1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd May 11, 2023 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories (where 84.Ao Ar dir Ac 85is each entry specified in 86.Va local_startup , 87but with any trailing 88.Pa /rc.d 89stripped), 90which will be included by the 91.Va load_rc_config 92function. 93For jail configurations you could use the file 94.Pa /etc/rc.conf.d/jail 95to store jail-specific configuration options. 96If 97.Va local_startup 98contains 99.Pa /usr/local/etc/rc.d 100and 101.Pa /opt/conf , 102.Pa /usr/local/etc/rc.conf.d/jail 103and 104.Pa /opt/conf/rc.conf.d/jail 105will be loaded. 106If 107.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 108is a directory, 109all of the files in the directory will be loaded. 110Also see the 111.Va rc_conf_files 112variable below. 113.Pp 114Options are set with 115.Dq Ar name Ns Li = Ns Ar value 116assignments that use 117.Xr sh 1 118syntax. 119The following list provides a name and short description for each 120variable that can be set in the 121.Nm 122file: 123.Bl -tag -width indent-two 124.It Va rc_debug 125.Pq Vt bool 126If set to 127.Dq Li YES , 128enable output of debug messages from rc scripts. 129This variable can be helpful in diagnosing mistakes when 130editing or integrating new scripts. 131Beware that this produces copious output to the terminal and 132.Xr syslog 3 . 133.It Va rc_info 134.Pq Vt bool 135If set to 136.Dq Li NO , 137disable informational messages from the rc scripts. 138Informational messages are displayed when 139a condition that is not serious enough to warrant a warning or 140an error occurs. 141.It Va rc_startmsgs 142.Pq Vt bool 143If set to 144.Dq Li YES , 145show 146.Dq Starting foo: 147when faststart is used (e.g., at boot time). 148.It Va early_late_divider 149.Pq Vt str 150The name of the script that should be used as the 151delimiter between the 152.Dq early 153and 154.Dq late 155stages of the boot process. 156The early stage should contain all the services needed to 157get the disks (local or remote) mounted so that the late 158stage can include scripts contained in the directories 159listed in the 160.Va local_startup 161variable (see below). 162Thus, the two likely candidates for this value are 163.Pa mountcritlocal 164for the typical system, and 165.Pa mountcritremote 166if the system needs remote file 167systems mounted to get access to the 168.Va local_startup 169directories; for example when 170.Pa /usr/local 171is NFS mounted. 172For 173.Pa rc.conf 174within a 175.Xr jail 8 176.Pa NETWORKING 177is likely to be an appropriate value. 178Extreme care should be taken when changing this value, 179and before changing it one should ensure that there are 180adequate provisions to recover from a failed boot 181(such as physical contact with the machine, 182or reliable remote console access). 183.It Va always_force_depends 184.Pq Vt bool 185Various 186.Pa rc.d 187scripts use the force_depend function to check whether required 188services are already running, and to start them if necessary. 189By default during boot time this check is bypassed if the 190required service is enabled in 191.Pa /etc/rc.conf[.local] . 192Setting this option will bypass that check at boot time and 193always test whether or not the service is actually running. 194Enabling this option is likely to increase your boot time if 195services are enabled that utilize the force_depend check. 196.It Ao Ar name Ac Ns Va _chroot 197.Pq Vt str 198.Xr chroot 8 199to this directory before running the service. 200.It Ao Ar name Ac Ns Va _cpuset 201.Pq Vt str 202A list of CPUs to run the service on. 203Passed to 204.Xr cpuset 1 205using the 206.Fl l 207flag. 208.It Ao Ar name Ac Ns Va _fib 209.Pq Vt int 210The 211.Xr setfib 1 212value to run the service under. 213.It Ao Ar name Ac Ns Va _group 214.Pq Vt str 215Run the chrooted service under this system group. 216Unlike the 217.Ao Ar name Ac Ns Va _user 218setting, this setting has no effect if the service is not chrooted. 219.It Ao Ar name Ac Ns Va _limits 220.Pq Vt str 221Resource limits to apply to the service using 222.Xr limits 1 . 223By default, resource limits are based on the login class defined in 224.Ao Ar name Ac Ns Va _login_class . 225.It Ao Ar name Ac Ns Va _login_class 226.Pq Vt str 227Login class to be used with 228.Ao Ar name Ac Ns Va _limits . 229Defaults to 230.Dq Li daemon . 231.It Ao Ar name Ac Ns Va _nice 232.Pq Vt int 233The 234.Xr nice 1 235value to run the service under. 236.It Ao Ar name Ac Ns Va _oomprotect 237.Pq Vt str 238Use 239.Xr protect 1 240to prevent the service from being killed when swap space 241is exhausted. 242Use 243.Dq Li YES 244to protect only the service itself, and 245.Dq Li ALL 246to protect the service and all its child processes. 247.Pp 248Please note that rc scripts which redefine 249.Dl ${argument}_cmd 250.Pq see Xr rc.subr 8 251such as PostgreSQL will not inherit the OOM killer protection. 252.Pp 253This variable has no effect on services running within a 254.Xr jail 8 . 255.It Ao Ar name Ac Ns Va _umask 256.Pq Vt int 257Run the service using this 258.Xr umask 1 259value. 260.It Ao Ar name Ac Ns Va _user 261.Pq Vt str 262Run the service under this user account. 263.It Va apm_enable 264.Pq Vt bool 265If set to 266.Dq Li YES , 267enable support for Automatic Power Management with 268the 269.Xr apm 8 270command. 271.It Va apmd_enable 272.Pq Vt bool 273Run 274.Xr apmd 8 275to handle APM event from userland. 276This also enables support for APM. 277.It Va apmd_flags 278.Pq Vt str 279If 280.Va apmd_enable 281is set to 282.Dq Li YES , 283these are the flags to pass to the 284.Xr apmd 8 285daemon. 286.It Va devd_enable 287.Pq Vt bool 288Run 289.Xr devd 8 290to handle device added, removed or unknown events from the kernel. 291.It Va ddb_enable 292.Pq Vt bool 293Run 294.Xr ddb 8 295to install 296.Xr ddb 4 297scripts at boot time. 298.It Va ddb_config 299.Pq Vt str 300Configuration file for 301.Xr ddb 8 . 302Default 303.Pa /etc/ddb.conf . 304.It Va devmatch_enable 305.Pq Vt bool 306If set to 307.Dq Li NO , 308disable auto-loading of kernel modules with 309.Xr devmatch 8 . 310.It Va devmatch_blocklist 311.Pq Vt str 312A whitespace-separated list of kernel modules to be ignored by 313.Xr devmatch 8 . 314In addition, the 315.Xr kenv 1 316.Va devmatch_blocklist 317is appended to this variable to allow disabling of 318.Xr devmatch 8 319loaded modules from the boot loader. 320.It Va devmatch_blacklist 321.Pq Vt str 322This variable is deprecated. 323Use 324.Va devmatch_blocklist 325instead. 326A whitespace-separated list of kernel modules to be ignored by 327.Xr devmatch 8 . 328.It Va kld_list 329.Pq Vt str 330A whitespace-separated list of kernel modules to load right after 331the local disks are mounted, without any 332.Pa .ko 333extension or path. 334Loading modules at this point in the boot process is 335much faster than doing it via 336.Pa /boot/loader.conf 337for those modules not necessary for mounting local disks. 338.It Va kldxref_enable 339.Pq Vt bool 340Set to 341.Dq Li NO 342by default. 343Set to 344.Dq Li YES 345to automatically rebuild 346.Pa linker.hints 347files with 348.Xr kldxref 8 349at boot time. 350.It Va kldxref_clobber 351.Pq Vt bool 352Set to 353.Dq Li NO 354by default. 355If 356.Va kldxref_enable 357is true, 358setting to 359.Dq Li YES 360will overwrite existing 361.Pa linker.hints 362files at boot time. 363Otherwise, 364only missing 365.Pa linker.hints 366files are generated. 367.It Va kldxref_module_path 368.Pq Vt str 369Empty by default. 370A semi-colon 371.Pq Ql \&; 372delimited list of paths containing 373.Xr kld 4 374modules. 375If empty, 376the contents of the 377.Va kern.module_path 378.Xr sysctl 8 379are used. 380.It Va powerd_enable 381.Pq Vt bool 382If set to 383.Dq Li YES , 384enable the system power control facility with the 385.Xr powerd 8 386daemon. 387.It Va powerd_flags 388.Pq Vt str 389If 390.Va powerd_enable 391is set to 392.Dq Li YES , 393these are the flags to pass to the 394.Xr powerd 8 395daemon. 396.It Va tmpmfs 397Controls the creation of a 398.Pa /tmp 399memory file system. 400Always happens if set to 401.Dq Li YES 402and never happens if set to 403.Dq Li NO . 404If set to anything else, a memory file system is created if 405.Pa /tmp 406is not writable. 407.It Va tmpsize 408Controls the size of a created 409.Pa /tmp 410memory file system. 411.It Va tmpmfs_flags 412Extra options passed to the 413.Xr mdmfs 8 414utility when the memory file system for 415.Pa /tmp 416is created. 417The default is 418.Dq Li "-S" , 419which inhibits the use of softupdates on 420.Pa /tmp 421so that file system space is freed without delay 422after file truncation or deletion. 423See 424.Xr mdmfs 8 425for other options you can use in 426.Va tmpmfs_flags . 427.It Va varmfs 428Controls the creation of a 429.Pa /var 430memory file system. 431Always happens if set to 432.Dq Li YES 433and never happens if set to 434.Dq Li NO . 435If set to anything else, a memory file system is created if 436.Pa /var 437is not writable. 438.It Va varsize 439Controls the size of a created 440.Pa /var 441memory file system. 442.It Va varmfs_flags 443Extra options passed to the 444.Xr mdmfs 8 445utility when the memory file system for 446.Pa /var 447is created. 448The default is 449.Dq Li "-S" , 450which inhibits the use of softupdates on 451.Pa /var 452so that file system space is freed without delay 453after file truncation or deletion. 454See 455.Xr mdmfs 8 456for other options you can use in 457.Va varmfs_flags . 458.It Va populate_var 459Controls the automatic population of the 460.Pa /var 461file system. 462Always happens if set to 463.Dq Li YES 464and never happens if set to 465.Dq Li NO . 466If set to anything else, a memory file system is created if 467.Pa /var 468is not writable. 469Note that this process requires access to certain commands in 470.Pa /usr 471before 472.Pa /usr 473is mounted on normal systems. 474.It Va cleanvar_enable 475.Pq Vt bool 476Clean the 477.Pa /var 478directory. 479.It Va var_run_enable 480.Pq Vt bool 481Set to "YES" to enable saving of the 482.Pa /var/run 483directory structure into an mtree file at shutdown and the reload of the 484.Pa /var/run 485directory structure at boot. 486.It Va var_run_autosave 487.Pq Vt bool 488In some cases it may be undesirable to save 489.Pa /var/run 490at shutdown. 491When set to "NO" 492.Pa /var/run 493is loaded at reboot but not saved at shutdown. 494Typically in this scenario 495.Ql service var_run save 496would be performed to save a copy of the 497.Pa /var/run 498directory structure once, to be reloaded during all subsequent reboots. 499.It Va var_run_mtree 500.Pq Vt str 501Where to save the 502.Pa /var/run 503mtree. 504The default location is 505.Pa /var/db/mtree/BSD.var-run.mtree . 506.It Va local_startup 507.Pq Vt str 508List of directories to search for startup script files. 509.It Va script_name_sep 510.Pq Vt str 511The field separator to use for breaking down the list of startup script files 512into individual filenames. 513The default is a space. 514It is not necessary to change this unless there are startup scripts with names 515containing spaces. 516.It Va hostapd_enable 517.Pq Vt bool 518Set to 519.Dq Li YES 520to start 521.Xr hostapd 8 522at system boot time. 523.It Va hostname 524.Pq Vt str 525The fully qualified domain name (FQDN) of this host on the network. 526This should almost certainly be set to something meaningful, even if 527there is no network connection. 528If 529.Xr dhclient 8 530is used to set the hostname via DHCP, 531this variable should be set to an empty string. 532Within a 533.Xr jail 8 534the hostname is generally already set and this variable may be absent. 535If this value remains unset when the system is done booting 536your console login will display the default hostname of 537.Dq Amnesiac . 538.It Va nisdomainname 539.Pq Vt str 540The NIS domain name of this host, or 541.Dq Li NO 542if NIS is not used. 543.It Va hostid_enable 544.Pq Vt bool 545If set to 546.Dq Li NO , 547disable the generation or saving of the 548.Pa hostid 549and 550.Pa machine-id 551files at system boot and shutdown. 552.It Va hostid_file 553.Pq Vt str 554Path to the 555.Pa hostid 556file, default 557.Pa /etc/hostid . 558.It Va hostid_uuidgen_flags 559.Pq Vt str 560Flags passed to 561.Xr uuidgen 1 562when generating a software host UUID. 563This is used only if the system cannot determine a hardware UUID. 564Set to 565.Dq Li -r 566by default. 567.It Va machine_id_file 568.Pq Vt str 569Path to the 570.Pa machine-id 571file, default 572.Pa /etc/machine-id . 573.It Va dhclient_program 574.Pq Vt str 575Path to the DHCP client program, defaulting to 576.Pa /sbin/dhclient . 577.It Va dhclient_flags 578.Pq Vt str 579Additional flags to pass to the DHCP client program. 580See the 581.Xr dhclient 8 582manpage for a description of the command line options available. 583.It Va dhclient_flags_ Ns Aq Ar iface 584Additional flags to pass to the DHCP client program running on 585.Ar iface 586only. 587When specified, this variable overrides 588.Va dhclient_flags . 589.It Va background_dhclient 590.Pq Vt bool 591Set to 592.Dq Li YES 593to start the DHCP client in background. 594This can cause trouble with applications depending on 595a working network, but it will provide a faster startup 596in many cases. 597.It Va background_dhclient_ Ns Aq Ar iface 598When specified, this variable overrides the 599.Va background_dhclient 600variable for interface 601.Ar iface 602only. 603.It Va synchronous_dhclient 604.Pq Vt bool 605Set to 606.Dq Li YES 607to start 608.Xr dhclient 8 609synchronously at startup. 610This behavior can be overridden on a per-interface basis by replacing 611the 612.Dq Li DHCP 613keyword in the 614.Va ifconfig_ Ns Aq Ar interface 615variable with 616.Dq Li SYNCDHCP 617or 618.Dq Li NOSYNCDHCP . 619.It Va defaultroute_delay 620.Pq Vt int 621When set to a positive value, wait up to this long after configuring 622DHCP interfaces at startup to give the interfaces time to receive a lease. 623.It Va firewall_enable 624.Pq Vt bool 625Set to 626.Dq Li YES 627to load firewall rules at startup. 628If the kernel was not built with 629.Cd "options IPFIREWALL" , 630the 631.Pa ipfw.ko 632kernel module will be loaded. 633See also 634.Va ipfilter_enable . 635.It Va firewall_script 636.Pq Vt str 637This variable specifies the full path to the firewall script to run. 638The default is 639.Pa /etc/rc.firewall . 640.It Va firewall_type 641.Pq Vt str 642Names the firewall type from the selection in 643.Pa /etc/rc.firewall , 644or the file which contains the local firewall ruleset. 645Valid selections from 646.Pa /etc/rc.firewall 647are: 648.Pp 649.Bl -tag -width ".Li workstation" -compact 650.It Li open 651unrestricted IP access 652.It Li closed 653all IP services disabled, except via 654.Dq Li lo0 655.It Li client 656basic protection for a workstation 657.It Li workstation 658basic protection for a workstation using stateful firewalling 659.It Li simple 660basic protection for a LAN. 661.El 662.Pp 663If a filename is specified, the full path 664must be given. 665.Pp 666Most of the predefined rulesets define additional configuration variables. 667These are documented in 668.Pa /etc/rc.firewall . 669.It Va firewall_quiet 670.Pq Vt bool 671Set to 672.Dq Li YES 673to disable the display of firewall rules on the console during boot. 674.It Va firewall_logging 675.Pq Vt bool 676Set to 677.Dq Li YES 678to enable firewall event logging. 679This is equivalent to the 680.Dv IPFIREWALL_VERBOSE 681kernel option. 682.It Va firewall_logif 683.Pq Vt bool 684Set to 685.Dq Li YES 686to create pseudo interface 687.Li ipfw0 688for logging. 