1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd February 15, 2018 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67The sysrc(8) command provides a scripting interface to modify system 68config files. 69.Pp 70In addition to 71.Pa /etc/rc.conf.local 72you can also place smaller configuration files for each 73.Xr rc 8 74script in the 75.Pa /etc/rc.conf.d 76directory or 77.Ao Ar dir Ac Ns Pa /rc.conf.d 78directories specified in 79.Va local_startup , 80which will be included by the 81.Va load_rc_config 82function. 83For jail configurations you could use the file 84.Pa /etc/rc.conf.d/jail 85to store jail specific configuration options. 86If 87.Va local_startup 88contains 89.Pa /usr/local/etc/rc.d 90and 91.Pa /opt/conf , 92.Pa /usr/local/rc.conf.d/jail 93and 94.Pa /opt/conf/rc.conf.d/jail 95will be loaded. 96If 97.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 98is a directory, 99all of files in the directory will be loaded. 100Also see the 101.Va rc_conf_files 102variable below. 103.Pp 104Options are set with 105.Dq Ar name Ns Li = Ns Ar value 106assignments that use 107.Xr sh 1 108syntax. 109The following list provides a name and short description for each 110variable that can be set in the 111.Nm 112file: 113.Bl -tag -width indent-two 114.It Va rc_debug 115.Pq Vt bool 116If set to 117.Dq Li YES , 118enable output of debug messages from rc scripts. 119This variable can be helpful in diagnosing mistakes when 120editing or integrating new scripts. 121Beware that this produces copious output to the terminal and 122.Xr syslog 3 . 123.It Va rc_info 124.Pq Vt bool 125If set to 126.Dq Li NO , 127disable informational messages from the rc scripts. 128Informational messages are displayed when 129a condition that is not serious enough to warrant a warning or 130an error occurs. 131.It Va rc_startmsgs 132.Pq Vt bool 133If set to 134.Dq Li YES , 135show 136.Dq Starting foo: 137when faststart is used (e.g., at boot time). 138.It Va early_late_divider 139.Pq Vt str 140The name of the script that should be used as the 141delimiter between the 142.Dq early 143and 144.Dq late 145stages of the boot process. 146The early stage should contain all the services needed to 147get the disks (local or remote) mounted so that the late 148stage can include scripts contained in the directories 149listed in the 150.Va local_startup 151variable (see below). 152Thus, the two likely candidates for this value are 153.Pa mountcritlocal 154for the typical system, and 155.Pa mountcritremote 156if the system needs remote file 157systems mounted to get access to the 158.Va local_startup 159directories; for example when 160.Pa /usr/local 161is NFS mounted. 162For 163.Pa rc.conf 164within a 165.Xr jail 8 166.Pa NETWORKING 167is likely to be an appropriate value. 168Extreme care should be taken when changing this value, 169and before changing it one should ensure that there are 170adequate provisions to recover from a failed boot 171(such as physical contact with the machine, 172or reliable remote console access). 173.It Va always_force_depends 174.Pq Vt bool 175Various 176.Pa rc.d 177scripts use the force_depend function to check whether required 178services are already running, and to start them if necessary. 179By default during boot time this check is bypassed if the 180required service is enabled in 181.Pa /etc/rc.conf[.local] . 182Setting this option will bypass that check at boot time and 183always test whether or not the service is actually running. 184Enabling this option is likely to increase your boot time if 185services are enabled that utilize the force_depend check. 186.It Ao Ar name Ac Ns Va _chroot 187.Pq Vt str 188.Xr chroot 8 189to this directory before running the service. 190.It Ao Ar name Ac Ns Va _user 191.Pq Vt str 192Run the service under this user account. 193.It Ao Ar name Ac Ns Va _group 194.Pq Vt str 195Run the chrooted service under this system group. 196Unlike the _user 197setting, this setting has no effect if the service is not chrooted. 198.It Ao Ar name Ac Ns Va _fib 199.Pq Vt int 200The 201.Xr setfib 1 202value to run the service under. 203.It Ao Ar name Ac Ns Va _nice 204.Pq Vt int 205The 206.Xr nice 1 207value to run the service under. 208.It Va apm_enable 209.Pq Vt bool 210If set to 211.Dq Li YES , 212enable support for Automatic Power Management with 213the 214.Xr apm 8 215command. 216.It Va apmd_enable 217.Pq Vt bool 218Run 219.Xr apmd 8 220to handle APM event from userland. 221This also enables support for APM. 222.It Va apmd_flags 223.Pq Vt str 224If 225.Va apmd_enable 226is set to 227.Dq Li YES , 228these are the flags to pass to the 229.Xr apmd 8 230daemon. 231.It Va devd_enable 232.Pq Vt bool 233Run 234.Xr devd 8 235to handle device added, removed or unknown events from the kernel. 236.It Va ddb_enable 237.Pq Vt bool 238Run 239.Xr ddb 8 240to install 241.Xr ddb 4 242scripts at boot time. 243.It Va ddb_config 244.Pq Vt str 245Configuration file for 246.Xr ddb 8 . 247Default 248.Pa /etc/ddb.conf . 249.It Va kld_list 250.Pq Vt str 251A list of kernel modules to load right after the local 252disks are mounted. 253Loading modules at this point in the boot process is 254much faster than doing it via 255.Pa /boot/loader.conf 256for those modules not necessary for mounting local disk. 257.It Va kldxref_enable 258.Pq Vt bool 259Set to 260.Dq Li NO 261by default. 262Set to 263.Dq Li YES 264to automatically rebuild 265.Pa linker.hints 266files with 267.Xr kldxref 8 268at boot time. 269.It Va kldxref_clobber 270.Pq Vt bool 271Set to 272.Dq Li NO 273by default. 274If 275.Va kldxref_enable 276is true, 277setting to 278.Dq Li YES 279will overwrite existing 280.Pa linker.hints 281files at boot time. 282Otherwise, 283only missing 284.Pa linker.hints 285files are generated. 286.It Va kldxref_module_path 287.Pq Vt str 288Empty by default. 289A semi-colon 290.Pq Ql \&; 291delimited list of paths containing 292.Xr kld 4 293modules. 294If empty, 295the contents of the 296.Va kern.module_path 297.Xr sysctl 8 298are used. 299.It Va powerd_enable 300.Pq Vt bool 301If set to 302.Dq Li YES , 303enable the system power control facility with the 304.Xr powerd 8 305daemon. 306.It Va powerd_flags 307.Pq Vt str 308If 309.Va powerd_enable 310is set to 311.Dq Li YES , 312these are the flags to pass to the 313.Xr powerd 8 314daemon. 315.It Va tmpmfs 316Controls the creation of a 317.Pa /tmp 318memory file system. 319Always happens if set to 320.Dq Li YES 321and never happens if set to 322.Dq Li NO . 323If set to anything else, a memory file system is created if 324.Pa /tmp 325is not writable. 326.It Va tmpsize 327Controls the size of a created 328.Pa /tmp 329memory file system. 330.It Va tmpmfs_flags 331Extra options passed to the 332.Xr mdmfs 8 333utility when the memory file system for 334.Pa /tmp 335is created. 336The default is 337.Dq Li "-S" , 338which inhibits the use of softupdates on 339.Pa /tmp 340so that file system space is freed without delay 341after file truncation or deletion. 342See 343.Xr mdmfs 8 344for other options you can use in 345.Va tmpmfs_flags . 346.It Va varmfs 347Controls the creation of a 348.Pa /var 349memory file system. 350Always happens if set to 351.Dq Li YES 352and never happens if set to 353.Dq Li NO . 354If set to anything else, a memory file system is created if 355.Pa /var 356is not writable. 357.It Va varsize 358Controls the size of a created 359.Pa /var 360memory file system. 361.It Va varmfs_flags 362Extra options passed to the 363.Xr mdmfs 8 364utility when the memory file system for 365.Pa /var 366is created. 367The default is 368.Dq Li "-S" , 369which inhibits the use of softupdates on 370.Pa /var 371so that file system space is freed without delay 372after file truncation or deletion. 373See 374.Xr mdmfs 8 375for other options you can use in 376.Va varmfs_flags . 377.It Va populate_var 378Controls the automatic population of the 379.Pa /var 380file system. 381Always happens if set to 382.Dq Li YES 383and never happens if set to 384.Dq Li NO . 385If set to anything else, a memory file system is created if 386.Pa /var 387is not writable. 388Note that this process requires access to certain commands in 389.Pa /usr 390before 391.Pa /usr 392is mounted on normal systems. 393.It Va cleanvar_enable 394.Pq Vt bool 395Clean the 396.Pa /var 397directory. 398.It Va local_startup 399.Pq Vt str 400List of directories to search for startup script files. 401.It Va script_name_sep 402.Pq Vt str 403The field separator to use for breaking down the list of startup script files 404into individual filenames. 405The default is a space. 406It is not necessary to change this unless there are startup scripts with names 407containing spaces. 408.It Va hostapd_enable 409.Pq Vt bool 410Set to 411.Dq Li YES 412to start 413.Xr hostapd 8 414at system boot time. 415.It Va hostname 416.Pq Vt str 417The fully qualified domain name (FQDN) of this host on the network. 418This should almost certainly be set to something meaningful, even if 419there is no network connection. 420If 421.Xr dhclient 8 422is used to set the hostname via DHCP, 423this variable should be set to an empty string. 424If this value remains unset when the system is done booting 425your console login will display the default hostname of 426.Dq Amnesiac . 427.It Va nisdomainname 428.Pq Vt str 429The NIS domain name of this host, or 430.Dq Li NO 431if NIS is not used. 432.It Va dhclient_program 433.Pq Vt str 434Path to the DHCP client program 435.Pa ( /sbin/dhclient , 436the 437.Ox 438DHCP client, 439is the default). 440.It Va dhclient_flags 441.Pq Vt str 442Additional flags to pass to the DHCP client program. 443For the 444.Ox 445DHCP client, see the 446.Xr dhclient 8 447manpage for a description of the command line options available. 448.It Va dhclient_flags_ Ns Aq Ar iface 449Additional flags to pass to the DHCP client program running on 450.Ar iface 451only. 452When specified, this variable overrides 453.Va dhclient_flags . 454.It Va background_dhclient 455.Pq Vt bool 456Set to 457.Dq Li YES 458to start the DHCP client in background. 459This can cause trouble with applications depending on 460a working network, but it will provide a faster startup 461in many cases. 462.It Va background_dhclient_ Ns Aq Ar iface 463When specified, this variable overrides the 464.Va background_dhclient 465variable for interface 466.Ar iface 467only. 468.It Va synchronous_dhclient 469.Pq Vt bool 470Set to 471.Dq Li YES 472to start 473.Xr dhclient 8 474synchronously at startup. 475This behavior can be overridden on a per-interface basis by replacing 476the 477.Dq Li DHCP 478keyword in the 479.Va ifconfig_ Ns Aq Ar interface 480variable with 481.Dq Li SYNCDHCP 482or 483.Dq Li NOSYNCDHCP . 484.It Va defaultroute_delay 485.Pq Vt int 486When set to a positive value, wait up to this long after configuring 487DHCP interfaces at startup to give the interfaces time to receive a lease. 488.It Va firewall_enable 489.Pq Vt bool 490Set to 491.Dq Li YES 492to load firewall rules at startup. 493If the kernel was not built with 494.Cd "options IPFIREWALL" , 495the 496.Pa ipfw.ko 497kernel module will be loaded. 498See also 499.Va ipfilter_enable . 500.It Va firewall_script 501.Pq Vt str 502This variable specifies the full path to the firewall script to run. 503The default is 504.Pa /etc/rc.firewall . 505.It Va firewall_type 506.Pq Vt str 507Names the firewall type from the selection in 508.Pa /etc/rc.firewall , 509or the file which contains the local firewall ruleset. 510Valid selections from 511.Pa /etc/rc.firewall 512are: 513.Pp 514.Bl -tag -width ".Li simple" -compact 515.It Li open 516unrestricted IP access 517.It Li closed 518all IP services disabled, except via 519.Dq Li lo0 520.It Li client 521basic protection for a workstation 522.It Li simple 523basic protection for a LAN. 524.El 525.Pp 526If a filename is specified, the full path 527must be given. 528.It Va firewall_quiet 529.Pq Vt bool 530Set to 531.Dq Li YES 532to disable the display of firewall rules on the console during boot. 533.It Va firewall_logging 534.Pq Vt bool 535Set to 536.Dq Li YES 537to enable firewall event logging. 538This is equivalent to the 539.Dv IPFIREWALL_VERBOSE 540kernel option. 541.It Va firewall_logif 542.Pq Vt bool 543Set to 544.Dq Li YES 545to create pseudo interface 546.Li ipfw0 547for logging. 548For more details, see 549.Xr ipfw 8 550manual page. 551.It Va firewall_flags 552.Pq Vt str 553Flags passed to 554.Xr ipfw 8 555if 556.Va firewall_type 557specifies a filename. 558.It Va firewall_coscripts 559.Pq Vt str 560List of executables and/or rc scripts to run after firewall starts/stops. 561Default is empty. 562.\" ----- firewall_nat_enable setting -------------------------------- 563.It Va firewall_nat_enable 564.Pq Vt bool 565The 566.Xr ipfw 8 567equivalent of 568.Va natd_enable . 569Setting this to 570.Dq Li YES 571enables kernel NAT. 572.Va firewall_enable 573must also be set to 574.Dq Li YES . 575.It Va firewall_nat_interface 576.Pq Vt str 577The 578.Xr ipfw 8 579equivalent of 580.Va natd_interface . 581This is the name of the public interface or IP address on which 582kernel NAT should run. 583.It Va firewall_nat_flags 584.Pq Vt str 585Additional configuration parameters for kernel NAT should be placed here. 586.It Va dummynet_enable 587.Pq Vt bool 588Setting this to 589.Dq Li YES 590will automatically load the 591.Xr dummynet 4 592module if 593.Va firewall_enable 594is also set to 595.Dq Li YES . 596.\" ------------------------------------------------------------------- 597.It Va ipfw_netflow_enable 598.Pq Vt bool 599Setting this to 600.Dq Li YES 601will enable netflow logging via 602.Xr ng_netflow 4 603.Pp 604By default a ipfw rule is inserted and all packets are duplicated with 605the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 606port using protocol version 5. 607.It Va ipfw_netflow_hook 608.Pq Vt int 609netflow hook name, must be numerical 610(default 611.Pa 9995 ) . 612.It Va ipfw_netflow_rule 613.Pq Vt int 614ipfw rule number 615(default 616.Pa 1000 ) . 617.It Va ipfw_netflow_ip 618.Pq Vt str 619Destination server ip for receiving netflow data 620(default 621.Pa 127.0.0.1 ) . 