnat ) . 782.\" ----- ipnat_rules setting ----------------------------------- 783.It Va ipnat_rules 784.Pq Vt str 785Set to 786.Pa /etc/ipnat.rules 787by default. 788This variable contains the name of the file 789holding the network address translation definition. 790This file is expected to be readable for the 791.Xr ipnat 8 792command to execute. 793.\" ----- ipnat_flags setting ----------------------------------- 794.It Va ipnat_flags 795.Pq Vt str 796Empty by default. 797This variable contains flags passed to the 798.Xr ipnat 8 799program. 800.\" ----- ipmon_enable setting ---------------------------------- 801.It Va ipmon_enable 802.Pq Vt bool 803Set to 804.Dq Li NO 805by default. 806Set it to 807.Dq Li YES 808to enable 809.Xr ipmon 8 810monitoring (logging 811.Xr ipf 8 812and 813.Xr ipnat 8 814events). 815Setting this variable needs setting 816.Va ipfilter_enable 817or 818.Va ipnat_enable 819too. 820See 821.Va ipfilter_enable 822for a detailed discussion. 823.\" ----- ipmon_program setting --------------------------------- 824.It Va ipmon_program 825.Pq Vt str 826Path to 827.Xr ipmon 8 828(default 829.Pa /sbin/ipmon ) . 830.\" ----- ipmon_flags setting ----------------------------------- 831.It Va ipmon_flags 832.Pq Vt str 833Set to 834.Dq Li -Ds 835by default. 836This variable contains flags passed to the 837.Xr ipmon 8 838program. 839Another typical example would be 840.Dq Fl D Pa /var/log/ipflog 841to have 842.Xr ipmon 8 843log directly to a file bypassing 844.Xr syslogd 8 . 845Make sure to adjust 846.Pa /etc/newsyslog.conf 847in such case like this: 848.Bd -literal 849/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 850.Ed 851.\" ----- ipfs_enable setting ----------------------------------- 852.It Va ipfs_enable 853.Pq Vt bool 854Set to 855.Dq Li NO 856by default. 857Set it to 858.Dq Li YES 859to enable 860.Xr ipfs 8 861saving the filter and NAT state tables during shutdown 862and reloading them during startup again. 863Setting this variable needs setting 864.Va ipfilter_enable 865or 866.Va ipnat_enable 867to 868.Dq Li YES 869too. 870See 871.Va ipfilter_enable 872for a detailed discussion. 873Note that if 874.Va kern_securelevel 875is set to 3, 876.Va ipfs_enable 877cannot be used 878because the raised securelevel will prevent 879.Xr ipfs 8 880from saving the state tables at shutdown time. 881.\" ----- ipfs_program setting ---------------------------------- 882.It Va ipfs_program 883.Pq Vt str 884Path to 885.Xr ipfs 8 886(default 887.Pa /sbin/ipfs ) . 888.\" ----- ipfs_flags setting ------------------------------------ 889.It Va ipfs_flags 890.Pq Vt str 891Empty by default. 892This variable contains flags passed to the 893.Xr ipfs 8 894program. 895.\" ----- end of added ipf hook --------------------------------- 896.It Va pf_enable 897.Pq Vt bool 898Set to 899.Dq Li NO 900by default. 901Setting this to 902.Dq Li YES 903enables 904.Xr pf 4 905packet filtering. 906.Pp 907Typical usage will require putting 908.Pp 909.Dl pf_enable="YES" 910.Pp 911into 912.Pa /etc/rc.conf 913and editing 914.Pa /etc/pf.conf 915appropriately. 916Adding 917.Pp 918.Dl "device pf" 919.Pp 920builds support for 921.Xr pf 4 922into the kernel, otherwise the 923kernel module will be loaded. 924.It Va pf_rules 925.Pq Vt str 926Path to 927.Xr pf 4 928ruleset configuration file 929(default 930.Pa /etc/pf.conf ) . 931.It Va pf_program 932.Pq Vt str 933Path to 934.Xr pfctl 8 935(default 936.Pa /sbin/pfctl ) . 937.It Va pf_flags 938.Pq Vt str 939If 940.Va pf_enable 941is set to 942.Dq Li YES , 943these flags are passed to the 944.Xr pfctl 8 945program when loading the ruleset. 946.It Va pflog_enable 947.Pq Vt bool 948Set to 949.Dq Li NO 950by default. 951Setting this to 952.Dq Li YES 953enables 954.Xr pflogd 8 955which logs packets from the 956.Xr pf 4 957packet filter. 958.It Va pflog_logfile 959.Pq Vt str 960If 961.Va pflog_enable 962is set to 963.Dq Li YES 964this controls where 965.Xr pflogd 8 966stores the logfile 967(default 968.Pa /var/log/pflog ) . 969Check 970.Pa /etc/newsyslog.conf 971to adjust logfile rotation for this. 972.It Va pflog_program 973.Pq Vt str 974Path to 975.Xr pflogd 8 976(default 977.Pa /sbin/pflogd ) . 978.It Va pflog_flags 979.Pq Vt str 980Empty by default. 981This variable contains additional flags passed to the 982.Xr pflogd 8 983program. 984.It Va pflog_instances 985.Pq Vt str 986If logging to more than one 987.Xr pflog 4 988interface is desired, 989.Va pflog_instances 990is set to the list of 991.Xr pflogd 8 992instances that should be started at system boot time. 993If 994.Va pflog_instances 995is set, for each whitespace-separated 996.Ar element 997in the list, 998.Ao Ar element Ac Ns Va _dev 999and 1000.Ao Ar element Ac Ns Va _logfile 1001elements are assumed to exist. 1002.Ao Ar element Ac Ns Va _dev 1003must contain the 1004.Xr pflog 4 1005interface to be watched by the named 1006.Xr pflogd 8 1007instance. 1008.Ao Ar element Ac Ns Va _logfile 1009must contain the name of the logfile that will be used by the 1010.Xr pflogd 8 1011instance. 1012.It Va ftpproxy_enable 1013.Pq Vt bool 1014Set to 1015.Dq Li NO 1016by default. 1017Setting this to 1018.Dq Li YES 1019enables 1020.Xr ftp-proxy 8 1021which supports the 1022.Xr pf 4 1023packet filter in translating ftp connections. 1024.It Va ftpproxy_flags 1025.Pq Vt str 1026Empty by default. 1027This variable contains additional flags passed to the 1028.Xr ftp-proxy 8 1029program. 1030.It Va ftpproxy_instances 1031.Pq Vt str 1032Empty by default. 1033If multiple instances of 1034.Xr ftp-proxy 8 1035are desired at boot time, 1036.Va ftpproxy_instances 1037should contain a whitespace-separated list of instance names. 1038For each 1039.Ar element 1040in the list, a variable named 1041.Ao Ar element Ac Ns Va _flags 1042should be defined, containing the command-line flags to be passed to the 1043.Xr ftp-proxy 8 1044instance. 1045.It Va pfsync_enable 1046.Pq Vt bool 1047Set to 1048.Dq Li NO 1049by default. 1050Setting this to 1051.Dq Li YES 1052enables exposing 1053.Xr pf 4 1054state changes to other hosts over the network by means of 1055.Xr pfsync 4 . 1056The 1057.Va pfsync_syncdev 1058variable 1059must also be set then. 1060.It Va pfsync_syncdev 1061.Pq Vt str 1062Empty by default. 1063This variable specifies the name of the network interface 1064.Xr pfsync 4 1065should operate through. 1066It must be set accordingly if 1067.Va pfsync_enable 1068is set to 1069.Dq Li YES . 1070.It Va pfsync_syncpeer 1071.Pq Vt str 1072Empty by default. 1073This variable is optional. 1074By default, state change messages are sent out on the synchronisation 1075interface using IP multicast packets. 1076The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1077224.0.0.240. 1078When a peer address is specified using the 1079.Va pfsync_syncpeer 1080option, the peer address is used as a destination for the pfsync 1081traffic, and the traffic can then be protected using 1082.Xr ipsec 4 . 1083See the 1084.Xr pfsync 4 1085manpage for more details about using 1086.Xr ipsec 4 1087with 1088.Xr pfsync 4 1089interfaces. 1090.It Va pfsync_ifconfig 1091.Pq Vt str 1092Empty by default. 1093This variable can contain additional options to be passed to the 1094.Xr ifconfig 8 1095command used to set up 1096.Xr pfsync 4 . 1097.It Va tcp_extensions 1098.Pq Vt bool 1099Set to 1100.Dq Li YES 1101by default. 1102Setting this to 1103.Dq Li NO 1104disables certain TCP options as described by 1105.Rs 1106.%T "RFC 1323" 1107.Re 1108Setting this to 1109.Dq Li NO 1110might help remedy such problems with connections as randomly hanging 1111or other weird behavior. 1112Some network devices are known 1113to be broken with respect to these options. 1114.It Va log_in_vain 1115.Pq Vt int 1116Set to 0 by default. 1117The 1118.Xr sysctl 8 1119variables, 1120.Va net.inet.tcp.log_in_vain 1121and 1122.Va net.inet.udp.log_in_vain , 1123as described in 1124.Xr tcp 4 1125and 1126.Xr udp 4 , 1127are set to the given value. 1128.It Va tcp_keepalive 1129.Pq Vt bool 1130Set to 1131.Dq Li YES 1132by default. 1133Setting to 1134.Dq Li NO 1135will disable probing idle TCP connections to verify that the 1136peer is still up and reachable. 1137.It Va tcp_drop_synfin 1138.Pq Vt bool 1139Set to 1140.Dq Li NO 1141by default. 1142Setting to 1143.Dq Li YES 1144will cause the kernel to ignore TCP frames that have both 1145the SYN and FIN flags set. 1146This prevents OS fingerprinting, but may 1147break some legitimate applications. 1148.It Va icmp_drop_redirect 1149.Pq Vt bool 1150Set to 1151.Dq Li NO 1152by default. 1153Setting to 1154.Dq Li YES 1155will cause the kernel to ignore ICMP REDIRECT packets. 1156Refer to 1157.Xr icmp 4 1158for more information. 1159.It Va icmp_log_redirect 1160.Pq Vt bool 1161Set to 1162.Dq Li NO 1163by default. 1164Setting to 1165.Dq Li YES 1166will cause the kernel to log ICMP REDIRECT packets. 1167Note that 1168the log messages are not rate-limited, so this option should only be used 1169for troubleshooting networks. 1170Refer to 1171.Xr icmp 4 1172for more information. 1173.It Va icmp_bmcastecho 1174.Pq Vt bool 1175Set to 1176.Dq Li YES 1177to respond to broadcast or multicast ICMP ping packets. 1178Refer to 1179.Xr icmp 4 1180for more information. 1181.It Va ip_portrange_first 1182.Pq Vt int 1183If not set to 1184.Dq Li NO , 1185this is the first port in the default portrange. 1186Refer to 1187.Xr ip 4 1188for more information. 1189.It Va ip_portrange_last 1190.Pq Vt int 1191If not set to 1192.Dq Li NO , 1193this is the last port in the default portrange. 1194Refer to 1195.Xr ip 4 1196for more information. 1197.It Va network_interfaces 1198.Pq Vt str 1199Set to the list of network interfaces to configure on this host or 1200.Dq Li AUTO 1201(the default) for all current interfaces. 1202Setting the 1203.Va network_interfaces 1204variable to anything other than the default is deprecated. 1205Interfaces that the administrator wishes to store configuration for, 1206but not start at boot should be configured with the 1207.Dq Li NOAUTO 1208keyword in their 1209.Va ifconfig_ Ns Aq Ar interface 1210variables as described below. 1211.Pp 1212An 1213.Va ifconfig_ Ns Aq Ar interface 1214variable is also assumed to exist for each value of 1215.Ar interface . 1216When an interface name contains any of the characters 1217.Dq Li .-/+ 1218they are translated to 1219.Dq Li _ 1220before lookup. 1221The variable can contain arguments to 1222.Xr ifconfig 8 , 1223as well as special case-insensitive keywords described below. 1224Such keywords are removed before passing the value to 1225.Xr ifconfig 8 1226while the order of the other arguments is preserved. 1227.Pp 1228It is possible to add IP alias entries using 1229.Xr ifconfig 8 1230syntax with the address family keyword such as 1231.Li inet . 1232Assuming that the interface in question was 1233.Li ed0 , 1234it might look something like this: 1235.Bd -literal 1236ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1237ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1238.Ed 1239.Pp 1240It also possible to configure multiple IP addresses in Classless 1241Inter-Domain Routing 1242.Pq CIDR 1243address notation, 1244whose each address component can be a range like 1245.Li inet 192.0.2.5-23/24 1246or 1247.Li inet6 2001:db8:1-f::1/64 . 1248This notation allows address and prefix length part only, 1249not the other address modifiers. 1250Note that the maximum number of the generated addresses from a range 1251specification is limited to an integer value specified in 1252.Va netif_ipexpand_max 1253in 1254.Nm 1255because a small typo can unexpectedly generate a large number of addresses. 1256The default value is 1257.Li 2048 . 1258It can be increased by adding the following line into 1259.Nm : 1260.Bd -literal 1261netif_ipexpand_max="4096" 1262.Ed 1263.Pp 1264In the case of 1265.Li 192.0.2.5-23/24 , 1266the address 192.0.2.5 will be configured with the 1267netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1268the non-conflicting netmask /32 as explained in the 1269.Xr ifconfig 8 1270alias section. 