1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd February 20, 2015 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory or 74.Ao Ar dir Ac Ns Pa /rc.conf.d 75directories specified in 76.Va local_startup , 77which will be included by the 78.Va load_rc_config 79function. 80For jail configurations you could use the file 81.Pa /etc/rc.conf.d/jail 82to store jail specific configuration options. 83If 84.Va local_startup 85contains 86.Pa /usr/local/etc/rc.d 87and 88.Pa /opt/conf , 89.Pa /usr/local/rc.conf.d/jail 90and 91.Pa /opt/conf/rc.conf.d/jail 92will be loaded. 93If 94.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 95is a directory, 96all of files in the directory will be loaded. 97Also see the 98.Va rc_conf_files 99variable below. 100.Pp 101Options are set with 102.Dq Ar name Ns Li = Ns Ar value 103assignments that use 104.Xr sh 1 105syntax. 106The following list provides a name and short description for each 107variable that can be set in the 108.Nm 109file: 110.Bl -tag -width indent-two 111.It Va rc_debug 112.Pq Vt bool 113If set to 114.Dq Li YES , 115enable output of debug messages from rc scripts. 116This variable can be helpful in diagnosing mistakes when 117editing or integrating new scripts. 118Beware that this produces copious output to the terminal and 119.Xr syslog 3 . 120.It Va rc_info 121.Pq Vt bool 122If set to 123.Dq Li NO , 124disable informational messages from the rc scripts. 125Informational messages are displayed when 126a condition that is not serious enough to warrant a warning or 127an error occurs. 128.It Va rc_startmsgs 129.Pq Vt bool 130If set to 131.Dq Li YES , 132show 133.Dq Starting foo: 134when faststart is used (e.g., at boot time). 135.It Va early_late_divider 136.Pq Vt str 137The name of the script that should be used as the 138delimiter between the 139.Dq early 140and 141.Dq late 142stages of the boot process. 143The early stage should contain all the services needed to 144get the disks (local or remote) mounted so that the late 145stage can include scripts contained in the directories 146listed in the 147.Va local_startup 148variable (see below). 149Thus, the two likely candidates for this value are 150.Pa mountcritlocal 151for the typical system, and 152.Pa mountcritremote 153if the system needs remote file 154systems mounted to get access to the 155.Va local_startup 156directories; for example when 157.Pa /usr/local 158is NFS mounted. 159For 160.Pa rc.conf 161within a 162.Xr jail 8 163.Pa NETWORKING 164is likely to be an appropriate value. 165Extreme care should be taken when changing this value, 166and before changing it one should ensure that there are 167adequate provisions to recover from a failed boot 168(such as physical contact with the machine, 169or reliable remote console access). 170.It Va always_force_depends 171.Pq Vt bool 172Various 173.Pa rc.d 174scripts use the force_depend function to check whether required 175services are already running, and to start them if necessary. 176By default during boot time this check is bypassed if the 177required service is enabled in 178.Pa /etc/rc.conf[.local] . 179Setting this option will bypass that check at boot time and 180always test whether or not the service is actually running. 181Enabling this option is likely to increase your boot time if 182services are enabled that utilize the force_depend check. 183.It Ao Ar name Ac Ns Va _chroot 184.Pq Vt str 185.Xr chroot 186to this directory before running the service. 187.It Ao Ar name Ac Ns Va _user 188.Pq Vt str 189Run the service under this user account. 190.It Ao Ar name Ac Ns Va _group 191.Pq Vt str 192Run the chrooted service under this system group. Unlike the _user 193setting, this setting has no effect if the service is not chrooted. 194.It Ao Ar name Ac Ns Va _fib 195.Pq Vt int 196The 197.Xr setfib 1 198value to run the service under. 199.It Ao Ar name Ac Ns Va _nice 200.Pq Vt int 201The 202.Xr nice 1 203value to run the service under. 204.It Va apm_enable 205.Pq Vt bool 206If set to 207.Dq Li YES , 208enable support for Automatic Power Management with 209the 210.Xr apm 8 211command. 212.It Va apmd_enable 213.Pq Vt bool 214Run 215.Xr apmd 8 216to handle APM event from userland. 217This also enables support for APM. 218.It Va apmd_flags 219.Pq Vt str 220If 221.Va apmd_enable 222is set to 223.Dq Li YES , 224these are the flags to pass to the 225.Xr apmd 8 226daemon. 227.It Va devd_enable 228.Pq Vt bool 229Run 230.Xr devd 8 231to handle device added, removed or unknown events from the kernel. 232.It Va ddb_enable 233.Pq Vt bool 234Run 235.Xr ddb 8 236to install 237.Xr ddb 4 238scripts at boot time. 239.It Va ddb_config 240.Pq Vt str 241Configuration file for 242.Xr ddb 8 . 243Default 244.Pa /etc/ddb.conf . 245.It Va kld_list 246.Pq Vt str 247A list of kernel modules to load right after the local 248disks are mounted. 249Loading modules at this point in the boot process is 250much faster than doing it via 251.Pa /boot/loader.conf 252for those modules not necessary for mounting local disk. 253.It Va kldxref_enable 254.Pq Vt bool 255Set to 256.Dq Li NO 257by default. 258Set to 259.Dq Li YES 260to automatically rebuild 261.Pa linker.hints 262files with 263.Xr kldxref 8 264at boot time. 265.It Va kldxref_clobber 266.Pq Vt bool 267Set to 268.Dq Li NO 269by default. 270If 271.Va kldxref_enable 272is true, 273setting to 274.Dq Li YES 275will overwrite existing 276.Pa linker.hints 277files at boot time. 278Otherwise, 279only missing 280.Pa linker.hints 281files are generated. 282.It Va kldxref_module_path 283.Pq Vt str 284Empty by default. 285A semi-colon 286.Pq Ql \&; 287delimited list of paths containing 288.Xr kld 4 289modules. 290If empty, 291the contents of the 292.Va kern.module_path 293.Xr sysctl 8 294are used. 295.It Va powerd_enable 296.Pq Vt bool 297If set to 298.Dq Li YES , 299enable the system power control facility with the 300.Xr powerd 8 301daemon. 302.It Va powerd_flags 303.Pq Vt str 304If 305.Va powerd_enable 306is set to 307.Dq Li YES , 308these are the flags to pass to the 309.Xr powerd 8 310daemon. 311.It Va tmpmfs 312Controls the creation of a 313.Pa /tmp 314memory file system. 315Always happens if set to 316.Dq Li YES 317and never happens if set to 318.Dq Li NO . 319If set to anything else, a memory file system is created if 320.Pa /tmp 321is not writable. 322.It Va tmpsize 323Controls the size of a created 324.Pa /tmp 325memory file system. 326.It Va tmpmfs_flags 327Extra options passed to the 328.Xr mdmfs 8 329utility when the memory file system for 330.Pa /tmp 331is created. 332The default is 333.Dq Li "-S" , 334which inhibits the use of softupdates on 335.Pa /tmp 336so that file system space is freed without delay 337after file truncation or deletion. 338See 339.Xr mdmfs 8 340for other options you can use in 341.Va tmpmfs_flags . 342.It Va varmfs 343Controls the creation of a 344.Pa /var 345memory file system. 346Always happens if set to 347.Dq Li YES 348and never happens if set to 349.Dq Li NO . 350If set to anything else, a memory file system is created if 351.Pa /var 352is not writable. 353.It Va varsize 354Controls the size of a created 355.Pa /var 356memory file system. 357.It Va varmfs_flags 358Extra options passed to the 359.Xr mdmfs 8 360utility when the memory file system for 361.Pa /var 362is created. 363The default is 364.Dq Li "-S" , 365which inhibits the use of softupdates on 366.Pa /var 367so that file system space is freed without delay 368after file truncation or deletion. 369See 370.Xr mdmfs 8 371for other options you can use in 372.Va varmfs_flags . 373.It Va populate_var 374Controls the automatic population of the 375.Pa /var 376file system. 377Always happens if set to 378.Dq Li YES 379and never happens if set to 380.Dq Li NO . 381If set to anything else, a memory file system is created if 382.Pa /var 383is not writable. 384Note that this process requires access to certain commands in 385.Pa /usr 386before 387.Pa /usr 388is mounted on normal systems. 389.It Va cleanvar_enable 390.Pq Vt bool 391Clean the 392.Pa /var 393directory. 394.It Va local_startup 395.Pq Vt str 396List of directories to search for startup script files. 397.It Va script_name_sep 398.Pq Vt str 399The field separator to use for breaking down the list of startup script files 400into individual filenames. 401The default is a space. 402It is not necessary to change this unless there are startup scripts with names 403containing spaces. 404.It Va hostapd_enable 405.Pq Vt bool 406Set to 407.Dq Li YES 408to start 409.Xr hostapd 8 410at system boot time. 411.It Va hostname 412.Pq Vt str 413The fully qualified domain name (FQDN) of this host on the network. 414This should almost certainly be set to something meaningful, even if 415there is no network connection. 416If 417.Xr dhclient 8 418is used to set the hostname via DHCP, 419this variable should be set to an empty string. 420If this value remains unset when the system is done booting 421your console login will display the default hostname of 422.Dq Amnesiac . 423.It Va nisdomainname 424.Pq Vt str 425The NIS domain name of this host, or 426.Dq Li NO 427if NIS is not used. 428.It Va dhclient_program 429.Pq Vt str 430Path to the DHCP client program 431.Pa ( /sbin/dhclient , 432the 433.Ox 434DHCP client, 435is the default). 436.It Va dhclient_flags 437.Pq Vt str 438Additional flags to pass to the DHCP client program. 439For the 440.Ox 441DHCP client, see the 442.Xr dhclient 8 443manpage for a description of the command line options available. 444.It Va dhclient_flags_ Ns Aq Ar iface 445Additional flags to pass to the DHCP client program running on 446.Ar iface 447only. 448When specified, this variable overrides 449.Va dhclient_flags . 450.It Va background_dhclient 451.Pq Vt bool 452Set to 453.Dq Li YES 454to start the DHCP client in background. 455This can cause trouble with applications depending on 456a working network, but it will provide a faster startup 457in many cases. 458.It Va background_dhclient_ Ns Aq Ar iface 459When specified, this variable overrides the 460.Va background_dhclient 461variable for interface 462.Ar iface 463only. 464.It Va synchronous_dhclient 465.Pq Vt bool 466Set to 467.Dq Li YES 468to start 469.Xr dhclient 8 470synchronously at startup. 471This behavior can be overridden on a per-interface basis by replacing 472the 473.Dq Li DHCP 474keyword in the 475.Va ifconfig_ Ns Aq Ar interface 476variable with 477.Dq Li SYNCDHCP 478or 479.Dq Li NOSYNCDHCP . 480.It Va defaultroute_delay 481.Pq Vt int 482When set to a positive value, wait up to this long after configuring 483DHCP interfaces at startup to give the interfaces time to receive a lease. 484.It Va firewall_enable 485.Pq Vt bool 486Set to 487.Dq Li YES 488to load firewall rules at startup. 489If the kernel was not built with 490.Cd "options IPFIREWALL" , 491the 492.Pa ipfw.ko 493kernel module will be loaded. 494See also 495.Va ipfilter_enable . 496.It Va firewall_script 497.Pq Vt str 498This variable specifies the full path to the firewall script to run. 499The default is 500.Pa /etc/rc.firewall . 501.It Va firewall_type 502.Pq Vt str 503Names the firewall type from the selection in 504.Pa /etc/rc.firewall , 505or the file which contains the local firewall ruleset. 506Valid selections from 507.Pa /etc/rc.firewall 508are: 509.Pp 510.Bl -tag -width ".Li simple" -compact 511.It Li open 512unrestricted IP access 513.It Li closed 514all IP services disabled, except via 515.Dq Li lo0 516.It Li client 517basic protection for a workstation 518.It Li simple 519basic protection for a LAN. 520.El 521.Pp 522If a filename is specified, the full path 523must be given. 524.It Va firewall_quiet 525.Pq Vt bool 526Set to 527.Dq Li YES 528to disable the display of firewall rules on the console during boot. 529.It Va firewall_logging 530.Pq Vt bool 531Set to 532.Dq Li YES 533to enable firewall event logging. 534This is equivalent to the 535.Dv IPFIREWALL_VERBOSE 536kernel option. 537.It Va firewall_logif 538.Pq Vt bool 539Set to 540.Dq Li YES 541to create pseudo interface 542.Li ipfw0 543for logging. 544For more details, see 545.Xr ipfw 8 546manual page. 547.It Va firewall_flags 548.Pq Vt str 549Flags passed to 550.Xr ipfw 8 551if 552.Va firewall_type 553specifies a filename. 554.It Va firewall_coscripts 555.Pq Vt str 556List of executables and/or rc scripts to run after firewall starts/stops. 557Default is empty. 558.\" ----- firewall_nat_enable setting -------------------------------- 559.It Va firewall_nat_enable 560.Pq Vt bool 561The 562.Xr ipfw 8 563equivalent of 564.Va natd_enable . 565Setting this to 566.Dq Li YES 567enables kernel NAT. 568.Va firewall_enable 569must also be set to 570.Dq Li YES . 571.It Va firewall_nat_interface 572.Pq Vt str 573The 574.Xr ipfw 8 575equivalent of 576.Va natd_interface . 577This is the name of the public interface or IP address on which 578kernel NAT should run. 579.It Va firewall_nat_flags 580.Pq Vt str 581Additional configuration parameters for kernel NAT should be placed here. 582.It Va dummynet_enable 583.Pq Vt bool 584Setting this to 585.Dq Li YES 586will automatically load the 587.Xr dummynet 4 588module if 589.Va firewall_enable 590is also set to 591.Dq Li YES . 592.\" ------------------------------------------------------------------- 593.It Va natd_program 594.Pq Vt str 595Path to 596.Xr natd 8 . 597.It Va natd_enable 598.Pq Vt bool 599Set to 600.Dq Li YES 601to enable 602.Xr natd 8 . 603.Va firewall_enable 604must also be set to 605.Dq Li YES , 606and 607.Xr divert 4 608sockets must be enabled in the kernel. 609If the kernel was not built with 610.Cd "options IPDIVERT" , 611the 612.Pa ipdivert.ko 613kernel module will be loaded. 