622.It Va ipfw_netflow_port 623.Pq Vt int 624Destination server port for receiving netflow data 625(default 626.Pa 9995 ) . 627.It Va ipfw_netflow_version 628.Pq Vt int 629Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 630.It Va ipfw_netflow_fib 631.Pq Vt int 632Only match packet in FIB 633.Pa ipfw_netflow_fib 634(default is undefined meaning all FIBs). 635.It Va natd_program 636.Pq Vt str 637Path to 638.Xr natd 8 . 639.It Va natd_enable 640.Pq Vt bool 641Set to 642.Dq Li YES 643to enable 644.Xr natd 8 . 645.Va firewall_enable 646must also be set to 647.Dq Li YES , 648and 649.Xr divert 4 650sockets must be enabled in the kernel. 651If the kernel was not built with 652.Cd "options IPDIVERT" , 653the 654.Pa ipdivert.ko 655kernel module will be loaded. 656.It Va natd_interface 657.Pq Vt str 658This is the name of the public interface on which 659.Xr natd 8 660should run. 661The interface may be given as an interface name or as an IP address. 662.It Va natd_flags 663.Pq Vt str 664Additional 665.Xr natd 8 666flags should be placed here. 667The 668.Fl n 669or 670.Fl a 671flag is automatically added with the above 672.Va natd_interface 673as an argument. 674.\" ----- ipfilter_enable setting -------------------------------- 675.It Va ipfilter_enable 676.Pq Vt bool 677Set to 678.Dq Li NO 679by default. 680Setting this to 681.Dq Li YES 682enables 683.Xr ipf 8 684packet filtering. 685.Pp 686Typical usage will require putting 687.Bd -literal 688ipfilter_enable="YES" 689ipnat_enable="YES" 690ipmon_enable="YES" 691ipfs_enable="YES" 692.Ed 693.Pp 694into 695.Pa /etc/rc.conf 696and editing 697.Pa /etc/ipf.rules 698and 699.Pa /etc/ipnat.rules 700appropriately. 701.Pp 702Note that 703.Va ipfilter_enable 704and 705.Va ipnat_enable 706can be enabled independently. 707.Va ipmon_enable 708and 709.Va ipfs_enable 710both require at least one of 711.Va ipfilter_enable 712and 713.Va ipnat_enable 714to be enabled. 715.Pp 716Having 717.Bd -literal 718options IPFILTER 719options IPFILTER_LOG 720options IPFILTER_DEFAULT_BLOCK 721.Ed 722.Pp 723in the kernel configuration file is a good idea, too. 724.\" ----- ipfilter_program setting ------------------------------ 725.It Va ipfilter_program 726.Pq Vt str 727Path to 728.Xr ipf 8 729(default 730.Pa /sbin/ipf ) . 731.\" ----- ipfilter_rules setting -------------------------------- 732.It Va ipfilter_rules 733.Pq Vt str 734Set to 735.Pa /etc/ipf.rules 736by default. 737This variable contains the name of the filter rule definition file. 738The file is expected to be readable for the 739.Xr ipf 8 740command to execute. 741.\" ----- ipv6_ipfilter_rules setting --------------------------- 742.It Va ipv6_ipfilter_rules 743.Pq Vt str 744Set to 745.Pa /etc/ipf6.rules 746by default. 747This variable contains the IPv6 filter rule definition file. 748The file is expected to be readable for the 749.Xr ipf 8 750command to execute. 751.\" ----- ipfilter_flags setting -------------------------------- 752.It Va ipfilter_flags 753.Pq Vt str 754Empty by default. 755This variable contains flags passed to the 756.Xr ipf 8 757program. 758.\" ----- ipnat_enable setting ---------------------------------- 759.It Va ipnat_enable 760.Pq Vt bool 761Set to 762.Dq Li NO 763by default. 764Set it to 765.Dq Li YES 766to enable 767.Xr ipnat 8 768network address translation. 769See 770.Va ipfilter_enable 771for a detailed discussion. 772.\" ----- ipnat_program setting --------------------------------- 773.It Va ipnat_program 774.Pq Vt str 775Path to 776.Xr ipnat 8 777(default 778.Pa /sbin/ipnat ) . 779.\" ----- ipnat_rules setting ----------------------------------- 780.It Va ipnat_rules 781.Pq Vt str 782Set to 783.Pa /etc/ipnat.rules 784by default. 785This variable contains the name of the file 786holding the network address translation definition. 787This file is expected to be readable for the 788.Xr ipnat 8 789command to execute. 790.\" ----- ipnat_flags setting ----------------------------------- 791.It Va ipnat_flags 792.Pq Vt str 793Empty by default. 794This variable contains flags passed to the 795.Xr ipnat 8 796program. 797.\" ----- ipmon_enable setting ---------------------------------- 798.It Va ipmon_enable 799.Pq Vt bool 800Set to 801.Dq Li NO 802by default. 803Set it to 804.Dq Li YES 805to enable 806.Xr ipmon 8 807monitoring (logging 808.Xr ipf 8 809and 810.Xr ipnat 8 811events). 812Setting this variable needs setting 813.Va ipfilter_enable 814or 815.Va ipnat_enable 816too. 817See 818.Va ipfilter_enable 819for a detailed discussion. 820.\" ----- ipmon_program setting --------------------------------- 821.It Va ipmon_program 822.Pq Vt str 823Path to 824.Xr ipmon 8 825(default 826.Pa /sbin/ipmon ) . 827.\" ----- ipmon_flags setting ----------------------------------- 828.It Va ipmon_flags 829.Pq Vt str 830Set to 831.Dq Li -Ds 832by default. 833This variable contains flags passed to the 834.Xr ipmon 8 835program. 836Another typical example would be 837.Dq Fl D Pa /var/log/ipflog 838to have 839.Xr ipmon 8 840log directly to a file bypassing 841.Xr syslogd 8 . 842Make sure to adjust 843.Pa /etc/newsyslog.conf 844in such case like this: 845.Bd -literal 846/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 847.Ed 848.\" ----- ipfs_enable setting ----------------------------------- 849.It Va ipfs_enable 850.Pq Vt bool 851Set to 852.Dq Li NO 853by default. 854Set it to 855.Dq Li YES 856to enable 857.Xr ipfs 8 858saving the filter and NAT state tables during shutdown 859and reloading them during startup again. 860Setting this variable needs setting 861.Va ipfilter_enable 862or 863.Va ipnat_enable 864to 865.Dq Li YES 866too. 867See 868.Va ipfilter_enable 869for a detailed discussion. 870Note that if 871.Va kern_securelevel 872is set to 3, 873.Va ipfs_enable 874cannot be used 875because the raised securelevel will prevent 876.Xr ipfs 8 877from saving the state tables at shutdown time. 878.\" ----- ipfs_program setting ---------------------------------- 879.It Va ipfs_program 880.Pq Vt str 881Path to 882.Xr ipfs 8 883(default 884.Pa /sbin/ipfs ) . 885.\" ----- ipfs_flags setting ------------------------------------ 886.It Va ipfs_flags 887.Pq Vt str 888Empty by default. 889This variable contains flags passed to the 890.Xr ipfs 8 891program. 892.\" ----- end of added ipf hook --------------------------------- 893.It Va pf_enable 894.Pq Vt bool 895Set to 896.Dq Li NO 897by default. 898Setting this to 899.Dq Li YES 900enables 901.Xr pf 4 902packet filtering. 903.Pp 904Typical usage will require putting 905.Pp 906.Dl pf_enable="YES" 907.Pp 908into 909.Pa /etc/rc.conf 910and editing 911.Pa /etc/pf.conf 912appropriately. 913Adding 914.Pp 915.Dl "device pf" 916.Pp 917builds support for 918.Xr pf 4 919into the kernel, otherwise the 920kernel module will be loaded. 921.It Va pf_rules 922.Pq Vt str 923Path to 924.Xr pf 4 925ruleset configuration file 926(default 927.Pa /etc/pf.conf ) . 928.It Va pf_program 929.Pq Vt str 930Path to 931.Xr pfctl 8 932(default 933.Pa /sbin/pfctl ) . 934.It Va pf_flags 935.Pq Vt str 936If 937.Va pf_enable 938is set to 939.Dq Li YES , 940these flags are passed to the 941.Xr pfctl 8 942program when loading the ruleset. 943.It Va pflog_enable 944.Pq Vt bool 945Set to 946.Dq Li NO 947by default. 948Setting this to 949.Dq Li YES 950enables 951.Xr pflogd 8 952which logs packets from the 953.Xr pf 4 954packet filter. 955.It Va pflog_logfile 956.Pq Vt str 957If 958.Va pflog_enable 959is set to 960.Dq Li YES 961this controls where 962.Xr pflogd 8 963stores the logfile 964(default 965.Pa /var/log/pflog ) . 966Check 967.Pa /etc/newsyslog.conf 968to adjust logfile rotation for this. 969.It Va pflog_program 970.Pq Vt str 971Path to 972.Xr pflogd 8 973(default 974.Pa /sbin/pflogd ) . 975.It Va pflog_flags 976.Pq Vt str 977Empty by default. 978This variable contains additional flags passed to the 979.Xr pflogd 8 980program. 981.It Va pflog_instances 982.Pq Vt str 983If logging to more than one 984.Xr pflog 4 985interface is desired, 986.Va pflog_instances 987is set to the list of 988.Xr pflogd 8 989instances that should be started at system boot time. 990If 991.Va pflog_instances 992is set, for each whitespace-separated 993.Ar element 994in the list, 995.Ao Ar element Ac Ns Va _dev 996and 997.Ao Ar element Ac Ns Va _logfile 998elements are assumed to exist. 999.Ao Ar element Ac Ns Va _dev 1000must contain the 1001.Xr pflog 4 1002interface to be watched by the named 1003.Xr pflogd 8 1004instance. 1005.Ao Ar element Ac Ns Va _logfile 1006must contain the name of the logfile that will be used by the 1007.Xr pflogd 8 1008instance. 1009.It Va ftpproxy_enable 1010.Pq Vt bool 1011Set to 1012.Dq Li NO 1013by default. 1014Setting this to 1015.Dq Li YES 1016enables 1017.Xr ftp-proxy 8 1018which supports the 1019.Xr pf 4 1020packet filter in translating ftp connections. 1021.It Va ftpproxy_flags 1022.Pq Vt str 1023Empty by default. 1024This variable contains additional flags passed to the 1025.Xr ftp-proxy 8 1026program. 1027.It Va ftpproxy_instances 1028.Pq Vt str 1029Empty by default. 1030If multiple instances of 1031.Xr ftp-proxy 8 1032are desired at boot time, 1033.Va ftpproxy_instances 1034should contain a whitespace-separated list of instance names. 1035For each 1036.Ar element 1037in the list, a variable named 1038.Ao Ar element Ac Ns Va _flags 1039should be defined, containing the command-line flags to be passed to the 1040.Xr ftp-proxy 8 1041instance. 1042.It Va pfsync_enable 1043.Pq Vt bool 1044Set to 1045.Dq Li NO 1046by default. 1047Setting this to 1048.Dq Li YES 1049enables exposing 1050.Xr pf 4 1051state changes to other hosts over the network by means of 1052.Xr pfsync 4 . 1053The 1054.Va pfsync_syncdev 1055variable 1056must also be set then. 1057.It Va pfsync_syncdev 1058.Pq Vt str 1059Empty by default. 1060This variable specifies the name of the network interface 1061.Xr pfsync 4 1062should operate through. 1063It must be set accordingly if 1064.Va pfsync_enable 1065is set to 1066.Dq Li YES . 1067.It Va pfsync_syncpeer 1068.Pq Vt str 1069Empty by default. 1070This variable is optional. 1071By default, state change messages are sent out on the synchronisation 1072interface using IP multicast packets. 1073The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1074224.0.0.240. 1075When a peer address is specified using the 1076.Va pfsync_syncpeer 1077option, the peer address is used as a destination for the pfsync 1078traffic, and the traffic can then be protected using 1079.Xr ipsec 4 . 1080See the 1081.Xr pfsync 4 1082manpage for more details about using 1083.Xr ipsec 4 1084with 1085.Xr pfsync 4 1086interfaces. 1087.It Va pfsync_ifconfig 1088.Pq Vt str 1089Empty by default. 1090This variable can contain additional options to be passed to the 1091.Xr ifconfig 8 1092command used to set up 1093.Xr pfsync 4 . 1094.It Va tcp_extensions 1095.Pq Vt bool 1096Set to 1097.Dq Li YES 1098by default. 1099Setting this to 1100.Dq Li NO 1101disables certain TCP options as described by 1102.Rs 1103.%T "RFC 1323" 1104.Re 1105Setting this to 1106.Dq Li NO 1107might help remedy such problems with connections as randomly hanging 1108or other weird behavior. 1109Some network devices are known 1110to be broken with respect to these options. 1111.It Va log_in_vain 1112.Pq Vt int 1113Set to 0 by default. 1114The 1115.Xr sysctl 8 1116variables, 1117.Va net.inet.tcp.log_in_vain 1118and 1119.Va net.inet.udp.log_in_vain , 1120as described in 1121.Xr tcp 4 1122and 1123.Xr udp 4 , 1124are set to the given value. 1125.It Va tcp_keepalive 1126.Pq Vt bool 1127Set to 1128.Dq Li YES 1129by default. 1130Setting to 1131.Dq Li NO 1132will disable probing idle TCP connections to verify that the 1133peer is still up and reachable. 1134.It Va tcp_drop_synfin 1135.Pq Vt bool 1136Set to 1137.Dq Li NO 1138by default. 1139Setting to 1140.Dq Li YES 1141will cause the kernel to ignore TCP frames that have both 1142the SYN and FIN flags set. 1143This prevents OS fingerprinting, but may 1144break some legitimate applications. 1145.It Va icmp_drop_redirect 1146.Pq Vt bool 1147Set to 1148.Dq Li NO 1149by default. 1150Setting to 1151.Dq Li YES 1152will cause the kernel to ignore ICMP REDIRECT packets. 1153Refer to 1154.Xr icmp 4 1155for more information. 1156.It Va icmp_log_redirect 1157.Pq Vt bool 1158Set to 1159.Dq Li NO 1160by default. 1161Setting to 1162.Dq Li YES 1163will cause the kernel to log ICMP REDIRECT packets. 1164Note that 1165the log messages are not rate-limited, so this option should only be used 1166for troubleshooting networks. 1167Refer to 1168.Xr icmp 4 1169for more information. 1170.It Va icmp_bmcastecho 1171.Pq Vt bool 1172Set to 1173.Dq Li YES 1174to respond to broadcast or multicast ICMP ping packets. 1175Refer to 1176.Xr icmp 4 1177for more information. 1178.It Va ip_portrange_first 1179.Pq Vt int 1180If not set to 1181.Dq Li NO , 1182this is the first port in the default portrange. 1183Refer to 1184.Xr ip 4 1185for more information. 1186.It Va ip_portrange_last 1187.Pq Vt int 1188If not set to 1189.Dq Li NO , 1190this is the last port in the default portrange. 1191Refer to 1192.Xr ip 4 1193for more information. 1194.It Va network_interfaces 1195.Pq Vt str 1196Set to the list of network interfaces to configure on this host or 1197.Dq Li AUTO 1198(the default) for all current interfaces. 1199Setting the 1200.Va network_interfaces 1201variable to anything other than the default is deprecated. 1202Interfaces that the administrator wishes to store configuration for, 1203but not start at boot should be configured with the 1204.Dq Li NOAUTO 1205keyword in their 1206.Va ifconfig_ Ns Aq Ar interface 1207variables as described below. 1208.Pp 1209An 1210.Va ifconfig_ Ns Aq Ar interface 1211variable is also assumed to exist for each value of 1212.Ar interface . 1213When an interface name contains any of the characters 1214.Dq Li .-/+ 1215they are translated to 1216.Dq Li _ 1217before lookup. 1218The variable can contain arguments to 1219.Xr ifconfig 8 , 1220as well as special case-insensitive keywords described below. 1221Such keywords are removed before passing the value to 1222.Xr ifconfig 8 1223while the order of the other arguments is preserved. 