xref: /freebsd/share/man/man5/rc.conf.5 (revision d9f0ce31900a48d1a2bfc1c8c86f79d1e831451a)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd February 28, 2016
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/rc.conf.local
63is used to override settings in
64.Pa /etc/rc.conf
65for historical reasons.
66.Pp
67In addition to
68.Pa /etc/rc.conf.local
69you can also place smaller configuration files for each
70.Xr rc 8
71script in the
72.Pa /etc/rc.conf.d
73directory or
74.Ao Ar dir Ac Ns Pa /rc.conf.d
75directories specified in
76.Va local_startup ,
77which will be included by the
78.Va load_rc_config
79function.
80For jail configurations you could use the file
81.Pa /etc/rc.conf.d/jail
82to store jail specific configuration options.
83If
84.Va local_startup
85contains
86.Pa /usr/local/etc/rc.d
87and
88.Pa /opt/conf ,
89.Pa /usr/local/rc.conf.d/jail
90and
91.Pa /opt/conf/rc.conf.d/jail
92will be loaded.
93If
94.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
95is a directory,
96all of files in the directory will be loaded.
97Also see the
98.Va rc_conf_files
99variable below.
100.Pp
101Options are set with
102.Dq Ar name Ns Li = Ns Ar value
103assignments that use
104.Xr sh 1
105syntax.
106The following list provides a name and short description for each
107variable that can be set in the
108.Nm
109file:
110.Bl -tag -width indent-two
111.It Va rc_debug
112.Pq Vt bool
113If set to
114.Dq Li YES ,
115enable output of debug messages from rc scripts.
116This variable can be helpful in diagnosing mistakes when
117editing or integrating new scripts.
118Beware that this produces copious output to the terminal and
119.Xr syslog 3 .
120.It Va rc_info
121.Pq Vt bool
122If set to
123.Dq Li NO ,
124disable informational messages from the rc scripts.
125Informational messages are displayed when
126a condition that is not serious enough to warrant a warning or
127an error occurs.
128.It Va rc_startmsgs
129.Pq Vt bool
130If set to
131.Dq Li YES ,
132show
133.Dq Starting foo:
134when faststart is used (e.g., at boot time).
135.It Va early_late_divider
136.Pq Vt str
137The name of the script that should be used as the
138delimiter between the
139.Dq early
140and
141.Dq late
142stages of the boot process.
143The early stage should contain all the services needed to
144get the disks (local or remote) mounted so that the late
145stage can include scripts contained in the directories
146listed in the
147.Va local_startup
148variable (see below).
149Thus, the two likely candidates for this value are
150.Pa mountcritlocal
151for the typical system, and
152.Pa mountcritremote
153if the system needs remote file
154systems mounted to get access to the
155.Va local_startup
156directories; for example when
157.Pa /usr/local
158is NFS mounted.
159For
160.Pa rc.conf
161within a
162.Xr jail 8
163.Pa NETWORKING
164is likely to be an appropriate value.
165Extreme care should be taken when changing this value,
166and before changing it one should ensure that there are
167adequate provisions to recover from a failed boot
168(such as physical contact with the machine,
169or reliable remote console access).
170.It Va always_force_depends
171.Pq Vt bool
172Various
173.Pa rc.d
174scripts use the force_depend function to check whether required
175services are already running, and to start them if necessary.
176By default during boot time this check is bypassed if the
177required service is enabled in
178.Pa /etc/rc.conf[.local] .
179Setting this option will bypass that check at boot time and
180always test whether or not the service is actually running.
181Enabling this option is likely to increase your boot time if
182services are enabled that utilize the force_depend check.
183.It Ao Ar name Ac Ns Va _chroot
184.Pq Vt str
185.Xr chroot
186to this directory before running the service.
187.It Ao Ar name Ac Ns Va _user
188.Pq Vt str
189Run the service under this user account.
190.It Ao Ar name Ac Ns Va _group
191.Pq Vt str
192Run the chrooted service under this system group. Unlike the _user
193setting, this setting has no effect if the service is not chrooted.
194.It Ao Ar name Ac Ns Va _fib
195.Pq Vt int
196The
197.Xr setfib 1
198value to run the service under.
199.It Ao Ar name Ac Ns Va _nice
200.Pq Vt int
201The
202.Xr nice 1
203value to run the service under.
204.It Va apm_enable
205.Pq Vt bool
206If set to
207.Dq Li YES ,
208enable support for Automatic Power Management with
209the
210.Xr apm 8
211command.
212.It Va apmd_enable
213.Pq Vt bool
214Run
215.Xr apmd 8
216to handle APM event from userland.
217This also enables support for APM.
218.It Va apmd_flags
219.Pq Vt str
220If
221.Va apmd_enable
222is set to
223.Dq Li YES ,
224these are the flags to pass to the
225.Xr apmd 8
226daemon.
227.It Va devd_enable
228.Pq Vt bool
229Run
230.Xr devd 8
231to handle device added, removed or unknown events from the kernel.
232.It Va ddb_enable
233.Pq Vt bool
234Run
235.Xr ddb 8
236to install
237.Xr ddb 4
238scripts at boot time.
239.It Va ddb_config
240.Pq Vt str
241Configuration file for
242.Xr ddb 8 .
243Default
244.Pa /etc/ddb.conf .
245.It Va kld_list
246.Pq Vt str
247A list of kernel modules to load right after the local
248disks are mounted.
249Loading modules at this point in the boot process is
250much faster than doing it via
251.Pa /boot/loader.conf
252for those modules not necessary for mounting local disk.
253.It Va kldxref_enable
254.Pq Vt bool
255Set to
256.Dq Li NO
257by default.
258Set to
259.Dq Li YES
260to automatically rebuild
261.Pa linker.hints
262files with
263.Xr kldxref 8
264at boot time.
265.It Va kldxref_clobber
266.Pq Vt bool
267Set to
268.Dq Li NO
269by default.
270If
271.Va kldxref_enable
272is true,
273setting to
274.Dq Li YES
275will overwrite existing
276.Pa linker.hints
277files at boot time.
278Otherwise,
279only missing
280.Pa linker.hints
281files are generated.
282.It Va kldxref_module_path
283.Pq Vt str
284Empty by default.
285A semi-colon
286.Pq Ql \&;
287delimited list of paths containing
288.Xr kld 4
289modules.
290If empty,
291the contents of the
292.Va kern.module_path
293.Xr sysctl 8
294are used.
295.It Va powerd_enable
296.Pq Vt bool
297If set to
298.Dq Li YES ,
299enable the system power control facility with the
300.Xr powerd 8
301daemon.
302.It Va powerd_flags
303.Pq Vt str
304If
305.Va powerd_enable
306is set to
307.Dq Li YES ,
308these are the flags to pass to the
309.Xr powerd 8
310daemon.
311.It Va tmpmfs
312Controls the creation of a
313.Pa /tmp
314memory file system.
315Always happens if set to
316.Dq Li YES
317and never happens if set to
318.Dq Li NO .
319If set to anything else, a memory file system is created if
320.Pa /tmp
321is not writable.
322.It Va tmpsize
323Controls the size of a created
324.Pa /tmp
325memory file system.
326.It Va tmpmfs_flags
327Extra options passed to the
328.Xr mdmfs 8
329utility when the memory file system for
330.Pa /tmp
331is created.
332The default is
333.Dq Li "-S" ,
334which inhibits the use of softupdates on
335.Pa /tmp
336so that file system space is freed without delay
337after file truncation or deletion.
338See
339.Xr mdmfs 8
340for other options you can use in
341.Va tmpmfs_flags .
342.It Va varmfs
343Controls the creation of a
344.Pa /var
345memory file system.
346Always happens if set to
347.Dq Li YES
348and never happens if set to
349.Dq Li NO .
350If set to anything else, a memory file system is created if
351.Pa /var
352is not writable.
353.It Va varsize
354Controls the size of a created
355.Pa /var
356memory file system.
357.It Va varmfs_flags
358Extra options passed to the
359.Xr mdmfs 8
360utility when the memory file system for
361.Pa /var
362is created.
363The default is
364.Dq Li "-S" ,
365which inhibits the use of softupdates on
366.Pa /var
367so that file system space is freed without delay
368after file truncation or deletion.
369See
370.Xr mdmfs 8
371for other options you can use in
372.Va varmfs_flags .
373.It Va populate_var
374Controls the automatic population of the
375.Pa /var
376file system.
377Always happens if set to
378.Dq Li YES
379and never happens if set to
380.Dq Li NO .
381If set to anything else, a memory file system is created if
382.Pa /var
383is not writable.
384Note that this process requires access to certain commands in
385.Pa /usr
386before
387.Pa /usr
388is mounted on normal systems.
389.It Va cleanvar_enable
390.Pq Vt bool
391Clean the
392.Pa /var
393directory.
394.It Va local_startup
395.Pq Vt str
396List of directories to search for startup script files.
397.It Va script_name_sep
398.Pq Vt str
399The field separator to use for breaking down the list of startup script files
400into individual filenames.
401The default is a space.
402It is not necessary to change this unless there are startup scripts with names
403containing spaces.
404.It Va hostapd_enable
405.Pq Vt bool
406Set to
407.Dq Li YES
408to start
409.Xr hostapd 8
410at system boot time.
411.It Va hostname
412.Pq Vt str
413The fully qualified domain name (FQDN) of this host on the network.
414This should almost certainly be set to something meaningful, even if
415there is no network connection.
416If
417.Xr dhclient 8
418is used to set the hostname via DHCP,
419this variable should be set to an empty string.
420If this value remains unset when the system is done booting
421your console login will display the default hostname of
422.Dq Amnesiac .
423.It Va nisdomainname
424.Pq Vt str
425The NIS domain name of this host, or
426.Dq Li NO
427if NIS is not used.
428.It Va dhclient_program
429.Pq Vt str
430Path to the DHCP client program
431.Pa ( /sbin/dhclient ,
432the
433.Ox
434DHCP client,
435is the default).
436.It Va dhclient_flags
437.Pq Vt str
438Additional flags to pass to the DHCP client program.
439For the
440.Ox
441DHCP client, see the
442.Xr dhclient 8
443manpage for a description of the command line options available.
444.It Va dhclient_flags_ Ns Aq Ar iface
445Additional flags to pass to the DHCP client program running on
446.Ar iface
447only.
448When specified, this variable overrides
449.Va dhclient_flags .
450.It Va background_dhclient
451.Pq Vt bool
452Set to
453.Dq Li YES
454to start the DHCP client in background.
455This can cause trouble with applications depending on
456a working network, but it will provide a faster startup
457in many cases.
458.It Va background_dhclient_ Ns Aq Ar iface
459When specified, this variable overrides the
460.Va background_dhclient
461variable for interface
462.Ar iface
463only.
464.It Va synchronous_dhclient
465.Pq Vt bool
466Set to
467.Dq Li YES
468to start
469.Xr dhclient 8
470synchronously at startup.
471This behavior can be overridden on a per-interface basis by replacing
472the
473.Dq Li DHCP
474keyword in the
475.Va ifconfig_ Ns Aq Ar interface
476variable with
477.Dq Li SYNCDHCP
478or
479.Dq Li NOSYNCDHCP .
480.It Va defaultroute_delay
481.Pq Vt int
482When set to a positive value, wait up to this long after configuring
483DHCP interfaces at startup to give the interfaces time to receive a lease.
484.It Va firewall_enable
485.Pq Vt bool
486Set to
487.Dq Li YES
488to load firewall rules at startup.
489If the kernel was not built with
490.Cd "options IPFIREWALL" ,
491the
492.Pa ipfw.ko
493kernel module will be loaded.
494See also
495.Va ipfilter_enable .
496.It Va firewall_script
497.Pq Vt str
498This variable specifies the full path to the firewall script to run.
499The default is
500.Pa /etc/rc.firewall .
501.It Va firewall_type
502.Pq Vt str
503Names the firewall type from the selection in
504.Pa /etc/rc.firewall ,
505or the file which contains the local firewall ruleset.
506Valid selections from
507.Pa /etc/rc.firewall
508are:
509.Pp
510.Bl -tag -width ".Li simple" -compact
511.It Li open
512unrestricted IP access
513.It Li closed
514all IP services disabled, except via
515.Dq Li lo0
516.It Li client
517basic protection for a workstation
518.It Li simple
519basic protection for a LAN.
520.El
521.Pp
522If a filename is specified, the full path
523must be given.
524.It Va firewall_quiet
525.Pq Vt bool
526Set to
527.Dq Li YES
528to disable the display of firewall rules on the console during boot.
529.It Va firewall_logging
530.Pq Vt bool
531Set to
532.Dq Li YES
533to enable firewall event logging.
534This is equivalent to the
535.Dv IPFIREWALL_VERBOSE
536kernel option.
537.It Va firewall_logif
538.Pq Vt bool
539Set to
540.Dq Li YES
541to create pseudo interface
542.Li ipfw0
543for logging.
544For more details, see
545.Xr ipfw 8
546manual page.
547.It Va firewall_flags
548.Pq Vt str
549Flags passed to
550.Xr ipfw 8
551if
552.Va firewall_type
553specifies a filename.
554.It Va firewall_coscripts
555.Pq Vt str
556List of executables and/or rc scripts to run after firewall starts/stops.
557Default is empty.
558.\" ----- firewall_nat_enable setting --------------------------------
559.It Va firewall_nat_enable
560.Pq Vt bool
561The
562.Xr ipfw 8
563equivalent of
564.Va natd_enable .
565Setting this to
566.Dq Li YES
567enables kernel NAT.
568.Va firewall_enable
569must also be set to
570.Dq Li YES .
571.It Va firewall_nat_interface
572.Pq Vt str
573The
574.Xr ipfw 8
575equivalent of
576.Va natd_interface .
577This is the name of the public interface or IP address on which
578kernel NAT should run.
579.It Va firewall_nat_flags
580.Pq Vt str
581Additional configuration parameters for kernel NAT should be placed here.
582.It Va dummynet_enable
583.Pq Vt bool
584Setting this to
585.Dq Li YES
586will automatically load the
587.Xr dummynet 4
588module if
589.Va firewall_enable
590is also set to
591.Dq Li YES .
592.\" -------------------------------------------------------------------
593.It Va natd_program
594.Pq Vt str
595Path to
596.Xr natd 8 .
597.It Va natd_enable
598.Pq Vt bool
599Set to
600.Dq Li YES
601to enable
602.Xr natd 8 .
603.Va firewall_enable
604must also be set to
605.Dq Li YES ,
606and
607.Xr divert 4
608sockets must be enabled in the kernel.
609If the kernel was not built with
610.Cd "options IPDIVERT" ,
611the
612.Pa ipdivert.ko
613kernel module will be loaded.
614.It Va natd_interface
615.Pq Vt str
616This is the name of the public interface on which
617.Xr natd 8
618should run.
619The interface may be given as an interface name or as an IP address.
620.It Va natd_flags
621.Pq Vt str
622Additional
623.Xr natd 8
624flags should be placed here.
625The
626.Fl n
627or
628.Fl a
629flag is automatically added with the above
630.Va natd_interface
631as an argument.
632.\" ----- ipfilter_enable setting --------------------------------
633.It Va ipfilter_enable
634.Pq Vt bool
635Set to
636.Dq Li NO
637by default.
638Setting this to
639.Dq Li YES
640enables
641.Xr ipf 8
642packet filtering.
643.Pp
644Typical usage will require putting
645.Bd -literal
646ipfilter_enable="YES"
647ipnat_enable="YES"
648ipmon_enable="YES"
649ipfs_enable="YES"
650.Ed
651.Pp
652into
653.Pa /etc/rc.conf
654and editing
655.Pa /etc/ipf.rules
656and
657.Pa /etc/ipnat.rules
658appropriately.
659.Pp
660Note that
661.Va ipfilter_enable
662and
663.Va ipnat_enable
664can be enabled independently.
665.Va ipmon_enable
666and
667.Va ipfs_enable
668both require at least one of
669.Va ipfilter_enable
670and
671.Va ipnat_enable
672to be enabled.
673.Pp
674Having
675.Bd -literal
676options IPFILTER
677options IPFILTER_LOG
678options IPFILTER_DEFAULT_BLOCK
679.Ed
680.Pp
681in the kernel configuration file is a good idea, too.