614.It Va natd_interface 615.Pq Vt str 616This is the name of the public interface on which 617.Xr natd 8 618should run. 619The interface may be given as an interface name or as an IP address. 620.It Va natd_flags 621.Pq Vt str 622Additional 623.Xr natd 8 624flags should be placed here. 625The 626.Fl n 627or 628.Fl a 629flag is automatically added with the above 630.Va natd_interface 631as an argument. 632.\" ----- ipfilter_enable setting -------------------------------- 633.It Va ipfilter_enable 634.Pq Vt bool 635Set to 636.Dq Li NO 637by default. 638Setting this to 639.Dq Li YES 640enables 641.Xr ipf 8 642packet filtering. 643.Pp 644Typical usage will require putting 645.Bd -literal 646ipfilter_enable="YES" 647ipnat_enable="YES" 648ipmon_enable="YES" 649ipfs_enable="YES" 650.Ed 651.Pp 652into 653.Pa /etc/rc.conf 654and editing 655.Pa /etc/ipf.rules 656and 657.Pa /etc/ipnat.rules 658appropriately. 659.Pp 660Note that 661.Va ipfilter_enable 662and 663.Va ipnat_enable 664can be enabled independently. 665.Va ipmon_enable 666and 667.Va ipfs_enable 668both require at least one of 669.Va ipfilter_enable 670and 671.Va ipnat_enable 672to be enabled. 673.Pp 674Having 675.Bd -literal 676options IPFILTER 677options IPFILTER_LOG 678options IPFILTER_DEFAULT_BLOCK 679.Ed 680.Pp 681in the kernel configuration file is a good idea, too. 682.\" ----- ipfilter_program setting ------------------------------ 683.It Va ipfilter_program 684.Pq Vt str 685Path to 686.Xr ipf 8 687(default 688.Pa /sbin/ipf ) . 689.\" ----- ipfilter_rules setting -------------------------------- 690.It Va ipfilter_rules 691.Pq Vt str 692Set to 693.Pa /etc/ipf.rules 694by default. 695This variable contains the name of the filter rule definition file. 696The file is expected to be readable for the 697.Xr ipf 8 698command to execute. 699.\" ----- ipv6_ipfilter_rules setting --------------------------- 700.It Va ipv6_ipfilter_rules 701.Pq Vt str 702Set to 703.Pa /etc/ipf6.rules 704by default. 705This variable contains the IPv6 filter rule definition file. 706The file is expected to be readable for the 707.Xr ipf 8 708command to execute. 709.\" ----- ipfilter_flags setting -------------------------------- 710.It Va ipfilter_flags 711.Pq Vt str 712Empty by default. 713This variable contains flags passed to the 714.Xr ipf 8 715program. 716.\" ----- ipnat_enable setting ---------------------------------- 717.It Va ipnat_enable 718.Pq Vt bool 719Set to 720.Dq Li NO 721by default. 722Set it to 723.Dq Li YES 724to enable 725.Xr ipnat 8 726network address translation. 727See 728.Va ipfilter_enable 729for a detailed discussion. 730.\" ----- ipnat_program setting --------------------------------- 731.It Va ipnat_program 732.Pq Vt str 733Path to 734.Xr ipnat 8 735(default 736.Pa /sbin/ipnat ) . 737.\" ----- ipnat_rules setting ----------------------------------- 738.It Va ipnat_rules 739.Pq Vt str 740Set to 741.Pa /etc/ipnat.rules 742by default. 743This variable contains the name of the file 744holding the network address translation definition. 745This file is expected to be readable for the 746.Xr ipnat 8 747command to execute. 748.\" ----- ipnat_flags setting ----------------------------------- 749.It Va ipnat_flags 750.Pq Vt str 751Empty by default. 752This variable contains flags passed to the 753.Xr ipnat 8 754program. 755.\" ----- ipmon_enable setting ---------------------------------- 756.It Va ipmon_enable 757.Pq Vt bool 758Set to 759.Dq Li NO 760by default. 761Set it to 762.Dq Li YES 763to enable 764.Xr ipmon 8 765monitoring (logging 766.Xr ipf 8 767and 768.Xr ipnat 8 769events). 770Setting this variable needs setting 771.Va ipfilter_enable 772or 773.Va ipnat_enable 774too. 775See 776.Va ipfilter_enable 777for a detailed discussion. 778.\" ----- ipmon_program setting --------------------------------- 779.It Va ipmon_program 780.Pq Vt str 781Path to 782.Xr ipmon 8 783(default 784.Pa /sbin/ipmon ) . 785.\" ----- ipmon_flags setting ----------------------------------- 786.It Va ipmon_flags 787.Pq Vt str 788Set to 789.Dq Li -Ds 790by default. 791This variable contains flags passed to the 792.Xr ipmon 8 793program. 794Another typical example would be 795.Dq Fl D Pa /var/log/ipflog 796to have 797.Xr ipmon 8 798log directly to a file bypassing 799.Xr syslogd 8 . 800Make sure to adjust 801.Pa /etc/newsyslog.conf 802in such case like this: 803.Bd -literal 804/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 805.Ed 806.\" ----- ipfs_enable setting ----------------------------------- 807.It Va ipfs_enable 808.Pq Vt bool 809Set to 810.Dq Li NO 811by default. 812Set it to 813.Dq Li YES 814to enable 815.Xr ipfs 8 816saving the filter and NAT state tables during shutdown 817and reloading them during startup again. 818Setting this variable needs setting 819.Va ipfilter_enable 820or 821.Va ipnat_enable 822to 823.Dq Li YES 824too. 825See 826.Va ipfilter_enable 827for a detailed discussion. 828Note that if 829.Va kern_securelevel 830is set to 3, 831.Va ipfs_enable 832cannot be used 833because the raised securelevel will prevent 834.Xr ipfs 8 835from saving the state tables at shutdown time. 836.\" ----- ipfs_program setting ---------------------------------- 837.It Va ipfs_program 838.Pq Vt str 839Path to 840.Xr ipfs 8 841(default 842.Pa /sbin/ipfs ) . 843.\" ----- ipfs_flags setting ------------------------------------ 844.It Va ipfs_flags 845.Pq Vt str 846Empty by default. 847This variable contains flags passed to the 848.Xr ipfs 8 849program. 850.\" ----- end of added ipf hook --------------------------------- 851.It Va pf_enable 852.Pq Vt bool 853Set to 854.Dq Li NO 855by default. 856Setting this to 857.Dq Li YES 858enables 859.Xr pf 4 860packet filtering. 861.Pp 862Typical usage will require putting 863.Pp 864.Dl pf_enable="YES" 865.Pp 866into 867.Pa /etc/rc.conf 868and editing 869.Pa /etc/pf.conf 870appropriately. 871Adding 872.Pp 873.Dl "device pf" 874.Pp 875builds support for 876.Xr pf 4 877into the kernel, otherwise the 878kernel module will be loaded. 879.It Va pf_rules 880.Pq Vt str 881Path to 882.Xr pf 4 883ruleset configuration file 884(default 885.Pa /etc/pf.conf ) . 886.It Va pf_program 887.Pq Vt str 888Path to 889.Xr pfctl 8 890(default 891.Pa /sbin/pfctl ) . 892.It Va pf_flags 893.Pq Vt str 894If 895.Va pf_enable 896is set to 897.Dq Li YES , 898these flags are passed to the 899.Xr pfctl 8 900program when loading the ruleset. 901.It Va pflog_enable 902.Pq Vt bool 903Set to 904.Dq Li NO 905by default. 906Setting this to 907.Dq Li YES 908enables 909.Xr pflogd 8 910which logs packets from the 911.Xr pf 4 912packet filter. 913.It Va pflog_logfile 914.Pq Vt str 915If 916.Va pflog_enable 917is set to 918.Dq Li YES 919this controls where 920.Xr pflogd 8 921stores the logfile 922(default 923.Pa /var/log/pflog ) . 924Check 925.Pa /etc/newsyslog.conf 926to adjust logfile rotation for this. 927.It Va pflog_program 928.Pq Vt str 929Path to 930.Xr pflogd 8 931(default 932.Pa /sbin/pflogd ) . 933.It Va pflog_flags 934.Pq Vt str 935Empty by default. 936This variable contains additional flags passed to the 937.Xr pflogd 8 938program. 939.It Va pflog_instances 940.Pq Vt str 941If logging to more than one 942.Xr pflog 4 943interface is desired, 944.Va pflog_instances 945is set to the list of 946.Xr pflogd 8 947instances that should be started at system boot time. If 948.Va pflog_instances 949is set, for each whitespace-seperated 950.Ar element 951in the list, 952.Ao Ar element Ac Ns Va _dev 953and 954.Ao Ar element Ac Ns Va _logfile 955elements are assumed to exist. 956.Ao Ar element Ac Ns Va _dev 957must contain the 958.Xr pflog 4 959interface to be watched by the named 960.Xr pflogd 8 961instance. 962.Ao Ar element Ac Ns Va _logfile 963must contain the name of the logfile that will be used by the 964.Xr pflogd 8 965instance. 966.It Va ftpproxy_enable 967.Pq Vt bool 968Set to 969.Dq Li NO 970by default. 971Setting this to 972.Dq Li YES 973enables 974.Xr ftp-proxy 8 975which supports the 976.Xr pf 4 977packet filter in translating ftp connections. 978.It Va ftpproxy_flags 979.Pq Vt str 980Empty by default. 981This variable contains additional flags passed to the 982.Xr ftp-proxy 8 983program. 984.It Va ftpproxy_instances 985.Pq Vt str 986Empty by default. If multiple instances of 987.Xr ftp-proxy 8 988are desired at boot time, 989.Va ftpproxy_instances 990should contain a whitespace-seperated list of instance names. For each 991.Ar element 992in the list, a variable named 993.Ao Ar element Ac Ns Va _flags 994should be defined, containing the command-line flags to be passed to the 995.Xr ftp-proxy 8 996instance. 997.It Va pfsync_enable 998.Pq Vt bool 999Set to 1000.Dq Li NO 1001by default. 1002Setting this to 1003.Dq Li YES 1004enables exposing 1005.Xr pf 4 1006state changes to other hosts over the network by means of 1007.Xr pfsync 4 . 1008The 1009.Va pfsync_syncdev 1010variable 1011must also be set then. 1012.It Va pfsync_syncdev 1013.Pq Vt str 1014Empty by default. 1015This variable specifies the name of the network interface 1016.Xr pfsync 4 1017should operate through. 1018It must be set accordingly if 1019.Va pfsync_enable 1020is set to 1021.Dq Li YES . 1022.It Va pfsync_syncpeer 1023.Pq Vt str 1024Empty by default. 1025This variable is optional. 1026By default, state change messages are sent out on the synchronisation 1027interface using IP multicast packets. 1028The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1029224.0.0.240. 1030When a peer address is specified using the 1031.Va pfsync_syncpeer 1032option, the peer address is used as a destination for the pfsync 1033traffic, and the traffic can then be protected using 1034.Xr ipsec 4 . 1035See the 1036.Xr pfsync 4 1037manpage for more details about using 1038.Xr ipsec 4 1039with 1040.Xr pfsync 4 1041interfaces. 1042.It Va pfsync_ifconfig 1043.Pq Vt str 1044Empty by default. 1045This variable can contain additional options to be passed to the 1046.Xr ifconfig 8 1047command used to set up 1048.Xr pfsync 4 . 1049.It Va tcp_extensions 1050.Pq Vt bool 1051Set to 1052.Dq Li YES 1053by default. 1054Setting this to 1055.Dq Li NO 1056disables certain TCP options as described by 1057.Rs 1058.%T "RFC 1323" 1059.Re 1060Setting this to 1061.Dq Li NO 1062might help remedy such problems with connections as randomly hanging 1063or other weird behavior. 1064Some network devices are known 1065to be broken with respect to these options. 1066.It Va log_in_vain 1067.Pq Vt int 1068Set to 0 by default. 1069The 1070.Xr sysctl 8 1071variables, 1072.Va net.inet.tcp.log_in_vain 1073and 1074.Va net.inet.udp.log_in_vain , 1075as described in 1076.Xr tcp 4 1077and 1078.Xr udp 4 , 1079are set to the given value. 1080.It Va tcp_keepalive 1081.Pq Vt bool 1082Set to 1083.Dq Li YES 1084by default. 1085Setting to 1086.Dq Li NO 1087will disable probing idle TCP connections to verify that the 1088peer is still up and reachable. 1089.It Va tcp_drop_synfin 1090.Pq Vt bool 1091Set to 1092.Dq Li NO 1093by default. 1094Setting to 1095.Dq Li YES 1096will cause the kernel to ignore TCP frames that have both 1097the SYN and FIN flags set. 1098This prevents OS fingerprinting, but may 1099break some legitimate applications. 1100.It Va icmp_drop_redirect 1101.Pq Vt bool 1102Set to 1103.Dq Li NO 1104by default. 1105Setting to 1106.Dq Li YES 1107will cause the kernel to ignore ICMP REDIRECT packets. 1108Refer to 1109.Xr icmp 4 1110for more information. 1111.It Va icmp_log_redirect 1112.Pq Vt bool 1113Set to 1114.Dq Li NO 1115by default. 1116Setting to 1117.Dq Li YES 1118will cause the kernel to log ICMP REDIRECT packets. 1119Note that 1120the log messages are not rate-limited, so this option should only be used 1121for troubleshooting networks. 1122Refer to 1123.Xr icmp 4 1124for more information. 1125.It Va icmp_bmcastecho 1126.Pq Vt bool 1127Set to 1128.Dq Li YES 1129to respond to broadcast or multicast ICMP ping packets. 1130Refer to 1131.Xr icmp 4 1132for more information. 1133.It Va ip_portrange_first 1134.Pq Vt int 1135If not set to 1136.Dq Li NO , 1137this is the first port in the default portrange. 1138Refer to 1139.Xr ip 4 1140for more information. 1141.It Va ip_portrange_last 1142.Pq Vt int 1143If not set to 1144.Dq Li NO , 1145this is the last port in the default portrange. 1146Refer to 1147.Xr ip 4 1148for more information. 1149.It Va network_interfaces 1150.Pq Vt str 1151Set to the list of network interfaces to configure on this host or 1152.Dq Li AUTO 1153(the default) for all current interfaces. 1154Setting the 1155.Va network_interfaces 1156variable to anything other than the default is deprecated. 1157Interfaces that the administrator wishes to store configuration for, 1158but not start at boot should be configured with the 1159.Dq Li NOAUTO 1160keyword in their 1161.Va ifconfig_ Ns Aq Ar interface 1162variables as described below. 1163.Pp 1164An 1165.Va ifconfig_ Ns Aq Ar interface 1166variable is also assumed to exist for each value of 1167.Ar interface . 1168When an interface name contains any of the characters 1169.Dq Li .-/+ 1170they are translated to 1171.Dq Li _ 1172before lookup. 1173The variable can contain arguments to 1174.Xr ifconfig 8 , 1175as well as special case-insensitive keywords described below. 1176Such keywords are removed before passing the value to 1177.Xr ifconfig 8 1178while the order of the other arguments is preserved. 1179.Pp 1180It is possible to add IP alias entries using 1181.Xr ifconfig 8 1182syntax with the address family keyword such as 1183.Li inet . 1184Assuming that the interface in question was 1185.Li ed0 , 1186it might look something like this: 1187.Bd -literal 1188ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1189ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1190.Ed 1191.Pp 1192It also possible to configure multiple IP addresses in Classless 1193Inter-Domain Routing 1194.Pq CIDR 1195address notation, 1196whose each address component can be a range like 1197.Li inet 192.0.2.5-23/24 1198or 1199.Li inet6 2001:db8:1-f::1/64 . 