1224.Pp 1225It is possible to add IP alias entries using 1226.Xr ifconfig 8 1227syntax with the address family keyword such as 1228.Li inet . 1229Assuming that the interface in question was 1230.Li ed0 , 1231it might look something like this: 1232.Bd -literal 1233ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1234ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1235.Ed 1236.Pp 1237It also possible to configure multiple IP addresses in Classless 1238Inter-Domain Routing 1239.Pq CIDR 1240address notation, 1241whose each address component can be a range like 1242.Li inet 192.0.2.5-23/24 1243or 1244.Li inet6 2001:db8:1-f::1/64 . 1245This notation allows address and prefix length part only, 1246not the other address modifiers. 1247Note that the maximum number of the generated addresses from a range 1248specification is limited to an integer value specified in 1249.Va netif_ipexpand_max 1250in 1251.Nm 1252because a small typo can unexpectedly generate a large number of addresses. 1253The default value is 1254.Li 2048 . 1255It can be increased by adding the following line into 1256.Nm : 1257.Bd -literal 1258netif_ipexpand_max="4096" 1259.Ed 1260.Pp 1261In the case of 1262.Li 192.0.2.5-23/24 , 1263the address 192.0.2.5 will be configured with the 1264netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1265the non-conflicting netmask /32 as explained in the 1266.Xr ifconfig 8 1267alias section. 1268Note that this special netmask handling is only for 1269.Li inet , 1270not for the other address families such as 1271.Li inet6 . 1272.Pp 1273With the interface in question being 1274.Li ed0 , 1275an example could look like: 1276.Bd -literal 1277ifconfig_ed0_alias2="inet 192.0.2.129/27" 1278ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1279.Ed 1280.Pp 1281and so on. 1282.Pp 1283Note that 1284.Va ipv4_addrs_ Ns Aq Ar interface 1285variable was supported for IPv4 CIDR address notation. 1286It is now deprecated because the functionality was integrated into 1287.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1288though 1289.Va ipv4_addrs_ Ns Aq Ar interface 1290is still supported for backward compatibility. 1291.Pp 1292For each 1293.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1294entry with an address family keyword, 1295its contents are passed to 1296.Xr ifconfig 8 . 1297Execution stops at the first unsuccessful access, so if 1298something like this is present: 1299.Bd -literal 1300ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1301ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1302ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1303ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1304.Ed 1305.Pp 1306Then note that alias4 would 1307.Em not 1308be added since the search would 1309stop with the missing 1310.Dq Li alias3 1311entry. 1312Because of this difficult to manage behavior, 1313there is 1314.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1315variable, which has the same functionality as 1316.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1317and can have all of entries in a variable like the following: 1318.Bd -literal 1319ifconfig_ed0_aliases="\\ 1320 inet 127.0.0.251 netmask 0xffffffff \\ 1321 inet 127.0.0.252 netmask 0xffffffff \\ 1322 inet 127.0.0.253 netmask 0xffffffff \\ 1323 inet 127.0.0.254 netmask 0xffffffff" 1324.Ed 1325.Pp 1326It also supports CIDR notation. 1327.Pp 1328If the 1329.Pa /etc/start_if. Ns Aq Ar interface 1330file is present, it is read and executed by the 1331.Xr sh 1 1332interpreter 1333before configuring the interface as specified in the 1334.Va ifconfig_ Ns Aq Ar interface 1335and 1336.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1337variables. 1338.Pp 1339If a 1340.Va vlans_ Ns Aq Ar interface 1341variable is set, 1342a 1343.Xr vlan 4 1344interface will be created for each item in the list with the 1345.Ar vlandev 1346argument set to 1347.Ar interface . 1348If a vlan interface's name is a number, 1349then that number is used as the vlan tag and the new vlan interface is 1350named 1351.Ar interface . Ns Ar tag . 1352Otherwise, 1353the vlan tag must be specified via a 1354.Va vlan 1355parameter in the 1356.Va create_args_ Ns Aq Ar interface 1357variable. 1358.Pp 1359To create a vlan device named 1360.Li em0.101 1361on 1362.Li em0 1363with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1364.Bd -literal 1365vlans_em0="101" 1366ifconfig_em0_101="inet 192.0.2.1/24" 1367.Ed 1368.Pp 1369To create a vlan device named 1370.Li myvlan 1371on 1372.Li em0 1373with the vlan tag 102: 1374.Bd -literal 1375vlans_em0="myvlan" 1376create_args_myvlan="vlan 102" 1377.Ed 1378.Pp 1379If a 1380.Va wlans_ Ns Aq Ar interface 1381variable is set, 1382an 1383.Xr wlan 4 1384interface will be created for each item in the list with the 1385.Ar wlandev 1386argument set to 1387.Ar interface . 1388Further wlan cloning arguments may be passed to the 1389.Xr ifconfig 8 1390.Cm create 1391command by setting the 1392.Va create_args_ Ns Aq Ar interface 1393variable. 1394One or more 1395.Xr wlan 4 1396devices must be created for each wireless devices as of 1397.Fx 8.0 . 1398Debugging flags for 1399.Xr wlan 4 1400devices as set by 1401.Xr wlandebug 8 1402may be specified with an 1403.Va wlandebug_ Ns Aq Ar interface 1404variable. 1405The contents of this variable will be passed directly to 1406.Xr wlandebug 8 . 1407.Pp 1408If the 1409.Va ifconfig_ Ns Aq Ar interface 1410contains the keyword 1411.Dq Li NOAUTO 1412then the interface will not be configured 1413at boot or by 1414.Pa /etc/pccard_ether 1415when 1416.Va network_interfaces 1417is set to 1418.Dq Li AUTO . 1419.Pp 1420It is possible to bring up an interface with DHCP by adding 1421.Dq Li DHCP 1422to the 1423.Va ifconfig_ Ns Aq Ar interface 1424variable. 1425For instance, to initialize the 1426.Li ed0 1427device via DHCP, 1428it is possible to use something like: 1429.Bd -literal 1430ifconfig_ed0="DHCP" 1431.Ed 1432.Pp 1433If you want to configure your wireless interface with 1434.Xr wpa_supplicant 8 1435for use with WPA, EAP/LEAP or WEP, you need to add 1436.Dq Li WPA 1437to the 1438.Va ifconfig_ Ns Aq Ar interface 1439variable. 1440.Pp 1441On the other hand, if you want to configure your wireless interface with 1442.Xr hostapd 8 , 1443you need to add 1444.Dq Li HOSTAP 1445to the 1446.Va ifconfig_ Ns Aq Ar interface 1447variable. 1448.Xr hostapd 8 1449will use the settings from 1450.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1451.Pp 1452Finally, you can add 1453.Xr ifconfig 8 1454options in this variable, in addition to the 1455.Pa /etc/start_if. Ns Aq Ar interface 1456file. 1457For instance, to configure an 1458.Xr ath 4 1459wireless device in station mode with an address obtained 1460via DHCP, using WPA authentication and 802.11b mode, it is 1461possible to use something like: 1462.Bd -literal 1463wlans_ath0="wlan0" 1464ifconfig_wlan0="DHCP WPA mode 11b" 1465.Ed 1466.Pp 1467In addition to the 1468.Va ifconfig_ Ns Aq Ar interface 1469form, a fallback variable 1470.Va ifconfig_DEFAULT 1471may be configured. 1472It will be used for all interfaces with no 1473.Va ifconfig_ Ns Aq Ar interface 1474variable. 1475This is intended to replace the no longer supported 1476.Va pccard_ifconfig 1477variable. 1478.Pp 1479It is also possible to rename an interface by doing: 1480.Bd -literal 1481ifconfig_ed0_name="net0" 1482ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1483.Ed 1484.It Va ipv6_enable 1485.Pq Vt bool 1486This variable is deprecated. 1487Use 1488.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1489and 1490.Va ipv6_activate_all_interfaces 1491if necessary. 1492.Pp 1493If the variable is 1494.Dq Li YES , 1495.Dq Li inet6 accept_rtadv 1496is added to all of 1497.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1498and the 1499.Va ipv6_activate_all_interfaces 1500is defined as 1501.Dq Li YES . 1502.It Va ipv6_prefer 1503.Pq Vt bool 1504This variable is deprecated. 1505Use 1506.Va ip6addrctl_policy 1507instead. 1508.Pp 1509If the variable is 1510.Dq Li YES , 1511the default address selection policy table set by 1512.Xr ip6addrctl 8 1513will be IPv6-preferred. 1514.Pp 1515If the variable is 1516.Dq Li NO , 1517the default address selection policy table set by 1518.Xr ip6addrctl 8 1519will be IPv4-preferred. 1520.It Va ipv6_activate_all_interfaces 1521.Pq Vt bool 1522This controls initial configuration on IPv6-capable 1523interfaces with no corresponding 1524.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1525variable. 1526Note that it is not always necessary to set this variable to 1527.Dq YES 1528to use IPv6 functionality on 1529.Fx . 1530In most cases, just configuring 1531.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1532variables works. 1533.Pp 1534If the variable is 1535.Dq Li NO , 1536all interfaces which do not have a corresponding 1537.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1538variable will be marked as 1539.Dq Li IFDISABLED 1540at creation. 1541This means that all of IPv6 functionality on that interface 1542is completely disabled to enforce a security policy. 1543If the variable is set to 1544.Dq YES , 1545the flag will be cleared on all of the interfaces. 1546.Pp 1547In most cases, just defining an 1548.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1549for an IPv6-capable interface should be sufficient. 1550However, if an interface is added dynamically 1551.Pq by some tunneling protocols such as PPP, for example , 1552it is often difficult to define the variable in advance. 1553In such a case, configuring the 1554.Dq Li IFDISABLED 1555flag can be disabled by setting this variable to 1556.Dq YES . 1557.Pp 1558For more details of the 1559.Dq Li IFDISABLED 1560flag and keywords 1561.Dq Li inet6 ifdisabled , 1562see 1563.Xr ifconfig 8 . 1564.Pp 1565Default is 1566.Dq Li NO . 1567.It Va ipv6_privacy 1568.Pq Vt bool 1569If the variable is 1570.Dq Li YES 1571privacy addresses will be generated for each IPv6 1572interface as described in RFC 4941. 1573.It Va ipv6_network_interfaces 1574.Pq Vt str 1575This is the IPv6 equivalent of 1576.Va network_interfaces . 1577Normally manual configuration of this variable is not needed. 1578.It Va ipv6_cpe_wanif 1579.Pq Vt str 1580If the variable is set to an interface name, 1581the 1582.Xr ifconfig 8 1583options 1584.Dq inet6 -no_radr accept_rtadv 1585will be added to the specified interface automatically before evaluating 1586.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1587and two 1588.Xr sysctl 8 1589variables 1590.Va net.inet6.ip6.rfc6204w3 1591and 1592.Va net.inet6.ip6.no_radr 1593will be set to 1. 1594.Pp 1595This means the specified interface will accept ICMPv6 Router 1596Advertisement messages on that link and add the discovered 1597routers into the Default Router List. 1598While the other interfaces can still accept RA messages if the 1599.Dq inet6 accept_rtadv 1600option is specified, adding 1601routes into the Default Router List will be disabled by 1602.Dq inet6 no_radr 1603option by default. 1604See 1605.Xr ifconfig 8 1606for more details. 1607.Pp 1608Note that ICMPv6 Router Advertisement messages will be 1609accepted even when 1610.Va net.inet6.ip6.forwarding 1611is 1 1612.Pq packet forwarding is enabled 1613when 1614.Va net.inet6.ip6.rfc6204w3 1615is set to 1. 1616.Pp 1617Default is 1618.Dq Li NO . 1619.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1620.Pq Vt str 1621This assigns arbitrary description to an interface. 1622The 1623.Xr sysctl 8 1624variable 1625.Va net.ifdescr_maxlen 1626limits its length. 1627This static setting may be overridden by commands 1628started with dynamic interface configuration utilities 1629like 1630.Xr dhclient 8 1631hooks. The description can be seen with 1632.Xr ifconfig 8 1633command and it may be exported with 1634.Xr bsnmpd 1 1635daemon using its MIB-2 module. 1636.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1637.Pq Vt str 1638IPv6 functionality on an interface should be configured by 1639.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1640instead of setting ifconfig parameters in 1641.Va ifconfig_ Ns Aq Ar interface . 1642If this variable is empty, all of IPv6 configurations on the 1643specified interface by other variables such as 1644.Va ipv6_prefix_ Ns Ao Ar interface Ac 1645will be ignored. 1646.Pp 1647Aliases should be set by 1648.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1649with 1650.Dq Li inet6 1651keyword. 1652For example: 1653.Bd -literal 1654ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1655ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1656.Ed 1657.Pp 1658Interfaces that have an 1659.Dq Li inet6 accept_rtadv 1660keyword in 1661.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1662setting will be automatically configured by SLAAC 1663.Pq StateLess Address AutoConfiguration 1664described in 1665.Rs 1666.%T "RFC 4862" 1667.Re 1668.Pp 1669Note that a link-local address will be automatically configured in 1670addition to the configured global-scope addresses because the IPv6 1671specifications require it on each link. 1672The address is calculated from the MAC address by using an algorithm 1673defined in 1674.Rs 1675.%T "RFC 4862" 1676.%O "Section 5.3" 1677.Re 1678.Pp 1679If only a link-local address is needed on the interface, 1680the following configuration can be used: 1681.Bd -literal 1682ifconfig_ed0_ipv6="inet6 auto_linklocal" 1683.Ed 1684.Pp 1685A link-local address can also be configured manually. 1686This is useful for the default router address of an IPv6 router 1687so that it does not change when the network interface 1688card is replaced. 1689For example: 1690.Bd -literal 1691ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1692.Ed 1693.It Va ipv6_prefix_ Ns Aq Ar interface 1694.Pq Vt str 1695If one or more prefixes are defined in 1696.Va ipv6_prefix_ Ns Aq Ar interface 1697addresses based on each prefix and the EUI-64 interface index will be 1698configured on that interface. 1699Note that this variable will be ignored when 1700.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1701is empty. 