xref: /freebsd/share/man/man5/rc.conf.5 (revision e6bfd18d21b225af6a0ed67ceeaf1293b7b9eba5)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd May 11, 2023
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/defaults/vendor.conf
63allows vendors to override
64.Fx
65defaults.
66The file
67.Pa /etc/rc.conf.local
68is used to override settings in
69.Pa /etc/rc.conf
70for historical reasons.
71.Pp
72The sysrc(8) command provides a scripting interface to modify system
73config files.
74.Pp
75In addition to
76.Pa /etc/rc.conf.local
77you can also place smaller configuration files for each
78.Xr rc 8
79script in the
80.Pa /etc/rc.conf.d
81directory or
82.Ao Ar dir Ac Ns Pa /rc.conf.d
83directories (where
84.Ao Ar dir Ac
85is each entry specified in
86.Va local_startup ,
87but with any trailing
88.Pa /rc.d
89stripped),
90which will be included by the
91.Va load_rc_config
92function.
93For jail configurations you could use the file
94.Pa /etc/rc.conf.d/jail
95to store jail-specific configuration options.
96If
97.Va local_startup
98contains
99.Pa /usr/local/etc/rc.d
100and
101.Pa /opt/conf ,
102.Pa /usr/local/etc/rc.conf.d/jail
103and
104.Pa /opt/conf/rc.conf.d/jail
105will be loaded.
106If
107.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
108is a directory,
109all of the files in the directory will be loaded.
110Also see the
111.Va rc_conf_files
112variable below.
113.Pp
114Options are set with
115.Dq Ar name Ns Li = Ns Ar value
116assignments that use
117.Xr sh 1
118syntax.
119The following list provides a name and short description for each
120variable that can be set in the
121.Nm
122file:
123.Bl -tag -width indent-two
124.It Va rc_debug
125.Pq Vt bool
126If set to
127.Dq Li YES ,
128enable output of debug messages from rc scripts.
129This variable can be helpful in diagnosing mistakes when
130editing or integrating new scripts.
131Beware that this produces copious output to the terminal and
132.Xr syslog 3 .
133.It Va rc_info
134.Pq Vt bool
135If set to
136.Dq Li NO ,
137disable informational messages from the rc scripts.
138Informational messages are displayed when
139a condition that is not serious enough to warrant a warning or
140an error occurs.
141.It Va rc_startmsgs
142.Pq Vt bool
143If set to
144.Dq Li YES ,
145show
146.Dq Starting foo:
147when faststart is used (e.g., at boot time).
148.It Va early_late_divider
149.Pq Vt str
150The name of the script that should be used as the
151delimiter between the
152.Dq early
153and
154.Dq late
155stages of the boot process.
156The early stage should contain all the services needed to
157get the disks (local or remote) mounted so that the late
158stage can include scripts contained in the directories
159listed in the
160.Va local_startup
161variable (see below).
162Thus, the two likely candidates for this value are
163.Pa mountcritlocal
164for the typical system, and
165.Pa mountcritremote
166if the system needs remote file
167systems mounted to get access to the
168.Va local_startup
169directories; for example when
170.Pa /usr/local
171is NFS mounted.
172For
173.Pa rc.conf
174within a
175.Xr jail 8
176.Pa NETWORKING
177is likely to be an appropriate value.
178Extreme care should be taken when changing this value,
179and before changing it one should ensure that there are
180adequate provisions to recover from a failed boot
181(such as physical contact with the machine,
182or reliable remote console access).
183.It Va always_force_depends
184.Pq Vt bool
185Various
186.Pa rc.d
187scripts use the force_depend function to check whether required
188services are already running, and to start them if necessary.
189By default during boot time this check is bypassed if the
190required service is enabled in
191.Pa /etc/rc.conf[.local] .
192Setting this option will bypass that check at boot time and
193always test whether or not the service is actually running.
194Enabling this option is likely to increase your boot time if
195services are enabled that utilize the force_depend check.
196.It Ao Ar name Ac Ns Va _chroot
197.Pq Vt str
198.Xr chroot 8
199to this directory before running the service.
200.It Ao Ar name Ac Ns Va _cpuset
201.Pq Vt str
202A list of CPUs to run the service on.
203Passed to
204.Xr cpuset 1
205using the
206.Fl l
207flag.
208.It Ao Ar name Ac Ns Va _fib
209.Pq Vt int
210The
211.Xr setfib 1
212value to run the service under.
213.It Ao Ar name Ac Ns Va _group
214.Pq Vt str
215Run the chrooted service under this system group.
216Unlike the
217.Ao Ar name Ac Ns Va _user
218setting, this setting has no effect if the service is not chrooted.
219.It Ao Ar name Ac Ns Va _limits
220.Pq Vt str
221Resource limits to apply to the service using
222.Xr limits 1 .
223By default, resource limits are based on the login class defined in
224.Ao Ar name Ac Ns Va _login_class .
225.It Ao Ar name Ac Ns Va _login_class
226.Pq Vt str
227Login class to be used with
228.Ao Ar name Ac Ns Va _limits .
229Defaults to
230.Dq Li daemon .
231.It Ao Ar name Ac Ns Va _nice
232.Pq Vt int
233The
234.Xr nice 1
235value to run the service under.
236.It Ao Ar name Ac Ns Va _oomprotect
237.Pq Vt str
238Use
239.Xr protect 1
240to prevent the service from being killed when swap space
241is exhausted.
242Use
243.Dq Li YES
244to protect only the service itself, and
245.Dq Li ALL
246to protect the service and all its child processes.
247.Pp
248Please note that rc scripts which redefine
249.Dl ${argument}_cmd
250.Pq see Xr rc.subr 8
251such as PostgreSQL will not inherit the OOM killer protection.
252.Pp
253This variable has no effect on services running within a
254.Xr jail 8 .
255.It Ao Ar name Ac Ns Va _umask
256.Pq Vt int
257Run the service using this
258.Xr umask 1
259value.
260.It Ao Ar name Ac Ns Va _user
261.Pq Vt str
262Run the service under this user account.
263.It Va apm_enable
264.Pq Vt bool
265If set to
266.Dq Li YES ,
267enable support for Automatic Power Management with
268the
269.Xr apm 8
270command.
271.It Va apmd_enable
272.Pq Vt bool
273Run
274.Xr apmd 8
275to handle APM event from userland.
276This also enables support for APM.
277.It Va apmd_flags
278.Pq Vt str
279If
280.Va apmd_enable
281is set to
282.Dq Li YES ,
283these are the flags to pass to the
284.Xr apmd 8
285daemon.
286.It Va devd_enable
287.Pq Vt bool
288Run
289.Xr devd 8
290to handle device added, removed or unknown events from the kernel.
291.It Va ddb_enable
292.Pq Vt bool
293Run
294.Xr ddb 8
295to install
296.Xr ddb 4
297scripts at boot time.
298.It Va ddb_config
299.Pq Vt str
300Configuration file for
301.Xr ddb 8 .
302Default
303.Pa /etc/ddb.conf .
304.It Va devmatch_enable
305.Pq Vt bool
306If set to
307.Dq Li NO ,
308disable auto-loading of kernel modules with
309.Xr devmatch 8 .
310.It Va devmatch_blocklist
311.Pq Vt str
312A whitespace-separated list of kernel modules to be ignored by
313.Xr devmatch 8 .
314In addition, the
315.Xr kenv 1
316.Va devmatch_blocklist
317is appended to this variable to allow disabling of
318.Xr devmatch 8
319loaded modules from the boot loader.
320.It Va devmatch_blacklist
321.Pq Vt str
322This variable is deprecated.
323Use
324.Va devmatch_blocklist
325instead.
326A whitespace-separated list of kernel modules to be ignored by
327.Xr devmatch 8 .
328.It Va kld_list
329.Pq Vt str
330A whitespace-separated list of kernel modules to load right after
331the local disks are mounted, without any
332.Pa .ko
333extension or path.
334Loading modules at this point in the boot process is
335much faster than doing it via
336.Pa /boot/loader.conf
337for those modules not necessary for mounting local disks.
338.It Va kldxref_enable
339.Pq Vt bool
340Set to
341.Dq Li NO
342by default.
343Set to
344.Dq Li YES
345to automatically rebuild
346.Pa linker.hints
347files with
348.Xr kldxref 8
349at boot time.
350.It Va kldxref_clobber
351.Pq Vt bool
352Set to
353.Dq Li NO
354by default.
355If
356.Va kldxref_enable
357is true,
358setting to
359.Dq Li YES
360will overwrite existing
361.Pa linker.hints
362files at boot time.
363Otherwise,
364only missing
365.Pa linker.hints
366files are generated.
367.It Va kldxref_module_path
368.Pq Vt str
369Empty by default.
370A semi-colon
371.Pq Ql \&;
372delimited list of paths containing
373.Xr kld 4
374modules.
375If empty,
376the contents of the
377.Va kern.module_path
378.Xr sysctl 8
379are used.
380.It Va powerd_enable
381.Pq Vt bool
382If set to
383.Dq Li YES ,
384enable the system power control facility with the
385.Xr powerd 8
386daemon.
387.It Va powerd_flags
388.Pq Vt str
389If
390.Va powerd_enable
391is set to
392.Dq Li YES ,
393these are the flags to pass to the
394.Xr powerd 8
395daemon.
396.It Va tmpmfs
397Controls the creation of a
398.Pa /tmp
399memory file system.
400Always happens if set to
401.Dq Li YES
402and never happens if set to
403.Dq Li NO .
404If set to anything else, a memory file system is created if
405.Pa /tmp
406is not writable.
407.It Va tmpsize
408Controls the size of a created
409.Pa /tmp
410memory file system.
411.It Va tmpmfs_flags
412Extra options passed to the
413.Xr mdmfs 8
414utility when the memory file system for
415.Pa /tmp
416is created.
417The default is
418.Dq Li "-S" ,
419which inhibits the use of softupdates on
420.Pa /tmp
421so that file system space is freed without delay
422after file truncation or deletion.
423See
424.Xr mdmfs 8
425for other options you can use in
426.Va tmpmfs_flags .
427.It Va varmfs
428Controls the creation of a
429.Pa /var
430memory file system.
431Always happens if set to
432.Dq Li YES
433and never happens if set to
434.Dq Li NO .
435If set to anything else, a memory file system is created if
436.Pa /var
437is not writable.
438.It Va varsize
439Controls the size of a created
440.Pa /var
441memory file system.
442.It Va varmfs_flags
443Extra options passed to the
444.Xr mdmfs 8
445utility when the memory file system for
446.Pa /var
447is created.
448The default is
449.Dq Li "-S" ,
450which inhibits the use of softupdates on
451.Pa /var
452so that file system space is freed without delay
453after file truncation or deletion.
454See
455.Xr mdmfs 8
456for other options you can use in
457.Va varmfs_flags .
458.It Va populate_var
459Controls the automatic population of the
460.Pa /var
461file system.
462Always happens if set to
463.Dq Li YES
464and never happens if set to
465.Dq Li NO .
466If set to anything else, a memory file system is created if
467.Pa /var
468is not writable.
469Note that this process requires access to certain commands in
470.Pa /usr
471before
472.Pa /usr
473is mounted on normal systems.
474.It Va cleanvar_enable
475.Pq Vt bool
476Clean the
477.Pa /var
478directory.
479.It Va var_run_enable
480.Pq Vt bool
481Set to "YES" to enable saving of the
482.Pa /var/run
483directory structure into an mtree file at shutdown and the reload of the
484.Pa /var/run
485directory structure at boot.
486.It Va var_run_autosave
487.Pq Vt bool
488In some cases it may be undesirable to save
489.Pa /var/run
490at shutdown.
491When set to "NO"
492.Pa /var/run
493is loaded at reboot but not saved at shutdown.
494Typically in this scenario
495.Ql service var_run save
496would be performed to save a copy of the
497.Pa /var/run
498directory structure once, to be reloaded during all subsequent reboots.
499.It Va var_run_mtree
500.Pq Vt str
501Where to save the
502.Pa /var/run
503mtree.
504The default location is
505.Pa /var/db/mtree/BSD.var-run.mtree .
506.It Va local_startup
507.Pq Vt str
508List of directories to search for startup script files.
509.It Va script_name_sep
510.Pq Vt str
511The field separator to use for breaking down the list of startup script files
512into individual filenames.
513The default is a space.
514It is not necessary to change this unless there are startup scripts with names
515containing spaces.
516.It Va hostapd_enable
517.Pq Vt bool
518Set to
519.Dq Li YES
520to start
521.Xr hostapd 8
522at system boot time.
523.It Va hostname
524.Pq Vt str
525The fully qualified domain name (FQDN) of this host on the network.
526This should almost certainly be set to something meaningful, even if
527there is no network connection.
528If
529.Xr dhclient 8
530is used to set the hostname via DHCP,
531this variable should be set to an empty string.
532Within a
533.Xr jail 8
534the hostname is generally already set and this variable may be absent.
535If this value remains unset when the system is done booting
536your console login will display the default hostname of
537.Dq Amnesiac .
538.It Va nisdomainname
539.Pq Vt str
540The NIS domain name of this host, or
541.Dq Li NO
542if NIS is not used.
543.It Va hostid_enable
544.Pq Vt bool
545If set to
546.Dq Li NO ,
547disable the generation or saving of the
548.Pa hostid
549and
550.Pa machine-id
551files at system boot and shutdown.
552.It Va hostid_file
553.Pq Vt str
554Path to the
555.Pa hostid
556file, default
557.Pa /etc/hostid .
558.It Va hostid_uuidgen_flags
559.Pq Vt str
560Flags passed to
561.Xr uuidgen 1
562when generating a software host UUID.
563This is used only if the system cannot determine a hardware UUID.
564Set to
565.Dq Li -r
566by default.
567.It Va machine_id_file
568.Pq Vt str
569Path to the
570.Pa machine-id
571file, default
572.Pa /etc/machine-id .
573.It Va dhclient_program
574.Pq Vt str
575Path to the DHCP client program, defaulting to
576.Pa /sbin/dhclient .
577.It Va dhclient_flags
578.Pq Vt str
579Additional flags to pass to the DHCP client program.
580See the
581.Xr dhclient 8
582manpage for a description of the command line options available.
583.It Va dhclient_flags_ Ns Aq Ar iface
584Additional flags to pass to the DHCP client program running on
585.Ar iface
586only.
587When specified, this variable overrides
588.Va dhclient_flags .
589.It Va background_dhclient
590.Pq Vt bool
591Set to
592.Dq Li YES
593to start the DHCP client in background.
594This can cause trouble with applications depending on
595a working network, but it will provide a faster startup
596in many cases.
597.It Va background_dhclient_ Ns Aq Ar iface
598When specified, this variable overrides the
599.Va background_dhclient
600variable for interface
601.Ar iface
602only.
603.It Va synchronous_dhclient
604.Pq Vt bool
605Set to
606.Dq Li YES
607to start
608.Xr dhclient 8
609synchronously at startup.
610This behavior can be overridden on a per-interface basis by replacing
611the
612.Dq Li DHCP
613keyword in the
614.Va ifconfig_ Ns Aq Ar interface
615variable with
616.Dq Li SYNCDHCP
617or
618.Dq Li NOSYNCDHCP .
619.It Va defaultroute_delay
620.Pq Vt int
621When set to a positive value, wait up to this long after configuring
622DHCP interfaces at startup to give the interfaces time to receive a lease.
623.It Va firewall_enable
624.Pq Vt bool
625Set to
626.Dq Li YES
627to load firewall rules at startup.
628If the kernel was not built with
629.Cd "options IPFIREWALL" ,
630the
631.Pa ipfw.ko
632kernel module will be loaded.
633See also
634.Va ipfilter_enable .
635.It Va firewall_script
636.Pq Vt str
637This variable specifies the full path to the firewall script to run.
638The default is
639.Pa /etc/rc.firewall .
640.It Va firewall_type
641.Pq Vt str
642Names the firewall type from the selection in
643.Pa /etc/rc.firewall ,
644or the file which contains the local firewall ruleset.
645Valid selections from
646.Pa /etc/rc.firewall
647are:
648.Pp
649.Bl -tag -width ".Li workstation" -compact
650.It Li open
651unrestricted IP access
652.It Li closed
653all IP services disabled, except via
654.Dq Li lo0
655.It Li client
656basic protection for a workstation
657.It Li workstation
658basic protection for a workstation using stateful firewalling
659.It Li simple
660basic protection for a LAN.
661.El
662.Pp
663If a filename is specified, the full path
664must be given.
665.Pp
666Most of the predefined rulesets define additional configuration variables.
667These are documented in
668.Pa /etc/rc.firewall .
669.It Va firewall_quiet
670.Pq Vt bool
671Set to
672.Dq Li YES
673to disable the display of firewall rules on the console during boot.
674.It Va firewall_logging
675.Pq Vt bool
676Set to
677.Dq Li YES
678to enable firewall event logging.
679This is equivalent to the
680.Dv IPFIREWALL_VERBOSE
681kernel option.
682.It Va firewall_logif
683.Pq Vt bool
684Set to
685.Dq Li YES
686to create pseudo interface
687.Li ipfw0
688for logging.
689For more details, see
690.Xr ipfw 8
691manual page.
692.It Va firewall_flags
693.Pq Vt str
694Flags passed to
695.Xr ipfw 8
696if
697.Va firewall_type
698specifies a filename.
699.It Va firewall_coscripts
700.Pq Vt str
701List of executables and/or rc scripts to run after firewall starts/stops.
702Default is empty.
703.\" ----- firewall_nat_enable setting --------------------------------
704.It Va firewall_nat_enable
705.Pq Vt bool
706The
707.Xr ipfw 8
708equivalent of
709.Va natd_enable .