1271Note that this special netmask handling is only for 1272.Li inet , 1273not for the other address families such as 1274.Li inet6 . 1275.Pp 1276With the interface in question being 1277.Li ed0 , 1278an example could look like: 1279.Bd -literal 1280ifconfig_ed0_alias2="inet 192.0.2.129/27" 1281ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1282.Ed 1283.Pp 1284and so on. 1285.Pp 1286Note that 1287.Va ipv4_addrs_ Ns Aq Ar interface 1288variable was supported for IPv4 CIDR address notation. 1289It is now deprecated because the functionality was integrated into 1290.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1291though 1292.Va ipv4_addrs_ Ns Aq Ar interface 1293is still supported for backward compatibility. 1294.Pp 1295For each 1296.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1297entry with an address family keyword, 1298its contents are passed to 1299.Xr ifconfig 8 . 1300Execution stops at the first unsuccessful access, so if 1301something like this is present: 1302.Bd -literal 1303ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1304ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1305ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1306ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1307.Ed 1308.Pp 1309Then note that alias4 would 1310.Em not 1311be added since the search would 1312stop with the missing 1313.Dq Li alias3 1314entry. 1315Because of this difficult to manage behavior, 1316there is 1317.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1318variable, which has the same functionality as 1319.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1320and can have all of entries in a variable like the following: 1321.Bd -literal 1322ifconfig_ed0_aliases="\\ 1323 inet 127.0.0.251 netmask 0xffffffff \\ 1324 inet 127.0.0.252 netmask 0xffffffff \\ 1325 inet 127.0.0.253 netmask 0xffffffff \\ 1326 inet 127.0.0.254 netmask 0xffffffff" 1327.Ed 1328.Pp 1329It also supports CIDR notation. 1330.Pp 1331If the 1332.Pa /etc/start_if. Ns Aq Ar interface 1333file is present, it is read and executed by the 1334.Xr sh 1 1335interpreter 1336before configuring the interface as specified in the 1337.Va ifconfig_ Ns Aq Ar interface 1338and 1339.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1340variables. 1341.Pp 1342If a 1343.Va vlans_ Ns Aq Ar interface 1344variable is set, 1345a 1346.Xr vlan 4 1347interface will be created for each item in the list with the 1348.Ar vlandev 1349argument set to 1350.Ar interface . 1351If a vlan interface's name is a number, 1352then that number is used as the vlan tag and the new vlan interface is 1353named 1354.Ar interface . Ns Ar tag . 1355Otherwise, 1356the vlan tag must be specified via a 1357.Va vlan 1358parameter in the 1359.Va create_args_ Ns Aq Ar interface 1360variable. 1361.Pp 1362To create a vlan device named 1363.Li em0.101 1364on 1365.Li em0 1366with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1367.Bd -literal 1368vlans_em0="101" 1369ifconfig_em0_101="inet 192.0.2.1/24" 1370.Ed 1371.Pp 1372To create a vlan device named 1373.Li myvlan 1374on 1375.Li em0 1376with the vlan tag 102: 1377.Bd -literal 1378vlans_em0="myvlan" 1379create_args_myvlan="vlan 102" 1380.Ed 1381.Pp 1382If a 1383.Va wlans_ Ns Aq Ar interface 1384variable is set, 1385an 1386.Xr wlan 4 1387interface will be created for each item in the list with the 1388.Ar wlandev 1389argument set to 1390.Ar interface . 1391Further wlan cloning arguments may be passed to the 1392.Xr ifconfig 8 1393.Cm create 1394command by setting the 1395.Va create_args_ Ns Aq Ar interface 1396variable. 1397One or more 1398.Xr wlan 4 1399devices must be created for each wireless devices as of 1400.Fx 8.0 . 1401Debugging flags for 1402.Xr wlan 4 1403devices as set by 1404.Xr wlandebug 8 1405may be specified with an 1406.Va wlandebug_ Ns Aq Ar interface 1407variable. 1408The contents of this variable will be passed directly to 1409.Xr wlandebug 8 . 1410.Pp 1411If the 1412.Va ifconfig_ Ns Aq Ar interface 1413contains the keyword 1414.Dq Li NOAUTO 1415then the interface will not be configured 1416at boot or by 1417.Pa /etc/pccard_ether 1418when 1419.Va network_interfaces 1420is set to 1421.Dq Li AUTO . 1422.Pp 1423It is possible to bring up an interface with DHCP by adding 1424.Dq Li DHCP 1425to the 1426.Va ifconfig_ Ns Aq Ar interface 1427variable. 1428For instance, to initialize the 1429.Li ed0 1430device via DHCP, 1431it is possible to use something like: 1432.Bd -literal 1433ifconfig_ed0="DHCP" 1434.Ed 1435.Pp 1436If you want to configure your wireless interface with 1437.Xr wpa_supplicant 8 1438for use with WPA, EAP/LEAP or WEP, you need to add 1439.Dq Li WPA 1440to the 1441.Va ifconfig_ Ns Aq Ar interface 1442variable. 1443.Pp 1444On the other hand, if you want to configure your wireless interface with 1445.Xr hostapd 8 , 1446you need to add 1447.Dq Li HOSTAP 1448to the 1449.Va ifconfig_ Ns Aq Ar interface 1450variable. 1451.Xr hostapd 8 1452will use the settings from 1453.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1454.Pp 1455Finally, you can add 1456.Xr ifconfig 8 1457options in this variable, in addition to the 1458.Pa /etc/start_if. Ns Aq Ar interface 1459file. 1460For instance, to configure an 1461.Xr ath 4 1462wireless device in station mode with an address obtained 1463via DHCP, using WPA authentication and 802.11b mode, it is 1464possible to use something like: 1465.Bd -literal 1466wlans_ath0="wlan0" 1467ifconfig_wlan0="DHCP WPA mode 11b" 1468.Ed 1469.Pp 1470In addition to the 1471.Va ifconfig_ Ns Aq Ar interface 1472form, a fallback variable 1473.Va ifconfig_DEFAULT 1474may be configured. 1475It will be used for all interfaces with no 1476.Va ifconfig_ Ns Aq Ar interface 1477variable. 1478This is intended to replace the no longer supported 1479.Va pccard_ifconfig 1480variable. 1481.Pp 1482It is also possible to rename an interface by doing: 1483.Bd -literal 1484ifconfig_ed0_name="net0" 1485ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1486.Ed 1487.It Va ipv6_enable 1488.Pq Vt bool 1489This variable is deprecated. 1490Use 1491.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1492and 1493.Va ipv6_activate_all_interfaces 1494if necessary. 1495.Pp 1496If the variable is 1497.Dq Li YES , 1498.Dq Li inet6 accept_rtadv 1499is added to all of 1500.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1501and the 1502.Va ipv6_activate_all_interfaces 1503is defined as 1504.Dq Li YES . 1505.It Va ipv6_prefer 1506.Pq Vt bool 1507This variable is deprecated. 1508Use 1509.Va ip6addrctl_policy 1510instead. 1511.Pp 1512If the variable is 1513.Dq Li YES , 1514the default address selection policy table set by 1515.Xr ip6addrctl 8 1516will be IPv6-preferred. 1517.Pp 1518If the variable is 1519.Dq Li NO , 1520the default address selection policy table set by 1521.Xr ip6addrctl 8 1522will be IPv4-preferred. 1523.It Va ipv6_activate_all_interfaces 1524.Pq Vt bool 1525This controls initial configuration on IPv6-capable 1526interfaces with no corresponding 1527.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1528variable. 1529Note that it is not always necessary to set this variable to 1530.Dq YES 1531to use IPv6 functionality on 1532.Fx . 1533In most cases, just configuring 1534.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1535variables works. 1536.Pp 1537If the variable is 1538.Dq Li NO , 1539all interfaces which do not have a corresponding 1540.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1541variable will be marked as 1542.Dq Li IFDISABLED 1543at creation. 1544This means that all of IPv6 functionality on that interface 1545is completely disabled to enforce a security policy. 1546If the variable is set to 1547.Dq YES , 1548the flag will be cleared on all of the interfaces. 1549.Pp 1550In most cases, just defining an 1551.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1552for an IPv6-capable interface should be sufficient. 1553However, if an interface is added dynamically 1554.Pq by some tunneling protocols such as PPP, for example , 1555it is often difficult to define the variable in advance. 1556In such a case, configuring the 1557.Dq Li IFDISABLED 1558flag can be disabled by setting this variable to 1559.Dq YES . 1560.Pp 1561For more details of the 1562.Dq Li IFDISABLED 1563flag and keywords 1564.Dq Li inet6 ifdisabled , 1565see 1566.Xr ifconfig 8 . 1567.Pp 1568Default is 1569.Dq Li NO . 1570.It Va ipv6_privacy 1571.Pq Vt bool 1572If the variable is 1573.Dq Li YES 1574privacy addresses will be generated for each IPv6 1575interface as described in RFC 4941. 1576.It Va ipv6_network_interfaces 1577.Pq Vt str 1578This is the IPv6 equivalent of 1579.Va network_interfaces . 1580Normally manual configuration of this variable is not needed. 1581.It Va ipv6_cpe_wanif 1582.Pq Vt str 1583If the variable is set to an interface name, 1584the 1585.Xr ifconfig 8 1586options 1587.Dq inet6 -no_radr accept_rtadv 1588will be added to the specified interface automatically before evaluating 1589.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1590and two 1591.Xr sysctl 8 1592variables 1593.Va net.inet6.ip6.rfc6204w3 1594and 1595.Va net.inet6.ip6.no_radr 1596will be set to 1. 1597.Pp 1598This means the specified interface will accept ICMPv6 Router 1599Advertisement messages on that link and add the discovered 1600routers into the Default Router List. 1601While the other interfaces can still accept RA messages if the 1602.Dq inet6 accept_rtadv 1603option is specified, adding 1604routes into the Default Router List will be disabled by 1605.Dq inet6 no_radr 1606option by default. 1607See 1608.Xr ifconfig 8 1609for more details. 1610.Pp 1611Note that ICMPv6 Router Advertisement messages will be 1612accepted even when 1613.Va net.inet6.ip6.forwarding 1614is 1 1615.Pq packet forwarding is enabled 1616when 1617.Va net.inet6.ip6.rfc6204w3 1618is set to 1. 1619.Pp 1620Default is 1621.Dq Li NO . 1622.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1623.Pq Vt str 1624This assigns arbitrary description to an interface. 1625The 1626.Xr sysctl 8 1627variable 1628.Va net.ifdescr_maxlen 1629limits its length. 1630This static setting may be overridden by commands 1631started with dynamic interface configuration utilities 1632like 1633.Xr dhclient 8 1634hooks. The description can be seen with 1635.Xr ifconfig 8 1636command and it may be exported with 1637.Xr bsnmpd 1 1638daemon using its MIB-2 module. 1639.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1640.Pq Vt str 1641IPv6 functionality on an interface should be configured by 1642.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1643instead of setting ifconfig parameters in 1644.Va ifconfig_ Ns Aq Ar interface . 1645If this variable is empty, all of IPv6 configurations on the 1646specified interface by other variables such as 1647.Va ipv6_prefix_ Ns Ao Ar interface Ac 1648will be ignored. 1649.Pp 1650Aliases should be set by 1651.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1652with 1653.Dq Li inet6 1654keyword. 1655For example: 1656.Bd -literal 1657ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1658ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1659.Ed 1660.Pp 1661Interfaces that have an 1662.Dq Li inet6 accept_rtadv 1663keyword in 1664.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1665setting will be automatically configured by SLAAC 1666.Pq StateLess Address AutoConfiguration 1667described in 1668.Rs 1669.%T "RFC 4862" 1670.Re 1671.Pp 1672Note that a link-local address will be automatically configured in 1673addition to the configured global-scope addresses because the IPv6 1674specifications require it on each link. 1675The address is calculated from the MAC address by using an algorithm 1676defined in 1677.Rs 1678.%T "RFC 4862" 1679.%O "Section 5.3" 1680.Re 1681.Pp 1682If only a link-local address is needed on the interface, 1683the following configuration can be used: 1684.Bd -literal 1685ifconfig_ed0_ipv6="inet6 auto_linklocal" 1686.Ed 1687.Pp 1688A link-local address can also be configured manually. 1689This is useful for the default router address of an IPv6 router 1690so that it does not change when the network interface 1691card is replaced. 