1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd August 28, 2022 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail-specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/etc/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _fib 196.Pq Vt int 197The 198.Xr setfib 1 199value to run the service under. 200.It Ao Ar name Ac Ns Va _group 201.Pq Vt str 202Run the chrooted service under this system group. 203Unlike the 204.Ao Ar name Ac Ns Va _user 205setting, this setting has no effect if the service is not chrooted. 206.It Ao Ar name Ac Ns Va _limits 207.Pq Vt str 208Resource limits to apply to the service using 209.Xr limits 1 . 210By default, resource limits are based on the login class defined in 211.Ao Ar name Ac Ns Va _login_class . 212.It Ao Ar name Ac Ns Va _login_class 213.Pq Vt str 214Login class to be used with 215.Ao Ar name Ac Ns Va _limits . 216Defaults to 217.Dq Li daemon . 218.It Ao Ar name Ac Ns Va _nice 219.Pq Vt int 220The 221.Xr nice 1 222value to run the service under. 223.It Ao Ar name Ac Ns Va _oomprotect 224.Pq Vt str 225Use 226.Xr protect 1 227to prevent the service from being killed when swap space 228is exhausted. 229Use 230.Dq Li YES 231to protect only the service itself, and 232.Dq Li ALL 233to protect the service and all its child processes. 234.Pp 235Please note that rc scripts which redefine 236.Dl ${argument}_cmd 237.Pq see Xr rc.subr 8 238such as PostgreSQL will not inherit the OOM killer protection. 239.Pp 240This variable has no effect on services running within a 241.Xr jail 8 . 242.It Ao Ar name Ac Ns Va _umask 243.Pq Vt int 244Run the service using this 245.Xr umask 1 246value. 247.It Ao Ar name Ac Ns Va _user 248.Pq Vt str 249Run the service under this user account. 250.It Va apm_enable 251.Pq Vt bool 252If set to 253.Dq Li YES , 254enable support for Automatic Power Management with 255the 256.Xr apm 8 257command. 258.It Va apmd_enable 259.Pq Vt bool 260Run 261.Xr apmd 8 262to handle APM event from userland. 263This also enables support for APM. 264.It Va apmd_flags 265.Pq Vt str 266If 267.Va apmd_enable 268is set to 269.Dq Li YES , 270these are the flags to pass to the 271.Xr apmd 8 272daemon. 273.It Va devd_enable 274.Pq Vt bool 275Run 276.Xr devd 8 277to handle device added, removed or unknown events from the kernel. 278.It Va ddb_enable 279.Pq Vt bool 280Run 281.Xr ddb 8 282to install 283.Xr ddb 4 284scripts at boot time. 285.It Va ddb_config 286.Pq Vt str 287Configuration file for 288.Xr ddb 8 . 289Default 290.Pa /etc/ddb.conf . 291.It Va devmatch_enable 292.Pq Vt bool 293If set to 294.Dq Li NO , 295disable auto-loading of kernel modules with 296.Xr devmatch 8 . 297.It Va devmatch_blocklist 298.Pq Vt str 299A whitespace-separated list of kernel modules to be ignored by 300.Xr devmatch 8 . 301In addition, the 302.Xr kenv 1 303.Va devmatch_blocklist 304is appended to this variable to allow disabling of 305.Xr devmatch 8 306loaded modules from the boot loader. 307.It Va devmatch_blacklist 308.Pq Vt str 309This variable is deprecated. 310Use 311.Va devmatch_blocklist 312instead. 313A whitespace-separated list of kernel modules to be ignored by 314.Xr devmatch 8 . 315.It Va kld_list 316.Pq Vt str 317A whitespace-separated list of kernel modules to load right after 318the local disks are mounted, without any 319.Pa .ko 320extension or path. 321Loading modules at this point in the boot process is 322much faster than doing it via 323.Pa /boot/loader.conf 324for those modules not necessary for mounting local disks. 325.It Va kldxref_enable 326.Pq Vt bool 327Set to 328.Dq Li NO 329by default. 330Set to 331.Dq Li YES 332to automatically rebuild 333.Pa linker.hints 334files with 335.Xr kldxref 8 336at boot time. 337.It Va kldxref_clobber 338.Pq Vt bool 339Set to 340.Dq Li NO 341by default. 342If 343.Va kldxref_enable 344is true, 345setting to 346.Dq Li YES 347will overwrite existing 348.Pa linker.hints 349files at boot time. 350Otherwise, 351only missing 352.Pa linker.hints 353files are generated. 354.It Va kldxref_module_path 355.Pq Vt str 356Empty by default. 357A semi-colon 358.Pq Ql \&; 359delimited list of paths containing 360.Xr kld 4 361modules. 362If empty, 363the contents of the 364.Va kern.module_path 365.Xr sysctl 8 366are used. 367.It Va powerd_enable 368.Pq Vt bool 369If set to 370.Dq Li YES , 371enable the system power control facility with the 372.Xr powerd 8 373daemon. 374.It Va powerd_flags 375.Pq Vt str 376If 377.Va powerd_enable 378is set to 379.Dq Li YES , 380these are the flags to pass to the 381.Xr powerd 8 382daemon. 383.It Va tmpmfs 384Controls the creation of a 385.Pa /tmp 386memory file system. 387Always happens if set to 388.Dq Li YES 389and never happens if set to 390.Dq Li NO . 391If set to anything else, a memory file system is created if 392.Pa /tmp 393is not writable. 394.It Va tmpsize 395Controls the size of a created 396.Pa /tmp 397memory file system. 398.It Va tmpmfs_flags 399Extra options passed to the 400.Xr mdmfs 8 401utility when the memory file system for 402.Pa /tmp 403is created. 404The default is 405.Dq Li "-S" , 406which inhibits the use of softupdates on 407.Pa /tmp 408so that file system space is freed without delay 409after file truncation or deletion. 410See 411.Xr mdmfs 8 412for other options you can use in 413.Va tmpmfs_flags . 414.It Va varmfs 415Controls the creation of a 416.Pa /var 417memory file system. 418Always happens if set to 419.Dq Li YES 420and never happens if set to 421.Dq Li NO . 422If set to anything else, a memory file system is created if 423.Pa /var 424is not writable. 425.It Va varsize 426Controls the size of a created 427.Pa /var 428memory file system. 429.It Va varmfs_flags 430Extra options passed to the 431.Xr mdmfs 8 432utility when the memory file system for 433.Pa /var 434is created. 435The default is 436.Dq Li "-S" , 437which inhibits the use of softupdates on 438.Pa /var 439so that file system space is freed without delay 440after file truncation or deletion. 441See 442.Xr mdmfs 8 443for other options you can use in 444.Va varmfs_flags . 445.It Va populate_var 446Controls the automatic population of the 447.Pa /var 448file system. 449Always happens if set to 450.Dq Li YES 451and never happens if set to 452.Dq Li NO . 453If set to anything else, a memory file system is created if 454.Pa /var 455is not writable. 456Note that this process requires access to certain commands in 457.Pa /usr 458before 459.Pa /usr 460is mounted on normal systems. 461.It Va cleanvar_enable 462.Pq Vt bool 463Clean the 464.Pa /var 465directory. 466.It Va var_run_enable 467.Pq Vt bool 468Set to "YES" to enable saving of the 469.Pa /var/run 470directory strcucture into an mtree file at shutdown and the reload of the 471.Pa /var/run 472directory structure at boot. 473.It Va var_run_autosave 474.Pq Vt bool 475In some cases it may be undesirable to save 476.Pa /var/run 477at shutdown. 478When set to "NO" 479.Pa /var/run 480is loaded at reboot but not saved at shutdown. Typically in this scenario 481a 482.Pa service 483.Pa var_run 484.Pa save 485would be performed to save a copy of the 486.Pa /var/run 487directory structure once, to be reload during all subsequent reboots. 488.It Va var_run_mtree 489.Pq Vt str 490Where to save the 491.Pa /var/run 492mtree. The default location is 493.Pa /var/db/mtree/BSD.var-run.mtree . 494.It Va local_startup 495.Pq Vt str 496List of directories to search for startup script files. 497.It Va script_name_sep 498.Pq Vt str 499The field separator to use for breaking down the list of startup script files 500into individual filenames. 501The default is a space. 502It is not necessary to change this unless there are startup scripts with names 503containing spaces. 504.It Va hostapd_enable 505.Pq Vt bool 506Set to 507.Dq Li YES 508to start 509.Xr hostapd 8 510at system boot time. 511.It Va hostname 512.Pq Vt str 513The fully qualified domain name (FQDN) of this host on the network. 514This should almost certainly be set to something meaningful, even if 515there is no network connection. 516If 517.Xr dhclient 8 518is used to set the hostname via DHCP, 519this variable should be set to an empty string. 520Within a 521.Xr jail 8 522the hostname is generally already set and this variable may be absent. 523If this value remains unset when the system is done booting 524your console login will display the default hostname of 525.Dq Amnesiac . 526.It Va nisdomainname 527.Pq Vt str 528The NIS domain name of this host, or 529.Dq Li NO 530if NIS is not used. 531.It Va dhclient_program 532.Pq Vt str 533Path to the DHCP client program 534.Pa ( /sbin/dhclient , 535the 536.Ox 537DHCP client, 538is the default). 539.It Va dhclient_flags 540.Pq Vt str 541Additional flags to pass to the DHCP client program. 542For the 543.Ox 544DHCP client, see the 545.Xr dhclient 8 546manpage for a description of the command line options available. 547.It Va dhclient_flags_ Ns Aq Ar iface 548Additional flags to pass to the DHCP client program running on 549.Ar iface 550only. 551When specified, this variable overrides 552.Va dhclient_flags . 553.It Va background_dhclient 554.Pq Vt bool 555Set to 556.Dq Li YES 557to start the DHCP client in background. 558This can cause trouble with applications depending on 559a working network, but it will provide a faster startup 560in many cases. 561.It Va background_dhclient_ Ns Aq Ar iface 562When specified, this variable overrides the 563.Va background_dhclient 564variable for interface 565.Ar iface 566only. 567.It Va synchronous_dhclient 568.Pq Vt bool 569Set to 570.Dq Li YES 571to start 572.Xr dhclient 8 573synchronously at startup. 574This behavior can be overridden on a per-interface basis by replacing 575the 576.Dq Li DHCP 577keyword in the 578.Va ifconfig_ Ns Aq Ar interface 579variable with 580.Dq Li SYNCDHCP 581or 582.Dq Li NOSYNCDHCP . 583.It Va defaultroute_delay 584.Pq Vt int 585When set to a positive value, wait up to this long after configuring 586DHCP interfaces at startup to give the interfaces time to receive a lease. 587.It Va firewall_enable 588.Pq Vt bool 589Set to 590.Dq Li YES 591to load firewall rules at startup. 592If the kernel was not built with 593.Cd "options IPFIREWALL" , 594the 595.Pa ipfw.ko 596kernel module will be loaded. 597See also 598.Va ipfilter_enable . 599.It Va firewall_script 600.Pq Vt str 601This variable specifies the full path to the firewall script to run. 602The default is 603.Pa /etc/rc.firewall . 604.It Va firewall_type 605.Pq Vt str 606Names the firewall type from the selection in 607.Pa /etc/rc.firewall , 608or the file which contains the local firewall ruleset. 609Valid selections from 610.Pa /etc/rc.firewall 611are: 612.Pp 613.Bl -tag -width ".Li workstation" -compact 614.It Li open 615unrestricted IP access 616.It Li closed 617all IP services disabled, except via 618.Dq Li lo0 619.It Li client 620basic protection for a workstation 621.It Li workstation 622basic protection for a workstation using stateful firewalling 623.It Li simple 624basic protection for a LAN. 625.El 626.Pp 627If a filename is specified, the full path 628must be given. 629.Pp 630Most of the predefined rulesets define additional configuration variables. 631These are documented in 632.Pa /etc/rc.firewall . 633.It Va firewall_quiet 634.Pq Vt bool 635Set to 636.Dq Li YES 637to disable the display of firewall rules on the console during boot. 638.It Va firewall_logging 639.Pq Vt bool 640Set to 641.Dq Li YES 642to enable firewall event logging. 643This is equivalent to the 644.Dv IPFIREWALL_VERBOSE 645kernel option. 646.It Va firewall_logif 647.Pq Vt bool 648Set to 649.Dq Li YES 650to create pseudo interface 651.Li ipfw0 652for logging. 653For more details, see 654.Xr ipfw 8 655manual page. 656.It Va firewall_flags 657.Pq Vt str 658Flags passed to 659.Xr ipfw 8 660if 661.Va firewall_type 662specifies a filename. 663.It Va firewall_coscripts 664.Pq Vt str 665List of executables and/or rc scripts to run after firewall starts/stops. 666Default is empty. 667.\" ----- firewall_nat_enable setting -------------------------------- 668.It Va firewall_nat_enable 669.Pq Vt bool 670The 671.Xr ipfw 8 672equivalent of 673.Va natd_enable . 674Setting this to 675.Dq Li YES 676will automatically load the 677.Xr ipfw 8 678NAT kernel module if 679.Va firewall_enable 680is also set to 681.Dq Li YES . 682.It Va firewall_nat_interface 683.Pq Vt str 684The 685.Xr ipfw 8 686equivalent of 687.Va natd_interface . 688This is the name of the public interface or IP address on which 689kernel NAT should run. 690.It Va firewall_nat_flags 691.Pq Vt str 692Additional configuration parameters for kernel NAT should be placed here. 693.It Va firewall_nat64_enable 694.Pq Vt bool 695Setting this to 696.Dq Li YES 697will automatically load the 698.Xr ipfw 8 699NAT64 kernel module if 700.Va firewall_enable 701is also set to 702.Dq Li YES . 703.It Va firewall_nptv6_enable 704.Pq Vt bool 705Setting this to 706.Dq Li YES 707will automatically load the 708.Xr ipfw 8 709NPTv6 kernel module if 710.Va firewall_enable 711is also set to 712.Dq Li YES . 713.It Va firewall_pmod_enable 714.Pq Vt bool 715Setting this to 716.Dq Li YES 717will automatically load the 718.Xr ipfw 8 719pmod kernel module if 720.Va firewall_enable 721is also set to 722.Dq Li YES . 723.It Va dummynet_enable 724.Pq Vt bool 725Setting this to 726.Dq Li YES 727will automatically load the 728.Xr dummynet 4 729module if 730.Va firewall_enable 731is also set to 732.Dq Li YES . 733.\" ------------------------------------------------------------------- 734.It Va ipfw_netflow_enable 735.Pq Vt bool 736Setting this to 737.Dq Li YES 738will enable netflow logging via 739.Xr ng_netflow 4 740.Pp 741By default a ipfw rule is inserted and all packets are duplicated with 742the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 743port using protocol version 5. 744.It Va ipfw_netflow_hook 745.Pq Vt int 746netflow hook name, must be numerical 747(default 748.Pa 9995 ) . 749.It Va ipfw_netflow_rule 750.Pq Vt int 751ipfw rule number 752(default 753.Pa 1000 ) . 754.It Va ipfw_netflow_ip 755.Pq Vt str 756Destination server ip for receiving netflow data 757(default 758.Pa 127.0.0.1 ) . 759.It Va ipfw_netflow_port 760.Pq Vt int 761Destination server port for receiving netflow data 762(default 763.Pa 9995 ) . 764.It Va ipfw_netflow_version 765.Pq Vt int 766Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 767.It Va ipfw_netflow_fib 768.Pq Vt int 769Only match packet in FIB 770.Pa ipfw_netflow_fib 771(default is undefined meaning all FIBs). 772.It Va natd_program 773.Pq Vt str 774Path to 775.Xr natd 8 . 