710Setting this to
711.Dq Li YES
712will automatically load the
713.Xr ipfw 8
714NAT kernel module if
715.Va firewall_enable
716is also set to
717.Dq Li YES .
718.It Va firewall_nat_interface
719.Pq Vt str
720The
721.Xr ipfw 8
722equivalent of
723.Va natd_interface .
724This is the name of the public interface or IP address on which
725kernel NAT should run.
726.It Va firewall_nat_flags
727.Pq Vt str
728Additional configuration parameters for kernel NAT should be placed here.
729.It Va firewall_nat64_enable
730.Pq Vt bool
731Setting this to
732.Dq Li YES
733will automatically load the
734.Xr ipfw 8
735NAT64 kernel module if
736.Va firewall_enable
737is also set to
738.Dq Li YES .
739.It Va firewall_nptv6_enable
740.Pq Vt bool
741Setting this to
742.Dq Li YES
743will automatically load the
744.Xr ipfw 8
745NPTv6 kernel module if
746.Va firewall_enable
747is also set to
748.Dq Li YES .
749.It Va firewall_pmod_enable
750.Pq Vt bool
751Setting this to
752.Dq Li YES
753will automatically load the
754.Xr ipfw 8
755pmod kernel module if
756.Va firewall_enable
757is also set to
758.Dq Li YES .
759.It Va dummynet_enable
760.Pq Vt bool
761Setting this to
762.Dq Li YES
763will automatically load the
764.Xr dummynet 4
765module if
766.Va firewall_enable
767is also set to
768.Dq Li YES .
769.\" -------------------------------------------------------------------
770.It Va ipfw_netflow_enable
771.Pq Vt bool
772Setting this to
773.Dq Li YES
774will enable netflow logging via
775.Xr ng_netflow 4 .
776.Pp
777By default a ipfw rule is inserted and all packets are duplicated with
778the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
779port using protocol version 5.
780.It Va ipfw_netflow_hook
781.Pq Vt int
782netflow hook name, must be numerical
783(default
784.Pa 9995 ) .
785.It Va ipfw_netflow_rule
786.Pq Vt int
787ipfw rule number
788(default
789.Pa 1000 ) .
790.It Va ipfw_netflow_ip
791.Pq Vt str
792Destination server ip for receiving netflow data
793(default
794.Pa 127.0.0.1 ) .
795.It Va ipfw_netflow_port
796.Pq Vt int
797Destination server port for receiving netflow data
798(default
799.Pa 9995 ) .
800.It Va ipfw_netflow_version
801.Pq Vt int
802Do not set for using version 5 of the netflow protocol, set it to 9 for using
803version 9.
804.It Va ipfw_netflow_fib
805.Pq Vt int
806Only match packet in FIB
807.Pa ipfw_netflow_fib
808(default is undefined meaning all FIBs).
809.It Va natd_program
810.Pq Vt str
811Path to
812.Xr natd 8 .
813.It Va natd_enable
814.Pq Vt bool
815Set to
816.Dq Li YES
817to enable
818.Xr natd 8 .
819.Va firewall_enable
820must also be set to
821.Dq Li YES ,
822and
823.Xr divert 4
824sockets must be enabled in the kernel.
825If the kernel was not built with
826.Cd "options IPDIVERT" ,
827the
828.Pa ipdivert.ko
829kernel module will be loaded.
830.It Va natd_interface
831.Pq Vt str
832This is the name of the public interface on which
833.Xr natd 8
834should run.
835The interface may be given as an interface name or as an IP address.
836.It Va natd_flags
837.Pq Vt str
838Additional
839.Xr natd 8
840flags should be placed here.
841The
842.Fl n
843or
844.Fl a
845flag is automatically added with the above
846.Va natd_interface
847as an argument.
848.\" ----- ipfilter_enable setting --------------------------------
849.It Va ipfilter_enable
850.Pq Vt bool
851Set to
852.Dq Li NO
853by default.
854Setting this to
855.Dq Li YES
856enables
857.Xr ipf 8
858packet filtering.
859.Pp
860Typical usage will require putting
861.Bd -literal
862ipfilter_enable="YES"
863ipnat_enable="YES"
864ipmon_enable="YES"
865ipfs_enable="YES"
866.Ed
867.Pp
868into
869.Pa /etc/rc.conf
870and editing
871.Pa /etc/ipf.rules
872and
873.Pa /etc/ipnat.rules
874appropriately.
875.Pp
876Note that
877.Va ipfilter_enable
878and
879.Va ipnat_enable
880can be enabled independently.
881.Va ipmon_enable
882and
883.Va ipfs_enable
884both require at least one of
885.Va ipfilter_enable
886and
887.Va ipnat_enable
888to be enabled.
889.Pp
890Having
891.Bd -literal
892options IPFILTER
893options IPFILTER_LOG
894options IPFILTER_DEFAULT_BLOCK
895.Ed
896.Pp
897in the kernel configuration file is a good idea, too.
898.\" ----- ipfilter_program setting ------------------------------
899.It Va ipfilter_program
900.Pq Vt str
901Path to
902.Xr ipf 8
903(default
904.Pa /sbin/ipf ) .
905.\" ----- ipfilter_rules setting --------------------------------
906.It Va ipfilter_rules
907.Pq Vt str
908Set to
909.Pa /etc/ipf.rules
910by default.
911This variable contains the name of the filter rule definition file.
912The file is expected to be readable for the
913.Xr ipf 8
914command to execute.
915.\" ----- ipfilter_flags setting --------------------------------
916.It Va ipfilter_flags
917.Pq Vt str
918Empty by default.
919This variable contains flags passed to the
920.Xr ipf 8
921program.
922.\" ----- ipnat_enable setting ----------------------------------
923.It Va ipnat_enable
924.Pq Vt bool
925Set to
926.Dq Li NO
927by default.
928Set it to
929.Dq Li YES
930to enable
931.Xr ipnat 8
932network address translation.
933See
934.Va ipfilter_enable
935for a detailed discussion.
936.\" ----- ipnat_program setting ---------------------------------
937.It Va ipnat_program
938.Pq Vt str
939Path to
940.Xr ipnat 8
941(default
942.Pa /sbin/ipnat ) .
943.\" ----- ipnat_rules setting -----------------------------------
944.It Va ipnat_rules
945.Pq Vt str
946Set to
947.Pa /etc/ipnat.rules
948by default.
949This variable contains the name of the file
950holding the network address translation definition.
951This file is expected to be readable for the
952.Xr ipnat 8
953command to execute.
954.\" ----- ipnat_flags setting -----------------------------------
955.It Va ipnat_flags
956.Pq Vt str
957Empty by default.
958This variable contains flags passed to the
959.Xr ipnat 8
960program.
961.\" ----- ipmon_enable setting ----------------------------------
962.It Va ipmon_enable
963.Pq Vt bool
964Set to
965.Dq Li NO
966by default.
967Set it to
968.Dq Li YES
969to enable
970.Xr ipmon 8
971monitoring (logging
972.Xr ipf 8
973and
974.Xr ipnat 8
975events).
976Setting this variable needs setting
977.Va ipfilter_enable
978or
979.Va ipnat_enable
980too.
981See
982.Va ipfilter_enable
983for a detailed discussion.
984.\" ----- ipmon_program setting ---------------------------------
985.It Va ipmon_program
986.Pq Vt str
987Path to
988.Xr ipmon 8
989(default
990.Pa /sbin/ipmon ) .
991.\" ----- ipmon_flags setting -----------------------------------
992.It Va ipmon_flags
993.Pq Vt str
994Set to
995.Dq Li -Ds
996by default.
997This variable contains flags passed to the
998.Xr ipmon 8
999program.
1000Another typical example would be
1001.Dq Fl D Pa /var/log/ipflog
1002to have
1003.Xr ipmon 8
1004log directly to a file bypassing
1005.Xr syslogd 8 .
1006Make sure to adjust
1007.Pa /etc/newsyslog.conf
1008in such case like this:
1009.Bd -literal
1010/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
1011.Ed
1012.\" ----- ipfs_enable setting -----------------------------------
1013.It Va ipfs_enable
1014.Pq Vt bool
1015Set to
1016.Dq Li NO
1017by default.
1018Set it to
1019.Dq Li YES
1020to enable
1021.Xr ipfs 8
1022saving the filter and NAT state tables during shutdown
1023and reloading them during startup again.
1024Setting this variable needs setting
1025.Va ipfilter_enable
1026or
1027.Va ipnat_enable
1028to
1029.Dq Li YES
1030too.
1031See
1032.Va ipfilter_enable
1033for a detailed discussion.
1034Note that if
1035.Va kern_securelevel
1036is set to 3,
1037.Va ipfs_enable
1038cannot be used
1039because the raised securelevel will prevent
1040.Xr ipfs 8
1041from saving the state tables at shutdown time.
1042.\" ----- ipfs_program setting ----------------------------------
1043.It Va ipfs_program
1044.Pq Vt str
1045Path to
1046.Xr ipfs 8
1047(default
1048.Pa /sbin/ipfs ) .
1049.\" ----- ipfs_flags setting ------------------------------------
1050.It Va ipfs_flags
1051.Pq Vt str
1052Empty by default.
1053This variable contains flags passed to the
1054.Xr ipfs 8
1055program.
1056.\" ----- end of added ipf hook ---------------------------------
1057.It Va pf_enable
1058.Pq Vt bool
1059Set to
1060.Dq Li NO
1061by default.
1062Setting this to
1063.Dq Li YES
1064enables
1065.Xr pf 4
1066packet filtering.
1067.Pp
1068Typical usage will require putting
1069.Pp
1070.Dl pf_enable="YES"
1071.Pp
1072into
1073.Pa /etc/rc.conf
1074and editing
1075.Pa /etc/pf.conf
1076appropriately.
1077Adding
1078.Pp
1079.Dl "device pf"
1080.Pp
1081builds support for
1082.Xr pf 4
1083into the kernel, otherwise the
1084kernel module will be loaded.
1085.It Va pf_rules
1086.Pq Vt str
1087Path to
1088.Xr pf 4
1089ruleset configuration file
1090(default
1091.Pa /etc/pf.conf ) .
1092.It Va pf_program
1093.Pq Vt str
1094Path to
1095.Xr pfctl 8
1096(default
1097.Pa /sbin/pfctl ) .
1098.It Va pf_flags
1099.Pq Vt str
1100If
1101.Va pf_enable
1102is set to
1103.Dq Li YES ,
1104these flags are passed to the
1105.Xr pfctl 8
1106program when loading the ruleset.
1107.It Va pf_fallback_rules_enable
1108.Pq Vt bool
1109Set to
1110.Dq Li NO
1111by default.
1112Setting this to
1113.Dq Li YES
1114enables loading
1115.Va pf_fallback_rules_file
1116or
1117.Va pf_fallback_rules
1118in case of a problem when loading the ruleset in
1119.Va pf_rules .
1120.It Va pf_fallback_rules_file
1121.Pq Vt str
1122Path to a pf ruleset to load in case of failure when loading the
1123ruleset in
1124.Va pf_rules
1125(default
1126.Pa /etc/pf-fallback.conf ) .
1127.It Va pf_fallback_rules
1128.Pq Vt str
1129A pf ruleset to load in case of failure when loading the ruleset in
1130.Va pf_rules
1131and
1132.Va pf_fallback_rules_file
1133is not found.
1134Multiple rules can be set as follows:
1135.Bd -literal
1136pf_fallback_rules="\\
1137	block drop log all\\
1138	pass in quick on em0"
1139.Pp
1140.Ed
1141The default fallback rule is
1142.Dq block drop log all
1143.It Va pflog_enable
1144.Pq Vt bool
1145Set to
1146.Dq Li NO
1147by default.
1148Setting this to
1149.Dq Li YES
1150enables
1151.Xr pflogd 8
1152which logs packets from the
1153.Xr pf 4
1154packet filter.
1155.It Va pflog_logfile
1156.Pq Vt str
1157If
1158.Va pflog_enable
1159is set to
1160.Dq Li YES
1161this controls where
1162.Xr pflogd 8
1163stores the logfile
1164(default
1165.Pa /var/log/pflog ) .
1166Check
1167.Pa /etc/newsyslog.conf
1168to adjust logfile rotation for this.
1169.It Va pflog_program
1170.Pq Vt str
1171Path to
1172.Xr pflogd 8
1173(default
1174.Pa /sbin/pflogd ) .
1175.It Va pflog_flags
1176.Pq Vt str
1177Empty by default.
1178This variable contains additional flags passed to the
1179.Xr pflogd 8
1180program.
1181.It Va pflog_instances
1182.Pq Vt str
1183If logging to more than one
1184.Xr pflog 4
1185interface is desired,
1186.Va pflog_instances
1187is set to the list of
1188.Xr pflogd 8
1189instances that should be started at system boot time.
1190If
1191.Va pflog_instances
1192is set, for each whitespace-separated
1193.Ar element
1194in the list,
1195.Ao Ar element Ac Ns Va _dev
1196and
1197.Ao Ar element Ac Ns Va _logfile
1198elements are assumed to exist.
1199.Ao Ar element Ac Ns Va _dev
1200must contain the
1201.Xr pflog 4
1202interface to be watched by the named
1203.Xr pflogd 8
1204instance.
1205.Ao Ar element Ac Ns Va _logfile
1206must contain the name of the logfile that will be used by the
1207.Xr pflogd 8
1208instance.
1209.It Va ftpproxy_enable
1210.Pq Vt bool
1211Set to
1212.Dq Li NO
1213by default.
1214Setting this to
1215.Dq Li YES
1216enables
1217.Xr ftp-proxy 8
1218which supports the
1219.Xr pf 4
1220packet filter in translating ftp connections.
1221.It Va ftpproxy_flags
1222.Pq Vt str
1223Empty by default.
1224This variable contains additional flags passed to the
1225.Xr ftp-proxy 8
1226program.
1227.It Va ftpproxy_instances
1228.Pq Vt str
1229Empty by default.
1230If multiple instances of
1231.Xr ftp-proxy 8
1232are desired at boot time,
1233.Va ftpproxy_instances
1234should contain a whitespace-separated list of instance names.
1235For each
1236.Ar element
1237in the list, a variable named
1238.Ao Ar element Ac Ns Va _flags
1239should be defined, containing the command-line flags to be passed to the
1240.Xr ftp-proxy 8
1241instance.
1242.It Va pfsync_enable
1243.Pq Vt bool
1244Set to
1245.Dq Li NO
1246by default.
1247Setting this to
1248.Dq Li YES
1249enables exposing
1250.Xr pf 4
1251state changes to other hosts over the network by means of
1252.Xr pfsync 4 .
1253The
1254.Va pfsync_syncdev
1255variable
1256must also be set then.
1257.It Va pfsync_syncdev
1258.Pq Vt str
1259Empty by default.
1260This variable specifies the name of the network interface
1261.Xr pfsync 4
1262should operate through.
1263It must be set accordingly if
1264.Va pfsync_enable
1265is set to
1266.Dq Li YES .
1267.It Va pfsync_syncpeer
1268.Pq Vt str
1269Empty by default.
1270This variable is optional.
1271By default, state change messages are sent out on the synchronisation
1272interface using IP multicast packets.
1273The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1274224.0.0.240.
1275When a peer address is specified using the
1276.Va pfsync_syncpeer
1277option, the peer address is used as a destination for the pfsync
1278traffic, and the traffic can then be protected using
1279.Xr ipsec 4 .
1280See the
1281.Xr pfsync 4
1282manpage for more details about using
1283.Xr ipsec 4
1284with
1285.Xr pfsync 4
1286interfaces.
1287.It Va pfsync_ifconfig
1288.Pq Vt str
1289Empty by default.
1290This variable can contain additional options to be passed to the
1291.Xr ifconfig 8
1292command used to set up
1293.Xr pfsync 4 .
1294.It Va tcp_extensions
1295.Pq Vt bool
1296Set to
1297.Dq Li YES
1298by default.
1299Setting this to
1300.Dq Li NO
1301disables certain TCP options as described by
1302.Rs
1303.%T "RFC 1323"
1304.Re
1305Setting this to
1306.Dq Li NO
1307might help remedy such problems with connections as randomly hanging
1308or other weird behavior.
1309Some network devices are known
1310to be broken with respect to these options.
1311.It Va log_in_vain
1312.Pq Vt int
1313Set to 0 by default.
1314The
1315.Xr sysctl 8
1316variables,
1317.Va net.inet.tcp.log_in_vain
1318and
1319.Va net.inet.udp.log_in_vain ,
1320as described in
1321.Xr tcp 4
1322and
1323.Xr udp 4 ,
1324are set to the given value.
1325.It Va tcp_keepalive
1326.Pq Vt bool
1327Set to
1328.Dq Li YES
1329by default.
1330Setting to
1331.Dq Li NO
1332will disable probing idle TCP connections to verify that the
1333peer is still up and reachable.
1334.It Va tcp_drop_synfin
1335.Pq Vt bool
1336Set to
1337.Dq Li NO
1338by default.
1339Setting to
1340.Dq Li YES
1341will cause the kernel to ignore TCP frames that have both
1342the SYN and FIN flags set.
1343This prevents OS fingerprinting, but may
1344break some legitimate applications.
1345.It Va icmp_drop_redirect
1346.Pq Vt bool
1347Set to
1348.Dq Li AUTO
1349by default.
1350This setting will be identical to
1351.Dq Li YES ,
1352if a dynamic routing daemon is enabled, because redirect processing may
1353cause performance issues for large routing tables.
1354If no such service is enabled, this setting behaves like a
1355.Dq Li NO .
1356Setting to
1357.Dq Li YES
1358will cause the kernel to ignore ICMP REDIRECT packets.
1359Setting to
1360.Dq Li NO
1361will cause the kernel to process ICMP REDIRECT packets.