689For more details, see 690.Xr ipfw 8 691manual page. 692.It Va firewall_flags 693.Pq Vt str 694Flags passed to 695.Xr ipfw 8 696if 697.Va firewall_type 698specifies a filename. 699.It Va firewall_coscripts 700.Pq Vt str 701List of executables and/or rc scripts to run after firewall starts/stops. 702Default is empty. 703.\" ----- firewall_nat_enable setting -------------------------------- 704.It Va firewall_nat_enable 705.Pq Vt bool 706The 707.Xr ipfw 8 708equivalent of 709.Va natd_enable . 710Setting this to 711.Dq Li YES 712will automatically load the 713.Xr ipfw 8 714NAT kernel module if 715.Va firewall_enable 716is also set to 717.Dq Li YES . 718.It Va firewall_nat_interface 719.Pq Vt str 720The 721.Xr ipfw 8 722equivalent of 723.Va natd_interface . 724This is the name of the public interface or IP address on which 725kernel NAT should run. 726.It Va firewall_nat_flags 727.Pq Vt str 728Additional configuration parameters for kernel NAT should be placed here. 729.It Va firewall_nat64_enable 730.Pq Vt bool 731Setting this to 732.Dq Li YES 733will automatically load the 734.Xr ipfw 8 735NAT64 kernel module if 736.Va firewall_enable 737is also set to 738.Dq Li YES . 739.It Va firewall_nptv6_enable 740.Pq Vt bool 741Setting this to 742.Dq Li YES 743will automatically load the 744.Xr ipfw 8 745NPTv6 kernel module if 746.Va firewall_enable 747is also set to 748.Dq Li YES . 749.It Va firewall_pmod_enable 750.Pq Vt bool 751Setting this to 752.Dq Li YES 753will automatically load the 754.Xr ipfw 8 755pmod kernel module if 756.Va firewall_enable 757is also set to 758.Dq Li YES . 759.It Va dummynet_enable 760.Pq Vt bool 761Setting this to 762.Dq Li YES 763will automatically load the 764.Xr dummynet 4 765module if 766.Va firewall_enable 767is also set to 768.Dq Li YES . 769.\" ------------------------------------------------------------------- 770.It Va ipfw_netflow_enable 771.Pq Vt bool 772Setting this to 773.Dq Li YES 774will enable netflow logging via 775.Xr ng_netflow 4 . 776.Pp 777By default a ipfw rule is inserted and all packets are duplicated with 778the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 779port using protocol version 5. 780.It Va ipfw_netflow_hook 781.Pq Vt int 782netflow hook name, must be numerical 783(default 784.Pa 9995 ) . 785.It Va ipfw_netflow_rule 786.Pq Vt int 787ipfw rule number 788(default 789.Pa 1000 ) . 790.It Va ipfw_netflow_ip 791.Pq Vt str 792Destination server ip for receiving netflow data 793(default 794.Pa 127.0.0.1 ) . 795.It Va ipfw_netflow_port 796.Pq Vt int 797Destination server port for receiving netflow data 798(default 799.Pa 9995 ) . 800.It Va ipfw_netflow_version 801.Pq Vt int 802Do not set for using version 5 of the netflow protocol, set it to 9 for using 803version 9. 804.It Va ipfw_netflow_fib 805.Pq Vt int 806Only match packet in FIB 807.Pa ipfw_netflow_fib 808(default is undefined meaning all FIBs). 809.It Va natd_program 810.Pq Vt str 811Path to 812.Xr natd 8 . 813.It Va natd_enable 814.Pq Vt bool 815Set to 816.Dq Li YES 817to enable 818.Xr natd 8 . 819.Va firewall_enable 820must also be set to 821.Dq Li YES , 822and 823.Xr divert 4 824sockets must be enabled in the kernel. 825If the kernel was not built with 826.Cd "options IPDIVERT" , 827the 828.Pa ipdivert.ko 829kernel module will be loaded. 830.It Va natd_interface 831.Pq Vt str 832This is the name of the public interface on which 833.Xr natd 8 834should run. 835The interface may be given as an interface name or as an IP address. 836.It Va natd_flags 837.Pq Vt str 838Additional 839.Xr natd 8 840flags should be placed here. 841The 842.Fl n 843or 844.Fl a 845flag is automatically added with the above 846.Va natd_interface 847as an argument. 848.\" ----- ipfilter_enable setting -------------------------------- 849.It Va ipfilter_enable 850.Pq Vt bool 851Set to 852.Dq Li NO 853by default. 854Setting this to 855.Dq Li YES 856enables 857.Xr ipf 8 858packet filtering. 859.Pp 860Typical usage will require putting 861.Bd -literal 862ipfilter_enable="YES" 863ipnat_enable="YES" 864ipmon_enable="YES" 865ipfs_enable="YES" 866.Ed 867.Pp 868into 869.Pa /etc/rc.conf 870and editing 871.Pa /etc/ipf.rules 872and 873.Pa /etc/ipnat.rules 874appropriately. 875.Pp 876Note that 877.Va ipfilter_enable 878and 879.Va ipnat_enable 880can be enabled independently. 881.Va ipmon_enable 882and 883.Va ipfs_enable 884both require at least one of 885.Va ipfilter_enable 886and 887.Va ipnat_enable 888to be enabled. 889.Pp 890Having 891.Bd -literal 892options IPFILTER 893options IPFILTER_LOG 894options IPFILTER_DEFAULT_BLOCK 895.Ed 896.Pp 897in the kernel configuration file is a good idea, too. 898.\" ----- ipfilter_program setting ------------------------------ 899.It Va ipfilter_program 900.Pq Vt str 901Path to 902.Xr ipf 8 903(default 904.Pa /sbin/ipf ) . 905.\" ----- ipfilter_rules setting -------------------------------- 906.It Va ipfilter_rules 907.Pq Vt str 908Set to 909.Pa /etc/ipf.rules 910by default. 911This variable contains the name of the filter rule definition file. 912The file is expected to be readable for the 913.Xr ipf 8 914command to execute. 915.\" ----- ipfilter_flags setting -------------------------------- 916.It Va ipfilter_flags 917.Pq Vt str 918Empty by default. 919This variable contains flags passed to the 920.Xr ipf 8 921program. 922.\" ----- ipnat_enable setting ---------------------------------- 923.It Va ipnat_enable 924.Pq Vt bool 925Set to 926.Dq Li NO 927by default. 928Set it to 929.Dq Li YES 930to enable 931.Xr ipnat 8 932network address translation. 933See 934.Va ipfilter_enable 935for a detailed discussion. 936.\" ----- ipnat_program setting --------------------------------- 937.It Va ipnat_program 938.Pq Vt str 939Path to 940.Xr ipnat 8 941(default 942.Pa /sbin/ipnat ) . 943.\" ----- ipnat_rules setting ----------------------------------- 944.It Va ipnat_rules 945.Pq Vt str 946Set to 947.Pa /etc/ipnat.rules 948by default. 949This variable contains the name of the file 950holding the network address translation definition. 951This file is expected to be readable for the 952.Xr ipnat 8 953command to execute. 954.\" ----- ipnat_flags setting ----------------------------------- 955.It Va ipnat_flags 956.Pq Vt str 957Empty by default. 958This variable contains flags passed to the 959.Xr ipnat 8 960program. 961.\" ----- ipmon_enable setting ---------------------------------- 962.It Va ipmon_enable 963.Pq Vt bool 964Set to 965.Dq Li NO 966by default. 967Set it to 968.Dq Li YES 969to enable 970.Xr ipmon 8 971monitoring (logging 972.Xr ipf 8 973and 974.Xr ipnat 8 975events). 976Setting this variable needs setting 977.Va ipfilter_enable 978or 979.Va ipnat_enable 980too. 981See 982.Va ipfilter_enable 983for a detailed discussion. 984.\" ----- ipmon_program setting --------------------------------- 985.It Va ipmon_program 986.Pq Vt str 987Path to 988.Xr ipmon 8 989(default 990.Pa /sbin/ipmon ) . 991.\" ----- ipmon_flags setting ----------------------------------- 992.It Va ipmon_flags 993.Pq Vt str 994Set to 995.Dq Li -Ds 996by default. 997This variable contains flags passed to the 998.Xr ipmon 8 999program. 1000Another typical example would be 1001.Dq Fl D Pa /var/log/ipflog 1002to have 1003.Xr ipmon 8 1004log directly to a file bypassing 1005.Xr syslogd 8 . 1006Make sure to adjust 1007.Pa /etc/newsyslog.conf 1008in such case like this: 1009.Bd -literal 1010/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 1011.Ed 1012.\" ----- ipfs_enable setting ----------------------------------- 1013.It Va ipfs_enable 1014.Pq Vt bool 1015Set to 1016.Dq Li NO 1017by default. 1018Set it to 1019.Dq Li YES 1020to enable 1021.Xr ipfs 8 1022saving the filter and NAT state tables during shutdown 1023and reloading them during startup again. 1024Setting this variable needs setting 1025.Va ipfilter_enable 1026or 1027.Va ipnat_enable 1028to 1029.Dq Li YES 1030too. 1031See 1032.Va ipfilter_enable 1033for a detailed discussion. 1034Note that if 1035.Va kern_securelevel 1036is set to 3, 1037.Va ipfs_enable 1038cannot be used 1039because the raised securelevel will prevent 1040.Xr ipfs 8 1041from saving the state tables at shutdown time. 1042.\" ----- ipfs_program setting ---------------------------------- 1043.It Va ipfs_program 1044.Pq Vt str 1045Path to 1046.Xr ipfs 8 1047(default 1048.Pa /sbin/ipfs ) . 1049.\" ----- ipfs_flags setting ------------------------------------ 1050.It Va ipfs_flags 1051.Pq Vt str 1052Empty by default. 1053This variable contains flags passed to the 1054.Xr ipfs 8 1055program. 1056.\" ----- end of added ipf hook --------------------------------- 1057.It Va pf_enable 1058.Pq Vt bool 1059Set to 1060.Dq Li NO 1061by default. 1062Setting this to 1063.Dq Li YES 1064enables 1065.Xr pf 4 1066packet filtering. 1067.Pp 1068Typical usage will require putting 1069.Pp 1070.Dl pf_enable="YES" 1071.Pp 1072into 1073.Pa /etc/rc.conf 1074and editing 1075.Pa /etc/pf.conf 1076appropriately. 1077Adding 1078.Pp 1079.Dl "device pf" 1080.Pp 1081builds support for 1082.Xr pf 4 1083into the kernel, otherwise the 1084kernel module will be loaded. 1085.It Va pf_rules 1086.Pq Vt str 1087Path to 1088.Xr pf 4 1089ruleset configuration file 1090(default 1091.Pa /etc/pf.conf ) . 1092.It Va pf_program 1093.Pq Vt str 1094Path to 1095.Xr pfctl 8 1096(default 1097.Pa /sbin/pfctl ) . 1098.It Va pf_flags 1099.Pq Vt str 1100If 1101.Va pf_enable 1102is set to 1103.Dq Li YES , 1104these flags are passed to the 1105.Xr pfctl 8 1106program when loading the ruleset. 1107.It Va pf_fallback_rules_enable 1108.Pq Vt bool 1109Set to 1110.Dq Li NO 1111by default. 1112Setting this to 1113.Dq Li YES 1114enables loading 1115.Va pf_fallback_rules_file 1116or 1117.Va pf_fallback_rules 1118in case of a problem when loading the ruleset in 1119.Va pf_rules . 1120.It Va pf_fallback_rules_file 1121.Pq Vt str 1122Path to a pf ruleset to load in case of failure when loading the 1123ruleset in 1124.Va pf_rules 1125(default 1126.Pa /etc/pf-fallback.conf ) . 1127.It Va pf_fallback_rules 1128.Pq Vt str 1129A pf ruleset to load in case of failure when loading the ruleset in 1130.Va pf_rules 1131and 1132.Va pf_fallback_rules_file 1133is not found. 1134Multiple rules can be set as follows: 1135.Bd -literal 1136pf_fallback_rules="\\ 1137 block drop log all\\ 1138 pass in quick on em0" 1139.Pp 1140.Ed 1141The default fallback rule is 1142.Dq block drop log all 1143.It Va pflog_enable 1144.Pq Vt bool 1145Set to 1146.Dq Li NO 1147by default. 1148Setting this to 1149.Dq Li YES 1150enables 1151.Xr pflogd 8 1152which logs packets from the 1153.Xr pf 4 1154packet filter. 1155.It Va pflog_logfile 1156.Pq Vt str 1157If 1158.Va pflog_enable 1159is set to 1160.Dq Li YES 1161this controls where 1162.Xr pflogd 8 1163stores the logfile 1164(default 1165.Pa /var/log/pflog ) . 1166Check 1167.Pa /etc/newsyslog.conf 1168to adjust logfile rotation for this. 1169.It Va pflog_program 1170.Pq Vt str 1171Path to 1172.Xr pflogd 8 1173(default 1174.Pa /sbin/pflogd ) . 1175.It Va pflog_flags 1176.Pq Vt str 1177Empty by default. 1178This variable contains additional flags passed to the 1179.Xr pflogd 8 1180program. 1181.It Va pflog_instances 1182.Pq Vt str 1183If logging to more than one 1184.Xr pflog 4 1185interface is desired, 1186.Va pflog_instances 1187is set to the list of 1188.Xr pflogd 8 1189instances that should be started at system boot time. 1190If 1191.Va pflog_instances 1192is set, for each whitespace-separated 1193.Ar element 1194in the list, 1195.Ao Ar element Ac Ns Va _dev 1196and 1197.Ao Ar element Ac Ns Va _logfile 1198elements are assumed to exist. 1199.Ao Ar element Ac Ns Va _dev 1200must contain the 1201.Xr pflog 4 1202interface to be watched by the named 1203.Xr pflogd 8 1204instance. 1205.Ao Ar element Ac Ns Va _logfile 1206must contain the name of the logfile that will be used by the 1207.Xr pflogd 8 1208instance. 1209.It Va ftpproxy_enable 1210.Pq Vt bool 1211Set to 1212.Dq Li NO 1213by default. 1214Setting this to 1215.Dq Li YES 1216enables 1217.Xr ftp-proxy 8 1218which supports the 1219.Xr pf 4 1220packet filter in translating ftp connections. 1221.It Va ftpproxy_flags 1222.Pq Vt str 1223Empty by default. 1224This variable contains additional flags passed to the 1225.Xr ftp-proxy 8 1226program. 1227.It Va ftpproxy_instances 1228.Pq Vt str 1229Empty by default. 1230If multiple instances of 1231.Xr ftp-proxy 8 1232are desired at boot time, 1233.Va ftpproxy_instances 1234should contain a whitespace-separated list of instance names. 1235For each 1236.Ar element 1237in the list, a variable named 1238.Ao Ar element Ac Ns Va _flags 1239should be defined, containing the command-line flags to be passed to the 1240.Xr ftp-proxy 8 1241instance. 1242.It Va pfsync_enable 1243.Pq Vt bool 1244Set to 1245.Dq Li NO 1246by default. 1247Setting this to 1248.Dq Li YES 1249enables exposing 1250.Xr pf 4 1251state changes to other hosts over the network by means of 1252.Xr pfsync 4 . 1253The 1254.Va pfsync_syncdev 1255variable 1256must also be set then. 1257.It Va pfsync_syncdev 1258.Pq Vt str 1259Empty by default. 1260This variable specifies the name of the network interface 1261.Xr pfsync 4 1262should operate through. 1263It must be set accordingly if 1264.Va pfsync_enable 1265is set to 1266.Dq Li YES . 1267.It Va pfsync_syncpeer 1268.Pq Vt str 1269Empty by default. 1270This variable is optional. 1271By default, state change messages are sent out on the synchronisation 1272interface using IP multicast packets. 1273The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1274224.0.0.240. 1275When a peer address is specified using the 1276.Va pfsync_syncpeer 1277option, the peer address is used as a destination for the pfsync 1278traffic, and the traffic can then be protected using 1279.Xr ipsec 4 . 1280See the 1281.Xr pfsync 4 1282manpage for more details about using 1283.Xr ipsec 4 1284with 1285.Xr pfsync 4 1286interfaces. 1287.It Va pfsync_ifconfig 1288.Pq Vt str 1289Empty by default. 1290This variable can contain additional options to be passed to the 1291.Xr ifconfig 8 1292command used to set up 1293.Xr pfsync 4 . 1294.It Va tcp_extensions 1295.Pq Vt bool 1296Set to 1297.Dq Li YES 1298by default. 1299Setting this to 1300.Dq Li NO 1301disables certain TCP options as described by 1302.Rs 1303.%T "RFC 1323" 1304.Re 1305Setting this to 1306.Dq Li NO 1307might help remedy such problems with connections as randomly hanging 1308or other weird behavior. 1309Some network devices are known 1310to be broken with respect to these options. 1311.It Va log_in_vain 1312.Pq Vt int 1313Set to 0 by default. 1314The 1315.Xr sysctl 8 1316variables, 1317.Va net.inet.tcp.log_in_vain 1318and 1319.Va net.inet.udp.log_in_vain , 1320as described in 1321.Xr tcp 4 1322and 1323.Xr udp 4 , 1324are set to the given value. 1325.It Va tcp_keepalive 1326.Pq Vt bool 1327Set to 1328.Dq Li YES 1329by default. 1330Setting to 1331.Dq Li NO 1332will disable probing idle TCP connections to verify that the 1333peer is still up and reachable. 1334.It Va tcp_drop_synfin 1335.Pq Vt bool 1336Set to 1337.Dq Li NO 1338by default. 1339Setting to 1340.Dq Li YES 1341will cause the kernel to ignore TCP frames that have both 1342the SYN and FIN flags set. 1343This prevents OS fingerprinting, but may 1344break some legitimate applications. 1345.It Va icmp_drop_redirect 1346.Pq Vt bool 1347Set to 1348.Dq Li AUTO 1349by default. 1350This setting will be identical to 1351.Dq Li YES , 1352if a dynamic routing daemon is enabled, because redirect processing may 1353cause performance issues for large routing tables. 