776.It Va natd_enable 777.Pq Vt bool 778Set to 779.Dq Li YES 780to enable 781.Xr natd 8 . 782.Va firewall_enable 783must also be set to 784.Dq Li YES , 785and 786.Xr divert 4 787sockets must be enabled in the kernel. 788If the kernel was not built with 789.Cd "options IPDIVERT" , 790the 791.Pa ipdivert.ko 792kernel module will be loaded. 793.It Va natd_interface 794.Pq Vt str 795This is the name of the public interface on which 796.Xr natd 8 797should run. 798The interface may be given as an interface name or as an IP address. 799.It Va natd_flags 800.Pq Vt str 801Additional 802.Xr natd 8 803flags should be placed here. 804The 805.Fl n 806or 807.Fl a 808flag is automatically added with the above 809.Va natd_interface 810as an argument. 811.\" ----- ipfilter_enable setting -------------------------------- 812.It Va ipfilter_enable 813.Pq Vt bool 814Set to 815.Dq Li NO 816by default. 817Setting this to 818.Dq Li YES 819enables 820.Xr ipf 8 821packet filtering. 822.Pp 823Typical usage will require putting 824.Bd -literal 825ipfilter_enable="YES" 826ipnat_enable="YES" 827ipmon_enable="YES" 828ipfs_enable="YES" 829.Ed 830.Pp 831into 832.Pa /etc/rc.conf 833and editing 834.Pa /etc/ipf.rules 835and 836.Pa /etc/ipnat.rules 837appropriately. 838.Pp 839Note that 840.Va ipfilter_enable 841and 842.Va ipnat_enable 843can be enabled independently. 844.Va ipmon_enable 845and 846.Va ipfs_enable 847both require at least one of 848.Va ipfilter_enable 849and 850.Va ipnat_enable 851to be enabled. 852.Pp 853Having 854.Bd -literal 855options IPFILTER 856options IPFILTER_LOG 857options IPFILTER_DEFAULT_BLOCK 858.Ed 859.Pp 860in the kernel configuration file is a good idea, too. 861.\" ----- ipfilter_program setting ------------------------------ 862.It Va ipfilter_program 863.Pq Vt str 864Path to 865.Xr ipf 8 866(default 867.Pa /sbin/ipf ) . 868.\" ----- ipfilter_rules setting -------------------------------- 869.It Va ipfilter_rules 870.Pq Vt str 871Set to 872.Pa /etc/ipf.rules 873by default. 874This variable contains the name of the filter rule definition file. 875The file is expected to be readable for the 876.Xr ipf 8 877command to execute. 878.\" ----- ipfilter_flags setting -------------------------------- 879.It Va ipfilter_flags 880.Pq Vt str 881Empty by default. 882This variable contains flags passed to the 883.Xr ipf 8 884program. 885.\" ----- ipnat_enable setting ---------------------------------- 886.It Va ipnat_enable 887.Pq Vt bool 888Set to 889.Dq Li NO 890by default. 891Set it to 892.Dq Li YES 893to enable 894.Xr ipnat 8 895network address translation. 896See 897.Va ipfilter_enable 898for a detailed discussion. 899.\" ----- ipnat_program setting --------------------------------- 900.It Va ipnat_program 901.Pq Vt str 902Path to 903.Xr ipnat 8 904(default 905.Pa /sbin/ipnat ) . 906.\" ----- ipnat_rules setting ----------------------------------- 907.It Va ipnat_rules 908.Pq Vt str 909Set to 910.Pa /etc/ipnat.rules 911by default. 912This variable contains the name of the file 913holding the network address translation definition. 914This file is expected to be readable for the 915.Xr ipnat 8 916command to execute. 917.\" ----- ipnat_flags setting ----------------------------------- 918.It Va ipnat_flags 919.Pq Vt str 920Empty by default. 921This variable contains flags passed to the 922.Xr ipnat 8 923program. 924.\" ----- ipmon_enable setting ---------------------------------- 925.It Va ipmon_enable 926.Pq Vt bool 927Set to 928.Dq Li NO 929by default. 930Set it to 931.Dq Li YES 932to enable 933.Xr ipmon 8 934monitoring (logging 935.Xr ipf 8 936and 937.Xr ipnat 8 938events). 939Setting this variable needs setting 940.Va ipfilter_enable 941or 942.Va ipnat_enable 943too. 944See 945.Va ipfilter_enable 946for a detailed discussion. 947.\" ----- ipmon_program setting --------------------------------- 948.It Va ipmon_program 949.Pq Vt str 950Path to 951.Xr ipmon 8 952(default 953.Pa /sbin/ipmon ) . 954.\" ----- ipmon_flags setting ----------------------------------- 955.It Va ipmon_flags 956.Pq Vt str 957Set to 958.Dq Li -Ds 959by default. 960This variable contains flags passed to the 961.Xr ipmon 8 962program. 963Another typical example would be 964.Dq Fl D Pa /var/log/ipflog 965to have 966.Xr ipmon 8 967log directly to a file bypassing 968.Xr syslogd 8 . 969Make sure to adjust 970.Pa /etc/newsyslog.conf 971in such case like this: 972.Bd -literal 973/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 974.Ed 975.\" ----- ipfs_enable setting ----------------------------------- 976.It Va ipfs_enable 977.Pq Vt bool 978Set to 979.Dq Li NO 980by default. 981Set it to 982.Dq Li YES 983to enable 984.Xr ipfs 8 985saving the filter and NAT state tables during shutdown 986and reloading them during startup again. 987Setting this variable needs setting 988.Va ipfilter_enable 989or 990.Va ipnat_enable 991to 992.Dq Li YES 993too. 994See 995.Va ipfilter_enable 996for a detailed discussion. 997Note that if 998.Va kern_securelevel 999is set to 3, 1000.Va ipfs_enable 1001cannot be used 1002because the raised securelevel will prevent 1003.Xr ipfs 8 1004from saving the state tables at shutdown time. 1005.\" ----- ipfs_program setting ---------------------------------- 1006.It Va ipfs_program 1007.Pq Vt str 1008Path to 1009.Xr ipfs 8 1010(default 1011.Pa /sbin/ipfs ) . 1012.\" ----- ipfs_flags setting ------------------------------------ 1013.It Va ipfs_flags 1014.Pq Vt str 1015Empty by default. 1016This variable contains flags passed to the 1017.Xr ipfs 8 1018program. 1019.\" ----- end of added ipf hook --------------------------------- 1020.It Va pf_enable 1021.Pq Vt bool 1022Set to 1023.Dq Li NO 1024by default. 1025Setting this to 1026.Dq Li YES 1027enables 1028.Xr pf 4 1029packet filtering. 1030.Pp 1031Typical usage will require putting 1032.Pp 1033.Dl pf_enable="YES" 1034.Pp 1035into 1036.Pa /etc/rc.conf 1037and editing 1038.Pa /etc/pf.conf 1039appropriately. 1040Adding 1041.Pp 1042.Dl "device pf" 1043.Pp 1044builds support for 1045.Xr pf 4 1046into the kernel, otherwise the 1047kernel module will be loaded. 1048.It Va pf_rules 1049.Pq Vt str 1050Path to 1051.Xr pf 4 1052ruleset configuration file 1053(default 1054.Pa /etc/pf.conf ) . 1055.It Va pf_program 1056.Pq Vt str 1057Path to 1058.Xr pfctl 8 1059(default 1060.Pa /sbin/pfctl ) . 1061.It Va pf_flags 1062.Pq Vt str 1063If 1064.Va pf_enable 1065is set to 1066.Dq Li YES , 1067these flags are passed to the 1068.Xr pfctl 8 1069program when loading the ruleset. 1070.It Va pf_fallback_rules_enable 1071.Pq Vt bool 1072Set to 1073.Dq Li NO 1074by default. 1075Setting this to 1076.Dq Li YES 1077enables loading 1078.Va pf_fallback_rules_file 1079or 1080.Va pf_fallback_rules 1081in case of a problem when loading the ruleset in 1082.Va pf_rules . 1083.It Va pf_fallback_rules_file 1084.Pq Vt str 1085Path to a pf ruleset to load in case of failure when loading the 1086ruleset in 1087.Va pf_rules 1088(default 1089.Pa /etc/pf-fallback.conf ) . 1090.It Va pf_fallback_rules 1091.Pq Vt str 1092A pf ruleset to load in case of failure when loading the ruleset in 1093.Va pf_rules 1094and 1095.Va pf_fallback_rules_file 1096is not found. 1097Multiple rules can be set as follows: 1098.Bd -literal 1099pf_fallback_rules="\\ 1100 block drop log all\\ 1101 pass in quick on em0" 1102.Pp 1103.Ed 1104The default fallback rule is 1105.Dq block drop log all 1106.It Va pflog_enable 1107.Pq Vt bool 1108Set to 1109.Dq Li NO 1110by default. 1111Setting this to 1112.Dq Li YES 1113enables 1114.Xr pflogd 8 1115which logs packets from the 1116.Xr pf 4 1117packet filter. 1118.It Va pflog_logfile 1119.Pq Vt str 1120If 1121.Va pflog_enable 1122is set to 1123.Dq Li YES 1124this controls where 1125.Xr pflogd 8 1126stores the logfile 1127(default 1128.Pa /var/log/pflog ) . 1129Check 1130.Pa /etc/newsyslog.conf 1131to adjust logfile rotation for this. 1132.It Va pflog_program 1133.Pq Vt str 1134Path to 1135.Xr pflogd 8 1136(default 1137.Pa /sbin/pflogd ) . 1138.It Va pflog_flags 1139.Pq Vt str 1140Empty by default. 1141This variable contains additional flags passed to the 1142.Xr pflogd 8 1143program. 1144.It Va pflog_instances 1145.Pq Vt str 1146If logging to more than one 1147.Xr pflog 4 1148interface is desired, 1149.Va pflog_instances 1150is set to the list of 1151.Xr pflogd 8 1152instances that should be started at system boot time. 1153If 1154.Va pflog_instances 1155is set, for each whitespace-separated 1156.Ar element 1157in the list, 1158.Ao Ar element Ac Ns Va _dev 1159and 1160.Ao Ar element Ac Ns Va _logfile 1161elements are assumed to exist. 1162.Ao Ar element Ac Ns Va _dev 1163must contain the 1164.Xr pflog 4 1165interface to be watched by the named 1166.Xr pflogd 8 1167instance. 1168.Ao Ar element Ac Ns Va _logfile 1169must contain the name of the logfile that will be used by the 1170.Xr pflogd 8 1171instance. 1172.It Va ftpproxy_enable 1173.Pq Vt bool 1174Set to 1175.Dq Li NO 1176by default. 1177Setting this to 1178.Dq Li YES 1179enables 1180.Xr ftp-proxy 8 1181which supports the 1182.Xr pf 4 1183packet filter in translating ftp connections. 1184.It Va ftpproxy_flags 1185.Pq Vt str 1186Empty by default. 1187This variable contains additional flags passed to the 1188.Xr ftp-proxy 8 1189program. 1190.It Va ftpproxy_instances 1191.Pq Vt str 1192Empty by default. 1193If multiple instances of 1194.Xr ftp-proxy 8 1195are desired at boot time, 1196.Va ftpproxy_instances 1197should contain a whitespace-separated list of instance names. 1198For each 1199.Ar element 1200in the list, a variable named 1201.Ao Ar element Ac Ns Va _flags 1202should be defined, containing the command-line flags to be passed to the 1203.Xr ftp-proxy 8 1204instance. 1205.It Va pfsync_enable 1206.Pq Vt bool 1207Set to 1208.Dq Li NO 1209by default. 1210Setting this to 1211.Dq Li YES 1212enables exposing 1213.Xr pf 4 1214state changes to other hosts over the network by means of 1215.Xr pfsync 4 . 1216The 1217.Va pfsync_syncdev 1218variable 1219must also be set then. 1220.It Va pfsync_syncdev 1221.Pq Vt str 1222Empty by default. 1223This variable specifies the name of the network interface 1224.Xr pfsync 4 1225should operate through. 1226It must be set accordingly if 1227.Va pfsync_enable 1228is set to 1229.Dq Li YES . 1230.It Va pfsync_syncpeer 1231.Pq Vt str 1232Empty by default. 1233This variable is optional. 1234By default, state change messages are sent out on the synchronisation 1235interface using IP multicast packets. 1236The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1237224.0.0.240. 1238When a peer address is specified using the 1239.Va pfsync_syncpeer 1240option, the peer address is used as a destination for the pfsync 1241traffic, and the traffic can then be protected using 1242.Xr ipsec 4 . 1243See the 1244.Xr pfsync 4 1245manpage for more details about using 1246.Xr ipsec 4 1247with 1248.Xr pfsync 4 1249interfaces. 1250.It Va pfsync_ifconfig 1251.Pq Vt str 1252Empty by default. 1253This variable can contain additional options to be passed to the 1254.Xr ifconfig 8 1255command used to set up 1256.Xr pfsync 4 . 1257.It Va tcp_extensions 1258.Pq Vt bool 1259Set to 1260.Dq Li YES 1261by default. 1262Setting this to 1263.Dq Li NO 1264disables certain TCP options as described by 1265.Rs 1266.%T "RFC 1323" 1267.Re 1268Setting this to 1269.Dq Li NO 1270might help remedy such problems with connections as randomly hanging 1271or other weird behavior. 1272Some network devices are known 1273to be broken with respect to these options. 1274.It Va log_in_vain 1275.Pq Vt int 1276Set to 0 by default. 1277The 1278.Xr sysctl 8 1279variables, 1280.Va net.inet.tcp.log_in_vain 1281and 1282.Va net.inet.udp.log_in_vain , 1283as described in 1284.Xr tcp 4 1285and 1286.Xr udp 4 , 1287are set to the given value. 1288.It Va tcp_keepalive 1289.Pq Vt bool 1290Set to 1291.Dq Li YES 1292by default. 1293Setting to 1294.Dq Li NO 1295will disable probing idle TCP connections to verify that the 1296peer is still up and reachable. 1297.It Va tcp_drop_synfin 1298.Pq Vt bool 1299Set to 1300.Dq Li NO 1301by default. 1302Setting to 1303.Dq Li YES 1304will cause the kernel to ignore TCP frames that have both 1305the SYN and FIN flags set. 1306This prevents OS fingerprinting, but may 1307break some legitimate applications. 1308.It Va icmp_drop_redirect 1309.Pq Vt bool 1310Set to 1311.Dq Li AUTO 1312by default. 1313This setting will be identical to 1314.Dq Li YES , 1315if a dynamicrouting daemon is enabled, because redirect processing may 1316cause performance issues for large routing tables. 1317If no such service is enabled, this setting behaves like a 1318.Dq Li NO . 1319Setting to 1320.Dq Li YES 1321will cause the kernel to ignore ICMP REDIRECT packets. 1322Setting to 1323.Dq Li NO 1324will cause the kernel to process ICMP REDIRECT packets. 1325Refer to 1326.Xr icmp 4 1327for more information. 1328.It Va icmp_log_redirect 1329.Pq Vt bool 1330Set to 1331.Dq Li NO 1332by default. 1333Setting to 1334.Dq Li YES 1335will cause the kernel to log ICMP REDIRECT packets. 1336Note that 1337the log messages are not rate-limited, so this option should only be used 1338for troubleshooting networks. 1339Refer to 1340.Xr icmp 4 1341for more information. 1342.It Va icmp_bmcastecho 1343.Pq Vt bool 1344Set to 1345.Dq Li YES 1346to respond to broadcast or multicast ICMP ping packets. 1347Refer to 1348.Xr icmp 4 1349for more information. 1350.It Va ip_portrange_first 1351.Pq Vt int 1352If not set to 1353.Dq Li NO , 1354this is the first port in the default portrange. 1355Refer to 1356.Xr ip 4 1357for more information. 1358.It Va ip_portrange_last 1359.Pq Vt int 1360If not set to 1361.Dq Li NO , 1362this is the last port in the default portrange. 1363Refer to 1364.Xr ip 4 1365for more information. 1366.It Va network_interfaces 1367.Pq Vt str 1368Set to the list of network interfaces to configure on this host or 1369.Dq Li AUTO 1370(the default) for all current interfaces. 1371Setting the 1372.Va network_interfaces 1373variable to anything other than the default is deprecated. 1374Interfaces that the administrator wishes to store configuration for, 1375but not start at boot should be configured with the 1376.Dq Li NOAUTO 1377keyword in their 1378.Va ifconfig_ Ns Aq Ar interface 1379variables as described below. 1380.Pp 1381An 1382.Va ifconfig_ Ns Aq Ar interface 1383variable is also assumed to exist for each value of 1384.Ar interface . 1385When an interface name contains any of the characters 1386.Dq Li .-/+ 1387they are translated to 1388.Dq Li _ 1389before lookup. 1390The variable can contain arguments to 1391.Xr ifconfig 8 , 1392as well as special case-insensitive keywords described below. 