1702.Pp 1703For example, the following configuration 1704.Bd -literal 1705ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1706.Ed 1707.Pp 1708is equivalent to the following: 1709.Bd -literal 1710ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1711ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1712ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1713ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1714.Ed 1715.Pp 1716These Subnet-Router anycast addresses will be added only when 1717.Va ipv6_gateway_enable 1718is YES. 1719.It Va ipv6_default_interface 1720.Pq Vt str 1721If not set to 1722.Dq Li NO , 1723this is the default output interface for scoped addresses. 1724This works only with ipv6_gateway_enable="NO". 1725.It Va ip6addrctl_enable 1726.Pq Vt bool 1727This variable is to enable configuring default address selection policy table 1728.Pq RFC 3484 . 1729The table can be specified in another variable 1730.Va ip6addrctl_policy . 1731For 1732.Va ip6addrctl_policy 1733the following keywords can be specified: 1734.Dq Li ipv4_prefer , 1735.Dq Li ipv6_prefer , 1736or 1737.Dq Li AUTO . 1738.Pp 1739If 1740.Dq Li ipv4_prefer 1741or 1742.Dq Li ipv6_prefer 1743is specified, 1744.Xr ip6addrctl 8 1745installs a pre-defined policy table described in Section 2.1 1746.Pq IPv6-preferred 1747or 10.3 1748.Pq IPv4-preferred 1749of RFC 3484. 1750.Pp 1751If 1752.Dq Li AUTO 1753is specified, it attempts to read a file 1754.Pa /etc/ip6addrctl.conf 1755first. 1756If this file is found, 1757.Xr ip6addrctl 8 1758reads and installs it. 1759If not found, a policy is automatically set 1760according to 1761.Va ipv6_activate_all_interfaces 1762variable; if the variable is set to 1763.Dq Li YES 1764the IPv6-preferred one is used. 1765Otherwise IPv4-preferred. 1766.Pp 1767The default value of 1768.Va ip6addrctl_enable 1769and 1770.Va ip6addrctl_policy 1771are 1772.Dq Li YES 1773and 1774.Dq Li AUTO , 1775respectively. 1776.It Va cloned_interfaces 1777.Pq Vt str 1778Set to the list of clonable network interfaces to create on this host. 1779Further cloning arguments may be passed to the 1780.Xr ifconfig 8 1781.Cm create 1782command for each interface by setting the 1783.Va create_args_ Ns Aq Ar interface 1784variable. 1785If an interface name is specified with 1786.Dq :sticky 1787keyword, 1788the interface will not be destroyed even when 1789.Pa rc.d/netif 1790script is invoked with 1791.Dq stop 1792argument. 1793This is useful when reconfiguring the interface without destroying it. 1794Entries in 1795.Va cloned_interfaces 1796are automatically appended to 1797.Va network_interfaces 1798for configuration. 1799.It Va cloned_interfaces_sticky 1800.Pq Vt bool 1801This variable is to globally enable functionality of 1802.Dq :sticky 1803keyword in 1804.Va cloned_interfaces 1805for all interfaces. 1806The default value is 1807.Dq NO . 1808Even if this variable is specified to 1809.Dq YES , 1810.Dq :nosticky 1811keyword can be used to override it on per interface basis. 1812.It Va gif_interfaces 1813.Pq Vt str 1814This variable is deprecated in favor of 1815.Va cloned_interfaces . 1816Set to the list of 1817.Xr gif 4 1818tunnel interfaces to configure on this host. 1819For each 1820.Xr gif 1821tunnel interface, set a variable named 1822.Va ifconfig_ Ns Aq Ar interface 1823with the parameters for the 1824.Xr ifconfig 8 1825command to configure the link level for 1826.Ar interface 1827with the 1828.Cm tunnel 1829option. 1830The value of this variable is used to configure the link layer of the 1831tunnel using the 1832.Cm tunnel 1833option to 1834.Xr ifconfig . 1835For example, configure two 1836.Xr gif 1837interfaces with: 1838.Bd -literal -offset indent 1839gif_interfaces="gif0 gif1" 1840ifconfig_gif0="tunnel src_addr0 dst_addr0" 1841ifconfig_gif1="tunnel src_addr1 dst_addr1" 1842.Ed 1843.Pp 1844Additionally, this option ensures that each listed interface is created 1845via the 1846.Cm create 1847option to 1848.Xr ifconfig . 1849This example also works with 1850.Va cloned_interfaces 1851instead of 1852.Va gif_interfaces . 1853.It Va sppp_interfaces 1854.Pq Vt str 1855Set to the list of 1856.Xr sppp 4 1857interfaces to configure on this host. 1858A 1859.Va spppconfig_ Ns Aq Ar interface 1860variable is assumed to exist for each value of 1861.Ar interface . 1862Each interface should also be configured by a general 1863.Va ifconfig_ Ns Aq Ar interface 1864setting. 1865Refer to 1866.Xr spppcontrol 8 1867for more information about available options. 1868.It Va ppp_enable 1869.Pq Vt bool 1870If set to 1871.Dq Li YES , 1872run the 1873.Xr ppp 8 1874daemon. 1875.It Va ppp_profile 1876.Pq Vt str 1877The name of the profile to use from 1878.Pa /etc/ppp/ppp.conf . 1879Also used for per-profile overrides of 1880.Va ppp_mode 1881and 1882.Va ppp_nat , 1883and 1884.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1885When the profile name contains any of the characters 1886.Dq Li .-/+ 1887they are translated to 1888.Dq Li _ 1889for the proposes of the override variable names. 1890.It Va ppp_mode 1891.Pq Vt str 1892Mode in which to run the 1893.Xr ppp 8 1894daemon. 1895.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1896.Pq Vt str 1897Overrides the global 1898.Va ppp_mode 1899for 1900.Ar profile . 1901Accepted modes are 1902.Dq Li auto , 1903.Dq Li ddial , 1904.Dq Li direct 1905and 1906.Dq Li dedicated . 1907See the manual for a full description. 1908.It Va ppp_nat 1909.Pq Vt bool 1910If set to 1911.Dq Li YES , 1912enables network address translation. 1913Used in conjunction with 1914.Va gateway_enable 1915allows hosts on private network addresses access to the Internet using 1916this host as a network address translating router. 1917.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1918.Pq Vt str 1919Overrides the global 1920.Va ppp_nat 1921for 1922.Ar profile . 1923.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1924.Pq Vt int 1925Set the unit number to be used for this profile. 1926See the manual description of 1927.Fl unit Ns Ar N 1928for details. 1929.It Va ppp_user 1930.Pq Vt str 1931The name of the user under which 1932.Xr ppp 8 1933should be started. 1934By 1935default, 1936.Xr ppp 8 1937is started as 1938.Dq Li root . 1939.It Va rc_conf_files 1940.Pq Vt str 1941This option is used to specify a list of files that will override 1942the settings in 1943.Pa /etc/defaults/rc.conf . 1944The files will be read in the order in which they are specified and should 1945include the full path to the file. 1946By default, the files specified are 1947.Pa /etc/rc.conf 1948and 1949.Pa /etc/rc.conf.local 1950.It Va zfs_enable 1951.Pq Vt bool 1952If set to 1953.Dq Li YES , 1954.Pa /etc/rc.d/zfs 1955will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1956(ZVOLs). 1957.It Va gptboot_enable 1958.Pq Vt bool 1959If set to 1960.Dq Li YES , 1961.Pa /etc/rc.d/gptboot 1962will log if the system successfully (or not) booted from a GPT partition, 1963which had the 1964.Ar bootonce 1965attribute set using 1966.Xr gpart 8 1967utility. 1968.It Va gbde_autoattach_all 1969.Pq Vt bool 1970If set to 1971.Dq Li YES , 1972.Pa /etc/rc.d/gbde 1973will attempt to automatically initialize your .bde devices in 1974.Pa /etc/fstab . 1975.It Va gbde_devices 1976.Pq Vt str 1977List the devices that the script should try to attach, 1978or 1979.Dq Li AUTO . 1980.It Va gbde_lockdir 1981.Pq Vt str 1982The directory where the 1983.Xr gbde 4 1984lockfiles are located. 1985The default lockfile directory is 1986.Pa /etc . 1987.Pp 1988The lockfile for each individual 1989.Xr gbde 4 1990device can be overridden by setting the variable 1991.Va gbde_lock_ Ns Aq Ar device , 1992where 1993.Ar device 1994is the encrypted device without the 1995.Dq Pa /dev/ 1996and 1997.Dq Pa .bde 1998parts. 1999.It Va gbde_attach_attempts 2000.Pq Vt int 2001Number of times to attempt attaching to a 2002.Xr gbde 4 2003device, i.e., how many times the user is asked for the pass-phrase. 2004Default is 3. 2005.It Va geli_devices 2006.Pq Vt str 2007List of devices to automatically attach on boot. 2008Note that .eli devices from 2009.Pa /etc/fstab 2010are automatically appended to this list. 2011.It Va geli_tries 2012.Pq Vt int 2013Number of times user is asked for the pass-phrase. 2014If empty, it will be taken from 2015.Va kern.geom.eli.tries 2016sysctl variable. 2017.It Va geli_default_flags 2018.Pq Vt str 2019Default flags to use by 2020.Xr geli 8 2021when configuring disk encryption. 2022Flags can be configured for every device separately by defining 2023.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2024variable. 2025.It Va geli_autodetach 2026.Pq Vt str 2027Specifies if GELI devices should be marked for detach on last close after 2028file systems are mounted. 2029Default is 2030.Dq Li YES . 2031This can be changed for every device separately by defining 2032.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2033variable. 2034.It Va root_rw_mount 2035.Pq Vt bool 2036Set to 2037.Dq Li YES 2038by default. 2039After the file systems are checked at boot time, the root file system 2040is remounted as read-write if this is set to 2041.Dq Li YES . 2042Diskless systems that mount their root file system from a read-only remote 2043NFS share should set this to 2044.Dq Li NO 2045in their 2046.Pa rc.conf . 2047.It Va fsck_y_enable 2048.Pq Vt bool 2049If set to 2050.Dq Li YES , 2051.Xr fsck 8 2052will be run with the 2053.Fl y 2054flag if the initial preen 2055of the file systems fails. 2056.It Va background_fsck 2057.Pq Vt bool 2058If set to 2059.Dq Li NO , 2060the system will not attempt to run 2061.Xr fsck 8 2062in the background where possible. 2063.It Va background_fsck_delay 2064.Pq Vt int 2065The amount of time in seconds to sleep before starting a background 2066.Xr fsck 8 . 2067It defaults to sixty seconds to allow large applications such as 2068the X server to start before disk I/O bandwidth is monopolized by 2069.Xr fsck 8 . 2070If set to a negative number, the background file system check will be 2071delayed indefinitely to allow the administrator to run it at a more 2072convenient time. 2073For example it may be run from 2074.Xr cron 8 2075by adding a line like 2076.Pp 2077.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2078.Pp 2079to 2080.Pa /etc/crontab . 2081.It Va netfs_types 2082.Pq Vt str 2083List of file system types that are network-based. 2084This list should generally not be modified by end users. 2085Use 2086.Va extra_netfs_types 2087instead. 2088.It Va extra_netfs_types 2089.Pq Vt str 2090If set to something other than 2091.Dq Li NO 2092(the default), 2093this variable extends the list of file system types 2094for which automatic mounting at startup by 2095.Xr rc 8 2096should be delayed until the network is initialized. 2097It should contain 2098a whitespace-separated list of network file system descriptor pairs, 2099each consisting of a file system type as passed to 2100.Xr mount 8 2101and a human-readable, one-word description, 2102joined with a colon 2103.Pq Ql \&: . 2104Extending the default list in this way is only necessary 2105when third party file system types are used. 2106.It Va syslogd_enable 2107.Pq Vt bool 2108If set to 2109.Dq Li YES , 2110run the 2111.Xr syslogd 8 2112daemon. 2113.It Va syslogd_program 2114.Pq Vt str 2115Path to 2116.Xr syslogd 8 2117(default 2118.Pa /usr/sbin/syslogd ) . 2119.It Va syslogd_flags 2120.Pq Vt str 2121If 2122.Va syslogd_enable 2123is set to 2124.Dq Li YES , 2125these are the flags to pass to 2126.Xr syslogd 8 . 2127.It Va inetd_enable 2128.Pq Vt bool 2129If set to 2130.Dq Li YES , 2131run the 2132.Xr inetd 8 2133daemon. 2134.It Va inetd_program 2135.Pq Vt str 2136Path to 2137.Xr inetd 8 2138(default 2139.Pa /usr/sbin/inetd ) . 2140.It Va inetd_flags 2141.Pq Vt str 2142If 2143.Va inetd_enable 2144is set to 2145.Dq Li YES , 2146these are the flags to pass to 2147.Xr inetd 8 . 2148.It Va hastd_enable 2149.Pq Vt bool 2150If set to 2151.Dq Li YES , 2152run the 2153.Xr hastd 8 2154daemon. 2155.It Va hastd_program 2156.Pq Vt str 2157Path to 2158.Xr hastd 8 2159(default 2160.Pa /sbin/hastd ) . 2161.It Va hastd_flags 2162.Pq Vt str 2163If 2164.Va hastd_enable 2165is set to 2166.Dq Li YES , 2167these are the flags to pass to 2168.Xr hastd 8 . 2169.It Va local_unbound_enable 2170.Pq Vt bool 2171If set to 2172.Dq Li YES , 2173run the 2174.Xr unbound 8 2175daemon as a local caching resolver. 2176.It Va kdc_enable 2177.Pq Vt bool 2178Set to 2179.Dq Li YES 2180to start a Kerberos 5 authentication server 2181at boot time. 2182.It Va kdc_program 2183.Pq Vt str 2184If 2185.Va kdc_enable 2186is set to 2187.Dq Li YES 2188this is the path to Kerberos 5 Authentication Server. 2189.It Va kdc_flags 2190.Pq Vt str 2191Empty by default. 2192This variable contains additional flags to be passed to the Kerberos 5 2193authentication server. 2194.It Va kadmind_enable 2195.Pq Vt bool 2196Set to 2197.Dq Li YES 2198to start 2199.Xr kadmind 8 , 2200the Kerberos 5 Administration Daemon; set to 2201.Dq Li NO 2202on a slave server. 2203.It Va kadmind_program 2204.Pq Vt str 2205If 2206.Va kadmind_enable 2207is set to 2208.Dq Li YES 2209this is the path to Kerberos 5 Administration Daemon. 2210.It Va kpasswdd_enable 2211.Pq Vt bool 2212Set to 2213.Dq Li YES 2214to start 2215.Xr kpasswdd 8 , 2216the Kerberos 5 Password-Changing Daemon; set to 2217.Dq Li NO 2218on a slave server. 2219.It Va kpasswdd_program 2220.Pq Vt str 2221If 2222.Va kpasswdd_enable 2223is set to 2224.Dq Li YES 2225this is the path to Kerberos 5 Password-Changing Daemon. 2226.It Va kfd_enable 2227.Pq Vt bool 2228Set to 2229.Dq Li YES 2230to start 2231.Xr kfd 8 , 2232the Kerberos 5 ticket forwarding daemon, at the boot time. 2233.It Va kfd_program 2234.Pq Vt str 2235Path to 2236.Xr kfd 8 2237(default 2238.Pa /usr/libexec/kfd ) . 2239.It Va rwhod_enable 2240.Pq Vt bool 2241If set to 2242.Dq Li YES , 2243run the 2244.Xr rwhod 8 2245daemon at boot time. 2246.It Va rwhod_flags 2247.Pq Vt str 2248If 2249.Va rwhod_enable 2250is set to 2251.Dq Li YES , 2252these are the flags to pass to it. 2253.It Va amd_enable 2254.Pq Vt bool 2255If set to 2256.Dq Li YES , 2257run the 2258.Xr amd 8 2259daemon at boot time. 2260.It Va amd_flags 2261.Pq Vt str 2262If 2263.Va amd_enable 2264is set to 2265.Dq Li YES , 2266these are the flags to pass to it. 2267See the 2268.Xr amd 8 2269manpage for more information. 