682.\" ----- ipfilter_program setting ------------------------------
683.It Va ipfilter_program
684.Pq Vt str
685Path to
686.Xr ipf 8
687(default
688.Pa /sbin/ipf ) .
689.\" ----- ipfilter_rules setting --------------------------------
690.It Va ipfilter_rules
691.Pq Vt str
692Set to
693.Pa /etc/ipf.rules
694by default.
695This variable contains the name of the filter rule definition file.
696The file is expected to be readable for the
697.Xr ipf 8
698command to execute.
699.\" ----- ipv6_ipfilter_rules setting ---------------------------
700.It Va ipv6_ipfilter_rules
701.Pq Vt str
702Set to
703.Pa /etc/ipf6.rules
704by default.
705This variable contains the IPv6 filter rule definition file.
706The file is expected to be readable for the
707.Xr ipf 8
708command to execute.
709.\" ----- ipfilter_flags setting --------------------------------
710.It Va ipfilter_flags
711.Pq Vt str
712Empty by default.
713This variable contains flags passed to the
714.Xr ipf 8
715program.
716.\" ----- ipnat_enable setting ----------------------------------
717.It Va ipnat_enable
718.Pq Vt bool
719Set to
720.Dq Li NO
721by default.
722Set it to
723.Dq Li YES
724to enable
725.Xr ipnat 8
726network address translation.
727See
728.Va ipfilter_enable
729for a detailed discussion.
730.\" ----- ipnat_program setting ---------------------------------
731.It Va ipnat_program
732.Pq Vt str
733Path to
734.Xr ipnat 8
735(default
736.Pa /sbin/ipnat ) .
737.\" ----- ipnat_rules setting -----------------------------------
738.It Va ipnat_rules
739.Pq Vt str
740Set to
741.Pa /etc/ipnat.rules
742by default.
743This variable contains the name of the file
744holding the network address translation definition.
745This file is expected to be readable for the
746.Xr ipnat 8
747command to execute.
748.\" ----- ipnat_flags setting -----------------------------------
749.It Va ipnat_flags
750.Pq Vt str
751Empty by default.
752This variable contains flags passed to the
753.Xr ipnat 8
754program.
755.\" ----- ipmon_enable setting ----------------------------------
756.It Va ipmon_enable
757.Pq Vt bool
758Set to
759.Dq Li NO
760by default.
761Set it to
762.Dq Li YES
763to enable
764.Xr ipmon 8
765monitoring (logging
766.Xr ipf 8
767and
768.Xr ipnat 8
769events).
770Setting this variable needs setting
771.Va ipfilter_enable
772or
773.Va ipnat_enable
774too.
775See
776.Va ipfilter_enable
777for a detailed discussion.
778.\" ----- ipmon_program setting ---------------------------------
779.It Va ipmon_program
780.Pq Vt str
781Path to
782.Xr ipmon 8
783(default
784.Pa /sbin/ipmon ) .
785.\" ----- ipmon_flags setting -----------------------------------
786.It Va ipmon_flags
787.Pq Vt str
788Set to
789.Dq Li -Ds
790by default.
791This variable contains flags passed to the
792.Xr ipmon 8
793program.
794Another typical example would be
795.Dq Fl D Pa /var/log/ipflog
796to have
797.Xr ipmon 8
798log directly to a file bypassing
799.Xr syslogd 8 .
800Make sure to adjust
801.Pa /etc/newsyslog.conf
802in such case like this:
803.Bd -literal
804/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
805.Ed
806.\" ----- ipfs_enable setting -----------------------------------
807.It Va ipfs_enable
808.Pq Vt bool
809Set to
810.Dq Li NO
811by default.
812Set it to
813.Dq Li YES
814to enable
815.Xr ipfs 8
816saving the filter and NAT state tables during shutdown
817and reloading them during startup again.
818Setting this variable needs setting
819.Va ipfilter_enable
820or
821.Va ipnat_enable
822to
823.Dq Li YES
824too.
825See
826.Va ipfilter_enable
827for a detailed discussion.
828Note that if
829.Va kern_securelevel
830is set to 3,
831.Va ipfs_enable
832cannot be used
833because the raised securelevel will prevent
834.Xr ipfs 8
835from saving the state tables at shutdown time.
836.\" ----- ipfs_program setting ----------------------------------
837.It Va ipfs_program
838.Pq Vt str
839Path to
840.Xr ipfs 8
841(default
842.Pa /sbin/ipfs ) .
843.\" ----- ipfs_flags setting ------------------------------------
844.It Va ipfs_flags
845.Pq Vt str
846Empty by default.
847This variable contains flags passed to the
848.Xr ipfs 8
849program.
850.\" ----- end of added ipf hook ---------------------------------
851.It Va pf_enable
852.Pq Vt bool
853Set to
854.Dq Li NO
855by default.
856Setting this to
857.Dq Li YES
858enables
859.Xr pf 4
860packet filtering.
861.Pp
862Typical usage will require putting
863.Pp
864.Dl pf_enable="YES"
865.Pp
866into
867.Pa /etc/rc.conf
868and editing
869.Pa /etc/pf.conf
870appropriately.
871Adding
872.Pp
873.Dl "device pf"
874.Pp
875builds support for
876.Xr pf 4
877into the kernel, otherwise the
878kernel module will be loaded.
879.It Va pf_rules
880.Pq Vt str
881Path to
882.Xr pf 4
883ruleset configuration file
884(default
885.Pa /etc/pf.conf ) .
886.It Va pf_program
887.Pq Vt str
888Path to
889.Xr pfctl 8
890(default
891.Pa /sbin/pfctl ) .
892.It Va pf_flags
893.Pq Vt str
894If
895.Va pf_enable
896is set to
897.Dq Li YES ,
898these flags are passed to the
899.Xr pfctl 8
900program when loading the ruleset.
901.It Va pflog_enable
902.Pq Vt bool
903Set to
904.Dq Li NO
905by default.
906Setting this to
907.Dq Li YES
908enables
909.Xr pflogd 8
910which logs packets from the
911.Xr pf 4
912packet filter.
913.It Va pflog_logfile
914.Pq Vt str
915If
916.Va pflog_enable
917is set to
918.Dq Li YES
919this controls where
920.Xr pflogd 8
921stores the logfile
922(default
923.Pa /var/log/pflog ) .
924Check
925.Pa /etc/newsyslog.conf
926to adjust logfile rotation for this.
927.It Va pflog_program
928.Pq Vt str
929Path to
930.Xr pflogd 8
931(default
932.Pa /sbin/pflogd ) .
933.It Va pflog_flags
934.Pq Vt str
935Empty by default.
936This variable contains additional flags passed to the
937.Xr pflogd 8
938program.
939.It Va pflog_instances
940.Pq Vt str
941If logging to more than one
942.Xr pflog 4
943interface is desired,
944.Va pflog_instances
945is set to the list of
946.Xr pflogd 8
947instances that should be started at system boot time. If
948.Va pflog_instances
949is set, for each whitespace-seperated
950.Ar element
951in the list,
952.Ao Ar element Ac Ns Va _dev
953and
954.Ao Ar element Ac Ns Va _logfile
955elements are assumed to exist.
956.Ao Ar element Ac Ns Va _dev
957must contain the
958.Xr pflog 4
959interface to be watched by the named
960.Xr pflogd 8
961instance.
962.Ao Ar element Ac Ns Va _logfile
963must contain the name of the logfile that will be used by the
964.Xr pflogd 8
965instance.
966.It Va ftpproxy_enable
967.Pq Vt bool
968Set to
969.Dq Li NO
970by default.
971Setting this to
972.Dq Li YES
973enables
974.Xr ftp-proxy 8
975which supports the
976.Xr pf 4
977packet filter in translating ftp connections.
978.It Va ftpproxy_flags
979.Pq Vt str
980Empty by default.
981This variable contains additional flags passed to the
982.Xr ftp-proxy 8
983program.
984.It Va ftpproxy_instances
985.Pq Vt str
986Empty by default. If multiple instances of
987.Xr ftp-proxy 8
988are desired at boot time,
989.Va ftpproxy_instances
990should contain a whitespace-seperated list of instance names. For each
991.Ar element
992in the list, a variable named
993.Ao Ar element Ac Ns Va _flags
994should be defined, containing the command-line flags to be passed to the
995.Xr ftp-proxy 8
996instance.
997.It Va pfsync_enable
998.Pq Vt bool
999Set to
1000.Dq Li NO
1001by default.
1002Setting this to
1003.Dq Li YES
1004enables exposing
1005.Xr pf 4
1006state changes to other hosts over the network by means of
1007.Xr pfsync 4 .
1008The
1009.Va pfsync_syncdev
1010variable
1011must also be set then.
1012.It Va pfsync_syncdev
1013.Pq Vt str
1014Empty by default.
1015This variable specifies the name of the network interface
1016.Xr pfsync 4
1017should operate through.
1018It must be set accordingly if
1019.Va pfsync_enable
1020is set to
1021.Dq Li YES .
1022.It Va pfsync_syncpeer
1023.Pq Vt str
1024Empty by default.
1025This variable is optional.
1026By default, state change messages are sent out on the synchronisation
1027interface using IP multicast packets.
1028The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1029224.0.0.240.
1030When a peer address is specified using the
1031.Va pfsync_syncpeer
1032option, the peer address is used as a destination for the pfsync
1033traffic, and the traffic can then be protected using
1034.Xr ipsec 4 .
1035See the
1036.Xr pfsync 4
1037manpage for more details about using
1038.Xr ipsec 4
1039with
1040.Xr pfsync 4
1041interfaces.
1042.It Va pfsync_ifconfig
1043.Pq Vt str
1044Empty by default.
1045This variable can contain additional options to be passed to the
1046.Xr ifconfig 8
1047command used to set up
1048.Xr pfsync 4 .
1049.It Va tcp_extensions
1050.Pq Vt bool
1051Set to
1052.Dq Li YES
1053by default.
1054Setting this to
1055.Dq Li NO
1056disables certain TCP options as described by
1057.Rs
1058.%T "RFC 1323"
1059.Re
1060Setting this to
1061.Dq Li NO
1062might help remedy such problems with connections as randomly hanging
1063or other weird behavior.
1064Some network devices are known
1065to be broken with respect to these options.
1066.It Va log_in_vain
1067.Pq Vt int
1068Set to 0 by default.
1069The
1070.Xr sysctl 8
1071variables,
1072.Va net.inet.tcp.log_in_vain
1073and
1074.Va net.inet.udp.log_in_vain ,
1075as described in
1076.Xr tcp 4
1077and
1078.Xr udp 4 ,
1079are set to the given value.
1080.It Va tcp_keepalive
1081.Pq Vt bool
1082Set to
1083.Dq Li YES
1084by default.
1085Setting to
1086.Dq Li NO
1087will disable probing idle TCP connections to verify that the
1088peer is still up and reachable.
1089.It Va tcp_drop_synfin
1090.Pq Vt bool
1091Set to
1092.Dq Li NO
1093by default.
1094Setting to
1095.Dq Li YES
1096will cause the kernel to ignore TCP frames that have both
1097the SYN and FIN flags set.
1098This prevents OS fingerprinting, but may
1099break some legitimate applications.
1100.It Va icmp_drop_redirect
1101.Pq Vt bool
1102Set to
1103.Dq Li NO
1104by default.
1105Setting to
1106.Dq Li YES
1107will cause the kernel to ignore ICMP REDIRECT packets.
1108Refer to
1109.Xr icmp 4
1110for more information.
1111.It Va icmp_log_redirect
1112.Pq Vt bool
1113Set to
1114.Dq Li NO
1115by default.
1116Setting to
1117.Dq Li YES
1118will cause the kernel to log ICMP REDIRECT packets.
1119Note that
1120the log messages are not rate-limited, so this option should only be used
1121for troubleshooting networks.
1122Refer to
1123.Xr icmp 4
1124for more information.
1125.It Va icmp_bmcastecho
1126.Pq Vt bool
1127Set to
1128.Dq Li YES
1129to respond to broadcast or multicast ICMP ping packets.
1130Refer to
1131.Xr icmp 4
1132for more information.
1133.It Va ip_portrange_first
1134.Pq Vt int
1135If not set to
1136.Dq Li NO ,
1137this is the first port in the default portrange.
1138Refer to
1139.Xr ip 4
1140for more information.
1141.It Va ip_portrange_last
1142.Pq Vt int
1143If not set to
1144.Dq Li NO ,
1145this is the last port in the default portrange.
1146Refer to
1147.Xr ip 4
1148for more information.
1149.It Va network_interfaces
1150.Pq Vt str
1151Set to the list of network interfaces to configure on this host or
1152.Dq Li AUTO
1153(the default) for all current interfaces.
1154Setting the
1155.Va network_interfaces
1156variable to anything other than the default is deprecated.
1157Interfaces that the administrator wishes to store configuration for,
1158but not start at boot should be configured with the
1159.Dq Li NOAUTO
1160keyword in their
1161.Va ifconfig_ Ns Aq Ar interface
1162variables as described below.
1163.Pp
1164An
1165.Va ifconfig_ Ns Aq Ar interface
1166variable is also assumed to exist for each value of
1167.Ar interface .
1168When an interface name contains any of the characters
1169.Dq Li .-/+
1170they are translated to
1171.Dq Li _
1172before lookup.
1173The variable can contain arguments to
1174.Xr ifconfig 8 ,
1175as well as special case-insensitive keywords described below.
1176Such keywords are removed before passing the value to
1177.Xr ifconfig 8
1178while the order of the other arguments is preserved.
1179.Pp
1180It is possible to add IP alias entries using
1181.Xr ifconfig 8
1182syntax with the address family keyword such as
1183.Li inet .
1184Assuming that the interface in question was
1185.Li ed0 ,
1186it might look something like this:
1187.Bd -literal
1188ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1189ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1190.Ed
1191.Pp
1192It also possible to configure multiple IP addresses in Classless
1193Inter-Domain Routing
1194.Pq CIDR
1195address notation,
1196whose each address component can be a range like
1197.Li inet 192.0.2.5-23/24
1198or
1199.Li inet6 2001:db8:1-f::1/64 .
1200This notation allows address and prefix length part only,
1201not the other address modifiers.
1202Note that the maximum number of the generated addresses from a range
1203specification is limited to an integer value specified in
1204.Va netif_ipexpand_max
1205in
1206.Xr rc.conf 5
1207because a small typo can unexpectedly generate a large number of addresses.
1208The default value is
1209.Li 2048 .
1210It can be increased by adding the following line into
1211.Xr rc.conf 5 :
1212.Bd -literal
1213netif_ipexpand_max="4096"
1214.Ed
1215.Pp
1216In the case of
1217.Li 192.0.2.5-23/24 ,
1218the address 192.0.2.5 will be configured with the
1219netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1220the non-conflicting netmask /32 as explained in the
1221.Xr ifconfig 8
1222alias section.
1223Note that this special netmask handling is only for
1224.Li inet ,
1225not for the other address families such as
1226.Li inet6 .
1227.Pp
1228With the interface in question being
1229.Li ed0 ,
1230an example could look like:
1231.Bd -literal
1232ifconfig_ed0_alias2="inet 192.0.2.129/27"
1233ifconfig_ed0_alias3="inet 192.0.2.1-5/28"
1234.Ed
1235.Pp
1236and so on.
1237.Pp
1238Note that
1239.Va ipv4_addrs_ Ns Aq Ar interface
1240variable was supported for IPv4 CIDR address notation.
1241It is now deprecated because the functionality was integrated into
1242.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1243though
1244.Va ipv4_addrs_ Ns Aq Ar interface
1245is still supported for backward compatibility.
1246.Pp
1247For each
1248.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1249entry with an address family keyword,
1250its contents are passed to
1251.Xr ifconfig 8 .
1252Execution stops at the first unsuccessful access, so if
1253something like this is present:
1254.Bd -literal
1255ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1256ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1257ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1258ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1259.Ed
1260.Pp
1261Then note that alias4 would
1262.Em not
1263be added since the search would
1264stop with the missing
1265.Dq Li alias3
1266entry.