1393Such keywords are removed before passing the value to 1394.Xr ifconfig 8 1395while the order of the other arguments is preserved. 1396.Pp 1397It is possible to add IP alias entries using 1398.Xr ifconfig 8 1399syntax with the address family keyword such as 1400.Li inet . 1401Assuming that the interface in question was 1402.Li em0 , 1403it might look something like this: 1404.Bd -literal 1405ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1406ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1407.Ed 1408.Pp 1409It also possible to configure multiple IP addresses in Classless 1410Inter-Domain Routing 1411.Pq CIDR 1412address notation, 1413whose each address component can be a range like 1414.Li inet 192.0.2.5-23/24 1415or 1416.Li inet6 2001:db8:1-f::1/64 . 1417This notation allows address and prefix length part only, 1418not the other address modifiers. 1419Note that the maximum number of the generated addresses from a range 1420specification is limited to an integer value specified in 1421.Va netif_ipexpand_max 1422in 1423.Nm 1424because a small typo can unexpectedly generate a large number of addresses. 1425The default value is 1426.Li 2048 . 1427It can be increased by adding the following line into 1428.Nm : 1429.Bd -literal 1430netif_ipexpand_max="4096" 1431.Ed 1432.Pp 1433In the case of 1434.Li 192.0.2.5-23/24 , 1435the address 192.0.2.5 will be configured with the 1436netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1437the non-conflicting netmask /32 as explained in the 1438.Xr ifconfig 8 1439alias section. 1440Note that this special netmask handling is only for 1441.Li inet , 1442not for the other address families such as 1443.Li inet6 . 1444.Pp 1445With the interface in question being 1446.Li em0 , 1447an example could look like: 1448.Bd -literal 1449ifconfig_em0_alias2="inet 192.0.2.129/27" 1450ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1451.Ed 1452.Pp 1453and so on. 1454.Pp 1455Note that deprecated 1456.Va ipv4_addrs_ Ns Aq Ar interface 1457variable was supported for IPv4 CIDR address notation. 1458The 1459.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1460variable replaces it, though 1461.Va ipv4_addrs_ Ns Aq Ar interface 1462is still supported for backward compatibility. 1463.Pp 1464For each 1465.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1466entry with an address family keyword, 1467its contents are passed to 1468.Xr ifconfig 8 . 1469Execution stops at the first unsuccessful access, so if 1470something like this is present: 1471.Bd -literal 1472ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1473ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1474ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1475ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1476.Ed 1477.Pp 1478Then note that alias4 would 1479.Em not 1480be added since the search would 1481stop with the missing 1482.Dq Li alias3 1483entry. 1484Because of this difficult to manage behavior, 1485there is 1486.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1487variable, which has the same functionality as 1488.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1489and can have all of entries in a variable like the following: 1490.Bd -literal 1491ifconfig_em0_aliases="\\ 1492 inet 127.0.0.251 netmask 0xffffffff \\ 1493 inet 127.0.0.252 netmask 0xffffffff \\ 1494 inet 127.0.0.253 netmask 0xffffffff \\ 1495 inet 127.0.0.254 netmask 0xffffffff" 1496.Ed 1497.Pp 1498It also supports CIDR notation. 1499.Pp 1500If the 1501.Pa /etc/start_if . Ns Aq Ar interface 1502file is present, it is read and executed by the 1503.Xr sh 1 1504interpreter 1505before configuring the interface as specified in the 1506.Va ifconfig_ Ns Aq Ar interface 1507and 1508.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1509variables. 1510.Pp 1511If a 1512.Va vlans_ Ns Aq Ar interface 1513variable is set, 1514a 1515.Xr vlan 4 1516interface will be created for each item in the list with the 1517.Ar vlandev 1518argument set to 1519.Ar interface . 1520If a vlan interface's name is a number, 1521then that number is used as the vlan tag and the new vlan interface is 1522named 1523.Ar interface . Ns Ar tag . 1524Otherwise, 1525the vlan tag must be specified via a 1526.Va vlan 1527parameter in the 1528.Va create_args_ Ns Aq Ar interface 1529variable. 1530.Pp 1531To create a vlan device named 1532.Li em0.101 1533on 1534.Li em0 1535with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1536.Bd -literal 1537vlans_em0="101" 1538ifconfig_em0_101="inet 192.0.2.1/24" 1539.Ed 1540.Pp 1541To create a vlan device named 1542.Li myvlan 1543on 1544.Li em0 1545with the vlan tag 102: 1546.Bd -literal 1547vlans_em0="myvlan" 1548create_args_myvlan="vlan 102" 1549.Ed 1550.Pp 1551If a 1552.Va wlans_ Ns Aq Ar interface 1553variable is set, 1554an 1555.Xr wlan 4 1556interface will be created for each item in the list with the 1557.Ar wlandev 1558argument set to 1559.Ar interface . 1560Further wlan cloning arguments may be passed to the 1561.Xr ifconfig 8 1562.Cm create 1563command by setting the 1564.Va create_args_ Ns Aq Ar interface 1565variable. 1566One or more 1567.Xr wlan 4 1568devices must be created for each wireless devices as of 1569.Fx 8.0 . 1570Debugging flags for 1571.Xr wlan 4 1572devices as set by 1573.Xr wlandebug 8 1574may be specified with an 1575.Va wlandebug_ Ns Aq Ar interface 1576variable. 1577The contents of this variable will be passed directly to 1578.Xr wlandebug 8 . 1579.Pp 1580If the 1581.Va ifconfig_ Ns Aq Ar interface 1582contains the keyword 1583.Dq Li NOAUTO 1584then the interface will not be configured 1585at boot or by 1586.Pa /etc/pccard_ether 1587when 1588.Va network_interfaces 1589is set to 1590.Dq Li AUTO . 1591.Pp 1592It is possible to bring up an interface with DHCP by adding 1593.Dq Li DHCP 1594to the 1595.Va ifconfig_ Ns Aq Ar interface 1596variable. 1597For instance, to initialize the 1598.Li em0 1599device via DHCP, 1600it is possible to use something like: 1601.Bd -literal 1602ifconfig_em0="DHCP" 1603.Ed 1604.Pp 1605If you want to configure your wireless interface with 1606.Xr wpa_supplicant 8 1607for use with WPA, EAP/LEAP or WEP, you need to add 1608.Dq Li WPA 1609to the 1610.Va ifconfig_ Ns Aq Ar interface 1611variable. 1612.Pp 1613On the other hand, if you want to configure your wireless interface with 1614.Xr hostapd 8 , 1615you need to add 1616.Dq Li HOSTAP 1617to the 1618.Va ifconfig_ Ns Aq Ar interface 1619variable. 1620.Xr hostapd 8 1621will use the settings from 1622.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1623.Pp 1624Finally, you can add 1625.Xr ifconfig 8 1626options in this variable, in addition to the 1627.Pa /etc/start_if . Ns Aq Ar interface 1628file. 1629For instance, to configure an 1630.Xr ath 4 1631wireless device in station mode with an address obtained 1632via DHCP, using WPA authentication and 802.11b mode, it is 1633possible to use something like: 1634.Bd -literal 1635wlans_ath0="wlan0" 1636ifconfig_wlan0="DHCP WPA mode 11b" 1637.Ed 1638.Pp 1639In addition to the 1640.Va ifconfig_ Ns Aq Ar interface 1641form, a fallback variable 1642.Va ifconfig_DEFAULT 1643may be configured. 1644It will be used for all interfaces with no 1645.Va ifconfig_ Ns Aq Ar interface 1646variable. 1647This is intended to replace the no longer supported 1648.Va pccard_ifconfig 1649variable. 1650.Pp 1651It is also possible to rename an interface by doing: 1652.Bd -literal 1653ifconfig_em0_name="net0" 1654ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1655.Ed 1656.It Va ipv6_enable 1657.Pq Vt bool 1658This variable is deprecated. 1659Use 1660.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1661and 1662.Va ipv6_activate_all_interfaces 1663if necessary. 1664.Pp 1665If the variable is 1666.Dq Li YES , 1667.Dq Li inet6 accept_rtadv 1668is added to all of 1669.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1670and the 1671.Va ipv6_activate_all_interfaces 1672is defined as 1673.Dq Li YES . 1674.It Va ipv6_prefer 1675.Pq Vt bool 1676This variable is deprecated. 1677Use 1678.Va ip6addrctl_policy 1679instead. 1680.Pp 1681If the variable is 1682.Dq Li YES , 1683the default address selection policy table set by 1684.Xr ip6addrctl 8 1685will be IPv6-preferred. 1686.Pp 1687If the variable is 1688.Dq Li NO , 1689the default address selection policy table set by 1690.Xr ip6addrctl 8 1691will be IPv4-preferred. 1692.It Va ipv6_activate_all_interfaces 1693.Pq Vt bool 1694This controls initial configuration on IPv6-capable 1695interfaces with no corresponding 1696.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1697variable. 1698Note that it is not always necessary to set this variable to 1699.Dq YES 1700to use IPv6 functionality on 1701.Fx . 1702In most cases, just configuring 1703.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1704variables works. 1705.Pp 1706If the variable is 1707.Dq Li NO , 1708all interfaces which do not have a corresponding 1709.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1710variable will be marked as 1711.Dq Li IFDISABLED 1712at creation. 1713This means that all of IPv6 functionality on that interface 1714is completely disabled to enforce a security policy. 1715If the variable is set to 1716.Dq YES , 1717the flag will be cleared on all of the interfaces. 1718.Pp 1719In most cases, just defining an 1720.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1721for an IPv6-capable interface should be sufficient. 1722However, if an interface is added dynamically 1723.Pq by some tunneling protocols such as PPP, for example , 1724it is often difficult to define the variable in advance. 1725In such a case, configuring the 1726.Dq Li IFDISABLED 1727flag can be disabled by setting this variable to 1728.Dq YES . 1729.Pp 1730For more details of the 1731.Dq Li IFDISABLED 1732flag and keywords 1733.Dq Li inet6 ifdisabled , 1734see 1735.Xr ifconfig 8 . 1736.Pp 1737Default is 1738.Dq Li NO . 1739.It Va ipv6_privacy 1740.Pq Vt bool 1741If the variable is 1742.Dq Li YES 1743privacy addresses will be generated for each IPv6 1744interface as described in RFC 4941. 1745.It Va ipv6_network_interfaces 1746.Pq Vt str 1747This is the IPv6 equivalent of 1748.Va network_interfaces . 1749Normally manual configuration of this variable is not needed. 1750.It Va ipv6_cpe_wanif 1751.Pq Vt str 1752If the variable is set to an interface name, 1753the 1754.Xr ifconfig 8 1755options 1756.Dq inet6 -no_radr accept_rtadv 1757will be added to the specified interface automatically before evaluating 1758.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1759and two 1760.Xr sysctl 8 1761variables 1762.Va net.inet6.ip6.rfc6204w3 1763and 1764.Va net.inet6.ip6.no_radr 1765will be set to 1. 1766.Pp 1767This means the specified interface will accept ICMPv6 Router 1768Advertisement messages on that link and add the discovered 1769routers into the Default Router List. 1770While the other interfaces can still accept RA messages if the 1771.Dq inet6 accept_rtadv 1772option is specified, adding 1773routes into the Default Router List will be disabled by 1774.Dq inet6 no_radr 1775option by default. 1776See 1777.Xr ifconfig 8 1778for more details. 1779.Pp 1780Note that ICMPv6 Router Advertisement messages will be 1781accepted even when 1782.Va net.inet6.ip6.forwarding 1783is 1 1784.Pq packet forwarding is enabled 1785when 1786.Va net.inet6.ip6.rfc6204w3 1787is set to 1. 1788.Pp 1789Default is 1790.Dq Li NO . 1791.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1792.Pq Vt str 1793This assigns arbitrary description to an interface. 1794The 1795.Xr sysctl 8 1796variable 1797.Va net.ifdescr_maxlen 1798limits its length. 1799This static setting may be overridden by commands 1800started with dynamic interface configuration utilities 1801like 1802.Xr dhclient 8 1803hooks. 1804The description can be seen with 1805.Xr ifconfig 8 1806command and it may be exported with 1807.Xr bsnmpd 1 1808daemon using its MIB-2 module. 1809.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1810.Pq Vt str 1811IPv6 functionality on an interface should be configured by 1812.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1813instead of setting ifconfig parameters in 1814.Va ifconfig_ Ns Aq Ar interface . 1815If this variable is empty, all of IPv6 configurations on the 1816specified interface by other variables such as 1817.Va ipv6_prefix_ Ns Ao Ar interface Ac 1818will be ignored. 1819.Pp 1820Aliases should be set by 1821.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1822with 1823.Dq Li inet6 1824keyword. 1825For example: 1826.Bd -literal 1827ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1828ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1829.Ed 1830.Pp 1831Interfaces that have an 1832.Dq Li inet6 accept_rtadv 1833keyword in 1834.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1835setting will be automatically configured by SLAAC 1836.Pq StateLess Address AutoConfiguration 1837described in 1838.Rs 1839.%T "RFC 4862" 1840.Re 1841.Pp 1842Note that a link-local address will be automatically configured in 1843addition to the configured global-scope addresses because the IPv6 1844specifications require it on each link. 1845The address is calculated from the MAC address by using an algorithm 1846defined in 1847.Rs 1848.%T "RFC 4862" 1849.%O "Section 5.3" 1850.Re 1851.Pp 1852If only a link-local address is needed on the interface, 1853the following configuration can be used: 1854.Bd -literal 1855ifconfig_em0_ipv6="inet6 auto_linklocal" 1856.Ed 1857.Pp 1858A link-local address can also be configured manually. 1859This is useful for the default router address of an IPv6 router 1860so that it does not change when the network interface 1861card is replaced. 1862For example: 1863.Bd -literal 1864ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1865.Ed 1866.It Va ipv6_prefix_ Ns Aq Ar interface 1867.Pq Vt str 1868If one or more prefixes are defined in 1869.Va ipv6_prefix_ Ns Aq Ar interface 1870addresses based on each prefix and the EUI-64 interface index will be 1871configured on that interface. 1872Note that this variable will be ignored when 1873.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1874is empty. 1875.Pp 1876For example, the following configuration 1877.Bd -literal 1878ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1879.Ed 1880.Pp 1881is equivalent to the following: 1882.Bd -literal 1883ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1884ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1885ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1886ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1887.Ed 1888.Pp 1889These Subnet-Router anycast addresses will be added only when 1890.Va ipv6_gateway_enable 1891is YES. 1892.It Va ipv6_default_interface 1893.Pq Vt str 1894If not set to 1895.Dq Li NO , 1896this is the default output interface for scoped addresses. 