1200This notation allows address and prefix length part only, 1201not the other address modifiers. 1202Note that the maximum number of the generated addresses from a range 1203specification is limited to an integer value specified in 1204.Va netif_ipexpand_max 1205in 1206.Xr rc.conf 5 1207because a small typo can unexpectedly generate a large number of addresses. 1208The default value is 1209.Li 2048 . 1210It can be increased by adding the following line into 1211.Xr rc.conf 5 : 1212.Bd -literal 1213netif_ipexpand_max="4096" 1214.Ed 1215.Pp 1216In the case of 1217.Li 192.0.2.5-23/24 , 1218the address 192.0.2.5 will be configured with the 1219netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1220the non-conflicting netmask /32 as explained in the 1221.Xr ifconfig 8 1222alias section. 1223Note that this special netmask handling is only for 1224.Li inet , 1225not for the other address families such as 1226.Li inet6 . 1227.Pp 1228With the interface in question being 1229.Li ed0 , 1230an example could look like: 1231.Bd -literal 1232ifconfig_ed0_alias2="inet 192.0.2.129/27" 1233ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1234.Ed 1235.Pp 1236and so on. 1237.Pp 1238Note that 1239.Va ipv4_addrs_ Ns Aq Ar interface 1240variable was supported for IPv4 CIDR address notation. 1241It is now deprecated because the functionality was integrated into 1242.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1243though 1244.Va ipv4_addrs_ Ns Aq Ar interface 1245is still supported for backward compatibility. 1246.Pp 1247For each 1248.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1249entry with an address family keyword, 1250its contents are passed to 1251.Xr ifconfig 8 . 1252Execution stops at the first unsuccessful access, so if 1253something like this is present: 1254.Bd -literal 1255ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1256ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1257ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1258ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1259.Ed 1260.Pp 1261Then note that alias4 would 1262.Em not 1263be added since the search would 1264stop with the missing 1265.Dq Li alias3 1266entry. 1267Because of this difficult to manage behavior, 1268there is 1269.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1270variable, which has the same functionality as 1271.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1272and can have all of entries in a variable like the following: 1273.Bd -literal 1274ifconfig_ed0_aliases="\\ 1275 inet 127.0.0.251 netmask 0xffffffff \\ 1276 inet 127.0.0.252 netmask 0xffffffff \\ 1277 inet 127.0.0.253 netmask 0xffffffff \\ 1278 inet 127.0.0.254 netmask 0xffffffff" 1279.Ed 1280.Pp 1281It also supports CIDR notation. 1282.Pp 1283If the 1284.Pa /etc/start_if. Ns Aq Ar interface 1285file is present, it is read and executed by the 1286.Xr sh 1 1287interpreter 1288before configuring the interface as specified in the 1289.Va ifconfig_ Ns Aq Ar interface 1290and 1291.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1292variables. 1293.Pp 1294If a 1295.Va vlans_ Ns Aq Ar interface 1296variable is set, 1297a 1298.Xr vlan 4 1299interface will be created for each item in the list with the 1300.Ar vlandev 1301argument set to 1302.Ar interface . 1303If a vlan interface's name is a number, 1304then that number is used as the vlan tag and the new vlan interface is 1305named 1306.Ar interface . Ns Ar tag . 1307Otherwise, 1308the vlan tag must be specified via a 1309.Va vlan 1310parameter in the 1311.Va create_args_ Ns Aq Ar interface 1312variable. 1313.Pp 1314To create a vlan device named 1315.Li em0.101 1316on 1317.Li em0 1318with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1319.Bd -literal 1320vlans_em0="101" 1321ifconfig_em0_101="inet 192.0.2.1/24" 1322.Ed 1323.Pp 1324To create a vlan device named 1325.Li myvlan 1326on 1327.Li em0 1328with the vlan tag 102: 1329.Bd -literal 1330vlans_em0="myvlan" 1331create_args_myvlan="vlan 102" 1332.Ed 1333.Pp 1334If a 1335.Va wlans_ Ns Aq Ar interface 1336variable is set, 1337an 1338.Xr wlan 4 1339interface will be created for each item in the list with the 1340.Ar wlandev 1341argument set to 1342.Ar interface . 1343Further wlan cloning arguments may be passed to the 1344.Xr ifconfig 8 1345.Cm create 1346command by setting the 1347.Va create_args_ Ns Aq Ar interface 1348variable. 1349One or more 1350.Xr wlan 4 1351devices must be created for each wireless devices as of 1352.Fx 8.0 . 1353Debugging flags for 1354.Xr wlan 4 1355devices as set by 1356.Xr wlandebug 8 1357may be specified with an 1358.Va wlandebug_ Ns Aq Ar interface 1359variable. 1360The contents of this variable will be passed directly to 1361.Xr wlandebug 8 . 1362.Pp 1363If the 1364.Va ifconfig_ Ns Aq Ar interface 1365contains the keyword 1366.Dq Li NOAUTO 1367then the interface will not be configured 1368at boot or by 1369.Pa /etc/pccard_ether 1370when 1371.Va network_interfaces 1372is set to 1373.Dq Li AUTO . 1374.Pp 1375It is possible to bring up an interface with DHCP by adding 1376.Dq Li DHCP 1377to the 1378.Va ifconfig_ Ns Aq Ar interface 1379variable. 1380For instance, to initialize the 1381.Li ed0 1382device via DHCP, 1383it is possible to use something like: 1384.Bd -literal 1385ifconfig_ed0="DHCP" 1386.Ed 1387.Pp 1388If you want to configure your wireless interface with 1389.Xr wpa_supplicant 8 1390for use with WPA, EAP/LEAP or WEP, you need to add 1391.Dq Li WPA 1392to the 1393.Va ifconfig_ Ns Aq Ar interface 1394variable. 1395.Pp 1396On the other hand, if you want to configure your wireless interface with 1397.Xr hostapd 8 , 1398you need to add 1399.Dq Li HOSTAP 1400to the 1401.Va ifconfig_ Ns Aq Ar interface 1402variable. 1403.Xr hostapd 8 1404will use the settings from 1405.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1406.Pp 1407Finally, you can add 1408.Xr ifconfig 8 1409options in this variable, in addition to the 1410.Pa /etc/start_if. Ns Aq Ar interface 1411file. 1412For instance, to configure an 1413.Xr ath 4 1414wireless device in station mode with an address obtained 1415via DHCP, using WPA authentication and 802.11b mode, it is 1416possible to use something like: 1417.Bd -literal 1418wlans_ath0="wlan0" 1419ifconfig_wlan0="DHCP WPA mode 11b" 1420.Ed 1421.Pp 1422In addition to the 1423.Va ifconfig_ Ns Aq Ar interface 1424form, a fallback variable 1425.Va ifconfig_DEFAULT 1426may be configured. 1427It will be used for all interfaces with no 1428.Va ifconfig_ Ns Aq Ar interface 1429variable. 1430This is intended to replace the no longer supported 1431.Va pccard_ifconfig 1432variable. 1433.Pp 1434It is also possible to rename an interface by doing: 1435.Bd -literal 1436ifconfig_ed0_name="net0" 1437ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1438.Ed 1439.It Va ipv6_enable 1440.Pq Vt bool 1441This variable is deprecated. 1442Use 1443.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1444and 1445.Va ipv6_activate_all_interfaces 1446if necessary. 1447.Pp 1448If the variable is 1449.Dq Li YES , 1450.Dq Li inet6 accept_rtadv 1451is added to all of 1452.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1453and the 1454.Va ipv6_activate_all_interfaces 1455is defined as 1456.Dq Li YES . 1457.It Va ipv6_prefer 1458.Pq Vt bool 1459This variable is deprecated. 1460Use 1461.Va ip6addrctl_policy 1462instead. 1463.Pp 1464If the variable is 1465.Dq Li YES , 1466the default address selection policy table set by 1467.Xr ip6addrctl 8 1468will be IPv6-preferred. 1469.Pp 1470If the variable is 1471.Dq Li NO , 1472the default address selection policy table set by 1473.Xr ip6addrctl 8 1474will be IPv4-preferred. 1475.It Va ipv6_activate_all_interfaces 1476.Pq Vt bool 1477This controls initial configuration on IPv6-capable 1478interfaces with no corresponding 1479.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1480variable. 1481Note that it is not always necessary to set this variable to 1482.Dq YES 1483to use IPv6 functionality on 1484.Fx . 1485In most cases, just configuring 1486.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1487variables works. 1488.Pp 1489If the variable is 1490.Dq Li NO , 1491all interfaces which do not have a corresponding 1492.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1493variable will be marked as 1494.Dq Li IFDISABLED 1495at creation. 1496This means that all of IPv6 functionality on that interface 1497is completely disabled to enforce a security policy. 1498If the variable is set to 1499.Dq YES , 1500the flag will be cleared on all of the interfaces. 1501.Pp 1502In most cases, just defining an 1503.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1504for an IPv6-capable interface should be sufficient. 1505However, if an interface is added dynamically 1506.Pq by some tunneling protocols such as PPP, for example , 1507it is often difficult to define the variable in advance. 1508In such a case, configuring the 1509.Dq Li IFDISABLED 1510flag can be disabled by setting this variable to 1511.Dq YES . 1512.Pp 1513For more details of the 1514.Dq Li IFDISABLED 1515flag and keywords 1516.Dq Li inet6 ifdisabled , 1517see 1518.Xr ifconfig 8 . 1519.Pp 1520Default is 1521.Dq Li NO . 1522.It Va ipv6_privacy 1523.Pq Vt bool 1524If the variable is 1525.Dq Li YES 1526privacy addresses will be generated for each IPv6 1527interface as described in RFC 4941. 1528.It Va ipv6_network_interfaces 1529.Pq Vt str 1530This is the IPv6 equivalent of 1531.Va network_interfaces . 1532Normally manual configuration of this variable is not needed. 1533.It Va ipv6_cpe_wanif 1534.Pq Vt str 1535If the variable is set to an interface name, 1536the 1537.Xr ifconfig 8 1538options 1539.Dq inet6 -no_radr accept_rtadv 1540will be added to the specified interface automatically before evaluating 1541.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1542and two 1543.Xr sysctl 8 1544variables 1545.Va net.inet6.ip6.rfc6204w3 1546and 1547.Va net.inet6.ip6.no_radr 1548will be set to 1. 1549.Pp 1550This means the specified interface will accept ICMPv6 Router 1551Advertisement messages on that link and add the discovered 1552routers into the Default Router List. 1553While the other interfaces can still accept RA messages if the 1554.Dq inet6 accept_rtadv 1555option is specified, adding 1556routes into the Default Router List will be disabled by 1557.Dq inet6 no_radr 1558option by default. 1559See 1560.Xr ifconfig 8 1561for more details. 1562.Pp 1563Note that ICMPv6 Router Advertisement messages will be 1564accepted even when 1565.Va net.inet6.ip6.forwarding 1566is 1 1567.Pq packet forwarding is enabled 1568when 1569.Va net.inet6.ip6.rfc6204w3 1570is set to 1. 1571.Pp 1572Default is 1573.Dq Li NO . 1574.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1575.Pq Vt str 1576IPv6 functionality on an interface should be configured by 1577.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1578instead of setting ifconfig parameters in 1579.Va ifconfig_ Ns Aq Ar interface . 1580If this variable is empty, all of IPv6 configurations on the 1581specified interface by other variables such as 1582.Va ipv6_prefix_ Ns Ao Ar interface Ac 1583will be ignored. 1584.Pp 1585Aliases should be set by 1586.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1587with 1588.Dq Li inet6 1589keyword. 1590For example: 1591.Bd -literal 1592ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1593ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1594.Ed 1595.Pp 1596Interfaces that have an 1597.Dq Li inet6 accept_rtadv 1598keyword in 1599.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1600setting will be automatically configured by SLAAC 1601.Pq StateLess Address AutoConfiguration 1602described in 1603.Rs 1604.%T "RFC 4862" 1605.Re 1606.Pp 1607Note that a link-local address will be automatically configured in 1608addition to the configured global-scope addresses because the IPv6 1609specifications require it on each link. 1610The address is calculated from the MAC address by using an algorithm 1611defined in 1612.Rs 1613.%T "RFC 4862" 1614.%O "Section 5.3" 1615.Re 1616.Pp 1617If only a link-local address is needed on the interface, 1618the following configuration can be used: 1619.Bd -literal 1620ifconfig_ed0_ipv6="inet6 auto_linklocal" 1621.Ed 1622.Pp 1623A link-local address can also be configured manually. 1624This is useful for the default router address of an IPv6 router 1625so that it does not change when the network interface 1626card is replaced. 1627For example: 1628.Bd -literal 1629ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1630.Ed 1631.It Va ipv6_prefix_ Ns Aq Ar interface 1632.Pq Vt str 1633If one or more prefixes are defined in 1634.Va ipv6_prefix_ Ns Aq Ar interface 1635addresses based on each prefix and the EUI-64 interface index will be 1636configured on that interface. 1637Note that this variable will be ignored when 1638.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1639is empty. 1640.Pp 1641For example, the following configuration 1642.Bd -literal 1643ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1644.Ed 1645.Pp 1646is equivalent to the following: 1647.Bd -literal 1648ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1649ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1650ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1651ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1652.Ed 1653.Pp 1654These Subnet-Router anycast addresses will be added only when 1655.Va ipv6_gateway_enable 1656is YES. 1657.It Va ipv6_default_interface 1658.Pq Vt str 1659If not set to 1660.Dq Li NO , 1661this is the default output interface for scoped addresses. 