1267Because of this difficult to manage behavior,
1268there is
1269.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1270variable, which has the same functionality as
1271.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1272and can have all of entries in a variable like the following:
1273.Bd -literal
1274ifconfig_ed0_aliases="\\
1275	inet 127.0.0.251 netmask 0xffffffff \\
1276	inet 127.0.0.252 netmask 0xffffffff \\
1277	inet 127.0.0.253 netmask 0xffffffff \\
1278	inet 127.0.0.254 netmask 0xffffffff"
1279.Ed
1280.Pp
1281It also supports CIDR notation.
1282.Pp
1283If the
1284.Pa /etc/start_if. Ns Aq Ar interface
1285file is present, it is read and executed by the
1286.Xr sh 1
1287interpreter
1288before configuring the interface as specified in the
1289.Va ifconfig_ Ns Aq Ar interface
1290and
1291.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1292variables.
1293.Pp
1294If a
1295.Va vlans_ Ns Aq Ar interface
1296variable is set,
1297a
1298.Xr vlan 4
1299interface will be created for each item in the list with the
1300.Ar vlandev
1301argument set to
1302.Ar interface .
1303If a vlan interface's name is a number,
1304then that number is used as the vlan tag and the new vlan interface is
1305named
1306.Ar interface . Ns Ar tag .
1307Otherwise,
1308the vlan tag must be specified via a
1309.Va vlan
1310parameter in the
1311.Va create_args_ Ns Aq Ar interface
1312variable.
1313.Pp
1314To create a vlan device named
1315.Li em0.101
1316on
1317.Li em0
1318with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1319.Bd -literal
1320vlans_em0="101"
1321ifconfig_em0_101="inet 192.0.2.1/24"
1322.Ed
1323.Pp
1324To create a vlan device named
1325.Li myvlan
1326on
1327.Li em0
1328with the vlan tag 102:
1329.Bd -literal
1330vlans_em0="myvlan"
1331create_args_myvlan="vlan 102"
1332.Ed
1333.Pp
1334If a
1335.Va wlans_ Ns Aq Ar interface
1336variable is set,
1337an
1338.Xr wlan 4
1339interface will be created for each item in the list with the
1340.Ar wlandev
1341argument set to
1342.Ar interface .
1343Further wlan cloning arguments may be passed to the
1344.Xr ifconfig 8
1345.Cm create
1346command by setting the
1347.Va create_args_ Ns Aq Ar interface
1348variable.
1349One or more
1350.Xr wlan 4
1351devices must be created for each wireless devices as of
1352.Fx 8.0 .
1353Debugging flags for
1354.Xr wlan 4
1355devices as set by
1356.Xr wlandebug 8
1357may be specified with an
1358.Va wlandebug_ Ns Aq Ar interface
1359variable.
1360The contents of this variable will be passed directly to
1361.Xr wlandebug 8 .
1362.Pp
1363If the
1364.Va ifconfig_ Ns Aq Ar interface
1365contains the keyword
1366.Dq Li NOAUTO
1367then the interface will not be configured
1368at boot or by
1369.Pa /etc/pccard_ether
1370when
1371.Va network_interfaces
1372is set to
1373.Dq Li AUTO .
1374.Pp
1375It is possible to bring up an interface with DHCP by adding
1376.Dq Li DHCP
1377to the
1378.Va ifconfig_ Ns Aq Ar interface
1379variable.
1380For instance, to initialize the
1381.Li ed0
1382device via DHCP,
1383it is possible to use something like:
1384.Bd -literal
1385ifconfig_ed0="DHCP"
1386.Ed
1387.Pp
1388If you want to configure your wireless interface with
1389.Xr wpa_supplicant 8
1390for use with WPA, EAP/LEAP or WEP, you need to add
1391.Dq Li WPA
1392to the
1393.Va ifconfig_ Ns Aq Ar interface
1394variable.
1395.Pp
1396On the other hand, if you want to configure your wireless interface with
1397.Xr hostapd 8 ,
1398you need to add
1399.Dq Li HOSTAP
1400to the
1401.Va ifconfig_ Ns Aq Ar interface
1402variable.
1403.Xr hostapd 8
1404will use the settings from
1405.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1406.Pp
1407Finally, you can add
1408.Xr ifconfig 8
1409options in this variable, in addition to the
1410.Pa /etc/start_if. Ns Aq Ar interface
1411file.
1412For instance, to configure an
1413.Xr ath 4
1414wireless device in station mode with an address obtained
1415via DHCP, using WPA authentication and 802.11b mode, it is
1416possible to use something like:
1417.Bd -literal
1418wlans_ath0="wlan0"
1419ifconfig_wlan0="DHCP WPA mode 11b"
1420.Ed
1421.Pp
1422In addition to the
1423.Va ifconfig_ Ns Aq Ar interface
1424form, a fallback variable
1425.Va ifconfig_DEFAULT
1426may be configured.
1427It will be used for all interfaces with no
1428.Va ifconfig_ Ns Aq Ar interface
1429variable.
1430This is intended to replace the no longer supported
1431.Va pccard_ifconfig
1432variable.
1433.Pp
1434It is also possible to rename an interface by doing:
1435.Bd -literal
1436ifconfig_ed0_name="net0"
1437ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1438.Ed
1439.It Va ipv6_enable
1440.Pq Vt bool
1441This variable is deprecated.
1442Use
1443.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1444and
1445.Va ipv6_activate_all_interfaces
1446if necessary.
1447.Pp
1448If the variable is
1449.Dq Li YES ,
1450.Dq Li inet6 accept_rtadv
1451is added to all of
1452.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1453and the
1454.Va ipv6_activate_all_interfaces
1455is defined as
1456.Dq Li YES .
1457.It Va ipv6_prefer
1458.Pq Vt bool
1459This variable is deprecated.
1460Use
1461.Va ip6addrctl_policy
1462instead.
1463.Pp
1464If the variable is
1465.Dq Li YES ,
1466the default address selection policy table set by
1467.Xr ip6addrctl 8
1468will be IPv6-preferred.
1469.Pp
1470If the variable is
1471.Dq Li NO ,
1472the default address selection policy table set by
1473.Xr ip6addrctl 8
1474will be IPv4-preferred.
1475.It Va ipv6_activate_all_interfaces
1476.Pq Vt bool
1477This controls initial configuration on IPv6-capable
1478interfaces with no corresponding
1479.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1480variable.
1481Note that it is not always necessary to set this variable to
1482.Dq YES
1483to use IPv6 functionality on
1484.Fx .
1485In most cases, just configuring
1486.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1487variables works.
1488.Pp
1489If the variable is
1490.Dq Li NO ,
1491all interfaces which do not have a corresponding
1492.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1493variable will be marked as
1494.Dq Li IFDISABLED
1495at creation.
1496This means that all of IPv6 functionality on that interface
1497is completely disabled to enforce a security policy.
1498If the variable is set to
1499.Dq YES ,
1500the flag will be cleared on all of the interfaces.
1501.Pp
1502In most cases, just defining an
1503.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1504for an IPv6-capable interface should be sufficient.
1505However, if an interface is added dynamically
1506.Pq by some tunneling protocols such as PPP, for example ,
1507it is often difficult to define the variable in advance.
1508In such a case, configuring the
1509.Dq Li IFDISABLED
1510flag can be disabled by setting this variable to
1511.Dq YES .
1512.Pp
1513For more details of the
1514.Dq Li IFDISABLED
1515flag and keywords
1516.Dq Li inet6 ifdisabled ,
1517see
1518.Xr ifconfig 8 .
1519.Pp
1520Default is
1521.Dq Li NO .
1522.It Va ipv6_privacy
1523.Pq Vt bool
1524If the variable is
1525.Dq Li YES
1526privacy addresses will be generated for each IPv6
1527interface as described in RFC 4941.
1528.It Va ipv6_network_interfaces
1529.Pq Vt str
1530This is the IPv6 equivalent of
1531.Va network_interfaces .
1532Normally manual configuration of this variable is not needed.
1533.It Va ipv6_cpe_wanif
1534.Pq Vt str
1535If the variable is set to an interface name,
1536the
1537.Xr ifconfig 8
1538options
1539.Dq inet6 -no_radr accept_rtadv
1540will be added to the specified interface automatically before evaluating
1541.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1542and two
1543.Xr sysctl 8
1544variables
1545.Va net.inet6.ip6.rfc6204w3
1546and
1547.Va net.inet6.ip6.no_radr
1548will be set to 1.
1549.Pp
1550This means the specified interface will accept ICMPv6 Router
1551Advertisement messages on that link and add the discovered
1552routers into the Default Router List.
1553While the other interfaces can still accept RA messages if the
1554.Dq inet6 accept_rtadv
1555option is specified, adding
1556routes into the Default Router List will be disabled by
1557.Dq inet6 no_radr
1558option by default.
1559See
1560.Xr ifconfig 8
1561for more details.
1562.Pp
1563Note that ICMPv6 Router Advertisement messages will be
1564accepted even when
1565.Va net.inet6.ip6.forwarding
1566is 1
1567.Pq packet forwarding is enabled
1568when
1569.Va net.inet6.ip6.rfc6204w3
1570is set to 1.
1571.Pp
1572Default is
1573.Dq Li NO .
1574.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1575.Pq Vt str
1576IPv6 functionality on an interface should be configured by
1577.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1578instead of setting ifconfig parameters in
1579.Va ifconfig_ Ns Aq Ar interface .
1580If this variable is empty, all of IPv6 configurations on the
1581specified interface by other variables such as
1582.Va ipv6_prefix_ Ns Ao Ar interface Ac
1583will be ignored.
1584.Pp
1585Aliases should be set by
1586.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1587with
1588.Dq Li inet6
1589keyword.
1590For example:
1591.Bd -literal
1592ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1593ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1594.Ed
1595.Pp
1596Interfaces that have an
1597.Dq Li inet6 accept_rtadv
1598keyword in
1599.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1600setting will be automatically configured by SLAAC
1601.Pq StateLess Address AutoConfiguration
1602described in
1603.Rs
1604.%T "RFC 4862"
1605.Re
1606.Pp
1607Note that a link-local address will be automatically configured in
1608addition to the configured global-scope addresses because the IPv6
1609specifications require it on each link.
1610The address is calculated from the MAC address by using an algorithm
1611defined in
1612.Rs
1613.%T "RFC 4862"
1614.%O "Section 5.3"
1615.Re
1616.Pp
1617If only a link-local address is needed on the interface,
1618the following configuration can be used:
1619.Bd -literal
1620ifconfig_ed0_ipv6="inet6 auto_linklocal"
1621.Ed
1622.Pp
1623A link-local address can also be configured manually.
1624This is useful for the default router address of an IPv6 router
1625so that it does not change when the network interface
1626card is replaced.
1627For example:
1628.Bd -literal
1629ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"
1630.Ed
1631.It Va ipv6_prefix_ Ns Aq Ar interface
1632.Pq Vt str
1633If one or more prefixes are defined in
1634.Va ipv6_prefix_ Ns Aq Ar interface
1635addresses based on each prefix and the EUI-64 interface index will be
1636configured on that interface.
1637Note that this variable will be ignored when
1638.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1639is empty.
1640.Pp
1641For example, the following configuration
1642.Bd -literal
1643ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"
1644.Ed
1645.Pp
1646is equivalent to the following:
1647.Bd -literal
1648ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1649ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1650ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1651ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1652.Ed
1653.Pp
1654These Subnet-Router anycast addresses will be added only when
1655.Va ipv6_gateway_enable
1656is YES.
1657.It Va ipv6_default_interface
1658.Pq Vt str
1659If not set to
1660.Dq Li NO ,
1661this is the default output interface for scoped addresses.
1662This works only with ipv6_gateway_enable="NO".
1663.It Va ip6addrctl_enable
1664.Pq Vt bool
1665This variable is to enable configuring default address selection policy table
1666.Pq RFC 3484 .
1667The table can be specified in another variable
1668.Va ip6addrctl_policy .
1669For
1670.Va ip6addrctl_policy
1671the following keywords can be specified:
1672.Dq Li ipv4_prefer ,
1673.Dq Li ipv6_prefer ,
1674or
1675.Dq Li AUTO .
1676.Pp
1677If
1678.Dq Li ipv4_prefer
1679or
1680.Dq Li ipv6_prefer
1681is specified,
1682.Xr ip6addrctl 8
1683installs a pre-defined policy table described in Section 2.1
1684.Pq IPv6-preferred
1685or 10.3
1686.Pq IPv4-preferred
1687of RFC 3484.
1688.Pp
1689If
1690.Dq Li AUTO
1691is specified, it attempts to read a file
1692.Pa /etc/ip6addrctl.conf
1693first.
1694If this file is found,
1695.Xr ip6addrctl 8
1696reads and installs it.
1697If not found, a policy is automatically set
1698according to
1699.Va ipv6_activate_all_interfaces
1700variable; if the variable is set to
1701.Dq Li YES
1702the IPv6-preferred one is used.
1703Otherwise IPv4-preferred.
1704.Pp
1705The default value of
1706.Va ip6addrctl_enable
1707and
1708.Va ip6addrctl_policy
1709are
1710.Dq Li YES
1711and
1712.Dq Li AUTO ,
1713respectively.
1714.It Va cloned_interfaces
1715.Pq Vt str
1716Set to the list of clonable network interfaces to create on this host.
1717Further cloning arguments may be passed to the
1718.Xr ifconfig 8
1719.Cm create
1720command for each interface by setting the
1721.Va create_args_ Ns Aq Ar interface
1722variable.
1723If an interface name is specified with
1724.Dq :sticky
1725keyword,
1726the interface will not be destroyed even when
1727.Pa rc.d/netif
1728script is invoked with
1729.Dq stop
1730argument.
1731This is useful when reconfiguring the interface without destroying it.
1732Entries in
1733.Va cloned_interfaces
1734are automatically appended to
1735.Va network_interfaces
1736for configuration.
1737.It Va cloned_interfaces_sticky
1738.Pq Vt bool
1739This variable is to globally enable functionality of
1740.Dq :sticky
1741keyword in
1742.Va cloned_interfaces
1743for all interfaces.
1744The default value is
1745.Dq NO .
1746Even if this variable is specified to
1747.Dq YES ,
1748.Dq :nosticky
1749keyword can be used to override it on per interface basis.
1750.It Va gif_interfaces
1751.Pq Vt str
1752This variable is deprecated in favor of
1753.Va cloned_interfaces .
1754Set to the list of
1755.Xr gif 4
1756tunnel interfaces to configure on this host.
1757A
1758.Va gifconfig_ Ns Aq Ar interface
1759variable is assumed to exist for each value of
1760.Ar interface .
1761The value of this variable is used to configure the link layer of the
1762tunnel according to the syntax of the
1763.Cm tunnel
1764option to
1765.Xr ifconfig 8 .
1766Additionally, this option ensures that each listed interface is created
1767via the
1768.Cm create
1769option to
1770.Xr ifconfig 8
1771before attempting to configure it.
1772.It Va sppp_interfaces
1773.Pq Vt str
1774Set to the list of
1775.Xr sppp 4
1776interfaces to configure on this host.
1777A
1778.Va spppconfig_ Ns Aq Ar interface
1779variable is assumed to exist for each value of
1780.Ar interface .
1781Each interface should also be configured by a general
1782.Va ifconfig_ Ns Aq Ar interface
1783setting.
1784Refer to
1785.Xr spppcontrol 8
1786for more information about available options.
1787.It Va ppp_enable
1788.Pq Vt bool
1789If set to
1790.Dq Li YES ,
1791run the
1792.Xr ppp 8
1793daemon.
1794.It Va ppp_profile
1795.Pq Vt str
1796The name of the profile to use from
1797.Pa /etc/ppp/ppp.conf .
1798Also used for per-profile overrides of
1799.Va ppp_mode
1800and
1801.Va ppp_nat ,
1802and
1803.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1804When the profile name contains any of the characters
1805.Dq Li .-/+
1806they are translated to
1807.Dq Li _
1808for the proposes of the override variable names.
1809.It Va ppp_mode
1810.Pq Vt str
1811Mode in which to run the
1812.Xr ppp 8
1813daemon.
1814.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1815.Pq Vt str
1816Overrides the global
1817.Va ppp_mode
1818for
1819.Ar profile .
1820Accepted modes are
1821.Dq Li auto ,
1822.Dq Li ddial ,
1823.Dq Li direct
1824and
1825.Dq Li dedicated .