1362Refer to
1363.Xr icmp 4
1364for more information.
1365.It Va icmp_log_redirect
1366.Pq Vt bool
1367Set to
1368.Dq Li NO
1369by default.
1370Setting to
1371.Dq Li YES
1372will cause the kernel to log ICMP REDIRECT packets.
1373Note that
1374the log messages are not rate-limited, so this option should only be used
1375for troubleshooting networks.
1376Refer to
1377.Xr icmp 4
1378for more information.
1379.It Va icmp_bmcastecho
1380.Pq Vt bool
1381Set to
1382.Dq Li YES
1383to respond to broadcast or multicast ICMP ping packets.
1384Refer to
1385.Xr icmp 4
1386for more information.
1387.It Va ip_portrange_first
1388.Pq Vt int
1389If not set to
1390.Dq Li NO ,
1391this is the first port in the default portrange.
1392Refer to
1393.Xr ip 4
1394for more information.
1395.It Va ip_portrange_last
1396.Pq Vt int
1397If not set to
1398.Dq Li NO ,
1399this is the last port in the default portrange.
1400Refer to
1401.Xr ip 4
1402for more information.
1403.It Va network_interfaces
1404.Pq Vt str
1405Set to the list of network interfaces to configure on this host or
1406.Dq Li AUTO
1407(the default) for all current interfaces.
1408Setting the
1409.Va network_interfaces
1410variable to anything other than the default is deprecated.
1411Interfaces that the administrator wishes to store configuration for,
1412but not start at boot should be configured with the
1413.Dq Li NOAUTO
1414keyword in their
1415.Va ifconfig_ Ns Aq Ar interface
1416variables as described below.
1417.Pp
1418An
1419.Va ifconfig_ Ns Aq Ar interface
1420variable is also assumed to exist for each value of
1421.Ar interface .
1422When an interface name contains any of the characters
1423.Dq Li .-/+
1424they are translated to
1425.Dq Li _
1426before lookup.
1427The variable can contain arguments to
1428.Xr ifconfig 8 ,
1429as well as special case-insensitive keywords described below.
1430Such keywords are removed before passing the value to
1431.Xr ifconfig 8
1432while the order of the other arguments is preserved.
1433.Pp
1434It is possible to add IP alias entries using
1435.Xr ifconfig 8
1436syntax with the address family keyword such as
1437.Li inet .
1438Assuming that the interface in question was
1439.Li em0 ,
1440it might look something like this:
1441.Bd -literal
1442ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1443ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1444.Ed
1445.Pp
1446It also possible to configure multiple IP addresses in Classless
1447Inter-Domain Routing
1448.Pq CIDR
1449address notation,
1450whose each address component can be a range like
1451.Li inet 192.0.2.5-23/24
1452or
1453.Li inet6 2001:db8:1-f::1/64 .
1454This notation allows address and prefix length part only,
1455not the other address modifiers.
1456Note that the maximum number of the generated addresses from a range
1457specification is limited to an integer value specified in
1458.Va netif_ipexpand_max
1459in
1460.Nm
1461because a small typo can unexpectedly generate a large number of addresses.
1462The default value is
1463.Li 2048 .
1464It can be increased by adding the following line into
1465.Nm :
1466.Bd -literal
1467netif_ipexpand_max="4096"
1468.Ed
1469.Pp
1470In the case of
1471.Li 192.0.2.5-23/24 ,
1472the address 192.0.2.5 will be configured with the
1473netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1474the non-conflicting netmask /32 as explained in the
1475.Xr ifconfig 8
1476alias section.
1477Note that this special netmask handling is only for
1478.Li inet ,
1479not for the other address families such as
1480.Li inet6 .
1481.Pp
1482With the interface in question being
1483.Li em0 ,
1484an example could look like:
1485.Bd -literal
1486ifconfig_em0_alias2="inet 192.0.2.129/27"
1487ifconfig_em0_alias3="inet 192.0.2.1-5/28"
1488.Ed
1489.Pp
1490and so on.
1491.Pp
1492Note that deprecated
1493.Va ipv4_addrs_ Ns Aq Ar interface
1494variable was supported for IPv4 CIDR address notation.
1495The
1496.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1497variable replaces it, though
1498.Va ipv4_addrs_ Ns Aq Ar interface
1499is still supported for backward compatibility.
1500.Pp
1501For each
1502.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1503entry with an address family keyword,
1504its contents are passed to
1505.Xr ifconfig 8 .
1506Execution stops at the first unsuccessful access, so if
1507something like this is present:
1508.Bd -literal
1509ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1510ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1511ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1512ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1513.Ed
1514.Pp
1515Then note that alias4 would
1516.Em not
1517be added since the search would
1518stop with the missing
1519.Dq Li alias3
1520entry.
1521Because of this difficult to manage behavior,
1522there is
1523.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1524variable, which has the same functionality as
1525.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1526and can have all of the entries in a variable like the following:
1527.Bd -literal
1528ifconfig_em0_aliases="\\
1529	inet 127.0.0.251 netmask 0xffffffff \\
1530	inet 127.0.0.252 netmask 0xffffffff \\
1531	inet 127.0.0.253 netmask 0xffffffff \\
1532	inet 127.0.0.254 netmask 0xffffffff"
1533.Ed
1534.Pp
1535It also supports CIDR notation.
1536.Pp
1537If the
1538.Pa /etc/start_if . Ns Aq Ar interface
1539file is present, it is read and executed by the
1540.Xr sh 1
1541interpreter
1542before configuring the interface as specified in the
1543.Va ifconfig_ Ns Aq Ar interface
1544and
1545.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1546variables.
1547.Pp
1548If a
1549.Va vlans_ Ns Aq Ar interface
1550variable is set,
1551a
1552.Xr vlan 4
1553interface will be created for each item in the list with the
1554.Ar vlandev
1555argument set to
1556.Ar interface .
1557If a vlan interface's name is a number,
1558then that number is used as the vlan tag and the new vlan interface is
1559named
1560.Ar interface . Ns Ar tag .
1561Otherwise,
1562the vlan tag must be specified via a
1563.Va vlan
1564parameter in the
1565.Va create_args_ Ns Aq Ar interface
1566variable.
1567.Pp
1568To create a vlan device named
1569.Li em0.101
1570on
1571.Li em0
1572with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24:
1573.Bd -literal
1574vlans_em0="101"
1575ifconfig_em0_101="inet 192.0.2.1/24"
1576.Ed
1577.Pp
1578To create a vlan device named
1579.Li myvlan
1580on
1581.Li em0
1582with the vlan tag 102:
1583.Bd -literal
1584vlans_em0="myvlan"
1585create_args_myvlan="vlan 102"
1586.Ed
1587.Pp
1588If a
1589.Va wlans_ Ns Aq Ar interface
1590variable is set,
1591an
1592.Xr wlan 4
1593interface will be created for each item in the list with the
1594.Ar wlandev
1595argument set to
1596.Ar interface .
1597Further wlan cloning arguments may be passed to the
1598.Xr ifconfig 8
1599.Cm create
1600command by setting the
1601.Va create_args_ Ns Aq Ar interface
1602variable.
1603One or more
1604.Xr wlan 4
1605devices must be created for each wireless device as of
1606.Fx 8.0 .
1607Debugging flags for
1608.Xr wlan 4
1609devices as set by
1610.Xr wlandebug 8
1611may be specified with an
1612.Va wlandebug_ Ns Aq Ar interface
1613variable.
1614The contents of this variable will be passed directly to
1615.Xr wlandebug 8 .
1616.Pp
1617If the
1618.Va ifconfig_ Ns Aq Ar interface
1619contains the keyword
1620.Dq Li NOAUTO
1621then the interface will not be configured
1622at boot or by
1623.Pa /etc/pccard_ether
1624when
1625.Va network_interfaces
1626is set to
1627.Dq Li AUTO .
1628.Pp
1629It is possible to bring up an interface with DHCP by adding
1630.Dq Li DHCP
1631to the
1632.Va ifconfig_ Ns Aq Ar interface
1633variable.
1634For instance, to initialize the
1635.Li em0
1636device via DHCP,
1637it is possible to use something like:
1638.Bd -literal
1639ifconfig_em0="DHCP"
1640.Ed
1641.Pp
1642If you want to configure your wireless interface with
1643.Xr wpa_supplicant 8
1644for use with WPA, EAP/LEAP or WEP, you need to add
1645.Dq Li WPA
1646to the
1647.Va ifconfig_ Ns Aq Ar interface
1648variable.
1649.Pp
1650On the other hand, if you want to configure your wireless interface with
1651.Xr hostapd 8 ,
1652you need to add
1653.Dq Li HOSTAP
1654to the
1655.Va ifconfig_ Ns Aq Ar interface
1656variable.
1657.Xr hostapd 8
1658will use the settings from
1659.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1660.Pp
1661Finally, you can add
1662.Xr ifconfig 8
1663options in this variable, in addition to the
1664.Pa /etc/start_if . Ns Aq Ar interface
1665file.
1666For instance, to configure an
1667.Xr ath 4
1668wireless device in station mode with an address obtained
1669via DHCP, using WPA authentication and 802.11b mode, it is
1670possible to use something like:
1671.Bd -literal
1672wlans_ath0="wlan0"
1673ifconfig_wlan0="DHCP WPA mode 11b"
1674.Ed
1675.Pp
1676In addition to the
1677.Va ifconfig_ Ns Aq Ar interface
1678form, a fallback variable
1679.Va ifconfig_DEFAULT
1680may be configured.
1681It will be used for all interfaces with no
1682.Va ifconfig_ Ns Aq Ar interface
1683variable.
1684.Pp
1685It is also possible to rename an interface by doing:
1686.Bd -literal
1687ifconfig_em0_name="net0"
1688ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1689.Ed
1690.It Va ipv6_enable
1691.Pq Vt bool
1692This variable is deprecated.
1693Use
1694.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1695and
1696.Va ipv6_activate_all_interfaces
1697if necessary.
1698.Pp
1699If the variable is
1700.Dq Li YES ,
1701.Dq Li inet6 accept_rtadv
1702is added to all of
1703.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1704and the
1705.Va ipv6_activate_all_interfaces
1706is defined as
1707.Dq Li YES .
1708.It Va ipv6_prefer
1709.Pq Vt bool
1710This variable is deprecated.
1711Use
1712.Va ip6addrctl_policy
1713instead.
1714.Pp
1715If the variable is
1716.Dq Li YES ,
1717the default address selection policy table set by
1718.Xr ip6addrctl 8
1719will be IPv6-preferred.
1720.Pp
1721If the variable is
1722.Dq Li NO ,
1723the default address selection policy table set by
1724.Xr ip6addrctl 8
1725will be IPv4-preferred.
1726.It Va ipv6_activate_all_interfaces
1727.Pq Vt bool
1728This controls initial configuration on IPv6-capable
1729interfaces with no corresponding
1730.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1731variable.
1732Note that it is not always necessary to set this variable to
1733.Dq YES
1734to use IPv6 functionality on
1735.Fx .
1736In most cases, just configuring
1737.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1738variables works.
1739.Pp
1740If the variable is
1741.Dq Li NO ,
1742all interfaces which do not have a corresponding
1743.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1744variable will be marked as
1745.Dq Li IFDISABLED
1746at creation.
1747This means that all IPv6 functionality on that interface
1748is completely disabled to enforce a security policy.
1749If the variable is set to
1750.Dq YES ,
1751the flag will be cleared on all of the interfaces.
1752.Pp
1753In most cases, just defining an
1754.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1755for an IPv6-capable interface should be sufficient.
1756However, if an interface is added dynamically
1757.Pq by some tunneling protocols such as PPP, for example ,
1758it is often difficult to define the variable in advance.
1759In such a case, configuring the
1760.Dq Li IFDISABLED
1761flag can be disabled by setting this variable to
1762.Dq YES .
1763.Pp
1764For more details of the
1765.Dq Li IFDISABLED
1766flag and keywords
1767.Dq Li inet6 ifdisabled ,
1768see
1769.Xr ifconfig 8 .
1770.Pp
1771Default is
1772.Dq Li NO .
1773.It Va ipv6_privacy
1774.Pq Vt bool
1775If the variable is
1776.Dq Li YES
1777privacy addresses will be generated for each IPv6
1778interface as described in RFC 4941.
1779.It Va ipv6_network_interfaces
1780.Pq Vt str
1781This is the IPv6 equivalent of
1782.Va network_interfaces .
1783Normally manual configuration of this variable is not needed.
1784.It Va ipv6_cpe_wanif
1785.Pq Vt str
1786If the variable is set to an interface name,
1787the
1788.Xr ifconfig 8
1789options
1790.Dq inet6 -no_radr accept_rtadv
1791will be added to the specified interface automatically before evaluating
1792.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1793and two
1794.Xr sysctl 8
1795variables
1796.Va net.inet6.ip6.rfc6204w3
1797and
1798.Va net.inet6.ip6.no_radr
1799will be set to 1.
1800.Pp
1801This means the specified interface will accept ICMPv6 Router
1802Advertisement messages on that link and add the discovered
1803routers into the Default Router List.
1804While the other interfaces can still accept RA messages if the
1805.Dq inet6 accept_rtadv
1806option is specified, adding
1807routes into the Default Router List will be disabled by
1808.Dq inet6 no_radr
1809option by default.
1810See
1811.Xr ifconfig 8
1812for more details.
1813.Pp
1814Note that ICMPv6 Router Advertisement messages will be
1815accepted even when
1816.Va net.inet6.ip6.forwarding
1817is 1
1818.Pq packet forwarding is enabled
1819when
1820.Va net.inet6.ip6.rfc6204w3
1821is set to 1.
1822.Pp
1823Default is
1824.Dq Li NO .
1825.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1826.Pq Vt str
1827This assigns arbitrary description to an interface.
1828The
1829.Xr sysctl 8
1830variable
1831.Va net.ifdescr_maxlen
1832limits its length.
1833This static setting may be overridden by commands
1834started with dynamic interface configuration utilities
1835like
1836.Xr dhclient 8
1837hooks.
1838The description can be seen with
1839.Xr ifconfig 8
1840command and it may be exported with
1841.Xr bsnmpd 1
1842daemon using its MIB-2 module.
1843.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1844.Pq Vt str
1845IPv6 functionality on an interface should be configured by
1846.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1847instead of setting ifconfig parameters in
1848.Va ifconfig_ Ns Aq Ar interface .
1849If this variable is empty, all IPv6 configurations on the
1850specified interface by other variables such as
1851.Va ipv6_prefix_ Ns Ao Ar interface Ac
1852will be ignored.
1853.Pp
1854Aliases should be set by
1855.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1856with
1857.Dq Li inet6
1858keyword.
1859For example:
1860.Bd -literal
1861ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1862ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1863.Ed
1864.Pp
1865Interfaces that have an
1866.Dq Li inet6 accept_rtadv
1867keyword in
1868.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1869setting will be automatically configured by SLAAC
1870.Pq StateLess Address AutoConfiguration
1871described in
1872.Rs
1873.%T "RFC 4862"
1874.Re
1875.Pp
1876Note that a link-local address will be automatically configured in
1877addition to the configured global-scope addresses because the IPv6
1878specifications require it on each link.
1879The address is calculated from the MAC address by using an algorithm
1880defined in
1881.Rs
1882.%T "RFC 4862"
1883.%O "Section 5.3"
1884.Re
1885.Pp
1886If only a link-local address is needed on the interface,
1887the following configuration can be used:
1888.Bd -literal
1889ifconfig_em0_ipv6="inet6 auto_linklocal"
1890.Ed
1891.Pp
1892A link-local address can also be configured manually.
1893This is useful for the default router address of an IPv6 router
1894so that it does not change when the network interface
1895card is replaced.
1896For example:
1897.Bd -literal
1898ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
1899.Ed
1900.It Va ipv6_prefix_ Ns Aq Ar interface
1901.Pq Vt str
1902If one or more prefixes are defined in
1903.Va ipv6_prefix_ Ns Aq Ar interface
1904addresses based on each prefix and the EUI-64 interface index will be
1905configured on that interface.
1906Note that this variable will be ignored when
1907.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1908is empty.
1909.Pp
1910For example, the following configuration
1911.Bd -literal
1912ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
1913.Ed
1914.Pp
1915is equivalent to the following:
1916.Bd -literal
1917ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1918ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1919ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1920ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1921.Ed
1922.Pp
1923These Subnet-Router anycast addresses will be added only when
1924.Va ipv6_gateway_enable
1925is YES.
1926.It Va ipv6_default_interface
1927.Pq Vt str
1928If not set to
1929.Dq Li NO ,
1930this is the default output interface for scoped addresses.
1931This works only with ipv6_gateway_enable="NO".
1932.It Va ip6addrctl_enable
1933.Pq Vt bool
1934This variable is to enable configuring default address selection policy table
1935.Pq RFC 3484 .
1936The table can be specified in another variable
1937.Va ip6addrctl_policy .
1938For
1939.Va ip6addrctl_policy
1940the following keywords can be specified:
1941.Dq Li ipv4_prefer ,
1942.Dq Li ipv6_prefer ,
1943or
1944.Dq Li AUTO .
1945.Pp
1946If
1947.Dq Li ipv4_prefer
1948or
1949.Dq Li ipv6_prefer
1950is specified,
1951.Xr ip6addrctl 8
1952installs a pre-defined policy table described in Section 10.3
1953.Pq IPv4-preferred
1954or 2.1
1955.Pq IPv6-preferred
1956of RFC 3484.
1957.Pp
1958If
1959.Dq Li AUTO
1960is specified, it attempts to read a file
1961.Pa /etc/ip6addrctl.conf
1962first.
1963If this file is found,
1964.Xr ip6addrctl 8
1965reads and installs it.