1662This works only with ipv6_gateway_enable="NO". 1663.It Va ip6addrctl_enable 1664.Pq Vt bool 1665This variable is to enable configuring default address selection policy table 1666.Pq RFC 3484 . 1667The table can be specified in another variable 1668.Va ip6addrctl_policy . 1669For 1670.Va ip6addrctl_policy 1671the following keywords can be specified: 1672.Dq Li ipv4_prefer , 1673.Dq Li ipv6_prefer , 1674or 1675.Dq Li AUTO . 1676.Pp 1677If 1678.Dq Li ipv4_prefer 1679or 1680.Dq Li ipv6_prefer 1681is specified, 1682.Xr ip6addrctl 8 1683installs a pre-defined policy table described in Section 2.1 1684.Pq IPv6-preferred 1685or 10.3 1686.Pq IPv4-preferred 1687of RFC 3484. 1688.Pp 1689If 1690.Dq Li AUTO 1691is specified, it attempts to read a file 1692.Pa /etc/ip6addrctl.conf 1693first. 1694If this file is found, 1695.Xr ip6addrctl 8 1696reads and installs it. 1697If not found, a policy is automatically set 1698according to 1699.Va ipv6_activate_all_interfaces 1700variable; if the variable is set to 1701.Dq Li YES 1702the IPv6-preferred one is used. 1703Otherwise IPv4-preferred. 1704.Pp 1705The default value of 1706.Va ip6addrctl_enable 1707and 1708.Va ip6addrctl_policy 1709are 1710.Dq Li YES 1711and 1712.Dq Li AUTO , 1713respectively. 1714.It Va cloned_interfaces 1715.Pq Vt str 1716Set to the list of clonable network interfaces to create on this host. 1717Further cloning arguments may be passed to the 1718.Xr ifconfig 8 1719.Cm create 1720command for each interface by setting the 1721.Va create_args_ Ns Aq Ar interface 1722variable. 1723If an interface name is specified with 1724.Dq :sticky 1725keyword, 1726the interface will not be destroyed even when 1727.Pa rc.d/netif 1728script is invoked with 1729.Dq stop 1730argument. 1731This is useful when reconfiguring the interface without destroying it. 1732Entries in 1733.Va cloned_interfaces 1734are automatically appended to 1735.Va network_interfaces 1736for configuration. 1737.It Va cloned_interfaces_sticky 1738.Pq Vt bool 1739This variable is to globally enable functionality of 1740.Dq :sticky 1741keyword in 1742.Va cloned_interfaces 1743for all interfaces. 1744The default value is 1745.Dq NO . 1746Even if this variable is specified to 1747.Dq YES , 1748.Dq :nosticky 1749keyword can be used to override it on per interface basis. 1750.It Va gif_interfaces 1751.Pq Vt str 1752This variable is deprecated in favor of 1753.Va cloned_interfaces . 1754Set to the list of 1755.Xr gif 4 1756tunnel interfaces to configure on this host. 1757A 1758.Va gifconfig_ Ns Aq Ar interface 1759variable is assumed to exist for each value of 1760.Ar interface . 1761The value of this variable is used to configure the link layer of the 1762tunnel according to the syntax of the 1763.Cm tunnel 1764option to 1765.Xr ifconfig 8 . 1766Additionally, this option ensures that each listed interface is created 1767via the 1768.Cm create 1769option to 1770.Xr ifconfig 8 1771before attempting to configure it. 1772.It Va sppp_interfaces 1773.Pq Vt str 1774Set to the list of 1775.Xr sppp 4 1776interfaces to configure on this host. 1777A 1778.Va spppconfig_ Ns Aq Ar interface 1779variable is assumed to exist for each value of 1780.Ar interface . 1781Each interface should also be configured by a general 1782.Va ifconfig_ Ns Aq Ar interface 1783setting. 1784Refer to 1785.Xr spppcontrol 8 1786for more information about available options. 1787.It Va ppp_enable 1788.Pq Vt bool 1789If set to 1790.Dq Li YES , 1791run the 1792.Xr ppp 8 1793daemon. 1794.It Va ppp_profile 1795.Pq Vt str 1796The name of the profile to use from 1797.Pa /etc/ppp/ppp.conf . 1798Also used for per-profile overrides of 1799.Va ppp_mode 1800and 1801.Va ppp_nat , 1802and 1803.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1804When the profile name contains any of the characters 1805.Dq Li .-/+ 1806they are translated to 1807.Dq Li _ 1808for the proposes of the override variable names. 1809.It Va ppp_mode 1810.Pq Vt str 1811Mode in which to run the 1812.Xr ppp 8 1813daemon. 1814.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1815.Pq Vt str 1816Overrides the global 1817.Va ppp_mode 1818for 1819.Ar profile . 1820Accepted modes are 1821.Dq Li auto , 1822.Dq Li ddial , 1823.Dq Li direct 1824and 1825.Dq Li dedicated . 1826See the manual for a full description. 1827.It Va ppp_nat 1828.Pq Vt bool 1829If set to 1830.Dq Li YES , 1831enables network address translation. 1832Used in conjunction with 1833.Va gateway_enable 1834allows hosts on private network addresses access to the Internet using 1835this host as a network address translating router. 1836.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1837.Pq Vt str 1838Overrides the global 1839.Va ppp_nat 1840for 1841.Ar profile . 1842.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1843.Pq Vt int 1844Set the unit number to be used for this profile. 1845See the manual description of 1846.Fl unit Ns Ar N 1847for details. 1848.It Va ppp_user 1849.Pq Vt str 1850The name of the user under which 1851.Xr ppp 8 1852should be started. 1853By 1854default, 1855.Xr ppp 8 1856is started as 1857.Dq Li root . 1858.It Va rc_conf_files 1859.Pq Vt str 1860This option is used to specify a list of files that will override 1861the settings in 1862.Pa /etc/defaults/rc.conf . 1863The files will be read in the order in which they are specified and should 1864include the full path to the file. 1865By default, the files specified are 1866.Pa /etc/rc.conf 1867and 1868.Pa /etc/rc.conf.local 1869.It Va zfs_enable 1870.Pq Vt bool 1871If set to 1872.Dq Li YES , 1873.Pa /etc/rc.d/zfs 1874will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1875(ZVOLs). 1876.It Va gptboot_enable 1877.Pq Vt bool 1878If set to 1879.Dq Li YES , 1880.Pa /etc/rc.d/gptboot 1881will log if the system successfully (or not) booted from a GPT partition, 1882which had the 1883.Ar bootonce 1884attribute set using 1885.Xr gpart 8 1886utility. 1887.It Va gbde_autoattach_all 1888.Pq Vt bool 1889If set to 1890.Dq Li YES , 1891.Pa /etc/rc.d/gbde 1892will attempt to automatically initialize your .bde devices in 1893.Pa /etc/fstab . 1894.It Va gbde_devices 1895.Pq Vt str 1896List the devices that the script should try to attach, 1897or 1898.Dq Li AUTO . 1899.It Va gbde_lockdir 1900.Pq Vt str 1901The directory where the 1902.Xr gbde 4 1903lockfiles are located. 1904The default lockfile directory is 1905.Pa /etc . 1906.Pp 1907The lockfile for each individual 1908.Xr gbde 4 1909device can be overridden by setting the variable 1910.Va gbde_lock_ Ns Aq Ar device , 1911where 1912.Ar device 1913is the encrypted device without the 1914.Dq Pa /dev/ 1915and 1916.Dq Pa .bde 1917parts. 1918.It Va gbde_attach_attempts 1919.Pq Vt int 1920Number of times to attempt attaching to a 1921.Xr gbde 4 1922device, i.e., how many times the user is asked for the pass-phrase. 1923Default is 3. 1924.It Va geli_devices 1925.Pq Vt str 1926List of devices to automatically attach on boot. 1927Note that .eli devices from 1928.Pa /etc/fstab 1929are automatically appended to this list. 1930.It Va geli_tries 1931.Pq Vt int 1932Number of times user is asked for the pass-phrase. 1933If empty, it will be taken from 1934.Va kern.geom.eli.tries 1935sysctl variable. 1936.It Va geli_default_flags 1937.Pq Vt str 1938Default flags to use by 1939.Xr geli 8 1940when configuring disk encryption. 1941Flags can be configured for every device separately by defining 1942.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1943variable. 1944.It Va geli_autodetach 1945.Pq Vt str 1946Specifies if GELI devices should be marked for detach on last close after 1947file systems are mounted. 1948Default is 1949.Dq Li YES . 1950This can be changed for every device separately by defining 1951.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1952variable. 1953.It Va root_rw_mount 1954.Pq Vt bool 1955Set to 1956.Dq Li YES 1957by default. 1958After the file systems are checked at boot time, the root file system 1959is remounted as read-write if this is set to 1960.Dq Li YES . 1961Diskless systems that mount their root file system from a read-only remote 1962NFS share should set this to 1963.Dq Li NO 1964in their 1965.Pa rc.conf . 1966.It Va fsck_y_enable 1967.Pq Vt bool 1968If set to 1969.Dq Li YES , 1970.Xr fsck 8 1971will be run with the 1972.Fl y 1973flag if the initial preen 1974of the file systems fails. 1975.It Va background_fsck 1976.Pq Vt bool 1977If set to 1978.Dq Li YES , 1979the system will attempt to run 1980.Xr fsck 8 1981in the background where possible. 1982.It Va background_fsck_delay 1983.Pq Vt int 1984The amount of time in seconds to sleep before starting a background 1985.Xr fsck 8 . 1986It defaults to sixty seconds to allow large applications such as 1987the X server to start before disk I/O bandwidth is monopolized by 1988.Xr fsck 8 . 1989If set to a negative number, the background file system check will be 1990delayed indefinitely to allow the administrator to run it at a more 1991convenient time. 1992For example it may be run from 1993.Xr cron 8 1994by adding a line like 1995.Pp 1996.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1997.Pp 1998to 1999.Pa /etc/crontab . 2000.It Va netfs_types 2001.Pq Vt str 2002List of file system types that are network-based. 2003This list should generally not be modified by end users. 2004Use 2005.Va extra_netfs_types 2006instead. 2007.It Va extra_netfs_types 2008.Pq Vt str 2009If set to something other than 2010.Dq Li NO 2011(the default), 2012this variable extends the list of file system types 2013for which automatic mounting at startup by 2014.Xr rc 8 2015should be delayed until the network is initialized. 2016It should contain 2017a whitespace-separated list of network file system descriptor pairs, 2018each consisting of a file system type as passed to 2019.Xr mount 8 2020and a human-readable, one-word description, 2021joined with a colon 2022.Pq Ql \&: . 2023Extending the default list in this way is only necessary 2024when third party file system types are used. 2025.It Va syslogd_enable 2026.Pq Vt bool 2027If set to 2028.Dq Li YES , 2029run the 2030.Xr syslogd 8 2031daemon. 2032.It Va syslogd_program 2033.Pq Vt str 2034Path to 2035.Xr syslogd 8 2036(default 2037.Pa /usr/sbin/syslogd ) . 2038.It Va syslogd_flags 2039.Pq Vt str 2040If 2041.Va syslogd_enable 2042is set to 2043.Dq Li YES , 2044these are the flags to pass to 2045.Xr syslogd 8 . 2046.It Va inetd_enable 2047.Pq Vt bool 2048If set to 2049.Dq Li YES , 2050run the 2051.Xr inetd 8 2052daemon. 2053.It Va inetd_program 2054.Pq Vt str 2055Path to 2056.Xr inetd 8 2057(default 2058.Pa /usr/sbin/inetd ) . 2059.It Va inetd_flags 2060.Pq Vt str 2061If 2062.Va inetd_enable 2063is set to 2064.Dq Li YES , 2065these are the flags to pass to 2066.Xr inetd 8 . 2067.It Va hastd_enable 2068.Pq Vt bool 2069If set to 2070.Dq Li YES , 2071run the 2072.Xr hastd 8 2073daemon. 2074.It Va hastd_program 2075.Pq Vt str 2076Path to 2077.Xr hastd 8 2078(default 2079.Pa /sbin/hastd ) . 2080.It Va hastd_flags 2081.Pq Vt str 2082If 2083.Va hastd_enable 2084is set to 2085.Dq Li YES , 2086these are the flags to pass to 2087.Xr hastd 8 . 2088.It Va local_unbound_enable 2089.Pq Vt bool 2090If set to 2091.Dq Li YES , 2092run the 2093.Xr unbound 8 2094daemon as a local caching resolver. 2095.It Va kerberos5_server_enable 2096.Pq Vt bool 2097Set to 2098.Dq Li YES 2099to start a Kerberos 5 authentication server 2100at boot time. 2101.It Va kerberos5_server 2102.Pq Vt str 2103If 2104.Va kerberos5_server_enable 2105is set to 2106.Dq Li YES 2107this is the path to Kerberos 5 Authentication Server. 2108.It Va kerberos5_server_flags 2109.Pq Vt str 2110Empty by default. 2111This variable contains additional flags to be passed to the Kerberos 5 2112authentication server. 2113.It Va kadmind5_server_enable 2114.Pq Vt bool 2115Set to 2116.Dq Li YES 2117to start 2118.Xr kadmind 8 , 2119the Kerberos 5 Administration Daemon; set to 2120.Dq Li NO 2121on a slave server. 2122.It Va kadmind5_server 2123.Pq Vt str 2124If 2125.Va kadmind5_server_enable 2126is set to 2127.Dq Li YES 2128this is the path to Kerberos 5 Administration Daemon. 2129.It Va kpasswdd_server_enable 2130.Pq Vt bool 2131Set to 2132.Dq Li YES 2133to start 2134.Xr kpasswdd 8 , 2135the Kerberos 5 Password-Changing Daemon; set to 2136.Dq Li NO 2137on a slave server. 2138.It Va kpasswdd_server 2139.Pq Vt str 2140If 2141.Va kpasswdd_server_enable 2142is set to 2143.Dq Li YES 2144this is the path to Kerberos 5 Password-Changing Daemon. 2145.It Va kfd_enable 2146.Pq Vt bool 2147Set to 2148.Dq Li YES 2149to start 2150.Xr kfd 8 , 2151the Kerberos 5 ticket forwarding daemon, at the boot time. 2152.It Va kfd_program 2153.Pq Vt str 2154Path to 2155.Xr kfd 8 2156(default 2157.Pa /usr/libexec/kfd ) . 2158.It Va rwhod_enable 2159.Pq Vt bool 2160If set to 2161.Dq Li YES , 2162run the 2163.Xr rwhod 8 2164daemon at boot time. 2165.It Va rwhod_flags 2166.Pq Vt str 2167If 2168.Va rwhod_enable 2169is set to 2170.Dq Li YES , 2171these are the flags to pass to it. 2172.It Va amd_enable 2173.Pq Vt bool 2174If set to 2175.Dq Li YES , 2176run the 2177.Xr amd 8 2178daemon at boot time. 2179.It Va amd_flags 2180.Pq Vt str 2181If 2182.Va amd_enable 2183is set to 2184.Dq Li YES , 2185these are the flags to pass to it. 2186See the 2187.Xr amd 8 2188manpage for more information. 2189.It Va amd_map_program 2190.Pq Vt str 2191If set, 2192the specified program is run to get the list of 2193.Xr amd 8 2194maps. 2195For example, if the 2196.Xr amd 8 2197maps are stored in NIS, one can set this to 2198run 2199.Xr ypcat 1 2200to get a list of 2201.Xr amd 8 2202maps from the 2203.Pa amd.master 2204NIS map. 2205.It Va update_motd 2206.Pq Vt bool 2207If set to 2208.Dq Li YES , 2209.Pa /etc/motd 2210will be updated at boot time to reflect the kernel release 2211being run. 2212If set to 2213.Dq Li NO , 2214.Pa /etc/motd 2215will not be updated. 