1354If no such service is enabled, this setting behaves like a 1355.Dq Li NO . 1356Setting to 1357.Dq Li YES 1358will cause the kernel to ignore ICMP REDIRECT packets. 1359Setting to 1360.Dq Li NO 1361will cause the kernel to process ICMP REDIRECT packets. 1362Refer to 1363.Xr icmp 4 1364for more information. 1365.It Va icmp_log_redirect 1366.Pq Vt bool 1367Set to 1368.Dq Li NO 1369by default. 1370Setting to 1371.Dq Li YES 1372will cause the kernel to log ICMP REDIRECT packets. 1373Note that 1374the log messages are not rate-limited, so this option should only be used 1375for troubleshooting networks. 1376Refer to 1377.Xr icmp 4 1378for more information. 1379.It Va icmp_bmcastecho 1380.Pq Vt bool 1381Set to 1382.Dq Li YES 1383to respond to broadcast or multicast ICMP ping packets. 1384Refer to 1385.Xr icmp 4 1386for more information. 1387.It Va ip_portrange_first 1388.Pq Vt int 1389If not set to 1390.Dq Li NO , 1391this is the first port in the default portrange. 1392Refer to 1393.Xr ip 4 1394for more information. 1395.It Va ip_portrange_last 1396.Pq Vt int 1397If not set to 1398.Dq Li NO , 1399this is the last port in the default portrange. 1400Refer to 1401.Xr ip 4 1402for more information. 1403.It Va network_interfaces 1404.Pq Vt str 1405Set to the list of network interfaces to configure on this host or 1406.Dq Li AUTO 1407(the default) for all current interfaces. 1408Setting the 1409.Va network_interfaces 1410variable to anything other than the default is deprecated. 1411Interfaces that the administrator wishes to store configuration for, 1412but not start at boot should be configured with the 1413.Dq Li NOAUTO 1414keyword in their 1415.Va ifconfig_ Ns Aq Ar interface 1416variables as described below. 1417.Pp 1418An 1419.Va ifconfig_ Ns Aq Ar interface 1420variable is also assumed to exist for each value of 1421.Ar interface . 1422When an interface name contains any of the characters 1423.Dq Li .-/+ 1424they are translated to 1425.Dq Li _ 1426before lookup. 1427The variable can contain arguments to 1428.Xr ifconfig 8 , 1429as well as special case-insensitive keywords described below. 1430Such keywords are removed before passing the value to 1431.Xr ifconfig 8 1432while the order of the other arguments is preserved. 1433.Pp 1434It is possible to add IP alias entries using 1435.Xr ifconfig 8 1436syntax with the address family keyword such as 1437.Li inet . 1438Assuming that the interface in question was 1439.Li em0 , 1440it might look something like this: 1441.Bd -literal 1442ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1443ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1444.Ed 1445.Pp 1446It also possible to configure multiple IP addresses in Classless 1447Inter-Domain Routing 1448.Pq CIDR 1449address notation, 1450whose each address component can be a range like 1451.Li inet 192.0.2.5-23/24 1452or 1453.Li inet6 2001:db8:1-f::1/64 . 1454This notation allows address and prefix length part only, 1455not the other address modifiers. 1456Note that the maximum number of the generated addresses from a range 1457specification is limited to an integer value specified in 1458.Va netif_ipexpand_max 1459in 1460.Nm 1461because a small typo can unexpectedly generate a large number of addresses. 1462The default value is 1463.Li 2048 . 1464It can be increased by adding the following line into 1465.Nm : 1466.Bd -literal 1467netif_ipexpand_max="4096" 1468.Ed 1469.Pp 1470In the case of 1471.Li 192.0.2.5-23/24 , 1472the address 192.0.2.5 will be configured with the 1473netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1474the non-conflicting netmask /32 as explained in the 1475.Xr ifconfig 8 1476alias section. 1477Note that this special netmask handling is only for 1478.Li inet , 1479not for the other address families such as 1480.Li inet6 . 1481.Pp 1482With the interface in question being 1483.Li em0 , 1484an example could look like: 1485.Bd -literal 1486ifconfig_em0_alias2="inet 192.0.2.129/27" 1487ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1488.Ed 1489.Pp 1490and so on. 1491.Pp 1492Note that deprecated 1493.Va ipv4_addrs_ Ns Aq Ar interface 1494variable was supported for IPv4 CIDR address notation. 1495The 1496.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1497variable replaces it, though 1498.Va ipv4_addrs_ Ns Aq Ar interface 1499is still supported for backward compatibility. 1500.Pp 1501For each 1502.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1503entry with an address family keyword, 1504its contents are passed to 1505.Xr ifconfig 8 . 1506Execution stops at the first unsuccessful access, so if 1507something like this is present: 1508.Bd -literal 1509ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1510ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1511ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1512ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1513.Ed 1514.Pp 1515Then note that alias4 would 1516.Em not 1517be added since the search would 1518stop with the missing 1519.Dq Li alias3 1520entry. 1521Because of this difficult to manage behavior, 1522there is 1523.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1524variable, which has the same functionality as 1525.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1526and can have all of the entries in a variable like the following: 1527.Bd -literal 1528ifconfig_em0_aliases="\\ 1529 inet 127.0.0.251 netmask 0xffffffff \\ 1530 inet 127.0.0.252 netmask 0xffffffff \\ 1531 inet 127.0.0.253 netmask 0xffffffff \\ 1532 inet 127.0.0.254 netmask 0xffffffff" 1533.Ed 1534.Pp 1535It also supports CIDR notation. 1536.Pp 1537If the 1538.Pa /etc/start_if . Ns Aq Ar interface 1539file is present, it is read and executed by the 1540.Xr sh 1 1541interpreter 1542before configuring the interface as specified in the 1543.Va ifconfig_ Ns Aq Ar interface 1544and 1545.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1546variables. 1547.Pp 1548If a 1549.Va vlans_ Ns Aq Ar interface 1550variable is set, 1551a 1552.Xr vlan 4 1553interface will be created for each item in the list with the 1554.Ar vlandev 1555argument set to 1556.Ar interface . 1557If a vlan interface's name is a number, 1558then that number is used as the vlan tag and the new vlan interface is 1559named 1560.Ar interface . Ns Ar tag . 1561Otherwise, 1562the vlan tag must be specified via a 1563.Va vlan 1564parameter in the 1565.Va create_args_ Ns Aq Ar interface 1566variable. 1567.Pp 1568To create a vlan device named 1569.Li em0.101 1570on 1571.Li em0 1572with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24: 1573.Bd -literal 1574vlans_em0="101" 1575ifconfig_em0_101="inet 192.0.2.1/24" 1576.Ed 1577.Pp 1578To create a vlan device named 1579.Li myvlan 1580on 1581.Li em0 1582with the vlan tag 102: 1583.Bd -literal 1584vlans_em0="myvlan" 1585create_args_myvlan="vlan 102" 1586.Ed 1587.Pp 1588If a 1589.Va wlans_ Ns Aq Ar interface 1590variable is set, 1591an 1592.Xr wlan 4 1593interface will be created for each item in the list with the 1594.Ar wlandev 1595argument set to 1596.Ar interface . 1597Further wlan cloning arguments may be passed to the 1598.Xr ifconfig 8 1599.Cm create 1600command by setting the 1601.Va create_args_ Ns Aq Ar interface 1602variable. 1603One or more 1604.Xr wlan 4 1605devices must be created for each wireless device as of 1606.Fx 8.0 . 1607Debugging flags for 1608.Xr wlan 4 1609devices as set by 1610.Xr wlandebug 8 1611may be specified with an 1612.Va wlandebug_ Ns Aq Ar interface 1613variable. 1614The contents of this variable will be passed directly to 1615.Xr wlandebug 8 . 1616.Pp 1617If the 1618.Va ifconfig_ Ns Aq Ar interface 1619contains the keyword 1620.Dq Li NOAUTO 1621then the interface will not be configured 1622at boot or by 1623.Pa /etc/pccard_ether 1624when 1625.Va network_interfaces 1626is set to 1627.Dq Li AUTO . 1628.Pp 1629It is possible to bring up an interface with DHCP by adding 1630.Dq Li DHCP 1631to the 1632.Va ifconfig_ Ns Aq Ar interface 1633variable. 1634For instance, to initialize the 1635.Li em0 1636device via DHCP, 1637it is possible to use something like: 1638.Bd -literal 1639ifconfig_em0="DHCP" 1640.Ed 1641.Pp 1642If you want to configure your wireless interface with 1643.Xr wpa_supplicant 8 1644for use with WPA, EAP/LEAP or WEP, you need to add 1645.Dq Li WPA 1646to the 1647.Va ifconfig_ Ns Aq Ar interface 1648variable. 1649.Pp 1650On the other hand, if you want to configure your wireless interface with 1651.Xr hostapd 8 , 1652you need to add 1653.Dq Li HOSTAP 1654to the 1655.Va ifconfig_ Ns Aq Ar interface 1656variable. 1657.Xr hostapd 8 1658will use the settings from 1659.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1660.Pp 1661Finally, you can add 1662.Xr ifconfig 8 1663options in this variable, in addition to the 1664.Pa /etc/start_if . Ns Aq Ar interface 1665file. 1666For instance, to configure an 1667.Xr ath 4 1668wireless device in station mode with an address obtained 1669via DHCP, using WPA authentication and 802.11b mode, it is 1670possible to use something like: 1671.Bd -literal 1672wlans_ath0="wlan0" 1673ifconfig_wlan0="DHCP WPA mode 11b" 1674.Ed 1675.Pp 1676In addition to the 1677.Va ifconfig_ Ns Aq Ar interface 1678form, a fallback variable 1679.Va ifconfig_DEFAULT 1680may be configured. 1681It will be used for all interfaces with no 1682.Va ifconfig_ Ns Aq Ar interface 1683variable. 1684.Pp 1685It is also possible to rename an interface by doing: 1686.Bd -literal 1687ifconfig_em0_name="net0" 1688ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1689.Ed 1690.It Va ipv6_enable 1691.Pq Vt bool 1692This variable is deprecated. 1693Use 1694.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1695and 1696.Va ipv6_activate_all_interfaces 1697if necessary. 1698.Pp 1699If the variable is 1700.Dq Li YES , 1701.Dq Li inet6 accept_rtadv 1702is added to all of 1703.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1704and the 1705.Va ipv6_activate_all_interfaces 1706is defined as 1707.Dq Li YES . 1708.It Va ipv6_prefer 1709.Pq Vt bool 1710This variable is deprecated. 1711Use 1712.Va ip6addrctl_policy 1713instead. 1714.Pp 1715If the variable is 1716.Dq Li YES , 1717the default address selection policy table set by 1718.Xr ip6addrctl 8 1719will be IPv6-preferred. 1720.Pp 1721If the variable is 1722.Dq Li NO , 1723the default address selection policy table set by 1724.Xr ip6addrctl 8 1725will be IPv4-preferred. 1726.It Va ipv6_activate_all_interfaces 1727.Pq Vt bool 1728This controls initial configuration on IPv6-capable 1729interfaces with no corresponding 1730.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1731variable. 1732Note that it is not always necessary to set this variable to 1733.Dq YES 1734to use IPv6 functionality on 1735.Fx . 1736In most cases, just configuring 1737.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1738variables works. 1739.Pp 1740If the variable is 1741.Dq Li NO , 1742all interfaces which do not have a corresponding 1743.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1744variable will be marked as 1745.Dq Li IFDISABLED 1746at creation. 1747This means that all IPv6 functionality on that interface 1748is completely disabled to enforce a security policy. 1749If the variable is set to 1750.Dq YES , 1751the flag will be cleared on all of the interfaces. 1752.Pp 1753In most cases, just defining an 1754.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1755for an IPv6-capable interface should be sufficient. 1756However, if an interface is added dynamically 1757.Pq by some tunneling protocols such as PPP, for example , 1758it is often difficult to define the variable in advance. 1759In such a case, configuring the 1760.Dq Li IFDISABLED 1761flag can be disabled by setting this variable to 1762.Dq YES . 1763.Pp 1764For more details of the 1765.Dq Li IFDISABLED 1766flag and keywords 1767.Dq Li inet6 ifdisabled , 1768see 1769.Xr ifconfig 8 . 1770.Pp 1771Default is 1772.Dq Li NO . 1773.It Va ipv6_privacy 1774.Pq Vt bool 1775If the variable is 1776.Dq Li YES 1777privacy addresses will be generated for each IPv6 1778interface as described in RFC 4941. 1779.It Va ipv6_network_interfaces 1780.Pq Vt str 1781This is the IPv6 equivalent of 1782.Va network_interfaces . 1783Normally manual configuration of this variable is not needed. 1784.It Va ipv6_cpe_wanif 1785.Pq Vt str 1786If the variable is set to an interface name, 1787the 1788.Xr ifconfig 8 1789options 1790.Dq inet6 -no_radr accept_rtadv 1791will be added to the specified interface automatically before evaluating 1792.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1793and two 1794.Xr sysctl 8 1795variables 1796.Va net.inet6.ip6.rfc6204w3 1797and 1798.Va net.inet6.ip6.no_radr 1799will be set to 1. 1800.Pp 1801This means the specified interface will accept ICMPv6 Router 1802Advertisement messages on that link and add the discovered 1803routers into the Default Router List. 1804While the other interfaces can still accept RA messages if the 1805.Dq inet6 accept_rtadv 1806option is specified, adding 1807routes into the Default Router List will be disabled by 1808.Dq inet6 no_radr 1809option by default. 1810See 1811.Xr ifconfig 8 1812for more details. 1813.Pp 1814Note that ICMPv6 Router Advertisement messages will be 1815accepted even when 1816.Va net.inet6.ip6.forwarding 1817is 1 1818.Pq packet forwarding is enabled 1819when 1820.Va net.inet6.ip6.rfc6204w3 1821is set to 1. 1822.Pp 1823Default is 1824.Dq Li NO . 1825.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1826.Pq Vt str 1827This assigns arbitrary description to an interface. 1828The 1829.Xr sysctl 8 1830variable 1831.Va net.ifdescr_maxlen 1832limits its length. 1833This static setting may be overridden by commands 1834started with dynamic interface configuration utilities 1835like 1836.Xr dhclient 8 1837hooks. 1838The description can be seen with 1839.Xr ifconfig 8 1840command and it may be exported with 1841.Xr bsnmpd 1 1842daemon using its MIB-2 module. 1843.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1844.Pq Vt str 1845IPv6 functionality on an interface should be configured by 1846.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1847instead of setting ifconfig parameters in 1848.Va ifconfig_ Ns Aq Ar interface . 1849If this variable is empty, all IPv6 configurations on the 1850specified interface by other variables such as 1851.Va ipv6_prefix_ Ns Ao Ar interface Ac 1852will be ignored. 1853.Pp 1854Aliases should be set by 1855.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1856with 1857.Dq Li inet6 1858keyword. 1859For example: 1860.Bd -literal 1861ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1862ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1863.Ed 1864.Pp 1865Interfaces that have an 1866.Dq Li inet6 accept_rtadv 1867keyword in 1868.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1869setting will be automatically configured by SLAAC 1870.Pq StateLess Address AutoConfiguration 1871described in 1872.Rs 1873.%T "RFC 4862" 1874.Re 1875.Pp 1876Note that a link-local address will be automatically configured in 1877addition to the configured global-scope addresses because the IPv6 1878specifications require it on each link. 1879The address is calculated from the MAC address by using an algorithm 1880defined in 1881.Rs 1882.%T "RFC 4862" 1883.%O "Section 5.3" 1884.Re 1885.Pp 1886If only a link-local address is needed on the interface, 1887the following configuration can be used: 1888.Bd -literal 1889ifconfig_em0_ipv6="inet6 auto_linklocal" 1890.Ed 1891.Pp 1892A link-local address can also be configured manually. 