2270.It Va amd_map_program 2271.Pq Vt str 2272If set, 2273the specified program is run to get the list of 2274.Xr amd 8 2275maps. 2276For example, if the 2277.Xr amd 8 2278maps are stored in NIS, one can set this to 2279run 2280.Xr ypcat 1 2281to get a list of 2282.Xr amd 8 2283maps from the 2284.Pa amd.master 2285NIS map. 2286.It Va update_motd 2287.Pq Vt bool 2288If set to 2289.Dq Li YES , 2290.Pa /etc/motd 2291will be updated at boot time to reflect the kernel release 2292being run. 2293If set to 2294.Dq Li NO , 2295.Pa /etc/motd 2296will not be updated. 2297.It Va nfs_client_enable 2298.Pq Vt bool 2299If set to 2300.Dq Li YES , 2301run the NFS client daemons at boot time. 2302.It Va nfs_access_cache 2303.Pq Vt int 2304If 2305.Va nfs_client_enable 2306is set to 2307.Dq Li YES , 2308this can be set to 2309.Dq Li 0 2310to disable NFS ACCESS RPC caching, or to the number of seconds for which 2311NFS ACCESS 2312results should be cached. 2313A value of 2-10 seconds will substantially reduce network 2314traffic for many NFS operations. 2315.It Va nfs_server_enable 2316.Pq Vt bool 2317If set to 2318.Dq Li YES , 2319run the NFS server daemons at boot time. 2320.It Va nfs_server_flags 2321.Pq Vt str 2322If 2323.Va nfs_server_enable 2324is set to 2325.Dq Li YES , 2326these are the flags to pass to the 2327.Xr nfsd 8 2328daemon. 2329.It Va nfsv4_server_enable 2330.Pq Vt bool 2331If 2332.Va nfs_server_enable 2333is set to 2334.Dq Li YES 2335and 2336.Va nfsv4_server_enable 2337are set to 2338.Dq Li YES , 2339enable the server for NFSv4 as well as NFSv2 and NFSv3. 2340.It Va nfsuserd_enable 2341.Pq Vt bool 2342If 2343.Va nfsuserd_enable 2344is set to 2345.Dq Li YES , 2346run the nfsuserd daemon, which is needed for NFSv4 in order 2347to map between user/group names vs uid/gid numbers. 2348If 2349.Va nfsv4_server_enable 2350is set to 2351.Dq Li YES , 2352this will be forced enabled. 2353.It Va nfsuserd_flags 2354.Pq Vt str 2355If 2356.Va nfsuserd_enable 2357is set to 2358.Dq Li YES , 2359these are the flags to pass to the 2360.Xr nfsuserd 8 2361daemon. 2362.It Va nfscbd_enable 2363.Pq Vt bool 2364If 2365.Va nfscbd_enable 2366is set to 2367.Dq Li YES , 2368run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2369.It Va nfscbd_flags 2370.Pq Vt str 2371If 2372.Va nfscbd_enable 2373is set to 2374.Dq Li YES , 2375these are the flags to pass to the 2376.Xr nfscbd 8 2377daemon. 2378.It Va mountd_enable 2379.Pq Vt bool 2380If set to 2381.Dq Li YES , 2382and no 2383.Va nfs_server_enable 2384is set, start 2385.Xr mountd 8 , 2386but not 2387.Xr nfsd 8 2388daemon. 2389It is commonly needed to run CFS without real NFS used. 2390.It Va mountd_flags 2391.Pq Vt str 2392If 2393.Va mountd_enable 2394is set to 2395.Dq Li YES , 2396these are the flags to pass to the 2397.Xr mountd 8 2398daemon. 2399.It Va weak_mountd_authentication 2400.Pq Vt bool 2401If set to 2402.Dq Li YES , 2403allow services like PCNFSD to make non-privileged mount 2404requests. 2405.It Va nfs_reserved_port_only 2406.Pq Vt bool 2407If set to 2408.Dq Li YES , 2409provide NFS services only on a secure port. 2410.It Va nfs_bufpackets 2411.Pq Vt int 2412If set to a number, indicates the number of packets worth of 2413socket buffer space to reserve on an NFS client. 2414The kernel default is typically 4. 2415Using a higher number may be 2416useful on gigabit networks to improve performance. 2417The minimum value is 24182 and the maximum is 64. 2419.It Va rpc_lockd_enable 2420.Pq Vt bool 2421If set to 2422.Dq Li YES 2423and also an NFS server or client, run 2424.Xr rpc.lockd 8 2425at boot time. 2426.It Va rpc_lockd_flags 2427.Pq Vt str 2428If 2429.Va rpc_lockd_enable 2430is set to 2431.Dq Li YES , 2432these are the flags to pass to the 2433.Xr rpc.lockd 8 2434daemon. 2435.It Va rpc_statd_enable 2436.Pq Vt bool 2437If set to 2438.Dq Li YES 2439and also an NFS server or client, run 2440.Xr rpc.statd 8 2441at boot time. 2442.It Va rpc_statd_flags 2443.Pq Vt str 2444If 2445.Va rpc_statd_enable 2446is set to 2447.Dq Li YES , 2448these are the flags to pass to the 2449.Xr rpc.statd 8 2450daemon. 2451.It Va rpcbind_program 2452.Pq Vt str 2453Path to 2454.Xr rpcbind 8 2455(default 2456.Pa /usr/sbin/rpcbind ) . 2457.It Va rpcbind_enable 2458.Pq Vt bool 2459If set to 2460.Dq Li YES , 2461run the 2462.Xr rpcbind 8 2463service at boot time. 2464.It Va rpcbind_flags 2465.Pq Vt str 2466If 2467.Va rpcbind_enable 2468is set to 2469.Dq Li YES , 2470these are the flags to pass to the 2471.Xr rpcbind 8 2472daemon. 2473.It Va keyserv_enable 2474.Pq Vt bool 2475If set to 2476.Dq Li YES , 2477run the 2478.Xr keyserv 8 2479daemon on boot for running Secure RPC. 2480.It Va keyserv_flags 2481.Pq Vt str 2482If 2483.Va keyserv_enable 2484is set to 2485.Dq Li YES , 2486these are the flags to pass to 2487.Xr keyserv 8 2488daemon. 2489.It Va pppoed_enable 2490.Pq Vt bool 2491If set to 2492.Dq Li YES , 2493run the 2494.Xr pppoed 8 2495daemon at boot time to provide PPP over Ethernet services. 2496.It Va pppoed_ Ns Aq Ar provider 2497.Pq Vt str 2498.Xr pppoed 8 2499listens to requests to this 2500.Ar provider 2501and ultimately runs 2502.Xr ppp 8 2503with a 2504.Ar system 2505argument of the same name. 2506.It Va pppoed_flags 2507.Pq Vt str 2508Additional flags to pass to 2509.Xr pppoed 8 . 2510.It Va pppoed_interface 2511.Pq Vt str 2512The network interface to run 2513.Xr pppoed 8 2514on. 2515This is mandatory when 2516.Va pppoed_enable 2517is set to 2518.Dq Li YES . 2519.It Va timed_enable 2520.Pq Vt bool 2521If set to 2522.Dq Li YES , 2523run the 2524.Xr timed 8 2525service at boot time. 2526This command is intended for networks of 2527machines where a consistent 2528.Dq "network time" 2529for all hosts must be established. 2530This is often useful in large NFS 2531environments where time stamps on files are expected to be consistent 2532network-wide. 2533.It Va timed_flags 2534.Pq Vt str 2535If 2536.Va timed_enable 2537is set to 2538.Dq Li YES , 2539these are the flags to pass to the 2540.Xr timed 8 2541service. 2542.It Va ntpdate_enable 2543.Pq Vt bool 2544If set to 2545.Dq Li YES , 2546run 2547.Xr ntpdate 8 2548at system startup. 2549This command is intended to 2550synchronize the system clock only 2551.Em once 2552from some standard reference. 2553.It Va ntpdate_config 2554.Pq Vt str 2555Configuration file for 2556.Xr ntpdate 8 . 2557Default 2558.Pa /etc/ntp.conf . 2559.It Va ntpdate_hosts 2560.Pq Vt str 2561A whitespace-separated list of NTP servers to synchronize with at startup. 2562The default is to use the servers listed in 2563.Va ntpdate_config , 2564if that file exists. 2565.It Va ntpdate_program 2566.Pq Vt str 2567Path to 2568.Xr ntpdate 8 2569(default 2570.Pa /usr/sbin/ntpdate ) . 2571.It Va ntpdate_flags 2572.Pq Vt str 2573If 2574.Va ntpdate_enable 2575is set to 2576.Dq Li YES , 2577these are the flags to pass to the 2578.Xr ntpdate 8 2579command (typically a hostname). 2580.It Va ntpd_enable 2581.Pq Vt bool 2582If set to 2583.Dq Li YES , 2584run the 2585.Xr ntpd 8 2586command at boot time. 2587.It Va ntpd_program 2588.Pq Vt str 2589Path to 2590.Xr ntpd 8 2591(default 2592.Pa /usr/sbin/ntpd ) . 2593.It Va ntpd_config 2594.Pq Vt str 2595Path to 2596.Xr ntpd 8 2597configuration file. 2598Default 2599.Pa /etc/ntp.conf . 2600.It Va ntpd_flags 2601.Pq Vt str 2602If 2603.Va ntpd_enable 2604is set to 2605.Dq Li YES , 2606these are the flags to pass to the 2607.Xr ntpd 8 2608daemon. 2609.It Va ntpd_sync_on_start 2610.Pq Vt bool 2611If set to 2612.Dq Li YES , 2613.Xr ntpd 8 2614is run with the 2615.Fl g 2616flag, which syncs the system's clock on startup. 2617See 2618.Xr ntpd 8 2619for more information regarding the 2620.Fl g 2621option. 2622This is a preferred alternative to using 2623.Xr ntpdate 8 2624or specifying the 2625.Va ntpdate_enable 2626variable. 2627.It Va nis_client_enable 2628.Pq Vt bool 2629If set to 2630.Dq Li YES , 2631run the 2632.Xr ypbind 8 2633service at system boot time. 2634.It Va nis_client_flags 2635.Pq Vt str 2636If 2637.Va nis_client_enable 2638is set to 2639.Dq Li YES , 2640these are the flags to pass to the 2641.Xr ypbind 8 2642service. 2643.It Va nis_ypldap_enable 2644.Pq Vt bool 2645If set to 2646.Dq Li YES , 2647run the 2648.Xr ypldap 8 2649daemon at system boot time. 2650.It Va nis_ypldap_flags 2651.Pq Vt str 2652If 2653.Va nis.ypldap_enable 2654is set to 2655.Dq Li YES , 2656these are the flags to pass to the 2657.Xr ypldap 8 2658daemon. 2659.It Va nis_ypset_enable 2660.Pq Vt bool 2661If set to 2662.Dq Li YES , 2663run the 2664.Xr ypset 8 2665daemon at system boot time. 2666.It Va nis_ypset_flags 2667.Pq Vt str 2668If 2669.Va nis_ypset_enable 2670is set to 2671.Dq Li YES , 2672these are the flags to pass to the 2673.Xr ypset 8 2674daemon. 2675.It Va nis_server_enable 2676.Pq Vt bool 2677If set to 2678.Dq Li YES , 2679run the 2680.Xr ypserv 8 2681daemon at system boot time. 2682.It Va nis_server_flags 2683.Pq Vt str 2684If 2685.Va nis_server_enable 2686is set to 2687.Dq Li YES , 2688these are the flags to pass to the 2689.Xr ypserv 8 2690daemon. 2691.It Va nis_ypxfrd_enable 2692.Pq Vt bool 2693If set to 2694.Dq Li YES , 2695run the 2696.Xr rpc.ypxfrd 8 2697daemon at system boot time. 2698.It Va nis_ypxfrd_flags 2699.Pq Vt str 2700If 2701.Va nis_ypxfrd_enable 2702is set to 2703.Dq Li YES , 2704these are the flags to pass to the 2705.Xr rpc.ypxfrd 8 2706daemon. 2707.It Va nis_yppasswdd_enable 2708.Pq Vt bool 2709If set to 2710.Dq Li YES , 2711run the 2712.Xr rpc.yppasswdd 8 2713daemon at system boot time. 2714.It Va nis_yppasswdd_flags 2715.Pq Vt str 2716If 2717.Va nis_yppasswdd_enable 2718is set to 2719.Dq Li YES , 2720these are the flags to pass to the 2721.Xr rpc.yppasswdd 8 2722daemon. 2723.It Va rpc_ypupdated_enable 2724.Pq Vt bool 2725If set to 2726.Dq Li YES , 2727run the 2728.Nm rpc.ypupdated 2729daemon at system boot time. 2730.It Va bsnmpd_enable 2731.Pq Vt bool 2732If set to 2733.Dq Li YES , 2734run the 2735.Xr bsnmpd 1 2736daemon at system boot time. 2737Be sure to understand the security implications of running SNMP daemon 2738on your host. 2739.It Va bsnmpd_flags 2740.Pq Vt str 2741If 2742.Va bsnmpd_enable 2743is set to 2744.Dq Li YES , 2745these are the flags to pass to the 2746.Xr bsnmpd 1 2747daemon. 2748.It Va defaultrouter 2749.Pq Vt str 2750If not set to 2751.Dq Li NO , 2752create a default route to this host name or IP address 2753(use an IP address if this router is also required to get to the 2754name server!). 2755.It Va ipv6_defaultrouter 2756.Pq Vt str 2757The IPv6 equivalent of 2758.Va defaultrouter . 2759.It Va static_arp_pairs 2760.Pq Vt str 2761Set to the list of static ARP pairs that are to be added at system 2762boot time. 2763For each whitespace separated 2764.Ar element 2765in the value, a 2766.Va static_arp_ Ns Aq Ar element 2767variable is assumed to exist whose contents will later be passed to a 2768.Dq Nm arp Cm -S 2769operation. 2770For example 2771.Bd -literal 2772static_arp_pairs="gw" 2773static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2774.Ed 2775.It Va static_ndp_pairs 2776.Pq Vt str 2777Set to the list of static NDP pairs that are to be added at system 2778boot time. 2779For each whitespace separated 2780.Ar element 2781in the value, a 2782.Va static_ndp_ Ns Aq Ar element 2783variable is assumed to exist whose contents will later be passed to a 2784.Dq Nm ndp Cm -s 2785operation. 2786For example 2787.Bd -literal 2788static_ndp_pairs="gw" 2789static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2790.Ed 2791.It Va static_routes 2792.Pq Vt str 2793Set to the list of static routes that are to be added at system 2794boot time. 2795If not set to 2796.Dq Li NO 2797then for each whitespace separated 2798.Ar element 2799in the value, a 2800.Va route_ Ns Aq Ar element 2801variable is assumed to exist 2802whose contents will later be passed to a 2803.Dq Nm route Cm add 2804operation. 2805For example: 2806.Bd -literal 2807static_routes="ext mcast:gif0 gif0local:gif0" 2808route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2809route_mcast="-net 224.0.0.0/4 -iface gif0" 2810route_gif0local="-host 169.254.1.1 -iface lo0" 2811.Ed 2812.Pp 2813When an 2814.Ar element 2815is in the form of 2816.Li name:ifname , 2817the route is specific to the interface 2818.Li ifname . 2819.It Va ipv6_static_routes 2820.Pq Vt str 2821The IPv6 equivalent of 2822.Va static_routes . 2823If not set to 2824.Dq Li NO 2825then for each whitespace separated 2826.Ar element 2827in the value, a 2828.Va ipv6_route_ Ns Aq Ar element 2829variable is assumed to exist 2830whose contents will later be passed to a 2831.Dq Nm route Cm add Fl inet6 2832operation. 2833.It Va gateway_enable 2834.Pq Vt bool 2835If set to 2836.Dq Li YES , 2837configure host to act as an IP router, e.g.\& to forward packets 2838between interfaces. 2839.It Va ipv6_gateway_enable 2840.Pq Vt bool 2841The IPv6 equivalent of 2842.Va gateway_enable . 2843.It Va routed_enable 2844.Pq Vt bool 2845If set to 2846.Dq Li YES , 2847run a routing daemon of some sort, based on the 2848settings of 2849.Va routed_program 2850and 2851.Va routed_flags . 2852.It Va route6d_enable 2853.Pq Vt bool 2854The IPv6 equivalent of 2855.Va routed_enable . 2856If set to 2857.Dq Li YES , 2858run a routing daemon of some sort, based on the 2859settings of 2860.Va route6d_program 2861and 2862.Va route6d_flags . 2863.It Va routed_program 2864.Pq Vt str 2865If 2866.Va routed_enable 2867is set to 2868.Dq Li YES , 2869this is the name of the routing daemon to use. 2870.It Va route6d_program 2871.Pq Vt str 2872The IPv6 equivalent of 2873.Va routed_program . 2874.It Va routed_flags 2875.Pq Vt str 2876If 2877.Va routed_enable 2878is set to 2879.Dq Li YES , 2880these are the flags to pass to the routing daemon. 2881.It Va route6d_flags 2882.Pq Vt str 2883The IPv6 equivalent of 2884.Va routed_flags . 2885.It Va rtadvd_enable 2886.Pq Vt bool 2887If set to 2888.Dq Li YES , 2889run the 2890.Xr rtadvd 8 2891daemon at boot time. 2892The 2893.Xr rtadvd 8 2894utility sends ICMPv6 Router Advertisement messages to 2895the interfaces specified in 2896.Va rtadvd_interfaces . 