1966If not found, a policy is automatically set
1967according to
1968.Va ipv6_activate_all_interfaces
1969variable; if the variable is set to
1970.Dq Li YES
1971the IPv6-preferred one is used.
1972Otherwise IPv4-preferred.
1973.Pp
1974The default value of
1975.Va ip6addrctl_enable
1976and
1977.Va ip6addrctl_policy
1978are
1979.Dq Li YES
1980and
1981.Dq Li AUTO ,
1982respectively.
1983.It Va cloned_interfaces
1984.Pq Vt str
1985Set to the list of clonable network interfaces to create on this host.
1986Further cloning arguments may be passed to the
1987.Xr ifconfig 8
1988.Cm create
1989command for each interface by setting the
1990.Va create_args_ Ns Aq Ar interface
1991variable.
1992If an interface name is specified with
1993.Dq :sticky
1994keyword,
1995the interface will not be destroyed even when
1996.Pa rc.d/netif
1997script is invoked with
1998.Dq stop
1999argument.
2000This is useful when reconfiguring the interface without destroying it.
2001Entries in
2002.Va cloned_interfaces
2003are automatically appended to
2004.Va network_interfaces
2005for configuration.
2006.It Va cloned_interfaces_sticky
2007.Pq Vt bool
2008This variable is to globally enable functionality of
2009.Dq :sticky
2010keyword in
2011.Va cloned_interfaces
2012for all interfaces.
2013The default value is
2014.Dq NO .
2015Even if this variable is specified to
2016.Dq YES ,
2017.Dq :nosticky
2018keyword can be used to override it on per interface basis.
2019.It Va gif_interfaces
2020Set to the list of
2021.Xr gif 4
2022tunnel interfaces to configure on this host.
2023A
2024.Va gifconfig_ Ns Aq Ar interface
2025variable is assumed to exist for each value of
2026.Ar interface .
2027The value of this variable is used to configure the link layer of the
2028tunnel using the
2029.Cm tunnel
2030option to
2031.Xr ifconfig 8 .
2032Additionally, this option ensures that each listed interface is created
2033via the
2034.Cm create
2035option to
2036.Xr ifconfig 8
2037before attempting to configure it.
2038.Pp
2039For example, configure two
2040.Xr gif 4
2041interfaces with:
2042.Bd -literal
2043gif_interfaces="gif0 gif1"
2044gifconfig_gif0="100.64.0.1 100.64.0.2"
2045ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
2046gifconfig_gif1="inet6 2a00::1 2a01::1"
2047ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
2048.Ed
2049.It Va ppp_enable
2050.Pq Vt bool
2051If set to
2052.Dq Li YES ,
2053run the
2054.Xr ppp 8
2055daemon.
2056.It Va ppp_profile
2057.Pq Vt str
2058The name of the profile to use from
2059.Pa /etc/ppp/ppp.conf .
2060Also used for per-profile overrides of
2061.Va ppp_mode
2062and
2063.Va ppp_nat ,
2064and
2065.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
2066When the profile name contains any of the characters
2067.Dq Li .-/+
2068they are translated to
2069.Dq Li _
2070for the proposes of the override variable names.
2071.It Va ppp_mode
2072.Pq Vt str
2073Mode in which to run the
2074.Xr ppp 8
2075daemon.
2076.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
2077.Pq Vt str
2078Overrides the global
2079.Va ppp_mode
2080for
2081.Ar profile .
2082Accepted modes are
2083.Dq Li auto ,
2084.Dq Li ddial ,
2085.Dq Li direct
2086and
2087.Dq Li dedicated .
2088See the manual for a full description.
2089.It Va ppp_nat
2090.Pq Vt bool
2091If set to
2092.Dq Li YES ,
2093enables network address translation.
2094Used in conjunction with
2095.Va gateway_enable
2096allows hosts on private network addresses access to the Internet using
2097this host as a network address translating router.
2098Default is
2099.Dq Li YES .
2100.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
2101.Pq Vt str
2102Overrides the global
2103.Va ppp_nat
2104for
2105.Ar profile .
2106.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
2107.Pq Vt int
2108Set the unit number to be used for this profile.
2109See the manual description of
2110.Fl unit Ns Ar N
2111for details.
2112.It Va ppp_user
2113.Pq Vt str
2114The name of the user under which
2115.Xr ppp 8
2116should be started.
2117By
2118default,
2119.Xr ppp 8
2120is started as
2121.Dq Li root .
2122.It Va rc_conf_files
2123.Pq Vt str
2124This option is used to specify a list of files that will override
2125the settings in
2126.Pa /etc/defaults/rc.conf .
2127The files will be read in the order in which they are specified and should
2128include the full path to the file.
2129By default, the files specified are
2130.Pa /etc/rc.conf
2131and
2132.Pa /etc/rc.conf.local .
2133.It Va zfs_enable
2134.Pq Vt bool
2135If set to
2136.Dq Li YES ,
2137.Pa /etc/rc.d/zfs
2138will attempt to automatically mount ZFS file systems and initialize ZFS volumes
2139(ZVOLs).
2140.It Va zpool_reguid
2141.Pq Vt str
2142A space-separated list of ZFS pool names for which new pool GUIDs should be
2143assigned upon first boot.
2144This is useful when using a ZFS pool copied from a template, such as a virtual
2145machine image.
2146.It Va zpool_upgrade
2147.Pq Vt str
2148A space-separated list of ZFS pool names for which the version should be
2149upgraded upon first boot.
2150This is useful when using a ZFS pool generated by the
2151.Xr makefs 8
2152utility.
2153.It Va gptboot_enable
2154.Pq Vt bool
2155If set to
2156.Dq Li YES ,
2157.Pa /etc/rc.d/gptboot
2158will log if the system successfully (or not) booted from a GPT partition,
2159which had the
2160.Ar bootonce
2161attribute set using
2162.Xr gpart 8
2163utility.
2164.It Va gbde_autoattach_all
2165.Pq Vt bool
2166If set to
2167.Dq Li YES ,
2168.Pa /etc/rc.d/gbde
2169will attempt to automatically initialize the .bde devices specified in
2170.Pa /etc/fstab .
2171.It Va gbde_devices
2172.Pq Vt str
2173List the devices that the script should try to attach,
2174or
2175.Dq Li AUTO .
2176.It Va gbde_lockdir
2177.Pq Vt str
2178The directory where the
2179.Xr gbde 4
2180lockfiles are located.
2181The default lockfile directory is
2182.Pa /etc .
2183.Pp
2184The lockfile for each individual
2185.Xr gbde 4
2186device can be overridden by setting the variable
2187.Va gbde_lock_ Ns Aq Ar device ,
2188where
2189.Ar device
2190is the encrypted device without the
2191.Dq Pa /dev/
2192and
2193.Dq Pa .bde
2194parts.
2195.It Va gbde_attach_attempts
2196.Pq Vt int
2197Number of times to attempt attaching to a
2198.Xr gbde 4
2199device, i.e., how many times the user is asked for the pass-phrase.
2200Default is 3.
2201.It Va geli_devices
2202.Pq Vt str
2203List of devices to automatically attach on boot.
2204Note that .eli devices from
2205.Pa /etc/fstab
2206are automatically appended to this list.
2207.It Va geli_groups
2208.Pq Vt str
2209List of groups containing devices to automatically attach on boot with the same
2210keyfiles and passphrase.
2211This must be accompanied with a corresponding
2212.Va geli_ Ns Ao Ar group Ac Ns Va _devices
2213variable.
2214.It Va geli_tries
2215.Pq Vt int
2216Number of times user is asked for the pass-phrase.
2217If empty, it will be taken from
2218.Va kern.geom.eli.tries
2219sysctl variable.
2220.It Va geli_default_flags
2221.Pq Vt str
2222Default flags to use by
2223.Xr geli 8
2224when configuring disk encryption.
2225Flags can be configured for every device separately by defining the
2226.Va geli_ Ns Ao Ar device Ac Ns Va _flags
2227variable, and for every group separately by defining the
2228.Va geli_ Ns Ao Ar group Ac Ns Va _flags
2229variable.
2230.It Va geli_autodetach
2231.Pq Vt str
2232Specifies if GELI devices should be marked for detach on last close after
2233file systems are mounted.
2234Default is
2235.Dq Li YES .
2236This can be changed for every device separately by defining the
2237.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2238variable.
2239.It Va root_rw_mount
2240.Pq Vt bool
2241Set to
2242.Dq Li YES
2243by default.
2244After the file systems are checked at boot time, the root file system
2245is remounted as read-write if this is set to
2246.Dq Li YES .
2247Diskless systems that mount their root file system from a read-only remote
2248NFS share should set this to
2249.Dq Li NO
2250in their
2251.Pa rc.conf .
2252.It Va fsck_y_enable
2253.Pq Vt bool
2254If set to
2255.Dq Li YES ,
2256.Xr fsck 8
2257will be run with the
2258.Fl y
2259flag if the initial preen
2260of the file systems fails.
2261.It Va background_fsck
2262.Pq Vt bool
2263If set to
2264.Dq Li NO ,
2265the system will not attempt to run
2266.Xr fsck 8
2267in the background where possible.
2268.It Va background_fsck_delay
2269.Pq Vt int
2270The amount of time in seconds to sleep before starting a background
2271.Xr fsck 8 .
2272It defaults to sixty seconds to allow large applications such as
2273the X server to start before disk I/O bandwidth is monopolized by
2274.Xr fsck 8 .
2275If set to a negative number, the background file system check will be
2276delayed indefinitely to allow the administrator to run it at a more
2277convenient time.
2278For example it may be run from
2279.Xr cron 8
2280by adding a line like
2281.Pp
2282.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2283.Pp
2284to
2285.Pa /etc/crontab .
2286.It Va netfs_types
2287.Pq Vt str
2288List of file system types that are network-based.
2289This list should generally not be modified by end users.
2290Use
2291.Va extra_netfs_types
2292instead.
2293.It Va extra_netfs_types
2294.Pq Vt str
2295If set to something other than
2296.Dq Li NO
2297(the default),
2298this variable extends the list of file system types
2299for which automatic mounting at startup by
2300.Xr rc 8
2301should be delayed until the network is initialized.
2302It should contain
2303a whitespace-separated list of network file system descriptor pairs,
2304each consisting of a file system type as passed to
2305.Xr mount 8
2306and a human-readable, one-word description,
2307joined with a colon
2308.Pq Ql \&: .
2309Extending the default list in this way is only necessary
2310when third party file system types are used.
2311.It Va syslogd_enable
2312.Pq Vt bool
2313If set to
2314.Dq Li YES ,
2315run the
2316.Xr syslogd 8
2317daemon.
2318.It Va syslogd_program
2319.Pq Vt str
2320Path to
2321.Xr syslogd 8
2322(default
2323.Pa /usr/sbin/syslogd ) .
2324.It Va syslogd_flags
2325.Pq Vt str
2326If
2327.Va syslogd_enable
2328is set to
2329.Dq Li YES ,
2330these are the flags to pass to
2331.Xr syslogd 8 .
2332.It Va inetd_enable
2333.Pq Vt bool
2334If set to
2335.Dq Li YES ,
2336run the
2337.Xr inetd 8
2338daemon.
2339.It Va inetd_program
2340.Pq Vt str
2341Path to
2342.Xr inetd 8
2343(default
2344.Pa /usr/sbin/inetd ) .
2345.It Va inetd_flags
2346.Pq Vt str
2347If
2348.Va inetd_enable
2349is set to
2350.Dq Li YES ,
2351these are the flags to pass to
2352.Xr inetd 8 .
2353.It Va hastd_enable
2354.Pq Vt bool
2355If set to
2356.Dq Li YES ,
2357run the
2358.Xr hastd 8
2359daemon.
2360.It Va hastd_program
2361.Pq Vt str
2362Path to
2363.Xr hastd 8
2364(default
2365.Pa /sbin/hastd ) .
2366.It Va hastd_flags
2367.Pq Vt str
2368If
2369.Va hastd_enable
2370is set to
2371.Dq Li YES ,
2372these are the flags to pass to
2373.Xr hastd 8 .
2374.It Va local_unbound_enable
2375.Pq Vt bool
2376If set to
2377.Dq Li YES ,
2378run the
2379.Xr unbound 8
2380daemon as a local caching DNS resolver.
2381.It Va nscd_enable
2382.Pq Vt bool
2383Set to
2384.Dq Li YES
2385to start the
2386.Xr nscd 8
2387caching daemon for the
2388.Nm nsswitch
2389subsystem.
2390.It Va nscd_flags
2391.Pq Vt str
2392If
2393.Va nscd_enable
2394is set to
2395.Dq Li YES ,
2396these flags are passed to
2397.Xr nscd 8 .
2398.It Va kdc_enable
2399.Pq Vt bool
2400Set to
2401.Dq Li YES
2402to start a Kerberos 5 authentication server
2403at boot time.
2404.It Va kdc_program
2405.Pq Vt str
2406If
2407.Va kdc_enable
2408is set to
2409.Dq Li YES
2410this is the path to Kerberos 5 Authentication Server.
2411.It Va kdc_flags
2412.Pq Vt str
2413Empty by default.
2414This variable contains additional flags to be passed to the Kerberos 5
2415authentication server.
2416.It Va kadmind_enable
2417.Pq Vt bool
2418Set to
2419.Dq Li YES
2420to start
2421.Xr kadmind 8 ,
2422the Kerberos 5 Administration Daemon; set to
2423.Dq Li NO
2424on a slave server.
2425.It Va kadmind_program
2426.Pq Vt str
2427If
2428.Va kadmind_enable
2429is set to
2430.Dq Li YES
2431this is the path to Kerberos 5 Administration Daemon.
2432.It Va kpasswdd_enable
2433.Pq Vt bool
2434Set to
2435.Dq Li YES
2436to start
2437.Xr kpasswdd 8 ,
2438the Kerberos 5 Password-Changing Daemon; set to
2439.Dq Li NO
2440on a slave server.
2441.It Va kpasswdd_program
2442.Pq Vt str
2443If
2444.Va kpasswdd_enable
2445is set to
2446.Dq Li YES
2447this is the path to Kerberos 5 Password-Changing Daemon.
2448.It Va kfd_enable
2449.Pq Vt bool
2450Set to
2451.Dq Li YES
2452to start
2453.Xr kfd 8 ,
2454the Kerberos 5 ticket forwarding daemon, at the boot time.
2455.It Va kfd_program
2456.Pq Vt str
2457Path to
2458.Xr kfd 8
2459(default
2460.Pa /usr/libexec/kfd ) .
2461.It Va rwhod_enable
2462.Pq Vt bool
2463If set to
2464.Dq Li YES ,
2465run the
2466.Xr rwhod 8
2467daemon at boot time.
2468.It Va rwhod_flags
2469.Pq Vt str
2470If
2471.Va rwhod_enable
2472is set to
2473.Dq Li YES ,
2474these are the flags to pass to it.
2475.It Va update_motd
2476.Pq Vt bool
2477If set to
2478.Dq Li YES ,
2479.Pa /var/run/motd
2480will be updated at boot time to reflect the kernel release
2481being run.
2482If set to
2483.Dq Li NO ,
2484.Pa /var/run/motd
2485will not be updated.
2486.It Va nfs_client_enable
2487.Pq Vt bool
2488If set to
2489.Dq Li YES ,
2490run the NFS client daemons at boot time.
2491.It Va nfs_access_cache
2492.Pq Vt int
2493If
2494.Va nfs_client_enable
2495is set to
2496.Dq Li YES ,
2497this can be set to
2498.Dq Li 0
2499to disable NFS ACCESS RPC caching, or to the number of seconds for which
2500NFS ACCESS
2501results should be cached.
2502A value of 2-10 seconds will substantially reduce network
2503traffic for many NFS operations.
2504.It Va nfs_server_enable
2505.Pq Vt bool
2506If set to
2507.Dq Li YES ,
2508run the NFS server daemons at boot time.
2509.It Va nfs_server_flags
2510.Pq Vt str
2511If
2512.Va nfs_server_enable
2513is set to
2514.Dq Li YES ,
2515these are the flags to pass to the
2516.Xr nfsd 8
2517daemon.
2518.It Va nfsv4_server_enable
2519.Pq Vt bool
2520If
2521.Va nfs_server_enable
2522is set to
2523.Dq Li YES
2524and
2525.Va nfsv4_server_enable
2526is set to
2527.Dq Li YES ,
2528enable the server for NFSv4 as well as NFSv2 and NFSv3.
2529.It Va nfsv4_server_only
2530.Pq Vt bool
2531If
2532.Va nfs_server_enable
2533is set to
2534.Dq Li YES
2535and
2536.Va nfsv4_server_only
2537is set to
2538.Dq Li YES ,
2539enable the NFS server for NFSv4 only.
2540.It Va nfs_server_maxio
2541.Pq Vt int
2542value to set vfs.nfsd.srvmaxio to, which is the
2543maximum I/O size for the NFS server.
2544.It Va tlsclntd_enable
2545.Pq Vt bool
2546If set to
2547.Dq Li YES ,
2548run the
2549.Xr rpc.tlsclntd 8
2550daemon, which is needed for NFS-over-TLS NFS mounts.
2551.It Va tlsservd_enable
2552.Pq Vt bool
2553If set to
2554.Dq Li YES ,
2555run the
2556.Xr rpc.tlsservd 8
2557daemon, which is needed for the
2558.Xr nfsd 8
2559to support NFS-over-TLS NFS mounts.
2560.It Va nfsuserd_enable
2561.Pq Vt bool
2562If
2563.Va nfsuserd_enable
2564is set to
2565.Dq Li YES ,
2566run the nfsuserd daemon, which is needed for NFSv4 in order
2567to map between user/group names vs uid/gid numbers.