1897This works only with ipv6_gateway_enable="NO". 1898.It Va ip6addrctl_enable 1899.Pq Vt bool 1900This variable is to enable configuring default address selection policy table 1901.Pq RFC 3484 . 1902The table can be specified in another variable 1903.Va ip6addrctl_policy . 1904For 1905.Va ip6addrctl_policy 1906the following keywords can be specified: 1907.Dq Li ipv4_prefer , 1908.Dq Li ipv6_prefer , 1909or 1910.Dq Li AUTO . 1911.Pp 1912If 1913.Dq Li ipv4_prefer 1914or 1915.Dq Li ipv6_prefer 1916is specified, 1917.Xr ip6addrctl 8 1918installs a pre-defined policy table described in Section 10.3 1919.Pq IPv4-preferred 1920or 2.1 1921.Pq IPv6-preferred 1922of RFC 3484. 1923.Pp 1924If 1925.Dq Li AUTO 1926is specified, it attempts to read a file 1927.Pa /etc/ip6addrctl.conf 1928first. 1929If this file is found, 1930.Xr ip6addrctl 8 1931reads and installs it. 1932If not found, a policy is automatically set 1933according to 1934.Va ipv6_activate_all_interfaces 1935variable; if the variable is set to 1936.Dq Li YES 1937the IPv6-preferred one is used. 1938Otherwise IPv4-preferred. 1939.Pp 1940The default value of 1941.Va ip6addrctl_enable 1942and 1943.Va ip6addrctl_policy 1944are 1945.Dq Li YES 1946and 1947.Dq Li AUTO , 1948respectively. 1949.It Va cloned_interfaces 1950.Pq Vt str 1951Set to the list of clonable network interfaces to create on this host. 1952Further cloning arguments may be passed to the 1953.Xr ifconfig 8 1954.Cm create 1955command for each interface by setting the 1956.Va create_args_ Ns Aq Ar interface 1957variable. 1958If an interface name is specified with 1959.Dq :sticky 1960keyword, 1961the interface will not be destroyed even when 1962.Pa rc.d/netif 1963script is invoked with 1964.Dq stop 1965argument. 1966This is useful when reconfiguring the interface without destroying it. 1967Entries in 1968.Va cloned_interfaces 1969are automatically appended to 1970.Va network_interfaces 1971for configuration. 1972.It Va cloned_interfaces_sticky 1973.Pq Vt bool 1974This variable is to globally enable functionality of 1975.Dq :sticky 1976keyword in 1977.Va cloned_interfaces 1978for all interfaces. 1979The default value is 1980.Dq NO . 1981Even if this variable is specified to 1982.Dq YES , 1983.Dq :nosticky 1984keyword can be used to override it on per interface basis. 1985.It Va gif_interfaces 1986Set to the list of 1987.Xr gif 4 1988tunnel interfaces to configure on this host. 1989A 1990.Va gifconfig_ Ns Aq Ar interface 1991variable is assumed to exist for each value of 1992.Ar interface . 1993The value of this variable is used to configure the link layer of the 1994tunnel using the 1995.Cm tunnel 1996option to 1997.Xr ifconfig 8 . 1998Additionally, this option ensures that each listed interface is created 1999via the 2000.Cm create 2001option to 2002.Xr ifconfig 8 2003before attempting to configure it. 2004.Pp 2005For example, configure two 2006.Xr gif 4 2007interfaces with: 2008.Bd -literal 2009gif_interfaces="gif0 gif1" 2010gifconfig_gif0="100.64.0.1 100.64.0.2" 2011ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 2012gifconfig_gif1="inet6 2a00::1 2a01::1" 2013ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 2014.Ed 2015.It Va ppp_enable 2016.Pq Vt bool 2017If set to 2018.Dq Li YES , 2019run the 2020.Xr ppp 8 2021daemon. 2022.It Va ppp_profile 2023.Pq Vt str 2024The name of the profile to use from 2025.Pa /etc/ppp/ppp.conf . 2026Also used for per-profile overrides of 2027.Va ppp_mode 2028and 2029.Va ppp_nat , 2030and 2031.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2032When the profile name contains any of the characters 2033.Dq Li .-/+ 2034they are translated to 2035.Dq Li _ 2036for the proposes of the override variable names. 2037.It Va ppp_mode 2038.Pq Vt str 2039Mode in which to run the 2040.Xr ppp 8 2041daemon. 2042.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2043.Pq Vt str 2044Overrides the global 2045.Va ppp_mode 2046for 2047.Ar profile . 2048Accepted modes are 2049.Dq Li auto , 2050.Dq Li ddial , 2051.Dq Li direct 2052and 2053.Dq Li dedicated . 2054See the manual for a full description. 2055.It Va ppp_nat 2056.Pq Vt bool 2057If set to 2058.Dq Li YES , 2059enables network address translation. 2060Used in conjunction with 2061.Va gateway_enable 2062allows hosts on private network addresses access to the Internet using 2063this host as a network address translating router. 2064Default is 2065.Dq Li YES . 2066.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2067.Pq Vt str 2068Overrides the global 2069.Va ppp_nat 2070for 2071.Ar profile . 2072.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2073.Pq Vt int 2074Set the unit number to be used for this profile. 2075See the manual description of 2076.Fl unit Ns Ar N 2077for details. 2078.It Va ppp_user 2079.Pq Vt str 2080The name of the user under which 2081.Xr ppp 8 2082should be started. 2083By 2084default, 2085.Xr ppp 8 2086is started as 2087.Dq Li root . 2088.It Va rc_conf_files 2089.Pq Vt str 2090This option is used to specify a list of files that will override 2091the settings in 2092.Pa /etc/defaults/rc.conf . 2093The files will be read in the order in which they are specified and should 2094include the full path to the file. 2095By default, the files specified are 2096.Pa /etc/rc.conf 2097and 2098.Pa /etc/rc.conf.local 2099.It Va zfs_enable 2100.Pq Vt bool 2101If set to 2102.Dq Li YES , 2103.Pa /etc/rc.d/zfs 2104will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2105(ZVOLs). 2106.It Va zpool_reguid 2107.Pq Vt str 2108A space-separated list of ZFS pool names for which new pool GUIDs should be 2109assigned upon first boot. 2110This is useful when using a ZFS pool copied from a template, such as a virtual 2111machine image. 2112.It Va gptboot_enable 2113.Pq Vt bool 2114If set to 2115.Dq Li YES , 2116.Pa /etc/rc.d/gptboot 2117will log if the system successfully (or not) booted from a GPT partition, 2118which had the 2119.Ar bootonce 2120attribute set using 2121.Xr gpart 8 2122utility. 2123.It Va gbde_autoattach_all 2124.Pq Vt bool 2125If set to 2126.Dq Li YES , 2127.Pa /etc/rc.d/gbde 2128will attempt to automatically initialize your .bde devices in 2129.Pa /etc/fstab . 2130.It Va gbde_devices 2131.Pq Vt str 2132List the devices that the script should try to attach, 2133or 2134.Dq Li AUTO . 2135.It Va gbde_lockdir 2136.Pq Vt str 2137The directory where the 2138.Xr gbde 4 2139lockfiles are located. 2140The default lockfile directory is 2141.Pa /etc . 2142.Pp 2143The lockfile for each individual 2144.Xr gbde 4 2145device can be overridden by setting the variable 2146.Va gbde_lock_ Ns Aq Ar device , 2147where 2148.Ar device 2149is the encrypted device without the 2150.Dq Pa /dev/ 2151and 2152.Dq Pa .bde 2153parts. 2154.It Va gbde_attach_attempts 2155.Pq Vt int 2156Number of times to attempt attaching to a 2157.Xr gbde 4 2158device, i.e., how many times the user is asked for the pass-phrase. 2159Default is 3. 2160.It Va geli_devices 2161.Pq Vt str 2162List of devices to automatically attach on boot. 2163Note that .eli devices from 2164.Pa /etc/fstab 2165are automatically appended to this list. 2166.It Va geli_groups 2167.Pq Vt str 2168List of groups containing devices to automatically attach on boot with the same 2169keyfiles and passphrase. 2170This must be accompanied with a corresponding 2171.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2172variable. 2173.It Va geli_tries 2174.Pq Vt int 2175Number of times user is asked for the pass-phrase. 2176If empty, it will be taken from 2177.Va kern.geom.eli.tries 2178sysctl variable. 2179.It Va geli_default_flags 2180.Pq Vt str 2181Default flags to use by 2182.Xr geli 8 2183when configuring disk encryption. 2184Flags can be configured for every device separately by defining the 2185.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2186variable, and for every group separately by defining the 2187.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2188variable. 2189.It Va geli_autodetach 2190.Pq Vt str 2191Specifies if GELI devices should be marked for detach on last close after 2192file systems are mounted. 2193Default is 2194.Dq Li YES . 2195This can be changed for every device separately by defining the 2196.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2197variable. 2198.It Va root_rw_mount 2199.Pq Vt bool 2200Set to 2201.Dq Li YES 2202by default. 2203After the file systems are checked at boot time, the root file system 2204is remounted as read-write if this is set to 2205.Dq Li YES . 2206Diskless systems that mount their root file system from a read-only remote 2207NFS share should set this to 2208.Dq Li NO 2209in their 2210.Pa rc.conf . 2211.It Va fsck_y_enable 2212.Pq Vt bool 2213If set to 2214.Dq Li YES , 2215.Xr fsck 8 2216will be run with the 2217.Fl y 2218flag if the initial preen 2219of the file systems fails. 2220.It Va background_fsck 2221.Pq Vt bool 2222If set to 2223.Dq Li NO , 2224the system will not attempt to run 2225.Xr fsck 8 2226in the background where possible. 2227.It Va background_fsck_delay 2228.Pq Vt int 2229The amount of time in seconds to sleep before starting a background 2230.Xr fsck 8 . 2231It defaults to sixty seconds to allow large applications such as 2232the X server to start before disk I/O bandwidth is monopolized by 2233.Xr fsck 8 . 2234If set to a negative number, the background file system check will be 2235delayed indefinitely to allow the administrator to run it at a more 2236convenient time. 2237For example it may be run from 2238.Xr cron 8 2239by adding a line like 2240.Pp 2241.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2242.Pp 2243to 2244.Pa /etc/crontab . 2245.It Va netfs_types 2246.Pq Vt str 2247List of file system types that are network-based. 2248This list should generally not be modified by end users. 2249Use 2250.Va extra_netfs_types 2251instead. 2252.It Va extra_netfs_types 2253.Pq Vt str 2254If set to something other than 2255.Dq Li NO 2256(the default), 2257this variable extends the list of file system types 2258for which automatic mounting at startup by 2259.Xr rc 8 2260should be delayed until the network is initialized. 2261It should contain 2262a whitespace-separated list of network file system descriptor pairs, 2263each consisting of a file system type as passed to 2264.Xr mount 8 2265and a human-readable, one-word description, 2266joined with a colon 2267.Pq Ql \&: . 2268Extending the default list in this way is only necessary 2269when third party file system types are used. 2270.It Va syslogd_enable 2271.Pq Vt bool 2272If set to 2273.Dq Li YES , 2274run the 2275.Xr syslogd 8 2276daemon. 2277.It Va syslogd_program 2278.Pq Vt str 2279Path to 2280.Xr syslogd 8 2281(default 2282.Pa /usr/sbin/syslogd ) . 2283.It Va syslogd_flags 2284.Pq Vt str 2285If 2286.Va syslogd_enable 2287is set to 2288.Dq Li YES , 2289these are the flags to pass to 2290.Xr syslogd 8 . 2291.It Va inetd_enable 2292.Pq Vt bool 2293If set to 2294.Dq Li YES , 2295run the 2296.Xr inetd 8 2297daemon. 2298.It Va inetd_program 2299.Pq Vt str 2300Path to 2301.Xr inetd 8 2302(default 2303.Pa /usr/sbin/inetd ) . 2304.It Va inetd_flags 2305.Pq Vt str 2306If 2307.Va inetd_enable 2308is set to 2309.Dq Li YES , 2310these are the flags to pass to 2311.Xr inetd 8 . 2312.It Va hastd_enable 2313.Pq Vt bool 2314If set to 2315.Dq Li YES , 2316run the 2317.Xr hastd 8 2318daemon. 2319.It Va hastd_program 2320.Pq Vt str 2321Path to 2322.Xr hastd 8 2323(default 2324.Pa /sbin/hastd ) . 2325.It Va hastd_flags 2326.Pq Vt str 2327If 2328.Va hastd_enable 2329is set to 2330.Dq Li YES , 2331these are the flags to pass to 2332.Xr hastd 8 . 2333.It Va local_unbound_enable 2334.Pq Vt bool 2335If set to 2336.Dq Li YES , 2337run the 2338.Xr unbound 8 2339daemon as a local caching resolver. 2340.It Va kdc_enable 2341.Pq Vt bool 2342Set to 2343.Dq Li YES 2344to start a Kerberos 5 authentication server 2345at boot time. 2346.It Va kdc_program 2347.Pq Vt str 2348If 2349.Va kdc_enable 2350is set to 2351.Dq Li YES 2352this is the path to Kerberos 5 Authentication Server. 2353.It Va kdc_flags 2354.Pq Vt str 2355Empty by default. 2356This variable contains additional flags to be passed to the Kerberos 5 2357authentication server. 2358.It Va kadmind_enable 2359.Pq Vt bool 2360Set to 2361.Dq Li YES 2362to start 2363.Xr kadmind 8 , 2364the Kerberos 5 Administration Daemon; set to 2365.Dq Li NO 2366on a slave server. 2367.It Va kadmind_program 2368.Pq Vt str 2369If 2370.Va kadmind_enable 2371is set to 2372.Dq Li YES 2373this is the path to Kerberos 5 Administration Daemon. 2374.It Va kpasswdd_enable 2375.Pq Vt bool 2376Set to 2377.Dq Li YES 2378to start 2379.Xr kpasswdd 8 , 2380the Kerberos 5 Password-Changing Daemon; set to 2381.Dq Li NO 2382on a slave server. 2383.It Va kpasswdd_program 2384.Pq Vt str 2385If 2386.Va kpasswdd_enable 2387is set to 2388.Dq Li YES 2389this is the path to Kerberos 5 Password-Changing Daemon. 2390.It Va kfd_enable 2391.Pq Vt bool 2392Set to 2393.Dq Li YES 2394to start 2395.Xr kfd 8 , 2396the Kerberos 5 ticket forwarding daemon, at the boot time. 2397.It Va kfd_program 2398.Pq Vt str 2399Path to 2400.Xr kfd 8 2401(default 2402.Pa /usr/libexec/kfd ) . 2403.It Va rwhod_enable 2404.Pq Vt bool 2405If set to 2406.Dq Li YES , 2407run the 2408.Xr rwhod 8 2409daemon at boot time. 2410.It Va rwhod_flags 2411.Pq Vt str 2412If 2413.Va rwhod_enable 2414is set to 2415.Dq Li YES , 2416these are the flags to pass to it. 2417.It Va update_motd 2418.Pq Vt bool 2419If set to 2420.Dq Li YES , 2421.Pa /etc/motd 2422will be updated at boot time to reflect the kernel release 2423being run. 2424If set to 2425.Dq Li NO , 2426.Pa /etc/motd 2427will not be updated. 2428.It Va nfs_client_enable 2429.Pq Vt bool 2430If set to 2431.Dq Li YES , 2432run the NFS client daemons at boot time. 2433.It Va nfs_access_cache 2434.Pq Vt int 2435If 2436.Va nfs_client_enable 2437is set to 2438.Dq Li YES , 2439this can be set to 2440.Dq Li 0 2441to disable NFS ACCESS RPC caching, or to the number of seconds for which 2442NFS ACCESS 2443results should be cached. 2444A value of 2-10 seconds will substantially reduce network 2445traffic for many NFS operations. 2446.It Va nfs_server_enable 2447.Pq Vt bool 2448If set to 2449.Dq Li YES , 2450run the NFS server daemons at boot time. 2451.It Va nfs_server_flags 2452.Pq Vt str 2453If 2454.Va nfs_server_enable 2455is set to 2456.Dq Li YES , 2457these are the flags to pass to the 2458.Xr nfsd 8 2459daemon. 