1692For example: 1693.Bd -literal 1694ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1695.Ed 1696.It Va ipv6_prefix_ Ns Aq Ar interface 1697.Pq Vt str 1698If one or more prefixes are defined in 1699.Va ipv6_prefix_ Ns Aq Ar interface 1700addresses based on each prefix and the EUI-64 interface index will be 1701configured on that interface. 1702Note that this variable will be ignored when 1703.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1704is empty. 1705.Pp 1706For example, the following configuration 1707.Bd -literal 1708ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1709.Ed 1710.Pp 1711is equivalent to the following: 1712.Bd -literal 1713ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1714ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1715ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1716ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1717.Ed 1718.Pp 1719These Subnet-Router anycast addresses will be added only when 1720.Va ipv6_gateway_enable 1721is YES. 1722.It Va ipv6_default_interface 1723.Pq Vt str 1724If not set to 1725.Dq Li NO , 1726this is the default output interface for scoped addresses. 1727This works only with ipv6_gateway_enable="NO". 1728.It Va ip6addrctl_enable 1729.Pq Vt bool 1730This variable is to enable configuring default address selection policy table 1731.Pq RFC 3484 . 1732The table can be specified in another variable 1733.Va ip6addrctl_policy . 1734For 1735.Va ip6addrctl_policy 1736the following keywords can be specified: 1737.Dq Li ipv4_prefer , 1738.Dq Li ipv6_prefer , 1739or 1740.Dq Li AUTO . 1741.Pp 1742If 1743.Dq Li ipv4_prefer 1744or 1745.Dq Li ipv6_prefer 1746is specified, 1747.Xr ip6addrctl 8 1748installs a pre-defined policy table described in Section 2.1 1749.Pq IPv6-preferred 1750or 10.3 1751.Pq IPv4-preferred 1752of RFC 3484. 1753.Pp 1754If 1755.Dq Li AUTO 1756is specified, it attempts to read a file 1757.Pa /etc/ip6addrctl.conf 1758first. 1759If this file is found, 1760.Xr ip6addrctl 8 1761reads and installs it. 1762If not found, a policy is automatically set 1763according to 1764.Va ipv6_activate_all_interfaces 1765variable; if the variable is set to 1766.Dq Li YES 1767the IPv6-preferred one is used. 1768Otherwise IPv4-preferred. 1769.Pp 1770The default value of 1771.Va ip6addrctl_enable 1772and 1773.Va ip6addrctl_policy 1774are 1775.Dq Li YES 1776and 1777.Dq Li AUTO , 1778respectively. 1779.It Va cloned_interfaces 1780.Pq Vt str 1781Set to the list of clonable network interfaces to create on this host. 1782Further cloning arguments may be passed to the 1783.Xr ifconfig 8 1784.Cm create 1785command for each interface by setting the 1786.Va create_args_ Ns Aq Ar interface 1787variable. 1788If an interface name is specified with 1789.Dq :sticky 1790keyword, 1791the interface will not be destroyed even when 1792.Pa rc.d/netif 1793script is invoked with 1794.Dq stop 1795argument. 1796This is useful when reconfiguring the interface without destroying it. 1797Entries in 1798.Va cloned_interfaces 1799are automatically appended to 1800.Va network_interfaces 1801for configuration. 1802.It Va cloned_interfaces_sticky 1803.Pq Vt bool 1804This variable is to globally enable functionality of 1805.Dq :sticky 1806keyword in 1807.Va cloned_interfaces 1808for all interfaces. 1809The default value is 1810.Dq NO . 1811Even if this variable is specified to 1812.Dq YES , 1813.Dq :nosticky 1814keyword can be used to override it on per interface basis. 1815.It Va gif_interfaces 1816.Pq Vt str 1817This variable is deprecated in favor of 1818.Va cloned_interfaces . 1819Set to the list of 1820.Xr gif 4 1821tunnel interfaces to configure on this host. 1822For each 1823.Xr gif 1824tunnel interface, set a variable named 1825.Va ifconfig_ Ns Aq Ar interface 1826with the parameters for the 1827.Xr ifconfig 8 1828command to configure the link level for 1829.Ar interface 1830with the 1831.Cm tunnel 1832option. 1833The value of this variable is used to configure the link layer of the 1834tunnel using the 1835.Cm tunnel 1836option to 1837.Xr ifconfig . 1838For example, configure two 1839.Xr gif 1840interfaces with: 1841.Bd -literal -offset indent 1842gif_interfaces="gif0 gif1" 1843ifconfig_gif0="tunnel src_addr0 dst_addr0" 1844ifconfig_gif1="tunnel src_addr1 dst_addr1" 1845.Ed 1846.Pp 1847Additionally, this option ensures that each listed interface is created 1848via the 1849.Cm create 1850option to 1851.Xr ifconfig . 1852This example also works with 1853.Va cloned_interfaces 1854instead of 1855.Va gif_interfaces . 1856.It Va sppp_interfaces 1857.Pq Vt str 1858Set to the list of 1859.Xr sppp 4 1860interfaces to configure on this host. 1861A 1862.Va spppconfig_ Ns Aq Ar interface 1863variable is assumed to exist for each value of 1864.Ar interface . 1865Each interface should also be configured by a general 1866.Va ifconfig_ Ns Aq Ar interface 1867setting. 1868Refer to 1869.Xr spppcontrol 8 1870for more information about available options. 1871.It Va ppp_enable 1872.Pq Vt bool 1873If set to 1874.Dq Li YES , 1875run the 1876.Xr ppp 8 1877daemon. 1878.It Va ppp_profile 1879.Pq Vt str 1880The name of the profile to use from 1881.Pa /etc/ppp/ppp.conf . 1882Also used for per-profile overrides of 1883.Va ppp_mode 1884and 1885.Va ppp_nat , 1886and 1887.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1888When the profile name contains any of the characters 1889.Dq Li .-/+ 1890they are translated to 1891.Dq Li _ 1892for the proposes of the override variable names. 1893.It Va ppp_mode 1894.Pq Vt str 1895Mode in which to run the 1896.Xr ppp 8 1897daemon. 1898.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1899.Pq Vt str 1900Overrides the global 1901.Va ppp_mode 1902for 1903.Ar profile . 1904Accepted modes are 1905.Dq Li auto , 1906.Dq Li ddial , 1907.Dq Li direct 1908and 1909.Dq Li dedicated . 1910See the manual for a full description. 1911.It Va ppp_nat 1912.Pq Vt bool 1913If set to 1914.Dq Li YES , 1915enables network address translation. 1916Used in conjunction with 1917.Va gateway_enable 1918allows hosts on private network addresses access to the Internet using 1919this host as a network address translating router. 1920.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1921.Pq Vt str 1922Overrides the global 1923.Va ppp_nat 1924for 1925.Ar profile . 1926.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1927.Pq Vt int 1928Set the unit number to be used for this profile. 1929See the manual description of 1930.Fl unit Ns Ar N 1931for details. 1932.It Va ppp_user 1933.Pq Vt str 1934The name of the user under which 1935.Xr ppp 8 1936should be started. 1937By 1938default, 1939.Xr ppp 8 1940is started as 1941.Dq Li root . 1942.It Va rc_conf_files 1943.Pq Vt str 1944This option is used to specify a list of files that will override 1945the settings in 1946.Pa /etc/defaults/rc.conf . 1947The files will be read in the order in which they are specified and should 1948include the full path to the file. 1949By default, the files specified are 1950.Pa /etc/rc.conf 1951and 1952.Pa /etc/rc.conf.local 1953.It Va zfs_enable 1954.Pq Vt bool 1955If set to 1956.Dq Li YES , 1957.Pa /etc/rc.d/zfs 1958will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1959(ZVOLs). 1960.It Va gptboot_enable 1961.Pq Vt bool 1962If set to 1963.Dq Li YES , 1964.Pa /etc/rc.d/gptboot 1965will log if the system successfully (or not) booted from a GPT partition, 1966which had the 1967.Ar bootonce 1968attribute set using 1969.Xr gpart 8 1970utility. 1971.It Va gbde_autoattach_all 1972.Pq Vt bool 1973If set to 1974.Dq Li YES , 1975.Pa /etc/rc.d/gbde 1976will attempt to automatically initialize your .bde devices in 1977.Pa /etc/fstab . 1978.It Va gbde_devices 1979.Pq Vt str 1980List the devices that the script should try to attach, 1981or 1982.Dq Li AUTO . 1983.It Va gbde_lockdir 1984.Pq Vt str 1985The directory where the 1986.Xr gbde 4 1987lockfiles are located. 1988The default lockfile directory is 1989.Pa /etc . 1990.Pp 1991The lockfile for each individual 1992.Xr gbde 4 1993device can be overridden by setting the variable 1994.Va gbde_lock_ Ns Aq Ar device , 1995where 1996.Ar device 1997is the encrypted device without the 1998.Dq Pa /dev/ 1999and 2000.Dq Pa .bde 2001parts. 2002.It Va gbde_attach_attempts 2003.Pq Vt int 2004Number of times to attempt attaching to a 2005.Xr gbde 4 2006device, i.e., how many times the user is asked for the pass-phrase. 2007Default is 3. 2008.It Va geli_devices 2009.Pq Vt str 2010List of devices to automatically attach on boot. 2011Note that .eli devices from 2012.Pa /etc/fstab 2013are automatically appended to this list. 2014.It Va geli_groups 2015.Pq Vt str 2016List of groups containing devices to automatically attach on boot with the same 2017keyfiles and passphrase. 2018This must be accompanied with a corresponding 2019.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2020variable. 2021.It Va geli_tries 2022.Pq Vt int 2023Number of times user is asked for the pass-phrase. 2024If empty, it will be taken from 2025.Va kern.geom.eli.tries 2026sysctl variable. 2027.It Va geli_default_flags 2028.Pq Vt str 2029Default flags to use by 2030.Xr geli 8 2031when configuring disk encryption. 2032Flags can be configured for every device separately by defining the 2033.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2034variable, and for every group separately by defining the 2035.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2036variable. 2037.It Va geli_autodetach 2038.Pq Vt str 2039Specifies if GELI devices should be marked for detach on last close after 2040file systems are mounted. 2041Default is 2042.Dq Li YES . 2043This can be changed for every device separately by defining the 2044.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2045variable. 2046.It Va root_rw_mount 2047.Pq Vt bool 2048Set to 2049.Dq Li YES 2050by default. 2051After the file systems are checked at boot time, the root file system 2052is remounted as read-write if this is set to 2053.Dq Li YES . 2054Diskless systems that mount their root file system from a read-only remote 2055NFS share should set this to 2056.Dq Li NO 2057in their 2058.Pa rc.conf . 2059.It Va fsck_y_enable 2060.Pq Vt bool 2061If set to 2062.Dq Li YES , 2063.Xr fsck 8 2064will be run with the 2065.Fl y 2066flag if the initial preen 2067of the file systems fails. 2068.It Va background_fsck 2069.Pq Vt bool 2070If set to 2071.Dq Li NO , 2072the system will not attempt to run 2073.Xr fsck 8 2074in the background where possible. 2075.It Va background_fsck_delay 2076.Pq Vt int 2077The amount of time in seconds to sleep before starting a background 2078.Xr fsck 8 . 2079It defaults to sixty seconds to allow large applications such as 2080the X server to start before disk I/O bandwidth is monopolized by 2081.Xr fsck 8 . 2082If set to a negative number, the background file system check will be 2083delayed indefinitely to allow the administrator to run it at a more 2084convenient time. 2085For example it may be run from 2086.Xr cron 8 2087by adding a line like 2088.Pp 2089.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2090.Pp 2091to 2092.Pa /etc/crontab . 2093.It Va netfs_types 2094.Pq Vt str 2095List of file system types that are network-based. 2096This list should generally not be modified by end users. 2097Use 2098.Va extra_netfs_types 2099instead. 2100.It Va extra_netfs_types 2101.Pq Vt str 2102If set to something other than 2103.Dq Li NO 2104(the default), 2105this variable extends the list of file system types 2106for which automatic mounting at startup by 2107.Xr rc 8 2108should be delayed until the network is initialized. 2109It should contain 2110a whitespace-separated list of network file system descriptor pairs, 2111each consisting of a file system type as passed to 2112.Xr mount 8 2113and a human-readable, one-word description, 2114joined with a colon 2115.Pq Ql \&: . 2116Extending the default list in this way is only necessary 2117when third party file system types are used. 2118.It Va syslogd_enable 2119.Pq Vt bool 2120If set to 2121.Dq Li YES , 2122run the 2123.Xr syslogd 8 2124daemon. 