2568If
2569.Va nfsv4_server_enable
2570is set to
2571.Dq Li YES ,
2572this will be forced enabled.
2573.It Va nfsuserd_flags
2574.Pq Vt str
2575If
2576.Va nfsuserd_enable
2577is set to
2578.Dq Li YES ,
2579these are the flags to pass to the
2580.Xr nfsuserd 8
2581daemon.
2582.It Va nfscbd_enable
2583.Pq Vt bool
2584If
2585.Va nfscbd_enable
2586is set to
2587.Dq Li YES ,
2588run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2589.It Va nfscbd_flags
2590.Pq Vt str
2591If
2592.Va nfscbd_enable
2593is set to
2594.Dq Li YES ,
2595these are the flags to pass to the
2596.Xr nfscbd 8
2597daemon.
2598.It Va mountd_enable
2599.Pq Vt bool
2600If set to
2601.Dq Li YES ,
2602and no
2603.Va nfs_server_enable
2604is set, start
2605.Xr mountd 8 ,
2606but not
2607.Xr nfsd 8
2608daemon.
2609It is commonly needed to run CFS without real NFS used.
2610.It Va mountd_flags
2611.Pq Vt str
2612If
2613.Va mountd_enable
2614is set to
2615.Dq Li YES ,
2616these are the flags to pass to the
2617.Xr mountd 8
2618daemon.
2619.It Va weak_mountd_authentication
2620.Pq Vt bool
2621If set to
2622.Dq Li YES ,
2623allow services like PCNFSD to make non-privileged mount
2624requests.
2625.It Va nfs_reserved_port_only
2626.Pq Vt bool
2627If set to
2628.Dq Li YES ,
2629provide NFS services only on a secure port.
2630.It Va nfs_bufpackets
2631.Pq Vt int
2632If set to a number, indicates the number of packets worth of
2633socket buffer space to reserve on an NFS client.
2634The kernel default is typically 4.
2635Using a higher number may be
2636useful on gigabit networks to improve performance.
2637The minimum value is
26382 and the maximum is 64.
2639.It Va rpc_lockd_enable
2640.Pq Vt bool
2641If set to
2642.Dq Li YES
2643and also an NFS server or client, run
2644.Xr rpc.lockd 8
2645at boot time.
2646.It Va rpc_lockd_flags
2647.Pq Vt str
2648If
2649.Va rpc_lockd_enable
2650is set to
2651.Dq Li YES ,
2652these are the flags to pass to the
2653.Xr rpc.lockd 8
2654daemon.
2655.It Va rpc_statd_enable
2656.Pq Vt bool
2657If set to
2658.Dq Li YES
2659and also an NFS server or client, run
2660.Xr rpc.statd 8
2661at boot time.
2662.It Va rpc_statd_flags
2663.Pq Vt str
2664If
2665.Va rpc_statd_enable
2666is set to
2667.Dq Li YES ,
2668these are the flags to pass to the
2669.Xr rpc.statd 8
2670daemon.
2671.It Va rpcbind_program
2672.Pq Vt str
2673Path to
2674.Xr rpcbind 8
2675(default
2676.Pa /usr/sbin/rpcbind ) .
2677.It Va rpcbind_enable
2678.Pq Vt bool
2679If set to
2680.Dq Li YES ,
2681run the
2682.Xr rpcbind 8
2683service at boot time.
2684.It Va rpcbind_flags
2685.Pq Vt str
2686If
2687.Va rpcbind_enable
2688is set to
2689.Dq Li YES ,
2690these are the flags to pass to the
2691.Xr rpcbind 8
2692daemon.
2693.It Va keyserv_enable
2694.Pq Vt bool
2695If set to
2696.Dq Li YES ,
2697run the
2698.Xr keyserv 8
2699daemon on boot for running Secure RPC.
2700.It Va keyserv_flags
2701.Pq Vt str
2702If
2703.Va keyserv_enable
2704is set to
2705.Dq Li YES ,
2706these are the flags to pass to
2707.Xr keyserv 8
2708daemon.
2709.It Va pppoed_enable
2710.Pq Vt bool
2711If set to
2712.Dq Li YES ,
2713run the
2714.Xr pppoed 8
2715daemon at boot time to provide PPP over Ethernet services.
2716.It Va pppoed_ Ns Aq Ar provider
2717.Pq Vt str
2718.Xr pppoed 8
2719listens to requests to this
2720.Ar provider
2721and ultimately runs
2722.Xr ppp 8
2723with a
2724.Ar system
2725argument of the same name.
2726.It Va pppoed_flags
2727.Pq Vt str
2728Additional flags to pass to
2729.Xr pppoed 8 .
2730.It Va pppoed_interface
2731.Pq Vt str
2732The network interface to run
2733.Xr pppoed 8
2734on.
2735This is mandatory when
2736.Va pppoed_enable
2737is set to
2738.Dq Li YES .
2739.It Va ntpdate_enable
2740.Pq Vt bool
2741If set to
2742.Dq Li YES ,
2743run
2744.Xr ntpdate 8
2745at system startup.
2746This command is intended to
2747synchronize the system clock only
2748.Em once
2749from some standard reference.
2750.Pp
2751Note that the use of the
2752.Va ntpd_sync_on_start
2753variable is a preferred alternative to the
2754.Xr ntpdate 8
2755utility as
2756.Xr ntpdate 8
2757is to be retired from the NTP distribution.
2758.It Va ntpdate_config
2759.Pq Vt str
2760Configuration file for
2761.Xr ntpdate 8 .
2762Default
2763.Pa /etc/ntp.conf .
2764.It Va ntpdate_hosts
2765.Pq Vt str
2766A whitespace-separated list of NTP servers to synchronize with at startup.
2767The default is to use the servers listed in
2768.Va ntpdate_config ,
2769if that file exists.
2770.It Va ntpdate_program
2771.Pq Vt str
2772Path to
2773.Xr ntpdate 8
2774(default
2775.Pa /usr/sbin/ntpdate ) .
2776.It Va ntpdate_flags
2777.Pq Vt str
2778If
2779.Va ntpdate_enable
2780is set to
2781.Dq Li YES ,
2782these are the flags to pass to the
2783.Xr ntpdate 8
2784command (typically a hostname).
2785.It Va ntpd_enable
2786.Pq Vt bool
2787If set to
2788.Dq Li YES ,
2789run the
2790.Xr ntpd 8
2791command at boot time.
2792.It Va ntpd_program
2793.Pq Vt str
2794Path to
2795.Xr ntpd 8
2796(default
2797.Pa /usr/sbin/ntpd ) .
2798.It Va ntpd_config
2799.Pq Vt str
2800Path to
2801.Xr ntpd 8
2802configuration file.
2803Default
2804.Pa /etc/ntp.conf .
2805.It Va ntpd_flags
2806.Pq Vt str
2807If
2808.Va ntpd_enable
2809is set to
2810.Dq Li YES ,
2811these are the flags to pass to the
2812.Xr ntpd 8
2813daemon.
2814.It Va ntpd_sync_on_start
2815.Pq Vt bool
2816If set to
2817.Dq Li YES ,
2818.Xr ntpd 8
2819is run with the
2820.Fl g
2821flag, which syncs the system's clock on startup.
2822See
2823.Xr ntpd 8
2824for more information regarding the
2825.Fl g
2826option.
2827This is a preferred alternative to using
2828.Xr ntpdate 8
2829or specifying the
2830.Va ntpdate_enable
2831variable.
2832.It Va nis_client_enable
2833.Pq Vt bool
2834If set to
2835.Dq Li YES ,
2836run the
2837.Xr ypbind 8
2838service at system boot time.
2839.It Va nis_client_flags
2840.Pq Vt str
2841If
2842.Va nis_client_enable
2843is set to
2844.Dq Li YES ,
2845these are the flags to pass to the
2846.Xr ypbind 8
2847service.
2848.It Va nis_ypldap_enable
2849.Pq Vt bool
2850If set to
2851.Dq Li YES ,
2852run the
2853.Xr ypldap 8
2854daemon at system boot time.
2855.It Va nis_ypldap_flags
2856.Pq Vt str
2857If
2858.Va nis.ypldap_enable
2859is set to
2860.Dq Li YES ,
2861these are the flags to pass to the
2862.Xr ypldap 8
2863daemon.
2864.It Va nis_ypset_enable
2865.Pq Vt bool
2866If set to
2867.Dq Li YES ,
2868run the
2869.Xr ypset 8
2870daemon at system boot time.
2871.It Va nis_ypset_flags
2872.Pq Vt str
2873If
2874.Va nis_ypset_enable
2875is set to
2876.Dq Li YES ,
2877these are the flags to pass to the
2878.Xr ypset 8
2879daemon.
2880.It Va nis_server_enable
2881.Pq Vt bool
2882If set to
2883.Dq Li YES ,
2884run the
2885.Xr ypserv 8
2886daemon at system boot time.
2887.It Va nis_server_flags
2888.Pq Vt str
2889If
2890.Va nis_server_enable
2891is set to
2892.Dq Li YES ,
2893these are the flags to pass to the
2894.Xr ypserv 8
2895daemon.
2896.It Va nis_ypxfrd_enable
2897.Pq Vt bool
2898If set to
2899.Dq Li YES ,
2900run the
2901.Xr rpc.ypxfrd 8
2902daemon at system boot time.
2903.It Va nis_ypxfrd_flags
2904.Pq Vt str
2905If
2906.Va nis_ypxfrd_enable
2907is set to
2908.Dq Li YES ,
2909these are the flags to pass to the
2910.Xr rpc.ypxfrd 8
2911daemon.
2912.It Va nis_yppasswdd_enable
2913.Pq Vt bool
2914If set to
2915.Dq Li YES ,
2916run the
2917.Xr rpc.yppasswdd 8
2918daemon at system boot time.
2919.It Va nis_yppasswdd_flags
2920.Pq Vt str
2921If
2922.Va nis_yppasswdd_enable
2923is set to
2924.Dq Li YES ,
2925these are the flags to pass to the
2926.Xr rpc.yppasswdd 8
2927daemon.
2928.It Va rpc_ypupdated_enable
2929.Pq Vt bool
2930If set to
2931.Dq Li YES ,
2932run the
2933.Nm rpc.ypupdated
2934daemon at system boot time.
2935.It Va bsnmpd_enable
2936.Pq Vt bool
2937If set to
2938.Dq Li YES ,
2939run the
2940.Xr bsnmpd 1
2941daemon at system boot time.
2942Be sure to understand the security implications of running an SNMP daemon
2943on your host.
2944.It Va bsnmpd_flags
2945.Pq Vt str
2946If
2947.Va bsnmpd_enable
2948is set to
2949.Dq Li YES ,
2950these are the flags to pass to the
2951.Xr bsnmpd 1
2952daemon.
2953.It Va defaultrouter
2954.Pq Vt str
2955If not set to
2956.Dq Li NO ,
2957create a default route to this host name or IP address
2958(use an IP address if this router is also required to get to the
2959name server!).
2960.It Va defaultrouter_fibN
2961.Pq Vt str
2962If not set to
2963.Dq Li NO ,
2964create a default route in FIB N to this host name or IP address.
2965.It Va ipv6_defaultrouter
2966.Pq Vt str
2967The IPv6 equivalent of
2968.Va defaultrouter .
2969.It Va ipv6_defaultrouter_fibN
2970.Pq Vt str
2971The IPv6 equivalent of
2972.Va defaultrouter_fibN .
2973.It Va static_arp_pairs
2974.Pq Vt str
2975Set to the list of static ARP pairs that are to be added at system
2976boot time.
2977For each whitespace separated
2978.Ar element
2979in the value, a
2980.Va static_arp_ Ns Aq Ar element
2981variable is assumed to exist whose contents will later be passed to a
2982.Dq Nm arp Cm -S
2983operation.
2984For example
2985.Bd -literal
2986static_arp_pairs="gw"
2987static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2988.Ed
2989.It Va static_ndp_pairs
2990.Pq Vt str
2991Set to the list of static NDP pairs that are to be added at system
2992boot time.
2993For each whitespace separated
2994.Ar element
2995in the value, a
2996.Va static_ndp_ Ns Aq Ar element
2997variable is assumed to exist whose contents will later be passed to a
2998.Dq Nm ndp Cm -s
2999operation.
3000For example
3001.Bd -literal
3002static_ndp_pairs="gw"
3003static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
3004.Ed
3005.It Va static_routes
3006.Pq Vt str
3007Set to the list of static routes that are to be added at system
3008boot time.
3009If not set to
3010.Dq Li NO
3011then for each whitespace separated
3012.Ar element
3013in the value, a
3014.Va route_ Ns Aq Ar element
3015variable is assumed to exist
3016whose contents will later be passed to a
3017.Dq Nm route Cm add
3018operation.
3019For example:
3020.Bd -literal
3021static_routes="ext mcast:gif0 gif0local:gif0"
3022route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
3023route_mcast="-net 224.0.0.0/4 -iface gif0"
3024route_gif0local="-host 169.254.1.1 -iface lo0"
3025.Ed
3026.Pp
3027When an
3028.Ar element
3029is in the form of
3030.Li name:ifname ,
3031the route is specific to the interface
3032.Li ifname .
3033.It Va ipv6_static_routes
3034.Pq Vt str
3035The IPv6 equivalent of
3036.Va static_routes .
3037If not set to
3038.Dq Li NO
3039then for each whitespace separated
3040.Ar element
3041in the value, a
3042.Va ipv6_route_ Ns Aq Ar element
3043variable is assumed to exist
3044whose contents will later be passed to a
3045.Dq Nm route Cm add Fl inet6
3046operation.
3047.It Va gateway_enable
3048.Pq Vt bool
3049If set to
3050.Dq Li YES ,
3051configure host to act as an IP router, e.g.\& to forward packets
3052between interfaces.
3053.It Va ipv6_gateway_enable
3054.Pq Vt bool
3055The IPv6 equivalent of
3056.Va gateway_enable .
3057.It Va routed_enable
3058.Pq Vt bool
3059If set to
3060.Dq Li YES ,
3061run a routing daemon of some sort, based on the
3062settings of
3063.Va routed_program
3064and
3065.Va routed_flags .
3066.It Va route6d_enable
3067.Pq Vt bool
3068The IPv6 equivalent of
3069.Va routed_enable .
3070If set to
3071.Dq Li YES ,
3072run a routing daemon of some sort, based on the
3073settings of
3074.Va route6d_program
3075and
3076.Va route6d_flags .
3077.It Va routed_program
3078.Pq Vt str
3079If
3080.Va routed_enable
3081is set to
3082.Dq Li YES ,
3083this is the name of the routing daemon to use.
3084The default is
3085.Xr routed 8 .
3086.It Va route6d_program
3087.Pq Vt str
3088The IPv6 equivalent of
3089.Va routed_program .
3090The default is
3091.Xr route6d 8 .
3092.It Va routed_flags
3093.Pq Vt str
3094If
3095.Va routed_enable
3096is set to
3097.Dq Li YES ,
3098these are the flags to pass to the routing daemon.
3099.It Va route6d_flags
3100.Pq Vt str
3101The IPv6 equivalent of
3102.Va routed_flags .
3103.It Va rtadvd_enable
3104.Pq Vt bool
3105If set to
3106.Dq Li YES ,
3107run the
3108.Xr rtadvd 8
3109daemon at boot time.
3110The
3111.Xr rtadvd 8
3112utility sends ICMPv6 Router Advertisement messages to
3113the interfaces specified in
3114.Va rtadvd_interfaces .
3115This should only be enabled with great care.
3116You may want to fine-tune
3117.Xr rtadvd.conf 5 .
3118.It Va rtadvd_interfaces
3119.Pq Vt str
3120If
3121.Va rtadvd_enable
3122is set to
3123.Dq Li YES
3124this is the list of interfaces to use.
3125.It Va arpproxy_all
3126.Pq Vt bool
3127If set to
3128.Dq Li YES ,
3129enable global proxy ARP.
3130.It Va forward_sourceroute
3131.Pq Vt bool
3132If set to
3133.Dq Li YES
3134and
3135.Va gateway_enable
3136is also set to
3137.Dq Li YES ,
3138source-routed packets are forwarded.
3139.It Va accept_sourceroute
3140.Pq Vt bool
3141If set to
3142.Dq Li YES ,
3143the system will accept source-routed packets directed at it.
3144.It Va rarpd_enable
3145.Pq Vt bool
3146If set to
3147.Dq Li YES ,
3148run the
3149.Xr rarpd 8
3150daemon at system boot time.
3151.It Va rarpd_flags
3152.Pq Vt str
3153If
3154.Va rarpd_enable
3155is set to
3156.Dq Li YES ,
3157these are the flags to pass to the
3158.Xr rarpd 8
3159daemon.
3160.It Va bootparamd_enable
3161.Pq Vt bool
3162If set to
3163.Dq Li YES ,
3164run the
3165.Xr bootparamd 8
3166daemon at system boot time.
3167.It Va bootparamd_flags
3168.Pq Vt str
3169If
3170.Va bootparamd_enable
3171is set to
3172.Dq Li YES ,
3173these are the flags to pass to the
3174.Xr bootparamd 8
3175daemon.
3176.It Va stf_interface_ipv4addr
3177.Pq Vt str
3178If not set to
3179.Dq Li NO ,
3180this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
3181interface).
3182Specify this entry to enable the 6to4 interface.
3183.It Va stf_interface_ipv4plen
3184.Pq Vt int
3185Prefix length for 6to4 IPv4 addresses, to limit peer address range.
3186An effective value is 0-31.
3187.It Va stf_interface_ipv6_ifid
3188.Pq Vt str
3189IPv6 interface ID for
3190.Xr stf 4 .
3191This can be set to
3192.Dq Li AUTO .