2460.It Va nfsv4_server_enable 2461.Pq Vt bool 2462If 2463.Va nfs_server_enable 2464is set to 2465.Dq Li YES 2466and 2467.Va nfsv4_server_enable 2468is set to 2469.Dq Li YES , 2470enable the server for NFSv4 as well as NFSv2 and NFSv3. 2471.It Va nfsv4_server_only 2472.Pq Vt bool 2473If 2474.Va nfs_server_enable 2475is set to 2476.Dq Li YES 2477and 2478.Va nfsv4_server_only 2479is set to 2480.Dq Li YES , 2481enable the NFS server for NFSv4 only. 2482.It Va nfs_server_maxio 2483.Pq Vt int 2484value to set vfs.nfsd.srvmaxio to, which is the 2485maximum I/O size for the NFS server. 2486.It Va tlsclntd_enable 2487.Pq Vt bool 2488If set to 2489.Dq Li YES , 2490run the 2491.Xr rpc.tlsclntd 8 2492daemon, which is needed for NFS-over-TLS NFS mounts. 2493.It Va tlsservd_enable 2494.Pq Vt bool 2495If set to 2496.Dq Li YES , 2497run the 2498.Xr rpc.tlsservd 8 2499daemon, which is needed for the 2500.Xr nfsd 8 2501to support NFS-over-TLS NFS mounts. 2502.It Va nfsuserd_enable 2503.Pq Vt bool 2504If 2505.Va nfsuserd_enable 2506is set to 2507.Dq Li YES , 2508run the nfsuserd daemon, which is needed for NFSv4 in order 2509to map between user/group names vs uid/gid numbers. 2510If 2511.Va nfsv4_server_enable 2512is set to 2513.Dq Li YES , 2514this will be forced enabled. 2515.It Va nfsuserd_flags 2516.Pq Vt str 2517If 2518.Va nfsuserd_enable 2519is set to 2520.Dq Li YES , 2521these are the flags to pass to the 2522.Xr nfsuserd 8 2523daemon. 2524.It Va nfscbd_enable 2525.Pq Vt bool 2526If 2527.Va nfscbd_enable 2528is set to 2529.Dq Li YES , 2530run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2531.It Va nfscbd_flags 2532.Pq Vt str 2533If 2534.Va nfscbd_enable 2535is set to 2536.Dq Li YES , 2537these are the flags to pass to the 2538.Xr nfscbd 8 2539daemon. 2540.It Va mountd_enable 2541.Pq Vt bool 2542If set to 2543.Dq Li YES , 2544and no 2545.Va nfs_server_enable 2546is set, start 2547.Xr mountd 8 , 2548but not 2549.Xr nfsd 8 2550daemon. 2551It is commonly needed to run CFS without real NFS used. 2552.It Va mountd_flags 2553.Pq Vt str 2554If 2555.Va mountd_enable 2556is set to 2557.Dq Li YES , 2558these are the flags to pass to the 2559.Xr mountd 8 2560daemon. 2561.It Va weak_mountd_authentication 2562.Pq Vt bool 2563If set to 2564.Dq Li YES , 2565allow services like PCNFSD to make non-privileged mount 2566requests. 2567.It Va nfs_reserved_port_only 2568.Pq Vt bool 2569If set to 2570.Dq Li YES , 2571provide NFS services only on a secure port. 2572.It Va nfs_bufpackets 2573.Pq Vt int 2574If set to a number, indicates the number of packets worth of 2575socket buffer space to reserve on an NFS client. 2576The kernel default is typically 4. 2577Using a higher number may be 2578useful on gigabit networks to improve performance. 2579The minimum value is 25802 and the maximum is 64. 2581.It Va rpc_lockd_enable 2582.Pq Vt bool 2583If set to 2584.Dq Li YES 2585and also an NFS server or client, run 2586.Xr rpc.lockd 8 2587at boot time. 2588.It Va rpc_lockd_flags 2589.Pq Vt str 2590If 2591.Va rpc_lockd_enable 2592is set to 2593.Dq Li YES , 2594these are the flags to pass to the 2595.Xr rpc.lockd 8 2596daemon. 2597.It Va rpc_statd_enable 2598.Pq Vt bool 2599If set to 2600.Dq Li YES 2601and also an NFS server or client, run 2602.Xr rpc.statd 8 2603at boot time. 2604.It Va rpc_statd_flags 2605.Pq Vt str 2606If 2607.Va rpc_statd_enable 2608is set to 2609.Dq Li YES , 2610these are the flags to pass to the 2611.Xr rpc.statd 8 2612daemon. 2613.It Va rpcbind_program 2614.Pq Vt str 2615Path to 2616.Xr rpcbind 8 2617(default 2618.Pa /usr/sbin/rpcbind ) . 2619.It Va rpcbind_enable 2620.Pq Vt bool 2621If set to 2622.Dq Li YES , 2623run the 2624.Xr rpcbind 8 2625service at boot time. 2626.It Va rpcbind_flags 2627.Pq Vt str 2628If 2629.Va rpcbind_enable 2630is set to 2631.Dq Li YES , 2632these are the flags to pass to the 2633.Xr rpcbind 8 2634daemon. 2635.It Va keyserv_enable 2636.Pq Vt bool 2637If set to 2638.Dq Li YES , 2639run the 2640.Xr keyserv 8 2641daemon on boot for running Secure RPC. 2642.It Va keyserv_flags 2643.Pq Vt str 2644If 2645.Va keyserv_enable 2646is set to 2647.Dq Li YES , 2648these are the flags to pass to 2649.Xr keyserv 8 2650daemon. 2651.It Va pppoed_enable 2652.Pq Vt bool 2653If set to 2654.Dq Li YES , 2655run the 2656.Xr pppoed 8 2657daemon at boot time to provide PPP over Ethernet services. 2658.It Va pppoed_ Ns Aq Ar provider 2659.Pq Vt str 2660.Xr pppoed 8 2661listens to requests to this 2662.Ar provider 2663and ultimately runs 2664.Xr ppp 8 2665with a 2666.Ar system 2667argument of the same name. 2668.It Va pppoed_flags 2669.Pq Vt str 2670Additional flags to pass to 2671.Xr pppoed 8 . 2672.It Va pppoed_interface 2673.Pq Vt str 2674The network interface to run 2675.Xr pppoed 8 2676on. 2677This is mandatory when 2678.Va pppoed_enable 2679is set to 2680.Dq Li YES . 2681.It Va ntpdate_enable 2682.Pq Vt bool 2683If set to 2684.Dq Li YES , 2685run 2686.Xr ntpdate 8 2687at system startup. 2688This command is intended to 2689synchronize the system clock only 2690.Em once 2691from some standard reference. 2692.Pp 2693Note that the use of the 2694.Va ntpd_sync_on_start 2695variable is a preferred alternative to the 2696.Xr ntpdate 8 2697utility as 2698.Xr ntpdate 8 2699is to be retired from the NTP distribution. 2700.It Va ntpdate_config 2701.Pq Vt str 2702Configuration file for 2703.Xr ntpdate 8 . 2704Default 2705.Pa /etc/ntp.conf . 2706.It Va ntpdate_hosts 2707.Pq Vt str 2708A whitespace-separated list of NTP servers to synchronize with at startup. 2709The default is to use the servers listed in 2710.Va ntpdate_config , 2711if that file exists. 2712.It Va ntpdate_program 2713.Pq Vt str 2714Path to 2715.Xr ntpdate 8 2716(default 2717.Pa /usr/sbin/ntpdate ) . 2718.It Va ntpdate_flags 2719.Pq Vt str 2720If 2721.Va ntpdate_enable 2722is set to 2723.Dq Li YES , 2724these are the flags to pass to the 2725.Xr ntpdate 8 2726command (typically a hostname). 2727.It Va ntpd_enable 2728.Pq Vt bool 2729If set to 2730.Dq Li YES , 2731run the 2732.Xr ntpd 8 2733command at boot time. 2734.It Va ntpd_program 2735.Pq Vt str 2736Path to 2737.Xr ntpd 8 2738(default 2739.Pa /usr/sbin/ntpd ) . 2740.It Va ntpd_config 2741.Pq Vt str 2742Path to 2743.Xr ntpd 8 2744configuration file. 2745Default 2746.Pa /etc/ntp.conf . 2747.It Va ntpd_flags 2748.Pq Vt str 2749If 2750.Va ntpd_enable 2751is set to 2752.Dq Li YES , 2753these are the flags to pass to the 2754.Xr ntpd 8 2755daemon. 2756.It Va ntpd_sync_on_start 2757.Pq Vt bool 2758If set to 2759.Dq Li YES , 2760.Xr ntpd 8 2761is run with the 2762.Fl g 2763flag, which syncs the system's clock on startup. 2764See 2765.Xr ntpd 8 2766for more information regarding the 2767.Fl g 2768option. 2769This is a preferred alternative to using 2770.Xr ntpdate 8 2771or specifying the 2772.Va ntpdate_enable 2773variable. 2774.It Va nis_client_enable 2775.Pq Vt bool 2776If set to 2777.Dq Li YES , 2778run the 2779.Xr ypbind 8 2780service at system boot time. 2781.It Va nis_client_flags 2782.Pq Vt str 2783If 2784.Va nis_client_enable 2785is set to 2786.Dq Li YES , 2787these are the flags to pass to the 2788.Xr ypbind 8 2789service. 2790.It Va nis_ypldap_enable 2791.Pq Vt bool 2792If set to 2793.Dq Li YES , 2794run the 2795.Xr ypldap 8 2796daemon at system boot time. 2797.It Va nis_ypldap_flags 2798.Pq Vt str 2799If 2800.Va nis.ypldap_enable 2801is set to 2802.Dq Li YES , 2803these are the flags to pass to the 2804.Xr ypldap 8 2805daemon. 2806.It Va nis_ypset_enable 2807.Pq Vt bool 2808If set to 2809.Dq Li YES , 2810run the 2811.Xr ypset 8 2812daemon at system boot time. 2813.It Va nis_ypset_flags 2814.Pq Vt str 2815If 2816.Va nis_ypset_enable 2817is set to 2818.Dq Li YES , 2819these are the flags to pass to the 2820.Xr ypset 8 2821daemon. 2822.It Va nis_server_enable 2823.Pq Vt bool 2824If set to 2825.Dq Li YES , 2826run the 2827.Xr ypserv 8 2828daemon at system boot time. 2829.It Va nis_server_flags 2830.Pq Vt str 2831If 2832.Va nis_server_enable 2833is set to 2834.Dq Li YES , 2835these are the flags to pass to the 2836.Xr ypserv 8 2837daemon. 2838.It Va nis_ypxfrd_enable 2839.Pq Vt bool 2840If set to 2841.Dq Li YES , 2842run the 2843.Xr rpc.ypxfrd 8 2844daemon at system boot time. 2845.It Va nis_ypxfrd_flags 2846.Pq Vt str 2847If 2848.Va nis_ypxfrd_enable 2849is set to 2850.Dq Li YES , 2851these are the flags to pass to the 2852.Xr rpc.ypxfrd 8 2853daemon. 2854.It Va nis_yppasswdd_enable 2855.Pq Vt bool 2856If set to 2857.Dq Li YES , 2858run the 2859.Xr rpc.yppasswdd 8 2860daemon at system boot time. 2861.It Va nis_yppasswdd_flags 2862.Pq Vt str 2863If 2864.Va nis_yppasswdd_enable 2865is set to 2866.Dq Li YES , 2867these are the flags to pass to the 2868.Xr rpc.yppasswdd 8 2869daemon. 2870.It Va rpc_ypupdated_enable 2871.Pq Vt bool 2872If set to 2873.Dq Li YES , 2874run the 2875.Nm rpc.ypupdated 2876daemon at system boot time. 2877.It Va bsnmpd_enable 2878.Pq Vt bool 2879If set to 2880.Dq Li YES , 2881run the 2882.Xr bsnmpd 1 2883daemon at system boot time. 2884Be sure to understand the security implications of running SNMP daemon 2885on your host. 2886.It Va bsnmpd_flags 2887.Pq Vt str 2888If 2889.Va bsnmpd_enable 2890is set to 2891.Dq Li YES , 2892these are the flags to pass to the 2893.Xr bsnmpd 1 2894daemon. 2895.It Va defaultrouter 2896.Pq Vt str 2897If not set to 2898.Dq Li NO , 2899create a default route to this host name or IP address 2900(use an IP address if this router is also required to get to the 2901name server!). 2902.It Va defaultrouter_fibN 2903.Pq Vt str 2904If not set to 2905.Dq Li NO , 2906create a default route in FIB N to this host name or IP address. 2907.It Va ipv6_defaultrouter 2908.Pq Vt str 2909The IPv6 equivalent of 2910.Va defaultrouter . 2911.It Va ipv6_defaultrouter_fibN 2912.Pq Vt str 2913The IPv6 equivalent of 2914.Va defaultrouter_fibN . 2915.It Va static_arp_pairs 2916.Pq Vt str 2917Set to the list of static ARP pairs that are to be added at system 2918boot time. 2919For each whitespace separated 2920.Ar element 2921in the value, a 2922.Va static_arp_ Ns Aq Ar element 2923variable is assumed to exist whose contents will later be passed to a 2924.Dq Nm arp Cm -S 2925operation. 2926For example 2927.Bd -literal 2928static_arp_pairs="gw" 2929static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2930.Ed 2931.It Va static_ndp_pairs 2932.Pq Vt str 2933Set to the list of static NDP pairs that are to be added at system 2934boot time. 2935For each whitespace separated 2936.Ar element 2937in the value, a 2938.Va static_ndp_ Ns Aq Ar element 2939variable is assumed to exist whose contents will later be passed to a 2940.Dq Nm ndp Cm -s 2941operation. 2942For example 2943.Bd -literal 2944static_ndp_pairs="gw" 2945static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2946.Ed 2947.It Va static_routes 2948.Pq Vt str 2949Set to the list of static routes that are to be added at system 2950boot time. 2951If not set to 2952.Dq Li NO 2953then for each whitespace separated 2954.Ar element 2955in the value, a 2956.Va route_ Ns Aq Ar element 2957variable is assumed to exist 2958whose contents will later be passed to a 2959.Dq Nm route Cm add 2960operation. 2961For example: 2962.Bd -literal 2963static_routes="ext mcast:gif0 gif0local:gif0" 2964route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2965route_mcast="-net 224.0.0.0/4 -iface gif0" 2966route_gif0local="-host 169.254.1.1 -iface lo0" 2967.Ed 2968.Pp 2969When an 2970.Ar element 2971is in the form of 2972.Li name:ifname , 2973the route is specific to the interface 2974.Li ifname . 2975.It Va ipv6_static_routes 2976.Pq Vt str 2977The IPv6 equivalent of 2978.Va static_routes . 2979If not set to 2980.Dq Li NO 2981then for each whitespace separated 2982.Ar element 2983in the value, a 2984.Va ipv6_route_ Ns Aq Ar element 2985variable is assumed to exist 2986whose contents will later be passed to a 2987.Dq Nm route Cm add Fl inet6 2988operation. 2989.It Va gateway_enable 2990.Pq Vt bool 2991If set to 2992.Dq Li YES , 2993configure host to act as an IP router, e.g.\& to forward packets 2994between interfaces. 2995.It Va ipv6_gateway_enable 2996.Pq Vt bool 2997The IPv6 equivalent of 2998.Va gateway_enable . 2999.It Va routed_enable 3000.Pq Vt bool 3001If set to 3002.Dq Li YES , 3003run a routing daemon of some sort, based on the 3004settings of 3005.Va routed_program 3006and 3007.Va routed_flags . 3008.It Va route6d_enable 3009.Pq Vt bool 3010The IPv6 equivalent of 3011.Va routed_enable . 3012If set to 3013.Dq Li YES , 3014run a routing daemon of some sort, based on the 3015settings of 3016.Va route6d_program 3017and 3018.Va route6d_flags . 3019.It Va routed_program 3020.Pq Vt str 3021If 3022.Va routed_enable 3023is set to 3024.Dq Li YES , 3025this is the name of the routing daemon to use. 3026.It Va route6d_program 3027.Pq Vt str 3028The IPv6 equivalent of 3029.Va routed_program . 3030.It Va routed_flags 3031.Pq Vt str 3032If 3033.Va routed_enable 3034is set to 3035.Dq Li YES , 3036these are the flags to pass to the routing daemon. 3037.It Va route6d_flags 3038.Pq Vt str 3039The IPv6 equivalent of 3040.Va routed_flags . 3041.It Va rtadvd_enable 3042.Pq Vt bool 3043If set to 3044.Dq Li YES , 3045run the 3046.Xr rtadvd 8 3047daemon at boot time. 3048The 3049.Xr rtadvd 8 3050utility sends ICMPv6 Router Advertisement messages to 3051the interfaces specified in 3052.Va rtadvd_interfaces . 3053This should only be enabled with great care. 3054You may want to fine-tune 3055.Xr rtadvd.conf 5 . 3056.It Va rtadvd_interfaces 3057.Pq Vt str 3058If 3059.Va rtadvd_enable 3060is set to 3061.Dq Li YES 3062this is the list of interfaces to use. 3063.It Va arpproxy_all 3064.Pq Vt bool 3065If set to 3066.Dq Li YES , 3067enable global proxy ARP. 3068.It Va forward_sourceroute 3069.Pq Vt bool 3070If set to 3071.Dq Li YES 3072and 3073.Va gateway_enable 3074is also set to 3075.Dq Li YES , 3076source-routed packets are forwarded. 3077.It Va accept_sourceroute 3078.Pq Vt bool 3079If set to 3080.Dq Li YES , 3081the system will accept source-routed packets directed at it. 3082.It Va rarpd_enable 3083.Pq Vt bool 3084If set to 3085.Dq Li YES , 3086run the 3087.Xr rarpd 8 3088daemon at system boot time. 3089.It Va rarpd_flags 3090.Pq Vt str 3091If 3092.Va rarpd_enable 3093is set to 3094.Dq Li YES , 3095these are the flags to pass to the 3096.Xr rarpd 8 3097daemon. 