2125.It Va syslogd_program 2126.Pq Vt str 2127Path to 2128.Xr syslogd 8 2129(default 2130.Pa /usr/sbin/syslogd ) . 2131.It Va syslogd_flags 2132.Pq Vt str 2133If 2134.Va syslogd_enable 2135is set to 2136.Dq Li YES , 2137these are the flags to pass to 2138.Xr syslogd 8 . 2139.It Va inetd_enable 2140.Pq Vt bool 2141If set to 2142.Dq Li YES , 2143run the 2144.Xr inetd 8 2145daemon. 2146.It Va inetd_program 2147.Pq Vt str 2148Path to 2149.Xr inetd 8 2150(default 2151.Pa /usr/sbin/inetd ) . 2152.It Va inetd_flags 2153.Pq Vt str 2154If 2155.Va inetd_enable 2156is set to 2157.Dq Li YES , 2158these are the flags to pass to 2159.Xr inetd 8 . 2160.It Va hastd_enable 2161.Pq Vt bool 2162If set to 2163.Dq Li YES , 2164run the 2165.Xr hastd 8 2166daemon. 2167.It Va hastd_program 2168.Pq Vt str 2169Path to 2170.Xr hastd 8 2171(default 2172.Pa /sbin/hastd ) . 2173.It Va hastd_flags 2174.Pq Vt str 2175If 2176.Va hastd_enable 2177is set to 2178.Dq Li YES , 2179these are the flags to pass to 2180.Xr hastd 8 . 2181.It Va local_unbound_enable 2182.Pq Vt bool 2183If set to 2184.Dq Li YES , 2185run the 2186.Xr unbound 8 2187daemon as a local caching resolver. 2188.It Va kdc_enable 2189.Pq Vt bool 2190Set to 2191.Dq Li YES 2192to start a Kerberos 5 authentication server 2193at boot time. 2194.It Va kdc_program 2195.Pq Vt str 2196If 2197.Va kdc_enable 2198is set to 2199.Dq Li YES 2200this is the path to Kerberos 5 Authentication Server. 2201.It Va kdc_flags 2202.Pq Vt str 2203Empty by default. 2204This variable contains additional flags to be passed to the Kerberos 5 2205authentication server. 2206.It Va kadmind_enable 2207.Pq Vt bool 2208Set to 2209.Dq Li YES 2210to start 2211.Xr kadmind 8 , 2212the Kerberos 5 Administration Daemon; set to 2213.Dq Li NO 2214on a slave server. 2215.It Va kadmind_program 2216.Pq Vt str 2217If 2218.Va kadmind_enable 2219is set to 2220.Dq Li YES 2221this is the path to Kerberos 5 Administration Daemon. 2222.It Va kpasswdd_enable 2223.Pq Vt bool 2224Set to 2225.Dq Li YES 2226to start 2227.Xr kpasswdd 8 , 2228the Kerberos 5 Password-Changing Daemon; set to 2229.Dq Li NO 2230on a slave server. 2231.It Va kpasswdd_program 2232.Pq Vt str 2233If 2234.Va kpasswdd_enable 2235is set to 2236.Dq Li YES 2237this is the path to Kerberos 5 Password-Changing Daemon. 2238.It Va kfd_enable 2239.Pq Vt bool 2240Set to 2241.Dq Li YES 2242to start 2243.Xr kfd 8 , 2244the Kerberos 5 ticket forwarding daemon, at the boot time. 2245.It Va kfd_program 2246.Pq Vt str 2247Path to 2248.Xr kfd 8 2249(default 2250.Pa /usr/libexec/kfd ) . 2251.It Va rwhod_enable 2252.Pq Vt bool 2253If set to 2254.Dq Li YES , 2255run the 2256.Xr rwhod 8 2257daemon at boot time. 2258.It Va rwhod_flags 2259.Pq Vt str 2260If 2261.Va rwhod_enable 2262is set to 2263.Dq Li YES , 2264these are the flags to pass to it. 2265.It Va amd_enable 2266.Pq Vt bool 2267If set to 2268.Dq Li YES , 2269run the 2270.Xr amd 8 2271daemon at boot time. 2272.It Va amd_flags 2273.Pq Vt str 2274If 2275.Va amd_enable 2276is set to 2277.Dq Li YES , 2278these are the flags to pass to it. 2279See the 2280.Xr amd 8 2281manpage for more information. 2282.It Va amd_map_program 2283.Pq Vt str 2284If set, 2285the specified program is run to get the list of 2286.Xr amd 8 2287maps. 2288For example, if the 2289.Xr amd 8 2290maps are stored in NIS, one can set this to 2291run 2292.Xr ypcat 1 2293to get a list of 2294.Xr amd 8 2295maps from the 2296.Pa amd.master 2297NIS map. 2298.It Va update_motd 2299.Pq Vt bool 2300If set to 2301.Dq Li YES , 2302.Pa /etc/motd 2303will be updated at boot time to reflect the kernel release 2304being run. 2305If set to 2306.Dq Li NO , 2307.Pa /etc/motd 2308will not be updated. 2309.It Va nfs_client_enable 2310.Pq Vt bool 2311If set to 2312.Dq Li YES , 2313run the NFS client daemons at boot time. 2314.It Va nfs_access_cache 2315.Pq Vt int 2316If 2317.Va nfs_client_enable 2318is set to 2319.Dq Li YES , 2320this can be set to 2321.Dq Li 0 2322to disable NFS ACCESS RPC caching, or to the number of seconds for which 2323NFS ACCESS 2324results should be cached. 2325A value of 2-10 seconds will substantially reduce network 2326traffic for many NFS operations. 2327.It Va nfs_server_enable 2328.Pq Vt bool 2329If set to 2330.Dq Li YES , 2331run the NFS server daemons at boot time. 2332.It Va nfs_server_flags 2333.Pq Vt str 2334If 2335.Va nfs_server_enable 2336is set to 2337.Dq Li YES , 2338these are the flags to pass to the 2339.Xr nfsd 8 2340daemon. 2341.It Va nfsv4_server_enable 2342.Pq Vt bool 2343If 2344.Va nfs_server_enable 2345is set to 2346.Dq Li YES 2347and 2348.Va nfsv4_server_enable 2349are set to 2350.Dq Li YES , 2351enable the server for NFSv4 as well as NFSv2 and NFSv3. 2352.It Va nfsuserd_enable 2353.Pq Vt bool 2354If 2355.Va nfsuserd_enable 2356is set to 2357.Dq Li YES , 2358run the nfsuserd daemon, which is needed for NFSv4 in order 2359to map between user/group names vs uid/gid numbers. 2360If 2361.Va nfsv4_server_enable 2362is set to 2363.Dq Li YES , 2364this will be forced enabled. 2365.It Va nfsuserd_flags 2366.Pq Vt str 2367If 2368.Va nfsuserd_enable 2369is set to 2370.Dq Li YES , 2371these are the flags to pass to the 2372.Xr nfsuserd 8 2373daemon. 2374.It Va nfscbd_enable 2375.Pq Vt bool 2376If 2377.Va nfscbd_enable 2378is set to 2379.Dq Li YES , 2380run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2381.It Va nfscbd_flags 2382.Pq Vt str 2383If 2384.Va nfscbd_enable 2385is set to 2386.Dq Li YES , 2387these are the flags to pass to the 2388.Xr nfscbd 8 2389daemon. 2390.It Va mountd_enable 2391.Pq Vt bool 2392If set to 2393.Dq Li YES , 2394and no 2395.Va nfs_server_enable 2396is set, start 2397.Xr mountd 8 , 2398but not 2399.Xr nfsd 8 2400daemon. 2401It is commonly needed to run CFS without real NFS used. 2402.It Va mountd_flags 2403.Pq Vt str 2404If 2405.Va mountd_enable 2406is set to 2407.Dq Li YES , 2408these are the flags to pass to the 2409.Xr mountd 8 2410daemon. 2411.It Va weak_mountd_authentication 2412.Pq Vt bool 2413If set to 2414.Dq Li YES , 2415allow services like PCNFSD to make non-privileged mount 2416requests. 2417.It Va nfs_reserved_port_only 2418.Pq Vt bool 2419If set to 2420.Dq Li YES , 2421provide NFS services only on a secure port. 2422.It Va nfs_bufpackets 2423.Pq Vt int 2424If set to a number, indicates the number of packets worth of 2425socket buffer space to reserve on an NFS client. 2426The kernel default is typically 4. 2427Using a higher number may be 2428useful on gigabit networks to improve performance. 2429The minimum value is 24302 and the maximum is 64. 2431.It Va rpc_lockd_enable 2432.Pq Vt bool 2433If set to 2434.Dq Li YES 2435and also an NFS server or client, run 2436.Xr rpc.lockd 8 2437at boot time. 2438.It Va rpc_lockd_flags 2439.Pq Vt str 2440If 2441.Va rpc_lockd_enable 2442is set to 2443.Dq Li YES , 2444these are the flags to pass to the 2445.Xr rpc.lockd 8 2446daemon. 2447.It Va rpc_statd_enable 2448.Pq Vt bool 2449If set to 2450.Dq Li YES 2451and also an NFS server or client, run 2452.Xr rpc.statd 8 2453at boot time. 2454.It Va rpc_statd_flags 2455.Pq Vt str 2456If 2457.Va rpc_statd_enable 2458is set to 2459.Dq Li YES , 2460these are the flags to pass to the 2461.Xr rpc.statd 8 2462daemon. 2463.It Va rpcbind_program 2464.Pq Vt str 2465Path to 2466.Xr rpcbind 8 2467(default 2468.Pa /usr/sbin/rpcbind ) . 2469.It Va rpcbind_enable 2470.Pq Vt bool 2471If set to 2472.Dq Li YES , 2473run the 2474.Xr rpcbind 8 2475service at boot time. 2476.It Va rpcbind_flags 2477.Pq Vt str 2478If 2479.Va rpcbind_enable 2480is set to 2481.Dq Li YES , 2482these are the flags to pass to the 2483.Xr rpcbind 8 2484daemon. 2485.It Va keyserv_enable 2486.Pq Vt bool 2487If set to 2488.Dq Li YES , 2489run the 2490.Xr keyserv 8 2491daemon on boot for running Secure RPC. 2492.It Va keyserv_flags 2493.Pq Vt str 2494If 2495.Va keyserv_enable 2496is set to 2497.Dq Li YES , 2498these are the flags to pass to 2499.Xr keyserv 8 2500daemon. 2501.It Va pppoed_enable 2502.Pq Vt bool 2503If set to 2504.Dq Li YES , 2505run the 2506.Xr pppoed 8 2507daemon at boot time to provide PPP over Ethernet services. 2508.It Va pppoed_ Ns Aq Ar provider 2509.Pq Vt str 2510.Xr pppoed 8 2511listens to requests to this 2512.Ar provider 2513and ultimately runs 2514.Xr ppp 8 2515with a 2516.Ar system 2517argument of the same name. 2518.It Va pppoed_flags 2519.Pq Vt str 2520Additional flags to pass to 2521.Xr pppoed 8 . 2522.It Va pppoed_interface 2523.Pq Vt str 2524The network interface to run 2525.Xr pppoed 8 2526on. 2527This is mandatory when 2528.Va pppoed_enable 2529is set to 2530.Dq Li YES . 2531.It Va timed_enable 2532.Pq Vt bool 2533If set to 2534.Dq Li YES , 2535run the 2536.Xr timed 8 2537service at boot time. 2538This command is intended for networks of 2539machines where a consistent 2540.Dq "network time" 2541for all hosts must be established. 2542This is often useful in large NFS 2543environments where time stamps on files are expected to be consistent 2544network-wide. 2545.It Va timed_flags 2546.Pq Vt str 2547If 2548.Va timed_enable 2549is set to 2550.Dq Li YES , 2551these are the flags to pass to the 2552.Xr timed 8 2553service. 2554.It Va ntpdate_enable 2555.Pq Vt bool 2556If set to 2557.Dq Li YES , 2558run 2559.Xr ntpdate 8 2560at system startup. 2561This command is intended to 2562synchronize the system clock only 2563.Em once 2564from some standard reference. 2565.Pp 2566Note that the use of the 2567.Va ntpd_sync_on_start 2568variable is a preferred alternative to the 2569.Xr ntpdate 8 2570utility as 2571.Xr ntpdate 8 2572is to be retired from the NTP distribution. 2573.It Va ntpdate_config 2574.Pq Vt str 2575Configuration file for 2576.Xr ntpdate 8 . 2577Default 2578.Pa /etc/ntp.conf . 2579.It Va ntpdate_hosts 2580.Pq Vt str 2581A whitespace-separated list of NTP servers to synchronize with at startup. 2582The default is to use the servers listed in 2583.Va ntpdate_config , 2584if that file exists. 2585.It Va ntpdate_program 2586.Pq Vt str 2587Path to 2588.Xr ntpdate 8 2589(default 2590.Pa /usr/sbin/ntpdate ) . 2591.It Va ntpdate_flags 2592.Pq Vt str 2593If 2594.Va ntpdate_enable 2595is set to 2596.Dq Li YES , 2597these are the flags to pass to the 2598.Xr ntpdate 8 2599command (typically a hostname). 2600.It Va ntpd_enable 2601.Pq Vt bool 2602If set to 2603.Dq Li YES , 2604run the 2605.Xr ntpd 8 2606command at boot time. 2607.It Va ntpd_program 2608.Pq Vt str 2609Path to 2610.Xr ntpd 8 2611(default 2612.Pa /usr/sbin/ntpd ) . 2613.It Va ntpd_config 2614.Pq Vt str 2615Path to 2616.Xr ntpd 8 2617configuration file. 2618Default 2619.Pa /etc/ntp.conf . 2620.It Va ntpd_flags 2621.Pq Vt str 2622If 2623.Va ntpd_enable 2624is set to 2625.Dq Li YES , 2626these are the flags to pass to the 2627.Xr ntpd 8 2628daemon. 2629.It Va ntpd_sync_on_start 2630.Pq Vt bool 2631If set to 2632.Dq Li YES , 2633.Xr ntpd 8 2634is run with the 2635.Fl g 2636flag, which syncs the system's clock on startup. 2637See 2638.Xr ntpd 8 2639for more information regarding the 2640.Fl g 2641option. 2642This is a preferred alternative to using 2643.Xr ntpdate 8 2644or specifying the 2645.Va ntpdate_enable 2646variable. 2647.It Va nis_client_enable 2648.Pq Vt bool 2649If set to 2650.Dq Li YES , 2651run the 2652.Xr ypbind 8 2653service at system boot time. 2654.It Va nis_client_flags 2655.Pq Vt str 2656If 2657.Va nis_client_enable 2658is set to 2659.Dq Li YES , 2660these are the flags to pass to the 2661.Xr ypbind 8 2662service. 2663.It Va nis_ypldap_enable 2664.Pq Vt bool 2665If set to 2666.Dq Li YES , 2667run the 2668.Xr ypldap 8 2669daemon at system boot time. 2670.It Va nis_ypldap_flags 2671.Pq Vt str 2672If 2673.Va nis.ypldap_enable 2674is set to 2675.Dq Li YES , 2676these are the flags to pass to the 2677.Xr ypldap 8 2678daemon. 2679.It Va nis_ypset_enable 2680.Pq Vt bool 2681If set to 2682.Dq Li YES , 2683run the 2684.Xr ypset 8 2685daemon at system boot time. 2686.It Va nis_ypset_flags 2687.Pq Vt str 2688If 2689.Va nis_ypset_enable 2690is set to 2691.Dq Li YES , 2692these are the flags to pass to the 2693.Xr ypset 8 2694daemon. 