1826See the manual for a full description.
1827.It Va ppp_nat
1828.Pq Vt bool
1829If set to
1830.Dq Li YES ,
1831enables network address translation.
1832Used in conjunction with
1833.Va gateway_enable
1834allows hosts on private network addresses access to the Internet using
1835this host as a network address translating router.
1836.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1837.Pq Vt str
1838Overrides the global
1839.Va ppp_nat
1840for
1841.Ar profile .
1842.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1843.Pq Vt int
1844Set the unit number to be used for this profile.
1845See the manual description of
1846.Fl unit Ns Ar N
1847for details.
1848.It Va ppp_user
1849.Pq Vt str
1850The name of the user under which
1851.Xr ppp 8
1852should be started.
1853By
1854default,
1855.Xr ppp 8
1856is started as
1857.Dq Li root .
1858.It Va rc_conf_files
1859.Pq Vt str
1860This option is used to specify a list of files that will override
1861the settings in
1862.Pa /etc/defaults/rc.conf .
1863The files will be read in the order in which they are specified and should
1864include the full path to the file.
1865By default, the files specified are
1866.Pa /etc/rc.conf
1867and
1868.Pa /etc/rc.conf.local
1869.It Va zfs_enable
1870.Pq Vt bool
1871If set to
1872.Dq Li YES ,
1873.Pa /etc/rc.d/zfs
1874will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1875(ZVOLs).
1876.It Va gptboot_enable
1877.Pq Vt bool
1878If set to
1879.Dq Li YES ,
1880.Pa /etc/rc.d/gptboot
1881will log if the system successfully (or not) booted from a GPT partition,
1882which had the
1883.Ar bootonce
1884attribute set using
1885.Xr gpart 8
1886utility.
1887.It Va gbde_autoattach_all
1888.Pq Vt bool
1889If set to
1890.Dq Li YES ,
1891.Pa /etc/rc.d/gbde
1892will attempt to automatically initialize your .bde devices in
1893.Pa /etc/fstab .
1894.It Va gbde_devices
1895.Pq Vt str
1896List the devices that the script should try to attach,
1897or
1898.Dq Li AUTO .
1899.It Va gbde_lockdir
1900.Pq Vt str
1901The directory where the
1902.Xr gbde 4
1903lockfiles are located.
1904The default lockfile directory is
1905.Pa /etc .
1906.Pp
1907The lockfile for each individual
1908.Xr gbde 4
1909device can be overridden by setting the variable
1910.Va gbde_lock_ Ns Aq Ar device ,
1911where
1912.Ar device
1913is the encrypted device without the
1914.Dq Pa /dev/
1915and
1916.Dq Pa .bde
1917parts.
1918.It Va gbde_attach_attempts
1919.Pq Vt int
1920Number of times to attempt attaching to a
1921.Xr gbde 4
1922device, i.e., how many times the user is asked for the pass-phrase.
1923Default is 3.
1924.It Va geli_devices
1925.Pq Vt str
1926List of devices to automatically attach on boot.
1927Note that .eli devices from
1928.Pa /etc/fstab
1929are automatically appended to this list.
1930.It Va geli_tries
1931.Pq Vt int
1932Number of times user is asked for the pass-phrase.
1933If empty, it will be taken from
1934.Va kern.geom.eli.tries
1935sysctl variable.
1936.It Va geli_default_flags
1937.Pq Vt str
1938Default flags to use by
1939.Xr geli 8
1940when configuring disk encryption.
1941Flags can be configured for every device separately by defining
1942.Va geli_ Ns Ao Ar device Ac Ns Va _flags
1943variable.
1944.It Va geli_autodetach
1945.Pq Vt str
1946Specifies if GELI devices should be marked for detach on last close after
1947file systems are mounted.
1948Default is
1949.Dq Li YES .
1950This can be changed for every device separately by defining
1951.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1952variable.
1953.It Va root_rw_mount
1954.Pq Vt bool
1955Set to
1956.Dq Li YES
1957by default.
1958After the file systems are checked at boot time, the root file system
1959is remounted as read-write if this is set to
1960.Dq Li YES .
1961Diskless systems that mount their root file system from a read-only remote
1962NFS share should set this to
1963.Dq Li NO
1964in their
1965.Pa rc.conf .
1966.It Va fsck_y_enable
1967.Pq Vt bool
1968If set to
1969.Dq Li YES ,
1970.Xr fsck 8
1971will be run with the
1972.Fl y
1973flag if the initial preen
1974of the file systems fails.
1975.It Va background_fsck
1976.Pq Vt bool
1977If set to
1978.Dq Li YES ,
1979the system will attempt to run
1980.Xr fsck 8
1981in the background where possible.
1982.It Va background_fsck_delay
1983.Pq Vt int
1984The amount of time in seconds to sleep before starting a background
1985.Xr fsck 8 .
1986It defaults to sixty seconds to allow large applications such as
1987the X server to start before disk I/O bandwidth is monopolized by
1988.Xr fsck 8 .
1989If set to a negative number, the background file system check will be
1990delayed indefinitely to allow the administrator to run it at a more
1991convenient time.
1992For example it may be run from
1993.Xr cron 8
1994by adding a line like
1995.Pp
1996.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1997.Pp
1998to
1999.Pa /etc/crontab .
2000.It Va netfs_types
2001.Pq Vt str
2002List of file system types that are network-based.
2003This list should generally not be modified by end users.
2004Use
2005.Va extra_netfs_types
2006instead.
2007.It Va extra_netfs_types
2008.Pq Vt str
2009If set to something other than
2010.Dq Li NO
2011(the default),
2012this variable extends the list of file system types
2013for which automatic mounting at startup by
2014.Xr rc 8
2015should be delayed until the network is initialized.
2016It should contain
2017a whitespace-separated list of network file system descriptor pairs,
2018each consisting of a file system type as passed to
2019.Xr mount 8
2020and a human-readable, one-word description,
2021joined with a colon
2022.Pq Ql \&: .
2023Extending the default list in this way is only necessary
2024when third party file system types are used.
2025.It Va syslogd_enable
2026.Pq Vt bool
2027If set to
2028.Dq Li YES ,
2029run the
2030.Xr syslogd 8
2031daemon.
2032.It Va syslogd_program
2033.Pq Vt str
2034Path to
2035.Xr syslogd 8
2036(default
2037.Pa /usr/sbin/syslogd ) .
2038.It Va syslogd_flags
2039.Pq Vt str
2040If
2041.Va syslogd_enable
2042is set to
2043.Dq Li YES ,
2044these are the flags to pass to
2045.Xr syslogd 8 .
2046.It Va inetd_enable
2047.Pq Vt bool
2048If set to
2049.Dq Li YES ,
2050run the
2051.Xr inetd 8
2052daemon.
2053.It Va inetd_program
2054.Pq Vt str
2055Path to
2056.Xr inetd 8
2057(default
2058.Pa /usr/sbin/inetd ) .
2059.It Va inetd_flags
2060.Pq Vt str
2061If
2062.Va inetd_enable
2063is set to
2064.Dq Li YES ,
2065these are the flags to pass to
2066.Xr inetd 8 .
2067.It Va hastd_enable
2068.Pq Vt bool
2069If set to
2070.Dq Li YES ,
2071run the
2072.Xr hastd 8
2073daemon.
2074.It Va hastd_program
2075.Pq Vt str
2076Path to
2077.Xr hastd 8
2078(default
2079.Pa /sbin/hastd ) .
2080.It Va hastd_flags
2081.Pq Vt str
2082If
2083.Va hastd_enable
2084is set to
2085.Dq Li YES ,
2086these are the flags to pass to
2087.Xr hastd 8 .
2088.It Va local_unbound_enable
2089.Pq Vt bool
2090If set to
2091.Dq Li YES ,
2092run the
2093.Xr unbound 8
2094daemon as a local caching resolver.
2095.It Va kdc_enable
2096.Pq Vt bool
2097Set to
2098.Dq Li YES
2099to start a Kerberos 5 authentication server
2100at boot time.
2101.It Va kdc_program
2102.Pq Vt str
2103If
2104.Va kdc_enable
2105is set to
2106.Dq Li YES
2107this is the path to Kerberos 5 Authentication Server.
2108.It Va kdc_flags
2109.Pq Vt str
2110Empty by default.
2111This variable contains additional flags to be passed to the Kerberos 5
2112authentication server.
2113.It Va kadmind_enable
2114.Pq Vt bool
2115Set to
2116.Dq Li YES
2117to start
2118.Xr kadmind 8 ,
2119the Kerberos 5 Administration Daemon; set to
2120.Dq Li NO
2121on a slave server.
2122.It Va kadmind_program
2123.Pq Vt str
2124If
2125.Va kadmind_enable
2126is set to
2127.Dq Li YES
2128this is the path to Kerberos 5 Administration Daemon.
2129.It Va kpasswdd_enable
2130.Pq Vt bool
2131Set to
2132.Dq Li YES
2133to start
2134.Xr kpasswdd 8 ,
2135the Kerberos 5 Password-Changing Daemon; set to
2136.Dq Li NO
2137on a slave server.
2138.It Va kpasswdd_program
2139.Pq Vt str
2140If
2141.Va kpasswdd_enable
2142is set to
2143.Dq Li YES
2144this is the path to Kerberos 5 Password-Changing Daemon.
2145.It Va kfd_enable
2146.Pq Vt bool
2147Set to
2148.Dq Li YES
2149to start
2150.Xr kfd 8 ,
2151the Kerberos 5 ticket forwarding daemon, at the boot time.
2152.It Va kfd_program
2153.Pq Vt str
2154Path to
2155.Xr kfd 8
2156(default
2157.Pa /usr/libexec/kfd ) .
2158.It Va rwhod_enable
2159.Pq Vt bool
2160If set to
2161.Dq Li YES ,
2162run the
2163.Xr rwhod 8
2164daemon at boot time.
2165.It Va rwhod_flags
2166.Pq Vt str
2167If
2168.Va rwhod_enable
2169is set to
2170.Dq Li YES ,
2171these are the flags to pass to it.
2172.It Va amd_enable
2173.Pq Vt bool
2174If set to
2175.Dq Li YES ,
2176run the
2177.Xr amd 8
2178daemon at boot time.
2179.It Va amd_flags
2180.Pq Vt str
2181If
2182.Va amd_enable
2183is set to
2184.Dq Li YES ,
2185these are the flags to pass to it.
2186See the
2187.Xr amd 8
2188manpage for more information.
2189.It Va amd_map_program
2190.Pq Vt str
2191If set,
2192the specified program is run to get the list of
2193.Xr amd 8
2194maps.
2195For example, if the
2196.Xr amd 8
2197maps are stored in NIS, one can set this to
2198run
2199.Xr ypcat 1
2200to get a list of
2201.Xr amd 8
2202maps from the
2203.Pa amd.master
2204NIS map.
2205.It Va update_motd
2206.Pq Vt bool
2207If set to
2208.Dq Li YES ,
2209.Pa /etc/motd
2210will be updated at boot time to reflect the kernel release
2211being run.
2212If set to
2213.Dq Li NO ,
2214.Pa /etc/motd
2215will not be updated.
2216.It Va nfs_client_enable
2217.Pq Vt bool
2218If set to
2219.Dq Li YES ,
2220run the NFS client daemons at boot time.
2221.It Va nfs_access_cache
2222.Pq Vt int
2223If
2224.Va nfs_client_enable
2225is set to
2226.Dq Li YES ,
2227this can be set to
2228.Dq Li 0
2229to disable NFS ACCESS RPC caching, or to the number of seconds for which
2230NFS ACCESS
2231results should be cached.
2232A value of 2-10 seconds will substantially reduce network
2233traffic for many NFS operations.
2234.It Va nfs_server_enable
2235.Pq Vt bool
2236If set to
2237.Dq Li YES ,
2238run the NFS server daemons at boot time.
2239.It Va nfs_server_flags
2240.Pq Vt str
2241If
2242.Va nfs_server_enable
2243is set to
2244.Dq Li YES ,
2245these are the flags to pass to the
2246.Xr nfsd 8
2247daemon.
2248.It Va nfsv4_server_enable
2249.Pq Vt bool
2250If
2251.Va nfs_server_enable
2252is set to
2253.Dq Li YES
2254and
2255.Va nfsv4_server_enable
2256are set to
2257.Dq Li YES ,
2258enable the server for NFSv4 as well as NFSv2 and NFSv3.
2259.It Va nfsuserd_enable
2260.Pq Vt bool
2261If
2262.Va nfsuserd_enable
2263is set to
2264.Dq Li YES ,
2265run the nfsuserd daemon, which is needed for NFSv4 in order
2266to map between user/group names vs uid/gid numbers.
2267If
2268.Va nfsv4_server_enable
2269is set to
2270.Dq Li YES ,
2271this will be forced enabled.
2272.It Va nfsuserd_flags
2273.Pq Vt str
2274If
2275.Va nfsuserd_enable
2276is set to
2277.Dq Li YES ,
2278these are the flags to pass to the
2279.Xr nfsuserd 8
2280daemon.
2281.It Va nfscbd_enable
2282.Pq Vt bool
2283If
2284.Va nfscbd_enable
2285is set to
2286.Dq Li YES ,
2287run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2288.It Va nfscbd_flags
2289.Pq Vt str
2290If
2291.Va nfscbd_enable
2292is set to
2293.Dq Li YES ,
2294these are the flags to pass to the
2295.Xr nfscbd 8
2296daemon.
2297.It Va mountd_enable
2298.Pq Vt bool
2299If set to
2300.Dq Li YES ,
2301and no
2302.Va nfs_server_enable
2303is set, start
2304.Xr mountd 8 ,
2305but not
2306.Xr nfsd 8
2307daemon.
2308It is commonly needed to run CFS without real NFS used.
2309.It Va mountd_flags
2310.Pq Vt str
2311If
2312.Va mountd_enable
2313is set to
2314.Dq Li YES ,
2315these are the flags to pass to the
2316.Xr mountd 8
2317daemon.
2318.It Va weak_mountd_authentication
2319.Pq Vt bool
2320If set to
2321.Dq Li YES ,
2322allow services like PCNFSD to make non-privileged mount
2323requests.
2324.It Va nfs_reserved_port_only
2325.Pq Vt bool
2326If set to
2327.Dq Li YES ,
2328provide NFS services only on a secure port.
2329.It Va nfs_bufpackets
2330.Pq Vt int
2331If set to a number, indicates the number of packets worth of
2332socket buffer space to reserve on an NFS client.
2333The kernel default is typically 4.
2334Using a higher number may be
2335useful on gigabit networks to improve performance.
2336The minimum value is
23372 and the maximum is 64.
2338.It Va rpc_lockd_enable
2339.Pq Vt bool
2340If set to
2341.Dq Li YES
2342and also an NFS server or client, run
2343.Xr rpc.lockd 8
2344at boot time.
2345.It Va rpc_lockd_flags
2346.Pq Vt str
2347If
2348.Va rpc_lockd_enable
2349is set to
2350.Dq Li YES ,
2351these are the flags to pass to the
2352.Xr rpc.lockd 8
2353daemon.
2354.It Va rpc_statd_enable
2355.Pq Vt bool
2356If set to
2357.Dq Li YES
2358and also an NFS server or client, run
2359.Xr rpc.statd 8
2360at boot time.
2361.It Va rpc_statd_flags
2362.Pq Vt str
2363If
2364.Va rpc_statd_enable
2365is set to
2366.Dq Li YES ,
2367these are the flags to pass to the
2368.Xr rpc.statd 8
2369daemon.
2370.It Va rpcbind_program
2371.Pq Vt str
2372Path to
2373.Xr rpcbind 8
2374(default
2375.Pa /usr/sbin/rpcbind ) .
2376.It Va rpcbind_enable
2377.Pq Vt bool
2378If set to
2379.Dq Li YES ,
2380run the
2381.Xr rpcbind 8
2382service at boot time.
2383.It Va rpcbind_flags
2384.Pq Vt str
2385If
2386.Va rpcbind_enable
2387is set to
2388.Dq Li YES ,
2389these are the flags to pass to the
2390.Xr rpcbind 8
2391daemon.
2392.It Va keyserv_enable
2393.Pq Vt bool
2394If set to
2395.Dq Li YES ,
2396run the
2397.Xr keyserv 8
2398daemon on boot for running Secure RPC.