3098.It Va bootparamd_enable 3099.Pq Vt bool 3100If set to 3101.Dq Li YES , 3102run the 3103.Xr bootparamd 8 3104daemon at system boot time. 3105.It Va bootparamd_flags 3106.Pq Vt str 3107If 3108.Va bootparamd_enable 3109is set to 3110.Dq Li YES , 3111these are the flags to pass to the 3112.Xr bootparamd 8 3113daemon. 3114.It Va stf_interface_ipv4addr 3115.Pq Vt str 3116If not set to 3117.Dq Li NO , 3118this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3119interface). 3120Specify this entry to enable the 6to4 interface. 3121.It Va stf_interface_ipv4plen 3122.Pq Vt int 3123Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3124An effective value is 0-31. 3125.It Va stf_interface_ipv6_ifid 3126.Pq Vt str 3127IPv6 interface ID for 3128.Xr stf 4 . 3129This can be set to 3130.Dq Li AUTO . 3131.It Va stf_interface_ipv6_slaid 3132.Pq Vt str 3133IPv6 Site Level Aggregator for 3134.Xr stf 4 . 3135.It Va ipv6_ipv4mapping 3136.Pq Vt bool 3137If set to 3138.Dq Li YES 3139this enables IPv4 mapped IPv6 address communication (like 3140.Li ::ffff:a.b.c.d ) . 3141.It Va rtsold_enable 3142.Pq Vt bool 3143Set to 3144.Dq Li YES 3145to enable the 3146.Xr rtsold 8 3147daemon to send ICMPv6 Router Solicitation messages. 3148.It Va rtsold_flags 3149.Pq Vt str 3150If 3151.Va rtsold_enable 3152is set to 3153.Dq Li YES , 3154these are the flags to pass to 3155.Xr rtsold 8 . 3156.It Va rtsol_flags 3157.Pq Vt str 3158For interfaces configured with the 3159.Dq Li inet6 accept_rtadv 3160keyword, these are the flags to pass to 3161.Xr rtsol 8 . 3162.Pp 3163Note that 3164.Va rtsold_enable 3165is mutually exclusive to 3166.Va rtsol_flags ; 3167.Va rtsold_enable 3168takes precedence. 3169.It Va keybell 3170.Pq Vt str 3171The keyboard bell sound. 3172Set to 3173.Dq Li normal , 3174.Dq Li visual , 3175.Dq Li off , 3176or 3177.Dq Li NO 3178if the default behavior is desired. 3179For details, refer to the 3180.Xr kbdcontrol 1 3181manpage. 3182.It Va keyboard 3183.Pq Vt str 3184If set to a non-null string, the virtual console's keyboard input is 3185set to this device. 3186.It Va keymap 3187.Pq Vt str 3188If set to 3189.Dq Li NO , 3190no keymap is installed, otherwise the value is used to install 3191the keymap file found in 3192.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3193(if using 3194.Xr syscons 4 ) or 3195.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3196(if using 3197.Xr vt 4 ) . 3198.It Va keyrate 3199.Pq Vt str 3200The keyboard repeat speed. 3201Set to 3202.Dq Li slow , 3203.Dq Li normal , 3204.Dq Li fast , 3205or 3206.Dq Li NO 3207if the default behavior is desired. 3208.It Va keychange 3209.Pq Vt str 3210If not set to 3211.Dq Li NO , 3212attempt to program the function keys with the value. 3213The value should 3214be a single string of the form: 3215.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3216.It Va cursor 3217.Pq Vt str 3218Can be set to the value of 3219.Dq Li normal , 3220.Dq Li blink , 3221.Dq Li destructive , 3222or 3223.Dq Li NO 3224to set the cursor behavior explicitly or choose the default behavior. 3225.It Va scrnmap 3226.Pq Vt str 3227If set to 3228.Dq Li NO , 3229no screen map is installed, otherwise the value is used to install 3230the screen map file in 3231.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3232This parameter is ignored when using 3233.Xr vt 4 3234as the console driver. 3235.It Va font8x16 3236.Pq Vt str 3237If set to 3238.Dq Li NO , 3239the default 8x16 font value is used for screen size requests, otherwise 3240the value in 3241.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3242or 3243.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3244is used (depending on the console driver being used). 3245.It Va font8x14 3246.Pq Vt str 3247If set to 3248.Dq Li NO , 3249the default 8x14 font value is used for screen size requests, otherwise 3250the value in 3251.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3252or 3253.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3254is used (depending on the console driver being used). 3255.It Va font8x8 3256.Pq Vt str 3257If set to 3258.Dq Li NO , 3259the default 8x8 font value is used for screen size requests, otherwise 3260the value in 3261.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3262or 3263.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3264is used (depending on the console driver being used). 3265.It Va blanktime 3266.Pq Vt int 3267If set to 3268.Dq Li NO , 3269the default screen blanking interval is used, otherwise it is set 3270to 3271.Ar value 3272seconds. 3273.It Va saver 3274.Pq Vt str 3275If not set to 3276.Dq Li NO , 3277this is the actual screen saver to use 3278.Li ( blank , snake , daemon , 3279etc). 3280.It Va moused_nondefault_enable 3281.Pq Vt str 3282If set to 3283.Dq Li NO , 3284the mouse device specified on 3285the command line is not automatically treated as enabled by the 3286.Pa /etc/rc.d/moused 3287script. 3288Having this variable set to 3289.Dq Li YES 3290allows a 3291.Xr usb 4 3292mouse, 3293for example, 3294to be enabled as soon as it is plugged in. 3295.It Va moused_enable 3296.Pq Vt str 3297If set to 3298.Dq Li YES , 3299the 3300.Xr moused 8 3301daemon is started for doing cut/paste selection on the console. 3302.It Va moused_type 3303.Pq Vt str 3304This is the protocol type of the mouse connected to this host. 3305This variable must be set if 3306.Va moused_enable 3307is set to 3308.Dq Li YES . 3309The 3310.Xr moused 8 3311daemon 3312is able to detect the appropriate mouse type automatically in many cases. 3313Set this variable to 3314.Dq Li auto 3315to let the daemon detect it, or 3316select one from the following list if the automatic detection fails. 3317.Pp 3318If the mouse is attached to the PS/2 mouse port, choose 3319.Dq Li auto 3320or 3321.Dq Li ps/2 , 3322regardless of the brand and model of the mouse. 3323Likewise, if the 3324mouse is attached to the bus mouse port, choose 3325.Dq Li auto 3326or 3327.Dq Li busmouse . 3328All other protocols are for serial mice and will not work with 3329the PS/2 and bus mice. 3330If this is a USB mouse, 3331.Dq Li auto 3332is the only protocol type which will work. 3333.Pp 3334.Bl -tag -width ".Li x10mouseremote" -compact 3335.It Li microsoft 3336Microsoft mouse (serial) 3337.It Li intellimouse 3338Microsoft IntelliMouse (serial) 3339.It Li mousesystems 3340Mouse systems Corp.\& mouse (serial) 3341.It Li mmseries 3342MM Series mouse (serial) 3343.It Li logitech 3344Logitech mouse (serial) 3345.It Li busmouse 3346A bus mouse 3347.It Li mouseman 3348Logitech MouseMan and TrackMan (serial) 3349.It Li glidepoint 3350ALPS GlidePoint (serial) 3351.It Li thinkingmouse 3352Kensington ThinkingMouse (serial) 3353.It Li ps/2 3354PS/2 mouse 3355.It Li mmhittab 3356MM HitTablet (serial) 3357.It Li x10mouseremote 3358X10 MouseRemote (serial) 3359.It Li versapad 3360Interlink VersaPad (serial) 3361.El 3362.Pp 3363Even if the mouse is not in the above list, it may be compatible 3364with one in the list. 3365Refer to the manual page for 3366.Xr moused 8 3367for compatibility information. 3368.Pp 3369It should also be noted that while this is enabled, any 3370other client of the mouse (such as an X server) should access 3371the mouse through the virtual mouse device, 3372.Pa /dev/sysmouse , 3373and configure it as a 3374.Dq Li sysmouse 3375type mouse, since all 3376mouse data is converted to this single canonical format when 3377using 3378.Xr moused 8 . 3379If the client program does not support the 3380.Dq Li sysmouse 3381type, 3382specify the 3383.Dq Li mousesystems 3384type. 3385It is the second preferred type. 3386.It Va moused_port 3387.Pq Vt str 3388If 3389.Va moused_enable 3390is set to 3391.Dq Li YES , 3392this is the actual port the mouse is on. 3393It might be 3394.Pa /dev/cuau0 3395for a COM1 serial mouse, or 3396.Pa /dev/psm0 3397for a PS/2 mouse, for example. 3398.It Va moused_flags 3399.Pq Vt str 3400If 3401.Va moused_flags 3402is set, its value is used as an additional set of flags to pass to the 3403.Xr moused 8 3404daemon. 3405.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3406When 3407.Va moused_nondefault_enable 3408is enabled, and a 3409.Xr moused 8 3410daemon is started for a non-default port, the 3411.Va "moused_" Ns Ar XXX Ns Va "_flags" 3412set of options has precedence over and replaces the default 3413.Va moused_flags 3414(where 3415.Ar XXX 3416is the name of the non-default port, i.e.,\& 3417.Ar ums0 ) . 3418By setting 3419.Va "moused_" Ns Ar XXX Ns Va "_flags" 3420it is possible to set up a different set of default flags for each 3421.Xr moused 8 3422instance. 3423For example, you can use 3424.Dq Li "-3" 3425for the default 3426.Va moused_flags 3427to make your laptop's touchpad more comfortable to use, 3428but an empty set of options for 3429.Va moused_ums0_flags 3430when your 3431.Xr usb 4 3432mouse has three or more buttons. 3433.It Va mousechar_start 3434.Pq Vt int 3435If set to 3436.Dq Li NO , 3437the default mouse cursor character range 3438.Li 0xd0 Ns - Ns Li 0xd3 3439is used, 3440otherwise the range start is set 3441to 3442.Ar value 3443character, see 3444.Xr vidcontrol 1 . 3445Use if the default range is occupied in the language code table. 3446.It Va allscreens_flags 3447.Pq Vt str 3448If set, 3449.Xr vidcontrol 1 3450is run with these options for each of the virtual terminals 3451.Pq Pa /dev/ttyv* . 3452For example, 3453.Dq Fl m Cm on 3454will enable the mouse pointer on all virtual terminals 3455if 3456.Va moused_enable 3457is set to 3458.Dq Li YES . 3459.It Va allscreens_kbdflags 3460.Pq Vt str 3461If set, 3462.Xr kbdcontrol 1 3463is run with these options for each of the virtual terminals 3464.Pq Pa /dev/ttyv* . 3465For example, 3466.Dq Fl h Li 200 3467will set the 3468.Xr syscons 4 3469or 3470.Xr vt 4 3471scrollback (history) buffer to 200 lines. 3472.It Va cron_enable 3473.Pq Vt bool 3474If set to 3475.Dq Li YES , 3476run the 3477.Xr cron 8 3478daemon at system boot time. 3479.It Va cron_program 3480.Pq Vt str 3481Path to 3482.Xr cron 8 3483(default 3484.Pa /usr/sbin/cron ) . 3485.It Va cron_flags 3486.Pq Vt str 3487If 3488.Va cron_enable 3489is set to 3490.Dq Li YES , 3491these are the flags to pass to 3492.Xr cron 8 . 3493.It Va cron_dst 3494.Pq Vt bool 3495If set to 3496.Dq Li YES , 3497enable the special handling of transitions to and from the 3498Daylight Saving Time in 3499.Xr cron 8 3500(equivalent to using the flag 3501.Fl s ) . 3502.It Va lpd_program 3503.Pq Vt str 3504Path to 3505.Xr lpd 8 3506(default 3507.Pa /usr/sbin/lpd ) . 3508.It Va lpd_enable 3509.Pq Vt bool 3510If set to 3511.Dq Li YES , 3512run the 3513.Xr lpd 8 3514daemon at system boot time. 3515.It Va lpd_flags 3516.Pq Vt str 3517If 3518.Va lpd_enable 3519is set to 3520.Dq Li YES , 3521these are the flags to pass to the 3522.Xr lpd 8 3523daemon. 3524.It Va chkprintcap_enable 3525.Pq Vt bool 3526If set to 3527.Dq Li YES , 3528run the 3529.Xr chkprintcap 8 3530command before starting the 3531.Xr lpd 8 3532daemon. 3533.It Va chkprintcap_flags 3534.Pq Vt str 3535If 3536.Va lpd_enable 3537and 3538.Va chkprintcap_enable 3539are set to 3540.Dq Li YES , 3541these are the flags to pass to the 3542.Xr chkprintcap 8 3543program. 3544The default is 3545.Dq Li -d , 3546which causes missing directories to be created. 3547.It Va mta_start_script 3548.Pq Vt str 3549This variable specifies the full path to the script to run to start 3550a mail transfer agent. 3551The default is 3552.Pa /etc/rc.sendmail . 3553The 3554.Va sendmail_* 3555variables which 3556.Pa /etc/rc.sendmail 3557uses are documented in the 3558.Xr rc.sendmail 8 3559manual page. 3560.It Va dumpdev 3561.Pq Vt str 3562Indicates the device (usually a swap partition) to which a crash dump 3563should be written in the event of a system crash. 3564If the value of this variable is 3565.Dq Li AUTO , 3566the first suitable swap device listed in 3567.Pa /etc/fstab 3568will be used as dump device. 3569Otherwise, the value of this variable is passed as the argument to 3570.Xr dumpon 8 3571and 3572.Xr savecore 8 . 3573To disable crash dumps, set this variable to 3574.Dq Li NO . 3575.It Va dumpon_flags 3576.Pq Vt str 3577Flags to pass to 3578.Xr dumpon 8 3579when configuring 3580.Va dumpdev 3581as the system dump device. 3582.It Va dumpdir 3583.Pq Vt str 3584When the system reboots after a crash and a crash dump is found on the 3585device specified by the 3586.Va dumpdev 3587variable, 3588.Xr savecore 8 3589will save that crash dump and a copy of the kernel to the directory 3590specified by the 3591.Va dumpdir 3592variable. 3593The default value is 3594.Pa /var/crash . 3595Set to 3596.Dq Li NO 3597to not run 3598.Xr savecore 8 3599at boot time when 3600.Va dumpdir 3601is set. 3602.It Va savecore_enable 3603.Pq Vt bool 3604If set to 3605.Dq Li NO , 3606disable automatic extraction of the crash dump from the 3607.Va dumpdev . 3608.It Va savecore_flags 3609.Pq Vt str 3610If crash dumps are enabled, these are the flags to pass to the 3611.Xr savecore 8 3612utility. 3613.It Va quota_enable 3614.Pq Vt bool 3615Set to 3616.Dq Li YES 3617to turn on user and group disk quotas on system startup via the 3618.Xr quotaon 8 3619command for all file systems marked as having quotas enabled in 3620.Pa /etc/fstab . 3621The kernel must be built with 3622.Cd "options QUOTA" 3623for disk quotas to function. 3624.It Va check_quotas 3625.Pq Vt bool 3626Set to 3627.Dq Li YES 3628to enable user and group disk quota checking via the 3629.Xr quotacheck 8 3630command. 3631.It Va quotacheck_flags 3632.Pq Vt str 3633If 3634.Va quota_enable 3635is set to 3636.Dq Li YES , 3637and 3638.Va check_quotas 3639is set to 3640.Dq Li YES , 3641these are the flags to pass to the 3642.Xr quotacheck 8 3643utility. 3644The default is 3645.Dq Li "-a" , 3646which checks quotas for all file systems with quotas enabled in 3647.Pa /etc/fstab . 3648.It Va quotaon_flags 3649.Pq Vt str 3650If 3651.Va quota_enable 3652is set to 3653.Dq Li YES , 3654these are the flags to pass to the 3655.Xr quotaon 8 3656utility. 3657The default is 3658.Dq Li "-a" , 3659which enables quotas for all file systems with quotas enabled in 3660.Pa /etc/fstab . 3661.It Va quotaoff_flags 3662.Pq Vt str 3663If 3664.Va quota_enable 3665is set to 3666.Dq Li YES , 3667these are the flags to pass to the 3668.Xr quotaoff 8 3669utility when shutting down the quota system. 3670The default is 3671.Dq Li "-a" , 3672which disables quotas for all file systems with quotas enabled in 3673.Pa /etc/fstab . 3674.It Va accounting_enable 3675.Pq Vt bool 3676Set to 3677.Dq Li YES 3678to enable system accounting through the 3679.Xr accton 8 3680facility. 