2216.It Va nfs_client_enable 2217.Pq Vt bool 2218If set to 2219.Dq Li YES , 2220run the NFS client daemons at boot time. 2221.It Va nfs_access_cache 2222.Pq Vt int 2223If 2224.Va nfs_client_enable 2225is set to 2226.Dq Li YES , 2227this can be set to 2228.Dq Li 0 2229to disable NFS ACCESS RPC caching, or to the number of seconds for which 2230NFS ACCESS 2231results should be cached. 2232A value of 2-10 seconds will substantially reduce network 2233traffic for many NFS operations. 2234.It Va nfs_server_enable 2235.Pq Vt bool 2236If set to 2237.Dq Li YES , 2238run the NFS server daemons at boot time. 2239.It Va nfs_server_flags 2240.Pq Vt str 2241If 2242.Va nfs_server_enable 2243is set to 2244.Dq Li YES , 2245these are the flags to pass to the 2246.Xr nfsd 8 2247daemon. 2248.It Va nfsv4_server_enable 2249.Pq Vt bool 2250If 2251.Va nfs_server_enable 2252is set to 2253.Dq Li YES 2254and 2255.Va nfsv4_server_enable 2256are set to 2257.Dq Li YES , 2258enable the server for NFSv4 as well as NFSv2 and NFSv3. 2259.It Va nfsuserd_enable 2260.Pq Vt bool 2261If 2262.Va nfsuserd_enable 2263is set to 2264.Dq Li YES , 2265run the nfsuserd daemon, which is needed for NFSv4 in order 2266to map between user/group names vs uid/gid numbers. 2267If 2268.Va nfsv4_server_enable 2269is set to 2270.Dq Li YES , 2271this will be forced enabled. 2272.It Va nfsuserd_flags 2273.Pq Vt str 2274If 2275.Va nfsuserd_enable 2276is set to 2277.Dq Li YES , 2278these are the flags to pass to the 2279.Xr nfsuserd 8 2280daemon. 2281.It Va nfscbd_enable 2282.Pq Vt bool 2283If 2284.Va nfscbd_enable 2285is set to 2286.Dq Li YES , 2287run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2288.It Va nfscbd_flags 2289.Pq Vt str 2290If 2291.Va nfscbd_enable 2292is set to 2293.Dq Li YES , 2294these are the flags to pass to the 2295.Xr nfscbd 8 2296daemon. 2297.It Va oldnfs_server_enable 2298.Pq Vt bool 2299If 2300.Va oldnfs_server_enable 2301is set to 2302.Dq Li YES , 2303force the NFS server daemons to run the old NFS server code 2304that does not support NFSv4. 2305.It Va mountd_enable 2306.Pq Vt bool 2307If set to 2308.Dq Li YES , 2309and no 2310.Va nfs_server_enable 2311is set, start 2312.Xr mountd 8 , 2313but not 2314.Xr nfsd 8 2315daemon. 2316It is commonly needed to run CFS without real NFS used. 2317.It Va mountd_flags 2318.Pq Vt str 2319If 2320.Va mountd_enable 2321is set to 2322.Dq Li YES , 2323these are the flags to pass to the 2324.Xr mountd 8 2325daemon. 2326.It Va weak_mountd_authentication 2327.Pq Vt bool 2328If set to 2329.Dq Li YES , 2330allow services like PCNFSD to make non-privileged mount 2331requests. 2332.It Va nfs_reserved_port_only 2333.Pq Vt bool 2334If set to 2335.Dq Li YES , 2336provide NFS services only on a secure port. 2337.It Va nfs_bufpackets 2338.Pq Vt int 2339If set to a number, indicates the number of packets worth of 2340socket buffer space to reserve on an NFS client. 2341The kernel default is typically 4. 2342Using a higher number may be 2343useful on gigabit networks to improve performance. 2344The minimum value is 23452 and the maximum is 64. 2346.It Va rpc_lockd_enable 2347.Pq Vt bool 2348If set to 2349.Dq Li YES 2350and also an NFS server or client, run 2351.Xr rpc.lockd 8 2352at boot time. 2353.It Va rpc_lockd_flags 2354.Pq Vt str 2355If 2356.Va rpc_lockd_enable 2357is set to 2358.Dq Li YES , 2359these are the flags to pass to the 2360.Xr rpc.lockd 8 2361daemon. 2362.It Va rpc_statd_enable 2363.Pq Vt bool 2364If set to 2365.Dq Li YES 2366and also an NFS server or client, run 2367.Xr rpc.statd 8 2368at boot time. 2369.It Va rpc_statd_flags 2370.Pq Vt str 2371If 2372.Va rpc_statd_enable 2373is set to 2374.Dq Li YES , 2375these are the flags to pass to the 2376.Xr rpc.statd 8 2377daemon. 2378.It Va rpcbind_program 2379.Pq Vt str 2380Path to 2381.Xr rpcbind 8 2382(default 2383.Pa /usr/sbin/rpcbind ) . 2384.It Va rpcbind_enable 2385.Pq Vt bool 2386If set to 2387.Dq Li YES , 2388run the 2389.Xr rpcbind 8 2390service at boot time. 2391.It Va rpcbind_flags 2392.Pq Vt str 2393If 2394.Va rpcbind_enable 2395is set to 2396.Dq Li YES , 2397these are the flags to pass to the 2398.Xr rpcbind 8 2399daemon. 2400.It Va keyserv_enable 2401.Pq Vt bool 2402If set to 2403.Dq Li YES , 2404run the 2405.Xr keyserv 8 2406daemon on boot for running Secure RPC. 2407.It Va keyserv_flags 2408.Pq Vt str 2409If 2410.Va keyserv_enable 2411is set to 2412.Dq Li YES , 2413these are the flags to pass to 2414.Xr keyserv 8 2415daemon. 2416.It Va pppoed_enable 2417.Pq Vt bool 2418If set to 2419.Dq Li YES , 2420run the 2421.Xr pppoed 8 2422daemon at boot time to provide PPP over Ethernet services. 2423.It Va pppoed_ Ns Aq Ar provider 2424.Pq Vt str 2425.Xr pppoed 8 2426listens to requests to this 2427.Ar provider 2428and ultimately runs 2429.Xr ppp 8 2430with a 2431.Ar system 2432argument of the same name. 2433.It Va pppoed_flags 2434.Pq Vt str 2435Additional flags to pass to 2436.Xr pppoed 8 . 2437.It Va pppoed_interface 2438.Pq Vt str 2439The network interface to run 2440.Xr pppoed 8 2441on. 2442This is mandatory when 2443.Va pppoed_enable 2444is set to 2445.Dq Li YES . 2446.It Va timed_enable 2447.Pq Vt bool 2448If set to 2449.Dq Li YES , 2450run the 2451.Xr timed 8 2452service at boot time. 2453This command is intended for networks of 2454machines where a consistent 2455.Dq "network time" 2456for all hosts must be established. 2457This is often useful in large NFS 2458environments where time stamps on files are expected to be consistent 2459network-wide. 2460.It Va timed_flags 2461.Pq Vt str 2462If 2463.Va timed_enable 2464is set to 2465.Dq Li YES , 2466these are the flags to pass to the 2467.Xr timed 8 2468service. 2469.It Va ntpdate_enable 2470.Pq Vt bool 2471If set to 2472.Dq Li YES , 2473run 2474.Xr ntpdate 8 2475at system startup. 2476This command is intended to 2477synchronize the system clock only 2478.Em once 2479from some standard reference. 2480.It Va ntpdate_config 2481.Pq Vt str 2482Configuration file for 2483.Xr ntpdate 8 . 2484Default 2485.Pa /etc/ntp.conf . 2486.It Va ntpdate_hosts 2487.Pq Vt str 2488A whitespace-separated list of NTP servers to synchronize with at startup. 2489The default is to use the servers listed in 2490.Va ntpdate_config , 2491if that file exists. 2492.It Va ntpdate_program 2493.Pq Vt str 2494Path to 2495.Xr ntpdate 8 2496(default 2497.Pa /usr/sbin/ntpdate ) . 2498.It Va ntpdate_flags 2499.Pq Vt str 2500If 2501.Va ntpdate_enable 2502is set to 2503.Dq Li YES , 2504these are the flags to pass to the 2505.Xr ntpdate 8 2506command (typically a hostname). 2507.It Va ntpd_enable 2508.Pq Vt bool 2509If set to 2510.Dq Li YES , 2511run the 2512.Xr ntpd 8 2513command at boot time. 2514.It Va ntpd_program 2515.Pq Vt str 2516Path to 2517.Xr ntpd 8 2518(default 2519.Pa /usr/sbin/ntpd ) . 2520.It Va ntpd_config 2521.Pq Vt str 2522Path to 2523.Xr ntpd 8 2524configuration file. 2525Default 2526.Pa /etc/ntp.conf . 2527.It Va ntpd_flags 2528.Pq Vt str 2529If 2530.Va ntpd_enable 2531is set to 2532.Dq Li YES , 2533these are the flags to pass to the 2534.Xr ntpd 8 2535daemon. 2536.It Va ntpd_sync_on_start 2537.Pq Vt bool 2538If set to 2539.Dq Li YES , 2540.Xr ntpd 8 2541is run with the 2542.Fl g 2543flag, which syncs the system's clock on startup. 2544See 2545.Xr ntpd 8 2546for more information regarding the 2547.Fl g 2548option. 2549This is a preferred alternative to using 2550.Xr ntpdate 8 2551or specifying the 2552.Va ntpdate_enable 2553variable. 2554.It Va nis_client_enable 2555.Pq Vt bool 2556If set to 2557.Dq Li YES , 2558run the 2559.Xr ypbind 8 2560service at system boot time. 2561.It Va nis_client_flags 2562.Pq Vt str 2563If 2564.Va nis_client_enable 2565is set to 2566.Dq Li YES , 2567these are the flags to pass to the 2568.Xr ypbind 8 2569service. 2570.It Va nis_ypset_enable 2571.Pq Vt bool 2572If set to 2573.Dq Li YES , 2574run the 2575.Xr ypset 8 2576daemon at system boot time. 2577.It Va nis_ypset_flags 2578.Pq Vt str 2579If 2580.Va nis_ypset_enable 2581is set to 2582.Dq Li YES , 2583these are the flags to pass to the 2584.Xr ypset 8 2585daemon. 2586.It Va nis_server_enable 2587.Pq Vt bool 2588If set to 2589.Dq Li YES , 2590run the 2591.Xr ypserv 8 2592daemon at system boot time. 2593.It Va nis_server_flags 2594.Pq Vt str 2595If 2596.Va nis_server_enable 2597is set to 2598.Dq Li YES , 2599these are the flags to pass to the 2600.Xr ypserv 8 2601daemon. 2602.It Va nis_ypxfrd_enable 2603.Pq Vt bool 2604If set to 2605.Dq Li YES , 2606run the 2607.Xr rpc.ypxfrd 8 2608daemon at system boot time. 2609.It Va nis_ypxfrd_flags 2610.Pq Vt str 2611If 2612.Va nis_ypxfrd_enable 2613is set to 2614.Dq Li YES , 2615these are the flags to pass to the 2616.Xr rpc.ypxfrd 8 2617daemon. 2618.It Va nis_yppasswdd_enable 2619.Pq Vt bool 2620If set to 2621.Dq Li YES , 2622run the 2623.Xr rpc.yppasswdd 8 2624daemon at system boot time. 2625.It Va nis_yppasswdd_flags 2626.Pq Vt str 2627If 2628.Va nis_yppasswdd_enable 2629is set to 2630.Dq Li YES , 2631these are the flags to pass to the 2632.Xr rpc.yppasswdd 8 2633daemon. 2634.It Va rpc_ypupdated_enable 2635.Pq Vt bool 2636If set to 2637.Dq Li YES , 2638run the 2639.Nm rpc.ypupdated 2640daemon at system boot time. 2641.It Va bsnmpd_enable 2642.Pq Vt bool 2643If set to 2644.Dq Li YES , 2645run the 2646.Xr bsnmpd 1 2647daemon at system boot time. 2648Be sure to understand the security implications of running SNMP daemon 2649on your host. 2650.It Va bsnmpd_flags 2651.Pq Vt str 2652If 2653.Va bsnmpd_enable 2654is set to 2655.Dq Li YES , 2656these are the flags to pass to the 2657.Xr bsnmpd 1 2658daemon. 2659.It Va defaultrouter 2660.Pq Vt str 2661If not set to 2662.Dq Li NO , 2663create a default route to this host name or IP address 2664(use an IP address if this router is also required to get to the 2665name server!). 2666.It Va ipv6_defaultrouter 2667.Pq Vt str 2668The IPv6 equivalent of 2669.Va defaultrouter . 2670.It Va static_arp_pairs 2671.Pq Vt str 2672Set to the list of static ARP pairs that are to be added at system 2673boot time. 2674For each whitespace separated 2675.Ar element 2676in the value, a 2677.Va static_arp_ Ns Aq Ar element 2678variable is assumed to exist whose contents will later be passed to a 2679.Dq Nm arp Cm -S 2680operation. 2681For example 2682.Bd -literal 2683static_arp_pairs="gw" 2684static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2685.Ed 2686.It Va static_ndp_pairs 2687.Pq Vt str 2688Set to the list of static NDP pairs that are to be added at system 2689boot time. 2690For each whitespace separated 2691.Ar element 2692in the value, a 2693.Va static_ndp_ Ns Aq Ar element 2694variable is assumed to exist whose contents will later be passed to a 2695.Dq Nm ndp Cm -s 2696operation. 2697For example 2698.Bd -literal 2699static_ndp_pairs="gw" 2700static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2701.Ed 2702.It Va static_routes 2703.Pq Vt str 2704Set to the list of static routes that are to be added at system 2705boot time. 2706If not set to 2707.Dq Li NO 2708then for each whitespace separated 2709.Ar element 2710in the value, a 2711.Va route_ Ns Aq Ar element 2712variable is assumed to exist 2713whose contents will later be passed to a 2714.Dq Nm route Cm add 2715operation. 2716For example: 2717.Bd -literal 2718static_routes="ext mcast:gif0 gif0local:gif0" 2719route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2720route_mcast="-net 224.0.0.0/4 -iface gif0" 2721route_gif0local="-host 169.254.1.1 -iface lo0" 2722.Ed 2723.Pp 2724When an 2725.Ar element 2726is in the form of 2727.Li name:ifname , 2728the route is specific to the interface 2729.Li ifname . 2730.It Va ipv6_static_routes 2731.Pq Vt str 2732The IPv6 equivalent of 2733.Va static_routes . 2734If not set to 2735.Dq Li NO 2736then for each whitespace separated 2737.Ar element 2738in the value, a 2739.Va ipv6_route_ Ns Aq Ar element 2740variable is assumed to exist 2741whose contents will later be passed to a 2742.Dq Nm route Cm add Fl inet6 2743operation. 2744.It Va natm_static_routes 2745.Pq Vt str 2746The 2747.Xr natmip 4 2748equivalent of 2749.Va static_routes . 2750If not empty then for each whitespace separated 2751.Ar element 2752in the value, a 2753.Va route_ Ns Aq Ar element 2754variable is assumed to exist whose contents will later be passed to a 2755.Dq Nm atmconfig Cm natm Cm add 2756operation. 2757.It Va gateway_enable 2758.Pq Vt bool 2759If set to 2760.Dq Li YES , 2761configure host to act as an IP router, e.g.\& to forward packets 2762between interfaces. 2763.It Va ipv6_gateway_enable 2764.Pq Vt bool 2765The IPv6 equivalent of 2766.Va gateway_enable . 2767.It Va routed_enable 2768.Pq Vt bool 2769If set to 2770.Dq Li YES , 2771run a routing daemon of some sort, based on the 2772settings of 2773.Va routed_program 2774and 2775.Va routed_flags . 2776.It Va route6d_enable 2777.Pq Vt bool 2778The IPv6 equivalent of 2779.Va routed_enable . 2780If set to 2781.Dq Li YES , 2782run a routing daemon of some sort, based on the 2783settings of 2784.Va route6d_program 2785and 2786.Va route6d_flags . 2787.It Va routed_program 2788.Pq Vt str 2789If 2790.Va routed_enable 2791is set to 2792.Dq Li YES , 2793this is the name of the routing daemon to use. 2794.It Va route6d_program 2795.Pq Vt str 2796The IPv6 equivalent of 2797.Va routed_program . 2798.It Va routed_flags 2799.Pq Vt str 2800If 2801.Va routed_enable 2802is set to 2803.Dq Li YES , 2804these are the flags to pass to the routing daemon. 2805.It Va route6d_flags 2806.Pq Vt str 2807The IPv6 equivalent of 2808.Va routed_flags . 2809.It Va mroute6d_enable 2810.Pq Vt bool 2811If set to 2812.Dq Li YES , 2813run the IPv6 multicast routing daemon. 