2399.It Va keyserv_flags
2400.Pq Vt str
2401If
2402.Va keyserv_enable
2403is set to
2404.Dq Li YES ,
2405these are the flags to pass to
2406.Xr keyserv 8
2407daemon.
2408.It Va pppoed_enable
2409.Pq Vt bool
2410If set to
2411.Dq Li YES ,
2412run the
2413.Xr pppoed 8
2414daemon at boot time to provide PPP over Ethernet services.
2415.It Va pppoed_ Ns Aq Ar provider
2416.Pq Vt str
2417.Xr pppoed 8
2418listens to requests to this
2419.Ar provider
2420and ultimately runs
2421.Xr ppp 8
2422with a
2423.Ar system
2424argument of the same name.
2425.It Va pppoed_flags
2426.Pq Vt str
2427Additional flags to pass to
2428.Xr pppoed 8 .
2429.It Va pppoed_interface
2430.Pq Vt str
2431The network interface to run
2432.Xr pppoed 8
2433on.
2434This is mandatory when
2435.Va pppoed_enable
2436is set to
2437.Dq Li YES .
2438.It Va timed_enable
2439.Pq Vt bool
2440If set to
2441.Dq Li YES ,
2442run the
2443.Xr timed 8
2444service at boot time.
2445This command is intended for networks of
2446machines where a consistent
2447.Dq "network time"
2448for all hosts must be established.
2449This is often useful in large NFS
2450environments where time stamps on files are expected to be consistent
2451network-wide.
2452.It Va timed_flags
2453.Pq Vt str
2454If
2455.Va timed_enable
2456is set to
2457.Dq Li YES ,
2458these are the flags to pass to the
2459.Xr timed 8
2460service.
2461.It Va ntpdate_enable
2462.Pq Vt bool
2463If set to
2464.Dq Li YES ,
2465run
2466.Xr ntpdate 8
2467at system startup.
2468This command is intended to
2469synchronize the system clock only
2470.Em once
2471from some standard reference.
2472.It Va ntpdate_config
2473.Pq Vt str
2474Configuration file for
2475.Xr ntpdate 8 .
2476Default
2477.Pa /etc/ntp.conf .
2478.It Va ntpdate_hosts
2479.Pq Vt str
2480A whitespace-separated list of NTP servers to synchronize with at startup.
2481The default is to use the servers listed in
2482.Va ntpdate_config ,
2483if that file exists.
2484.It Va ntpdate_program
2485.Pq Vt str
2486Path to
2487.Xr ntpdate 8
2488(default
2489.Pa /usr/sbin/ntpdate ) .
2490.It Va ntpdate_flags
2491.Pq Vt str
2492If
2493.Va ntpdate_enable
2494is set to
2495.Dq Li YES ,
2496these are the flags to pass to the
2497.Xr ntpdate 8
2498command (typically a hostname).
2499.It Va ntpd_enable
2500.Pq Vt bool
2501If set to
2502.Dq Li YES ,
2503run the
2504.Xr ntpd 8
2505command at boot time.
2506.It Va ntpd_program
2507.Pq Vt str
2508Path to
2509.Xr ntpd 8
2510(default
2511.Pa /usr/sbin/ntpd ) .
2512.It Va ntpd_config
2513.Pq Vt str
2514Path to
2515.Xr ntpd 8
2516configuration file.
2517Default
2518.Pa /etc/ntp.conf .
2519.It Va ntpd_flags
2520.Pq Vt str
2521If
2522.Va ntpd_enable
2523is set to
2524.Dq Li YES ,
2525these are the flags to pass to the
2526.Xr ntpd 8
2527daemon.
2528.It Va ntpd_sync_on_start
2529.Pq Vt bool
2530If set to
2531.Dq Li YES ,
2532.Xr ntpd 8
2533is run with the
2534.Fl g
2535flag, which syncs the system's clock on startup.
2536See
2537.Xr ntpd 8
2538for more information regarding the
2539.Fl g
2540option.
2541This is a preferred alternative to using
2542.Xr ntpdate 8
2543or specifying the
2544.Va ntpdate_enable
2545variable.
2546.It Va nis_client_enable
2547.Pq Vt bool
2548If set to
2549.Dq Li YES ,
2550run the
2551.Xr ypbind 8
2552service at system boot time.
2553.It Va nis_client_flags
2554.Pq Vt str
2555If
2556.Va nis_client_enable
2557is set to
2558.Dq Li YES ,
2559these are the flags to pass to the
2560.Xr ypbind 8
2561service.
2562.It Va nis_ypset_enable
2563.Pq Vt bool
2564If set to
2565.Dq Li YES ,
2566run the
2567.Xr ypset 8
2568daemon at system boot time.
2569.It Va nis_ypset_flags
2570.Pq Vt str
2571If
2572.Va nis_ypset_enable
2573is set to
2574.Dq Li YES ,
2575these are the flags to pass to the
2576.Xr ypset 8
2577daemon.
2578.It Va nis_server_enable
2579.Pq Vt bool
2580If set to
2581.Dq Li YES ,
2582run the
2583.Xr ypserv 8
2584daemon at system boot time.
2585.It Va nis_server_flags
2586.Pq Vt str
2587If
2588.Va nis_server_enable
2589is set to
2590.Dq Li YES ,
2591these are the flags to pass to the
2592.Xr ypserv 8
2593daemon.
2594.It Va nis_ypxfrd_enable
2595.Pq Vt bool
2596If set to
2597.Dq Li YES ,
2598run the
2599.Xr rpc.ypxfrd 8
2600daemon at system boot time.
2601.It Va nis_ypxfrd_flags
2602.Pq Vt str
2603If
2604.Va nis_ypxfrd_enable
2605is set to
2606.Dq Li YES ,
2607these are the flags to pass to the
2608.Xr rpc.ypxfrd 8
2609daemon.
2610.It Va nis_yppasswdd_enable
2611.Pq Vt bool
2612If set to
2613.Dq Li YES ,
2614run the
2615.Xr rpc.yppasswdd 8
2616daemon at system boot time.
2617.It Va nis_yppasswdd_flags
2618.Pq Vt str
2619If
2620.Va nis_yppasswdd_enable
2621is set to
2622.Dq Li YES ,
2623these are the flags to pass to the
2624.Xr rpc.yppasswdd 8
2625daemon.
2626.It Va rpc_ypupdated_enable
2627.Pq Vt bool
2628If set to
2629.Dq Li YES ,
2630run the
2631.Nm rpc.ypupdated
2632daemon at system boot time.
2633.It Va bsnmpd_enable
2634.Pq Vt bool
2635If set to
2636.Dq Li YES ,
2637run the
2638.Xr bsnmpd 1
2639daemon at system boot time.
2640Be sure to understand the security implications of running SNMP daemon
2641on your host.
2642.It Va bsnmpd_flags
2643.Pq Vt str
2644If
2645.Va bsnmpd_enable
2646is set to
2647.Dq Li YES ,
2648these are the flags to pass to the
2649.Xr bsnmpd 1
2650daemon.
2651.It Va defaultrouter
2652.Pq Vt str
2653If not set to
2654.Dq Li NO ,
2655create a default route to this host name or IP address
2656(use an IP address if this router is also required to get to the
2657name server!).
2658.It Va ipv6_defaultrouter
2659.Pq Vt str
2660The IPv6 equivalent of
2661.Va defaultrouter .
2662.It Va static_arp_pairs
2663.Pq Vt str
2664Set to the list of static ARP pairs that are to be added at system
2665boot time.
2666For each whitespace separated
2667.Ar element
2668in the value, a
2669.Va static_arp_ Ns Aq Ar element
2670variable is assumed to exist whose contents will later be passed to a
2671.Dq Nm arp Cm -S
2672operation.
2673For example
2674.Bd -literal
2675static_arp_pairs="gw"
2676static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2677.Ed
2678.It Va static_ndp_pairs
2679.Pq Vt str
2680Set to the list of static NDP pairs that are to be added at system
2681boot time.
2682For each whitespace separated
2683.Ar element
2684in the value, a
2685.Va static_ndp_ Ns Aq Ar element
2686variable is assumed to exist whose contents will later be passed to a
2687.Dq Nm ndp Cm -s
2688operation.
2689For example
2690.Bd -literal
2691static_ndp_pairs="gw"
2692static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2693.Ed
2694.It Va static_routes
2695.Pq Vt str
2696Set to the list of static routes that are to be added at system
2697boot time.
2698If not set to
2699.Dq Li NO
2700then for each whitespace separated
2701.Ar element
2702in the value, a
2703.Va route_ Ns Aq Ar element
2704variable is assumed to exist
2705whose contents will later be passed to a
2706.Dq Nm route Cm add
2707operation.
2708For example:
2709.Bd -literal
2710static_routes="ext mcast:gif0 gif0local:gif0"
2711route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2712route_mcast="-net 224.0.0.0/4 -iface gif0"
2713route_gif0local="-host 169.254.1.1 -iface lo0"
2714.Ed
2715.Pp
2716When an
2717.Ar element
2718is in the form of
2719.Li name:ifname ,
2720the route is specific to the interface
2721.Li ifname .
2722.It Va ipv6_static_routes
2723.Pq Vt str
2724The IPv6 equivalent of
2725.Va static_routes .
2726If not set to
2727.Dq Li NO
2728then for each whitespace separated
2729.Ar element
2730in the value, a
2731.Va ipv6_route_ Ns Aq Ar element
2732variable is assumed to exist
2733whose contents will later be passed to a
2734.Dq Nm route Cm add Fl inet6
2735operation.
2736.It Va natm_static_routes
2737.Pq Vt str
2738The
2739.Xr natmip 4
2740equivalent of
2741.Va static_routes .
2742If not empty then for each whitespace separated
2743.Ar element
2744in the value, a
2745.Va route_ Ns Aq Ar element
2746variable is assumed to exist whose contents will later be passed to a
2747.Dq Nm atmconfig Cm natm Cm add
2748operation.
2749.It Va gateway_enable
2750.Pq Vt bool
2751If set to
2752.Dq Li YES ,
2753configure host to act as an IP router, e.g.\& to forward packets
2754between interfaces.
2755.It Va ipv6_gateway_enable
2756.Pq Vt bool
2757The IPv6 equivalent of
2758.Va gateway_enable .
2759.It Va routed_enable
2760.Pq Vt bool
2761If set to
2762.Dq Li YES ,
2763run a routing daemon of some sort, based on the
2764settings of
2765.Va routed_program
2766and
2767.Va routed_flags .
2768.It Va route6d_enable
2769.Pq Vt bool
2770The IPv6 equivalent of
2771.Va routed_enable .
2772If set to
2773.Dq Li YES ,
2774run a routing daemon of some sort, based on the
2775settings of
2776.Va route6d_program
2777and
2778.Va route6d_flags .
2779.It Va routed_program
2780.Pq Vt str
2781If
2782.Va routed_enable
2783is set to
2784.Dq Li YES ,
2785this is the name of the routing daemon to use.
2786.It Va route6d_program
2787.Pq Vt str
2788The IPv6 equivalent of
2789.Va routed_program .
2790.It Va routed_flags
2791.Pq Vt str
2792If
2793.Va routed_enable
2794is set to
2795.Dq Li YES ,
2796these are the flags to pass to the routing daemon.
2797.It Va route6d_flags
2798.Pq Vt str
2799The IPv6 equivalent of
2800.Va routed_flags .
2801.It Va mroute6d_enable
2802.Pq Vt bool
2803If set to
2804.Dq Li YES ,
2805run the IPv6 multicast routing daemon.
2806.Pp
2807Note that multicast routing daemons are no longer included in the
2808.Fx
2809base system, however, both
2810.Xr mrouted 8
2811and
2812.Xr pim6dd 8
2813may be installed from the
2814.Fx
2815Ports Collection.
2816.It Va mroute6d_flags
2817.Pq Vt str
2818If
2819.Va mroute6d_enable
2820is set to
2821.Dq Li YES ,
2822these are the flags passed to the IPv6 multicast routing daemon.
2823.It Va mroute6d_program
2824.Pq Vt str
2825If
2826.Va mroute6d_enable
2827is set to
2828.Dq Li YES ,
2829this is the path to the IPv6 multicast routing daemon.
2830.It Va rtadvd_enable
2831.Pq Vt bool
2832If set to
2833.Dq Li YES ,
2834run the
2835.Xr rtadvd 8
2836daemon at boot time.
2837The
2838.Xr rtadvd 8
2839utility sends ICMPv6 Router Advertisement messages to
2840the interfaces specified in
2841.Va rtadvd_interfaces .
2842This should only be enabled with great care.
2843You may want to fine-tune
2844.Xr rtadvd.conf 5 .
2845.It Va rtadvd_interfaces
2846.Pq Vt str
2847If
2848.Va rtadvd_enable
2849is set to
2850.Dq Li YES
2851this is the list of interfaces to use.
2852.It Va arpproxy_all
2853.Pq Vt bool
2854If set to
2855.Dq Li YES ,
2856enable global proxy ARP.
2857.It Va forward_sourceroute
2858.Pq Vt bool
2859If set to
2860.Dq Li YES
2861and
2862.Va gateway_enable
2863is also set to
2864.Dq Li YES ,
2865source-routed packets are forwarded.
2866.It Va accept_sourceroute
2867.Pq Vt bool
2868If set to
2869.Dq Li YES ,
2870the system will accept source-routed packets directed at it.
2871.It Va rarpd_enable
2872.Pq Vt bool
2873If set to
2874.Dq Li YES ,
2875run the
2876.Xr rarpd 8
2877daemon at system boot time.
2878.It Va rarpd_flags
2879.Pq Vt str
2880If
2881.Va rarpd_enable
2882is set to
2883.Dq Li YES ,
2884these are the flags to pass to the
2885.Xr rarpd 8
2886daemon.
2887.It Va bootparamd_enable
2888.Pq Vt bool
2889If set to
2890.Dq Li YES ,
2891run the
2892.Xr bootparamd 8
2893daemon at system boot time.
2894.It Va bootparamd_flags
2895.Pq Vt str
2896If
2897.Va bootparamd_enable
2898is set to
2899.Dq Li YES ,
2900these are the flags to pass to the
2901.Xr bootparamd 8
2902daemon.
2903.It Va stf_interface_ipv4addr
2904.Pq Vt str
2905If not set to
2906.Dq Li NO ,
2907this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2908interface).
2909Specify this entry to enable the 6to4 interface.
2910.It Va stf_interface_ipv4plen
2911.Pq Vt int
2912Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2913An effective value is 0-31.
2914.It Va stf_interface_ipv6_ifid
2915.Pq Vt str
2916IPv6 interface ID for
2917.Xr stf 4 .
2918This can be set to
2919.Dq Li AUTO .
2920.It Va stf_interface_ipv6_slaid
2921.Pq Vt str
2922IPv6 Site Level Aggregator for
2923.Xr stf 4 .
2924.It Va ipv6_ipv4mapping
2925.Pq Vt bool
2926If set to
2927.Dq Li YES
2928this enables IPv4 mapped IPv6 address communication (like
2929.Li ::ffff:a.b.c.d ) .
2930.It Va rtsold_enable
2931.Pq Vt bool
2932Set to
2933.Dq Li YES
2934to enable the
2935.Xr rtsold 8
2936daemon to send ICMPv6 Router Solicitation messages.
2937.It Va rtsold_flags
2938.Pq Vt str
2939If
2940.Va rtsold_enable
2941is set to
2942.Dq Li YES ,
2943these are the flags to pass to
2944.Xr rtsold 8 .
2945.It Va rtsol_flags
2946.Pq Vt str
2947For interfaces configured with the
2948.Dq Li inet6 accept_rtadv
2949keyword, these are the flags to pass to
2950.Xr rtsol 8 .
2951.Pp
2952Note that
2953.Va rtsold_enable
2954is mutually exclusive to
2955.Va rtsol_flags ;
2956.Va rtsold_enable
2957takes precedence.
2958.It Va atm_enable
2959.Pq Vt bool
2960Set to
2961.Dq Li YES
2962to enable the configuration of ATM interfaces at system boot time.
2963For all of the ATM variables described below, please refer to the
2964.Xr atm 8
2965manual page for further details on the available command parameters.