2695.It Va nis_server_enable 2696.Pq Vt bool 2697If set to 2698.Dq Li YES , 2699run the 2700.Xr ypserv 8 2701daemon at system boot time. 2702.It Va nis_server_flags 2703.Pq Vt str 2704If 2705.Va nis_server_enable 2706is set to 2707.Dq Li YES , 2708these are the flags to pass to the 2709.Xr ypserv 8 2710daemon. 2711.It Va nis_ypxfrd_enable 2712.Pq Vt bool 2713If set to 2714.Dq Li YES , 2715run the 2716.Xr rpc.ypxfrd 8 2717daemon at system boot time. 2718.It Va nis_ypxfrd_flags 2719.Pq Vt str 2720If 2721.Va nis_ypxfrd_enable 2722is set to 2723.Dq Li YES , 2724these are the flags to pass to the 2725.Xr rpc.ypxfrd 8 2726daemon. 2727.It Va nis_yppasswdd_enable 2728.Pq Vt bool 2729If set to 2730.Dq Li YES , 2731run the 2732.Xr rpc.yppasswdd 8 2733daemon at system boot time. 2734.It Va nis_yppasswdd_flags 2735.Pq Vt str 2736If 2737.Va nis_yppasswdd_enable 2738is set to 2739.Dq Li YES , 2740these are the flags to pass to the 2741.Xr rpc.yppasswdd 8 2742daemon. 2743.It Va rpc_ypupdated_enable 2744.Pq Vt bool 2745If set to 2746.Dq Li YES , 2747run the 2748.Nm rpc.ypupdated 2749daemon at system boot time. 2750.It Va bsnmpd_enable 2751.Pq Vt bool 2752If set to 2753.Dq Li YES , 2754run the 2755.Xr bsnmpd 1 2756daemon at system boot time. 2757Be sure to understand the security implications of running SNMP daemon 2758on your host. 2759.It Va bsnmpd_flags 2760.Pq Vt str 2761If 2762.Va bsnmpd_enable 2763is set to 2764.Dq Li YES , 2765these are the flags to pass to the 2766.Xr bsnmpd 1 2767daemon. 2768.It Va defaultrouter 2769.Pq Vt str 2770If not set to 2771.Dq Li NO , 2772create a default route to this host name or IP address 2773(use an IP address if this router is also required to get to the 2774name server!). 2775.It Va ipv6_defaultrouter 2776.Pq Vt str 2777The IPv6 equivalent of 2778.Va defaultrouter . 2779.It Va static_arp_pairs 2780.Pq Vt str 2781Set to the list of static ARP pairs that are to be added at system 2782boot time. 2783For each whitespace separated 2784.Ar element 2785in the value, a 2786.Va static_arp_ Ns Aq Ar element 2787variable is assumed to exist whose contents will later be passed to a 2788.Dq Nm arp Cm -S 2789operation. 2790For example 2791.Bd -literal 2792static_arp_pairs="gw" 2793static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2794.Ed 2795.It Va static_ndp_pairs 2796.Pq Vt str 2797Set to the list of static NDP pairs that are to be added at system 2798boot time. 2799For each whitespace separated 2800.Ar element 2801in the value, a 2802.Va static_ndp_ Ns Aq Ar element 2803variable is assumed to exist whose contents will later be passed to a 2804.Dq Nm ndp Cm -s 2805operation. 2806For example 2807.Bd -literal 2808static_ndp_pairs="gw" 2809static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2810.Ed 2811.It Va static_routes 2812.Pq Vt str 2813Set to the list of static routes that are to be added at system 2814boot time. 2815If not set to 2816.Dq Li NO 2817then for each whitespace separated 2818.Ar element 2819in the value, a 2820.Va route_ Ns Aq Ar element 2821variable is assumed to exist 2822whose contents will later be passed to a 2823.Dq Nm route Cm add 2824operation. 2825For example: 2826.Bd -literal 2827static_routes="ext mcast:gif0 gif0local:gif0" 2828route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2829route_mcast="-net 224.0.0.0/4 -iface gif0" 2830route_gif0local="-host 169.254.1.1 -iface lo0" 2831.Ed 2832.Pp 2833When an 2834.Ar element 2835is in the form of 2836.Li name:ifname , 2837the route is specific to the interface 2838.Li ifname . 2839.It Va ipv6_static_routes 2840.Pq Vt str 2841The IPv6 equivalent of 2842.Va static_routes . 2843If not set to 2844.Dq Li NO 2845then for each whitespace separated 2846.Ar element 2847in the value, a 2848.Va ipv6_route_ Ns Aq Ar element 2849variable is assumed to exist 2850whose contents will later be passed to a 2851.Dq Nm route Cm add Fl inet6 2852operation. 2853.It Va gateway_enable 2854.Pq Vt bool 2855If set to 2856.Dq Li YES , 2857configure host to act as an IP router, e.g.\& to forward packets 2858between interfaces. 2859.It Va ipv6_gateway_enable 2860.Pq Vt bool 2861The IPv6 equivalent of 2862.Va gateway_enable . 2863.It Va routed_enable 2864.Pq Vt bool 2865If set to 2866.Dq Li YES , 2867run a routing daemon of some sort, based on the 2868settings of 2869.Va routed_program 2870and 2871.Va routed_flags . 2872.It Va route6d_enable 2873.Pq Vt bool 2874The IPv6 equivalent of 2875.Va routed_enable . 2876If set to 2877.Dq Li YES , 2878run a routing daemon of some sort, based on the 2879settings of 2880.Va route6d_program 2881and 2882.Va route6d_flags . 2883.It Va routed_program 2884.Pq Vt str 2885If 2886.Va routed_enable 2887is set to 2888.Dq Li YES , 2889this is the name of the routing daemon to use. 2890.It Va route6d_program 2891.Pq Vt str 2892The IPv6 equivalent of 2893.Va routed_program . 2894.It Va routed_flags 2895.Pq Vt str 2896If 2897.Va routed_enable 2898is set to 2899.Dq Li YES , 2900these are the flags to pass to the routing daemon. 2901.It Va route6d_flags 2902.Pq Vt str 2903The IPv6 equivalent of 2904.Va routed_flags . 2905.It Va rtadvd_enable 2906.Pq Vt bool 2907If set to 2908.Dq Li YES , 2909run the 2910.Xr rtadvd 8 2911daemon at boot time. 2912The 2913.Xr rtadvd 8 2914utility sends ICMPv6 Router Advertisement messages to 2915the interfaces specified in 2916.Va rtadvd_interfaces . 2917This should only be enabled with great care. 2918You may want to fine-tune 2919.Xr rtadvd.conf 5 . 2920.It Va rtadvd_interfaces 2921.Pq Vt str 2922If 2923.Va rtadvd_enable 2924is set to 2925.Dq Li YES 2926this is the list of interfaces to use. 2927.It Va arpproxy_all 2928.Pq Vt bool 2929If set to 2930.Dq Li YES , 2931enable global proxy ARP. 2932.It Va forward_sourceroute 2933.Pq Vt bool 2934If set to 2935.Dq Li YES 2936and 2937.Va gateway_enable 2938is also set to 2939.Dq Li YES , 2940source-routed packets are forwarded. 2941.It Va accept_sourceroute 2942.Pq Vt bool 2943If set to 2944.Dq Li YES , 2945the system will accept source-routed packets directed at it. 2946.It Va rarpd_enable 2947.Pq Vt bool 2948If set to 2949.Dq Li YES , 2950run the 2951.Xr rarpd 8 2952daemon at system boot time. 2953.It Va rarpd_flags 2954.Pq Vt str 2955If 2956.Va rarpd_enable 2957is set to 2958.Dq Li YES , 2959these are the flags to pass to the 2960.Xr rarpd 8 2961daemon. 2962.It Va bootparamd_enable 2963.Pq Vt bool 2964If set to 2965.Dq Li YES , 2966run the 2967.Xr bootparamd 8 2968daemon at system boot time. 2969.It Va bootparamd_flags 2970.Pq Vt str 2971If 2972.Va bootparamd_enable 2973is set to 2974.Dq Li YES , 2975these are the flags to pass to the 2976.Xr bootparamd 8 2977daemon. 2978.It Va stf_interface_ipv4addr 2979.Pq Vt str 2980If not set to 2981.Dq Li NO , 2982this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2983interface). 2984Specify this entry to enable the 6to4 interface. 2985.It Va stf_interface_ipv4plen 2986.Pq Vt int 2987Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2988An effective value is 0-31. 2989.It Va stf_interface_ipv6_ifid 2990.Pq Vt str 2991IPv6 interface ID for 2992.Xr stf 4 . 2993This can be set to 2994.Dq Li AUTO . 2995.It Va stf_interface_ipv6_slaid 2996.Pq Vt str 2997IPv6 Site Level Aggregator for 2998.Xr stf 4 . 2999.It Va ipv6_ipv4mapping 3000.Pq Vt bool 3001If set to 3002.Dq Li YES 3003this enables IPv4 mapped IPv6 address communication (like 3004.Li ::ffff:a.b.c.d ) . 3005.It Va rtsold_enable 3006.Pq Vt bool 3007Set to 3008.Dq Li YES 3009to enable the 3010.Xr rtsold 8 3011daemon to send ICMPv6 Router Solicitation messages. 3012.It Va rtsold_flags 3013.Pq Vt str 3014If 3015.Va rtsold_enable 3016is set to 3017.Dq Li YES , 3018these are the flags to pass to 3019.Xr rtsold 8 . 3020.It Va rtsol_flags 3021.Pq Vt str 3022For interfaces configured with the 3023.Dq Li inet6 accept_rtadv 3024keyword, these are the flags to pass to 3025.Xr rtsol 8 . 3026.Pp 3027Note that 3028.Va rtsold_enable 3029is mutually exclusive to 3030.Va rtsol_flags ; 3031.Va rtsold_enable 3032takes precedence. 3033.It Va keybell 3034.Pq Vt str 3035The keyboard bell sound. 3036Set to 3037.Dq Li normal , 3038.Dq Li visual , 3039.Dq Li off , 3040or 3041.Dq Li NO 3042if the default behavior is desired. 3043For details, refer to the 3044.Xr kbdcontrol 1 3045manpage. 3046.It Va keyboard 3047.Pq Vt str 3048If set to a non-null string, the virtual console's keyboard input is 3049set to this device. 3050.It Va keymap 3051.Pq Vt str 3052If set to 3053.Dq Li NO , 3054no keymap is installed, otherwise the value is used to install 3055the keymap file found in 3056.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3057(if using 3058.Xr syscons 4 ) or 3059.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3060(if using 3061.Xr vt 4 ) . 3062.It Va keyrate 3063.Pq Vt str 3064The keyboard repeat speed. 3065Set to 3066.Dq Li slow , 3067.Dq Li normal , 3068.Dq Li fast , 3069or 3070.Dq Li NO 3071if the default behavior is desired. 3072.It Va keychange 3073.Pq Vt str 3074If not set to 3075.Dq Li NO , 3076attempt to program the function keys with the value. 3077The value should 3078be a single string of the form: 3079.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3080.It Va cursor 3081.Pq Vt str 3082Can be set to the value of 3083.Dq Li normal , 3084.Dq Li blink , 3085.Dq Li destructive , 3086or 3087.Dq Li NO 3088to set the cursor behavior explicitly or choose the default behavior. 3089.It Va scrnmap 3090.Pq Vt str 3091If set to 3092.Dq Li NO , 3093no screen map is installed, otherwise the value is used to install 3094the screen map file in 3095.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3096This parameter is ignored when using 3097.Xr vt 4 3098as the console driver. 3099.It Va font8x16 3100.Pq Vt str 3101If set to 3102.Dq Li NO , 3103the default 8x16 font value is used for screen size requests, otherwise 3104the value in 3105.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3106or 3107.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3108is used (depending on the console driver being used). 3109.It Va font8x14 3110.Pq Vt str 3111If set to 3112.Dq Li NO , 3113the default 8x14 font value is used for screen size requests, otherwise 3114the value in 3115.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3116or 3117.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3118is used (depending on the console driver being used). 3119.It Va font8x8 3120.Pq Vt str 3121If set to 3122.Dq Li NO , 3123the default 8x8 font value is used for screen size requests, otherwise 3124the value in 3125.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3126or 3127.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3128is used (depending on the console driver being used). 3129.It Va blanktime 3130.Pq Vt int 3131If set to 3132.Dq Li NO , 3133the default screen blanking interval is used, otherwise it is set 3134to 3135.Ar value 3136seconds. 3137.It Va saver 3138.Pq Vt str 3139If not set to 3140.Dq Li NO , 3141this is the actual screen saver to use 3142.Li ( blank , snake , daemon , 3143etc). 3144.It Va moused_nondefault_enable 3145.Pq Vt str 3146If set to 3147.Dq Li NO , 3148the mouse device specified on 3149the command line is not automatically treated as enabled by the 3150.Pa /etc/rc.d/moused 3151script. 3152Having this variable set to 3153.Dq Li YES 3154allows a 3155.Xr usb 4 3156mouse, 3157for example, 3158to be enabled as soon as it is plugged in. 3159.It Va moused_enable 3160.Pq Vt str 3161If set to 3162.Dq Li YES , 3163the 3164.Xr moused 8 3165daemon is started for doing cut/paste selection on the console. 3166.It Va moused_type 3167.Pq Vt str 3168This is the protocol type of the mouse connected to this host. 3169This variable must be set if 3170.Va moused_enable 3171is set to 3172.Dq Li YES . 3173The 3174.Xr moused 8 3175daemon 3176is able to detect the appropriate mouse type automatically in many cases. 3177Set this variable to 3178.Dq Li auto 3179to let the daemon detect it, or 3180select one from the following list if the automatic detection fails. 