1893This is useful for the default router address of an IPv6 router 1894so that it does not change when the network interface 1895card is replaced. 1896For example: 1897.Bd -literal 1898ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1899.Ed 1900.It Va ipv6_prefix_ Ns Aq Ar interface 1901.Pq Vt str 1902If one or more prefixes are defined in 1903.Va ipv6_prefix_ Ns Aq Ar interface 1904addresses based on each prefix and the EUI-64 interface index will be 1905configured on that interface. 1906Note that this variable will be ignored when 1907.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1908is empty. 1909.Pp 1910For example, the following configuration 1911.Bd -literal 1912ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1913.Ed 1914.Pp 1915is equivalent to the following: 1916.Bd -literal 1917ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1918ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1919ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1920ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1921.Ed 1922.Pp 1923These Subnet-Router anycast addresses will be added only when 1924.Va ipv6_gateway_enable 1925is YES. 1926.It Va ipv6_default_interface 1927.Pq Vt str 1928If not set to 1929.Dq Li NO , 1930this is the default output interface for scoped addresses. 1931This works only with ipv6_gateway_enable="NO". 1932.It Va ip6addrctl_enable 1933.Pq Vt bool 1934This variable is to enable configuring default address selection policy table 1935.Pq RFC 3484 . 1936The table can be specified in another variable 1937.Va ip6addrctl_policy . 1938For 1939.Va ip6addrctl_policy 1940the following keywords can be specified: 1941.Dq Li ipv4_prefer , 1942.Dq Li ipv6_prefer , 1943or 1944.Dq Li AUTO . 1945.Pp 1946If 1947.Dq Li ipv4_prefer 1948or 1949.Dq Li ipv6_prefer 1950is specified, 1951.Xr ip6addrctl 8 1952installs a pre-defined policy table described in Section 10.3 1953.Pq IPv4-preferred 1954or 2.1 1955.Pq IPv6-preferred 1956of RFC 3484. 1957.Pp 1958If 1959.Dq Li AUTO 1960is specified, it attempts to read a file 1961.Pa /etc/ip6addrctl.conf 1962first. 1963If this file is found, 1964.Xr ip6addrctl 8 1965reads and installs it. 1966If not found, a policy is automatically set 1967according to 1968.Va ipv6_activate_all_interfaces 1969variable; if the variable is set to 1970.Dq Li YES 1971the IPv6-preferred one is used. 1972Otherwise IPv4-preferred. 1973.Pp 1974The default value of 1975.Va ip6addrctl_enable 1976and 1977.Va ip6addrctl_policy 1978are 1979.Dq Li YES 1980and 1981.Dq Li AUTO , 1982respectively. 1983.It Va cloned_interfaces 1984.Pq Vt str 1985Set to the list of clonable network interfaces to create on this host. 1986Further cloning arguments may be passed to the 1987.Xr ifconfig 8 1988.Cm create 1989command for each interface by setting the 1990.Va create_args_ Ns Aq Ar interface 1991variable. 1992If an interface name is specified with 1993.Dq :sticky 1994keyword, 1995the interface will not be destroyed even when 1996.Pa rc.d/netif 1997script is invoked with 1998.Dq stop 1999argument. 2000This is useful when reconfiguring the interface without destroying it. 2001Entries in 2002.Va cloned_interfaces 2003are automatically appended to 2004.Va network_interfaces 2005for configuration. 2006.It Va cloned_interfaces_sticky 2007.Pq Vt bool 2008This variable is to globally enable functionality of 2009.Dq :sticky 2010keyword in 2011.Va cloned_interfaces 2012for all interfaces. 2013The default value is 2014.Dq NO . 2015Even if this variable is specified to 2016.Dq YES , 2017.Dq :nosticky 2018keyword can be used to override it on per interface basis. 2019.It Va gif_interfaces 2020Set to the list of 2021.Xr gif 4 2022tunnel interfaces to configure on this host. 2023A 2024.Va gifconfig_ Ns Aq Ar interface 2025variable is assumed to exist for each value of 2026.Ar interface . 2027The value of this variable is used to configure the link layer of the 2028tunnel using the 2029.Cm tunnel 2030option to 2031.Xr ifconfig 8 . 2032Additionally, this option ensures that each listed interface is created 2033via the 2034.Cm create 2035option to 2036.Xr ifconfig 8 2037before attempting to configure it. 2038.Pp 2039For example, configure two 2040.Xr gif 4 2041interfaces with: 2042.Bd -literal 2043gif_interfaces="gif0 gif1" 2044gifconfig_gif0="100.64.0.1 100.64.0.2" 2045ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 2046gifconfig_gif1="inet6 2a00::1 2a01::1" 2047ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 2048.Ed 2049.It Va ppp_enable 2050.Pq Vt bool 2051If set to 2052.Dq Li YES , 2053run the 2054.Xr ppp 8 2055daemon. 2056.It Va ppp_profile 2057.Pq Vt str 2058The name of the profile to use from 2059.Pa /etc/ppp/ppp.conf . 2060Also used for per-profile overrides of 2061.Va ppp_mode 2062and 2063.Va ppp_nat , 2064and 2065.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2066When the profile name contains any of the characters 2067.Dq Li .-/+ 2068they are translated to 2069.Dq Li _ 2070for the proposes of the override variable names. 2071.It Va ppp_mode 2072.Pq Vt str 2073Mode in which to run the 2074.Xr ppp 8 2075daemon. 2076.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2077.Pq Vt str 2078Overrides the global 2079.Va ppp_mode 2080for 2081.Ar profile . 2082Accepted modes are 2083.Dq Li auto , 2084.Dq Li ddial , 2085.Dq Li direct 2086and 2087.Dq Li dedicated . 2088See the manual for a full description. 2089.It Va ppp_nat 2090.Pq Vt bool 2091If set to 2092.Dq Li YES , 2093enables network address translation. 2094Used in conjunction with 2095.Va gateway_enable 2096allows hosts on private network addresses access to the Internet using 2097this host as a network address translating router. 2098Default is 2099.Dq Li YES . 2100.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2101.Pq Vt str 2102Overrides the global 2103.Va ppp_nat 2104for 2105.Ar profile . 2106.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2107.Pq Vt int 2108Set the unit number to be used for this profile. 2109See the manual description of 2110.Fl unit Ns Ar N 2111for details. 2112.It Va ppp_user 2113.Pq Vt str 2114The name of the user under which 2115.Xr ppp 8 2116should be started. 2117By 2118default, 2119.Xr ppp 8 2120is started as 2121.Dq Li root . 2122.It Va rc_conf_files 2123.Pq Vt str 2124This option is used to specify a list of files that will override 2125the settings in 2126.Pa /etc/defaults/rc.conf . 2127The files will be read in the order in which they are specified and should 2128include the full path to the file. 2129By default, the files specified are 2130.Pa /etc/rc.conf 2131and 2132.Pa /etc/rc.conf.local . 2133.It Va zfs_enable 2134.Pq Vt bool 2135If set to 2136.Dq Li YES , 2137.Pa /etc/rc.d/zfs 2138will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2139(ZVOLs). 2140.It Va zpool_reguid 2141.Pq Vt str 2142A space-separated list of ZFS pool names for which new pool GUIDs should be 2143assigned upon first boot. 2144This is useful when using a ZFS pool copied from a template, such as a virtual 2145machine image. 2146.It Va zpool_upgrade 2147.Pq Vt str 2148A space-separated list of ZFS pool names for which the version should be 2149upgraded upon first boot. 2150This is useful when using a ZFS pool generated by the 2151.Xr makefs 8 2152utility. 2153.It Va gptboot_enable 2154.Pq Vt bool 2155If set to 2156.Dq Li YES , 2157.Pa /etc/rc.d/gptboot 2158will log if the system successfully (or not) booted from a GPT partition, 2159which had the 2160.Ar bootonce 2161attribute set using 2162.Xr gpart 8 2163utility. 2164.It Va gbde_autoattach_all 2165.Pq Vt bool 2166If set to 2167.Dq Li YES , 2168.Pa /etc/rc.d/gbde 2169will attempt to automatically initialize the .bde devices specified in 2170.Pa /etc/fstab . 2171.It Va gbde_devices 2172.Pq Vt str 2173List the devices that the script should try to attach, 2174or 2175.Dq Li AUTO . 2176.It Va gbde_lockdir 2177.Pq Vt str 2178The directory where the 2179.Xr gbde 4 2180lockfiles are located. 2181The default lockfile directory is 2182.Pa /etc . 2183.Pp 2184The lockfile for each individual 2185.Xr gbde 4 2186device can be overridden by setting the variable 2187.Va gbde_lock_ Ns Aq Ar device , 2188where 2189.Ar device 2190is the encrypted device without the 2191.Dq Pa /dev/ 2192and 2193.Dq Pa .bde 2194parts. 2195.It Va gbde_attach_attempts 2196.Pq Vt int 2197Number of times to attempt attaching to a 2198.Xr gbde 4 2199device, i.e., how many times the user is asked for the pass-phrase. 2200Default is 3. 2201.It Va geli_devices 2202.Pq Vt str 2203List of devices to automatically attach on boot. 2204Note that .eli devices from 2205.Pa /etc/fstab 2206are automatically appended to this list. 2207.It Va geli_groups 2208.Pq Vt str 2209List of groups containing devices to automatically attach on boot with the same 2210keyfiles and passphrase. 2211This must be accompanied with a corresponding 2212.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2213variable. 2214.It Va geli_tries 2215.Pq Vt int 2216Number of times user is asked for the pass-phrase. 2217If empty, it will be taken from 2218.Va kern.geom.eli.tries 2219sysctl variable. 2220.It Va geli_default_flags 2221.Pq Vt str 2222Default flags to use by 2223.Xr geli 8 2224when configuring disk encryption. 2225Flags can be configured for every device separately by defining the 2226.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2227variable, and for every group separately by defining the 2228.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2229variable. 2230.It Va geli_autodetach 2231.Pq Vt str 2232Specifies if GELI devices should be marked for detach on last close after 2233file systems are mounted. 2234Default is 2235.Dq Li YES . 2236This can be changed for every device separately by defining the 2237.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2238variable. 2239.It Va root_rw_mount 2240.Pq Vt bool 2241Set to 2242.Dq Li YES 2243by default. 2244After the file systems are checked at boot time, the root file system 2245is remounted as read-write if this is set to 2246.Dq Li YES . 2247Diskless systems that mount their root file system from a read-only remote 2248NFS share should set this to 2249.Dq Li NO 2250in their 2251.Pa rc.conf . 2252.It Va fsck_y_enable 2253.Pq Vt bool 2254If set to 2255.Dq Li YES , 2256.Xr fsck 8 2257will be run with the 2258.Fl y 2259flag if the initial preen 2260of the file systems fails. 2261.It Va background_fsck 2262.Pq Vt bool 2263If set to 2264.Dq Li NO , 2265the system will not attempt to run 2266.Xr fsck 8 2267in the background where possible. 2268.It Va background_fsck_delay 2269.Pq Vt int 2270The amount of time in seconds to sleep before starting a background 2271.Xr fsck 8 . 2272It defaults to sixty seconds to allow large applications such as 2273the X server to start before disk I/O bandwidth is monopolized by 2274.Xr fsck 8 . 2275If set to a negative number, the background file system check will be 2276delayed indefinitely to allow the administrator to run it at a more 2277convenient time. 2278For example it may be run from 2279.Xr cron 8 2280by adding a line like 2281.Pp 2282.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2283.Pp 2284to 2285.Pa /etc/crontab . 2286.It Va netfs_types 2287.Pq Vt str 2288List of file system types that are network-based. 2289This list should generally not be modified by end users. 2290Use 2291.Va extra_netfs_types 2292instead. 2293.It Va extra_netfs_types 2294.Pq Vt str 2295If set to something other than 2296.Dq Li NO 2297(the default), 2298this variable extends the list of file system types 2299for which automatic mounting at startup by 2300.Xr rc 8 2301should be delayed until the network is initialized. 2302It should contain 2303a whitespace-separated list of network file system descriptor pairs, 2304each consisting of a file system type as passed to 2305.Xr mount 8 2306and a human-readable, one-word description, 2307joined with a colon 2308.Pq Ql \&: . 2309Extending the default list in this way is only necessary 2310when third party file system types are used. 2311.It Va syslogd_enable 2312.Pq Vt bool 2313If set to 2314.Dq Li YES , 2315run the 2316.Xr syslogd 8 2317daemon. 2318.It Va syslogd_program 2319.Pq Vt str 2320Path to 2321.Xr syslogd 8 2322(default 2323.Pa /usr/sbin/syslogd ) . 2324.It Va syslogd_flags 2325.Pq Vt str 2326If 2327.Va syslogd_enable 2328is set to 2329.Dq Li YES , 2330these are the flags to pass to 2331.Xr syslogd 8 . 2332.It Va inetd_enable 2333.Pq Vt bool 2334If set to 2335.Dq Li YES , 2336run the 2337.Xr inetd 8 2338daemon. 2339.It Va inetd_program 2340.Pq Vt str 2341Path to 2342.Xr inetd 8 2343(default 2344.Pa /usr/sbin/inetd ) . 2345.It Va inetd_flags 2346.Pq Vt str 2347If 2348.Va inetd_enable 2349is set to 2350.Dq Li YES , 2351these are the flags to pass to 2352.Xr inetd 8 . 2353.It Va hastd_enable 2354.Pq Vt bool 2355If set to 2356.Dq Li YES , 2357run the 2358.Xr hastd 8 2359daemon. 2360.It Va hastd_program 2361.Pq Vt str 2362Path to 2363.Xr hastd 8 2364(default 2365.Pa /sbin/hastd ) . 2366.It Va hastd_flags 2367.Pq Vt str 2368If 2369.Va hastd_enable 2370is set to 2371.Dq Li YES , 2372these are the flags to pass to 2373.Xr hastd 8 . 2374.It Va local_unbound_enable 2375.Pq Vt bool 2376If set to 2377.Dq Li YES , 2378run the 2379.Xr unbound 8 2380daemon as a local caching DNS resolver. 2381.It Va nscd_enable 2382.Pq Vt bool 2383Set to 2384.Dq Li YES 2385to start the 2386.Xr nscd 8 2387caching daemon for the 2388.Nm nsswitch 2389subsystem. 2390.It Va nscd_flags 2391.Pq Vt str 2392If 2393.Va nscd_enable 2394is set to 2395.Dq Li YES , 2396these flags are passed to 2397.Xr nscd 8 . 2398.It Va kdc_enable 2399.Pq Vt bool 2400Set to 2401.Dq Li YES 2402to start a Kerberos 5 authentication server 2403at boot time. 2404.It Va kdc_program 2405.Pq Vt str 2406If 2407.Va kdc_enable 2408is set to 2409.Dq Li YES 2410this is the path to Kerberos 5 Authentication Server. 2411.It Va kdc_flags 2412.Pq Vt str 2413Empty by default. 2414This variable contains additional flags to be passed to the Kerberos 5 2415authentication server. 2416.It Va kadmind_enable 2417.Pq Vt bool 2418Set to 2419.Dq Li YES 2420to start 2421.Xr kadmind 8 , 2422the Kerberos 5 Administration Daemon; set to 2423.Dq Li NO 2424on a slave server. 2425.It Va kadmind_program 2426.Pq Vt str 2427If 2428.Va kadmind_enable 2429is set to 2430.Dq Li YES 2431this is the path to Kerberos 5 Administration Daemon. 2432.It Va kpasswdd_enable 2433.Pq Vt bool 2434Set to 2435.Dq Li YES 2436to start 2437.Xr kpasswdd 8 , 2438the Kerberos 5 Password-Changing Daemon; set to 2439.Dq Li NO 2440on a slave server. 2441.It Va kpasswdd_program 2442.Pq Vt str 2443If 2444.Va kpasswdd_enable 2445is set to 2446.Dq Li YES 2447this is the path to Kerberos 5 Password-Changing Daemon. 2448.It Va kfd_enable 2449.Pq Vt bool 2450Set to 2451.Dq Li YES 2452to start 2453.Xr kfd 8 , 2454the Kerberos 5 ticket forwarding daemon, at the boot time. 2455.It Va kfd_program 2456.Pq Vt str 2457Path to 2458.Xr kfd 8 2459(default 2460.Pa /usr/libexec/kfd ) . 2461.It Va rwhod_enable 2462.Pq Vt bool 2463If set to 2464.Dq Li YES , 2465run the 2466.Xr rwhod 8 2467daemon at boot time. 2468.It Va rwhod_flags 2469.Pq Vt str 2470If 2471.Va rwhod_enable 2472is set to 2473.Dq Li YES , 2474these are the flags to pass to it. 2475.It Va update_motd 2476.Pq Vt bool 2477If set to 2478.Dq Li YES , 2479.Pa /var/run/motd 2480will be updated at boot time to reflect the kernel release 2481being run. 2482If set to 2483.Dq Li NO , 2484.Pa /var/run/motd 2485will not be updated. 