2897This should only be enabled with great care. 2898You may want to fine-tune 2899.Xr rtadvd.conf 5 . 2900.It Va rtadvd_interfaces 2901.Pq Vt str 2902If 2903.Va rtadvd_enable 2904is set to 2905.Dq Li YES 2906this is the list of interfaces to use. 2907.It Va arpproxy_all 2908.Pq Vt bool 2909If set to 2910.Dq Li YES , 2911enable global proxy ARP. 2912.It Va forward_sourceroute 2913.Pq Vt bool 2914If set to 2915.Dq Li YES 2916and 2917.Va gateway_enable 2918is also set to 2919.Dq Li YES , 2920source-routed packets are forwarded. 2921.It Va accept_sourceroute 2922.Pq Vt bool 2923If set to 2924.Dq Li YES , 2925the system will accept source-routed packets directed at it. 2926.It Va rarpd_enable 2927.Pq Vt bool 2928If set to 2929.Dq Li YES , 2930run the 2931.Xr rarpd 8 2932daemon at system boot time. 2933.It Va rarpd_flags 2934.Pq Vt str 2935If 2936.Va rarpd_enable 2937is set to 2938.Dq Li YES , 2939these are the flags to pass to the 2940.Xr rarpd 8 2941daemon. 2942.It Va bootparamd_enable 2943.Pq Vt bool 2944If set to 2945.Dq Li YES , 2946run the 2947.Xr bootparamd 8 2948daemon at system boot time. 2949.It Va bootparamd_flags 2950.Pq Vt str 2951If 2952.Va bootparamd_enable 2953is set to 2954.Dq Li YES , 2955these are the flags to pass to the 2956.Xr bootparamd 8 2957daemon. 2958.It Va stf_interface_ipv4addr 2959.Pq Vt str 2960If not set to 2961.Dq Li NO , 2962this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2963interface). 2964Specify this entry to enable the 6to4 interface. 2965.It Va stf_interface_ipv4plen 2966.Pq Vt int 2967Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2968An effective value is 0-31. 2969.It Va stf_interface_ipv6_ifid 2970.Pq Vt str 2971IPv6 interface ID for 2972.Xr stf 4 . 2973This can be set to 2974.Dq Li AUTO . 2975.It Va stf_interface_ipv6_slaid 2976.Pq Vt str 2977IPv6 Site Level Aggregator for 2978.Xr stf 4 . 2979.It Va ipv6_ipv4mapping 2980.Pq Vt bool 2981If set to 2982.Dq Li YES 2983this enables IPv4 mapped IPv6 address communication (like 2984.Li ::ffff:a.b.c.d ) . 2985.It Va rtsold_enable 2986.Pq Vt bool 2987Set to 2988.Dq Li YES 2989to enable the 2990.Xr rtsold 8 2991daemon to send ICMPv6 Router Solicitation messages. 2992.It Va rtsold_flags 2993.Pq Vt str 2994If 2995.Va rtsold_enable 2996is set to 2997.Dq Li YES , 2998these are the flags to pass to 2999.Xr rtsold 8 . 3000.It Va rtsol_flags 3001.Pq Vt str 3002For interfaces configured with the 3003.Dq Li inet6 accept_rtadv 3004keyword, these are the flags to pass to 3005.Xr rtsol 8 . 3006.Pp 3007Note that 3008.Va rtsold_enable 3009is mutually exclusive to 3010.Va rtsol_flags ; 3011.Va rtsold_enable 3012takes precedence. 3013.It Va keybell 3014.Pq Vt str 3015The keyboard bell sound. 3016Set to 3017.Dq Li normal , 3018.Dq Li visual , 3019.Dq Li off , 3020or 3021.Dq Li NO 3022if the default behavior is desired. 3023For details, refer to the 3024.Xr kbdcontrol 1 3025manpage. 3026.It Va keyboard 3027.Pq Vt str 3028If set to a non-null string, the virtual console's keyboard input is 3029set to this device. 3030.It Va keymap 3031.Pq Vt str 3032If set to 3033.Dq Li NO , 3034no keymap is installed, otherwise the value is used to install 3035the keymap file found in 3036.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3037(if using 3038.Xr syscons 4 ) or 3039.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3040(if using 3041.Xr vt 4 ) . 3042.It Va keyrate 3043.Pq Vt str 3044The keyboard repeat speed. 3045Set to 3046.Dq Li slow , 3047.Dq Li normal , 3048.Dq Li fast , 3049or 3050.Dq Li NO 3051if the default behavior is desired. 3052.It Va keychange 3053.Pq Vt str 3054If not set to 3055.Dq Li NO , 3056attempt to program the function keys with the value. 3057The value should 3058be a single string of the form: 3059.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3060.It Va cursor 3061.Pq Vt str 3062Can be set to the value of 3063.Dq Li normal , 3064.Dq Li blink , 3065.Dq Li destructive , 3066or 3067.Dq Li NO 3068to set the cursor behavior explicitly or choose the default behavior. 3069.It Va scrnmap 3070.Pq Vt str 3071If set to 3072.Dq Li NO , 3073no screen map is installed, otherwise the value is used to install 3074the screen map file in 3075.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3076This parameter is ignored when using 3077.Xr vt 4 3078as the console driver. 3079.It Va font8x16 3080.Pq Vt str 3081If set to 3082.Dq Li NO , 3083the default 8x16 font value is used for screen size requests, otherwise 3084the value in 3085.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3086or 3087.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3088is used (depending on the console driver being used). 3089.It Va font8x14 3090.Pq Vt str 3091If set to 3092.Dq Li NO , 3093the default 8x14 font value is used for screen size requests, otherwise 3094the value in 3095.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3096or 3097.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3098is used (depending on the console driver being used). 3099.It Va font8x8 3100.Pq Vt str 3101If set to 3102.Dq Li NO , 3103the default 8x8 font value is used for screen size requests, otherwise 3104the value in 3105.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3106or 3107.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3108is used (depending on the console driver being used). 3109.It Va blanktime 3110.Pq Vt int 3111If set to 3112.Dq Li NO , 3113the default screen blanking interval is used, otherwise it is set 3114to 3115.Ar value 3116seconds. 3117.It Va saver 3118.Pq Vt str 3119If not set to 3120.Dq Li NO , 3121this is the actual screen saver to use 3122.Li ( blank , snake , daemon , 3123etc). 3124.It Va moused_nondefault_enable 3125.Pq Vt str 3126If set to 3127.Dq Li NO , 3128the mouse device specified on 3129the command line is not automatically treated as enabled by the 3130.Pa /etc/rc.d/moused 3131script. 3132Having this variable set to 3133.Dq Li YES 3134allows a 3135.Xr usb 4 3136mouse, 3137for example, 3138to be enabled as soon as it is plugged in. 3139.It Va moused_enable 3140.Pq Vt str 3141If set to 3142.Dq Li YES , 3143the 3144.Xr moused 8 3145daemon is started for doing cut/paste selection on the console. 3146.It Va moused_type 3147.Pq Vt str 3148This is the protocol type of the mouse connected to this host. 3149This variable must be set if 3150.Va moused_enable 3151is set to 3152.Dq Li YES . 3153The 3154.Xr moused 8 3155daemon 3156is able to detect the appropriate mouse type automatically in many cases. 3157Set this variable to 3158.Dq Li auto 3159to let the daemon detect it, or 3160select one from the following list if the automatic detection fails. 3161.Pp 3162If the mouse is attached to the PS/2 mouse port, choose 3163.Dq Li auto 3164or 3165.Dq Li ps/2 , 3166regardless of the brand and model of the mouse. 3167Likewise, if the 3168mouse is attached to the bus mouse port, choose 3169.Dq Li auto 3170or 3171.Dq Li busmouse . 3172All other protocols are for serial mice and will not work with 3173the PS/2 and bus mice. 3174If this is a USB mouse, 3175.Dq Li auto 3176is the only protocol type which will work. 3177.Pp 3178.Bl -tag -width ".Li x10mouseremote" -compact 3179.It Li microsoft 3180Microsoft mouse (serial) 3181.It Li intellimouse 3182Microsoft IntelliMouse (serial) 3183.It Li mousesystems 3184Mouse systems Corp.\& mouse (serial) 3185.It Li mmseries 3186MM Series mouse (serial) 3187.It Li logitech 3188Logitech mouse (serial) 3189.It Li busmouse 3190A bus mouse 3191.It Li mouseman 3192Logitech MouseMan and TrackMan (serial) 3193.It Li glidepoint 3194ALPS GlidePoint (serial) 3195.It Li thinkingmouse 3196Kensington ThinkingMouse (serial) 3197.It Li ps/2 3198PS/2 mouse 3199.It Li mmhittab 3200MM HitTablet (serial) 3201.It Li x10mouseremote 3202X10 MouseRemote (serial) 3203.It Li versapad 3204Interlink VersaPad (serial) 3205.El 3206.Pp 3207Even if the mouse is not in the above list, it may be compatible 3208with one in the list. 3209Refer to the manual page for 3210.Xr moused 8 3211for compatibility information. 3212.Pp 3213It should also be noted that while this is enabled, any 3214other client of the mouse (such as an X server) should access 3215the mouse through the virtual mouse device, 3216.Pa /dev/sysmouse , 3217and configure it as a 3218.Dq Li sysmouse 3219type mouse, since all 3220mouse data is converted to this single canonical format when 3221using 3222.Xr moused 8 . 3223If the client program does not support the 3224.Dq Li sysmouse 3225type, 3226specify the 3227.Dq Li mousesystems 3228type. 3229It is the second preferred type. 3230.It Va moused_port 3231.Pq Vt str 3232If 3233.Va moused_enable 3234is set to 3235.Dq Li YES , 3236this is the actual port the mouse is on. 3237It might be 3238.Pa /dev/cuau0 3239for a COM1 serial mouse, 3240.Pa /dev/psm0 3241for a PS/2 mouse or 3242.Pa /dev/mse0 3243for a bus mouse, for example. 3244.It Va moused_flags 3245.Pq Vt str 3246If 3247.Va moused_flags 3248is set, its value is used as an additional set of flags to pass to the 3249.Xr moused 8 3250daemon. 3251.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3252When 3253.Va moused_nondefault_enable 3254is enabled, and a 3255.Xr moused 8 3256daemon is started for a non-default port, the 3257.Va "moused_" Ns Ar XXX Ns Va "_flags" 3258set of options has precedence over and replaces the default 3259.Va moused_flags 3260(where 3261.Ar XXX 3262is the name of the non-default port, i.e.,\& 3263.Ar ums0 ) . 3264By setting 3265.Va "moused_" Ns Ar XXX Ns Va "_flags" 3266it is possible to set up a different set of default flags for each 3267.Xr moused 8 3268instance. 3269For example, you can use 3270.Dq Li "-3" 3271for the default 3272.Va moused_flags 3273to make your laptop's touchpad more comfortable to use, 3274but an empty set of options for 3275.Va moused_ums0_flags 3276when your 3277.Xr usb 4 3278mouse has three or more buttons. 3279.It Va mousechar_start 3280.Pq Vt int 3281If set to 3282.Dq Li NO , 3283the default mouse cursor character range 3284.Li 0xd0 Ns - Ns Li 0xd3 3285is used, 3286otherwise the range start is set 3287to 3288.Ar value 3289character, see 3290.Xr vidcontrol 1 . 3291Use if the default range is occupied in the language code table. 3292.It Va allscreens_flags 3293.Pq Vt str 3294If set, 3295.Xr vidcontrol 1 3296is run with these options for each of the virtual terminals 3297.Pq Pa /dev/ttyv* . 3298For example, 3299.Dq Fl m Cm on 3300will enable the mouse pointer on all virtual terminals 3301if 3302.Va moused_enable 3303is set to 3304.Dq Li YES . 3305.It Va allscreens_kbdflags 3306.Pq Vt str 3307If set, 3308.Xr kbdcontrol 1 3309is run with these options for each of the virtual terminals 3310.Pq Pa /dev/ttyv* . 3311For example, 3312.Dq Fl h Li 200 3313will set the 3314.Xr syscons 4 3315or 3316.Xr vt 4 3317scrollback (history) buffer to 200 lines. 3318.It Va cron_enable 3319.Pq Vt bool 3320If set to 3321.Dq Li YES , 3322run the 3323.Xr cron 8 3324daemon at system boot time. 3325.It Va cron_program 3326.Pq Vt str 3327Path to 3328.Xr cron 8 3329(default 3330.Pa /usr/sbin/cron ) . 3331.It Va cron_flags 3332.Pq Vt str 3333If 3334.Va cron_enable 3335is set to 3336.Dq Li YES , 3337these are the flags to pass to 3338.Xr cron 8 . 3339.It Va cron_dst 3340.Pq Vt bool 3341If set to 3342.Dq Li YES , 3343enable the special handling of transitions to and from the 3344Daylight Saving Time in 3345.Xr cron 8 3346(equivalent to using the flag 3347.Fl s ) . 3348.It Va lpd_program 3349.Pq Vt str 3350Path to 3351.Xr lpd 8 3352(default 3353.Pa /usr/sbin/lpd ) . 3354.It Va lpd_enable 3355.Pq Vt bool 3356If set to 3357.Dq Li YES , 3358run the 3359.Xr lpd 8 3360daemon at system boot time. 3361.It Va lpd_flags 3362.Pq Vt str 3363If 3364.Va lpd_enable 3365is set to 3366.Dq Li YES , 3367these are the flags to pass to the 3368.Xr lpd 8 3369daemon. 3370.It Va chkprintcap_enable 3371.Pq Vt bool 3372If set to 3373.Dq Li YES , 3374run the 3375.Xr chkprintcap 8 3376command before starting the 3377.Xr lpd 8 3378daemon. 3379.It Va chkprintcap_flags 3380.Pq Vt str 3381If 3382.Va lpd_enable 3383and 3384.Va chkprintcap_enable 3385are set to 3386.Dq Li YES , 3387these are the flags to pass to the 3388.Xr chkprintcap 8 3389program. 3390The default is 3391.Dq Li -d , 3392which causes missing directories to be created. 3393.It Va mta_start_script 3394.Pq Vt str 3395This variable specifies the full path to the script to run to start 3396a mail transfer agent. 3397The default is 3398.Pa /etc/rc.sendmail . 3399The 3400.Va sendmail_* 3401variables which 3402.Pa /etc/rc.sendmail 3403uses are documented in the 3404.Xr rc.sendmail 8 3405manual page. 3406.It Va dumpdev 3407.Pq Vt str 3408Indicates the device (usually a swap partition) to which a crash dump 3409should be written in the event of a system crash. 3410If the value of this variable is 3411.Dq Li AUTO , 3412the first suitable swap device listed in 3413.Pa /etc/fstab 3414will be used as dump device. 3415Otherwise, the value of this variable is passed as the argument to 3416.Xr dumpon 8 . 3417To disable crash dumps, set this variable to 3418.Dq Li NO . 3419.It Va dumpon_flags 3420.Pq Vt str 3421Flags to pass to 3422.Xr dumpon 8 3423when configuring 3424.Va dumpdev 3425as the system dump device. 3426.It Va dumpdir 3427.Pq Vt str 3428When the system reboots after a crash and a crash dump is found on the 3429device specified by the 3430.Va dumpdev 3431variable, 3432.Xr savecore 8 3433will save that crash dump and a copy of the kernel to the directory 3434specified by the 3435.Va dumpdir 3436variable. 3437The default value is 3438.Pa /var/crash . 3439Set to 3440.Dq Li NO 3441to not run 3442.Xr savecore 8 3443at boot time when 3444.Va dumpdir 3445is set. 3446.It Va savecore_enable 3447.Pq Vt bool 3448If set to 3449.Dq Li NO , 3450disable automatic extraction of the crash dump from the 3451.Va dumpdev . 3452.It Va savecore_flags 3453.Pq Vt str 3454If crash dumps are enabled, these are the flags to pass to the 3455.Xr savecore 8 3456utility. 3457.It Va quota_enable 3458.Pq Vt bool 3459Set to 3460.Dq Li YES 3461to turn on user and group disk quotas on system startup via the 3462.Xr quotaon 8 3463command for all file systems marked as having quotas enabled in 3464.Pa /etc/fstab . 