2966Also refer to the files in
2967.Pa /usr/share/examples/atm
2968for more detailed configuration information.
2969.It Va atm_load
2970.Pq Vt str
2971This is a list of physical ATM interface drivers to load.
2972Typical values are
2973.Dq Li hfa_pci
2974and/or
2975.Dq Li hea_pci .
2976.It Va atm_netif_ Ns Aq Ar intf
2977.Pq Vt str
2978For the ATM physical interface
2979.Ar intf ,
2980this variable defines the name prefix and count for the ATM network
2981interfaces to be created.
2982The value will be passed as the parameters of an
2983.Dq Nm atm Cm "set netif" Ar intf
2984command.
2985.It Va atm_sigmgr_ Ns Aq Ar intf
2986.Pq Vt str
2987For the ATM physical interface
2988.Ar intf ,
2989this variable defines the ATM signalling manager to be used.
2990The value will be passed as the parameters of an
2991.Dq Nm atm Cm attach Ar intf
2992command.
2993.It Va atm_prefix_ Ns Aq Ar intf
2994.Pq Vt str
2995For the ATM physical interface
2996.Ar intf ,
2997this variable defines the NSAP prefix for interfaces using a UNI signalling
2998manager.
2999If set to
3000.Dq Li ILMI ,
3001the prefix will automatically be set via the
3002.Xr ilmid 8
3003daemon.
3004Otherwise, the value will be passed as the parameters of an
3005.Dq Nm atm Cm "set prefix" Ar intf
3006command.
3007.It Va atm_macaddr_ Ns Aq Ar intf
3008.Pq Vt str
3009For the ATM physical interface
3010.Ar intf ,
3011this variable defines the MAC address for interfaces using a UNI signalling
3012manager.
3013If set to
3014.Dq Li NO ,
3015the hardware MAC address contained in the ATM interface card will be used.
3016Otherwise, the value will be passed as the parameters of an
3017.Dq Nm atm Cm "set mac" Ar intf
3018command.
3019.It Va atm_arpserver_ Ns Aq Ar netif
3020.Pq Vt str
3021For the ATM network interface
3022.Ar netif ,
3023this variable defines the ATM address for a host which is to provide ATMARP
3024service.
3025This variable is only applicable to interfaces using a UNI signalling
3026manager.
3027If set to
3028.Dq Li local ,
3029this host will become an ATMARP server.
3030The value will be passed as the parameters of an
3031.Dq Nm atm Cm "set arpserver" Ar netif
3032command.
3033.It Va atm_scsparp_ Ns Aq Ar netif
3034.Pq Vt bool
3035If set to
3036.Dq Li YES ,
3037SCSP/ATMARP service for the network interface
3038.Ar netif
3039will be initiated using the
3040.Xr scspd 8
3041and
3042.Xr atmarpd 8
3043daemons.
3044This variable is only applicable if
3045.Va atm_arpserver_ Ns Aq Ar netif
3046is set to
3047.Dq Li local .
3048.It Va atm_pvcs
3049.Pq Vt str
3050Set to the list of ATM PVCs to be added at system
3051boot time.
3052For each whitespace separated
3053.Ar element
3054in the value, an
3055.Va atm_pvc_ Ns Aq Ar element
3056variable is assumed to exist.
3057The value of each of these variables
3058will be passed as the parameters of an
3059.Dq Nm atm Cm "add pvc"
3060command.
3061.It Va atm_arps
3062.Pq Vt str
3063Set to the list of permanent ATM ARP entries to be added
3064at system boot time.
3065For each whitespace separated
3066.Ar element
3067in the value, an
3068.Va atm_arp_ Ns Aq Ar element
3069variable is assumed to exist.
3070The value of each of these variables
3071will be passed as the parameters of an
3072.Dq Nm atm Cm "add arp"
3073command.
3074.It Va natm_interfaces
3075.Pq Vt str
3076Set to the list of
3077.Xr natm 4
3078interfaces that will also be used for HARP through
3079.Xr harp 4 .
3080If this list is not empty all interfaces in the list will be brought up
3081with
3082.Xr ifconfig 8
3083and
3084.Xr harp 4
3085will be loaded.
3086For this to work the interface drivers must be either compiled into the
3087kernel or must reside on the root partition.
3088.It Va keybell
3089.Pq Vt str
3090The keyboard bell sound.
3091Set to
3092.Dq Li normal ,
3093.Dq Li visual ,
3094.Dq Li off ,
3095or
3096.Dq Li NO
3097if the default behavior is desired.
3098For details, refer to the
3099.Xr kbdcontrol 1
3100manpage.
3101.It Va keyboard
3102.Pq Vt str
3103If set to a non-null string, the virtual console's keyboard input is
3104set to this device.
3105.It Va keymap
3106.Pq Vt str
3107If set to
3108.Dq Li NO ,
3109no keymap is installed, otherwise the value is used to install
3110the keymap file found in
3111.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3112(if using
3113.Xr syscons 4 ) or
3114.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3115(if using
3116.Xr vt 4 ) .
3117.It Va keyrate
3118.Pq Vt str
3119The keyboard repeat speed.
3120Set to
3121.Dq Li slow ,
3122.Dq Li normal ,
3123.Dq Li fast ,
3124or
3125.Dq Li NO
3126if the default behavior is desired.
3127.It Va keychange
3128.Pq Vt str
3129If not set to
3130.Dq Li NO ,
3131attempt to program the function keys with the value.
3132The value should
3133be a single string of the form:
3134.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3135.It Va cursor
3136.Pq Vt str
3137Can be set to the value of
3138.Dq Li normal ,
3139.Dq Li blink ,
3140.Dq Li destructive ,
3141or
3142.Dq Li NO
3143to set the cursor behavior explicitly or choose the default behavior.
3144.It Va scrnmap
3145.Pq Vt str
3146If set to
3147.Dq Li NO ,
3148no screen map is installed, otherwise the value is used to install
3149the screen map file in
3150.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3151This parameter is ignored when using
3152.Xr vt 4
3153as the console driver.
3154.It Va font8x16
3155.Pq Vt str
3156If set to
3157.Dq Li NO ,
3158the default 8x16 font value is used for screen size requests, otherwise
3159the value in
3160.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3161or
3162.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3163is used (depending on the console driver being used).
3164.It Va font8x14
3165.Pq Vt str
3166If set to
3167.Dq Li NO ,
3168the default 8x14 font value is used for screen size requests, otherwise
3169the value in
3170.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3171or
3172.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3173is used (depending on the console driver being used).
3174.It Va font8x8
3175.Pq Vt str
3176If set to
3177.Dq Li NO ,
3178the default 8x8 font value is used for screen size requests, otherwise
3179the value in
3180.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3181or
3182.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3183is used (depending on the console driver being used).
3184.It Va blanktime
3185.Pq Vt int
3186If set to
3187.Dq Li NO ,
3188the default screen blanking interval is used, otherwise it is set
3189to
3190.Ar value
3191seconds.
3192.It Va saver
3193.Pq Vt str
3194If not set to
3195.Dq Li NO ,
3196this is the actual screen saver to use
3197.Li ( blank , snake , daemon ,
3198etc).
3199.It Va moused_nondefault_enable
3200.Pq Vt str
3201If set to
3202.Dq Li NO ,
3203the mouse device specified on
3204the command line is not automatically treated as enabled by the
3205.Pa /etc/rc.d/moused
3206script.
3207Having this variable set to
3208.Dq Li YES
3209allows a
3210.Xr usb 4
3211mouse,
3212for example,
3213to be enabled as soon as it is plugged in.
3214.It Va moused_enable
3215.Pq Vt str
3216If set to
3217.Dq Li YES ,
3218the
3219.Xr moused 8
3220daemon is started for doing cut/paste selection on the console.
3221.It Va moused_type
3222.Pq Vt str
3223This is the protocol type of the mouse connected to this host.
3224This variable must be set if
3225.Va moused_enable
3226is set to
3227.Dq Li YES .
3228The
3229.Xr moused 8
3230daemon
3231is able to detect the appropriate mouse type automatically in many cases.
3232Set this variable to
3233.Dq Li auto
3234to let the daemon detect it, or
3235select one from the following list if the automatic detection fails.
3236.Pp
3237If the mouse is attached to the PS/2 mouse port, choose
3238.Dq Li auto
3239or
3240.Dq Li ps/2 ,
3241regardless of the brand and model of the mouse.
3242Likewise, if the
3243mouse is attached to the bus mouse port, choose
3244.Dq Li auto
3245or
3246.Dq Li busmouse .
3247All other protocols are for serial mice and will not work with
3248the PS/2 and bus mice.
3249If this is a USB mouse,
3250.Dq Li auto
3251is the only protocol type which will work.
3252.Pp
3253.Bl -tag -width ".Li x10mouseremote" -compact
3254.It Li microsoft
3255Microsoft mouse (serial)
3256.It Li intellimouse
3257Microsoft IntelliMouse (serial)
3258.It Li mousesystems
3259Mouse systems Corp.\& mouse (serial)
3260.It Li mmseries
3261MM Series mouse (serial)
3262.It Li logitech
3263Logitech mouse (serial)
3264.It Li busmouse
3265A bus mouse
3266.It Li mouseman
3267Logitech MouseMan and TrackMan (serial)
3268.It Li glidepoint
3269ALPS GlidePoint (serial)
3270.It Li thinkingmouse
3271Kensington ThinkingMouse (serial)
3272.It Li ps/2
3273PS/2 mouse
3274.It Li mmhittab
3275MM HitTablet (serial)
3276.It Li x10mouseremote
3277X10 MouseRemote (serial)
3278.It Li versapad
3279Interlink VersaPad (serial)
3280.El
3281.Pp
3282Even if the mouse is not in the above list, it may be compatible
3283with one in the list.
3284Refer to the manual page for
3285.Xr moused 8
3286for compatibility information.
3287.Pp
3288It should also be noted that while this is enabled, any
3289other client of the mouse (such as an X server) should access
3290the mouse through the virtual mouse device,
3291.Pa /dev/sysmouse ,
3292and configure it as a
3293.Dq Li sysmouse
3294type mouse, since all
3295mouse data is converted to this single canonical format when
3296using
3297.Xr moused 8 .
3298If the client program does not support the
3299.Dq Li sysmouse
3300type,
3301specify the
3302.Dq Li mousesystems
3303type.
3304It is the second preferred type.
3305.It Va moused_port
3306.Pq Vt str
3307If
3308.Va moused_enable
3309is set to
3310.Dq Li YES ,
3311this is the actual port the mouse is on.
3312It might be
3313.Pa /dev/cuau0
3314for a COM1 serial mouse,
3315.Pa /dev/psm0
3316for a PS/2 mouse or
3317.Pa /dev/mse0
3318for a bus mouse, for example.
3319.It Va moused_flags
3320.Pq Vt str
3321If
3322.Va moused_flags
3323is set, its value is used as an additional set of flags to pass to the
3324.Xr moused 8
3325daemon.
3326.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3327When
3328.Va moused_nondefault_enable
3329is enabled, and a
3330.Xr moused 8
3331daemon is started for a non-default port, the
3332.Va "moused_" Ns Ar XXX Ns Va "_flags"
3333set of options has precedence over and replaces the default
3334.Va moused_flags
3335(where
3336.Ar XXX
3337is the name of the non-default port, i.e.,\&
3338.Ar ums0 ) .
3339By setting
3340.Va "moused_" Ns Ar XXX Ns Va "_flags"
3341it is possible to set up a different set of default flags for each
3342.Xr moused 8
3343instance.
3344For example, you can use
3345.Dq Li "-3"
3346for the default
3347.Va moused_flags
3348to make your laptop's touchpad more comfortable to use,
3349but an empty set of options for
3350.Va moused_ums0_flags
3351when your
3352.Xr usb 4
3353mouse has three or more buttons.
3354.It Va mousechar_start
3355.Pq Vt int
3356If set to
3357.Dq Li NO ,
3358the default mouse cursor character range
3359.Li 0xd0 Ns - Ns Li 0xd3
3360is used,
3361otherwise the range start is set
3362to
3363.Ar value
3364character, see
3365.Xr vidcontrol 1 .
3366Use if the default range is occupied in the language code table.
3367.It Va allscreens_flags
3368.Pq Vt str
3369If set,
3370.Xr vidcontrol 1
3371is run with these options for each of the virtual terminals
3372.Pq Pa /dev/ttyv* .
3373For example,
3374.Dq Fl m Cm on
3375will enable the mouse pointer on all virtual terminals
3376if
3377.Va moused_enable
3378is set to
3379.Dq Li YES .
3380.It Va allscreens_kbdflags
3381.Pq Vt str
3382If set,
3383.Xr kbdcontrol 1
3384is run with these options for each of the virtual terminals
3385.Pq Pa /dev/ttyv* .
3386For example,
3387.Dq Fl h Li 200
3388will set the
3389.Xr syscons 4
3390or
3391.Xr vt 4
3392scrollback (history) buffer to 200 lines.
3393.It Va cron_enable
3394.Pq Vt bool
3395If set to
3396.Dq Li YES ,
3397run the
3398.Xr cron 8
3399daemon at system boot time.
3400.It Va cron_program
3401.Pq Vt str
3402Path to
3403.Xr cron 8
3404(default
3405.Pa /usr/sbin/cron ) .
3406.It Va cron_flags
3407.Pq Vt str
3408If
3409.Va cron_enable
3410is set to
3411.Dq Li YES ,
3412these are the flags to pass to
3413.Xr cron 8 .
3414.It Va cron_dst
3415.Pq Vt bool
3416If set to
3417.Dq Li YES ,
3418enable the special handling of transitions to and from the
3419Daylight Saving Time in
3420.Xr cron 8
3421(equivalent to using the flag
3422.Fl s ) .
3423.It Va lpd_program
3424.Pq Vt str
3425Path to
3426.Xr lpd 8
3427(default
3428.Pa /usr/sbin/lpd ) .
3429.It Va lpd_enable
3430.Pq Vt bool
3431If set to
3432.Dq Li YES ,
3433run the
3434.Xr lpd 8
3435daemon at system boot time.
3436.It Va lpd_flags
3437.Pq Vt str
3438If
3439.Va lpd_enable
3440is set to
3441.Dq Li YES ,
3442these are the flags to pass to the
3443.Xr lpd 8
3444daemon.
3445.It Va chkprintcap_enable
3446.Pq Vt bool
3447If set to
3448.Dq Li YES ,
3449run the
3450.Xr chkprintcap 8
3451command before starting the
3452.Xr lpd 8
3453daemon.
3454.It Va chkprintcap_flags
3455.Pq Vt str
3456If
3457.Va lpd_enable
3458and
3459.Va chkprintcap_enable
3460are set to
3461.Dq Li YES ,
3462these are the flags to pass to the
3463.Xr chkprintcap 8
3464program.
3465The default is
3466.Dq Li -d ,
3467which causes missing directories to be created.
3468.It Va mta_start_script
3469.Pq Vt str
3470This variable specifies the full path to the script to run to start
3471a mail transfer agent.
3472The default is
3473.Pa /etc/rc.sendmail .
3474The
3475.Va sendmail_*
3476variables which
3477.Pa /etc/rc.sendmail
3478uses are documented in the
3479.Xr rc.sendmail 8
3480manual page.
3481.It Va dumpdev
3482.Pq Vt str
3483Indicates the device (usually a swap partition) to which a crash dump
3484should be written in the event of a system crash.
3485If the value of this variable is
3486.Dq Li AUTO ,
3487the first suitable swap device listed in
3488.Pa /etc/fstab
3489will be used as dump device.
3490Otherwise, the value of this variable is passed as the argument to
3491.Xr dumpon 8 .
3492To disable crash dumps, set this variable to
3493.Dq Li NO .
3494.It Va dumpdir
3495.Pq Vt str
3496When the system reboots after a crash and a crash dump is found on the
3497device specified by the
3498.Va dumpdev
3499variable,
3500.Xr savecore 8
3501will save that crash dump and a copy of the kernel to the directory
3502specified by the
3503.Va dumpdir
3504variable.
3505The default value is
3506.Pa /var/crash .
3507Set to
3508.Dq Li NO
3509to not run
3510.Xr savecore 8
3511at boot time when
3512.Va dumpdir
3513is set.