2486.It Va nfs_client_enable 2487.Pq Vt bool 2488If set to 2489.Dq Li YES , 2490run the NFS client daemons at boot time. 2491.It Va nfs_access_cache 2492.Pq Vt int 2493If 2494.Va nfs_client_enable 2495is set to 2496.Dq Li YES , 2497this can be set to 2498.Dq Li 0 2499to disable NFS ACCESS RPC caching, or to the number of seconds for which 2500NFS ACCESS 2501results should be cached. 2502A value of 2-10 seconds will substantially reduce network 2503traffic for many NFS operations. 2504.It Va nfs_server_enable 2505.Pq Vt bool 2506If set to 2507.Dq Li YES , 2508run the NFS server daemons at boot time. 2509.It Va nfs_server_flags 2510.Pq Vt str 2511If 2512.Va nfs_server_enable 2513is set to 2514.Dq Li YES , 2515these are the flags to pass to the 2516.Xr nfsd 8 2517daemon. 2518.It Va nfsv4_server_enable 2519.Pq Vt bool 2520If 2521.Va nfs_server_enable 2522is set to 2523.Dq Li YES 2524and 2525.Va nfsv4_server_enable 2526is set to 2527.Dq Li YES , 2528enable the server for NFSv4 as well as NFSv2 and NFSv3. 2529.It Va nfsv4_server_only 2530.Pq Vt bool 2531If 2532.Va nfs_server_enable 2533is set to 2534.Dq Li YES 2535and 2536.Va nfsv4_server_only 2537is set to 2538.Dq Li YES , 2539enable the NFS server for NFSv4 only. 2540.It Va nfs_server_maxio 2541.Pq Vt int 2542value to set vfs.nfsd.srvmaxio to, which is the 2543maximum I/O size for the NFS server. 2544.It Va tlsclntd_enable 2545.Pq Vt bool 2546If set to 2547.Dq Li YES , 2548run the 2549.Xr rpc.tlsclntd 8 2550daemon, which is needed for NFS-over-TLS NFS mounts. 2551.It Va tlsservd_enable 2552.Pq Vt bool 2553If set to 2554.Dq Li YES , 2555run the 2556.Xr rpc.tlsservd 8 2557daemon, which is needed for the 2558.Xr nfsd 8 2559to support NFS-over-TLS NFS mounts. 2560.It Va nfsuserd_enable 2561.Pq Vt bool 2562If 2563.Va nfsuserd_enable 2564is set to 2565.Dq Li YES , 2566run the nfsuserd daemon, which is needed for NFSv4 in order 2567to map between user/group names vs uid/gid numbers. 2568If 2569.Va nfsv4_server_enable 2570is set to 2571.Dq Li YES , 2572this will be forced enabled. 2573.It Va nfsuserd_flags 2574.Pq Vt str 2575If 2576.Va nfsuserd_enable 2577is set to 2578.Dq Li YES , 2579these are the flags to pass to the 2580.Xr nfsuserd 8 2581daemon. 2582.It Va nfscbd_enable 2583.Pq Vt bool 2584If 2585.Va nfscbd_enable 2586is set to 2587.Dq Li YES , 2588run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2589.It Va nfscbd_flags 2590.Pq Vt str 2591If 2592.Va nfscbd_enable 2593is set to 2594.Dq Li YES , 2595these are the flags to pass to the 2596.Xr nfscbd 8 2597daemon. 2598.It Va mountd_enable 2599.Pq Vt bool 2600If set to 2601.Dq Li YES , 2602and no 2603.Va nfs_server_enable 2604is set, start 2605.Xr mountd 8 , 2606but not 2607.Xr nfsd 8 2608daemon. 2609It is commonly needed to run CFS without real NFS used. 2610.It Va mountd_flags 2611.Pq Vt str 2612If 2613.Va mountd_enable 2614is set to 2615.Dq Li YES , 2616these are the flags to pass to the 2617.Xr mountd 8 2618daemon. 2619.It Va weak_mountd_authentication 2620.Pq Vt bool 2621If set to 2622.Dq Li YES , 2623allow services like PCNFSD to make non-privileged mount 2624requests. 2625.It Va nfs_reserved_port_only 2626.Pq Vt bool 2627If set to 2628.Dq Li YES , 2629provide NFS services only on a secure port. 2630.It Va nfs_bufpackets 2631.Pq Vt int 2632If set to a number, indicates the number of packets worth of 2633socket buffer space to reserve on an NFS client. 2634The kernel default is typically 4. 2635Using a higher number may be 2636useful on gigabit networks to improve performance. 2637The minimum value is 26382 and the maximum is 64. 2639.It Va rpc_lockd_enable 2640.Pq Vt bool 2641If set to 2642.Dq Li YES 2643and also an NFS server or client, run 2644.Xr rpc.lockd 8 2645at boot time. 2646.It Va rpc_lockd_flags 2647.Pq Vt str 2648If 2649.Va rpc_lockd_enable 2650is set to 2651.Dq Li YES , 2652these are the flags to pass to the 2653.Xr rpc.lockd 8 2654daemon. 2655.It Va rpc_statd_enable 2656.Pq Vt bool 2657If set to 2658.Dq Li YES 2659and also an NFS server or client, run 2660.Xr rpc.statd 8 2661at boot time. 2662.It Va rpc_statd_flags 2663.Pq Vt str 2664If 2665.Va rpc_statd_enable 2666is set to 2667.Dq Li YES , 2668these are the flags to pass to the 2669.Xr rpc.statd 8 2670daemon. 2671.It Va rpcbind_program 2672.Pq Vt str 2673Path to 2674.Xr rpcbind 8 2675(default 2676.Pa /usr/sbin/rpcbind ) . 2677.It Va rpcbind_enable 2678.Pq Vt bool 2679If set to 2680.Dq Li YES , 2681run the 2682.Xr rpcbind 8 2683service at boot time. 2684.It Va rpcbind_flags 2685.Pq Vt str 2686If 2687.Va rpcbind_enable 2688is set to 2689.Dq Li YES , 2690these are the flags to pass to the 2691.Xr rpcbind 8 2692daemon. 2693.It Va keyserv_enable 2694.Pq Vt bool 2695If set to 2696.Dq Li YES , 2697run the 2698.Xr keyserv 8 2699daemon on boot for running Secure RPC. 2700.It Va keyserv_flags 2701.Pq Vt str 2702If 2703.Va keyserv_enable 2704is set to 2705.Dq Li YES , 2706these are the flags to pass to 2707.Xr keyserv 8 2708daemon. 2709.It Va pppoed_enable 2710.Pq Vt bool 2711If set to 2712.Dq Li YES , 2713run the 2714.Xr pppoed 8 2715daemon at boot time to provide PPP over Ethernet services. 2716.It Va pppoed_ Ns Aq Ar provider 2717.Pq Vt str 2718.Xr pppoed 8 2719listens to requests to this 2720.Ar provider 2721and ultimately runs 2722.Xr ppp 8 2723with a 2724.Ar system 2725argument of the same name. 2726.It Va pppoed_flags 2727.Pq Vt str 2728Additional flags to pass to 2729.Xr pppoed 8 . 2730.It Va pppoed_interface 2731.Pq Vt str 2732The network interface to run 2733.Xr pppoed 8 2734on. 2735This is mandatory when 2736.Va pppoed_enable 2737is set to 2738.Dq Li YES . 2739.It Va ntpdate_enable 2740.Pq Vt bool 2741If set to 2742.Dq Li YES , 2743run 2744.Xr ntpdate 8 2745at system startup. 2746This command is intended to 2747synchronize the system clock only 2748.Em once 2749from some standard reference. 2750.Pp 2751Note that the use of the 2752.Va ntpd_sync_on_start 2753variable is a preferred alternative to the 2754.Xr ntpdate 8 2755utility as 2756.Xr ntpdate 8 2757is to be retired from the NTP distribution. 2758.It Va ntpdate_config 2759.Pq Vt str 2760Configuration file for 2761.Xr ntpdate 8 . 2762Default 2763.Pa /etc/ntp.conf . 2764.It Va ntpdate_hosts 2765.Pq Vt str 2766A whitespace-separated list of NTP servers to synchronize with at startup. 2767The default is to use the servers listed in 2768.Va ntpdate_config , 2769if that file exists. 2770.It Va ntpdate_program 2771.Pq Vt str 2772Path to 2773.Xr ntpdate 8 2774(default 2775.Pa /usr/sbin/ntpdate ) . 2776.It Va ntpdate_flags 2777.Pq Vt str 2778If 2779.Va ntpdate_enable 2780is set to 2781.Dq Li YES , 2782these are the flags to pass to the 2783.Xr ntpdate 8 2784command (typically a hostname). 2785.It Va ntpd_enable 2786.Pq Vt bool 2787If set to 2788.Dq Li YES , 2789run the 2790.Xr ntpd 8 2791command at boot time. 2792.It Va ntpd_program 2793.Pq Vt str 2794Path to 2795.Xr ntpd 8 2796(default 2797.Pa /usr/sbin/ntpd ) . 2798.It Va ntpd_config 2799.Pq Vt str 2800Path to 2801.Xr ntpd 8 2802configuration file. 2803Default 2804.Pa /etc/ntp.conf . 2805.It Va ntpd_flags 2806.Pq Vt str 2807If 2808.Va ntpd_enable 2809is set to 2810.Dq Li YES , 2811these are the flags to pass to the 2812.Xr ntpd 8 2813daemon. 2814.It Va ntpd_sync_on_start 2815.Pq Vt bool 2816If set to 2817.Dq Li YES , 2818.Xr ntpd 8 2819is run with the 2820.Fl g 2821flag, which syncs the system's clock on startup. 2822See 2823.Xr ntpd 8 2824for more information regarding the 2825.Fl g 2826option. 2827This is a preferred alternative to using 2828.Xr ntpdate 8 2829or specifying the 2830.Va ntpdate_enable 2831variable. 2832.It Va nis_client_enable 2833.Pq Vt bool 2834If set to 2835.Dq Li YES , 2836run the 2837.Xr ypbind 8 2838service at system boot time. 2839.It Va nis_client_flags 2840.Pq Vt str 2841If 2842.Va nis_client_enable 2843is set to 2844.Dq Li YES , 2845these are the flags to pass to the 2846.Xr ypbind 8 2847service. 2848.It Va nis_ypldap_enable 2849.Pq Vt bool 2850If set to 2851.Dq Li YES , 2852run the 2853.Xr ypldap 8 2854daemon at system boot time. 2855.It Va nis_ypldap_flags 2856.Pq Vt str 2857If 2858.Va nis.ypldap_enable 2859is set to 2860.Dq Li YES , 2861these are the flags to pass to the 2862.Xr ypldap 8 2863daemon. 2864.It Va nis_ypset_enable 2865.Pq Vt bool 2866If set to 2867.Dq Li YES , 2868run the 2869.Xr ypset 8 2870daemon at system boot time. 2871.It Va nis_ypset_flags 2872.Pq Vt str 2873If 2874.Va nis_ypset_enable 2875is set to 2876.Dq Li YES , 2877these are the flags to pass to the 2878.Xr ypset 8 2879daemon. 2880.It Va nis_server_enable 2881.Pq Vt bool 2882If set to 2883.Dq Li YES , 2884run the 2885.Xr ypserv 8 2886daemon at system boot time. 2887.It Va nis_server_flags 2888.Pq Vt str 2889If 2890.Va nis_server_enable 2891is set to 2892.Dq Li YES , 2893these are the flags to pass to the 2894.Xr ypserv 8 2895daemon. 2896.It Va nis_ypxfrd_enable 2897.Pq Vt bool 2898If set to 2899.Dq Li YES , 2900run the 2901.Xr rpc.ypxfrd 8 2902daemon at system boot time. 2903.It Va nis_ypxfrd_flags 2904.Pq Vt str 2905If 2906.Va nis_ypxfrd_enable 2907is set to 2908.Dq Li YES , 2909these are the flags to pass to the 2910.Xr rpc.ypxfrd 8 2911daemon. 2912.It Va nis_yppasswdd_enable 2913.Pq Vt bool 2914If set to 2915.Dq Li YES , 2916run the 2917.Xr rpc.yppasswdd 8 2918daemon at system boot time. 2919.It Va nis_yppasswdd_flags 2920.Pq Vt str 2921If 2922.Va nis_yppasswdd_enable 2923is set to 2924.Dq Li YES , 2925these are the flags to pass to the 2926.Xr rpc.yppasswdd 8 2927daemon. 2928.It Va rpc_ypupdated_enable 2929.Pq Vt bool 2930If set to 2931.Dq Li YES , 2932run the 2933.Nm rpc.ypupdated 2934daemon at system boot time. 2935.It Va bsnmpd_enable 2936.Pq Vt bool 2937If set to 2938.Dq Li YES , 2939run the 2940.Xr bsnmpd 1 2941daemon at system boot time. 2942Be sure to understand the security implications of running an SNMP daemon 2943on your host. 2944.It Va bsnmpd_flags 2945.Pq Vt str 2946If 2947.Va bsnmpd_enable 2948is set to 2949.Dq Li YES , 2950these are the flags to pass to the 2951.Xr bsnmpd 1 2952daemon. 2953.It Va defaultrouter 2954.Pq Vt str 2955If not set to 2956.Dq Li NO , 2957create a default route to this host name or IP address 2958(use an IP address if this router is also required to get to the 2959name server!). 2960.It Va defaultrouter_fibN 2961.Pq Vt str 2962If not set to 2963.Dq Li NO , 2964create a default route in FIB N to this host name or IP address. 2965.It Va ipv6_defaultrouter 2966.Pq Vt str 2967The IPv6 equivalent of 2968.Va defaultrouter . 2969.It Va ipv6_defaultrouter_fibN 2970.Pq Vt str 2971The IPv6 equivalent of 2972.Va defaultrouter_fibN . 2973.It Va static_arp_pairs 2974.Pq Vt str 2975Set to the list of static ARP pairs that are to be added at system 2976boot time. 2977For each whitespace separated 2978.Ar element 2979in the value, a 2980.Va static_arp_ Ns Aq Ar element 2981variable is assumed to exist whose contents will later be passed to a 2982.Dq Nm arp Cm -S 2983operation. 2984For example 2985.Bd -literal 2986static_arp_pairs="gw" 2987static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2988.Ed 2989.It Va static_ndp_pairs 2990.Pq Vt str 2991Set to the list of static NDP pairs that are to be added at system 2992boot time. 2993For each whitespace separated 2994.Ar element 2995in the value, a 2996.Va static_ndp_ Ns Aq Ar element 2997variable is assumed to exist whose contents will later be passed to a 2998.Dq Nm ndp Cm -s 2999operation. 3000For example 3001.Bd -literal 3002static_ndp_pairs="gw" 3003static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 3004.Ed 3005.It Va static_routes 3006.Pq Vt str 3007Set to the list of static routes that are to be added at system 3008boot time. 3009If not set to 3010.Dq Li NO 3011then for each whitespace separated 3012.Ar element 3013in the value, a 3014.Va route_ Ns Aq Ar element 3015variable is assumed to exist 3016whose contents will later be passed to a 3017.Dq Nm route Cm add 3018operation. 3019For example: 3020.Bd -literal 3021static_routes="ext mcast:gif0 gif0local:gif0" 3022route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 3023route_mcast="-net 224.0.0.0/4 -iface gif0" 3024route_gif0local="-host 169.254.1.1 -iface lo0" 3025.Ed 3026.Pp 3027When an 3028.Ar element 3029is in the form of 3030.Li name:ifname , 3031the route is specific to the interface 3032.Li ifname . 3033.It Va ipv6_static_routes 3034.Pq Vt str 3035The IPv6 equivalent of 3036.Va static_routes . 3037If not set to 3038.Dq Li NO 3039then for each whitespace separated 3040.Ar element 3041in the value, a 3042.Va ipv6_route_ Ns Aq Ar element 3043variable is assumed to exist 3044whose contents will later be passed to a 3045.Dq Nm route Cm add Fl inet6 3046operation. 3047.It Va gateway_enable 3048.Pq Vt bool 3049If set to 3050.Dq Li YES , 3051configure host to act as an IP router, e.g.\& to forward packets 3052between interfaces. 3053.It Va ipv6_gateway_enable 3054.Pq Vt bool 3055The IPv6 equivalent of 3056.Va gateway_enable . 3057.It Va routed_enable 3058.Pq Vt bool 3059If set to 3060.Dq Li YES , 3061run a routing daemon of some sort, based on the 3062settings of 3063.Va routed_program 3064and 3065.Va routed_flags . 3066.It Va route6d_enable 3067.Pq Vt bool 3068The IPv6 equivalent of 3069.Va routed_enable . 3070If set to 3071.Dq Li YES , 3072run a routing daemon of some sort, based on the 3073settings of 3074.Va route6d_program 3075and 3076.Va route6d_flags . 3077.It Va routed_program 3078.Pq Vt str 3079If 3080.Va routed_enable 3081is set to 3082.Dq Li YES , 3083this is the name of the routing daemon to use. 3084The default is 3085.Xr routed 8 . 3086.It Va route6d_program 3087.Pq Vt str 3088The IPv6 equivalent of 3089.Va routed_program . 3090The default is 3091.Xr route6d 8 . 3092.It Va routed_flags 3093.Pq Vt str 3094If 3095.Va routed_enable 3096is set to 3097.Dq Li YES , 3098these are the flags to pass to the routing daemon. 3099.It Va route6d_flags 3100.Pq Vt str 3101The IPv6 equivalent of 3102.Va routed_flags . 3103.It Va rtadvd_enable 3104.Pq Vt bool 3105If set to 3106.Dq Li YES , 3107run the 3108.Xr rtadvd 8 3109daemon at boot time. 3110The 3111.Xr rtadvd 8 3112utility sends ICMPv6 Router Advertisement messages to 3113the interfaces specified in 3114.Va rtadvd_interfaces . 3115This should only be enabled with great care. 3116You may want to fine-tune 3117.Xr rtadvd.conf 5 . 3118.It Va rtadvd_interfaces 3119.Pq Vt str 3120If 3121.Va rtadvd_enable 3122is set to 3123.Dq Li YES 3124this is the list of interfaces to use. 3125.It Va arpproxy_all 3126.Pq Vt bool 3127If set to 3128.Dq Li YES , 3129enable global proxy ARP. 3130.It Va forward_sourceroute 3131.Pq Vt bool 3132If set to 3133.Dq Li YES 3134and 3135.Va gateway_enable 3136is also set to 3137.Dq Li YES , 3138source-routed packets are forwarded. 3139.It Va accept_sourceroute 3140.Pq Vt bool 3141If set to 3142.Dq Li YES , 3143the system will accept source-routed packets directed at it. 3144.It Va rarpd_enable 3145.Pq Vt bool 3146If set to 3147.Dq Li YES , 3148run the 3149.Xr rarpd 8 3150daemon at system boot time. 3151.It Va rarpd_flags 3152.Pq Vt str 3153If 3154.Va rarpd_enable 3155is set to 3156.Dq Li YES , 3157these are the flags to pass to the 3158.Xr rarpd 8 3159daemon. 3160.It Va bootparamd_enable 3161.Pq Vt bool 3162If set to 3163.Dq Li YES , 3164run the 3165.Xr bootparamd 8 3166daemon at system boot time. 3167.It Va bootparamd_flags 3168.Pq Vt str 3169If 3170.Va bootparamd_enable 3171is set to 3172.Dq Li YES , 3173these are the flags to pass to the 3174.Xr bootparamd 8 3175daemon. 3176.It Va stf_interface_ipv4addr 3177.Pq Vt str 3178If not set to 3179.Dq Li NO , 3180this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3181interface). 3182Specify this entry to enable the 6to4 interface. 3183.It Va stf_interface_ipv4plen 3184.Pq Vt int 3185Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3186An effective value is 0-31. 