3465The kernel must be built with 3466.Cd "options QUOTA" 3467for disk quotas to function. 3468.It Va check_quotas 3469.Pq Vt bool 3470Set to 3471.Dq Li YES 3472to enable user and group disk quota checking via the 3473.Xr quotacheck 8 3474command. 3475.It Va quotacheck_flags 3476.Pq Vt str 3477If 3478.Va quota_enable 3479is set to 3480.Dq Li YES , 3481and 3482.Va check_quotas 3483is set to 3484.Dq Li YES , 3485these are the flags to pass to the 3486.Xr quotacheck 8 3487utility. 3488The default is 3489.Dq Li "-a" , 3490which checks quotas for all file systems with quotas enabled in 3491.Pa /etc/fstab . 3492.It Va quotaon_flags 3493.Pq Vt str 3494If 3495.Va quota_enable 3496is set to 3497.Dq Li YES , 3498these are the flags to pass to the 3499.Xr quotaon 8 3500utility. 3501The default is 3502.Dq Li "-a" , 3503which enables quotas for all file systems with quotas enabled in 3504.Pa /etc/fstab . 3505.It Va quotaoff_flags 3506.Pq Vt str 3507If 3508.Va quota_enable 3509is set to 3510.Dq Li YES , 3511these are the flags to pass to the 3512.Xr quotaoff 8 3513utility when shutting down the quota system. 3514The default is 3515.Dq Li "-a" , 3516which disables quotas for all file systems with quotas enabled in 3517.Pa /etc/fstab . 3518.It Va accounting_enable 3519.Pq Vt bool 3520Set to 3521.Dq Li YES 3522to enable system accounting through the 3523.Xr accton 8 3524facility. 3525.It Va ibcs2_enable 3526.Pq Vt bool 3527Set to 3528.Dq Li YES 3529to enable iBCS2 (SCO) binary emulation at system initial boot 3530time. 3531.It Va ibcs2_loaders 3532.Pq Vt str 3533If not set to 3534.Dq Li NO 3535and if 3536.Va ibcs2_enable 3537is set to 3538.Dq Li YES , 3539this specifies a list of additional iBCS2 loaders to enable. 3540.It Va firstboot_sentinel 3541.Pq Vt str 3542This variable specifies the full path to a 3543.Dq first boot 3544sentinel file. 3545If a file exists with this path, 3546.Pa rc.d 3547scripts with the 3548.Dq firstboot 3549keyword will be run on startup and the sentinel file will be deleted 3550after the boot process completes. 3551The sentinel file must be located on a writable file system which is 3552mounted no later than 3553.Va early_late_divider 3554to function properly. 3555The default is 3556.Pa /firstboot . 3557.It Va linux_enable 3558.Pq Vt bool 3559Set to 3560.Dq Li YES 3561to enable Linux/ELF binary emulation at system initial 3562boot time. 3563.It Va sysvipc_enable 3564.Pq Vt bool 3565If set to 3566.Dq Li YES , 3567load System V IPC primitives at boot time. 3568.It Va clear_tmp_enable 3569.Pq Vt bool 3570Set to 3571.Dq Li YES 3572to have 3573.Pa /tmp 3574cleaned at startup. 3575.It Va clear_tmp_X 3576.Pq Vt bool 3577Set to 3578.Dq Li NO 3579to disable removing of X11 lock files, 3580and the removal and (secure) recreation 3581of the various socket directories for X11 3582related programs. 3583.It Va ldconfig_paths 3584.Pq Vt str 3585Set to the list of shared library paths to use with 3586.Xr ldconfig 8 . 3587NOTE: 3588.Pa /usr/lib 3589will always be added first, so it need not appear in this list. 3590.It Va ldconfig32_paths 3591.Pq Vt str 3592Set to the list of 32-bit compatibility shared library paths to 3593use with 3594.Xr ldconfig 8 . 3595.It Va ldconfig_paths_aout 3596.Pq Vt str 3597Set to the list of shared library paths to use with 3598.Xr ldconfig 8 3599legacy 3600.Xr a.out 5 3601support. 3602.It Va ldconfig_insecure 3603.Pq Vt bool 3604The 3605.Xr ldconfig 8 3606utility normally refuses to use directories 3607which are writable by anyone except root. 3608Set this variable to 3609.Dq Li YES 3610to disable that security check during system startup. 3611.It Va ldconfig_local_dirs 3612.Pq Vt str 3613Set to the list of local 3614.Xr ldconfig 8 3615directories. 3616The names of all files in the directories listed will be 3617passed as arguments to 3618.Xr ldconfig 8 . 3619.It Va ldconfig_local32_dirs 3620.Pq Vt str 3621Set to the list of local 32-bit compatibility 3622.Xr ldconfig 8 3623directories. 3624The names of all files in the directories listed will be 3625passed as arguments to 3626.Dq Nm ldconfig Fl 32 . 3627.It Va kern_securelevel_enable 3628.Pq Vt bool 3629Set to 3630.Dq Li YES 3631to set the kernel security level at system startup. 3632.It Va kern_securelevel 3633.Pq Vt int 3634The kernel security level to set at startup. 3635The allowed range of 3636.Ar value 3637ranges from \-1 (the compile time default) to 3 (the 3638most secure). 3639See 3640.Xr security 7 3641for the list of possible security levels and their effect 3642on system operation. 3643.It Va sshd_program 3644.Pq Vt str 3645Path to the SSH server program 3646.Pa ( /usr/sbin/sshd 3647is the default). 3648.It Va sshd_enable 3649.Pq Vt bool 3650Set to 3651.Dq Li YES 3652to start 3653.Xr sshd 8 3654at system boot time. 3655.It Va sshd_flags 3656.Pq Vt str 3657If 3658.Va sshd_enable 3659is set to 3660.Dq Li YES , 3661these are the flags to pass to the 3662.Xr sshd 8 3663daemon. 3664.It Va ftpd_program 3665.Pq Vt str 3666Path to the FTP server program 3667.Pa ( /usr/libexec/ftpd 3668is the default). 3669.It Va ftpd_enable 3670.Pq Vt bool 3671Set to 3672.Dq Li YES 3673to start 3674.Xr ftpd 8 3675as a stand-alone daemon at system boot time. 3676.It Va ftpd_flags 3677.Pq Vt str 3678If 3679.Va ftpd_enable 3680is set to 3681.Dq Li YES , 3682these are the additional flags to pass to the 3683.Xr ftpd 8 3684daemon. 3685.It Va watchdogd_enable 3686.Pq Vt bool 3687If set to 3688.Dq Li YES , 3689start the 3690.Xr watchdogd 8 3691daemon at boot time. 3692This requires that the kernel have been compiled with a 3693.Xr watchdog 4 3694compatible device. 3695.It Va watchdogd_flags 3696.Pq Vt str 3697If 3698.Va watchdogd_enable 3699is set to 3700.Dq Li YES , 3701these are the flags passed to the 3702.Xr watchdogd 8 3703daemon. 3704.It Va devfs_rulesets 3705.Pq Vt str 3706List of files containing sets of rules for 3707.Xr devfs 8 . 3708.It Va devfs_system_ruleset 3709.Pq Vt str 3710Rule name(s) to apply to the system 3711.Pa /dev 3712itself. 3713.It Va devfs_set_rulesets 3714.Pq Vt str 3715Pairs of already-mounted 3716.Pa dev 3717directories and rulesets that should be applied to them. 3718For example: /mount/dev=ruleset_name 3719.It Va devfs_load_rulesets 3720.Pq Vt bool 3721If set, always load the default rulesets listed in 3722.Va devfs_rulesets . 3723.It Va performance_cx_lowest 3724.Pq Vt str 3725CPU idle state to use while on AC power. 3726The string 3727.Dq Li LOW 3728indicates that 3729.Xr acpi 4 3730should use the lowest power state available while 3731.Dq Li HIGH 3732indicates that the lowest latency state (less power savings) should be used. 3733.It Va performance_cpu_freq 3734.Pq Vt str 3735CPU clock frequency to use while on AC power. 3736The string 3737.Dq Li LOW 3738indicates that 3739.Xr cpufreq 4 3740should use the lowest frequency available while 3741.Dq Li HIGH 3742indicates that the highest frequency (less power savings) should be used. 3743.It Va economy_cx_lowest 3744.Pq Vt str 3745CPU idle state to use when off AC power. 3746The string 3747.Dq Li LOW 3748indicates that 3749.Xr acpi 4 3750should use the lowest power state available while 3751.Dq Li HIGH 3752indicates that the lowest latency state (less power savings) should be used. 3753.It Va economy_cpu_freq 3754.Pq Vt str 3755CPU clock frequency to use when off AC power. 3756The string 3757.Dq Li LOW 3758indicates that 3759.Xr cpufreq 4 3760should use the lowest frequency available while 3761.Dq Li HIGH 3762indicates that the highest frequency (less power savings) should be used. 3763.It Va jail_enable 3764.Pq Vt bool 3765If set to 3766.Dq Li NO , 3767any configured jails will not be started. 3768.It Va jail_conf 3769.Pq Vt str 3770The configuration filename used by 3771.Xr jail 8 3772utility. 3773The default value is 3774.Pa /etc/jail.conf . 3775.It Va jail_parallel_start 3776.Pq Vt bool 3777If set to 3778.Dq Li YES , 3779all configured jails will be started in the background (in parallel). 3780.It Va jail_flags 3781.Pq Vt str 3782Unset by default. 3783When set, use as default value for 3784.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3785for every jail in 3786.Va jail_list . 3787.It Va jail_list 3788.Pq Vt str 3789A space-delimited list of jail names. 3790When left empty, all of the 3791.Xr jail 8 3792instances defined in the configuration file are started. 3793The names specified in this list control the jail startup order. 3794.Xr jail 8 3795instances missing from 3796.Va jail_list 3797must be started manually. 3798Note that a jail's 3799.Va depend 3800parameter in the configuration file may override this list. 3801.It Va jail_reverse_stop 3802.Pq Vt bool 3803When set to 3804.Dq Li YES , 3805all configured jails in 3806.Va jail_list 3807are stopped in reverse order. 3808.It Va jail_* variables 3809Note that older releases supported per-jail configuration via 3810.Nm 3811variables. 3812For example, 3813hostname of a jail named 3814.Li vjail 3815was able to be set by 3816.Li jail_vjail_hostname . 3817These per-jail configuration variables are now obsolete in favor of 3818.Xr jail 8 3819configuration file. 3820For backward compatibility, 3821when per-jail configuration variables are defined, 3822.Xr jail 8 3823configuration files are created as 3824.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3825and used. 3826.Pp 3827The following per-jail parameters are handled by 3828.Pa rc.d/jail 3829script out of their corresponding 3830.Nm 3831variables. 3832In addition to them, parameters in 3833.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3834will be added to the configuration file. 3835They must be a semi-colon 3836.Pq Ql \&; 3837delimited list of 3838.Dq key=value . 3839For more details, 3840see 3841.Xr jail 8 3842manual page. 3843.Bl -tag -width "host.hostname" -offset indent 3844.It Li path 3845set from 3846.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3847.It Li host.hostname 3848set from 3849.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3850.It Li exec.consolelog 3851set from 3852.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3853The default value is 3854.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3855.It Li interface 3856set from 3857.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3858.It Li vnet.interface 3859set from 3860.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3861This implies 3862.Li vnet 3863parameter will be enabled and cannot be specified with 3864.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3865.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3866and/or 3867.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3868at the same time. 3869.It Li fstab 3870set from 3871.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3872.It Li mount 3873set from 3874.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3875.It Li exec.fib 3876set from 3877.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3878.It Li exec.start 3879set from 3880.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3881The parameter name was 3882.Li command 3883in some older releases. 3884.It Li exec.prestart 3885set from 3886.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3887.It Li exec.poststart 3888set from 3889.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3890.It Li exec.stop 3891set from 3892.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3893.It Li exec.prestop 3894set from 3895.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3896.It Li exec.poststop 3897set from 3898.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3899.It Li ip4.addr 3900set if 3901.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3902or 3903.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3904contain IPv4 addresses 3905.It Li ip6.addr 3906set if 3907.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3908or 3909.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3910contain IPv6 addresses 3911.It Li allow.mount 3912set from 3913.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3914.It Li mount.devfs 3915set from 3916.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3917.It Li devfs_ruleset 3918set from 3919.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3920This must be an integer, 3921not a string. 3922.It Li mount.fdescfs 3923set from 3924.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3925.It Li allow.set_hostname 3926set from 3927.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3928.It Li allow.rawsocket 3929set from 3930.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3931.It Li allow.sysvipc 3932set from 3933.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 3934.El 3935.\" ----------------------------------------------------- 3936.It Va harvest_mask 3937.Pq Vt int 3938Set to a bit-mask 3939representing the entropy sources 3940you wish to harvest. 3941Refer to 3942.Xr random 4 3943for more information. 3944.It Va entropy_dir 3945.Pq Vt str 3946Set to 3947.Dq Li NO 3948to disable caching entropy via 3949.Xr cron 8 . 3950Otherwise set to the directory 3951in which the entropy files are stored. 3952To be useful, 3953there must be 3954a system cron job 3955that regularly writes and rotates 3956files here. 3957All files found 3958will be used at boot time. 3959The default is 3960.Pa /var/db/entropy . 3961.It Va entropy_file 3962.Pq Vt str 3963Set to 3964.Dq Li NO 3965to disable caching entropy through reboots. 3966Otherwise set to the name 3967of a file used to store cached entropy. 3968This file should be located 3969on a file system that is readable 3970before all the volumes specified in 3971.Xr fstab 5 3972are mounted. 3973By default, 3974.Pa /entropy 3975is used, 3976but if 3977.Pa /var/db/entropy-file 3978is found it will also be used. 3979This will be of some use to 3980.Xr bsdinstall 8 . 3981.It Va entropy_boot_file 3982.Pq Vt str 3983Set to 3984.Dq Li NO 3985to disable 3986very early caching entropy 3987through reboots. 3988Otherwise set to the filename 3989used to read 3990very early reboot cached entropy. 3991This file should be located where 3992.Xr loader 8 3993can read it. 3994See also 3995.Xr loader.conf 5 . 