3193.It Va stf_interface_ipv6_slaid
3194.Pq Vt str
3195IPv6 Site Level Aggregator for
3196.Xr stf 4 .
3197.It Va ipv6_ipv4mapping
3198.Pq Vt bool
3199If set to
3200.Dq Li YES
3201this enables IPv4 mapped IPv6 address communication (like
3202.Li ::ffff:a.b.c.d ) .
3203.It Va rtsold_enable
3204.Pq Vt bool
3205Set to
3206.Dq Li YES
3207to enable the
3208.Xr rtsold 8
3209daemon to send ICMPv6 Router Solicitation messages.
3210.It Va rtsold_flags
3211.Pq Vt str
3212If
3213.Va rtsold_enable
3214is set to
3215.Dq Li YES ,
3216these are the flags to pass to
3217.Xr rtsold 8 .
3218.It Va rtsol_flags
3219.Pq Vt str
3220For interfaces configured with the
3221.Dq Li inet6 accept_rtadv
3222keyword, these are the flags to pass to
3223.Xr rtsol 8 .
3224.Pp
3225Note that
3226.Va rtsold_enable
3227is mutually exclusive to
3228.Va rtsol_flags ;
3229.Va rtsold_enable
3230takes precedence.
3231.It Va keybell
3232.Pq Vt str
3233The keyboard bell sound.
3234Set to
3235.Dq Li normal ,
3236.Dq Li visual ,
3237.Dq Li off ,
3238or
3239.Dq Li NO
3240if the default behavior is desired.
3241For details, refer to the
3242.Xr kbdcontrol 1
3243manpage.
3244.It Va keyboard
3245.Pq Vt str
3246If set to a non-null string, the virtual console's keyboard input is
3247set to this device.
3248.It Va keymap
3249.Pq Vt str
3250If set to
3251.Dq Li NO ,
3252no keymap is installed, otherwise the value is used to install
3253the keymap file found in
3254.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3255(if using
3256.Xr syscons 4 ) or
3257.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3258(if using
3259.Xr vt 4 ) .
3260.It Va keyrate
3261.Pq Vt str
3262The keyboard repeat speed.
3263Set to
3264.Dq Li slow ,
3265.Dq Li normal ,
3266.Dq Li fast ,
3267or
3268.Dq Li NO
3269if the default behavior is desired.
3270.It Va keychange
3271.Pq Vt str
3272If not set to
3273.Dq Li NO ,
3274attempt to program the function keys with the value.
3275The value should
3276be a single string of the form:
3277.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3278.It Va cursor
3279.Pq Vt str
3280Can be set to the value of
3281.Dq Li normal ,
3282.Dq Li blink ,
3283.Dq Li destructive ,
3284or
3285.Dq Li NO
3286to set the cursor behavior explicitly or choose the default behavior.
3287.It Va scrnmap
3288.Pq Vt str
3289If set to
3290.Dq Li NO ,
3291no screen map is installed, otherwise the value is used to install
3292the screen map file in
3293.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3294This parameter is ignored when using
3295.Xr vt 4
3296as the console driver.
3297.It Va font8x16
3298.Pq Vt str
3299If set to
3300.Dq Li NO ,
3301the default 8x16 font value is used for screen size requests, otherwise
3302the value in
3303.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3304or
3305.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3306is used (depending on the console driver being used).
3307.It Va font8x14
3308.Pq Vt str
3309If set to
3310.Dq Li NO ,
3311the default 8x14 font value is used for screen size requests, otherwise
3312the value in
3313.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3314or
3315.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3316is used (depending on the console driver being used).
3317.It Va font8x8
3318.Pq Vt str
3319If set to
3320.Dq Li NO ,
3321the default 8x8 font value is used for screen size requests, otherwise
3322the value in
3323.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3324or
3325.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3326is used (depending on the console driver being used).
3327.It Va blanktime
3328.Pq Vt int
3329If set to
3330.Dq Li NO ,
3331the default screen blanking interval is used, otherwise it is set
3332to
3333.Ar value
3334seconds.
3335.It Va saver
3336.Pq Vt str
3337If not set to
3338.Dq Li NO ,
3339this is the actual screen saver to use
3340.Li ( blank , snake , daemon ,
3341etc).
3342.It Va moused_nondefault_enable
3343.Pq Vt str
3344If set to
3345.Dq Li NO ,
3346the mouse device specified on
3347the command line is not automatically treated as enabled by the
3348.Pa /etc/rc.d/moused
3349script.
3350Having this variable set to
3351.Dq Li YES
3352allows a
3353.Xr usb 4
3354mouse,
3355for example,
3356to be enabled as soon as it is plugged in.
3357.It Va moused_enable
3358.Pq Vt str
3359If set to
3360.Dq Li YES ,
3361the
3362.Xr moused 8
3363daemon is started for doing cut/paste selection on the console.
3364.It Va moused_type
3365.Pq Vt str
3366This is the protocol type of the mouse connected to this host.
3367This variable must be set if
3368.Va moused_enable
3369is set to
3370.Dq Li YES ,
3371but defaults to
3372.Dq Li auto
3373as the
3374.Xr moused 8
3375daemon
3376is able to detect the appropriate mouse type automatically in many cases.
3377Set this variable to
3378one from the following list if the automatic detection fails.
3379.Pp
3380If the mouse is attached to the PS/2 mouse port, choose
3381.Dq Li auto
3382or
3383.Dq Li ps/2 ,
3384regardless of the brand and model of the mouse.
3385Likewise, if the
3386mouse is attached to the bus mouse port, choose
3387.Dq Li auto
3388or
3389.Dq Li busmouse .
3390All other protocols are for serial mice and will not work with
3391the PS/2 and bus mice.
3392If this is a USB mouse,
3393.Dq Li auto
3394is the only protocol type which will work.
3395.Pp
3396.Bl -tag -width ".Li x10mouseremote" -compact
3397.It Li microsoft
3398Microsoft mouse (serial)
3399.It Li intellimouse
3400Microsoft IntelliMouse (serial)
3401.It Li mousesystems
3402Mouse systems Corp.\& mouse (serial)
3403.It Li mmseries
3404MM Series mouse (serial)
3405.It Li logitech
3406Logitech mouse (serial)
3407.It Li busmouse
3408A bus mouse
3409.It Li mouseman
3410Logitech MouseMan and TrackMan (serial)
3411.It Li glidepoint
3412ALPS GlidePoint (serial)
3413.It Li thinkingmouse
3414Kensington ThinkingMouse (serial)
3415.It Li ps/2
3416PS/2 mouse
3417.It Li mmhittab
3418MM HitTablet (serial)
3419.It Li x10mouseremote
3420X10 MouseRemote (serial)
3421.It Li versapad
3422Interlink VersaPad (serial)
3423.El
3424.Pp
3425Even if the mouse is not in the above list, it may be compatible
3426with one in the list.
3427Refer to the manual page for
3428.Xr moused 8
3429for compatibility information.
3430.Pp
3431It should also be noted that while this is enabled, any
3432other client of the mouse (such as an X server) should access
3433the mouse through the virtual mouse device,
3434.Pa /dev/sysmouse ,
3435and configure it as a
3436.Dq Li sysmouse
3437type mouse, since all
3438mouse data is converted to this single canonical format when
3439using
3440.Xr moused 8 .
3441If the client program does not support the
3442.Dq Li sysmouse
3443type,
3444specify the
3445.Dq Li mousesystems
3446type.
3447It is the second preferred type.
3448.It Va moused_port
3449.Pq Vt str
3450If
3451.Va moused_enable
3452is set to
3453.Dq Li YES ,
3454this is the actual port the mouse is on.
3455It might be
3456.Pa /dev/cuau0
3457for a COM1 serial mouse, or
3458.Pa /dev/psm0
3459for a PS/2 mouse, for example.
3460.It Va moused_flags
3461.Pq Vt str
3462If
3463.Va moused_flags
3464is set, its value is used as an additional set of flags to pass to the
3465.Xr moused 8
3466daemon.
3467.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3468When
3469.Va moused_nondefault_enable
3470is enabled, and a
3471.Xr moused 8
3472daemon is started for a non-default port, the
3473.Va "moused_" Ns Ar XXX Ns Va "_flags"
3474set of options has precedence over and replaces the default
3475.Va moused_flags
3476(where
3477.Ar XXX
3478is the name of the non-default port, i.e.,\&
3479.Ar ums0 ) .
3480By setting
3481.Va "moused_" Ns Ar XXX Ns Va "_flags"
3482it is possible to set up a different set of default flags for each
3483.Xr moused 8
3484instance.
3485For example, you can use
3486.Dq Li "-3"
3487for the default
3488.Va moused_flags
3489to make your laptop's touchpad more comfortable to use,
3490but an empty set of options for
3491.Va moused_ums0_flags
3492when your
3493.Xr usb 4
3494mouse has three or more buttons.
3495.It Va mousechar_start
3496.Pq Vt int
3497If set to
3498.Dq Li NO ,
3499the default mouse cursor character range
3500.Li 0xd0 Ns - Ns Li 0xd3
3501is used,
3502otherwise the range start is set
3503to
3504.Ar value
3505character, see
3506.Xr vidcontrol 1 .
3507Use if the default range is occupied in the language code table.
3508.It Va allscreens_flags
3509.Pq Vt str
3510If set,
3511.Xr vidcontrol 1
3512is run with these options for each of the virtual terminals
3513.Pq Pa /dev/ttyv* .
3514For example,
3515.Dq Fl m Cm on
3516will enable the mouse pointer on all virtual terminals
3517if
3518.Va moused_enable
3519is set to
3520.Dq Li YES .
3521.It Va allscreens_kbdflags
3522.Pq Vt str
3523If set,
3524.Xr kbdcontrol 1
3525is run with these options for each of the virtual terminals
3526.Pq Pa /dev/ttyv* .
3527For example,
3528.Dq Fl h Li 200
3529will set the
3530.Xr syscons 4
3531or
3532.Xr vt 4
3533scrollback (history) buffer to 200 lines.
3534.It Va cron_enable
3535.Pq Vt bool
3536If set to
3537.Dq Li YES ,
3538run the
3539.Xr cron 8
3540daemon at system boot time.
3541.It Va cron_program
3542.Pq Vt str
3543Path to
3544.Xr cron 8
3545(default
3546.Pa /usr/sbin/cron ) .
3547.It Va cron_flags
3548.Pq Vt str
3549If
3550.Va cron_enable
3551is set to
3552.Dq Li YES ,
3553these are the flags to pass to
3554.Xr cron 8 .
3555.It Va cron_dst
3556.Pq Vt bool
3557If set to
3558.Dq Li YES ,
3559enable the special handling of transitions to and from the
3560Daylight Saving Time in
3561.Xr cron 8
3562(equivalent to using the flag
3563.Fl s ) .
3564.It Va lpd_program
3565.Pq Vt str
3566Path to
3567.Xr lpd 8
3568(default
3569.Pa /usr/sbin/lpd ) .
3570.It Va lpd_enable
3571.Pq Vt bool
3572If set to
3573.Dq Li YES ,
3574run the
3575.Xr lpd 8
3576daemon at system boot time.
3577.It Va lpd_flags
3578.Pq Vt str
3579If
3580.Va lpd_enable
3581is set to
3582.Dq Li YES ,
3583these are the flags to pass to the
3584.Xr lpd 8
3585daemon.
3586.It Va chkprintcap_enable
3587.Pq Vt bool
3588If set to
3589.Dq Li YES ,
3590run the
3591.Xr chkprintcap 8
3592command before starting the
3593.Xr lpd 8
3594daemon.
3595.It Va chkprintcap_flags
3596.Pq Vt str
3597If
3598.Va lpd_enable
3599and
3600.Va chkprintcap_enable
3601are set to
3602.Dq Li YES ,
3603these are the flags to pass to the
3604.Xr chkprintcap 8
3605program.
3606The default is
3607.Dq Li -d ,
3608which causes missing directories to be created.
3609.It Va dumpdev
3610.Pq Vt str
3611Indicates the device (usually a swap partition) to which a crash dump
3612should be written in the event of a system crash.
3613If the value of this variable is
3614.Dq Li AUTO ,
3615the first suitable swap device listed in
3616.Pa /etc/fstab
3617will be used as dump device.
3618Otherwise, the value of this variable is passed as the argument to
3619.Xr dumpon 8
3620and
3621.Xr savecore 8 .
3622To disable crash dumps, set this variable to
3623.Dq Li NO .
3624.It Va dumpon_flags
3625.Pq Vt str
3626Flags to pass to
3627.Xr dumpon 8
3628when configuring
3629.Va dumpdev
3630as the system dump device.
3631.It Va dumpdir
3632.Pq Vt str
3633When the system reboots after a crash and a crash dump is found on the
3634device specified by the
3635.Va dumpdev
3636variable,
3637.Xr savecore 8
3638will save that crash dump and a copy of the kernel to the directory
3639specified by the
3640.Va dumpdir
3641variable.
3642The default value is
3643.Pa /var/crash .
3644Set to
3645.Dq Li NO
3646to not run
3647.Xr savecore 8
3648at boot time when
3649.Va dumpdir
3650is set.
3651.It Va savecore_enable
3652.Pq Vt bool
3653If set to
3654.Dq Li NO ,
3655disable automatic extraction of the crash dump from the
3656.Va dumpdev .
3657.It Va savecore_flags
3658.Pq Vt str
3659If crash dumps are enabled, these are the flags to pass to the
3660.Xr savecore 8
3661utility.
3662.It Va quota_enable
3663.Pq Vt bool
3664Set to
3665.Dq Li YES
3666to turn on user and group disk quotas on system startup via the
3667.Xr quotaon 8
3668command for all file systems marked as having quotas enabled in
3669.Pa /etc/fstab .
3670The kernel must be built with
3671.Cd "options QUOTA"
3672for disk quotas to function.
3673.It Va check_quotas
3674.Pq Vt bool
3675Set to
3676.Dq Li YES
3677to enable user and group disk quota checking via the
3678.Xr quotacheck 8
3679command.
3680.It Va quotacheck_flags
3681.Pq Vt str
3682If
3683.Va quota_enable
3684is set to
3685.Dq Li YES ,
3686and
3687.Va check_quotas
3688is set to
3689.Dq Li YES ,
3690these are the flags to pass to the
3691.Xr quotacheck 8
3692utility.
3693The default is
3694.Dq Li "-a" ,
3695which checks quotas for all file systems with quotas enabled in
3696.Pa /etc/fstab .
3697.It Va quotaon_flags
3698.Pq Vt str
3699If
3700.Va quota_enable
3701is set to
3702.Dq Li YES ,
3703these are the flags to pass to the
3704.Xr quotaon 8
3705utility.
3706The default is
3707.Dq Li "-a" ,
3708which enables quotas for all file systems with quotas enabled in
3709.Pa /etc/fstab .
3710.It Va quotaoff_flags
3711.Pq Vt str
3712If
3713.Va quota_enable
3714is set to
3715.Dq Li YES ,
3716these are the flags to pass to the
3717.Xr quotaoff 8
3718utility when shutting down the quota system.
3719The default is
3720.Dq Li "-a" ,
3721which disables quotas for all file systems with quotas enabled in
3722.Pa /etc/fstab .
3723.It Va accounting_enable
3724.Pq Vt bool
3725Set to
3726.Dq Li YES
3727to enable system accounting through the
3728.Xr accton 8
3729facility.
3730.It Va firstboot_sentinel
3731.Pq Vt str
3732This variable specifies the full path to a
3733.Dq first boot
3734sentinel file.
3735If a file exists with this path,
3736.Pa rc.d
3737scripts with the
3738.Dq firstboot
3739keyword will be run on startup and the sentinel file will be deleted
3740after the boot process completes.
3741The sentinel file must be located on a writable file system which is
3742mounted no later than
3743.Va early_late_divider
3744to function properly.
3745The default is
3746.Pa /firstboot .
3747.It Va linux_enable
3748.Pq Vt bool
3749Set to
3750.Dq Li YES
3751to enable Linux/ELF binary emulation at system initial
3752boot time.
3753.It Va sysvipc_enable
3754.Pq Vt bool
3755If set to
3756.Dq Li YES ,
3757load System V IPC primitives at boot time.
3758.It Va clear_tmp_enable
3759.Pq Vt bool
3760Set to
3761.Dq Li YES
3762to have
3763.Pa /tmp
3764cleaned at startup.
3765.It Va clear_tmp_X
3766.Pq Vt bool
3767Set to
3768.Dq Li NO
3769to disable removing of X11 lock files,
3770and the removal and (secure) recreation
3771of the various socket directories for X11
3772related programs.
3773.It Va ldconfig_paths
3774.Pq Vt str
3775Set to the list of shared library paths to use with
3776.Xr ldconfig 8 .
3777NOTE:
3778.Pa /lib
3779and
3780.Pa /usr/lib
3781will always be added first, so they need not appear in this list.
3782.It Va ldconfig32_paths
3783.Pq Vt str
3784Set to the list of 32-bit compatibility shared library paths to
3785use with
3786.Xr ldconfig 8 .
3787.It Va ldconfig_insecure
3788.Pq Vt bool
3789The
3790.Xr ldconfig 8
3791utility normally refuses to use directories
3792which are writable by anyone except root.
3793Set this variable to
3794.Dq Li YES
3795to disable that security check during system startup.
3796.It Va ldconfig_local_dirs
3797.Pq Vt str
3798Set to the list of local
3799.Xr ldconfig 8
3800directories.
3801The names of all files in the directories listed will be
3802passed as arguments to
3803.Xr ldconfig 8 .
3804.It Va ldconfig_local32_dirs
3805.Pq Vt str
3806Set to the list of local 32-bit compatibility
3807.Xr ldconfig 8
3808directories.