3187.It Va stf_interface_ipv6_ifid 3188.Pq Vt str 3189IPv6 interface ID for 3190.Xr stf 4 . 3191This can be set to 3192.Dq Li AUTO . 3193.It Va stf_interface_ipv6_slaid 3194.Pq Vt str 3195IPv6 Site Level Aggregator for 3196.Xr stf 4 . 3197.It Va ipv6_ipv4mapping 3198.Pq Vt bool 3199If set to 3200.Dq Li YES 3201this enables IPv4 mapped IPv6 address communication (like 3202.Li ::ffff:a.b.c.d ) . 3203.It Va rtsold_enable 3204.Pq Vt bool 3205Set to 3206.Dq Li YES 3207to enable the 3208.Xr rtsold 8 3209daemon to send ICMPv6 Router Solicitation messages. 3210.It Va rtsold_flags 3211.Pq Vt str 3212If 3213.Va rtsold_enable 3214is set to 3215.Dq Li YES , 3216these are the flags to pass to 3217.Xr rtsold 8 . 3218.It Va rtsol_flags 3219.Pq Vt str 3220For interfaces configured with the 3221.Dq Li inet6 accept_rtadv 3222keyword, these are the flags to pass to 3223.Xr rtsol 8 . 3224.Pp 3225Note that 3226.Va rtsold_enable 3227is mutually exclusive to 3228.Va rtsol_flags ; 3229.Va rtsold_enable 3230takes precedence. 3231.It Va keybell 3232.Pq Vt str 3233The keyboard bell sound. 3234Set to 3235.Dq Li normal , 3236.Dq Li visual , 3237.Dq Li off , 3238or 3239.Dq Li NO 3240if the default behavior is desired. 3241For details, refer to the 3242.Xr kbdcontrol 1 3243manpage. 3244.It Va keyboard 3245.Pq Vt str 3246If set to a non-null string, the virtual console's keyboard input is 3247set to this device. 3248.It Va keymap 3249.Pq Vt str 3250If set to 3251.Dq Li NO , 3252no keymap is installed, otherwise the value is used to install 3253the keymap file found in 3254.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3255(if using 3256.Xr syscons 4 ) or 3257.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3258(if using 3259.Xr vt 4 ) . 3260.It Va keyrate 3261.Pq Vt str 3262The keyboard repeat speed. 3263Set to 3264.Dq Li slow , 3265.Dq Li normal , 3266.Dq Li fast , 3267or 3268.Dq Li NO 3269if the default behavior is desired. 3270.It Va keychange 3271.Pq Vt str 3272If not set to 3273.Dq Li NO , 3274attempt to program the function keys with the value. 3275The value should 3276be a single string of the form: 3277.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3278.It Va cursor 3279.Pq Vt str 3280Can be set to the value of 3281.Dq Li normal , 3282.Dq Li blink , 3283.Dq Li destructive , 3284or 3285.Dq Li NO 3286to set the cursor behavior explicitly or choose the default behavior. 3287.It Va scrnmap 3288.Pq Vt str 3289If set to 3290.Dq Li NO , 3291no screen map is installed, otherwise the value is used to install 3292the screen map file in 3293.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3294This parameter is ignored when using 3295.Xr vt 4 3296as the console driver. 3297.It Va font8x16 3298.Pq Vt str 3299If set to 3300.Dq Li NO , 3301the default 8x16 font value is used for screen size requests, otherwise 3302the value in 3303.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3304or 3305.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3306is used (depending on the console driver being used). 3307.It Va font8x14 3308.Pq Vt str 3309If set to 3310.Dq Li NO , 3311the default 8x14 font value is used for screen size requests, otherwise 3312the value in 3313.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3314or 3315.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3316is used (depending on the console driver being used). 3317.It Va font8x8 3318.Pq Vt str 3319If set to 3320.Dq Li NO , 3321the default 8x8 font value is used for screen size requests, otherwise 3322the value in 3323.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3324or 3325.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3326is used (depending on the console driver being used). 3327.It Va blanktime 3328.Pq Vt int 3329If set to 3330.Dq Li NO , 3331the default screen blanking interval is used, otherwise it is set 3332to 3333.Ar value 3334seconds. 3335.It Va saver 3336.Pq Vt str 3337If not set to 3338.Dq Li NO , 3339this is the actual screen saver to use 3340.Li ( blank , snake , daemon , 3341etc). 3342.It Va moused_nondefault_enable 3343.Pq Vt str 3344If set to 3345.Dq Li NO , 3346the mouse device specified on 3347the command line is not automatically treated as enabled by the 3348.Pa /etc/rc.d/moused 3349script. 3350Having this variable set to 3351.Dq Li YES 3352allows a 3353.Xr usb 4 3354mouse, 3355for example, 3356to be enabled as soon as it is plugged in. 3357.It Va moused_enable 3358.Pq Vt str 3359If set to 3360.Dq Li YES , 3361the 3362.Xr moused 8 3363daemon is started for doing cut/paste selection on the console. 3364.It Va moused_type 3365.Pq Vt str 3366This is the protocol type of the mouse connected to this host. 3367This variable must be set if 3368.Va moused_enable 3369is set to 3370.Dq Li YES , 3371but defaults to 3372.Dq Li auto 3373as the 3374.Xr moused 8 3375daemon 3376is able to detect the appropriate mouse type automatically in many cases. 3377Set this variable to 3378one from the following list if the automatic detection fails. 3379.Pp 3380If the mouse is attached to the PS/2 mouse port, choose 3381.Dq Li auto 3382or 3383.Dq Li ps/2 , 3384regardless of the brand and model of the mouse. 3385Likewise, if the 3386mouse is attached to the bus mouse port, choose 3387.Dq Li auto 3388or 3389.Dq Li busmouse . 3390All other protocols are for serial mice and will not work with 3391the PS/2 and bus mice. 3392If this is a USB mouse, 3393.Dq Li auto 3394is the only protocol type which will work. 3395.Pp 3396.Bl -tag -width ".Li x10mouseremote" -compact 3397.It Li microsoft 3398Microsoft mouse (serial) 3399.It Li intellimouse 3400Microsoft IntelliMouse (serial) 3401.It Li mousesystems 3402Mouse systems Corp.\& mouse (serial) 3403.It Li mmseries 3404MM Series mouse (serial) 3405.It Li logitech 3406Logitech mouse (serial) 3407.It Li busmouse 3408A bus mouse 3409.It Li mouseman 3410Logitech MouseMan and TrackMan (serial) 3411.It Li glidepoint 3412ALPS GlidePoint (serial) 3413.It Li thinkingmouse 3414Kensington ThinkingMouse (serial) 3415.It Li ps/2 3416PS/2 mouse 3417.It Li mmhittab 3418MM HitTablet (serial) 3419.It Li x10mouseremote 3420X10 MouseRemote (serial) 3421.It Li versapad 3422Interlink VersaPad (serial) 3423.El 3424.Pp 3425Even if the mouse is not in the above list, it may be compatible 3426with one in the list. 3427Refer to the manual page for 3428.Xr moused 8 3429for compatibility information. 3430.Pp 3431It should also be noted that while this is enabled, any 3432other client of the mouse (such as an X server) should access 3433the mouse through the virtual mouse device, 3434.Pa /dev/sysmouse , 3435and configure it as a 3436.Dq Li sysmouse 3437type mouse, since all 3438mouse data is converted to this single canonical format when 3439using 3440.Xr moused 8 . 3441If the client program does not support the 3442.Dq Li sysmouse 3443type, 3444specify the 3445.Dq Li mousesystems 3446type. 3447It is the second preferred type. 3448.It Va moused_port 3449.Pq Vt str 3450If 3451.Va moused_enable 3452is set to 3453.Dq Li YES , 3454this is the actual port the mouse is on. 3455It might be 3456.Pa /dev/cuau0 3457for a COM1 serial mouse, or 3458.Pa /dev/psm0 3459for a PS/2 mouse, for example. 3460.It Va moused_flags 3461.Pq Vt str 3462If 3463.Va moused_flags 3464is set, its value is used as an additional set of flags to pass to the 3465.Xr moused 8 3466daemon. 3467.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3468When 3469.Va moused_nondefault_enable 3470is enabled, and a 3471.Xr moused 8 3472daemon is started for a non-default port, the 3473.Va "moused_" Ns Ar XXX Ns Va "_flags" 3474set of options has precedence over and replaces the default 3475.Va moused_flags 3476(where 3477.Ar XXX 3478is the name of the non-default port, i.e.,\& 3479.Ar ums0 ) . 3480By setting 3481.Va "moused_" Ns Ar XXX Ns Va "_flags" 3482it is possible to set up a different set of default flags for each 3483.Xr moused 8 3484instance. 3485For example, you can use 3486.Dq Li "-3" 3487for the default 3488.Va moused_flags 3489to make your laptop's touchpad more comfortable to use, 3490but an empty set of options for 3491.Va moused_ums0_flags 3492when your 3493.Xr usb 4 3494mouse has three or more buttons. 3495.It Va mousechar_start 3496.Pq Vt int 3497If set to 3498.Dq Li NO , 3499the default mouse cursor character range 3500.Li 0xd0 Ns - Ns Li 0xd3 3501is used, 3502otherwise the range start is set 3503to 3504.Ar value 3505character, see 3506.Xr vidcontrol 1 . 3507Use if the default range is occupied in the language code table. 3508.It Va allscreens_flags 3509.Pq Vt str 3510If set, 3511.Xr vidcontrol 1 3512is run with these options for each of the virtual terminals 3513.Pq Pa /dev/ttyv* . 3514For example, 3515.Dq Fl m Cm on 3516will enable the mouse pointer on all virtual terminals 3517if 3518.Va moused_enable 3519is set to 3520.Dq Li YES . 3521.It Va allscreens_kbdflags 3522.Pq Vt str 3523If set, 3524.Xr kbdcontrol 1 3525is run with these options for each of the virtual terminals 3526.Pq Pa /dev/ttyv* . 3527For example, 3528.Dq Fl h Li 200 3529will set the 3530.Xr syscons 4 3531or 3532.Xr vt 4 3533scrollback (history) buffer to 200 lines. 3534.It Va cron_enable 3535.Pq Vt bool 3536If set to 3537.Dq Li YES , 3538run the 3539.Xr cron 8 3540daemon at system boot time. 3541.It Va cron_program 3542.Pq Vt str 3543Path to 3544.Xr cron 8 3545(default 3546.Pa /usr/sbin/cron ) . 3547.It Va cron_flags 3548.Pq Vt str 3549If 3550.Va cron_enable 3551is set to 3552.Dq Li YES , 3553these are the flags to pass to 3554.Xr cron 8 . 3555.It Va cron_dst 3556.Pq Vt bool 3557If set to 3558.Dq Li YES , 3559enable the special handling of transitions to and from the 3560Daylight Saving Time in 3561.Xr cron 8 3562(equivalent to using the flag 3563.Fl s ) . 3564.It Va lpd_program 3565.Pq Vt str 3566Path to 3567.Xr lpd 8 3568(default 3569.Pa /usr/sbin/lpd ) . 3570.It Va lpd_enable 3571.Pq Vt bool 3572If set to 3573.Dq Li YES , 3574run the 3575.Xr lpd 8 3576daemon at system boot time. 3577.It Va lpd_flags 3578.Pq Vt str 3579If 3580.Va lpd_enable 3581is set to 3582.Dq Li YES , 3583these are the flags to pass to the 3584.Xr lpd 8 3585daemon. 3586.It Va chkprintcap_enable 3587.Pq Vt bool 3588If set to 3589.Dq Li YES , 3590run the 3591.Xr chkprintcap 8 3592command before starting the 3593.Xr lpd 8 3594daemon. 3595.It Va chkprintcap_flags 3596.Pq Vt str 3597If 3598.Va lpd_enable 3599and 3600.Va chkprintcap_enable 3601are set to 3602.Dq Li YES , 3603these are the flags to pass to the 3604.Xr chkprintcap 8 3605program. 3606The default is 3607.Dq Li -d , 3608which causes missing directories to be created. 3609.It Va dumpdev 3610.Pq Vt str 3611Indicates the device (usually a swap partition) to which a crash dump 3612should be written in the event of a system crash. 3613If the value of this variable is 3614.Dq Li AUTO , 3615the first suitable swap device listed in 3616.Pa /etc/fstab 3617will be used as dump device. 3618Otherwise, the value of this variable is passed as the argument to 3619.Xr dumpon 8 3620and 3621.Xr savecore 8 . 3622To disable crash dumps, set this variable to 3623.Dq Li NO . 3624.It Va dumpon_flags 3625.Pq Vt str 3626Flags to pass to 3627.Xr dumpon 8 3628when configuring 3629.Va dumpdev 3630as the system dump device. 3631.It Va dumpdir 3632.Pq Vt str 3633When the system reboots after a crash and a crash dump is found on the 3634device specified by the 3635.Va dumpdev 3636variable, 3637.Xr savecore 8 3638will save that crash dump and a copy of the kernel to the directory 3639specified by the 3640.Va dumpdir 3641variable. 3642The default value is 3643.Pa /var/crash . 3644Set to 3645.Dq Li NO 3646to not run 3647.Xr savecore 8 3648at boot time when 3649.Va dumpdir 3650is set. 3651.It Va savecore_enable 3652.Pq Vt bool 3653If set to 3654.Dq Li NO , 3655disable automatic extraction of the crash dump from the 3656.Va dumpdev . 3657.It Va savecore_flags 3658.Pq Vt str 3659If crash dumps are enabled, these are the flags to pass to the 3660.Xr savecore 8 3661utility. 3662.It Va quota_enable 3663.Pq Vt bool 3664Set to 3665.Dq Li YES 3666to turn on user and group disk quotas on system startup via the 3667.Xr quotaon 8 3668command for all file systems marked as having quotas enabled in 3669.Pa /etc/fstab . 3670The kernel must be built with 3671.Cd "options QUOTA" 3672for disk quotas to function. 3673.It Va check_quotas 3674.Pq Vt bool 3675Set to 3676.Dq Li YES 3677to enable user and group disk quota checking via the 3678.Xr quotacheck 8 3679command. 3680.It Va quotacheck_flags 3681.Pq Vt str 3682If 3683.Va quota_enable 3684is set to 3685.Dq Li YES , 3686and 3687.Va check_quotas 3688is set to 3689.Dq Li YES , 3690these are the flags to pass to the 3691.Xr quotacheck 8 3692utility. 3693The default is 3694.Dq Li "-a" , 3695which checks quotas for all file systems with quotas enabled in 3696.Pa /etc/fstab . 3697.It Va quotaon_flags 3698.Pq Vt str 3699If 3700.Va quota_enable 3701is set to 3702.Dq Li YES , 3703these are the flags to pass to the 3704.Xr quotaon 8 3705utility. 3706The default is 3707.Dq Li "-a" , 3708which enables quotas for all file systems with quotas enabled in 3709.Pa /etc/fstab . 3710.It Va quotaoff_flags 3711.Pq Vt str 3712If 3713.Va quota_enable 3714is set to 3715.Dq Li YES , 3716these are the flags to pass to the 3717.Xr quotaoff 8 3718utility when shutting down the quota system. 3719The default is 3720.Dq Li "-a" , 3721which disables quotas for all file systems with quotas enabled in 3722.Pa /etc/fstab . 3723.It Va accounting_enable 3724.Pq Vt bool 3725Set to 3726.Dq Li YES 3727to enable system accounting through the 3728.Xr accton 8 3729facility. 3730.It Va firstboot_sentinel 3731.Pq Vt str 3732This variable specifies the full path to a 3733.Dq first boot 3734sentinel file. 3735If a file exists with this path, 3736.Pa rc.d 3737scripts with the 3738.Dq firstboot 3739keyword will be run on startup and the sentinel file will be deleted 3740after the boot process completes. 3741The sentinel file must be located on a writable file system which is 3742mounted no later than 3743.Va early_late_divider 3744to function properly. 3745The default is 3746.Pa /firstboot . 3747.It Va linux_enable 3748.Pq Vt bool 3749Set to 3750.Dq Li YES 3751to enable Linux/ELF binary emulation at system initial 3752boot time. 3753.It Va sysvipc_enable 3754.Pq Vt bool 3755If set to 3756.Dq Li YES , 3757load System V IPC primitives at boot time. 3758.It Va clear_tmp_enable 3759.Pq Vt bool 3760Set to 3761.Dq Li YES 3762to have 3763.Pa /tmp 3764cleaned at startup. 3765.It Va clear_tmp_X 3766.Pq Vt bool 3767Set to 3768.Dq Li NO 3769to disable removing of X11 lock files, 3770and the removal and (secure) recreation 3771of the various socket directories for X11 3772related programs. 3773.It Va ldconfig_paths 3774.Pq Vt str 3775Set to the list of shared library paths to use with 3776.Xr ldconfig 8 . 3777NOTE: 3778.Pa /lib 3779and 3780.Pa /usr/lib 3781will always be added first, so they need not appear in this list. 3782.It Va ldconfig32_paths 3783.Pq Vt str 3784Set to the list of 32-bit compatibility shared library paths to 3785use with 3786.Xr ldconfig 8 . 3787.It Va ldconfig_insecure 3788.Pq Vt bool 3789The 3790.Xr ldconfig 8 3791utility normally refuses to use directories 3792which are writable by anyone except root. 3793Set this variable to 3794.Dq Li YES 3795to disable that security check during system startup. 3796.It Va ldconfig_local_dirs 3797.Pq Vt str 3798Set to the list of local 3799.Xr ldconfig 8 3800directories. 3801The names of all files in the directories listed will be 3802passed as arguments to 3803.Xr ldconfig 8 . 