2814.Pp 2815Note that multicast routing daemons are no longer included in the 2816.Fx 2817base system, however, both 2818.Xr mrouted 8 2819and 2820.Xr pim6dd 8 2821may be installed from the 2822.Fx 2823Ports Collection. 2824.It Va mroute6d_flags 2825.Pq Vt str 2826If 2827.Va mroute6d_enable 2828is set to 2829.Dq Li YES , 2830these are the flags passed to the IPv6 multicast routing daemon. 2831.It Va mroute6d_program 2832.Pq Vt str 2833If 2834.Va mroute6d_enable 2835is set to 2836.Dq Li YES , 2837this is the path to the IPv6 multicast routing daemon. 2838.It Va rtadvd_enable 2839.Pq Vt bool 2840If set to 2841.Dq Li YES , 2842run the 2843.Xr rtadvd 8 2844daemon at boot time. 2845The 2846.Xr rtadvd 8 2847utility sends ICMPv6 Router Advertisement messages to 2848the interfaces specified in 2849.Va rtadvd_interfaces . 2850This should only be enabled with great care. 2851You may want to fine-tune 2852.Xr rtadvd.conf 5 . 2853.It Va rtadvd_interfaces 2854.Pq Vt str 2855If 2856.Va rtadvd_enable 2857is set to 2858.Dq Li YES 2859this is the list of interfaces to use. 2860.It Va arpproxy_all 2861.Pq Vt bool 2862If set to 2863.Dq Li YES , 2864enable global proxy ARP. 2865.It Va forward_sourceroute 2866.Pq Vt bool 2867If set to 2868.Dq Li YES 2869and 2870.Va gateway_enable 2871is also set to 2872.Dq Li YES , 2873source-routed packets are forwarded. 2874.It Va accept_sourceroute 2875.Pq Vt bool 2876If set to 2877.Dq Li YES , 2878the system will accept source-routed packets directed at it. 2879.It Va rarpd_enable 2880.Pq Vt bool 2881If set to 2882.Dq Li YES , 2883run the 2884.Xr rarpd 8 2885daemon at system boot time. 2886.It Va rarpd_flags 2887.Pq Vt str 2888If 2889.Va rarpd_enable 2890is set to 2891.Dq Li YES , 2892these are the flags to pass to the 2893.Xr rarpd 8 2894daemon. 2895.It Va bootparamd_enable 2896.Pq Vt bool 2897If set to 2898.Dq Li YES , 2899run the 2900.Xr bootparamd 8 2901daemon at system boot time. 2902.It Va bootparamd_flags 2903.Pq Vt str 2904If 2905.Va bootparamd_enable 2906is set to 2907.Dq Li YES , 2908these are the flags to pass to the 2909.Xr bootparamd 8 2910daemon. 2911.It Va stf_interface_ipv4addr 2912.Pq Vt str 2913If not set to 2914.Dq Li NO , 2915this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2916interface). 2917Specify this entry to enable the 6to4 interface. 2918.It Va stf_interface_ipv4plen 2919.Pq Vt int 2920Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2921An effective value is 0-31. 2922.It Va stf_interface_ipv6_ifid 2923.Pq Vt str 2924IPv6 interface ID for 2925.Xr stf 4 . 2926This can be set to 2927.Dq Li AUTO . 2928.It Va stf_interface_ipv6_slaid 2929.Pq Vt str 2930IPv6 Site Level Aggregator for 2931.Xr stf 4 . 2932.It Va ipv6_ipv4mapping 2933.Pq Vt bool 2934If set to 2935.Dq Li YES 2936this enables IPv4 mapped IPv6 address communication (like 2937.Li ::ffff:a.b.c.d ) . 2938.It Va rtsold_enable 2939.Pq Vt bool 2940Set to 2941.Dq Li YES 2942to enable the 2943.Xr rtsold 8 2944daemon to send ICMPv6 Router Solicitation messages. 2945.It Va rtsold_flags 2946.Pq Vt str 2947If 2948.Va rtsold_enable 2949is set to 2950.Dq Li YES , 2951these are the flags to pass to 2952.Xr rtsold 8 . 2953.It Va rtsol_flags 2954.Pq Vt str 2955For interfaces configured with the 2956.Dq Li inet6 accept_rtadv 2957keyword, these are the flags to pass to 2958.Xr rtsol 8 . 2959.Pp 2960Note that 2961.Va rtsold_enable 2962is mutually exclusive to 2963.Va rtsol_flags ; 2964.Va rtsold_enable 2965takes precedence. 2966.It Va atm_enable 2967.Pq Vt bool 2968Set to 2969.Dq Li YES 2970to enable the configuration of ATM interfaces at system boot time. 2971For all of the ATM variables described below, please refer to the 2972.Xr atm 8 2973manual page for further details on the available command parameters. 2974Also refer to the files in 2975.Pa /usr/share/examples/atm 2976for more detailed configuration information. 2977.It Va atm_load 2978.Pq Vt str 2979This is a list of physical ATM interface drivers to load. 2980Typical values are 2981.Dq Li hfa_pci 2982and/or 2983.Dq Li hea_pci . 2984.It Va atm_netif_ Ns Aq Ar intf 2985.Pq Vt str 2986For the ATM physical interface 2987.Ar intf , 2988this variable defines the name prefix and count for the ATM network 2989interfaces to be created. 2990The value will be passed as the parameters of an 2991.Dq Nm atm Cm "set netif" Ar intf 2992command. 2993.It Va atm_sigmgr_ Ns Aq Ar intf 2994.Pq Vt str 2995For the ATM physical interface 2996.Ar intf , 2997this variable defines the ATM signalling manager to be used. 2998The value will be passed as the parameters of an 2999.Dq Nm atm Cm attach Ar intf 3000command. 3001.It Va atm_prefix_ Ns Aq Ar intf 3002.Pq Vt str 3003For the ATM physical interface 3004.Ar intf , 3005this variable defines the NSAP prefix for interfaces using a UNI signalling 3006manager. 3007If set to 3008.Dq Li ILMI , 3009the prefix will automatically be set via the 3010.Xr ilmid 8 3011daemon. 3012Otherwise, the value will be passed as the parameters of an 3013.Dq Nm atm Cm "set prefix" Ar intf 3014command. 3015.It Va atm_macaddr_ Ns Aq Ar intf 3016.Pq Vt str 3017For the ATM physical interface 3018.Ar intf , 3019this variable defines the MAC address for interfaces using a UNI signalling 3020manager. 3021If set to 3022.Dq Li NO , 3023the hardware MAC address contained in the ATM interface card will be used. 3024Otherwise, the value will be passed as the parameters of an 3025.Dq Nm atm Cm "set mac" Ar intf 3026command. 3027.It Va atm_arpserver_ Ns Aq Ar netif 3028.Pq Vt str 3029For the ATM network interface 3030.Ar netif , 3031this variable defines the ATM address for a host which is to provide ATMARP 3032service. 3033This variable is only applicable to interfaces using a UNI signalling 3034manager. 3035If set to 3036.Dq Li local , 3037this host will become an ATMARP server. 3038The value will be passed as the parameters of an 3039.Dq Nm atm Cm "set arpserver" Ar netif 3040command. 3041.It Va atm_scsparp_ Ns Aq Ar netif 3042.Pq Vt bool 3043If set to 3044.Dq Li YES , 3045SCSP/ATMARP service for the network interface 3046.Ar netif 3047will be initiated using the 3048.Xr scspd 8 3049and 3050.Xr atmarpd 8 3051daemons. 3052This variable is only applicable if 3053.Va atm_arpserver_ Ns Aq Ar netif 3054is set to 3055.Dq Li local . 3056.It Va atm_pvcs 3057.Pq Vt str 3058Set to the list of ATM PVCs to be added at system 3059boot time. 3060For each whitespace separated 3061.Ar element 3062in the value, an 3063.Va atm_pvc_ Ns Aq Ar element 3064variable is assumed to exist. 3065The value of each of these variables 3066will be passed as the parameters of an 3067.Dq Nm atm Cm "add pvc" 3068command. 3069.It Va atm_arps 3070.Pq Vt str 3071Set to the list of permanent ATM ARP entries to be added 3072at system boot time. 3073For each whitespace separated 3074.Ar element 3075in the value, an 3076.Va atm_arp_ Ns Aq Ar element 3077variable is assumed to exist. 3078The value of each of these variables 3079will be passed as the parameters of an 3080.Dq Nm atm Cm "add arp" 3081command. 3082.It Va natm_interfaces 3083.Pq Vt str 3084Set to the list of 3085.Xr natm 4 3086interfaces that will also be used for HARP through 3087.Xr harp 4 . 3088If this list is not empty all interfaces in the list will be brought up 3089with 3090.Xr ifconfig 8 3091and 3092.Xr harp 4 3093will be loaded. 3094For this to work the interface drivers must be either compiled into the 3095kernel or must reside on the root partition. 3096.It Va keybell 3097.Pq Vt str 3098The keyboard bell sound. 3099Set to 3100.Dq Li normal , 3101.Dq Li visual , 3102.Dq Li off , 3103or 3104.Dq Li NO 3105if the default behavior is desired. 3106For details, refer to the 3107.Xr kbdcontrol 1 3108manpage. 3109.It Va keyboard 3110.Pq Vt str 3111If set to a non-null string, the virtual console's keyboard input is 3112set to this device. 3113.It Va keymap 3114.Pq Vt str 3115If set to 3116.Dq Li NO , 3117no keymap is installed, otherwise the value is used to install 3118the keymap file found in 3119.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3120(if using 3121.Xr syscons 4 ) or 3122.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3123(if using 3124.Xr vt 4 ) . 3125.It Va keyrate 3126.Pq Vt str 3127The keyboard repeat speed. 3128Set to 3129.Dq Li slow , 3130.Dq Li normal , 3131.Dq Li fast , 3132or 3133.Dq Li NO 3134if the default behavior is desired. 3135.It Va keychange 3136.Pq Vt str 3137If not set to 3138.Dq Li NO , 3139attempt to program the function keys with the value. 3140The value should 3141be a single string of the form: 3142.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3143.It Va cursor 3144.Pq Vt str 3145Can be set to the value of 3146.Dq Li normal , 3147.Dq Li blink , 3148.Dq Li destructive , 3149or 3150.Dq Li NO 3151to set the cursor behavior explicitly or choose the default behavior. 3152.It Va scrnmap 3153.Pq Vt str 3154If set to 3155.Dq Li NO , 3156no screen map is installed, otherwise the value is used to install 3157the screen map file in 3158.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3159This parameter is ignored when using 3160.Xr vt 4 3161as the console driver. 3162.It Va font8x16 3163.Pq Vt str 3164If set to 3165.Dq Li NO , 3166the default 8x16 font value is used for screen size requests, otherwise 3167the value in 3168.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3169or 3170.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3171is used (depending on the console driver being used). 3172.It Va font8x14 3173.Pq Vt str 3174If set to 3175.Dq Li NO , 3176the default 8x14 font value is used for screen size requests, otherwise 3177the value in 3178.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3179or 3180.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3181is used (depending on the console driver being used). 3182.It Va font8x8 3183.Pq Vt str 3184If set to 3185.Dq Li NO , 3186the default 8x8 font value is used for screen size requests, otherwise 3187the value in 3188.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3189or 3190.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3191is used (depending on the console driver being used). 3192.It Va blanktime 3193.Pq Vt int 3194If set to 3195.Dq Li NO , 3196the default screen blanking interval is used, otherwise it is set 3197to 3198.Ar value 3199seconds. 3200.It Va saver 3201.Pq Vt str 3202If not set to 3203.Dq Li NO , 3204this is the actual screen saver to use 3205.Li ( blank , snake , daemon , 3206etc). 3207.It Va moused_nondefault_enable 3208.Pq Vt str 3209If set to 3210.Dq Li NO , 3211the mouse device specified on 3212the command line is not automatically treated as enabled by the 3213.Pa /etc/rc.d/moused 3214script. 3215Having this variable set to 3216.Dq Li YES 3217allows a 3218.Xr usb 4 3219mouse, 3220for example, 3221to be enabled as soon as it is plugged in. 3222.It Va moused_enable 3223.Pq Vt str 3224If set to 3225.Dq Li YES , 3226the 3227.Xr moused 8 3228daemon is started for doing cut/paste selection on the console. 3229.It Va moused_type 3230.Pq Vt str 3231This is the protocol type of the mouse connected to this host. 3232This variable must be set if 3233.Va moused_enable 3234is set to 3235.Dq Li YES . 3236The 3237.Xr moused 8 3238daemon 3239is able to detect the appropriate mouse type automatically in many cases. 3240Set this variable to 3241.Dq Li auto 3242to let the daemon detect it, or 3243select one from the following list if the automatic detection fails. 3244.Pp 3245If the mouse is attached to the PS/2 mouse port, choose 3246.Dq Li auto 3247or 3248.Dq Li ps/2 , 3249regardless of the brand and model of the mouse. 3250Likewise, if the 3251mouse is attached to the bus mouse port, choose 3252.Dq Li auto 3253or 3254.Dq Li busmouse . 3255All other protocols are for serial mice and will not work with 3256the PS/2 and bus mice. 3257If this is a USB mouse, 3258.Dq Li auto 3259is the only protocol type which will work. 3260.Pp 3261.Bl -tag -width ".Li x10mouseremote" -compact 3262.It Li microsoft 3263Microsoft mouse (serial) 3264.It Li intellimouse 3265Microsoft IntelliMouse (serial) 3266.It Li mousesystems 3267Mouse systems Corp.\& mouse (serial) 3268.It Li mmseries 3269MM Series mouse (serial) 3270.It Li logitech 3271Logitech mouse (serial) 3272.It Li busmouse 3273A bus mouse 3274.It Li mouseman 3275Logitech MouseMan and TrackMan (serial) 3276.It Li glidepoint 3277ALPS GlidePoint (serial) 3278.It Li thinkingmouse 3279Kensington ThinkingMouse (serial) 3280.It Li ps/2 3281PS/2 mouse 3282.It Li mmhittab 3283MM HitTablet (serial) 3284.It Li x10mouseremote 3285X10 MouseRemote (serial) 3286.It Li versapad 3287Interlink VersaPad (serial) 3288.El 3289.Pp 3290Even if the mouse is not in the above list, it may be compatible 3291with one in the list. 3292Refer to the manual page for 3293.Xr moused 8 3294for compatibility information. 3295.Pp 3296It should also be noted that while this is enabled, any 3297other client of the mouse (such as an X server) should access 3298the mouse through the virtual mouse device, 3299.Pa /dev/sysmouse , 3300and configure it as a 3301.Dq Li sysmouse 3302type mouse, since all 3303mouse data is converted to this single canonical format when 3304using 3305.Xr moused 8 . 3306If the client program does not support the 3307.Dq Li sysmouse 3308type, 3309specify the 3310.Dq Li mousesystems 3311type. 3312It is the second preferred type. 3313.It Va moused_port 3314.Pq Vt str 3315If 3316.Va moused_enable 3317is set to 3318.Dq Li YES , 3319this is the actual port the mouse is on. 3320It might be 3321.Pa /dev/cuau0 3322for a COM1 serial mouse, 3323.Pa /dev/psm0 3324for a PS/2 mouse or 3325.Pa /dev/mse0 3326for a bus mouse, for example. 