3514.It Va savecore_flags
3515.Pq Vt str
3516If crash dumps are enabled, these are the flags to pass to the
3517.Xr savecore 8
3518utility.
3519.It Va quota_enable
3520.Pq Vt bool
3521Set to
3522.Dq Li YES
3523to turn on user and group disk quotas on system startup via the
3524.Xr quotaon 8
3525command for all file systems marked as having quotas enabled in
3526.Pa /etc/fstab .
3527The kernel must be built with
3528.Cd "options QUOTA"
3529for disk quotas to function.
3530.It Va check_quotas
3531.Pq Vt bool
3532Set to
3533.Dq Li YES
3534to enable user and group disk quota checking via the
3535.Xr quotacheck 8
3536command.
3537.It Va quotacheck_flags
3538.Pq Vt str
3539If
3540.Va quota_enable
3541is set to
3542.Dq Li YES ,
3543and
3544.Va check_quotas
3545is set to
3546.Dq Li YES ,
3547these are the flags to pass to the
3548.Xr quotacheck 8
3549utility.
3550The default is
3551.Dq Li "-a" ,
3552which checks quotas for all file systems with quotas enabled in
3553.Pa /etc/fstab .
3554.It Va quotaon_flags
3555.Pq Vt str
3556If
3557.Va quota_enable
3558is set to
3559.Dq Li YES ,
3560these are the flags to pass to the
3561.Xr quotaon 8
3562utility.
3563The default is
3564.Dq Li "-a" ,
3565which enables quotas for all file systems with quotas enabled in
3566.Pa /etc/fstab .
3567.It Va quotaoff_flags
3568.Pq Vt str
3569If
3570.Va quota_enable
3571is set to
3572.Dq Li YES ,
3573these are the flags to pass to the
3574.Xr quotaoff 8
3575utility when shutting down the quota system.
3576The default is
3577.Dq Li "-a" ,
3578which disables quotas for all file systems with quotas enabled in
3579.Pa /etc/fstab .
3580.It Va accounting_enable
3581.Pq Vt bool
3582Set to
3583.Dq Li YES
3584to enable system accounting through the
3585.Xr accton 8
3586facility.
3587.It Va ibcs2_enable
3588.Pq Vt bool
3589Set to
3590.Dq Li YES
3591to enable iBCS2 (SCO) binary emulation at system initial boot
3592time.
3593.It Va ibcs2_loaders
3594.Pq Vt str
3595If not set to
3596.Dq Li NO
3597and if
3598.Va ibcs2_enable
3599is set to
3600.Dq Li YES ,
3601this specifies a list of additional iBCS2 loaders to enable.
3602.It Va firstboot_sentinel
3603.Pq Vt str
3604This variable specifies the full path to a
3605.Dq first boot
3606sentinel file.
3607If a file exists with this path,
3608.Pa rc.d
3609scripts with the
3610.Dq firstboot
3611keyword will be run on startup and the sentinel file will be deleted
3612after the boot process completes.
3613The sentinel file must be located on a writable file system which is
3614mounted no later than
3615.Va early_late_divider
3616to function properly.
3617The default is
3618.Pa /firstboot .
3619.It Va linux_enable
3620.Pq Vt bool
3621Set to
3622.Dq Li YES
3623to enable Linux/ELF binary emulation at system initial
3624boot time.
3625.It Va svr4_enable
3626.Pq Vt bool
3627If set to
3628.Dq Li YES ,
3629enable SysVR4 emulation at boot time.
3630.It Va sysvipc_enable
3631.Pq Vt bool
3632If set to
3633.Dq Li YES ,
3634load System V IPC primitives at boot time.
3635.It Va clear_tmp_enable
3636.Pq Vt bool
3637Set to
3638.Dq Li YES
3639to have
3640.Pa /tmp
3641cleaned at startup.
3642.It Va clear_tmp_X
3643.Pq Vt bool
3644Set to
3645.Dq Li NO
3646to disable removing of X11 lock files,
3647and the removal and (secure) recreation
3648of the various socket directories for X11
3649related programs.
3650.It Va ldconfig_paths
3651.Pq Vt str
3652Set to the list of shared library paths to use with
3653.Xr ldconfig 8 .
3654NOTE:
3655.Pa /usr/lib
3656will always be added first, so it need not appear in this list.
3657.It Va ldconfig32_paths
3658.Pq Vt str
3659Set to the list of 32-bit compatibility shared library paths to
3660use with
3661.Xr ldconfig 8 .
3662.It Va ldconfig_paths_aout
3663.Pq Vt str
3664Set to the list of shared library paths to use with
3665.Xr ldconfig 8
3666legacy
3667.Xr a.out 5
3668support.
3669.It Va ldconfig_insecure
3670.Pq Vt bool
3671The
3672.Xr ldconfig 8
3673utility normally refuses to use directories
3674which are writable by anyone except root.
3675Set this variable to
3676.Dq Li YES
3677to disable that security check during system startup.
3678.It Va ldconfig_local_dirs
3679.Pq Vt str
3680Set to the list of local
3681.Xr ldconfig 8
3682directories.
3683The names of all files in the directories listed will be
3684passed as arguments to
3685.Xr ldconfig 8 .
3686.It Va ldconfig_local32_dirs
3687.Pq Vt str
3688Set to the list of local 32-bit compatibility
3689.Xr ldconfig 8
3690directories.
3691The names of all files in the directories listed will be
3692passed as arguments to
3693.Dq Nm ldconfig Fl 32 .
3694.It Va kern_securelevel_enable
3695.Pq Vt bool
3696Set to
3697.Dq Li YES
3698to set the kernel security level at system startup.
3699.It Va kern_securelevel
3700.Pq Vt int
3701The kernel security level to set at startup.
3702The allowed range of
3703.Ar value
3704ranges from \-1 (the compile time default) to 3 (the
3705most secure).
3706See
3707.Xr security 7
3708for the list of possible security levels and their effect
3709on system operation.
3710.It Va sshd_program
3711.Pq Vt str
3712Path to the SSH server program
3713.Pa ( /usr/sbin/sshd
3714is the default).
3715.It Va sshd_enable
3716.Pq Vt bool
3717Set to
3718.Dq Li YES
3719to start
3720.Xr sshd 8
3721at system boot time.
3722.It Va sshd_flags
3723.Pq Vt str
3724If
3725.Va sshd_enable
3726is set to
3727.Dq Li YES ,
3728these are the flags to pass to the
3729.Xr sshd 8
3730daemon.
3731.It Va ftpd_program
3732.Pq Vt str
3733Path to the FTP server program
3734.Pa ( /usr/libexec/ftpd
3735is the default).
3736.It Va ftpd_enable
3737.Pq Vt bool
3738Set to
3739.Dq Li YES
3740to start
3741.Xr ftpd 8
3742as a stand-alone daemon at system boot time.
3743.It Va ftpd_flags
3744.Pq Vt str
3745If
3746.Va ftpd_enable
3747is set to
3748.Dq Li YES ,
3749these are the additional flags to pass to the
3750.Xr ftpd 8
3751daemon.
3752.It Va watchdogd_enable
3753.Pq Vt bool
3754If set to
3755.Dq Li YES ,
3756start the
3757.Xr watchdogd 8
3758daemon at boot time.
3759This requires that the kernel have been compiled with a
3760.Xr watchdog 4
3761compatible device.
3762.It Va watchdogd_flags
3763.Pq Vt str
3764If
3765.Va watchdogd_enable
3766is set to
3767.Dq Li YES ,
3768these are the flags passed to the
3769.Xr watchdogd 8
3770daemon.
3771.It Va devfs_rulesets
3772.Pq Vt str
3773List of files containing sets of rules for
3774.Xr devfs 8 .
3775.It Va devfs_system_ruleset
3776.Pq Vt str
3777Rule name(s) to apply to the system
3778.Pa /dev
3779itself.
3780.It Va devfs_set_rulesets
3781.Pq Vt str
3782Pairs of already-mounted
3783.Pa dev
3784directories and rulesets that should be applied to them.
3785For example: /mount/dev=ruleset_name
3786.It Va devfs_load_rulesets
3787.Pq Vt bool
3788If set, always load the default rulesets listed in
3789.Va devfs_rulesets .
3790.It Va performance_cx_lowest
3791.Pq Vt str
3792CPU idle state to use while on AC power.
3793The string
3794.Dq Li LOW
3795indicates that
3796.Xr acpi 4
3797should use the lowest power state available while
3798.Dq Li HIGH
3799indicates that the lowest latency state (less power savings) should be used.
3800.It Va performance_cpu_freq
3801.Pq Vt str
3802CPU clock frequency to use while on AC power.
3803The string
3804.Dq Li LOW
3805indicates that
3806.Xr cpufreq 4
3807should use the lowest frequency available while
3808.Dq Li HIGH
3809indicates that the highest frequency (less power savings) should be used.
3810.It Va economy_cx_lowest
3811.Pq Vt str
3812CPU idle state to use when off AC power.
3813The string
3814.Dq Li LOW
3815indicates that
3816.Xr acpi 4
3817should use the lowest power state available while
3818.Dq Li HIGH
3819indicates that the lowest latency state (less power savings) should be used.
3820.It Va economy_cpu_freq
3821.Pq Vt str
3822CPU clock frequency to use when off AC power.
3823The string
3824.Dq Li LOW
3825indicates that
3826.Xr cpufreq 4
3827should use the lowest frequency available while
3828.Dq Li HIGH
3829indicates that the highest frequency (less power savings) should be used.
3830.It Va jail_enable
3831.Pq Vt bool
3832If set to
3833.Dq Li NO ,
3834any configured jails will not be started.
3835.It Va jail_conf
3836.Pq Vt str
3837The configuration filename used by
3838.Xr jail 8
3839utility.
3840The default value is
3841.Pa /etc/jail.conf .
3842.It Va jail_parallel_start
3843.Pq Vt bool
3844If set to
3845.Dq Li YES ,
3846all configured jails will be started in the background (in parallel).
3847.It Va jail_flags
3848.Pq Vt str
3849Unset by default.
3850When set, use as default value for
3851.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3852for every jail in
3853.Va jail_list .
3854.It Va jail_list
3855.Pq Vt str
3856A space-delimited list of jail names.
3857When left empty, all of the
3858.Xr jail 8
3859instances defined in the configuration file are started.
3860The names specified in this list control the jail startup order.
3861.Xr jail 8
3862instances missing from
3863.Va jail_list
3864must be started manually.
3865.It Va jail_reverse_stop
3866.Pq Vt bool
3867When set to
3868.Dq Li YES ,
3869all configured jails in
3870.Va jail_list
3871are stopped in reverse order.
3872.It Va jail_* variables
3873Note that older releases supported per-jail configuration via
3874.Xr rc.conf 5
3875variables.
3876For example,
3877hostname of a jail named
3878.Li vjail
3879was able to be set by
3880.Li jail_vjail_hostname .
3881These per-jail configuration variables are now obsolete in favor of
3882.Xr jail 8
3883configuration file.
3884For backward compatibility,
3885when per-jail configuration variables are defined,
3886.Xr jail 8
3887configuration files are created as
3888.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3889and used.
3890.Pp
3891The following per-jail parameters are handled by
3892.Pa rc.d/jail
3893script out of their corresponding
3894.Nm
3895variables.
3896In addition to them, parameters in
3897.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3898will be added to the configuration file.
3899They must be a semi-colon
3900.Pq Ql \&;
3901delimited list of
3902.Dq key=value .
3903For more details,
3904see
3905.Xr jail 8
3906manual page.
3907.Bl  -tag -width "host.hostname" -offset indent
3908.It Li path
3909set from
3910.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3911.It Li host.hostname
3912set from
3913.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3914.It Li exec.consolelog
3915set from
3916.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3917The default value is
3918.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3919.It Li interface
3920set from
3921.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3922.It Li vnet.interface
3923set from
3924.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3925This implies
3926.Li vnet
3927parameter will be enabled and cannot be specified with
3928.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3929.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3930and/or
3931.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3932at the same time.
3933.It Li fstab
3934set from
3935.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3936.It Li mount
3937set from
3938.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
3939.It Li exec.fib
3940set from
3941.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3942.It Li exec.start
3943set from
3944.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
3945The parameter name was
3946.Li command
3947in some older releases.
3948.It Li exec.prestart
3949set from
3950.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
3951.It Li exec.poststart
3952set from
3953.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
3954.It Li exec.stop
3955set from
3956.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3957.It Li exec.prestop
3958set from
3959.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
3960.It Li exec.poststop
3961set from
3962.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
3963.It Li ip4.addr
3964set if
3965.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3966or
3967.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3968contain IPv4 addresses
3969.It Li ip6.addr
3970set if
3971.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3972or
3973.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3974contain IPv6 addresses
3975.It Li allow.mount
3976set from
3977.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3978.It Li mount.devfs
3979set from
3980.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3981.It Li devfs_ruleset
3982set from
3983.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
3984This must be an integer,
3985not a string.
3986.It Li mount.fdescfs
3987set from
3988.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3989.It Li allow.set_hostname
3990set from
3991.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
3992.It Li allow.rawsocket
3993set from
3994.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
3995.It Li allow.sysvipc
3996set from
3997.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
3998.El
3999.\" -----------------------------------------------------
4000.It Va harvest_mask
4001.Pq Vt int
4002Set to a bit-mask
4003representing the entropy sources
4004you wish to harvest.
4005Refer to
4006.Xr random 4
4007for more information.
4008.It Va entropy_dir
4009.Pq Vt str
4010Set to
4011.Dq Li NO
4012to disable caching entropy via
4013.Xr cron 8 .
4014Otherwise set to the directory
4015in which the entropy files are stored.
4016To be useful,
4017there must be
4018a system cron job
4019that regularly writes and rotates
4020files here.
4021All files found
4022will be used at boot time.
4023The default is
4024.Pa /var/db/entropy .
4025.It Va entropy_file
4026.Pq Vt str
4027Set to
4028.Dq Li NO
4029to disable caching entropy through reboots.
4030Otherwise set to the name
4031of a file used to store cached entropy.
4032This file should be located
4033on a file system that is readable
4034before all the volumes specified in
4035.Xr fstab 5
4036are mounted.
4037By default,
4038.Pa /entropy
4039is used,
4040but if
4041.Pa /var/db/entropy-file
4042is found it will also be used.
4043This will be of some use to
4044.Xr bsdinstall 8 .
4045.It Va entropy_boot_file
4046.Pq Vt str
4047Set to
4048.Dq Li NO
4049to disable
4050very early caching entropy
4051through reboots.
4052Otherwise set to the filename
4053used to read
4054very early reboot cached entropy.
4055This file should be located where
4056.Xr loader 8
4057can read it.
4058See also
4059.Xr loader.conf 5 .
4060The default location is
4061.Pa /boot/entropy .
4062.It Va entropy_save_sz
4063.Pq Vt int
4064Size of the entropy cache files saved by
4065.Nm save-entropy
4066periodically.
4067.It Va entropy_save_num
4068.Pq Vt int
4069Number of entropy cache files to save by
4070.Nm save-entropy
4071periodically.
4072.It Va ipsec_enable
4073.Pq Vt bool
4074Set to
4075.Dq Li YES
4076to run
4077.Xr setkey 8
4078on
4079.Va ipsec_file
4080at boot time.
4081.It Va ipsec_file
4082.Pq Vt str
4083Configuration file for
4084.Xr setkey 8 .
4085.It Va dmesg_enable
4086.Pq Vt bool
4087Set to
4088.Dq Li YES
4089to save
4090.Xr dmesg 8
4091to
4092.Pa /var/run/dmesg.boot
4093on boot.
4094.It Va rcshutdown_timeout
4095.Pq Vt int
4096If set, start a watchdog timer in the background which will terminate
4097.Pa rc.shutdown
4098if
4099.Xr shutdown 8
4100has not completed within the specified time (in seconds).
4101Notice that in addition to this soft timeout,
4102.Xr init 8
4103also applies a hard timeout for the execution of
4104.Pa rc.shutdown .
4105This is configured via
4106.Xr sysctl 8
4107variable
4108.Va kern.init_shutdown_timeout
4109and defaults to 120 seconds.