3681.It Va firstboot_sentinel 3682.Pq Vt str 3683This variable specifies the full path to a 3684.Dq first boot 3685sentinel file. 3686If a file exists with this path, 3687.Pa rc.d 3688scripts with the 3689.Dq firstboot 3690keyword will be run on startup and the sentinel file will be deleted 3691after the boot process completes. 3692The sentinel file must be located on a writable file system which is 3693mounted no later than 3694.Va early_late_divider 3695to function properly. 3696The default is 3697.Pa /firstboot . 3698.It Va linux_enable 3699.Pq Vt bool 3700Set to 3701.Dq Li YES 3702to enable Linux/ELF binary emulation at system initial 3703boot time. 3704.It Va sysvipc_enable 3705.Pq Vt bool 3706If set to 3707.Dq Li YES , 3708load System V IPC primitives at boot time. 3709.It Va clear_tmp_enable 3710.Pq Vt bool 3711Set to 3712.Dq Li YES 3713to have 3714.Pa /tmp 3715cleaned at startup. 3716.It Va clear_tmp_X 3717.Pq Vt bool 3718Set to 3719.Dq Li NO 3720to disable removing of X11 lock files, 3721and the removal and (secure) recreation 3722of the various socket directories for X11 3723related programs. 3724.It Va ldconfig_paths 3725.Pq Vt str 3726Set to the list of shared library paths to use with 3727.Xr ldconfig 8 . 3728NOTE: 3729.Pa /lib 3730and 3731.Pa /usr/lib 3732will always be added first, so they need not appear in this list. 3733.It Va ldconfig32_paths 3734.Pq Vt str 3735Set to the list of 32-bit compatibility shared library paths to 3736use with 3737.Xr ldconfig 8 . 3738.It Va ldconfig_insecure 3739.Pq Vt bool 3740The 3741.Xr ldconfig 8 3742utility normally refuses to use directories 3743which are writable by anyone except root. 3744Set this variable to 3745.Dq Li YES 3746to disable that security check during system startup. 3747.It Va ldconfig_local_dirs 3748.Pq Vt str 3749Set to the list of local 3750.Xr ldconfig 8 3751directories. 3752The names of all files in the directories listed will be 3753passed as arguments to 3754.Xr ldconfig 8 . 3755.It Va ldconfig_local32_dirs 3756.Pq Vt str 3757Set to the list of local 32-bit compatibility 3758.Xr ldconfig 8 3759directories. 3760The names of all files in the directories listed will be 3761passed as arguments to 3762.Dq Nm ldconfig Fl 32 . 3763.It Va kern_securelevel_enable 3764.Pq Vt bool 3765Set to 3766.Dq Li YES 3767to set the kernel security level at system startup. 3768.It Va kern_securelevel 3769.Pq Vt int 3770The kernel security level to set at startup. 3771The allowed range of 3772.Ar value 3773ranges from \-1 (the compile time default) to 3 (the 3774most secure). 3775See 3776.Xr security 7 3777for the list of possible security levels and their effect 3778on system operation. 3779.It Va sshd_program 3780.Pq Vt str 3781Path to the SSH server program 3782.Pa ( /usr/sbin/sshd 3783is the default). 3784.It Va sshd_enable 3785.Pq Vt bool 3786Set to 3787.Dq Li YES 3788to start 3789.Xr sshd 8 3790at system boot time. 3791.It Va sshd_flags 3792.Pq Vt str 3793If 3794.Va sshd_enable 3795is set to 3796.Dq Li YES , 3797these are the flags to pass to the 3798.Xr sshd 8 3799daemon. 3800.It Va ftpd_program 3801.Pq Vt str 3802Path to the FTP server program 3803.Pa ( /usr/libexec/ftpd 3804is the default). 3805.It Va ftpd_enable 3806.Pq Vt bool 3807Set to 3808.Dq Li YES 3809to start 3810.Xr ftpd 8 3811as a stand-alone daemon at system boot time. 3812.It Va ftpd_flags 3813.Pq Vt str 3814If 3815.Va ftpd_enable 3816is set to 3817.Dq Li YES , 3818these are the additional flags to pass to the 3819.Xr ftpd 8 3820daemon. 3821.It Va watchdogd_enable 3822.Pq Vt bool 3823If set to 3824.Dq Li YES , 3825start the 3826.Xr watchdogd 8 3827daemon at boot time. 3828This requires that the kernel have been compiled with a 3829.Xr watchdog 4 3830compatible device. 3831.It Va watchdogd_flags 3832.Pq Vt str 3833If 3834.Va watchdogd_enable 3835is set to 3836.Dq Li YES , 3837these are the flags passed to the 3838.Xr watchdogd 8 3839daemon. 3840.It Va watchdogd_timeout 3841.Pq Vt int 3842If 3843.Va watchdogd_enable 3844is set to 3845.Dq Li YES , 3846this is a timeout that will be used by the 3847.Xr watchdogd 8 3848daemon. 3849If this option is set, it overrides 3850.Fl t 3851in 3852.Va watchdogd_flags . 3853.It Va watchdogd_shutdown_timeout 3854.Pq Vt int 3855If 3856.Va watchdogd_enable 3857is set to 3858.Dq Li YES , 3859this is a timeout that will be set by the 3860.Xr watchdogd 8 3861daemon when it exits during the system shutdown. 3862This timeout will not be set when returning to the single-user mode 3863or when the watchdogd service is stopped individually using the 3864.Xr service 8 3865command or the rc.d script. 3866Note that the timeout will be applied if 3867.Xr watchdogd 8 3868is stopped outside of 3869.Xr rc 8 3870framework. 3871If this option is set, it overrides 3872.Fl x 3873in 3874.Va watchdogd_flags . 3875.It Va devfs_rulesets 3876.Pq Vt str 3877List of files containing sets of rules for 3878.Xr devfs 8 . 3879.It Va devfs_system_ruleset 3880.Pq Vt str 3881Rule name(s) to apply to the system 3882.Pa /dev 3883itself. 3884.It Va devfs_set_rulesets 3885.Pq Vt str 3886Pairs of already-mounted 3887.Pa dev 3888directories and rulesets that should be applied to them. 3889For example: /mount/dev=ruleset_name 3890.It Va devfs_load_rulesets 3891.Pq Vt bool 3892If set, always load the default rulesets listed in 3893.Va devfs_rulesets . 3894.It Va performance_cx_lowest 3895.Pq Vt str 3896CPU idle state to use while on AC power. 3897The string 3898.Dq Li LOW 3899indicates that 3900.Xr acpi 4 3901should use the lowest power state available while 3902.Dq Li HIGH 3903indicates that the lowest latency state (less power savings) should be used. 3904.It Va performance_cpu_freq 3905.Pq Vt str 3906CPU clock frequency to use while on AC power. 3907The string 3908.Dq Li LOW 3909indicates that 3910.Xr cpufreq 4 3911should use the lowest frequency available while 3912.Dq Li HIGH 3913indicates that the highest frequency (less power savings) should be used. 3914.It Va economy_cx_lowest 3915.Pq Vt str 3916CPU idle state to use when off AC power. 3917The string 3918.Dq Li LOW 3919indicates that 3920.Xr acpi 4 3921should use the lowest power state available while 3922.Dq Li HIGH 3923indicates that the lowest latency state (less power savings) should be used. 3924.It Va economy_cpu_freq 3925.Pq Vt str 3926CPU clock frequency to use when off AC power. 3927The string 3928.Dq Li LOW 3929indicates that 3930.Xr cpufreq 4 3931should use the lowest frequency available while 3932.Dq Li HIGH 3933indicates that the highest frequency (less power savings) should be used. 3934.It Va jail_enable 3935.Pq Vt bool 3936If set to 3937.Dq Li NO , 3938any configured jails will not be started. 3939.It Va jail_conf 3940.Pq Vt str 3941The configuration filename used by 3942.Xr jail 8 3943utility. 3944The default value is 3945.Pa /etc/jail.conf . 3946.Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf 3947and 3948.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf 3949will also be used if 3950.Va Ao Ar jname Ac Va 3951is set in 3952.Va jail_list . 3953.It Va jail_parallel_start 3954.Pq Vt bool 3955If set to 3956.Dq Li YES , 3957all configured jails will be started in the background (in parallel). 3958.It Va jail_flags 3959.Pq Vt str 3960Unset by default. 3961When set, use as default value for 3962.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3963for every jail in 3964.Va jail_list . 3965.It Va jail_list 3966.Pq Vt str 3967A space-delimited list of jail names. 3968When left empty, all of the 3969.Xr jail 8 3970instances defined in the configuration file are started. 3971The names specified in this list control the jail startup order. 3972.Xr jail 8 3973instances missing from 3974.Va jail_list 3975must be started manually. 3976Note that a jail's 3977.Va depend 3978parameter in the configuration file may override this list. 3979.It Va jail_reverse_stop 3980.Pq Vt bool 3981When set to 3982.Dq Li YES , 3983all configured jails in 3984.Va jail_list 3985are stopped in reverse order. 3986.It Va jail_ Ns * variables 3987Note that older releases supported per-jail configuration via 3988.Nm 3989variables. 3990For example, 3991hostname of a jail named 3992.Li vjail 3993was able to be set by 3994.Li jail_vjail_hostname . 3995These per-jail configuration variables are now obsolete in favor of 3996.Xr jail 8 3997configuration file. 3998For backward compatibility, 3999when per-jail configuration variables are defined, 4000.Xr jail 8 4001configuration files are created as 4002.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4003and used. 4004.Pp 4005The following per-jail parameters are handled by 4006.Pa rc.d/jail 4007script out of their corresponding 4008.Nm 4009variables. 4010In addition to them, parameters in 4011.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4012will be added to the configuration file. 4013They must be a semi-colon 4014.Pq Ql \&; 4015delimited list of 4016.Dq key=value . 4017For more details, 4018see 4019.Xr jail 8 4020manual page. 4021.Bl -tag -width "host.hostname" -offset indent 4022.It Li path 4023set from 4024.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4025.It Li host.hostname 4026set from 4027.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4028.It Li exec.consolelog 4029set from 4030.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4031The default value is 4032.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4033.It Li interface 4034set from 4035.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4036.It Li vnet.interface 4037set from 4038.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4039This implies 4040.Li vnet 4041parameter will be enabled and cannot be specified with 4042.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4043.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4044and/or 4045.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4046at the same time. 4047.It Li fstab 4048set from 4049.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4050.It Li mount 4051set from 4052.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4053.It Li exec.fib 4054set from 4055.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4056.It Li exec.start 4057set from 4058.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4059The parameter name was 4060.Li command 4061in some older releases. 4062.It Li exec.prestart 4063set from 4064.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4065.It Li exec.poststart 4066set from 4067.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4068.It Li exec.stop 4069set from 4070.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4071.It Li exec.prestop 4072set from 4073.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4074.It Li exec.poststop 4075set from 4076.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4077.It Li ip4.addr 4078set if 4079.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4080or 4081.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4082contain IPv4 addresses 4083.It Li ip6.addr 4084set if 4085.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4086or 4087.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4088contain IPv6 addresses 4089.It Li allow.mount 4090set from 4091.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4092.It Li mount.devfs 4093set from 4094.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4095.It Li devfs_ruleset 4096set from 4097.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4098This must be an integer, 4099not a string. 4100.It Li mount.fdescfs 4101set from 4102.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4103.It Li allow.set_hostname 4104set from 4105.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4106.It Li allow.rawsocket 4107set from 4108.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4109.It Li allow.sysvipc 4110set from 4111.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4112.El 4113.\" ----------------------------------------------------- 4114.It Va harvest_mask 4115.Pq Vt int 4116Set to a bit-mask 4117representing the entropy sources 4118you wish to harvest. 4119Refer to 4120.Xr random 4 4121for more information. 4122.It Va entropy_dir 4123.Pq Vt str 4124Set to 4125.Dq Li NO 4126to disable caching entropy via 4127.Xr cron 8 . 4128Otherwise set to the directory 4129in which the entropy files are stored. 4130To be useful, 4131there must be 4132a system cron job 4133that regularly writes and rotates 4134files here. 4135All files found 4136will be used at boot time. 4137The default is 4138.Pa /var/db/entropy . 4139.It Va entropy_file 4140.Pq Vt str 4141Set to 4142.Dq Li NO 4143to disable caching entropy through reboots. 4144Otherwise set to the name 4145of a file used to store cached entropy. 4146This file should be located 4147on a file system that is readable 4148before all the volumes specified in 4149.Xr fstab 5 4150are mounted. 4151By default, 4152.Pa /entropy 4153is used, 4154but if 4155.Pa /var/db/entropy-file 4156is found it will also be used. 4157This will be of some use to 4158.Xr bsdinstall 8 . 4159.It Va entropy_boot_file 4160.Pq Vt str 4161Set to 4162.Dq Li NO 4163to disable 4164very early caching entropy 4165through reboots. 4166Otherwise set to the filename 4167used to read 4168very early reboot cached entropy. 4169This file should be located where 4170.Xr loader 8 4171can read it. 4172See also 4173.Xr loader.conf 5 . 4174The default location is 4175.Pa /boot/entropy . 4176.It Va entropy_save_sz 4177.Pq Vt int 4178Size of the entropy cache files saved by 4179.Nm save-entropy 4180periodically. 4181.It Va entropy_save_num 4182.Pq Vt int 4183Number of entropy cache files to save by 4184.Nm save-entropy 4185periodically. 4186.It Va ipsec_enable 4187.Pq Vt bool 4188Set to 4189.Dq Li YES 4190to run 4191.Xr setkey 8 4192on 4193.Va ipsec_file 4194at boot time. 4195.It Va ipsec_file 4196.Pq Vt str 4197Configuration file for 4198.Xr setkey 8 . 4199.It Va dmesg_enable 4200.Pq Vt bool 4201Set to 4202.Dq Li YES 4203to save 4204.Xr dmesg 8 4205to 4206.Pa /var/run/dmesg.boot 4207on boot. 4208.It Va rcshutdown_timeout 4209.Pq Vt int 4210If set, start a watchdog timer in the background which will terminate 4211.Pa rc.shutdown 4212if 4213.Xr shutdown 8 4214has not completed within the specified time (in seconds). 4215Notice that in addition to this soft timeout, 4216.Xr init 8 4217also applies a hard timeout for the execution of 4218.Pa rc.shutdown . 4219This is configured via 4220.Xr sysctl 8 4221variable 4222.Va kern.init_shutdown_timeout 4223and defaults to 120 seconds. 4224Setting the value of 4225.Va rcshutdown_timeout 4226to more than 120 seconds will have no effect until the 4227.Xr sysctl 8 4228variable 4229.Va kern.init_shutdown_timeout 4230is also increased. 