3809The names of all files in the directories listed will be
3810passed as arguments to
3811.Dq Nm ldconfig Fl 32 .
3812.It Va kern_securelevel_enable
3813.Pq Vt bool
3814Set to
3815.Dq Li YES
3816to set the kernel security level at system startup.
3817.It Va kern_securelevel
3818.Pq Vt int
3819The kernel security level to set at startup.
3820The allowed range of
3821.Ar value
3822ranges from \-1 (the compile time default) to 3 (the
3823most secure).
3824See
3825.Xr security 7
3826for the list of possible security levels and their effect
3827on system operation.
3828.It Va sshd_program
3829.Pq Vt str
3830Path to the SSH server program
3831.Pa ( /usr/sbin/sshd
3832is the default).
3833.It Va sshd_enable
3834.Pq Vt bool
3835Set to
3836.Dq Li YES
3837to start
3838.Xr sshd 8
3839at system boot time.
3840.It Va sshd_flags
3841.Pq Vt str
3842If
3843.Va sshd_enable
3844is set to
3845.Dq Li YES ,
3846these are the flags to pass to the
3847.Xr sshd 8
3848daemon.
3849.It Va ftpd_program
3850.Pq Vt str
3851Path to the FTP server program
3852.Pa ( /usr/libexec/ftpd
3853is the default).
3854.It Va ftpd_enable
3855.Pq Vt bool
3856Set to
3857.Dq Li YES
3858to start
3859.Xr ftpd 8
3860as a stand-alone daemon at system boot time.
3861.It Va ftpd_flags
3862.Pq Vt str
3863If
3864.Va ftpd_enable
3865is set to
3866.Dq Li YES ,
3867these are the additional flags to pass to the
3868.Xr ftpd 8
3869daemon.
3870.It Va watchdogd_enable
3871.Pq Vt bool
3872If set to
3873.Dq Li YES ,
3874start the
3875.Xr watchdogd 8
3876daemon at boot time.
3877This requires that the kernel have been compiled with a
3878.Xr watchdog 4
3879compatible device.
3880.It Va watchdogd_flags
3881.Pq Vt str
3882If
3883.Va watchdogd_enable
3884is set to
3885.Dq Li YES ,
3886these are the flags passed to the
3887.Xr watchdogd 8
3888daemon.
3889.It Va watchdogd_timeout
3890.Pq Vt int
3891If
3892.Va watchdogd_enable
3893is set to
3894.Dq Li YES ,
3895this is a timeout that will be used by the
3896.Xr watchdogd 8
3897daemon.
3898If this option is set, it overrides
3899.Fl t
3900in
3901.Va watchdogd_flags .
3902.It Va watchdogd_shutdown_timeout
3903.Pq Vt int
3904If
3905.Va watchdogd_enable
3906is set to
3907.Dq Li YES ,
3908this is a timeout that will be set by the
3909.Xr watchdogd 8
3910daemon when it exits during the system shutdown.
3911This timeout will not be set when returning to the single-user mode
3912or when the watchdogd service is stopped individually using the
3913.Xr service 8
3914command or the rc.d script.
3915Note that the timeout will be applied if
3916.Xr watchdogd 8
3917is stopped outside of
3918.Xr rc 8
3919framework.
3920If this option is set, it overrides
3921.Fl x
3922in
3923.Va watchdogd_flags .
3924.It Va devfs_rulesets
3925.Pq Vt str
3926List of files containing sets of rules for
3927.Xr devfs 8 .
3928.It Va devfs_system_ruleset
3929.Pq Vt str
3930Rule name(s) to apply to the system
3931.Pa /dev
3932itself.
3933.It Va devfs_set_rulesets
3934.Pq Vt str
3935Pairs of already-mounted
3936.Pa dev
3937directories and rulesets that should be applied to them.
3938For example: /mount/dev=ruleset_name
3939.It Va devfs_load_rulesets
3940.Pq Vt bool
3941If set, always load the default rulesets listed in
3942.Va devfs_rulesets .
3943.It Va performance_cx_lowest
3944.Pq Vt str
3945CPU idle state to use while on AC power.
3946The string
3947.Dq Li LOW
3948indicates that
3949.Xr acpi 4
3950should use the lowest power state available while
3951.Dq Li HIGH
3952indicates that the lowest latency state (less power savings) should be used.
3953.It Va performance_cpu_freq
3954.Pq Vt str
3955CPU clock frequency to use while on AC power.
3956The string
3957.Dq Li LOW
3958indicates that
3959.Xr cpufreq 4
3960should use the lowest frequency available while
3961.Dq Li HIGH
3962indicates that the highest frequency (less power savings) should be used.
3963.It Va economy_cx_lowest
3964.Pq Vt str
3965CPU idle state to use when off AC power.
3966The string
3967.Dq Li LOW
3968indicates that
3969.Xr acpi 4
3970should use the lowest power state available while
3971.Dq Li HIGH
3972indicates that the lowest latency state (less power savings) should be used.
3973.It Va economy_cpu_freq
3974.Pq Vt str
3975CPU clock frequency to use when off AC power.
3976The string
3977.Dq Li LOW
3978indicates that
3979.Xr cpufreq 4
3980should use the lowest frequency available while
3981.Dq Li HIGH
3982indicates that the highest frequency (less power savings) should be used.
3983.It Va jail_enable
3984.Pq Vt bool
3985If set to
3986.Dq Li NO ,
3987any configured jails will not be started.
3988.It Va jail_conf
3989.Pq Vt str
3990The configuration filename used by
3991.Xr jail 8
3992utility.
3993The default value is
3994.Pa /etc/jail.conf .
3995.Pa /etc/jail. Ns Ao Va jname Ac Ns Pa .conf
3996and
3997.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf
3998will also be used if
3999.Ao Va jname Ac
4000is set in
4001.Va jail_list .
4002.It Va jail_parallel_start
4003.Pq Vt bool
4004If set to
4005.Dq Li YES ,
4006all configured jails will be started in the background (in parallel).
4007.It Va jail_flags
4008.Pq Vt str
4009Unset by default.
4010When set, use as default value for
4011.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
4012for every jail in
4013.Va jail_list .
4014.It Va jail_list
4015.Pq Vt str
4016A space-delimited list of jail names.
4017When left empty, all of the
4018.Xr jail 8
4019instances defined in the configuration file are started.
4020The names specified in this list control the jail startup order.
4021.Xr jail 8
4022instances missing from
4023.Va jail_list
4024must be started manually.
4025Note that a jail's
4026.Va depend
4027parameter in the configuration file may override this list.
4028.It Va jail_reverse_stop
4029.Pq Vt bool
4030When set to
4031.Dq Li YES ,
4032all configured jails in
4033.Va jail_list
4034are stopped in reverse order.
4035.It Va jail_ Ns * variables
4036Note that older releases supported per-jail configuration via
4037.Nm
4038variables.
4039For example,
4040hostname of a jail named
4041.Li vjail
4042was able to be set by
4043.Li jail_vjail_hostname .
4044These per-jail configuration variables are now obsolete in favor of
4045.Xr jail 8
4046configuration file.
4047For backward compatibility,
4048when per-jail configuration variables are defined,
4049.Xr jail 8
4050configuration files are created as
4051.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf
4052and used.
4053.Pp
4054The following per-jail parameters are handled by
4055.Pa rc.d/jail
4056script out of their corresponding
4057.Nm
4058variables.
4059In addition to them, parameters in
4060.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
4061will be added to the configuration file.
4062They must be a semi-colon
4063.Pq Ql \&;
4064delimited list of
4065.Dq key=value .
4066For more details,
4067see
4068.Xr jail 8
4069manual page.
4070.Bl  -tag -width "host.hostname" -offset indent
4071.It Li path
4072set from
4073.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
4074.It Li host.hostname
4075set from
4076.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
4077.It Li exec.consolelog
4078set from
4079.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
4080The default value is
4081.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log .
4082.It Li interface
4083set from
4084.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
4085.It Li vnet.interface
4086set from
4087.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
4088This implies
4089.Li vnet
4090parameter will be enabled and cannot be specified with
4091.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
4092.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4093and/or
4094.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4095at the same time.
4096.It Li fstab
4097set from
4098.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
4099.It Li mount
4100set from
4101.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
4102.It Li exec.fib
4103set from
4104.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
4105.It Li exec.start
4106set from
4107.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
4108The parameter name was
4109.Li command
4110in some older releases.
4111.It Li exec.prestart
4112set from
4113.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
4114.It Li exec.poststart
4115set from
4116.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
4117.It Li exec.stop
4118set from
4119.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
4120.It Li exec.prestop
4121set from
4122.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
4123.It Li exec.poststop
4124set from
4125.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
4126.It Li ip4.addr
4127set if
4128.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4129or
4130.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4131contain IPv4 addresses
4132.It Li ip6.addr
4133set if
4134.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4135or
4136.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4137contain IPv6 addresses
4138.It Li allow.mount
4139set from
4140.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
4141.It Li mount.devfs
4142set from
4143.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
4144.It Li devfs_ruleset
4145set from
4146.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
4147This must be an integer,
4148not a string.
4149.It Li mount.fdescfs
4150set from
4151.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
4152.It Li allow.set_hostname
4153set from
4154.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4155.It Li allow.rawsocket
4156set from
4157.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4158.It Li allow.sysvipc
4159set from
4160.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4161.El
4162.\" -----------------------------------------------------
4163.It Va harvest_mask
4164.Pq Vt int
4165Set to a bit-mask
4166representing the entropy sources
4167you wish to harvest.
4168Refer to
4169.Xr random 4
4170for more information.
4171.It Va entropy_dir
4172.Pq Vt str
4173Set to
4174.Dq Li NO
4175to disable caching entropy via
4176.Xr cron 8 .
4177Otherwise set to the directory
4178in which the entropy files are stored.
4179To be useful,
4180there must be
4181a system cron job
4182that regularly writes and rotates
4183files here.
4184All files found
4185will be used at boot time.
4186The default is
4187.Pa /var/db/entropy .
4188.It Va entropy_file
4189.Pq Vt str
4190Set to
4191.Dq Li NO
4192to disable caching entropy through reboots.
4193Otherwise set to the name
4194of a file used to store cached entropy.
4195This file should be located
4196on a file system that is readable
4197before all the volumes specified in
4198.Xr fstab 5
4199are mounted.
4200By default,
4201.Pa /entropy
4202is used,
4203but if
4204.Pa /var/db/entropy-file
4205is found it will also be used.
4206This will be of some use to
4207.Xr bsdinstall 8 .
4208.It Va entropy_boot_file
4209.Pq Vt str
4210Set to
4211.Dq Li NO
4212to disable
4213very early caching entropy
4214through reboots.
4215Otherwise set to the filename
4216used to read
4217very early reboot cached entropy.
4218This file should be located where
4219.Xr loader 8
4220can read it.
4221See also
4222.Xr loader.conf 5 .
4223The default location is
4224.Pa /boot/entropy .
4225.It Va entropy_save_sz
4226.Pq Vt int
4227Size of the entropy cache files saved by
4228.Nm save-entropy
4229periodically.
4230.It Va entropy_save_num
4231.Pq Vt int
4232Number of entropy cache files to save by
4233.Nm save-entropy
4234periodically.
4235.It Va ipsec_enable
4236.Pq Vt bool
4237Set to
4238.Dq Li YES
4239to run
4240.Xr setkey 8
4241on
4242.Va ipsec_file
4243at boot time.
4244.It Va ipsec_file
4245.Pq Vt str
4246Configuration file for
4247.Xr setkey 8 .
4248.It Va dmesg_enable
4249.Pq Vt bool
4250Set to
4251.Dq Li YES
4252to save
4253.Xr dmesg 8
4254to
4255.Pa /var/run/dmesg.boot
4256on boot.
4257.It Va rcshutdown_timeout
4258.Pq Vt int
4259If set, start a watchdog timer in the background which will terminate
4260.Pa rc.shutdown
4261if
4262.Xr shutdown 8
4263has not completed within the specified time (in seconds).
4264Notice that in addition to this soft timeout,
4265.Xr init 8
4266also applies a hard timeout for the execution of
4267.Pa rc.shutdown .
4268This is configured via
4269.Xr sysctl 8
4270variable
4271.Va kern.init_shutdown_timeout
4272and defaults to 120 seconds.
4273Setting the value of
4274.Va rcshutdown_timeout
4275to more than 120 seconds will have no effect until the
4276.Xr sysctl 8
4277variable
4278.Va kern.init_shutdown_timeout
4279is also increased.
4280.It Va virecover_enable
4281.Pq Vt bool
4282Set to
4283.Dq Li NO
4284to prevent the system from trying to
4285recover prematurely terminated
4286.Xr vi 1
4287sessions.
4288.It Va ugidfw_enable
4289.Pq Vt bool
4290Set to
4291.Dq Li YES
4292to load the
4293.Xr mac_bsdextended 4
4294module upon system initialization and load a default
4295ruleset file.
4296.It Va bsdextended_script
4297.Pq Vt str
4298The default
4299.Xr mac_bsdextended 4
4300ruleset file to load.
4301The default value of this variable is
4302.Pa /etc/rc.bsdextended .
4303.It Va newsyslog_enable
4304.Pq Vt bool
4305If set to
4306.Dq Li YES ,
4307run
4308.Xr newsyslog 8
4309command at startup.
4310.It Va newsyslog_flags
4311.Pq Vt str
4312If
4313.Va newsyslog_enable
4314is set to
4315.Dq Li YES ,
4316these are the flags to pass to the
4317.Xr newsyslog 8
4318program.
4319The default is
4320.Dq Li -CN ,
4321which causes log files flagged with a
4322.Cm C
4323to be created.
4324.It Va mdconfig_md Ns Aq Ar X
4325.Pq Vt str
4326Arguments to
4327.Xr mdconfig 8
4328for
4329.Xr md 4
4330device
4331.Ar X .
4332At minimum a
4333.Fl t Ar type
4334must be specified and either a
4335.Fl s Ar size
4336for malloc or swap backed
4337.Xr md 4
4338devices or a
4339.Fl f Ar file
4340for vnode backed
4341.Xr md 4
4342devices.
4343Note that
4344.Va mdconfig_md Ns Aq Ar X
4345variables are evaluated until one variable is unset or null.
4346.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4347.Pq Vt str
4348Optional arguments passed to
4349.Xr newfs 8
4350to initialize
4351.Xr md 4
4352device
4353.Ar X .
4354.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4355.Pq Vt str
4356An ownership specification passed to
4357.Xr chown 8
4358after the specified
4359.Xr md 4
4360device
4361.Ar X
4362has been mounted.
4363Both the
4364.Xr md 4
4365device and the mount point will be changed.
4366.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4367.Pq Vt str
4368A mode string passed to
4369.Xr chmod 1
4370after the specified
4371.Xr md 4
4372device
4373.Ar X
4374has been mounted.
4375Both the
4376.Xr md 4
4377device and the mount point will be changed.
4378.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4379.Pq Vt str
4380Files to be copied to the mount point of the
4381.Xr md 4
4382device
4383.Ar X
4384after it has been mounted.
4385.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4386.Pq Vt str
4387Command to execute after the specified
4388.Xr md 4
4389device
4390.Ar X
4391has been mounted.
4392Note that the command is passed to
4393.Ic eval
4394and that both
4395.Va _dev
4396and
4397.Va _mp
4398variables can be used to reference respectively the
4399.Xr md 4
4400device and the mount point.
4401Assuming that the
4402.Xr md 4
4403device is
4404.Li md0 ,
4405one could set the following:
4406.Bd -literal
4407mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4408.Ed
4409.It Va autobridge_interfaces
4410.Pq Vt str
4411Set to the list of bridge interfaces that will have newly arriving interfaces
4412checked against to be automatically added.
4413If not set to
4414.Dq Li NO
4415then for each whitespace separated
4416.Ar element
4417in the value, a
4418.Va autobridge_ Ns Aq Ar element
4419variable is assumed to exist which has a whitespace separated list of interface
4420names to match, these names can use wildcards.
4421For example:
4422.Bd -literal
4423autobridge_interfaces="bridge0"
4424autobridge_bridge0="tap* dc0 vlan[345]"
4425.Ed
4426.It Va mixer_enable
4427.Pq Vt bool
4428If set to
4429.Dq Li YES ,
4430enable support for sound mixer.
4431.It Va hcsecd_enable
4432.Pq Vt bool
4433If set to
4434.Dq Li YES ,
4435enable Bluetooth security daemon.
4436.It Va hcsecd_config
4437.Pq Vt str
4438Configuration file for
4439.Xr hcsecd 8 .
4440Default
4441.Pa /etc/bluetooth/hcsecd.conf .
4442.It Va sdpd_enable
4443.Pq Vt bool
4444If set to
4445.Dq Li YES ,
4446enable Bluetooth Service Discovery Protocol daemon.
4447.It Va sdpd_control
4448.Pq Vt str
4449Path to
4450.Xr sdpd 8
4451control socket.
4452Default
4453.Pa /var/run/sdp .
4454.It Va sdpd_groupname
4455.Pq Vt str
4456Sets
4457.Xr sdpd 8
4458group to run as after it initializes.
4459Default
4460.Dq Li nobody .
4461.It Va sdpd_username
4462.Pq Vt str
4463Sets
4464.Xr sdpd 8
4465user to run as after it initializes.
4466Default
4467.Dq Li nobody .
4468.It Va bthidd_enable
4469.Pq Vt bool
4470If set to
4471.Dq Li YES ,
4472enable Bluetooth Human Interface Device daemon.
4473.It Va bthidd_config
4474.Pq Vt str
4475Configuration file for
4476.Xr bthidd 8 .
4477Default
4478.Pa /etc/bluetooth/bthidd.conf .