4110Setting the value of
4111.Va rcshutdown_timeout
4112to more than 120 seconds will have no effect until the
4113.Xr sysctl 8
4114variable
4115.Va kern.init_shutdown_timeout
4116is also increased.
4117.It Va virecover_enable
4118.Pq Vt bool
4119Set to
4120.Dq Li NO
4121to prevent the system from trying to
4122recover pre-maturely terminated
4123.Xr vi 1
4124sessions.
4125.It Va ugidfw_enable
4126.Pq Vt bool
4127Set to
4128.Dq Li YES
4129to load the
4130.Xr mac_bsdextended 4
4131module upon system initialization and load a default
4132ruleset file.
4133.It Va bsdextended_script
4134.Pq Vt str
4135The default
4136.Xr mac_bsdextended 4
4137ruleset file to load.
4138The default value of this variable is
4139.Pa /etc/rc.bsdextended .
4140.It Va newsyslog_enable
4141.Pq Vt bool
4142If set to
4143.Dq Li YES ,
4144run
4145.Xr newsyslog 8
4146command at startup.
4147.It Va newsyslog_flags
4148.Pq Vt str
4149If
4150.Va newsyslog_enable
4151is set to
4152.Dq Li YES ,
4153these are the flags to pass to the
4154.Xr newsyslog 8
4155program.
4156The default is
4157.Dq Li -CN ,
4158which causes log files flagged with a
4159.Cm C
4160to be created.
4161.It Va mdconfig_md Ns Aq Ar X
4162.Pq Vt str
4163Arguments to
4164.Xr mdconfig 8
4165for
4166.Xr md 4
4167device
4168.Ar X .
4169At minimum a
4170.Fl t Ar type
4171must be specified and either a
4172.Fl s Ar size
4173for malloc or swap backed
4174.Xr md 4
4175devices or a
4176.Fl f Ar file
4177for vnode backed
4178.Xr md 4
4179devices.
4180Note that
4181.Va mdconfig_md Ns Aq Ar X
4182variables are evaluated until one variable is unset or null.
4183.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4184.Pq Vt str
4185Optional arguments passed to
4186.Xr newfs 8
4187to initialize
4188.Xr md 4
4189device
4190.Ar X .
4191.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4192.Pq Vt str
4193An ownership specification passed to
4194.Xr chown 8
4195after the specified
4196.Xr md 4
4197device
4198.Ar X
4199has been mounted.
4200Both the
4201.Xr md 4
4202device and the mount point will be changed.
4203.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4204.Pq Vt str
4205A mode string passed to
4206.Xr chmod 1
4207after the specified
4208.Xr md 4
4209device
4210.Ar X
4211has been mounted.
4212Both the
4213.Xr md 4
4214device and the mount point will be changed.
4215.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4216.Pq Vt str
4217Files to be copied to the mount point of the
4218.Xr md 4
4219device
4220.Ar X
4221after it has been mounted.
4222.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4223.Pq Vt str
4224Command to execute after the specified
4225.Xr md 4
4226device
4227.Ar X
4228has been mounted.
4229Note that the command is passed to
4230.Ic eval
4231and that both
4232.Va _dev
4233and
4234.Va _mp
4235variables can be used to reference respectively the
4236.Xr md 4
4237device and the mount point.
4238Assuming that the
4239.Xr md 4
4240device is
4241.Li md0 ,
4242one could set the following:
4243.Bd -literal
4244mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4245.Ed
4246.It Va autobridge_interfaces
4247.Pq Vt str
4248Set to the list of bridge interfaces that will have newly arriving interfaces
4249checked against to be automatically added.
4250If not set to
4251.Dq Li NO
4252then for each whitespace separated
4253.Ar element
4254in the value, a
4255.Va autobridge_ Ns Aq Ar element
4256variable is assumed to exist which has a whitespace separated list of interface
4257names to match, these names can use wildcards.
4258For example:
4259.Bd -literal
4260autobridge_interfaces="bridge0"
4261autobridge_bridge0="tap* dc0 vlan[345]"
4262.Ed
4263.It Va mixer_enable
4264.Pq Vt bool
4265If set to
4266.Dq Li YES ,
4267enable support for sound mixer.
4268.It Va hcsecd_enable
4269.Pq Vt bool
4270If set to
4271.Dq Li YES ,
4272enable Bluetooth security daemon.
4273.It Va hcsecd_config
4274.Pq Vt str
4275Configuration file for
4276.Xr hcsecd 8 .
4277Default
4278.Pa /etc/bluetooth/hcsecd.conf .
4279.It Va sdpd_enable
4280.Pq Vt bool
4281If set to
4282.Dq Li YES ,
4283enable Bluetooth Service Discovery Protocol daemon.
4284.It Va sdpd_control
4285.Pq Vt str
4286Path to
4287.Xr sdpd 8
4288control socket.
4289Default
4290.Pa /var/run/sdp .
4291.It Va sdpd_groupname
4292.Pq Vt str
4293Sets
4294.Xr sdpd 8
4295group to run as after it initializes.
4296Default
4297.Dq Li nobody .
4298.It Va sdpd_username
4299.Pq Vt str
4300Sets
4301.Xr sdpd 8
4302user to run as after it initializes.
4303Default
4304.Dq Li nobody .
4305.It Va bthidd_enable
4306.Pq Vt bool
4307If set to
4308.Dq Li YES ,
4309enable Bluetooth Human Interface Device daemon.
4310.It Va bthidd_config
4311.Pq Vt str
4312Configuration file for
4313.Xr bthidd 8 .
4314Default
4315.Pa /etc/bluetooth/bthidd.conf .
4316.It Va bthidd_hids
4317.Pq Vt str
4318Path to a file, where
4319.Xr bthidd 8
4320will store information about known HID devices.
4321Default
4322.Pa /var/db/bthidd.hids .
4323.It Va rfcomm_pppd_server_enable
4324.Pq Vt bool
4325If set to
4326.Dq Li YES ,
4327enable Bluetooth RFCOMM PPP wrapper daemon.
4328.It Va rfcomm_pppd_server_profile
4329.Pq Vt str
4330The name of the profile to use from
4331.Pa /etc/ppp/ppp.conf .
4332Multiple profiles can be specified here.
4333Also used to specify per-profile overrides.
4334When the profile name contains any of the characters
4335.Dq Li .-/+
4336they are translated to
4337.Dq Li _
4338for the proposes of the override variable names.
4339.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4340.Pq Vt str
4341Overrides local address to listen on.
4342By default
4343.Xr rfcomm_pppd 8
4344will listen on
4345.Dq Li ANY
4346address.
4347The address can be specified as BD_ADDR or name.
4348.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4349.Pq Vt str
4350Overrides local RFCOMM channel to listen on.
4351By default
4352.Xr rfcomm_pppd 8
4353will listen on RFCOMM channel 1.
4354Must set properly if multiple profiles used in the same time.
4355.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4356.Pq Vt bool
4357Tells
4358.Xr rfcomm_pppd 8
4359if it should register Serial Port service on the specified RFCOMM channel.
4360Default
4361.Dq Li NO .
4362.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4363.Pq Vt bool
4364Tells
4365.Xr rfcomm_pppd 8
4366if it should register Dial-Up Networking service on the specified
4367RFCOMM channel.
4368Default
4369.Dq Li NO .
4370.It Va ubthidhci_enable
4371.Pq Vt bool
4372If set to
4373.Dq Li YES ,
4374change the USB Bluetooth controller from HID mode to HCI mode.
4375You also need to specify the location of USB Bluetooth controller with the
4376.Va ubthidhci_busnum
4377and
4378.Va ubthidhci_addr
4379variables.
4380.It Va ubthidhci_busnum
4381Bus number where the USB Bluetooth controller is located.
4382Check the output of
4383.Xr usbconfig 8
4384on your system to find this information.
4385.It Va ubthidhci_addr
4386Bus address of the USB Bluetooth controller.
4387Check the output of
4388.Xr usbconfig 8
4389on your system to find this information.
4390.It Va netwait_enable
4391.Pq Vt bool
4392If set to
4393.Dq Li YES ,
4394delays the start of network-reliant services until
4395.Va netwait_if
4396is up and ICMP packets to a destination defined in
4397.Va netwait_ip
4398are flowing.
4399Link state is examined first, followed by
4400.Dq Li pinging
4401an IP address to verify network usability.
4402If no destination can be reached or timeouts are exceeded,
4403network services are started anyway with no guarantee that
4404the network is usable.
4405Use of this variable requires both
4406.Va netwait_ip
4407and
4408.Va netwait_if
4409to be set.
4410.It Va netwait_ip
4411.Pq Vt str
4412Empty by default.
4413This variable contains a space-delimited list of IP addresses to
4414.Xr ping 8 .
4415DNS hostnames should not be used as resolution is not guaranteed
4416to be functional at this point.
4417If multiple IP addresses are specified,
4418each will be tried until one is successful or the list is exhausted.
4419.It Va netwait_timeout
4420.Pq Vt int
4421Indicates the total number of seconds to perform a
4422.Dq Li ping
4423against each IP address in
4424.Va netwait_ip ,
4425at a rate of one ping per second.
4426If any of the pings are successful,
4427full network connectivity is considered reliable.
4428The default is 60.
4429.It Va netwait_if
4430.Pq Vt str
4431Empty by default.
4432Defines the name of the network interface on which watch for link.
4433.Xr ifconfig 8
4434is used to monitor the interface, looking for
4435.Dq Li status: no carrier .
4436Once gone, the link is considered up.
4437This can be a
4438.Xr vlan 4
4439interface if desired.
4440.It Va netwait_if_timeout
4441.Pq Vt int
4442Defines the total number of seconds to wait for link to become usable,
4443polled at a 1-second interval.
4444The default is 30.
4445.It Va rctl_enable
4446.Pq Vt bool
4447If set to
4448.Dq Li YES ,
4449load
4450.Xr rctl 8
4451rules from the defined ruleset.
4452The kernel must be built with
4453.Cd "options RACCT"
4454and
4455.Cd "options RCTL" .
4456.It Va rctl_rules
4457.Pq Vt str
4458Set to
4459.Pa /etc/rctl.conf
4460by default.
4461This variables contains the
4462.Xr rctl.conf 5
4463ruleset to load for
4464.Xr rctl 8 .
4465.It Va iovctl_files
4466.Pq Vt str
4467A space-separated list of configuration files used by
4468.Xr iovctl 8 .
4469The default value is an empty string.
4470.It Va autofs_enable
4471.Pq Vt bool
4472If set to
4473.Dq Li YES ,
4474start the
4475.Xr automount 8
4476utility and the
4477.Xr automountd 8
4478and
4479.Xr autounmountd 8
4480daemons at boot time.
4481.It Va automount_flags
4482.Pq Vt str
4483If
4484.Va autofs_enable
4485is set to
4486.Dq Li YES ,
4487these are the flags to pass to the
4488.Xr automount 8
4489program.
4490By default no flags are passed.
4491.It Va automountd_flags
4492.Pq Vt str
4493If
4494.Va autofs_enable
4495is set to
4496.Dq Li YES ,
4497these are the flags to pass to the
4498.Xr automountd 8
4499daemon.
4500By default no flags are passed.
4501.It Va autounmountd_flags
4502.Pq Vt str
4503If
4504.Va autofs_enable
4505is set to
4506.Dq Li YES ,
4507these are the flags to pass to the
4508.Xr autounmountd 8
4509daemon.
4510By default no flags are passed.
4511.It Va ctld_enable
4512.Pq Vt bool
4513If set to
4514.Dq Li YES ,
4515start the
4516.Xr ctld 8
4517daemon at boot time.
4518.It Va iscsid_enable
4519.Pq Vt bool
4520If set to
4521.Dq Li YES ,
4522start the
4523.Xr iscsid 8
4524daemon at boot time.
4525.It Va iscsictl_enable
4526.Pq Vt bool
4527If set to
4528.Dq Li YES ,
4529start the
4530.Xr iscsictl 8
4531utility at boot time.
4532.It Va iscsictl_flags
4533.Pq Vt str
4534If
4535.Va iscsictl_enable
4536is set to
4537.Dq Li YES ,
4538these are the flags to pass to the
4539.Xr iscsictl 8
4540program.
4541The default is
4542.Dq Li -Aa ,
4543which configures sessions based on the
4544.Pa /etc/iscsi.conf
4545configuration file.
4546.El
4547.Sh FILES
4548.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4549.It Pa /etc/defaults/rc.conf
4550.It Pa /etc/rc.conf
4551.It Pa /etc/rc.conf.local
4552.El
4553.Sh SEE ALSO
4554.Xr catman 1 ,
4555.Xr chmod 1 ,
4556.Xr gdb 1 ,
4557.Xr info 1 ,
4558.Xr kbdcontrol 1 ,
4559.Xr makewhatis 1 ,
4560.Xr sh 1 ,
4561.Xr vi 1 ,
4562.Xr vidcontrol 1 ,
4563.Xr bridge 4 ,
4564.Xr dummynet 4 ,
4565.Xr ip 4 ,
4566.Xr ipf 4 ,
4567.Xr ipfw 4 ,
4568.Xr ipnat 4 ,
4569.Xr kld 4 ,
4570.Xr pf 4 ,
4571.Xr pflog 4 ,
4572.Xr pfsync 4 ,
4573.Xr tcp 4 ,
4574.Xr udp 4 ,
4575.Xr exports 5 ,
4576.Xr fstab 5 ,
4577.Xr ipf 5 ,
4578.Xr ipnat 5 ,
4579.Xr jail.conf 5 ,
4580.Xr loader.conf 5 ,
4581.Xr motd 5 ,
4582.Xr newsyslog.conf 5 ,
4583.Xr pf.conf 5 ,
4584.Xr security 7 ,
4585.Xr accton 8 ,
4586.Xr amd 8 ,
4587.Xr apm 8 ,
4588.Xr atm 8 ,
4589.Xr bsdinstall 8 ,
4590.Xr bthidd 8 ,
4591.Xr chkprintcap 8 ,
4592.Xr chown 8 ,
4593.Xr cron 8 ,
4594.Xr devfs 8 ,
4595.Xr dhclient 8 ,
4596.Xr ftpd 8 ,
4597.Xr geli 8 ,
4598.Xr hcsecd 8 ,
4599.Xr ifconfig 8 ,
4600.Xr inetd 8 ,
4601.Xr iovctl 8 ,
4602.Xr ipf 8 ,
4603.Xr ipfw 8 ,
4604.Xr ipnat 8 ,
4605.Xr jail 8 ,
4606.Xr kldxref 8 ,
4607.Xr loader 8 ,
4608.Xr lpd 8 ,
4609.Xr mdconfig 8 ,
4610.Xr mdmfs 8 ,
4611.Xr mixer 8 ,
4612.Xr mountd 8 ,
4613.Xr moused 8 ,
4614.Xr newfs 8 ,
4615.Xr newsyslog 8 ,
4616.Xr nfsd 8 ,
4617.Xr ntpd 8 ,
4618.Xr ntpdate 8 ,
4619.Xr pfctl 8 ,
4620.Xr pflogd 8 ,
4621.Xr ping 8 ,
4622.Xr powerd 8 ,
4623.Xr quotacheck 8 ,
4624.Xr quotaon 8 ,
4625.Xr rc 8 ,
4626.Xr rc.sendmail 8 ,
4627.Xr rfcomm_pppd 8 ,
4628.Xr route 8 ,
4629.Xr routed 8 ,
4630.Xr rpc.lockd 8 ,
4631.Xr rpc.statd 8 ,
4632.Xr rpcbind 8 ,
4633.Xr rwhod 8 ,
4634.Xr savecore 8 ,
4635.Xr sdpd 8 ,
4636.Xr sshd 8 ,
4637.Xr swapon 8 ,
4638.Xr sysctl 8 ,
4639.Xr syslogd 8 ,
4640.Xr timed 8 ,
4641.Xr unbound 8 ,
4642.Xr usbconfig 8 ,
4643.Xr wlandebug 8 ,
4644.Xr yp 8 ,
4645.Xr ypbind 8 ,
4646.Xr ypserv 8 ,
4647.Xr ypset 8
4648.Sh HISTORY
4649The
4650.Nm
4651file appeared in
4652.Fx 2.2.2 .
4653.Sh AUTHORS
4654.An Jordan K. Hubbard .
4655