3327.It Va moused_flags 3328.Pq Vt str 3329If 3330.Va moused_flags 3331is set, its value is used as an additional set of flags to pass to the 3332.Xr moused 8 3333daemon. 3334.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3335When 3336.Va moused_nondefault_enable 3337is enabled, and a 3338.Xr moused 8 3339daemon is started for a non-default port, the 3340.Va "moused_" Ns Ar XXX Ns Va "_flags" 3341set of options has precedence over and replaces the default 3342.Va moused_flags 3343(where 3344.Ar XXX 3345is the name of the non-default port, i.e.,\& 3346.Ar ums0 ) . 3347By setting 3348.Va "moused_" Ns Ar XXX Ns Va "_flags" 3349it is possible to set up a different set of default flags for each 3350.Xr moused 8 3351instance. 3352For example, you can use 3353.Dq Li "-3" 3354for the default 3355.Va moused_flags 3356to make your laptop's touchpad more comfortable to use, 3357but an empty set of options for 3358.Va moused_ums0_flags 3359when your 3360.Xr usb 4 3361mouse has three or more buttons. 3362.It Va mousechar_start 3363.Pq Vt int 3364If set to 3365.Dq Li NO , 3366the default mouse cursor character range 3367.Li 0xd0 Ns - Ns Li 0xd3 3368is used, 3369otherwise the range start is set 3370to 3371.Ar value 3372character, see 3373.Xr vidcontrol 1 . 3374Use if the default range is occupied in the language code table. 3375.It Va allscreens_flags 3376.Pq Vt str 3377If set, 3378.Xr vidcontrol 1 3379is run with these options for each of the virtual terminals 3380.Pq Pa /dev/ttyv* . 3381For example, 3382.Dq Fl m Cm on 3383will enable the mouse pointer on all virtual terminals 3384if 3385.Va moused_enable 3386is set to 3387.Dq Li YES . 3388.It Va allscreens_kbdflags 3389.Pq Vt str 3390If set, 3391.Xr kbdcontrol 1 3392is run with these options for each of the virtual terminals 3393.Pq Pa /dev/ttyv* . 3394For example, 3395.Dq Fl h Li 200 3396will set the 3397.Xr syscons 4 3398or 3399.Xr vt 4 3400scrollback (history) buffer to 200 lines. 3401.It Va cron_enable 3402.Pq Vt bool 3403If set to 3404.Dq Li YES , 3405run the 3406.Xr cron 8 3407daemon at system boot time. 3408.It Va cron_program 3409.Pq Vt str 3410Path to 3411.Xr cron 8 3412(default 3413.Pa /usr/sbin/cron ) . 3414.It Va cron_flags 3415.Pq Vt str 3416If 3417.Va cron_enable 3418is set to 3419.Dq Li YES , 3420these are the flags to pass to 3421.Xr cron 8 . 3422.It Va cron_dst 3423.Pq Vt bool 3424If set to 3425.Dq Li YES , 3426enable the special handling of transitions to and from the 3427Daylight Saving Time in 3428.Xr cron 8 3429(equivalent to using the flag 3430.Fl s ) . 3431.It Va lpd_program 3432.Pq Vt str 3433Path to 3434.Xr lpd 8 3435(default 3436.Pa /usr/sbin/lpd ) . 3437.It Va lpd_enable 3438.Pq Vt bool 3439If set to 3440.Dq Li YES , 3441run the 3442.Xr lpd 8 3443daemon at system boot time. 3444.It Va lpd_flags 3445.Pq Vt str 3446If 3447.Va lpd_enable 3448is set to 3449.Dq Li YES , 3450these are the flags to pass to the 3451.Xr lpd 8 3452daemon. 3453.It Va chkprintcap_enable 3454.Pq Vt bool 3455If set to 3456.Dq Li YES , 3457run the 3458.Xr chkprintcap 8 3459command before starting the 3460.Xr lpd 8 3461daemon. 3462.It Va chkprintcap_flags 3463.Pq Vt str 3464If 3465.Va lpd_enable 3466and 3467.Va chkprintcap_enable 3468are set to 3469.Dq Li YES , 3470these are the flags to pass to the 3471.Xr chkprintcap 8 3472program. 3473The default is 3474.Dq Li -d , 3475which causes missing directories to be created. 3476.It Va mta_start_script 3477.Pq Vt str 3478This variable specifies the full path to the script to run to start 3479a mail transfer agent. 3480The default is 3481.Pa /etc/rc.sendmail . 3482The 3483.Va sendmail_* 3484variables which 3485.Pa /etc/rc.sendmail 3486uses are documented in the 3487.Xr rc.sendmail 8 3488manual page. 3489.It Va dumpdev 3490.Pq Vt str 3491Indicates the device (usually a swap partition) to which a crash dump 3492should be written in the event of a system crash. 3493If the value of this variable is 3494.Dq Li AUTO , 3495the first suitable swap device listed in 3496.Pa /etc/fstab 3497will be used as dump device. 3498Otherwise, the value of this variable is passed as the argument to 3499.Xr dumpon 8 . 3500To disable crash dumps, set this variable to 3501.Dq Li NO . 3502.It Va dumpdir 3503.Pq Vt str 3504When the system reboots after a crash and a crash dump is found on the 3505device specified by the 3506.Va dumpdev 3507variable, 3508.Xr savecore 8 3509will save that crash dump and a copy of the kernel to the directory 3510specified by the 3511.Va dumpdir 3512variable. 3513The default value is 3514.Pa /var/crash . 3515Set to 3516.Dq Li NO 3517to not run 3518.Xr savecore 8 3519at boot time when 3520.Va dumpdir 3521is set. 3522.It Va savecore_flags 3523.Pq Vt str 3524If crash dumps are enabled, these are the flags to pass to the 3525.Xr savecore 8 3526utility. 3527.It Va quota_enable 3528.Pq Vt bool 3529Set to 3530.Dq Li YES 3531to turn on user and group disk quotas on system startup via the 3532.Xr quotaon 8 3533command for all file systems marked as having quotas enabled in 3534.Pa /etc/fstab . 3535The kernel must be built with 3536.Cd "options QUOTA" 3537for disk quotas to function. 3538.It Va check_quotas 3539.Pq Vt bool 3540Set to 3541.Dq Li YES 3542to enable user and group disk quota checking via the 3543.Xr quotacheck 8 3544command. 3545.It Va quotacheck_flags 3546.Pq Vt str 3547If 3548.Va quota_enable 3549is set to 3550.Dq Li YES , 3551and 3552.Va check_quotas 3553is set to 3554.Dq Li YES , 3555these are the flags to pass to the 3556.Xr quotacheck 8 3557utility. 3558The default is 3559.Dq Li "-a" , 3560which checks quotas for all file systems with quotas enabled in 3561.Pa /etc/fstab . 3562.It Va quotaon_flags 3563.Pq Vt str 3564If 3565.Va quota_enable 3566is set to 3567.Dq Li YES , 3568these are the flags to pass to the 3569.Xr quotaon 8 3570utility. 3571The default is 3572.Dq Li "-a" , 3573which enables quotas for all file systems with quotas enabled in 3574.Pa /etc/fstab . 3575.It Va quotaoff_flags 3576.Pq Vt str 3577If 3578.Va quota_enable 3579is set to 3580.Dq Li YES , 3581these are the flags to pass to the 3582.Xr quotaoff 8 3583utility when shutting down the quota system. 3584The default is 3585.Dq Li "-a" , 3586which disables quotas for all file systems with quotas enabled in 3587.Pa /etc/fstab . 3588.It Va accounting_enable 3589.Pq Vt bool 3590Set to 3591.Dq Li YES 3592to enable system accounting through the 3593.Xr accton 8 3594facility. 3595.It Va ibcs2_enable 3596.Pq Vt bool 3597Set to 3598.Dq Li YES 3599to enable iBCS2 (SCO) binary emulation at system initial boot 3600time. 3601.It Va ibcs2_loaders 3602.Pq Vt str 3603If not set to 3604.Dq Li NO 3605and if 3606.Va ibcs2_enable 3607is set to 3608.Dq Li YES , 3609this specifies a list of additional iBCS2 loaders to enable. 3610.It Va firstboot_sentinel 3611.Pq Vt str 3612This variable specifies the full path to a 3613.Dq first boot 3614sentinel file. 3615If a file exists with this path, 3616.Pa rc.d 3617scripts with the 3618.Dq firstboot 3619keyword will be run on startup and the sentinel file will be deleted 3620after the boot process completes. 3621The sentinel file must be located on a writable file system which is 3622mounted no later than 3623.Va early_late_divider 3624to function properly. 3625The default is 3626.Pa /firstboot . 3627.It Va linux_enable 3628.Pq Vt bool 3629Set to 3630.Dq Li YES 3631to enable Linux/ELF binary emulation at system initial 3632boot time. 3633.It Va svr4_enable 3634.Pq Vt bool 3635If set to 3636.Dq Li YES , 3637enable SysVR4 emulation at boot time. 3638.It Va sysvipc_enable 3639.Pq Vt bool 3640If set to 3641.Dq Li YES , 3642load System V IPC primitives at boot time. 3643.It Va clear_tmp_enable 3644.Pq Vt bool 3645Set to 3646.Dq Li YES 3647to have 3648.Pa /tmp 3649cleaned at startup. 3650.It Va clear_tmp_X 3651.Pq Vt bool 3652Set to 3653.Dq Li NO 3654to disable removing of X11 lock files, 3655and the removal and (secure) recreation 3656of the various socket directories for X11 3657related programs. 3658.It Va ldconfig_paths 3659.Pq Vt str 3660Set to the list of shared library paths to use with 3661.Xr ldconfig 8 . 3662NOTE: 3663.Pa /usr/lib 3664will always be added first, so it need not appear in this list. 3665.It Va ldconfig32_paths 3666.Pq Vt str 3667Set to the list of 32-bit compatibility shared library paths to 3668use with 3669.Xr ldconfig 8 . 3670.It Va ldconfig_paths_aout 3671.Pq Vt str 3672Set to the list of shared library paths to use with 3673.Xr ldconfig 8 3674legacy 3675.Xr a.out 5 3676support. 3677.It Va ldconfig_insecure 3678.Pq Vt bool 3679The 3680.Xr ldconfig 8 3681utility normally refuses to use directories 3682which are writable by anyone except root. 3683Set this variable to 3684.Dq Li YES 3685to disable that security check during system startup. 3686.It Va ldconfig_local_dirs 3687.Pq Vt str 3688Set to the list of local 3689.Xr ldconfig 8 3690directories. 3691The names of all files in the directories listed will be 3692passed as arguments to 3693.Xr ldconfig 8 . 3694.It Va ldconfig_local32_dirs 3695.Pq Vt str 3696Set to the list of local 32-bit compatibility 3697.Xr ldconfig 8 3698directories. 3699The names of all files in the directories listed will be 3700passed as arguments to 3701.Dq Nm ldconfig Fl 32 . 3702.It Va kern_securelevel_enable 3703.Pq Vt bool 3704Set to 3705.Dq Li YES 3706to set the kernel security level at system startup. 3707.It Va kern_securelevel 3708.Pq Vt int 3709The kernel security level to set at startup. 3710The allowed range of 3711.Ar value 3712ranges from \-1 (the compile time default) to 3 (the 3713most secure). 3714See 3715.Xr security 7 3716for the list of possible security levels and their effect 3717on system operation. 3718.It Va sshd_program 3719.Pq Vt str 3720Path to the SSH server program 3721.Pa ( /usr/sbin/sshd 3722is the default). 3723.It Va sshd_enable 3724.Pq Vt bool 3725Set to 3726.Dq Li YES 3727to start 3728.Xr sshd 8 3729at system boot time. 3730.It Va sshd_flags 3731.Pq Vt str 3732If 3733.Va sshd_enable 3734is set to 3735.Dq Li YES , 3736these are the flags to pass to the 3737.Xr sshd 8 3738daemon. 3739.It Va ftpd_program 3740.Pq Vt str 3741Path to the FTP server program 3742.Pa ( /usr/libexec/ftpd 3743is the default). 3744.It Va ftpd_enable 3745.Pq Vt bool 3746Set to 3747.Dq Li YES 3748to start 3749.Xr ftpd 8 3750as a stand-alone daemon at system boot time. 3751.It Va ftpd_flags 3752.Pq Vt str 3753If 3754.Va ftpd_enable 3755is set to 3756.Dq Li YES , 3757these are the additional flags to pass to the 3758.Xr ftpd 8 3759daemon. 3760.It Va watchdogd_enable 3761.Pq Vt bool 3762If set to 3763.Dq Li YES , 3764start the 3765.Xr watchdogd 8 3766daemon at boot time. 3767This requires that the kernel have been compiled with a 3768.Xr watchdog 4 3769compatible device. 3770.It Va watchdogd_flags 3771.Pq Vt str 3772If 3773.Va watchdogd_enable 3774is set to 3775.Dq Li YES , 3776these are the flags passed to the 3777.Xr watchdogd 8 3778daemon. 3779.It Va devfs_rulesets 3780.Pq Vt str 3781List of files containing sets of rules for 3782.Xr devfs 8 . 3783.It Va devfs_system_ruleset 3784.Pq Vt str 3785Rule name(s) to apply to the system 3786.Pa /dev 3787itself. 3788.It Va devfs_set_rulesets 3789.Pq Vt str 3790Pairs of already-mounted 3791.Pa dev 3792directories and rulesets that should be applied to them. 3793For example: /mount/dev=ruleset_name 3794.It Va devfs_load_rulesets 3795.Pq Vt bool 3796If set, always load the default rulesets listed in 3797.Va devfs_rulesets . 3798.It Va performance_cx_lowest 3799.Pq Vt str 3800CPU idle state to use while on AC power. 3801The string 3802.Dq Li LOW 3803indicates that 3804.Xr acpi 4 3805should use the lowest power state available while 3806.Dq Li HIGH 3807indicates that the lowest latency state (less power savings) should be used. 3808.It Va performance_cpu_freq 3809.Pq Vt str 3810CPU clock frequency to use while on AC power. 3811The string 3812.Dq Li LOW 3813indicates that 3814.Xr cpufreq 4 3815should use the lowest frequency available while 3816.Dq Li HIGH 3817indicates that the highest frequency (less power savings) should be used. 3818.It Va economy_cx_lowest 3819.Pq Vt str 3820CPU idle state to use when off AC power. 3821The string 3822.Dq Li LOW 3823indicates that 3824.Xr acpi 4 3825should use the lowest power state available while 3826.Dq Li HIGH 3827indicates that the lowest latency state (less power savings) should be used. 3828.It Va economy_cpu_freq 3829.Pq Vt str 3830CPU clock frequency to use when off AC power. 3831The string 3832.Dq Li LOW 3833indicates that 3834.Xr cpufreq 4 3835should use the lowest frequency available while 3836.Dq Li HIGH 3837indicates that the highest frequency (less power savings) should be used. 3838.It Va jail_enable 3839.Pq Vt bool 3840If set to 3841.Dq Li NO , 3842any configured jails will not be started. 3843.It Va jail_conf 3844.Pq Vt str 3845The configuration filename used by 3846.Xr jail 8 3847utility. 3848The default value is 3849.Pa /etc/jail.conf . 3850.It Va jail_parallel_start 3851.Pq Vt bool 3852If set to 3853.Dq Li YES , 3854all configured jails will be started in the background (in parallel). 3855.It Va jail_flags 3856.Pq Vt str 3857Unset by default. 3858When set, use as default value for 3859.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3860for every jail in 3861.Va jail_list . 3862.It Va jail_list 3863.Pq Vt str 3864A space separated list of names for jails. 3865If this variable is empty, 3866all of 3867.Xr jail 8 3868instances in the configuration file will be configured. 3869This is purely a configuration aid to help identify and 3870configure multiple jails. 3871The names specified in this list will be used to 3872identify settings common to an instance of a jail, 3873and should contain alphanumeric characters only. 3874The literal jail name of 3875.Dq Li 0 3876.Pq zero 3877is not allowed. 