4231.It Va virecover_enable 4232.Pq Vt bool 4233Set to 4234.Dq Li NO 4235to prevent the system from trying to 4236recover pre-maturely terminated 4237.Xr vi 1 4238sessions. 4239.It Va ugidfw_enable 4240.Pq Vt bool 4241Set to 4242.Dq Li YES 4243to load the 4244.Xr mac_bsdextended 4 4245module upon system initialization and load a default 4246ruleset file. 4247.It Va bsdextended_script 4248.Pq Vt str 4249The default 4250.Xr mac_bsdextended 4 4251ruleset file to load. 4252The default value of this variable is 4253.Pa /etc/rc.bsdextended . 4254.It Va newsyslog_enable 4255.Pq Vt bool 4256If set to 4257.Dq Li YES , 4258run 4259.Xr newsyslog 8 4260command at startup. 4261.It Va newsyslog_flags 4262.Pq Vt str 4263If 4264.Va newsyslog_enable 4265is set to 4266.Dq Li YES , 4267these are the flags to pass to the 4268.Xr newsyslog 8 4269program. 4270The default is 4271.Dq Li -CN , 4272which causes log files flagged with a 4273.Cm C 4274to be created. 4275.It Va mdconfig_md Ns Aq Ar X 4276.Pq Vt str 4277Arguments to 4278.Xr mdconfig 8 4279for 4280.Xr md 4 4281device 4282.Ar X . 4283At minimum a 4284.Fl t Ar type 4285must be specified and either a 4286.Fl s Ar size 4287for malloc or swap backed 4288.Xr md 4 4289devices or a 4290.Fl f Ar file 4291for vnode backed 4292.Xr md 4 4293devices. 4294Note that 4295.Va mdconfig_md Ns Aq Ar X 4296variables are evaluated until one variable is unset or null. 4297.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4298.Pq Vt str 4299Optional arguments passed to 4300.Xr newfs 8 4301to initialize 4302.Xr md 4 4303device 4304.Ar X . 4305.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4306.Pq Vt str 4307An ownership specification passed to 4308.Xr chown 8 4309after the specified 4310.Xr md 4 4311device 4312.Ar X 4313has been mounted. 4314Both the 4315.Xr md 4 4316device and the mount point will be changed. 4317.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4318.Pq Vt str 4319A mode string passed to 4320.Xr chmod 1 4321after the specified 4322.Xr md 4 4323device 4324.Ar X 4325has been mounted. 4326Both the 4327.Xr md 4 4328device and the mount point will be changed. 4329.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4330.Pq Vt str 4331Files to be copied to the mount point of the 4332.Xr md 4 4333device 4334.Ar X 4335after it has been mounted. 4336.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4337.Pq Vt str 4338Command to execute after the specified 4339.Xr md 4 4340device 4341.Ar X 4342has been mounted. 4343Note that the command is passed to 4344.Ic eval 4345and that both 4346.Va _dev 4347and 4348.Va _mp 4349variables can be used to reference respectively the 4350.Xr md 4 4351device and the mount point. 4352Assuming that the 4353.Xr md 4 4354device is 4355.Li md0 , 4356one could set the following: 4357.Bd -literal 4358mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4359.Ed 4360.It Va autobridge_interfaces 4361.Pq Vt str 4362Set to the list of bridge interfaces that will have newly arriving interfaces 4363checked against to be automatically added. 4364If not set to 4365.Dq Li NO 4366then for each whitespace separated 4367.Ar element 4368in the value, a 4369.Va autobridge_ Ns Aq Ar element 4370variable is assumed to exist which has a whitespace separated list of interface 4371names to match, these names can use wildcards. 4372For example: 4373.Bd -literal 4374autobridge_interfaces="bridge0" 4375autobridge_bridge0="tap* dc0 vlan[345]" 4376.Ed 4377.It Va mixer_enable 4378.Pq Vt bool 4379If set to 4380.Dq Li YES , 4381enable support for sound mixer. 4382.It Va hcsecd_enable 4383.Pq Vt bool 4384If set to 4385.Dq Li YES , 4386enable Bluetooth security daemon. 4387.It Va hcsecd_config 4388.Pq Vt str 4389Configuration file for 4390.Xr hcsecd 8 . 4391Default 4392.Pa /etc/bluetooth/hcsecd.conf . 4393.It Va sdpd_enable 4394.Pq Vt bool 4395If set to 4396.Dq Li YES , 4397enable Bluetooth Service Discovery Protocol daemon. 4398.It Va sdpd_control 4399.Pq Vt str 4400Path to 4401.Xr sdpd 8 4402control socket. 4403Default 4404.Pa /var/run/sdp . 4405.It Va sdpd_groupname 4406.Pq Vt str 4407Sets 4408.Xr sdpd 8 4409group to run as after it initializes. 4410Default 4411.Dq Li nobody . 4412.It Va sdpd_username 4413.Pq Vt str 4414Sets 4415.Xr sdpd 8 4416user to run as after it initializes. 4417Default 4418.Dq Li nobody . 4419.It Va bthidd_enable 4420.Pq Vt bool 4421If set to 4422.Dq Li YES , 4423enable Bluetooth Human Interface Device daemon. 4424.It Va bthidd_config 4425.Pq Vt str 4426Configuration file for 4427.Xr bthidd 8 . 4428Default 4429.Pa /etc/bluetooth/bthidd.conf . 4430.It Va bthidd_hids 4431.Pq Vt str 4432Path to a file, where 4433.Xr bthidd 8 4434will store information about known HID devices. 4435Default 4436.Pa /var/db/bthidd.hids . 4437.It Va rfcomm_pppd_server_enable 4438.Pq Vt bool 4439If set to 4440.Dq Li YES , 4441enable Bluetooth RFCOMM PPP wrapper daemon. 4442.It Va rfcomm_pppd_server_profile 4443.Pq Vt str 4444The name of the profile to use from 4445.Pa /etc/ppp/ppp.conf . 4446Multiple profiles can be specified here. 4447Also used to specify per-profile overrides. 4448When the profile name contains any of the characters 4449.Dq Li .-/+ 4450they are translated to 4451.Dq Li _ 4452for the proposes of the override variable names. 4453.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4454.Pq Vt str 4455Overrides local address to listen on. 4456By default 4457.Xr rfcomm_pppd 8 4458will listen on 4459.Dq Li ANY 4460address. 4461The address can be specified as BD_ADDR or name. 4462.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4463.Pq Vt str 4464Overrides local RFCOMM channel to listen on. 4465By default 4466.Xr rfcomm_pppd 8 4467will listen on RFCOMM channel 1. 4468Must set properly if multiple profiles used in the same time. 4469.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4470.Pq Vt bool 4471Tells 4472.Xr rfcomm_pppd 8 4473if it should register Serial Port service on the specified RFCOMM channel. 4474Default 4475.Dq Li NO . 4476.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4477.Pq Vt bool 4478Tells 4479.Xr rfcomm_pppd 8 4480if it should register Dial-Up Networking service on the specified 4481RFCOMM channel. 4482Default 4483.Dq Li NO . 4484.It Va ubthidhci_enable 4485.Pq Vt bool 4486If set to 4487.Dq Li YES , 4488change the USB Bluetooth controller from HID mode to HCI mode. 4489You also need to specify the location of USB Bluetooth controller with the 4490.Va ubthidhci_busnum 4491and 4492.Va ubthidhci_addr 4493variables. 4494.It Va ubthidhci_busnum 4495Bus number where the USB Bluetooth controller is located. 4496Check the output of 4497.Xr usbconfig 8 4498on your system to find this information. 4499.It Va ubthidhci_addr 4500Bus address of the USB Bluetooth controller. 4501Check the output of 4502.Xr usbconfig 8 4503on your system to find this information. 4504.It Va netwait_enable 4505.Pq Vt bool 4506If set to 4507.Dq Li YES , 4508delays the start of network-reliant services until 4509.Va netwait_if 4510is up and ICMP packets to a destination defined in 4511.Va netwait_ip 4512are flowing. 4513Link state is examined first, followed by 4514.Dq Li pinging 4515an IP address to verify network usability. 4516If no destination can be reached or timeouts are exceeded, 4517network services are started anyway with no guarantee that 4518the network is usable. 4519Use of this variable requires both 4520.Va netwait_ip 4521and 4522.Va netwait_if 4523to be set. 4524.It Va netwait_ip 4525.Pq Vt str 4526Empty by default. 4527This variable contains a space-delimited list of IP addresses to 4528.Xr ping 8 . 4529DNS hostnames should not be used as resolution is not guaranteed 4530to be functional at this point. 4531If multiple IP addresses are specified, 4532each will be tried until one is successful or the list is exhausted. 4533.It Va netwait_timeout 4534.Pq Vt int 4535Indicates the total number of seconds to perform a 4536.Dq Li ping 4537against each IP address in 4538.Va netwait_ip , 4539at a rate of one ping per second. 4540If any of the pings are successful, 4541full network connectivity is considered reliable. 4542The default is 60. 4543.It Va netwait_if 4544.Pq Vt str 4545Empty by default. 4546Defines the name of the network interface on which watch for link. 4547.Xr ifconfig 8 4548is used to monitor the interface, looking for 4549.Dq Li status: no carrier . 4550Once gone, the link is considered up. 4551This can be a 4552.Xr vlan 4 4553interface if desired. 4554.It Va netwait_if_timeout 4555.Pq Vt int 4556Defines the total number of seconds to wait for link to become usable, 4557polled at a 1-second interval. 4558The default is 30. 4559.It Va rctl_enable 4560.Pq Vt bool 4561If set to 4562.Dq Li YES , 4563load 4564.Xr rctl 8 4565rules from the defined ruleset. 4566The kernel must be built with 4567.Cd "options RACCT" 4568and 4569.Cd "options RCTL" . 4570.It Va rctl_rules 4571.Pq Vt str 4572Set to 4573.Pa /etc/rctl.conf 4574by default. 4575This variables contains the 4576.Xr rctl.conf 5 4577ruleset to load for 4578.Xr rctl 8 . 4579.It Va iovctl_files 4580.Pq Vt str 4581A space-separated list of configuration files used by 4582.Xr iovctl 8 . 4583The default value is an empty string. 4584.It Va autofs_enable 4585.Pq Vt bool 4586If set to 4587.Dq Li YES , 4588start the 4589.Xr automount 8 4590utility and the 4591.Xr automountd 8 4592and 4593.Xr autounmountd 8 4594daemons at boot time. 4595.It Va automount_flags 4596.Pq Vt str 4597If 4598.Va autofs_enable 4599is set to 4600.Dq Li YES , 4601these are the flags to pass to the 4602.Xr automount 8 4603program. 4604By default no flags are passed. 4605.It Va automountd_flags 4606.Pq Vt str 4607If 4608.Va autofs_enable 4609is set to 4610.Dq Li YES , 4611these are the flags to pass to the 4612.Xr automountd 8 4613daemon. 4614By default no flags are passed. 4615.It Va autounmountd_flags 4616.Pq Vt str 4617If 4618.Va autofs_enable 4619is set to 4620.Dq Li YES , 4621these are the flags to pass to the 4622.Xr autounmountd 8 4623daemon. 4624By default no flags are passed. 4625.It Va ctld_enable 4626.Pq Vt bool 4627If set to 4628.Dq Li YES , 4629start the 4630.Xr ctld 8 4631daemon at boot time. 4632.It Va iscsid_enable 4633.Pq Vt bool 4634If set to 4635.Dq Li YES , 4636start the 4637.Xr iscsid 8 4638daemon at boot time. 4639.It Va iscsictl_enable 4640.Pq Vt bool 4641If set to 4642.Dq Li YES , 4643start the 4644.Xr iscsictl 8 4645utility at boot time. 4646.It Va iscsictl_flags 4647.Pq Vt str 4648If 4649.Va iscsictl_enable 4650is set to 4651.Dq Li YES , 4652these are the flags to pass to the 4653.Xr iscsictl 8 4654program. 4655The default is 4656.Dq Li -Aa , 4657which configures sessions based on the 4658.Pa /etc/iscsi.conf 4659configuration file. 4660.It Va cfumass_enable 4661.Pq Vt bool 4662If set to 4663.Dq Li YES , 4664create and export an USB LUN using 4665.Xr cfumass 4 4666at boot time. 4667.It Va cfumass_dir 4668.Pq Vt str 4669The directory where the files exported by USB LUN are located. 4670The default directory is 4671.Pa /var/cfumass . 4672.It Va service_delete_empty 4673.Pq Vt bool 4674If set to 4675.Dq Li YES , 4676.Ql Li service delete 4677removes empty 4678.Dq Li rc.conf.d 4679files. 4680.It Va zfs_bootonce_activate 4681.Pq Vt bool 4682If set to 4683.Dq Li YES , 4684and a boot environment marked bootonce is successfully booted, 4685it will be made permanently active. 4686.It Va zfskeys_enable 4687.Pq Vt bool 4688If set to 4689.Dq Li YES , 4690enable auto-loading of encryption keys for encrypted ZFS datasets. 4691For every dataset the script will first load the appropriate encryption key 4692and then attempt to unlock the dataset. 4693.Pp 4694The script operates only on datasets which are encrypted with 4695ZFS native encryption 4696and have a ZFS 4697.Dq Li keylocation 4698dataset property beginning with 4699.Dq Li file:// . 4700.It Va zfskeys_datasets 4701.Pq Vt str 4702A whitespace-separated list of ZFS datasets to unlock. 4703The list is empty by default, 4704which means that the script will attempt to unlock all datasets. 4705.It Va zfskeys_timeout 4706.Pq Vt int 4707Define the total number of seconds to wait for the zfskeys script 4708to unlock an encrypted dataset. 4709The default is 10. 4710.El 4711.Sh FILES 4712.Bl -tag -width "/etc/defaults/rc.conf" -compact 4713.It Pa /etc/defaults/rc.conf 4714.It Pa /etc/defaults/vendor.conf 4715.It Pa /etc/rc.conf 4716.It Pa /etc/rc.conf.local 4717.It Pa /etc/rc.conf.d/ 4718.El 4719.Sh SEE ALSO 4720.Xr chmod 1 , 4721.Xr gdb 1 Pq Pa ports/devel/gdb , 4722.Xr info 1 , 4723.Xr kbdcontrol 1 , 4724.Xr limits 1 , 4725.Xr protect 1 , 4726.Xr sh 1 , 4727.Xr umask 1 , 4728.Xr vi 1 , 4729.Xr vidcontrol 1 , 4730.Xr bridge 4 , 4731.Xr dummynet 4 , 4732.Xr ip 4 , 4733.Xr ipf 4 , 4734.Xr ipfw 4 , 4735.Xr ipnat 4 , 4736.Xr kld 4 , 4737.Xr pf 4 , 4738.Xr pflog 4 , 4739.Xr pfsync 4 , 4740.Xr tcp 4 , 4741.Xr udp 4 , 4742.Xr exports 5 , 4743.Xr fstab 5 , 4744.Xr ipf 5 , 4745.Xr ipnat 5 , 4746.Xr jail.conf 5 , 4747.Xr loader.conf 5 , 4748.Xr login.conf 5 , 4749.Xr motd 5 , 4750.Xr newsyslog.conf 5 , 4751.Xr pf.conf 5 , 4752.Xr firewall 7 , 4753.Xr growfs 7 , 4754.Xr security 7 , 4755.Xr tuning 7 , 4756.Xr accton 8 , 4757.Xr apm 8 , 4758.Xr bsdinstall 8 , 4759.Xr bthidd 8 , 4760.Xr chkprintcap 8 , 4761.Xr chown 8 , 4762.Xr cron 8 , 4763.Xr devfs 8 , 4764.Xr dhclient 8 , 4765.Xr ftpd 8 , 4766.Xr geli 8 , 4767.Xr hcsecd 8 , 4768.Xr ifconfig 8 , 4769.Xr inetd 8 , 4770.Xr iovctl 8 , 4771.Xr ipf 8 , 4772.Xr ipfw 8 , 4773.Xr ipnat 8 , 4774.Xr jail 8 , 4775.Xr kldxref 8 , 4776.Xr loader 8 , 4777.Xr lpd 8 , 4778.Xr makewhatis 8 , 4779.Xr mdconfig 8 , 4780.Xr mdmfs 8 , 4781.Xr mixer 8 , 4782.Xr mountd 8 , 4783.Xr moused 8 , 4784.Xr newfs 8 , 4785.Xr newsyslog 8 , 4786.Xr nfsd 8 , 4787.Xr ntpd 8 , 4788.Xr ntpdate 8 , 4789.Xr pfctl 8 , 4790.Xr pflogd 8 , 4791.Xr ping 8 , 4792.Xr powerd 8 , 4793.Xr quotacheck 8 , 4794.Xr quotaon 8 , 4795.Xr rc 8 , 4796.Xr rc.sendmail 8 , 4797.Xr rc.subr 8 , 4798.Xr rcorder 8 , 4799.Xr rfcomm_pppd 8 , 4800.Xr route 8 , 4801.Xr routed 8 , 4802.Xr rpc.lockd 8 , 4803.Xr rpc.statd 8 , 4804.Xr rpc.tlsclntd 8 , 4805.Xr rpc.tlsservd 8 , 4806.Xr rpcbind 8 , 4807.Xr rwhod 8 , 4808.Xr savecore 8 , 4809.Xr sdpd 8 , 4810.Xr service 8 , 4811.Xr sshd 8 , 4812.Xr swapon 8 , 4813.Xr sysctl 8 , 4814.Xr syslogd 8 , 4815.Xr sysrc 8 , 4816.Xr unbound 8 , 4817.Xr usbconfig 8 , 4818.Xr wlandebug 8 , 4819.Xr yp 8 , 4820.Xr ypbind 8 , 4821.Xr ypserv 8 , 4822.Xr ypset 8 4823.Sh HISTORY 4824The 4825.Nm 4826file appeared in 4827.Fx 2.2.2 . 4828.Sh AUTHORS 4829.An Jordan K. Hubbard . 4830