3996The default location is 3997.Pa /boot/entropy . 3998.It Va entropy_save_sz 3999.Pq Vt int 4000Size of the entropy cache files saved by 4001.Nm save-entropy 4002periodically. 4003.It Va entropy_save_num 4004.Pq Vt int 4005Number of entropy cache files to save by 4006.Nm save-entropy 4007periodically. 4008.It Va ipsec_enable 4009.Pq Vt bool 4010Set to 4011.Dq Li YES 4012to run 4013.Xr setkey 8 4014on 4015.Va ipsec_file 4016at boot time. 4017.It Va ipsec_file 4018.Pq Vt str 4019Configuration file for 4020.Xr setkey 8 . 4021.It Va dmesg_enable 4022.Pq Vt bool 4023Set to 4024.Dq Li YES 4025to save 4026.Xr dmesg 8 4027to 4028.Pa /var/run/dmesg.boot 4029on boot. 4030.It Va rcshutdown_timeout 4031.Pq Vt int 4032If set, start a watchdog timer in the background which will terminate 4033.Pa rc.shutdown 4034if 4035.Xr shutdown 8 4036has not completed within the specified time (in seconds). 4037Notice that in addition to this soft timeout, 4038.Xr init 8 4039also applies a hard timeout for the execution of 4040.Pa rc.shutdown . 4041This is configured via 4042.Xr sysctl 8 4043variable 4044.Va kern.init_shutdown_timeout 4045and defaults to 120 seconds. 4046Setting the value of 4047.Va rcshutdown_timeout 4048to more than 120 seconds will have no effect until the 4049.Xr sysctl 8 4050variable 4051.Va kern.init_shutdown_timeout 4052is also increased. 4053.It Va virecover_enable 4054.Pq Vt bool 4055Set to 4056.Dq Li NO 4057to prevent the system from trying to 4058recover pre-maturely terminated 4059.Xr vi 1 4060sessions. 4061.It Va ugidfw_enable 4062.Pq Vt bool 4063Set to 4064.Dq Li YES 4065to load the 4066.Xr mac_bsdextended 4 4067module upon system initialization and load a default 4068ruleset file. 4069.It Va bsdextended_script 4070.Pq Vt str 4071The default 4072.Xr mac_bsdextended 4 4073ruleset file to load. 4074The default value of this variable is 4075.Pa /etc/rc.bsdextended . 4076.It Va newsyslog_enable 4077.Pq Vt bool 4078If set to 4079.Dq Li YES , 4080run 4081.Xr newsyslog 8 4082command at startup. 4083.It Va newsyslog_flags 4084.Pq Vt str 4085If 4086.Va newsyslog_enable 4087is set to 4088.Dq Li YES , 4089these are the flags to pass to the 4090.Xr newsyslog 8 4091program. 4092The default is 4093.Dq Li -CN , 4094which causes log files flagged with a 4095.Cm C 4096to be created. 4097.It Va mdconfig_md Ns Aq Ar X 4098.Pq Vt str 4099Arguments to 4100.Xr mdconfig 8 4101for 4102.Xr md 4 4103device 4104.Ar X . 4105At minimum a 4106.Fl t Ar type 4107must be specified and either a 4108.Fl s Ar size 4109for malloc or swap backed 4110.Xr md 4 4111devices or a 4112.Fl f Ar file 4113for vnode backed 4114.Xr md 4 4115devices. 4116Note that 4117.Va mdconfig_md Ns Aq Ar X 4118variables are evaluated until one variable is unset or null. 4119.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4120.Pq Vt str 4121Optional arguments passed to 4122.Xr newfs 8 4123to initialize 4124.Xr md 4 4125device 4126.Ar X . 4127.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4128.Pq Vt str 4129An ownership specification passed to 4130.Xr chown 8 4131after the specified 4132.Xr md 4 4133device 4134.Ar X 4135has been mounted. 4136Both the 4137.Xr md 4 4138device and the mount point will be changed. 4139.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4140.Pq Vt str 4141A mode string passed to 4142.Xr chmod 1 4143after the specified 4144.Xr md 4 4145device 4146.Ar X 4147has been mounted. 4148Both the 4149.Xr md 4 4150device and the mount point will be changed. 4151.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4152.Pq Vt str 4153Files to be copied to the mount point of the 4154.Xr md 4 4155device 4156.Ar X 4157after it has been mounted. 4158.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4159.Pq Vt str 4160Command to execute after the specified 4161.Xr md 4 4162device 4163.Ar X 4164has been mounted. 4165Note that the command is passed to 4166.Ic eval 4167and that both 4168.Va _dev 4169and 4170.Va _mp 4171variables can be used to reference respectively the 4172.Xr md 4 4173device and the mount point. 4174Assuming that the 4175.Xr md 4 4176device is 4177.Li md0 , 4178one could set the following: 4179.Bd -literal 4180mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4181.Ed 4182.It Va autobridge_interfaces 4183.Pq Vt str 4184Set to the list of bridge interfaces that will have newly arriving interfaces 4185checked against to be automatically added. 4186If not set to 4187.Dq Li NO 4188then for each whitespace separated 4189.Ar element 4190in the value, a 4191.Va autobridge_ Ns Aq Ar element 4192variable is assumed to exist which has a whitespace separated list of interface 4193names to match, these names can use wildcards. 4194For example: 4195.Bd -literal 4196autobridge_interfaces="bridge0" 4197autobridge_bridge0="tap* dc0 vlan[345]" 4198.Ed 4199.It Va mixer_enable 4200.Pq Vt bool 4201If set to 4202.Dq Li YES , 4203enable support for sound mixer. 4204.It Va hcsecd_enable 4205.Pq Vt bool 4206If set to 4207.Dq Li YES , 4208enable Bluetooth security daemon. 4209.It Va hcsecd_config 4210.Pq Vt str 4211Configuration file for 4212.Xr hcsecd 8 . 4213Default 4214.Pa /etc/bluetooth/hcsecd.conf . 4215.It Va sdpd_enable 4216.Pq Vt bool 4217If set to 4218.Dq Li YES , 4219enable Bluetooth Service Discovery Protocol daemon. 4220.It Va sdpd_control 4221.Pq Vt str 4222Path to 4223.Xr sdpd 8 4224control socket. 4225Default 4226.Pa /var/run/sdp . 4227.It Va sdpd_groupname 4228.Pq Vt str 4229Sets 4230.Xr sdpd 8 4231group to run as after it initializes. 4232Default 4233.Dq Li nobody . 4234.It Va sdpd_username 4235.Pq Vt str 4236Sets 4237.Xr sdpd 8 4238user to run as after it initializes. 4239Default 4240.Dq Li nobody . 4241.It Va bthidd_enable 4242.Pq Vt bool 4243If set to 4244.Dq Li YES , 4245enable Bluetooth Human Interface Device daemon. 4246.It Va bthidd_config 4247.Pq Vt str 4248Configuration file for 4249.Xr bthidd 8 . 4250Default 4251.Pa /etc/bluetooth/bthidd.conf . 4252.It Va bthidd_hids 4253.Pq Vt str 4254Path to a file, where 4255.Xr bthidd 8 4256will store information about known HID devices. 4257Default 4258.Pa /var/db/bthidd.hids . 4259.It Va rfcomm_pppd_server_enable 4260.Pq Vt bool 4261If set to 4262.Dq Li YES , 4263enable Bluetooth RFCOMM PPP wrapper daemon. 4264.It Va rfcomm_pppd_server_profile 4265.Pq Vt str 4266The name of the profile to use from 4267.Pa /etc/ppp/ppp.conf . 4268Multiple profiles can be specified here. 4269Also used to specify per-profile overrides. 4270When the profile name contains any of the characters 4271.Dq Li .-/+ 4272they are translated to 4273.Dq Li _ 4274for the proposes of the override variable names. 4275.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4276.Pq Vt str 4277Overrides local address to listen on. 4278By default 4279.Xr rfcomm_pppd 8 4280will listen on 4281.Dq Li ANY 4282address. 4283The address can be specified as BD_ADDR or name. 4284.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4285.Pq Vt str 4286Overrides local RFCOMM channel to listen on. 4287By default 4288.Xr rfcomm_pppd 8 4289will listen on RFCOMM channel 1. 4290Must set properly if multiple profiles used in the same time. 4291.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4292.Pq Vt bool 4293Tells 4294.Xr rfcomm_pppd 8 4295if it should register Serial Port service on the specified RFCOMM channel. 4296Default 4297.Dq Li NO . 4298.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4299.Pq Vt bool 4300Tells 4301.Xr rfcomm_pppd 8 4302if it should register Dial-Up Networking service on the specified 4303RFCOMM channel. 4304Default 4305.Dq Li NO . 4306.It Va ubthidhci_enable 4307.Pq Vt bool 4308If set to 4309.Dq Li YES , 4310change the USB Bluetooth controller from HID mode to HCI mode. 4311You also need to specify the location of USB Bluetooth controller with the 4312.Va ubthidhci_busnum 4313and 4314.Va ubthidhci_addr 4315variables. 4316.It Va ubthidhci_busnum 4317Bus number where the USB Bluetooth controller is located. 4318Check the output of 4319.Xr usbconfig 8 4320on your system to find this information. 4321.It Va ubthidhci_addr 4322Bus address of the USB Bluetooth controller. 4323Check the output of 4324.Xr usbconfig 8 4325on your system to find this information. 4326.It Va netwait_enable 4327.Pq Vt bool 4328If set to 4329.Dq Li YES , 4330delays the start of network-reliant services until 4331.Va netwait_if 4332is up and ICMP packets to a destination defined in 4333.Va netwait_ip 4334are flowing. 4335Link state is examined first, followed by 4336.Dq Li pinging 4337an IP address to verify network usability. 4338If no destination can be reached or timeouts are exceeded, 4339network services are started anyway with no guarantee that 4340the network is usable. 4341Use of this variable requires both 4342.Va netwait_ip 4343and 4344.Va netwait_if 4345to be set. 4346.It Va netwait_ip 4347.Pq Vt str 4348Empty by default. 4349This variable contains a space-delimited list of IP addresses to 4350.Xr ping 8 . 4351DNS hostnames should not be used as resolution is not guaranteed 4352to be functional at this point. 4353If multiple IP addresses are specified, 4354each will be tried until one is successful or the list is exhausted. 4355.It Va netwait_timeout 4356.Pq Vt int 4357Indicates the total number of seconds to perform a 4358.Dq Li ping 4359against each IP address in 4360.Va netwait_ip , 4361at a rate of one ping per second. 4362If any of the pings are successful, 4363full network connectivity is considered reliable. 4364The default is 60. 4365.It Va netwait_if 4366.Pq Vt str 4367Empty by default. 4368Defines the name of the network interface on which watch for link. 4369.Xr ifconfig 8 4370is used to monitor the interface, looking for 4371.Dq Li status: no carrier . 4372Once gone, the link is considered up. 4373This can be a 4374.Xr vlan 4 4375interface if desired. 4376.It Va netwait_if_timeout 4377.Pq Vt int 4378Defines the total number of seconds to wait for link to become usable, 4379polled at a 1-second interval. 4380The default is 30. 4381.It Va rctl_enable 4382.Pq Vt bool 4383If set to 4384.Dq Li YES , 4385load 4386.Xr rctl 8 4387rules from the defined ruleset. 4388The kernel must be built with 4389.Cd "options RACCT" 4390and 4391.Cd "options RCTL" . 4392.It Va rctl_rules 4393.Pq Vt str 4394Set to 4395.Pa /etc/rctl.conf 4396by default. 4397This variables contains the 4398.Xr rctl.conf 5 4399ruleset to load for 4400.Xr rctl 8 . 4401.It Va iovctl_files 4402.Pq Vt str 4403A space-separated list of configuration files used by 4404.Xr iovctl 8 . 4405The default value is an empty string. 4406.It Va autofs_enable 4407.Pq Vt bool 4408If set to 4409.Dq Li YES , 4410start the 4411.Xr automount 8 4412utility and the 4413.Xr automountd 8 4414and 4415.Xr autounmountd 8 4416daemons at boot time. 4417.It Va automount_flags 4418.Pq Vt str 4419If 4420.Va autofs_enable 4421is set to 4422.Dq Li YES , 4423these are the flags to pass to the 4424.Xr automount 8 4425program. 4426By default no flags are passed. 4427.It Va automountd_flags 4428.Pq Vt str 4429If 4430.Va autofs_enable 4431is set to 4432.Dq Li YES , 4433these are the flags to pass to the 4434.Xr automountd 8 4435daemon. 4436By default no flags are passed. 4437.It Va autounmountd_flags 4438.Pq Vt str 4439If 4440.Va autofs_enable 4441is set to 4442.Dq Li YES , 4443these are the flags to pass to the 4444.Xr autounmountd 8 4445daemon. 4446By default no flags are passed. 4447.It Va ctld_enable 4448.Pq Vt bool 4449If set to 4450.Dq Li YES , 4451start the 4452.Xr ctld 8 4453daemon at boot time. 4454.It Va iscsid_enable 4455.Pq Vt bool 4456If set to 4457.Dq Li YES , 4458start the 4459.Xr iscsid 8 4460daemon at boot time. 4461.It Va iscsictl_enable 4462.Pq Vt bool 4463If set to 4464.Dq Li YES , 4465start the 4466.Xr iscsictl 8 4467utility at boot time. 4468.It Va iscsictl_flags 4469.Pq Vt str 4470If 4471.Va iscsictl_enable 4472is set to 4473.Dq Li YES , 4474these are the flags to pass to the 4475.Xr iscsictl 8 4476program. 4477The default is 4478.Dq Li -Aa , 4479which configures sessions based on the 4480.Pa /etc/iscsi.conf 4481configuration file. 4482.El 4483.Sh FILES 4484.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4485.It Pa /etc/defaults/rc.conf 4486.It Pa /etc/rc.conf 4487.It Pa /etc/rc.conf.local 4488.El 4489.Sh SEE ALSO 4490.Xr chmod 1 , 4491.Xr gdb 1 , 4492.Xr info 1 , 4493.Xr kbdcontrol 1 , 4494.Xr makewhatis 1 , 4495.Xr sh 1 , 4496.Xr vi 1 , 4497.Xr vidcontrol 1 , 4498.Xr bridge 4 , 4499.Xr dummynet 4 , 4500.Xr ip 4 , 4501.Xr ipf 4 , 4502.Xr ipfw 4 , 4503.Xr ipnat 4 , 4504.Xr kld 4 , 4505.Xr pf 4 , 4506.Xr pflog 4 , 4507.Xr pfsync 4 , 4508.Xr tcp 4 , 4509.Xr udp 4 , 4510.Xr exports 5 , 4511.Xr fstab 5 , 4512.Xr ipf 5 , 4513.Xr ipnat 5 , 4514.Xr jail.conf 5 , 4515.Xr loader.conf 5 , 4516.Xr motd 5 , 4517.Xr newsyslog.conf 5 , 4518.Xr pf.conf 5 , 4519.Xr security 7 , 4520.Xr accton 8 , 4521.Xr amd 8 , 4522.Xr apm 8 , 4523.Xr bsdinstall 8 , 4524.Xr bthidd 8 , 4525.Xr chkprintcap 8 , 4526.Xr chown 8 , 4527.Xr cron 8 , 4528.Xr devfs 8 , 4529.Xr dhclient 8 , 4530.Xr ftpd 8 , 4531.Xr geli 8 , 4532.Xr hcsecd 8 , 4533.Xr ifconfig 8 , 4534.Xr inetd 8 , 4535.Xr iovctl 8 , 4536.Xr ipf 8 , 4537.Xr ipfw 8 , 4538.Xr ipnat 8 , 4539.Xr jail 8 , 4540.Xr kldxref 8 , 4541.Xr loader 8 , 4542.Xr lpd 8 , 4543.Xr mdconfig 8 , 4544.Xr mdmfs 8 , 4545.Xr mixer 8 , 4546.Xr mountd 8 , 4547.Xr moused 8 , 4548.Xr newfs 8 , 4549.Xr newsyslog 8 , 4550.Xr nfsd 8 , 4551.Xr ntpd 8 , 4552.Xr ntpdate 8 , 4553.Xr pfctl 8 , 4554.Xr pflogd 8 , 4555.Xr ping 8 , 4556.Xr powerd 8 , 4557.Xr quotacheck 8 , 4558.Xr quotaon 8 , 4559.Xr rc 8 , 4560.Xr rc.sendmail 8 , 4561.Xr rfcomm_pppd 8 , 4562.Xr route 8 , 4563.Xr routed 8 , 4564.Xr rpc.lockd 8 , 4565.Xr rpc.statd 8 , 4566.Xr rpcbind 8 , 4567.Xr rwhod 8 , 4568.Xr savecore 8 , 4569.Xr sdpd 8 , 4570.Xr sshd 8 , 4571.Xr swapon 8 , 4572.Xr sysctl 8 , 4573.Xr syslogd 8 , 4574.Xr sysrc 8 , 4575.Xr timed 8 , 4576.Xr unbound 8 , 4577.Xr usbconfig 8 , 4578.Xr wlandebug 8 , 4579.Xr yp 8 , 4580.Xr ypbind 8 , 4581.Xr ypserv 8 , 4582.Xr ypset 8 4583.Sh HISTORY 4584The 4585.Nm 4586file appeared in 4587.Fx 2.2.2 . 4588.Sh AUTHORS 4589.An Jordan K. Hubbard . 4590