3181.Pp 3182If the mouse is attached to the PS/2 mouse port, choose 3183.Dq Li auto 3184or 3185.Dq Li ps/2 , 3186regardless of the brand and model of the mouse. 3187Likewise, if the 3188mouse is attached to the bus mouse port, choose 3189.Dq Li auto 3190or 3191.Dq Li busmouse . 3192All other protocols are for serial mice and will not work with 3193the PS/2 and bus mice. 3194If this is a USB mouse, 3195.Dq Li auto 3196is the only protocol type which will work. 3197.Pp 3198.Bl -tag -width ".Li x10mouseremote" -compact 3199.It Li microsoft 3200Microsoft mouse (serial) 3201.It Li intellimouse 3202Microsoft IntelliMouse (serial) 3203.It Li mousesystems 3204Mouse systems Corp.\& mouse (serial) 3205.It Li mmseries 3206MM Series mouse (serial) 3207.It Li logitech 3208Logitech mouse (serial) 3209.It Li busmouse 3210A bus mouse 3211.It Li mouseman 3212Logitech MouseMan and TrackMan (serial) 3213.It Li glidepoint 3214ALPS GlidePoint (serial) 3215.It Li thinkingmouse 3216Kensington ThinkingMouse (serial) 3217.It Li ps/2 3218PS/2 mouse 3219.It Li mmhittab 3220MM HitTablet (serial) 3221.It Li x10mouseremote 3222X10 MouseRemote (serial) 3223.It Li versapad 3224Interlink VersaPad (serial) 3225.El 3226.Pp 3227Even if the mouse is not in the above list, it may be compatible 3228with one in the list. 3229Refer to the manual page for 3230.Xr moused 8 3231for compatibility information. 3232.Pp 3233It should also be noted that while this is enabled, any 3234other client of the mouse (such as an X server) should access 3235the mouse through the virtual mouse device, 3236.Pa /dev/sysmouse , 3237and configure it as a 3238.Dq Li sysmouse 3239type mouse, since all 3240mouse data is converted to this single canonical format when 3241using 3242.Xr moused 8 . 3243If the client program does not support the 3244.Dq Li sysmouse 3245type, 3246specify the 3247.Dq Li mousesystems 3248type. 3249It is the second preferred type. 3250.It Va moused_port 3251.Pq Vt str 3252If 3253.Va moused_enable 3254is set to 3255.Dq Li YES , 3256this is the actual port the mouse is on. 3257It might be 3258.Pa /dev/cuau0 3259for a COM1 serial mouse, or 3260.Pa /dev/psm0 3261for a PS/2 mouse, for example. 3262.It Va moused_flags 3263.Pq Vt str 3264If 3265.Va moused_flags 3266is set, its value is used as an additional set of flags to pass to the 3267.Xr moused 8 3268daemon. 3269.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3270When 3271.Va moused_nondefault_enable 3272is enabled, and a 3273.Xr moused 8 3274daemon is started for a non-default port, the 3275.Va "moused_" Ns Ar XXX Ns Va "_flags" 3276set of options has precedence over and replaces the default 3277.Va moused_flags 3278(where 3279.Ar XXX 3280is the name of the non-default port, i.e.,\& 3281.Ar ums0 ) . 3282By setting 3283.Va "moused_" Ns Ar XXX Ns Va "_flags" 3284it is possible to set up a different set of default flags for each 3285.Xr moused 8 3286instance. 3287For example, you can use 3288.Dq Li "-3" 3289for the default 3290.Va moused_flags 3291to make your laptop's touchpad more comfortable to use, 3292but an empty set of options for 3293.Va moused_ums0_flags 3294when your 3295.Xr usb 4 3296mouse has three or more buttons. 3297.It Va mousechar_start 3298.Pq Vt int 3299If set to 3300.Dq Li NO , 3301the default mouse cursor character range 3302.Li 0xd0 Ns - Ns Li 0xd3 3303is used, 3304otherwise the range start is set 3305to 3306.Ar value 3307character, see 3308.Xr vidcontrol 1 . 3309Use if the default range is occupied in the language code table. 3310.It Va allscreens_flags 3311.Pq Vt str 3312If set, 3313.Xr vidcontrol 1 3314is run with these options for each of the virtual terminals 3315.Pq Pa /dev/ttyv* . 3316For example, 3317.Dq Fl m Cm on 3318will enable the mouse pointer on all virtual terminals 3319if 3320.Va moused_enable 3321is set to 3322.Dq Li YES . 3323.It Va allscreens_kbdflags 3324.Pq Vt str 3325If set, 3326.Xr kbdcontrol 1 3327is run with these options for each of the virtual terminals 3328.Pq Pa /dev/ttyv* . 3329For example, 3330.Dq Fl h Li 200 3331will set the 3332.Xr syscons 4 3333or 3334.Xr vt 4 3335scrollback (history) buffer to 200 lines. 3336.It Va cron_enable 3337.Pq Vt bool 3338If set to 3339.Dq Li YES , 3340run the 3341.Xr cron 8 3342daemon at system boot time. 3343.It Va cron_program 3344.Pq Vt str 3345Path to 3346.Xr cron 8 3347(default 3348.Pa /usr/sbin/cron ) . 3349.It Va cron_flags 3350.Pq Vt str 3351If 3352.Va cron_enable 3353is set to 3354.Dq Li YES , 3355these are the flags to pass to 3356.Xr cron 8 . 3357.It Va cron_dst 3358.Pq Vt bool 3359If set to 3360.Dq Li YES , 3361enable the special handling of transitions to and from the 3362Daylight Saving Time in 3363.Xr cron 8 3364(equivalent to using the flag 3365.Fl s ) . 3366.It Va lpd_program 3367.Pq Vt str 3368Path to 3369.Xr lpd 8 3370(default 3371.Pa /usr/sbin/lpd ) . 3372.It Va lpd_enable 3373.Pq Vt bool 3374If set to 3375.Dq Li YES , 3376run the 3377.Xr lpd 8 3378daemon at system boot time. 3379.It Va lpd_flags 3380.Pq Vt str 3381If 3382.Va lpd_enable 3383is set to 3384.Dq Li YES , 3385these are the flags to pass to the 3386.Xr lpd 8 3387daemon. 3388.It Va chkprintcap_enable 3389.Pq Vt bool 3390If set to 3391.Dq Li YES , 3392run the 3393.Xr chkprintcap 8 3394command before starting the 3395.Xr lpd 8 3396daemon. 3397.It Va chkprintcap_flags 3398.Pq Vt str 3399If 3400.Va lpd_enable 3401and 3402.Va chkprintcap_enable 3403are set to 3404.Dq Li YES , 3405these are the flags to pass to the 3406.Xr chkprintcap 8 3407program. 3408The default is 3409.Dq Li -d , 3410which causes missing directories to be created. 3411.It Va mta_start_script 3412.Pq Vt str 3413This variable specifies the full path to the script to run to start 3414a mail transfer agent. 3415The default is 3416.Pa /etc/rc.sendmail . 3417The 3418.Va sendmail_* 3419variables which 3420.Pa /etc/rc.sendmail 3421uses are documented in the 3422.Xr rc.sendmail 8 3423manual page. 3424.It Va dumpdev 3425.Pq Vt str 3426Indicates the device (usually a swap partition) to which a crash dump 3427should be written in the event of a system crash. 3428If the value of this variable is 3429.Dq Li AUTO , 3430the first suitable swap device listed in 3431.Pa /etc/fstab 3432will be used as dump device. 3433Otherwise, the value of this variable is passed as the argument to 3434.Xr dumpon 8 . 3435To disable crash dumps, set this variable to 3436.Dq Li NO . 3437.It Va dumpon_flags 3438.Pq Vt str 3439Flags to pass to 3440.Xr dumpon 8 3441when configuring 3442.Va dumpdev 3443as the system dump device. 3444.It Va dumpdir 3445.Pq Vt str 3446When the system reboots after a crash and a crash dump is found on the 3447device specified by the 3448.Va dumpdev 3449variable, 3450.Xr savecore 8 3451will save that crash dump and a copy of the kernel to the directory 3452specified by the 3453.Va dumpdir 3454variable. 3455The default value is 3456.Pa /var/crash . 3457Set to 3458.Dq Li NO 3459to not run 3460.Xr savecore 8 3461at boot time when 3462.Va dumpdir 3463is set. 3464.It Va savecore_enable 3465.Pq Vt bool 3466If set to 3467.Dq Li NO , 3468disable automatic extraction of the crash dump from the 3469.Va dumpdev . 3470.It Va savecore_flags 3471.Pq Vt str 3472If crash dumps are enabled, these are the flags to pass to the 3473.Xr savecore 8 3474utility. 3475.It Va quota_enable 3476.Pq Vt bool 3477Set to 3478.Dq Li YES 3479to turn on user and group disk quotas on system startup via the 3480.Xr quotaon 8 3481command for all file systems marked as having quotas enabled in 3482.Pa /etc/fstab . 3483The kernel must be built with 3484.Cd "options QUOTA" 3485for disk quotas to function. 3486.It Va check_quotas 3487.Pq Vt bool 3488Set to 3489.Dq Li YES 3490to enable user and group disk quota checking via the 3491.Xr quotacheck 8 3492command. 3493.It Va quotacheck_flags 3494.Pq Vt str 3495If 3496.Va quota_enable 3497is set to 3498.Dq Li YES , 3499and 3500.Va check_quotas 3501is set to 3502.Dq Li YES , 3503these are the flags to pass to the 3504.Xr quotacheck 8 3505utility. 3506The default is 3507.Dq Li "-a" , 3508which checks quotas for all file systems with quotas enabled in 3509.Pa /etc/fstab . 3510.It Va quotaon_flags 3511.Pq Vt str 3512If 3513.Va quota_enable 3514is set to 3515.Dq Li YES , 3516these are the flags to pass to the 3517.Xr quotaon 8 3518utility. 3519The default is 3520.Dq Li "-a" , 3521which enables quotas for all file systems with quotas enabled in 3522.Pa /etc/fstab . 3523.It Va quotaoff_flags 3524.Pq Vt str 3525If 3526.Va quota_enable 3527is set to 3528.Dq Li YES , 3529these are the flags to pass to the 3530.Xr quotaoff 8 3531utility when shutting down the quota system. 3532The default is 3533.Dq Li "-a" , 3534which disables quotas for all file systems with quotas enabled in 3535.Pa /etc/fstab . 3536.It Va accounting_enable 3537.Pq Vt bool 3538Set to 3539.Dq Li YES 3540to enable system accounting through the 3541.Xr accton 8 3542facility. 3543.It Va ibcs2_enable 3544.Pq Vt bool 3545Set to 3546.Dq Li YES 3547to enable iBCS2 (SCO) binary emulation at system initial boot 3548time. 3549.It Va ibcs2_loaders 3550.Pq Vt str 3551If not set to 3552.Dq Li NO 3553and if 3554.Va ibcs2_enable 3555is set to 3556.Dq Li YES , 3557this specifies a list of additional iBCS2 loaders to enable. 3558.It Va firstboot_sentinel 3559.Pq Vt str 3560This variable specifies the full path to a 3561.Dq first boot 3562sentinel file. 3563If a file exists with this path, 3564.Pa rc.d 3565scripts with the 3566.Dq firstboot 3567keyword will be run on startup and the sentinel file will be deleted 3568after the boot process completes. 3569The sentinel file must be located on a writable file system which is 3570mounted no later than 3571.Va early_late_divider 3572to function properly. 3573The default is 3574.Pa /firstboot . 3575.It Va linux_enable 3576.Pq Vt bool 3577Set to 3578.Dq Li YES 3579to enable Linux/ELF binary emulation at system initial 3580boot time. 3581.It Va sysvipc_enable 3582.Pq Vt bool 3583If set to 3584.Dq Li YES , 3585load System V IPC primitives at boot time. 3586.It Va clear_tmp_enable 3587.Pq Vt bool 3588Set to 3589.Dq Li YES 3590to have 3591.Pa /tmp 3592cleaned at startup. 3593.It Va clear_tmp_X 3594.Pq Vt bool 3595Set to 3596.Dq Li NO 3597to disable removing of X11 lock files, 3598and the removal and (secure) recreation 3599of the various socket directories for X11 3600related programs. 3601.It Va ldconfig_paths 3602.Pq Vt str 3603Set to the list of shared library paths to use with 3604.Xr ldconfig 8 . 3605NOTE: 3606.Pa /usr/lib 3607will always be added first, so it need not appear in this list. 3608.It Va ldconfig32_paths 3609.Pq Vt str 3610Set to the list of 32-bit compatibility shared library paths to 3611use with 3612.Xr ldconfig 8 . 3613.It Va ldconfig_paths_aout 3614.Pq Vt str 3615Set to the list of shared library paths to use with 3616.Xr ldconfig 8 3617legacy 3618.Xr a.out 5 3619support. 3620.It Va ldconfig_insecure 3621.Pq Vt bool 3622The 3623.Xr ldconfig 8 3624utility normally refuses to use directories 3625which are writable by anyone except root. 3626Set this variable to 3627.Dq Li YES 3628to disable that security check during system startup. 3629.It Va ldconfig_local_dirs 3630.Pq Vt str 3631Set to the list of local 3632.Xr ldconfig 8 3633directories. 3634The names of all files in the directories listed will be 3635passed as arguments to 3636.Xr ldconfig 8 . 3637.It Va ldconfig_local32_dirs 3638.Pq Vt str 3639Set to the list of local 32-bit compatibility 3640.Xr ldconfig 8 3641directories. 3642The names of all files in the directories listed will be 3643passed as arguments to 3644.Dq Nm ldconfig Fl 32 . 3645.It Va kern_securelevel_enable 3646.Pq Vt bool 3647Set to 3648.Dq Li YES 3649to set the kernel security level at system startup. 3650.It Va kern_securelevel 3651.Pq Vt int 3652The kernel security level to set at startup. 3653The allowed range of 3654.Ar value 3655ranges from \-1 (the compile time default) to 3 (the 3656most secure). 3657See 3658.Xr security 7 3659for the list of possible security levels and their effect 3660on system operation. 