4479.It Va bthidd_hids
4480.Pq Vt str
4481Path to a file, where
4482.Xr bthidd 8
4483will store information about known HID devices.
4484Default
4485.Pa /var/db/bthidd.hids .
4486.It Va rfcomm_pppd_server_enable
4487.Pq Vt bool
4488If set to
4489.Dq Li YES ,
4490enable Bluetooth RFCOMM PPP wrapper daemon.
4491.It Va rfcomm_pppd_server_profile
4492.Pq Vt str
4493The name of the profile to use from
4494.Pa /etc/ppp/ppp.conf .
4495Multiple profiles can be specified here.
4496Also used to specify per-profile overrides.
4497When the profile name contains any of the characters
4498.Dq Li .-/+
4499they are translated to
4500.Dq Li _
4501for the proposes of the override variable names.
4502.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4503.Pq Vt str
4504Overrides local address to listen on.
4505By default
4506.Xr rfcomm_pppd 8
4507will listen on
4508.Dq Li ANY
4509address.
4510The address can be specified as BD_ADDR or name.
4511.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4512.Pq Vt str
4513Overrides local RFCOMM channel to listen on.
4514By default
4515.Xr rfcomm_pppd 8
4516will listen on RFCOMM channel 1.
4517Must set properly if multiple profiles used in the same time.
4518.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4519.Pq Vt bool
4520Tells
4521.Xr rfcomm_pppd 8
4522if it should register Serial Port service on the specified RFCOMM channel.
4523Default
4524.Dq Li NO .
4525.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4526.Pq Vt bool
4527Tells
4528.Xr rfcomm_pppd 8
4529if it should register Dial-Up Networking service on the specified
4530RFCOMM channel.
4531Default
4532.Dq Li NO .
4533.It Va ubthidhci_enable
4534.Pq Vt bool
4535If set to
4536.Dq Li YES ,
4537change the USB Bluetooth controller from HID mode to HCI mode.
4538You also need to specify the location of USB Bluetooth controller with the
4539.Va ubthidhci_busnum
4540and
4541.Va ubthidhci_addr
4542variables.
4543.It Va ubthidhci_busnum
4544Bus number where the USB Bluetooth controller is located.
4545Check the output of
4546.Xr usbconfig 8
4547on your system to find this information.
4548.It Va ubthidhci_addr
4549Bus address of the USB Bluetooth controller.
4550Check the output of
4551.Xr usbconfig 8
4552on your system to find this information.
4553.It Va utx_enable
4554.Pq Vt bool
4555Set to
4556.Dq Li YES
4557to enable user accounting through the
4558.Xr utx 8
4559facility.
4560.It Va netwait_enable
4561.Pq Vt bool
4562If set to
4563.Dq Li YES ,
4564delays the start of network-reliant services until
4565.Va netwait_if
4566is up and ICMP packets to a destination defined in
4567.Va netwait_ip
4568are flowing.
4569Link state is examined first, followed by
4570.Dq Li pinging
4571an IP address to verify network usability.
4572If no destination can be reached or timeouts are exceeded,
4573network services are started anyway with no guarantee that
4574the network is usable.
4575Use of this variable requires both
4576.Va netwait_ip
4577and
4578.Va netwait_if
4579to be set.
4580.It Va netwait_ip
4581.Pq Vt str
4582Empty by default.
4583This variable contains a space-delimited list of IP addresses to
4584.Xr ping 8 .
4585DNS hostnames should not be used as resolution is not guaranteed
4586to be functional at this point.
4587If multiple IP addresses are specified,
4588each will be tried until one is successful or the list is exhausted.
4589.It Va netwait_timeout
4590.Pq Vt int
4591Indicates the total number of seconds to perform a
4592.Dq Li ping
4593against each IP address in
4594.Va netwait_ip ,
4595at a rate of one ping per second.
4596If any of the pings are successful,
4597full network connectivity is considered reliable.
4598The default is 60.
4599.It Va netwait_if
4600.Pq Vt str
4601Empty by default.
4602Defines the name of the network interface on which watch for link.
4603.Xr ifconfig 8
4604is used to monitor the interface, looking for
4605.Dq Li status: no carrier .
4606Once gone, the link is considered up.
4607This can be a
4608.Xr vlan 4
4609interface if desired.
4610.It Va netwait_if_timeout
4611.Pq Vt int
4612Defines the total number of seconds to wait for link to become usable,
4613polled at a 1-second interval.
4614The default is 30.
4615.It Va rctl_enable
4616.Pq Vt bool
4617If set to
4618.Dq Li YES ,
4619load
4620.Xr rctl 8
4621rules from the defined ruleset.
4622The kernel must be built with
4623.Cd "options RACCT"
4624and
4625.Cd "options RCTL" .
4626.It Va rctl_rules
4627.Pq Vt str
4628Set to
4629.Pa /etc/rctl.conf
4630by default.
4631This variables contains the
4632.Xr rctl.conf 5
4633ruleset to load for
4634.Xr rctl 8 .
4635.It Va iovctl_files
4636.Pq Vt str
4637A space-separated list of configuration files used by
4638.Xr iovctl 8 .
4639The default value is an empty string.
4640.It Va autofs_enable
4641.Pq Vt bool
4642If set to
4643.Dq Li YES ,
4644start the
4645.Xr automount 8
4646utility and the
4647.Xr automountd 8
4648and
4649.Xr autounmountd 8
4650daemons at boot time.
4651.It Va automount_flags
4652.Pq Vt str
4653If
4654.Va autofs_enable
4655is set to
4656.Dq Li YES ,
4657these are the flags to pass to the
4658.Xr automount 8
4659program.
4660By default no flags are passed.
4661.It Va automountd_flags
4662.Pq Vt str
4663If
4664.Va autofs_enable
4665is set to
4666.Dq Li YES ,
4667these are the flags to pass to the
4668.Xr automountd 8
4669daemon.
4670By default no flags are passed.
4671.It Va autounmountd_flags
4672.Pq Vt str
4673If
4674.Va autofs_enable
4675is set to
4676.Dq Li YES ,
4677these are the flags to pass to the
4678.Xr autounmountd 8
4679daemon.
4680By default no flags are passed.
4681.It Va ctld_enable
4682.Pq Vt bool
4683If set to
4684.Dq Li YES ,
4685start the
4686.Xr ctld 8
4687daemon at boot time.
4688.It Va iscsid_enable
4689.Pq Vt bool
4690If set to
4691.Dq Li YES ,
4692start the
4693.Xr iscsid 8
4694daemon at boot time.
4695.It Va iscsictl_enable
4696.Pq Vt bool
4697If set to
4698.Dq Li YES ,
4699start the
4700.Xr iscsictl 8
4701utility at boot time.
4702.It Va iscsictl_flags
4703.Pq Vt str
4704If
4705.Va iscsictl_enable
4706is set to
4707.Dq Li YES ,
4708these are the flags to pass to the
4709.Xr iscsictl 8
4710program.
4711The default is
4712.Dq Li -Aa ,
4713which configures sessions based on the
4714.Pa /etc/iscsi.conf
4715configuration file.
4716.It Va cfumass_enable
4717.Pq Vt bool
4718If set to
4719.Dq Li YES ,
4720create and export an USB LUN using
4721.Xr cfumass 4
4722at boot time.
4723.It Va cfumass_dir
4724.Pq Vt str
4725The directory where the files exported by USB LUN are located.
4726The default directory is
4727.Pa /var/cfumass .
4728.It Va service_delete_empty
4729.Pq Vt bool
4730If set to
4731.Dq Li YES ,
4732.Ql Li service delete
4733removes empty
4734.Dq Li rc.conf.d
4735files.
4736.It Va zfs_bootonce_activate
4737.Pq Vt bool
4738If set to
4739.Dq Li YES ,
4740and a boot environment marked bootonce is successfully booted,
4741it will be made permanently active.
4742.It Va zfskeys_enable
4743.Pq Vt bool
4744If set to
4745.Dq Li YES ,
4746enable auto-loading of encryption keys for encrypted ZFS datasets.
4747For every dataset the script will first load the appropriate encryption key
4748and then attempt to unlock the dataset.
4749.Pp
4750The script operates only on datasets which are encrypted with
4751ZFS native encryption
4752and have a ZFS
4753.Dq Li keylocation
4754dataset property beginning with
4755.Dq Li file:// .
4756.It Va zfskeys_datasets
4757.Pq Vt str
4758A whitespace-separated list of ZFS datasets to unlock.
4759The list is empty by default,
4760which means that the script will attempt to unlock all datasets.
4761.It Va zfskeys_timeout
4762.Pq Vt int
4763Define the total number of seconds to wait for the zfskeys script
4764to unlock an encrypted dataset.
4765The default is 10.
4766.It Va sendmail_enable
4767.Pq Vt str
4768If set to
4769.Dq Li YES ,
4770run the
4771.Xr sendmail 8
4772daemon at system boot time.
4773If set to
4774.Dq Li NO ,
4775do not run a
4776.Xr sendmail 8
4777daemon to listen for incoming network mail.
4778This does not preclude a
4779.Xr sendmail 8
4780daemon listening on the SMTP port of the loopback interface.
4781The
4782.Dq Li NONE
4783option sets each
4784.Va sendmail_enable ,
4785.Va sendmail_submit_enable ,
4786.Va sendmail_outbound_enable ,
4787.Va sendmail_msp_queue_enable
4788to
4789.Dq Li NO .
4790.It Va sendmail_cert_create
4791.Pq Vt str
4792If
4793.Va sendmail_enable
4794is set to
4795.Dq Li YES ,
4796create a signed certificate
4797.Pa /etc/mail/certs/host.cert
4798representing
4799.Pa /etc/mail/certs/host.key
4800by the CA certificate in
4801.Pa /etc/mail/certs/cacert.pem .
4802This will enable connecting hosts to negotiate STARTTLS allowing incoming
4803email to be encrypted in transit.
4804.Xr sendmail 8
4805needs to be configured to use these generated files.
4806The default configuration in
4807.Pa /etc/mail/freebsd.mc
4808has the required options in it.
4809.It Va sendmail_cert_cn
4810.Pq Vt str
4811If
4812.Va sendmail_enable
4813is set to
4814.Dq Li YES
4815and
4816.Va sendmail_cert_create
4817is set to
4818.Dq Li YES ,
4819this is the Common Name (CN) of the certificate that will be created.
4820If
4821.Va sendmail_cert_cn
4822is not set, the system's hostname will be used.
4823If there is no hostname set,
4824.Dq Li amnesiac
4825will be used.
4826.It Va sendmail_flags
4827.Pq Vt str
4828If
4829.Va sendmail_enable
4830is set to
4831.Dq Li YES ,
4832these are the flags to pass to the
4833.Xr sendmail 8
4834daemon.
4835.It Va sendmail_submit_enable
4836.Pq Vt bool
4837If set to
4838.Dq Li YES
4839and
4840.Va sendmail_enable
4841is set to
4842.Dq Li NO ,
4843run
4844.Xr sendmail 8
4845using
4846.Va sendmail_submit_flags
4847instead of
4848.Va sendmail_flags .
4849This is intended to allow local mail submission via
4850a localhost-only listening SMTP service required for running
4851.Xr sendmail 8
4852as a non-set-user-ID binary.
4853Note that this does not work inside
4854.Xr jail 2
4855systems, as jails do not allow binding to just the localhost interface.
4856.It Va sendmail_submit_flags
4857.Pq Vt str
4858If
4859.Va sendmail_enable
4860is set to
4861.Dq Li NO
4862and
4863.Va sendmail_submit_enable
4864is set to
4865.Dq Li YES ,
4866these are the flags to pass to the
4867.Xr sendmail 8
4868daemon.
4869.It Va sendmail_outbound_enable
4870.Pq Vt bool
4871If set to
4872.Dq Li YES
4873and both
4874.Va sendmail_enable
4875and
4876.Va sendmail_submit_enable
4877are set to
4878.Dq Li NO ,
4879run
4880.Xr sendmail 8
4881using
4882.Va sendmail_outbound_flags
4883instead of
4884.Va sendmail_flags .
4885This is intended to allow local mail queue management
4886for systems that do not offer a listening SMTP service.
4887.It Va sendmail_outbound_flags
4888.Pq Vt str
4889If both
4890.Va sendmail_enable
4891and
4892.Va sendmail_submit_enable
4893are set to
4894.Dq Li NO
4895and
4896.Va sendmail_outbound_enable
4897is set to
4898.Dq Li YES ,
4899these are the flags to pass to the
4900.Xr sendmail 8
4901daemon.
4902.It Va sendmail_msp_queue_enable
4903.Pq Vt bool
4904If set to
4905.Dq Li YES ,
4906start a client (MSP) queue runner
4907.Xr sendmail 8
4908daemon at system boot time.
4909As of sendmail 8.12, a separate queue is used for command line
4910submissions.
4911The client queue runner ensures that nothing is
4912left behind in the submission queue.
4913.It Va sendmail_msp_queue_flags
4914.Pq Vt str
4915If
4916.Va sendmail_msp_queue_enable
4917is set to
4918daemon.
4919.Dq Li YES ,
4920these are the flags to pass to the
4921.Xr sendmail 8
4922.El
4923.Sh FILES
4924.Bl -tag -width "/etc/defaults/rc.conf" -compact
4925.It Pa /etc/defaults/rc.conf
4926.It Pa /etc/defaults/vendor.conf
4927.It Pa /etc/rc.conf
4928.It Pa /etc/rc.conf.local
4929.It Pa /etc/rc.conf.d/
4930.El
4931.Sh SEE ALSO
4932.Xr chmod 1 ,
4933.Xr cpuset 1 ,
4934.Xr gdb 1 Pq Pa ports/devel/gdb ,
4935.Xr kbdcontrol 1 ,
4936.Xr limits 1 ,
4937.Xr protect 1 ,
4938.Xr sh 1 ,
4939.Xr umask 1 ,
4940.Xr uuidgen 1 ,
4941.Xr vi 1 ,
4942.Xr vidcontrol 1 ,
4943.Xr bridge 4 ,
4944.Xr dummynet 4 ,
4945.Xr ip 4 ,
4946.Xr ipf 4 ,
4947.Xr ipfw 4 ,
4948.Xr ipnat 4 ,
4949.Xr kld 4 ,
4950.Xr pf 4 ,
4951.Xr pflog 4 ,
4952.Xr pfsync 4 ,
4953.Xr tcp 4 ,
4954.Xr udp 4 ,
4955.Xr exports 5 ,
4956.Xr fstab 5 ,
4957.Xr ipf 5 ,
4958.Xr ipnat 5 ,
4959.Xr jail.conf 5 ,
4960.Xr loader.conf 5 ,
4961.Xr login.conf 5 ,
4962.Xr motd 5 ,
4963.Xr newsyslog.conf 5 ,
4964.Xr pf.conf 5 ,
4965.Xr firewall 7 ,
4966.Xr growfs 7 ,
4967.Xr security 7 ,
4968.Xr tuning 7 ,
4969.Xr accton 8 ,
4970.Xr apm 8 ,
4971.Xr bsdinstall 8 ,
4972.Xr bthidd 8 ,
4973.Xr chkprintcap 8 ,
4974.Xr chown 8 ,
4975.Xr cron 8 ,
4976.Xr devfs 8 ,
4977.Xr dhclient 8 ,
4978.Xr ftpd 8 ,
4979.Xr geli 8 ,
4980.Xr hcsecd 8 ,
4981.Xr ifconfig 8 ,
4982.Xr inetd 8 ,
4983.Xr iovctl 8 ,
4984.Xr ipf 8 ,
4985.Xr ipfw 8 ,
4986.Xr ipnat 8 ,
4987.Xr jail 8 ,
4988.Xr kldxref 8 ,
4989.Xr loader 8 ,
4990.Xr lpd 8 ,
4991.Xr makewhatis 8 ,
4992.Xr mdconfig 8 ,
4993.Xr mdmfs 8 ,
4994.Xr mixer 8 ,
4995.Xr mountd 8 ,
4996.Xr moused 8 ,
4997.Xr newfs 8 ,
4998.Xr newsyslog 8 ,
4999.Xr nfsd 8 ,
5000.Xr ntpd 8 ,
5001.Xr ntpdate 8 ,
5002.Xr pfctl 8 ,
5003.Xr pflogd 8 ,
5004.Xr ping 8 ,
5005.Xr powerd 8 ,
5006.Xr quotacheck 8 ,
5007.Xr quotaon 8 ,
5008.Xr rc 8 ,
5009.Xr rc.subr 8 ,
5010.Xr rcorder 8 ,
5011.Xr rfcomm_pppd 8 ,
5012.Xr route 8 ,
5013.Xr route6d 8 ,
5014.Xr routed 8 ,
5015.Xr rpc.lockd 8 ,
5016.Xr rpc.statd 8 ,
5017.Xr rpc.tlsclntd 8 ,
5018.Xr rpc.tlsservd 8 ,
5019.Xr rpcbind 8 ,
5020.Xr rwhod 8 ,
5021.Xr savecore 8 ,
5022.Xr sdpd 8 ,
5023.Xr sendmail 8 ,
5024.Xr service 8 ,
5025.Xr sshd 8 ,
5026.Xr swapon 8 ,
5027.Xr sysctl 8 ,
5028.Xr syslogd 8 ,
5029.Xr sysrc 8 ,
5030.Xr unbound 8 ,
5031.Xr usbconfig 8 ,
5032.Xr utx 8 ,
5033.Xr wlandebug 8 ,
5034.Xr yp 8 ,
5035.Xr ypbind 8 ,
5036.Xr ypserv 8 ,
5037.Xr ypset 8
5038.Sh HISTORY
5039The
5040.Nm
5041file appeared in
5042.Fx 2.2.2 .
5043.Sh AUTHORS
5044.An Jordan K. Hubbard .
5045