3804.It Va ldconfig_local32_dirs 3805.Pq Vt str 3806Set to the list of local 32-bit compatibility 3807.Xr ldconfig 8 3808directories. 3809The names of all files in the directories listed will be 3810passed as arguments to 3811.Dq Nm ldconfig Fl 32 . 3812.It Va kern_securelevel_enable 3813.Pq Vt bool 3814Set to 3815.Dq Li YES 3816to set the kernel security level at system startup. 3817.It Va kern_securelevel 3818.Pq Vt int 3819The kernel security level to set at startup. 3820The allowed range of 3821.Ar value 3822ranges from \-1 (the compile time default) to 3 (the 3823most secure). 3824See 3825.Xr security 7 3826for the list of possible security levels and their effect 3827on system operation. 3828.It Va sshd_program 3829.Pq Vt str 3830Path to the SSH server program 3831.Pa ( /usr/sbin/sshd 3832is the default). 3833.It Va sshd_enable 3834.Pq Vt bool 3835Set to 3836.Dq Li YES 3837to start 3838.Xr sshd 8 3839at system boot time. 3840.It Va sshd_flags 3841.Pq Vt str 3842If 3843.Va sshd_enable 3844is set to 3845.Dq Li YES , 3846these are the flags to pass to the 3847.Xr sshd 8 3848daemon. 3849.It Va ftpd_program 3850.Pq Vt str 3851Path to the FTP server program 3852.Pa ( /usr/libexec/ftpd 3853is the default). 3854.It Va ftpd_enable 3855.Pq Vt bool 3856Set to 3857.Dq Li YES 3858to start 3859.Xr ftpd 8 3860as a stand-alone daemon at system boot time. 3861.It Va ftpd_flags 3862.Pq Vt str 3863If 3864.Va ftpd_enable 3865is set to 3866.Dq Li YES , 3867these are the additional flags to pass to the 3868.Xr ftpd 8 3869daemon. 3870.It Va watchdogd_enable 3871.Pq Vt bool 3872If set to 3873.Dq Li YES , 3874start the 3875.Xr watchdogd 8 3876daemon at boot time. 3877This requires that the kernel have been compiled with a 3878.Xr watchdog 4 3879compatible device. 3880.It Va watchdogd_flags 3881.Pq Vt str 3882If 3883.Va watchdogd_enable 3884is set to 3885.Dq Li YES , 3886these are the flags passed to the 3887.Xr watchdogd 8 3888daemon. 3889.It Va watchdogd_timeout 3890.Pq Vt int 3891If 3892.Va watchdogd_enable 3893is set to 3894.Dq Li YES , 3895this is a timeout that will be used by the 3896.Xr watchdogd 8 3897daemon. 3898If this option is set, it overrides 3899.Fl t 3900in 3901.Va watchdogd_flags . 3902.It Va watchdogd_shutdown_timeout 3903.Pq Vt int 3904If 3905.Va watchdogd_enable 3906is set to 3907.Dq Li YES , 3908this is a timeout that will be set by the 3909.Xr watchdogd 8 3910daemon when it exits during the system shutdown. 3911This timeout will not be set when returning to the single-user mode 3912or when the watchdogd service is stopped individually using the 3913.Xr service 8 3914command or the rc.d script. 3915Note that the timeout will be applied if 3916.Xr watchdogd 8 3917is stopped outside of 3918.Xr rc 8 3919framework. 3920If this option is set, it overrides 3921.Fl x 3922in 3923.Va watchdogd_flags . 3924.It Va devfs_rulesets 3925.Pq Vt str 3926List of files containing sets of rules for 3927.Xr devfs 8 . 3928.It Va devfs_system_ruleset 3929.Pq Vt str 3930Rule name(s) to apply to the system 3931.Pa /dev 3932itself. 3933.It Va devfs_set_rulesets 3934.Pq Vt str 3935Pairs of already-mounted 3936.Pa dev 3937directories and rulesets that should be applied to them. 3938For example: /mount/dev=ruleset_name 3939.It Va devfs_load_rulesets 3940.Pq Vt bool 3941If set, always load the default rulesets listed in 3942.Va devfs_rulesets . 3943.It Va performance_cx_lowest 3944.Pq Vt str 3945CPU idle state to use while on AC power. 3946The string 3947.Dq Li LOW 3948indicates that 3949.Xr acpi 4 3950should use the lowest power state available while 3951.Dq Li HIGH 3952indicates that the lowest latency state (less power savings) should be used. 3953.It Va performance_cpu_freq 3954.Pq Vt str 3955CPU clock frequency to use while on AC power. 3956The string 3957.Dq Li LOW 3958indicates that 3959.Xr cpufreq 4 3960should use the lowest frequency available while 3961.Dq Li HIGH 3962indicates that the highest frequency (less power savings) should be used. 3963.It Va economy_cx_lowest 3964.Pq Vt str 3965CPU idle state to use when off AC power. 3966The string 3967.Dq Li LOW 3968indicates that 3969.Xr acpi 4 3970should use the lowest power state available while 3971.Dq Li HIGH 3972indicates that the lowest latency state (less power savings) should be used. 3973.It Va economy_cpu_freq 3974.Pq Vt str 3975CPU clock frequency to use when off AC power. 3976The string 3977.Dq Li LOW 3978indicates that 3979.Xr cpufreq 4 3980should use the lowest frequency available while 3981.Dq Li HIGH 3982indicates that the highest frequency (less power savings) should be used. 3983.It Va jail_enable 3984.Pq Vt bool 3985If set to 3986.Dq Li NO , 3987any configured jails will not be started. 3988.It Va jail_conf 3989.Pq Vt str 3990The configuration filename used by 3991.Xr jail 8 3992utility. 3993The default value is 3994.Pa /etc/jail.conf . 3995.Pa /etc/jail. Ns Ao Va jname Ac Ns Pa .conf 3996and 3997.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf 3998will also be used if 3999.Ao Va jname Ac 4000is set in 4001.Va jail_list . 4002.It Va jail_parallel_start 4003.Pq Vt bool 4004If set to 4005.Dq Li YES , 4006all configured jails will be started in the background (in parallel). 4007.It Va jail_flags 4008.Pq Vt str 4009Unset by default. 4010When set, use as default value for 4011.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4012for every jail in 4013.Va jail_list . 4014.It Va jail_list 4015.Pq Vt str 4016A space-delimited list of jail names. 4017When left empty, all of the 4018.Xr jail 8 4019instances defined in the configuration file are started. 4020The names specified in this list control the jail startup order. 4021.Xr jail 8 4022instances missing from 4023.Va jail_list 4024must be started manually. 4025Note that a jail's 4026.Va depend 4027parameter in the configuration file may override this list. 4028.It Va jail_reverse_stop 4029.Pq Vt bool 4030When set to 4031.Dq Li YES , 4032all configured jails in 4033.Va jail_list 4034are stopped in reverse order. 4035.It Va jail_ Ns * variables 4036Note that older releases supported per-jail configuration via 4037.Nm 4038variables. 4039For example, 4040hostname of a jail named 4041.Li vjail 4042was able to be set by 4043.Li jail_vjail_hostname . 4044These per-jail configuration variables are now obsolete in favor of 4045.Xr jail 8 4046configuration file. 4047For backward compatibility, 4048when per-jail configuration variables are defined, 4049.Xr jail 8 4050configuration files are created as 4051.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4052and used. 4053.Pp 4054The following per-jail parameters are handled by 4055.Pa rc.d/jail 4056script out of their corresponding 4057.Nm 4058variables. 4059In addition to them, parameters in 4060.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4061will be added to the configuration file. 4062They must be a semi-colon 4063.Pq Ql \&; 4064delimited list of 4065.Dq key=value . 4066For more details, 4067see 4068.Xr jail 8 4069manual page. 4070.Bl -tag -width "host.hostname" -offset indent 4071.It Li path 4072set from 4073.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4074.It Li host.hostname 4075set from 4076.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4077.It Li exec.consolelog 4078set from 4079.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4080The default value is 4081.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4082.It Li interface 4083set from 4084.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4085.It Li vnet.interface 4086set from 4087.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4088This implies 4089.Li vnet 4090parameter will be enabled and cannot be specified with 4091.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4092.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4093and/or 4094.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4095at the same time. 4096.It Li fstab 4097set from 4098.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4099.It Li mount 4100set from 4101.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4102.It Li exec.fib 4103set from 4104.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4105.It Li exec.start 4106set from 4107.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4108The parameter name was 4109.Li command 4110in some older releases. 4111.It Li exec.prestart 4112set from 4113.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4114.It Li exec.poststart 4115set from 4116.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4117.It Li exec.stop 4118set from 4119.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4120.It Li exec.prestop 4121set from 4122.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4123.It Li exec.poststop 4124set from 4125.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4126.It Li ip4.addr 4127set if 4128.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4129or 4130.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4131contain IPv4 addresses 4132.It Li ip6.addr 4133set if 4134.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4135or 4136.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4137contain IPv6 addresses 4138.It Li allow.mount 4139set from 4140.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4141.It Li mount.devfs 4142set from 4143.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4144.It Li devfs_ruleset 4145set from 4146.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4147This must be an integer, 4148not a string. 4149.It Li mount.fdescfs 4150set from 4151.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4152.It Li allow.set_hostname 4153set from 4154.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4155.It Li allow.rawsocket 4156set from 4157.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4158.It Li allow.sysvipc 4159set from 4160.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4161.El 4162.\" ----------------------------------------------------- 4163.It Va harvest_mask 4164.Pq Vt int 4165Set to a bit-mask 4166representing the entropy sources 4167you wish to harvest. 4168Refer to 4169.Xr random 4 4170for more information. 4171.It Va entropy_dir 4172.Pq Vt str 4173Set to 4174.Dq Li NO 4175to disable caching entropy via 4176.Xr cron 8 . 4177Otherwise set to the directory 4178in which the entropy files are stored. 4179To be useful, 4180there must be 4181a system cron job 4182that regularly writes and rotates 4183files here. 4184All files found 4185will be used at boot time. 4186The default is 4187.Pa /var/db/entropy . 4188.It Va entropy_file 4189.Pq Vt str 4190Set to 4191.Dq Li NO 4192to disable caching entropy through reboots. 4193Otherwise set to the name 4194of a file used to store cached entropy. 4195This file should be located 4196on a file system that is readable 4197before all the volumes specified in 4198.Xr fstab 5 4199are mounted. 4200By default, 4201.Pa /entropy 4202is used, 4203but if 4204.Pa /var/db/entropy-file 4205is found it will also be used. 4206This will be of some use to 4207.Xr bsdinstall 8 . 4208.It Va entropy_boot_file 4209.Pq Vt str 4210Set to 4211.Dq Li NO 4212to disable 4213very early caching entropy 4214through reboots. 4215Otherwise set to the filename 4216used to read 4217very early reboot cached entropy. 4218This file should be located where 4219.Xr loader 8 4220can read it. 4221See also 4222.Xr loader.conf 5 . 4223The default location is 4224.Pa /boot/entropy . 4225.It Va entropy_save_sz 4226.Pq Vt int 4227Size of the entropy cache files saved by 4228.Nm save-entropy 4229periodically. 4230.It Va entropy_save_num 4231.Pq Vt int 4232Number of entropy cache files to save by 4233.Nm save-entropy 4234periodically. 4235.It Va ipsec_enable 4236.Pq Vt bool 4237Set to 4238.Dq Li YES 4239to run 4240.Xr setkey 8 4241on 4242.Va ipsec_file 4243at boot time. 4244.It Va ipsec_file 4245.Pq Vt str 4246Configuration file for 4247.Xr setkey 8 . 4248.It Va dmesg_enable 4249.Pq Vt bool 4250Set to 4251.Dq Li YES 4252to save 4253.Xr dmesg 8 4254to 4255.Pa /var/run/dmesg.boot 4256on boot. 4257.It Va rcshutdown_timeout 4258.Pq Vt int 4259If set, start a watchdog timer in the background which will terminate 4260.Pa rc.shutdown 4261if 4262.Xr shutdown 8 4263has not completed within the specified time (in seconds). 4264Notice that in addition to this soft timeout, 4265.Xr init 8 4266also applies a hard timeout for the execution of 4267.Pa rc.shutdown . 4268This is configured via 4269.Xr sysctl 8 4270variable 4271.Va kern.init_shutdown_timeout 4272and defaults to 120 seconds. 4273Setting the value of 4274.Va rcshutdown_timeout 4275to more than 120 seconds will have no effect until the 4276.Xr sysctl 8 4277variable 4278.Va kern.init_shutdown_timeout 4279is also increased. 4280.It Va virecover_enable 4281.Pq Vt bool 4282Set to 4283.Dq Li NO 4284to prevent the system from trying to 4285recover prematurely terminated 4286.Xr vi 1 4287sessions. 4288.It Va ugidfw_enable 4289.Pq Vt bool 4290Set to 4291.Dq Li YES 4292to load the 4293.Xr mac_bsdextended 4 4294module upon system initialization and load a default 4295ruleset file. 4296.It Va bsdextended_script 4297.Pq Vt str 4298The default 4299.Xr mac_bsdextended 4 4300ruleset file to load. 4301The default value of this variable is 4302.Pa /etc/rc.bsdextended . 4303.It Va newsyslog_enable 4304.Pq Vt bool 4305If set to 4306.Dq Li YES , 4307run 4308.Xr newsyslog 8 4309command at startup. 4310.It Va newsyslog_flags 4311.Pq Vt str 4312If 4313.Va newsyslog_enable 4314is set to 4315.Dq Li YES , 4316these are the flags to pass to the 4317.Xr newsyslog 8 4318program. 4319The default is 4320.Dq Li -CN , 4321which causes log files flagged with a 4322.Cm C 4323to be created. 4324.It Va mdconfig_md Ns Aq Ar X 4325.Pq Vt str 4326Arguments to 4327.Xr mdconfig 8 4328for 4329.Xr md 4 4330device 4331.Ar X . 4332At minimum a 4333.Fl t Ar type 4334must be specified and either a 4335.Fl s Ar size 4336for malloc or swap backed 4337.Xr md 4 4338devices or a 4339.Fl f Ar file 4340for vnode backed 4341.Xr md 4 4342devices. 4343Note that 4344.Va mdconfig_md Ns Aq Ar X 4345variables are evaluated until one variable is unset or null. 4346.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4347.Pq Vt str 4348Optional arguments passed to 4349.Xr newfs 8 4350to initialize 4351.Xr md 4 4352device 4353.Ar X . 4354.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4355.Pq Vt str 4356An ownership specification passed to 4357.Xr chown 8 4358after the specified 4359.Xr md 4 4360device 4361.Ar X 4362has been mounted. 4363Both the 4364.Xr md 4 4365device and the mount point will be changed. 4366.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4367.Pq Vt str 4368A mode string passed to 4369.Xr chmod 1 4370after the specified 4371.Xr md 4 4372device 4373.Ar X 4374has been mounted. 4375Both the 4376.Xr md 4 4377device and the mount point will be changed. 4378.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4379.Pq Vt str 4380Files to be copied to the mount point of the 4381.Xr md 4 4382device 4383.Ar X 4384after it has been mounted. 4385.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4386.Pq Vt str 4387Command to execute after the specified 4388.Xr md 4 4389device 4390.Ar X 4391has been mounted. 4392Note that the command is passed to 4393.Ic eval 4394and that both 4395.Va _dev 4396and 4397.Va _mp 4398variables can be used to reference respectively the 4399.Xr md 4 4400device and the mount point. 4401Assuming that the 4402.Xr md 4 4403device is 4404.Li md0 , 4405one could set the following: 4406.Bd -literal 4407mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4408.Ed 4409.It Va autobridge_interfaces 4410.Pq Vt str 4411Set to the list of bridge interfaces that will have newly arriving interfaces 4412checked against to be automatically added. 