3661.It Va sshd_program 3662.Pq Vt str 3663Path to the SSH server program 3664.Pa ( /usr/sbin/sshd 3665is the default). 3666.It Va sshd_enable 3667.Pq Vt bool 3668Set to 3669.Dq Li YES 3670to start 3671.Xr sshd 8 3672at system boot time. 3673.It Va sshd_flags 3674.Pq Vt str 3675If 3676.Va sshd_enable 3677is set to 3678.Dq Li YES , 3679these are the flags to pass to the 3680.Xr sshd 8 3681daemon. 3682.It Va ftpd_program 3683.Pq Vt str 3684Path to the FTP server program 3685.Pa ( /usr/libexec/ftpd 3686is the default). 3687.It Va ftpd_enable 3688.Pq Vt bool 3689Set to 3690.Dq Li YES 3691to start 3692.Xr ftpd 8 3693as a stand-alone daemon at system boot time. 3694.It Va ftpd_flags 3695.Pq Vt str 3696If 3697.Va ftpd_enable 3698is set to 3699.Dq Li YES , 3700these are the additional flags to pass to the 3701.Xr ftpd 8 3702daemon. 3703.It Va watchdogd_enable 3704.Pq Vt bool 3705If set to 3706.Dq Li YES , 3707start the 3708.Xr watchdogd 8 3709daemon at boot time. 3710This requires that the kernel have been compiled with a 3711.Xr watchdog 4 3712compatible device. 3713.It Va watchdogd_flags 3714.Pq Vt str 3715If 3716.Va watchdogd_enable 3717is set to 3718.Dq Li YES , 3719these are the flags passed to the 3720.Xr watchdogd 8 3721daemon. 3722.It Va devfs_rulesets 3723.Pq Vt str 3724List of files containing sets of rules for 3725.Xr devfs 8 . 3726.It Va devfs_system_ruleset 3727.Pq Vt str 3728Rule name(s) to apply to the system 3729.Pa /dev 3730itself. 3731.It Va devfs_set_rulesets 3732.Pq Vt str 3733Pairs of already-mounted 3734.Pa dev 3735directories and rulesets that should be applied to them. 3736For example: /mount/dev=ruleset_name 3737.It Va devfs_load_rulesets 3738.Pq Vt bool 3739If set, always load the default rulesets listed in 3740.Va devfs_rulesets . 3741.It Va performance_cx_lowest 3742.Pq Vt str 3743CPU idle state to use while on AC power. 3744The string 3745.Dq Li LOW 3746indicates that 3747.Xr acpi 4 3748should use the lowest power state available while 3749.Dq Li HIGH 3750indicates that the lowest latency state (less power savings) should be used. 3751.It Va performance_cpu_freq 3752.Pq Vt str 3753CPU clock frequency to use while on AC power. 3754The string 3755.Dq Li LOW 3756indicates that 3757.Xr cpufreq 4 3758should use the lowest frequency available while 3759.Dq Li HIGH 3760indicates that the highest frequency (less power savings) should be used. 3761.It Va economy_cx_lowest 3762.Pq Vt str 3763CPU idle state to use when off AC power. 3764The string 3765.Dq Li LOW 3766indicates that 3767.Xr acpi 4 3768should use the lowest power state available while 3769.Dq Li HIGH 3770indicates that the lowest latency state (less power savings) should be used. 3771.It Va economy_cpu_freq 3772.Pq Vt str 3773CPU clock frequency to use when off AC power. 3774The string 3775.Dq Li LOW 3776indicates that 3777.Xr cpufreq 4 3778should use the lowest frequency available while 3779.Dq Li HIGH 3780indicates that the highest frequency (less power savings) should be used. 3781.It Va jail_enable 3782.Pq Vt bool 3783If set to 3784.Dq Li NO , 3785any configured jails will not be started. 3786.It Va jail_conf 3787.Pq Vt str 3788The configuration filename used by 3789.Xr jail 8 3790utility. 3791The default value is 3792.Pa /etc/jail.conf . 3793.It Va jail_parallel_start 3794.Pq Vt bool 3795If set to 3796.Dq Li YES , 3797all configured jails will be started in the background (in parallel). 3798.It Va jail_flags 3799.Pq Vt str 3800Unset by default. 3801When set, use as default value for 3802.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3803for every jail in 3804.Va jail_list . 3805.It Va jail_list 3806.Pq Vt str 3807A space-delimited list of jail names. 3808When left empty, all of the 3809.Xr jail 8 3810instances defined in the configuration file are started. 3811The names specified in this list control the jail startup order. 3812.Xr jail 8 3813instances missing from 3814.Va jail_list 3815must be started manually. 3816Note that a jail's 3817.Va depend 3818parameter in the configuration file may override this list. 3819.It Va jail_reverse_stop 3820.Pq Vt bool 3821When set to 3822.Dq Li YES , 3823all configured jails in 3824.Va jail_list 3825are stopped in reverse order. 3826.It Va jail_* variables 3827Note that older releases supported per-jail configuration via 3828.Nm 3829variables. 3830For example, 3831hostname of a jail named 3832.Li vjail 3833was able to be set by 3834.Li jail_vjail_hostname . 3835These per-jail configuration variables are now obsolete in favor of 3836.Xr jail 8 3837configuration file. 3838For backward compatibility, 3839when per-jail configuration variables are defined, 3840.Xr jail 8 3841configuration files are created as 3842.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3843and used. 3844.Pp 3845The following per-jail parameters are handled by 3846.Pa rc.d/jail 3847script out of their corresponding 3848.Nm 3849variables. 3850In addition to them, parameters in 3851.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3852will be added to the configuration file. 3853They must be a semi-colon 3854.Pq Ql \&; 3855delimited list of 3856.Dq key=value . 3857For more details, 3858see 3859.Xr jail 8 3860manual page. 3861.Bl -tag -width "host.hostname" -offset indent 3862.It Li path 3863set from 3864.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3865.It Li host.hostname 3866set from 3867.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3868.It Li exec.consolelog 3869set from 3870.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3871The default value is 3872.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3873.It Li interface 3874set from 3875.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3876.It Li vnet.interface 3877set from 3878.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3879This implies 3880.Li vnet 3881parameter will be enabled and cannot be specified with 3882.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3883.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3884and/or 3885.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3886at the same time. 3887.It Li fstab 3888set from 3889.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3890.It Li mount 3891set from 3892.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3893.It Li exec.fib 3894set from 3895.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3896.It Li exec.start 3897set from 3898.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3899The parameter name was 3900.Li command 3901in some older releases. 3902.It Li exec.prestart 3903set from 3904.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3905.It Li exec.poststart 3906set from 3907.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3908.It Li exec.stop 3909set from 3910.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3911.It Li exec.prestop 3912set from 3913.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3914.It Li exec.poststop 3915set from 3916.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3917.It Li ip4.addr 3918set if 3919.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3920or 3921.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3922contain IPv4 addresses 3923.It Li ip6.addr 3924set if 3925.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3926or 3927.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3928contain IPv6 addresses 3929.It Li allow.mount 3930set from 3931.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3932.It Li mount.devfs 3933set from 3934.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3935.It Li devfs_ruleset 3936set from 3937.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3938This must be an integer, 3939not a string. 3940.It Li mount.fdescfs 3941set from 3942.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3943.It Li allow.set_hostname 3944set from 3945.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3946.It Li allow.rawsocket 3947set from 3948.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3949.It Li allow.sysvipc 3950set from 3951.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 3952.El 3953.\" ----------------------------------------------------- 3954.It Va harvest_mask 3955.Pq Vt int 3956Set to a bit-mask 3957representing the entropy sources 3958you wish to harvest. 3959Refer to 3960.Xr random 4 3961for more information. 3962.It Va entropy_dir 3963.Pq Vt str 3964Set to 3965.Dq Li NO 3966to disable caching entropy via 3967.Xr cron 8 . 3968Otherwise set to the directory 3969in which the entropy files are stored. 3970To be useful, 3971there must be 3972a system cron job 3973that regularly writes and rotates 3974files here. 3975All files found 3976will be used at boot time. 3977The default is 3978.Pa /var/db/entropy . 3979.It Va entropy_file 3980.Pq Vt str 3981Set to 3982.Dq Li NO 3983to disable caching entropy through reboots. 3984Otherwise set to the name 3985of a file used to store cached entropy. 3986This file should be located 3987on a file system that is readable 3988before all the volumes specified in 3989.Xr fstab 5 3990are mounted. 3991By default, 3992.Pa /entropy 3993is used, 3994but if 3995.Pa /var/db/entropy-file 3996is found it will also be used. 3997This will be of some use to 3998.Xr bsdinstall 8 . 3999.It Va entropy_boot_file 4000.Pq Vt str 4001Set to 4002.Dq Li NO 4003to disable 4004very early caching entropy 4005through reboots. 4006Otherwise set to the filename 4007used to read 4008very early reboot cached entropy. 4009This file should be located where 4010.Xr loader 8 4011can read it. 4012See also 4013.Xr loader.conf 5 . 4014The default location is 4015.Pa /boot/entropy . 4016.It Va entropy_save_sz 4017.Pq Vt int 4018Size of the entropy cache files saved by 4019.Nm save-entropy 4020periodically. 4021.It Va entropy_save_num 4022.Pq Vt int 4023Number of entropy cache files to save by 4024.Nm save-entropy 4025periodically. 4026.It Va ipsec_enable 4027.Pq Vt bool 4028Set to 4029.Dq Li YES 4030to run 4031.Xr setkey 8 4032on 4033.Va ipsec_file 4034at boot time. 4035.It Va ipsec_file 4036.Pq Vt str 4037Configuration file for 4038.Xr setkey 8 . 4039.It Va dmesg_enable 4040.Pq Vt bool 4041Set to 4042.Dq Li YES 4043to save 4044.Xr dmesg 8 4045to 4046.Pa /var/run/dmesg.boot 4047on boot. 4048.It Va rcshutdown_timeout 4049.Pq Vt int 4050If set, start a watchdog timer in the background which will terminate 4051.Pa rc.shutdown 4052if 4053.Xr shutdown 8 4054has not completed within the specified time (in seconds). 4055Notice that in addition to this soft timeout, 4056.Xr init 8 4057also applies a hard timeout for the execution of 4058.Pa rc.shutdown . 4059This is configured via 4060.Xr sysctl 8 4061variable 4062.Va kern.init_shutdown_timeout 4063and defaults to 120 seconds. 4064Setting the value of 4065.Va rcshutdown_timeout 4066to more than 120 seconds will have no effect until the 4067.Xr sysctl 8 4068variable 4069.Va kern.init_shutdown_timeout 4070is also increased. 4071.It Va virecover_enable 4072.Pq Vt bool 4073Set to 4074.Dq Li NO 4075to prevent the system from trying to 4076recover pre-maturely terminated 4077.Xr vi 1 4078sessions. 4079.It Va ugidfw_enable 4080.Pq Vt bool 4081Set to 4082.Dq Li YES 4083to load the 4084.Xr mac_bsdextended 4 4085module upon system initialization and load a default 4086ruleset file. 4087.It Va bsdextended_script 4088.Pq Vt str 4089The default 4090.Xr mac_bsdextended 4 4091ruleset file to load. 4092The default value of this variable is 4093.Pa /etc/rc.bsdextended . 4094.It Va newsyslog_enable 4095.Pq Vt bool 4096If set to 4097.Dq Li YES , 4098run 4099.Xr newsyslog 8 4100command at startup. 4101.It Va newsyslog_flags 4102.Pq Vt str 4103If 4104.Va newsyslog_enable 4105is set to 4106.Dq Li YES , 4107these are the flags to pass to the 4108.Xr newsyslog 8 4109program. 4110The default is 4111.Dq Li -CN , 4112which causes log files flagged with a 4113.Cm C 4114to be created. 4115.It Va mdconfig_md Ns Aq Ar X 4116.Pq Vt str 4117Arguments to 4118.Xr mdconfig 8 4119for 4120.Xr md 4 4121device 4122.Ar X . 4123At minimum a 4124.Fl t Ar type 4125must be specified and either a 4126.Fl s Ar size 4127for malloc or swap backed 4128.Xr md 4 4129devices or a 4130.Fl f Ar file 4131for vnode backed 4132.Xr md 4 4133devices. 4134Note that 4135.Va mdconfig_md Ns Aq Ar X 4136variables are evaluated until one variable is unset or null. 4137.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4138.Pq Vt str 4139Optional arguments passed to 4140.Xr newfs 8 4141to initialize 4142.Xr md 4 4143device 4144.Ar X . 4145.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4146.Pq Vt str 4147An ownership specification passed to 4148.Xr chown 8 4149after the specified 4150.Xr md 4 4151device 4152.Ar X 4153has been mounted. 4154Both the 4155.Xr md 4 4156device and the mount point will be changed. 4157.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4158.Pq Vt str 4159A mode string passed to 4160.Xr chmod 1 4161after the specified 4162.Xr md 4 4163device 4164.Ar X 4165has been mounted. 4166Both the 4167.Xr md 4 4168device and the mount point will be changed. 4169.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4170.Pq Vt str 4171Files to be copied to the mount point of the 4172.Xr md 4 4173device 4174.Ar X 4175after it has been mounted. 4176.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4177.Pq Vt str 4178Command to execute after the specified 4179.Xr md 4 4180device 4181.Ar X 4182has been mounted. 4183Note that the command is passed to 4184.Ic eval 4185and that both 4186.Va _dev 4187and 4188.Va _mp 4189variables can be used to reference respectively the 4190.Xr md 4 4191device and the mount point. 4192Assuming that the 4193.Xr md 4 4194device is 4195.Li md0 , 4196one could set the following: 4197.Bd -literal 4198mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4199.Ed 4200.It Va autobridge_interfaces 4201.Pq Vt str 4202Set to the list of bridge interfaces that will have newly arriving interfaces 4203checked against to be automatically added. 4204If not set to 4205.Dq Li NO 4206then for each whitespace separated 4207.Ar element 4208in the value, a 4209.Va autobridge_ Ns Aq Ar element 4210variable is assumed to exist which has a whitespace separated list of interface 4211names to match, these names can use wildcards. 4212For example: 4213.Bd -literal 4214autobridge_interfaces="bridge0" 4215autobridge_bridge0="tap* dc0 vlan[345]" 4216.Ed 4217.It Va mixer_enable 4218.Pq Vt bool 4219If set to 4220.Dq Li YES , 4221enable support for sound mixer. 4222.It Va hcsecd_enable 4223.Pq Vt bool 4224If set to 4225.Dq Li YES , 4226enable Bluetooth security daemon. 4227.It Va hcsecd_config 4228.Pq Vt str 4229Configuration file for 4230.Xr hcsecd 8 . 4231Default 4232.Pa /etc/bluetooth/hcsecd.conf . 4233.It Va sdpd_enable 4234.Pq Vt bool 4235If set to 4236.Dq Li YES , 4237enable Bluetooth Service Discovery Protocol daemon. 4238.It Va sdpd_control 4239.Pq Vt str 4240Path to 4241.Xr sdpd 8 4242control socket. 4243Default 4244.Pa /var/run/sdp . 4245.It Va sdpd_groupname 4246.Pq Vt str 4247Sets 4248.Xr sdpd 8 4249group to run as after it initializes. 4250Default 4251.Dq Li nobody . 4252.It Va sdpd_username 4253.Pq Vt str 4254Sets 4255.Xr sdpd 8 4256user to run as after it initializes. 4257Default 4258.Dq Li nobody . 4259.It Va bthidd_enable 4260.Pq Vt bool 4261If set to 4262.Dq Li YES , 4263enable Bluetooth Human Interface Device daemon. 4264.It Va bthidd_config 4265.Pq Vt str 4266Configuration file for 4267.Xr bthidd 8 . 4268Default 4269.Pa /etc/bluetooth/bthidd.conf . 4270.It Va bthidd_hids 4271.Pq Vt str 4272Path to a file, where 4273.Xr bthidd 8 4274will store information about known HID devices. 4275Default 4276.Pa /var/db/bthidd.hids . 4277.It Va rfcomm_pppd_server_enable 4278.Pq Vt bool 4279If set to 4280.Dq Li YES , 4281enable Bluetooth RFCOMM PPP wrapper daemon. 4282.It Va rfcomm_pppd_server_profile 4283.Pq Vt str 4284The name of the profile to use from 4285.Pa /etc/ppp/ppp.conf . 4286Multiple profiles can be specified here. 4287Also used to specify per-profile overrides. 4288When the profile name contains any of the characters 4289.Dq Li .-/+ 4290they are translated to 4291.Dq Li _ 4292for the proposes of the override variable names. 4293.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4294.Pq Vt str 4295Overrides local address to listen on. 4296By default 4297.Xr rfcomm_pppd 8 4298will listen on 4299.Dq Li ANY 4300address. 4301The address can be specified as BD_ADDR or name. 4302.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4303.Pq Vt str 4304Overrides local RFCOMM channel to listen on. 4305By default 4306.Xr rfcomm_pppd 8 4307will listen on RFCOMM channel 1. 4308Must set properly if multiple profiles used in the same time. 4309.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4310.Pq Vt bool 4311Tells 4312.Xr rfcomm_pppd 8 4313if it should register Serial Port service on the specified RFCOMM channel. 4314Default 4315.Dq Li NO . 4316.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4317.Pq Vt bool 4318Tells 4319.Xr rfcomm_pppd 8 4320if it should register Dial-Up Networking service on the specified 4321RFCOMM channel. 4322Default 4323.Dq Li NO . 4324.It Va ubthidhci_enable 4325.Pq Vt bool 4326If set to 4327.Dq Li YES , 4328change the USB Bluetooth controller from HID mode to HCI mode. 4329You also need to specify the location of USB Bluetooth controller with the 4330.Va ubthidhci_busnum 4331and 4332.Va ubthidhci_addr 4333variables. 4334.It Va ubthidhci_busnum 4335Bus number where the USB Bluetooth controller is located. 4336Check the output of 4337.Xr usbconfig 8 4338on your system to find this information. 4339.It Va ubthidhci_addr 4340Bus address of the USB Bluetooth controller. 4341Check the output of 4342.Xr usbconfig 8 4343on your system to find this information. 4344.It Va netwait_enable 4345.Pq Vt bool 4346If set to 4347.Dq Li YES , 4348delays the start of network-reliant services until 4349.Va netwait_if 4350is up and ICMP packets to a destination defined in 4351.Va netwait_ip 4352are flowing. 4353Link state is examined first, followed by 4354.Dq Li pinging 4355an IP address to verify network usability. 4356If no destination can be reached or timeouts are exceeded, 4357network services are started anyway with no guarantee that 4358the network is usable. 4359Use of this variable requires both 4360.Va netwait_ip 4361and 4362.Va netwait_if 4363to be set. 4364.It Va netwait_ip 4365.Pq Vt str 4366Empty by default. 4367This variable contains a space-delimited list of IP addresses to 4368.Xr ping 8 . 4369DNS hostnames should not be used as resolution is not guaranteed 4370to be functional at this point. 4371If multiple IP addresses are specified, 4372each will be tried until one is successful or the list is exhausted. 4373.It Va netwait_timeout 4374.Pq Vt int 4375Indicates the total number of seconds to perform a 4376.Dq Li ping 4377against each IP address in 4378.Va netwait_ip , 4379at a rate of one ping per second. 4380If any of the pings are successful, 4381full network connectivity is considered reliable. 4382The default is 60. 4383.It Va netwait_if 4384.Pq Vt str 4385Empty by default. 4386Defines the name of the network interface on which watch for link. 4387.Xr ifconfig 8 4388is used to monitor the interface, looking for 4389.Dq Li status: no carrier . 4390Once gone, the link is considered up. 4391This can be a 4392.Xr vlan 4 4393interface if desired. 4394.It Va netwait_if_timeout 4395.Pq Vt int 4396Defines the total number of seconds to wait for link to become usable, 4397polled at a 1-second interval. 4398The default is 30. 4399.It Va rctl_enable 4400.Pq Vt bool 4401If set to 4402.Dq Li YES , 4403load 4404.Xr rctl 8 4405rules from the defined ruleset. 4406The kernel must be built with 4407.Cd "options RACCT" 4408and 4409.Cd "options RCTL" . 4410.It Va rctl_rules 4411.Pq Vt str 4412Set to 4413.Pa /etc/rctl.conf 4414by default. 4415This variables contains the 4416.Xr rctl.conf 5 4417ruleset to load for 4418.Xr rctl 8 . 4419.It Va iovctl_files 4420.Pq Vt str 4421A space-separated list of configuration files used by 4422.Xr iovctl 8 . 4423The default value is an empty string. 4424.It Va autofs_enable 4425.Pq Vt bool 4426If set to 4427.Dq Li YES , 4428start the 4429.Xr automount 8 4430utility and the 4431.Xr automountd 8 4432and 4433.Xr autounmountd 8 4434daemons at boot time. 4435.It Va automount_flags 4436.Pq Vt str 4437If 4438.Va autofs_enable 4439is set to 4440.Dq Li YES , 4441these are the flags to pass to the 4442.Xr automount 8 4443program. 4444By default no flags are passed. 4445.It Va automountd_flags 4446.Pq Vt str 4447If 4448.Va autofs_enable 4449is set to 4450.Dq Li YES , 4451these are the flags to pass to the 4452.Xr automountd 8 4453daemon. 4454By default no flags are passed. 4455.It Va autounmountd_flags 4456.Pq Vt str 4457If 4458.Va autofs_enable 4459is set to 4460.Dq Li YES , 4461these are the flags to pass to the 4462.Xr autounmountd 8 4463daemon. 4464By default no flags are passed. 4465.It Va ctld_enable 4466.Pq Vt bool 4467If set to 4468.Dq Li YES , 4469start the 4470.Xr ctld 8 4471daemon at boot time. 4472.It Va iscsid_enable 4473.Pq Vt bool 4474If set to 4475.Dq Li YES , 4476start the 4477.Xr iscsid 8 4478daemon at boot time. 4479.It Va iscsictl_enable 4480.Pq Vt bool 4481If set to 4482.Dq Li YES , 4483start the 4484.Xr iscsictl 8 4485utility at boot time. 4486.It Va iscsictl_flags 4487.Pq Vt str 4488If 4489.Va iscsictl_enable 4490is set to 4491.Dq Li YES , 4492these are the flags to pass to the 4493.Xr iscsictl 8 4494program. 4495The default is 4496.Dq Li -Aa , 4497which configures sessions based on the 4498.Pa /etc/iscsi.conf 4499configuration file. 4500.It Va cfumass_enable 4501.Pq Vt bool 4502If set to 4503.Dq Li YES , 4504create and export an USB LUN using 4505.Xr cfumass 4 4506at boot time. 4507.It Va cfumass_dir 4508.Pq Vt str 4509The directory where the files exported by USB LUN are located. 4510The default directory is 4511.Pa /var/cfumass . 4512.It Va service_delete_empty 4513.Pq Vt bool 4514If set to 4515.Dq Li YES , 4516.Ql Li service delete 4517removes empty 4518.Dq Li rc.conf.d 4519files. 4520.El 4521.Sh FILES 4522.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4523.It Pa /etc/defaults/rc.conf 4524.It Pa /etc/rc.conf 4525.It Pa /etc/rc.conf.local 4526.El 4527.Sh SEE ALSO 4528.Xr chmod 1 , 4529.Xr gdb 1 , 4530.Xr info 1 , 4531.Xr kbdcontrol 1 , 4532.Xr makewhatis 1 , 4533.Xr sh 1 , 4534.Xr vi 1 , 4535.Xr vidcontrol 1 , 4536.Xr bridge 4 , 4537.Xr dummynet 4 , 4538.Xr ip 4 , 4539.Xr ipf 4 , 4540.Xr ipfw 4 , 4541.Xr ipnat 4 , 4542.Xr kld 4 , 4543.Xr pf 4 , 4544.Xr pflog 4 , 4545.Xr pfsync 4 , 4546.Xr tcp 4 , 4547.Xr udp 4 , 4548.Xr exports 5 , 4549.Xr fstab 5 , 4550.Xr ipf 5 , 4551.Xr ipnat 5 , 4552.Xr jail.conf 5 , 4553.Xr loader.conf 5 , 4554.Xr motd 5 , 4555.Xr newsyslog.conf 5 , 4556.Xr pf.conf 5 , 4557.Xr security 7 , 4558.Xr accton 8 , 4559.Xr amd 8 , 4560.Xr apm 8 , 4561.Xr bsdinstall 8 , 4562.Xr bthidd 8 , 4563.Xr chkprintcap 8 , 4564.Xr chown 8 , 4565.Xr cron 8 , 4566.Xr devfs 8 , 4567.Xr dhclient 8 , 4568.Xr ftpd 8 , 4569.Xr geli 8 , 4570.Xr hcsecd 8 , 4571.Xr ifconfig 8 , 4572.Xr inetd 8 , 4573.Xr iovctl 8 , 4574.Xr ipf 8 , 4575.Xr ipfw 8 , 4576.Xr ipnat 8 , 4577.Xr jail 8 , 4578.Xr kldxref 8 , 4579.Xr loader 8 , 4580.Xr lpd 8 , 4581.Xr mdconfig 8 , 4582.Xr mdmfs 8 , 4583.Xr mixer 8 , 4584.Xr mountd 8 , 4585.Xr moused 8 , 4586.Xr newfs 8 , 4587.Xr newsyslog 8 , 4588.Xr nfsd 8 , 4589.Xr ntpd 8 , 4590.Xr ntpdate 8 , 4591.Xr pfctl 8 , 4592.Xr pflogd 8 , 4593.Xr ping 8 , 4594.Xr powerd 8 , 4595.Xr quotacheck 8 , 4596.Xr quotaon 8 , 4597.Xr rc 8 , 4598.Xr rc.sendmail 8 , 4599.Xr rfcomm_pppd 8 , 4600.Xr route 8 , 4601.Xr routed 8 , 4602.Xr rpc.lockd 8 , 4603.Xr rpc.statd 8 , 4604.Xr rpcbind 8 , 4605.Xr rwhod 8 , 4606.Xr savecore 8 , 4607.Xr sdpd 8 , 4608.Xr service 8 , 4609.Xr sshd 8 , 4610.Xr swapon 8 , 4611.Xr sysctl 8 , 4612.Xr syslogd 8 , 4613.Xr sysrc 8 , 4614.Xr timed 8 , 4615.Xr unbound 8 , 4616.Xr usbconfig 8 , 4617.Xr wlandebug 8 , 4618.Xr yp 8 , 4619.Xr ypbind 8 , 4620.Xr ypserv 8 , 4621.Xr ypset 8 4622.Sh HISTORY 4623The 4624.Nm 4625file appeared in 4626.Fx 2.2.2 . 4627.Sh AUTHORS 4628.An Jordan K. Hubbard . 4629