4413If not set to 4414.Dq Li NO 4415then for each whitespace separated 4416.Ar element 4417in the value, a 4418.Va autobridge_ Ns Aq Ar element 4419variable is assumed to exist which has a whitespace separated list of interface 4420names to match, these names can use wildcards. 4421For example: 4422.Bd -literal 4423autobridge_interfaces="bridge0" 4424autobridge_bridge0="tap* dc0 vlan[345]" 4425.Ed 4426.It Va mixer_enable 4427.Pq Vt bool 4428If set to 4429.Dq Li YES , 4430enable support for sound mixer. 4431.It Va hcsecd_enable 4432.Pq Vt bool 4433If set to 4434.Dq Li YES , 4435enable Bluetooth security daemon. 4436.It Va hcsecd_config 4437.Pq Vt str 4438Configuration file for 4439.Xr hcsecd 8 . 4440Default 4441.Pa /etc/bluetooth/hcsecd.conf . 4442.It Va sdpd_enable 4443.Pq Vt bool 4444If set to 4445.Dq Li YES , 4446enable Bluetooth Service Discovery Protocol daemon. 4447.It Va sdpd_control 4448.Pq Vt str 4449Path to 4450.Xr sdpd 8 4451control socket. 4452Default 4453.Pa /var/run/sdp . 4454.It Va sdpd_groupname 4455.Pq Vt str 4456Sets 4457.Xr sdpd 8 4458group to run as after it initializes. 4459Default 4460.Dq Li nobody . 4461.It Va sdpd_username 4462.Pq Vt str 4463Sets 4464.Xr sdpd 8 4465user to run as after it initializes. 4466Default 4467.Dq Li nobody . 4468.It Va bthidd_enable 4469.Pq Vt bool 4470If set to 4471.Dq Li YES , 4472enable Bluetooth Human Interface Device daemon. 4473.It Va bthidd_config 4474.Pq Vt str 4475Configuration file for 4476.Xr bthidd 8 . 4477Default 4478.Pa /etc/bluetooth/bthidd.conf . 4479.It Va bthidd_hids 4480.Pq Vt str 4481Path to a file, where 4482.Xr bthidd 8 4483will store information about known HID devices. 4484Default 4485.Pa /var/db/bthidd.hids . 4486.It Va rfcomm_pppd_server_enable 4487.Pq Vt bool 4488If set to 4489.Dq Li YES , 4490enable Bluetooth RFCOMM PPP wrapper daemon. 4491.It Va rfcomm_pppd_server_profile 4492.Pq Vt str 4493The name of the profile to use from 4494.Pa /etc/ppp/ppp.conf . 4495Multiple profiles can be specified here. 4496Also used to specify per-profile overrides. 4497When the profile name contains any of the characters 4498.Dq Li .-/+ 4499they are translated to 4500.Dq Li _ 4501for the proposes of the override variable names. 4502.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4503.Pq Vt str 4504Overrides local address to listen on. 4505By default 4506.Xr rfcomm_pppd 8 4507will listen on 4508.Dq Li ANY 4509address. 4510The address can be specified as BD_ADDR or name. 4511.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4512.Pq Vt str 4513Overrides local RFCOMM channel to listen on. 4514By default 4515.Xr rfcomm_pppd 8 4516will listen on RFCOMM channel 1. 4517Must set properly if multiple profiles used in the same time. 4518.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4519.Pq Vt bool 4520Tells 4521.Xr rfcomm_pppd 8 4522if it should register Serial Port service on the specified RFCOMM channel. 4523Default 4524.Dq Li NO . 4525.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4526.Pq Vt bool 4527Tells 4528.Xr rfcomm_pppd 8 4529if it should register Dial-Up Networking service on the specified 4530RFCOMM channel. 4531Default 4532.Dq Li NO . 4533.It Va ubthidhci_enable 4534.Pq Vt bool 4535If set to 4536.Dq Li YES , 4537change the USB Bluetooth controller from HID mode to HCI mode. 4538You also need to specify the location of USB Bluetooth controller with the 4539.Va ubthidhci_busnum 4540and 4541.Va ubthidhci_addr 4542variables. 4543.It Va ubthidhci_busnum 4544Bus number where the USB Bluetooth controller is located. 4545Check the output of 4546.Xr usbconfig 8 4547on your system to find this information. 4548.It Va ubthidhci_addr 4549Bus address of the USB Bluetooth controller. 4550Check the output of 4551.Xr usbconfig 8 4552on your system to find this information. 4553.It Va utx_enable 4554.Pq Vt bool 4555Set to 4556.Dq Li YES 4557to enable user accounting through the 4558.Xr utx 8 4559facility. 4560.It Va netwait_enable 4561.Pq Vt bool 4562If set to 4563.Dq Li YES , 4564delays the start of network-reliant services until 4565.Va netwait_if 4566is up and ICMP packets to a destination defined in 4567.Va netwait_ip 4568are flowing. 4569Link state is examined first, followed by 4570.Dq Li pinging 4571an IP address to verify network usability. 4572If no destination can be reached or timeouts are exceeded, 4573network services are started anyway with no guarantee that 4574the network is usable. 4575Use of this variable requires both 4576.Va netwait_ip 4577and 4578.Va netwait_if 4579to be set. 4580.It Va netwait_ip 4581.Pq Vt str 4582Empty by default. 4583This variable contains a space-delimited list of IP addresses to 4584.Xr ping 8 . 4585DNS hostnames should not be used as resolution is not guaranteed 4586to be functional at this point. 4587If multiple IP addresses are specified, 4588each will be tried until one is successful or the list is exhausted. 4589.It Va netwait_timeout 4590.Pq Vt int 4591Indicates the total number of seconds to perform a 4592.Dq Li ping 4593against each IP address in 4594.Va netwait_ip , 4595at a rate of one ping per second. 4596If any of the pings are successful, 4597full network connectivity is considered reliable. 4598The default is 60. 4599.It Va netwait_if 4600.Pq Vt str 4601Empty by default. 4602Defines the name of the network interface on which watch for link. 4603.Xr ifconfig 8 4604is used to monitor the interface, looking for 4605.Dq Li status: no carrier . 4606Once gone, the link is considered up. 4607This can be a 4608.Xr vlan 4 4609interface if desired. 4610.It Va netwait_if_timeout 4611.Pq Vt int 4612Defines the total number of seconds to wait for link to become usable, 4613polled at a 1-second interval. 4614The default is 30. 4615.It Va rctl_enable 4616.Pq Vt bool 4617If set to 4618.Dq Li YES , 4619load 4620.Xr rctl 8 4621rules from the defined ruleset. 4622The kernel must be built with 4623.Cd "options RACCT" 4624and 4625.Cd "options RCTL" . 4626.It Va rctl_rules 4627.Pq Vt str 4628Set to 4629.Pa /etc/rctl.conf 4630by default. 4631This variables contains the 4632.Xr rctl.conf 5 4633ruleset to load for 4634.Xr rctl 8 . 4635.It Va iovctl_files 4636.Pq Vt str 4637A space-separated list of configuration files used by 4638.Xr iovctl 8 . 4639The default value is an empty string. 4640.It Va autofs_enable 4641.Pq Vt bool 4642If set to 4643.Dq Li YES , 4644start the 4645.Xr automount 8 4646utility and the 4647.Xr automountd 8 4648and 4649.Xr autounmountd 8 4650daemons at boot time. 4651.It Va automount_flags 4652.Pq Vt str 4653If 4654.Va autofs_enable 4655is set to 4656.Dq Li YES , 4657these are the flags to pass to the 4658.Xr automount 8 4659program. 4660By default no flags are passed. 4661.It Va automountd_flags 4662.Pq Vt str 4663If 4664.Va autofs_enable 4665is set to 4666.Dq Li YES , 4667these are the flags to pass to the 4668.Xr automountd 8 4669daemon. 4670By default no flags are passed. 4671.It Va autounmountd_flags 4672.Pq Vt str 4673If 4674.Va autofs_enable 4675is set to 4676.Dq Li YES , 4677these are the flags to pass to the 4678.Xr autounmountd 8 4679daemon. 4680By default no flags are passed. 4681.It Va ctld_enable 4682.Pq Vt bool 4683If set to 4684.Dq Li YES , 4685start the 4686.Xr ctld 8 4687daemon at boot time. 4688.It Va iscsid_enable 4689.Pq Vt bool 4690If set to 4691.Dq Li YES , 4692start the 4693.Xr iscsid 8 4694daemon at boot time. 4695.It Va iscsictl_enable 4696.Pq Vt bool 4697If set to 4698.Dq Li YES , 4699start the 4700.Xr iscsictl 8 4701utility at boot time. 4702.It Va iscsictl_flags 4703.Pq Vt str 4704If 4705.Va iscsictl_enable 4706is set to 4707.Dq Li YES , 4708these are the flags to pass to the 4709.Xr iscsictl 8 4710program. 4711The default is 4712.Dq Li -Aa , 4713which configures sessions based on the 4714.Pa /etc/iscsi.conf 4715configuration file. 4716.It Va cfumass_enable 4717.Pq Vt bool 4718If set to 4719.Dq Li YES , 4720create and export an USB LUN using 4721.Xr cfumass 4 4722at boot time. 4723.It Va cfumass_dir 4724.Pq Vt str 4725The directory where the files exported by USB LUN are located. 4726The default directory is 4727.Pa /var/cfumass . 4728.It Va service_delete_empty 4729.Pq Vt bool 4730If set to 4731.Dq Li YES , 4732.Ql Li service delete 4733removes empty 4734.Dq Li rc.conf.d 4735files. 4736.It Va zfs_bootonce_activate 4737.Pq Vt bool 4738If set to 4739.Dq Li YES , 4740and a boot environment marked bootonce is successfully booted, 4741it will be made permanently active. 4742.It Va zfskeys_enable 4743.Pq Vt bool 4744If set to 4745.Dq Li YES , 4746enable auto-loading of encryption keys for encrypted ZFS datasets. 4747For every dataset the script will first load the appropriate encryption key 4748and then attempt to unlock the dataset. 4749.Pp 4750The script operates only on datasets which are encrypted with 4751ZFS native encryption 4752and have a ZFS 4753.Dq Li keylocation 4754dataset property beginning with 4755.Dq Li file:// . 4756.It Va zfskeys_datasets 4757.Pq Vt str 4758A whitespace-separated list of ZFS datasets to unlock. 4759The list is empty by default, 4760which means that the script will attempt to unlock all datasets. 4761.It Va zfskeys_timeout 4762.Pq Vt int 4763Define the total number of seconds to wait for the zfskeys script 4764to unlock an encrypted dataset. 4765The default is 10. 4766.It Va sendmail_enable 4767.Pq Vt str 4768If set to 4769.Dq Li YES , 4770run the 4771.Xr sendmail 8 4772daemon at system boot time. 4773If set to 4774.Dq Li NO , 4775do not run a 4776.Xr sendmail 8 4777daemon to listen for incoming network mail. 4778This does not preclude a 4779.Xr sendmail 8 4780daemon listening on the SMTP port of the loopback interface. 4781The 4782.Dq Li NONE 4783option sets each 4784.Va sendmail_enable , 4785.Va sendmail_submit_enable , 4786.Va sendmail_outbound_enable , 4787.Va sendmail_msp_queue_enable 4788to 4789.Dq Li NO . 4790.It Va sendmail_cert_create 4791.Pq Vt str 4792If 4793.Va sendmail_enable 4794is set to 4795.Dq Li YES , 4796create a signed certificate 4797.Pa /etc/mail/certs/host.cert 4798representing 4799.Pa /etc/mail/certs/host.key 4800by the CA certificate in 4801.Pa /etc/mail/certs/cacert.pem . 4802This will enable connecting hosts to negotiate STARTTLS allowing incoming 4803email to be encrypted in transit. 4804.Xr sendmail 8 4805needs to be configured to use these generated files. 4806The default configuration in 4807.Pa /etc/mail/freebsd.mc 4808has the required options in it. 4809.It Va sendmail_cert_cn 4810.Pq Vt str 4811If 4812.Va sendmail_enable 4813is set to 4814.Dq Li YES 4815and 4816.Va sendmail_cert_create 4817is set to 4818.Dq Li YES , 4819this is the Common Name (CN) of the certificate that will be created. 4820If 4821.Va sendmail_cert_cn 4822is not set, the system's hostname will be used. 4823If there is no hostname set, 4824.Dq Li amnesiac 4825will be used. 4826.It Va sendmail_flags 4827.Pq Vt str 4828If 4829.Va sendmail_enable 4830is set to 4831.Dq Li YES , 4832these are the flags to pass to the 4833.Xr sendmail 8 4834daemon. 4835.It Va sendmail_submit_enable 4836.Pq Vt bool 4837If set to 4838.Dq Li YES 4839and 4840.Va sendmail_enable 4841is set to 4842.Dq Li NO , 4843run 4844.Xr sendmail 8 4845using 4846.Va sendmail_submit_flags 4847instead of 4848.Va sendmail_flags . 4849This is intended to allow local mail submission via 4850a localhost-only listening SMTP service required for running 4851.Xr sendmail 8 4852as a non-set-user-ID binary. 4853Note that this does not work inside 4854.Xr jail 2 4855systems, as jails do not allow binding to just the localhost interface. 4856.It Va sendmail_submit_flags 4857.Pq Vt str 4858If 4859.Va sendmail_enable 4860is set to 4861.Dq Li NO 4862and 4863.Va sendmail_submit_enable 4864is set to 4865.Dq Li YES , 4866these are the flags to pass to the 4867.Xr sendmail 8 4868daemon. 4869.It Va sendmail_outbound_enable 4870.Pq Vt bool 4871If set to 4872.Dq Li YES 4873and both 4874.Va sendmail_enable 4875and 4876.Va sendmail_submit_enable 4877are set to 4878.Dq Li NO , 4879run 4880.Xr sendmail 8 4881using 4882.Va sendmail_outbound_flags 4883instead of 4884.Va sendmail_flags . 4885This is intended to allow local mail queue management 4886for systems that do not offer a listening SMTP service. 4887.It Va sendmail_outbound_flags 4888.Pq Vt str 4889If both 4890.Va sendmail_enable 4891and 4892.Va sendmail_submit_enable 4893are set to 4894.Dq Li NO 4895and 4896.Va sendmail_outbound_enable 4897is set to 4898.Dq Li YES , 4899these are the flags to pass to the 4900.Xr sendmail 8 4901daemon. 4902.It Va sendmail_msp_queue_enable 4903.Pq Vt bool 4904If set to 4905.Dq Li YES , 4906start a client (MSP) queue runner 4907.Xr sendmail 8 4908daemon at system boot time. 4909As of sendmail 8.12, a separate queue is used for command line 4910submissions. 4911The client queue runner ensures that nothing is 4912left behind in the submission queue. 4913.It Va sendmail_msp_queue_flags 4914.Pq Vt str 4915If 4916.Va sendmail_msp_queue_enable 4917is set to 4918daemon. 4919.Dq Li YES , 4920these are the flags to pass to the 4921.Xr sendmail 8 4922.El 4923.Sh FILES 4924.Bl -tag -width "/etc/defaults/rc.conf" -compact 4925.It Pa /etc/defaults/rc.conf 4926.It Pa /etc/defaults/vendor.conf 4927.It Pa /etc/rc.conf 4928.It Pa /etc/rc.conf.local 4929.It Pa /etc/rc.conf.d/ 4930.El 4931.Sh SEE ALSO 4932.Xr chmod 1 , 4933.Xr cpuset 1 , 4934.Xr gdb 1 Pq Pa ports/devel/gdb , 4935.Xr kbdcontrol 1 , 4936.Xr limits 1 , 4937.Xr protect 1 , 4938.Xr sh 1 , 4939.Xr umask 1 , 4940.Xr uuidgen 1 , 4941.Xr vi 1 , 4942.Xr vidcontrol 1 , 4943.Xr bridge 4 , 4944.Xr dummynet 4 , 4945.Xr ip 4 , 4946.Xr ipf 4 , 4947.Xr ipfw 4 , 4948.Xr ipnat 4 , 4949.Xr kld 4 , 4950.Xr pf 4 , 4951.Xr pflog 4 , 4952.Xr pfsync 4 , 4953.Xr tcp 4 , 4954.Xr udp 4 , 4955.Xr exports 5 , 4956.Xr fstab 5 , 4957.Xr ipf 5 , 4958.Xr ipnat 5 , 4959.Xr jail.conf 5 , 4960.Xr loader.conf 5 , 4961.Xr login.conf 5 , 4962.Xr motd 5 , 4963.Xr newsyslog.conf 5 , 4964.Xr pf.conf 5 , 4965.Xr firewall 7 , 4966.Xr growfs 7 , 4967.Xr security 7 , 4968.Xr tuning 7 , 4969.Xr accton 8 , 4970.Xr apm 8 , 4971.Xr bsdinstall 8 , 4972.Xr bthidd 8 , 4973.Xr chkprintcap 8 , 4974.Xr chown 8 , 4975.Xr cron 8 , 4976.Xr devfs 8 , 4977.Xr dhclient 8 , 4978.Xr ftpd 8 , 4979.Xr geli 8 , 4980.Xr hcsecd 8 , 4981.Xr ifconfig 8 , 4982.Xr inetd 8 , 4983.Xr iovctl 8 , 4984.Xr ipf 8 , 4985.Xr ipfw 8 , 4986.Xr ipnat 8 , 4987.Xr jail 8 , 4988.Xr kldxref 8 , 4989.Xr loader 8 , 4990.Xr lpd 8 , 4991.Xr makewhatis 8 , 4992.Xr mdconfig 8 , 4993.Xr mdmfs 8 , 4994.Xr mixer 8 , 4995.Xr mountd 8 , 4996.Xr moused 8 , 4997.Xr newfs 8 , 4998.Xr newsyslog 8 , 4999.Xr nfsd 8 , 5000.Xr ntpd 8 , 5001.Xr ntpdate 8 , 5002.Xr pfctl 8 , 5003.Xr pflogd 8 , 5004.Xr ping 8 , 5005.Xr powerd 8 , 5006.Xr quotacheck 8 , 5007.Xr quotaon 8 , 5008.Xr rc 8 , 5009.Xr rc.subr 8 , 5010.Xr rcorder 8 , 5011.Xr rfcomm_pppd 8 , 5012.Xr route 8 , 5013.Xr route6d 8 , 5014.Xr routed 8 , 5015.Xr rpc.lockd 8 , 5016.Xr rpc.statd 8 , 5017.Xr rpc.tlsclntd 8 , 5018.Xr rpc.tlsservd 8 , 5019.Xr rpcbind 8 , 5020.Xr rwhod 8 , 5021.Xr savecore 8 , 5022.Xr sdpd 8 , 5023.Xr sendmail 8 , 5024.Xr service 8 , 5025.Xr sshd 8 , 5026.Xr swapon 8 , 5027.Xr sysctl 8 , 5028.Xr syslogd 8 , 5029.Xr sysrc 8 , 5030.Xr unbound 8 , 5031.Xr usbconfig 8 , 5032.Xr utx 8 , 5033.Xr wlandebug 8 , 5034.Xr yp 8 , 5035.Xr ypbind 8 , 5036.Xr ypserv 8 , 5037.Xr ypset 8 5038.Sh HISTORY 5039The 5040.Nm 5041file appeared in 5042.Fx 2.2.2 . 5043.Sh AUTHORS 5044.An Jordan K. Hubbard . 5045