3878.It Va jail_* variables 3879Note that older releases supported per-jail configuration via 3880.Xr rc.conf 5 3881variables. 3882For example, 3883hostname of a jail named 3884.Li vjail 3885was able to be set by 3886.Li jail_vjail_hostname . 3887These per-jail configuration variables are now obsolete in favor of 3888.Xr jail 8 3889configuration file. 3890For backward compatibility, 3891when per-jail configuration variables are defined, 3892.Xr jail 8 3893configuration files are created as 3894.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3895and used. 3896.Pp 3897The following per-jail parameters are handled by 3898.Pa rc.d/jail 3899script out of their corresponding 3900.Nm 3901variables. 3902In addition to them, parameters in 3903.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3904will be added to the configuration file. 3905They must be a semi-colon 3906.Pq Ql \&; 3907delimited list of 3908.Dq key=value . 3909For more details, 3910see 3911.Xr jail 8 3912manual page. 3913.Bl -tag -width "host.hostname" -offset indent 3914.It Li path 3915set from 3916.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3917.It Li host.hostname 3918set from 3919.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3920.It Li exec.consolelog 3921set from 3922.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3923The default value is 3924.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3925.It Li interface 3926set from 3927.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3928.It Li vnet.interface 3929set from 3930.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3931This implies 3932.Li vnet 3933parameter will be enabled and cannot be specified with 3934.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3935.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3936and/or 3937.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3938at the same time. 3939.It Li fstab 3940set from 3941.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3942.It Li mount 3943set from 3944.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3945.It Li exec.fib 3946set from 3947.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3948.It Li exec.start 3949set from 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3951The parameter name was 3952.Li command 3953in some older releases. 3954.It Li exec.prestart 3955set from 3956.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3957.It Li exec.poststart 3958set from 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3960.It Li exec.stop 3961set from 3962.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3963.It Li exec.prestop 3964set from 3965.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3966.It Li exec.poststop 3967set from 3968.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3969.It Li ip4.addr 3970set if 3971.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3972or 3973.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3974contain IPv4 addresses 3975.It Li ip6.addr 3976set if 3977.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3978or 3979.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3980contain IPv6 addresses 3981.It Li allow.mount 3982set from 3983.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3984.It Li mount.devfs 3985set from 3986.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3987.It Li devfs_ruleset 3988set from 3989.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3990This must be an integer, 3991not a string. 3992.It Li mount.fdescfs 3993set from 3994.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3995.It Li allow.set_hostname 3996set from 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3998.It Li allow.rawsocket 3999set from 4000.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4001.It Li allow.sysvipc 4002set from 4003.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4004.El 4005.\" ----------------------------------------------------- 4006.It Va harvest_interrupt 4007.Pq Vt bool 4008Set to 4009.Dq Li YES 4010to use hardware interrupts as an entropy source. 4011Refer to 4012.Xr random 4 4013for more information. 4014.It Va harvest_ethernet 4015.Pq Vt bool 4016Set to 4017.Dq Li YES 4018to use LAN traffic as an entropy source. 4019Refer to 4020.Xr random 4 4021for more information. 4022.It Va harvest_p_to_p 4023.Pq Vt bool 4024Set to 4025.Dq Li YES 4026to use serial line traffic as an entropy source. 4027Refer to 4028.Xr random 4 4029for more information. 4030.It Va entropy_dir 4031.Pq Vt str 4032Set to 4033.Dq Li NO 4034to disable caching entropy via 4035.Xr cron 8 . 4036Otherwise set to the directory used to store entropy files in. 4037.It Va entropy_file 4038.Pq Vt str 4039Set to 4040.Dq Li NO 4041to disable caching entropy through reboots. 4042Otherwise set to the filename used to store cached entropy through 4043reboots. 4044This file should be located on the root file system to seed the 4045.Xr random 4 4046device as early as possible in the boot process. 4047.It Va entropy_save_sz 4048.Pq Vt int 4049Size of the entropy cache files saved by 4050.Nm save-entropy 4051periodically. 4052.It Va entropy_save_num 4053.Pq Vt int 4054Number of entropy cache files to save by 4055.Nm save-entropy 4056periodically. 4057.It Va ipsec_enable 4058.Pq Vt bool 4059Set to 4060.Dq Li YES 4061to run 4062.Xr setkey 8 4063on 4064.Va ipsec_file 4065at boot time. 4066.It Va ipsec_file 4067.Pq Vt str 4068Configuration file for 4069.Xr setkey 8 . 4070.It Va dmesg_enable 4071.Pq Vt bool 4072Set to 4073.Dq Li YES 4074to save 4075.Xr dmesg 8 4076to 4077.Pa /var/run/dmesg.boot 4078on boot. 4079.It Va rcshutdown_timeout 4080.Pq Vt int 4081If set, start a watchdog timer in the background which will terminate 4082.Pa rc.shutdown 4083if 4084.Xr shutdown 8 4085has not completed within the specified time (in seconds). 4086Notice that in addition to this soft timeout, 4087.Xr init 8 4088also applies a hard timeout for the execution of 4089.Pa rc.shutdown . 4090This is configured via 4091.Xr sysctl 8 4092variable 4093.Va kern.init_shutdown_timeout 4094and defaults to 120 seconds. 4095Setting the value of 4096.Va rcshutdown_timeout 4097to more than 120 seconds will have no effect until the 4098.Xr sysctl 8 4099variable 4100.Va kern.init_shutdown_timeout 4101is also increased. 4102.It Va virecover_enable 4103.Pq Vt bool 4104Set to 4105.Dq Li NO 4106to prevent the system from trying to 4107recover pre-maturely terminated 4108.Xr vi 1 4109sessions. 4110.It Va ugidfw_enable 4111.Pq Vt bool 4112Set to 4113.Dq Li YES 4114to load the 4115.Xr mac_bsdextended 4 4116module upon system initialization and load a default 4117ruleset file. 4118.It Va bsdextended_script 4119.Pq Vt str 4120The default 4121.Xr mac_bsdextended 4 4122ruleset file to load. 4123The default value of this variable is 4124.Pa /etc/rc.bsdextended . 4125.It Va newsyslog_enable 4126.Pq Vt bool 4127If set to 4128.Dq Li YES , 4129run 4130.Xr newsyslog 8 4131command at startup. 4132.It Va newsyslog_flags 4133.Pq Vt str 4134If 4135.Va newsyslog_enable 4136is set to 4137.Dq Li YES , 4138these are the flags to pass to the 4139.Xr newsyslog 8 4140program. 4141The default is 4142.Dq Li -CN , 4143which causes log files flagged with a 4144.Cm C 4145to be created. 4146.It Va mdconfig_md Ns Aq Ar X 4147.Pq Vt str 4148Arguments to 4149.Xr mdconfig 8 4150for 4151.Xr md 4 4152device 4153.Ar X . 4154At minimum a 4155.Fl t Ar type 4156must be specified and either a 4157.Fl s Ar size 4158for malloc or swap backed 4159.Xr md 4 4160devices or a 4161.Fl f Ar file 4162for vnode backed 4163.Xr md 4 4164devices. 4165Note that 4166.Va mdconfig_md Ns Aq Ar X 4167variables are evaluated until one variable is unset or null. 4168.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4169.Pq Vt str 4170Optional arguments passed to 4171.Xr newfs 8 4172to initialize 4173.Xr md 4 4174device 4175.Ar X . 4176.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4177.Pq Vt str 4178An ownership specification passed to 4179.Xr chown 8 4180after the specified 4181.Xr md 4 4182device 4183.Ar X 4184has been mounted. 4185Both the 4186.Xr md 4 4187device and the mount point will be changed. 4188.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4189.Pq Vt str 4190A mode string passed to 4191.Xr chmod 1 4192after the specified 4193.Xr md 4 4194device 4195.Ar X 4196has been mounted. 4197Both the 4198.Xr md 4 4199device and the mount point will be changed. 4200.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4201.Pq Vt str 4202Files to be copied to the mount point of the 4203.Xr md 4 4204device 4205.Ar X 4206after it has been mounted. 4207.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4208.Pq Vt str 4209Command to execute after the specified 4210.Xr md 4 4211device 4212.Ar X 4213has been mounted. 4214Note that the command is passed to 4215.Ic eval 4216and that both 4217.Va _dev 4218and 4219.Va _mp 4220variables can be used to reference respectively the 4221.Xr md 4 4222device and the mount point. 4223Assuming that the 4224.Xr md 4 4225device is 4226.Li md0 , 4227one could set the following: 4228.Bd -literal 4229mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4230.Ed 4231.It Va autobridge_interfaces 4232.Pq Vt str 4233Set to the list of bridge interfaces that will have newly arriving interfaces 4234checked against to be automatically added. 4235If not set to 4236.Dq Li NO 4237then for each whitespace separated 4238.Ar element 4239in the value, a 4240.Va autobridge_ Ns Aq Ar element 4241variable is assumed to exist which has a whitespace separated list of interface 4242names to match, these names can use wildcards. 4243For example: 4244.Bd -literal 4245autobridge_interfaces="bridge0" 4246autobridge_bridge0="tap* dc0 vlan[345]" 4247.Ed 4248.It Va mixer_enable 4249.Pq Vt bool 4250If set to 4251.Dq Li YES , 4252enable support for sound mixer. 4253.It Va hcsecd_enable 4254.Pq Vt bool 4255If set to 4256.Dq Li YES , 4257enable Bluetooth security daemon. 4258.It Va hcsecd_config 4259.Pq Vt str 4260Configuration file for 4261.Xr hcsecd 8 . 4262Default 4263.Pa /etc/bluetooth/hcsecd.conf . 4264.It Va sdpd_enable 4265.Pq Vt bool 4266If set to 4267.Dq Li YES , 4268enable Bluetooth Service Discovery Protocol daemon. 4269.It Va sdpd_control 4270.Pq Vt str 4271Path to 4272.Xr sdpd 8 4273control socket. 4274Default 4275.Pa /var/run/sdp . 4276.It Va sdpd_groupname 4277.Pq Vt str 4278Sets 4279.Xr sdpd 8 4280group to run as after it initializes. 4281Default 4282.Dq Li nobody . 4283.It Va sdpd_username 4284.Pq Vt str 4285Sets 4286.Xr sdpd 8 4287user to run as after it initializes. 4288Default 4289.Dq Li nobody . 4290.It Va bthidd_enable 4291.Pq Vt bool 4292If set to 4293.Dq Li YES , 4294enable Bluetooth Human Interface Device daemon. 4295.It Va bthidd_config 4296.Pq Vt str 4297Configuration file for 4298.Xr bthidd 8 . 4299Default 4300.Pa /etc/bluetooth/bthidd.conf . 4301.It Va bthidd_hids 4302.Pq Vt str 4303Path to a file, where 4304.Xr bthidd 8 4305will store information about known HID devices. 4306Default 4307.Pa /var/db/bthidd.hids . 4308.It Va rfcomm_pppd_server_enable 4309.Pq Vt bool 4310If set to 4311.Dq Li YES , 4312enable Bluetooth RFCOMM PPP wrapper daemon. 4313.It Va rfcomm_pppd_server_profile 4314.Pq Vt str 4315The name of the profile to use from 4316.Pa /etc/ppp/ppp.conf . 4317Multiple profiles can be specified here. 4318Also used to specify per-profile overrides. 4319When the profile name contains any of the characters 4320.Dq Li .-/+ 4321they are translated to 4322.Dq Li _ 4323for the proposes of the override variable names. 4324.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4325.Pq Vt str 4326Overrides local address to listen on. 4327By default 4328.Xr rfcomm_pppd 8 4329will listen on 4330.Dq Li ANY 4331address. 4332The address can be specified as BD_ADDR or name. 4333.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4334.Pq Vt str 4335Overrides local RFCOMM channel to listen on. 4336By default 4337.Xr rfcomm_pppd 8 4338will listen on RFCOMM channel 1. 4339Must set properly if multiple profiles used in the same time. 4340.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4341.Pq Vt bool 4342Tells 4343.Xr rfcomm_pppd 8 4344if it should register Serial Port service on the specified RFCOMM channel. 4345Default 4346.Dq Li NO . 4347.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4348.Pq Vt bool 4349Tells 4350.Xr rfcomm_pppd 8 4351if it should register Dial-Up Networking service on the specified 4352RFCOMM channel. 4353Default 4354.Dq Li NO . 4355.It Va ubthidhci_enable 4356.Pq Vt bool 4357If set to 4358.Dq Li YES , 4359change the USB Bluetooth controller from HID mode to HCI mode. 4360You also need to specify the location of USB Bluetooth controller with the 4361.Va ubthidhci_busnum 4362and 4363.Va ubthidhci_addr 4364variables. 4365.It Va ubthidhci_busnum 4366Bus number where the USB Bluetooth controller is located. 4367Check the output of 4368.Xr usbconfig 8 4369on your system to find this information. 4370.It Va ubthidhci_addr 4371Bus address of the USB Bluetooth controller. 4372Check the output of 4373.Xr usbconfig 8 4374on your system to find this information. 4375.It Va netwait_enable 4376.Pq Vt bool 4377If set to 4378.Dq Li YES , 4379delays the start of network-reliant services until 4380.Va netwait_if 4381is up and ICMP packets to a destination defined in 4382.Va netwait_ip 4383are flowing. 4384Link state is examined first, followed by 4385.Dq Li pinging 4386an IP address to verify network usability. 4387If no destination can be reached or timeouts are exceeded, 4388network services are started anyway with no guarantee that 4389the network is usable. 4390Use of this variable requires both 4391.Va netwait_ip 4392and 4393.Va netwait_if 4394to be set. 4395.It Va netwait_ip 4396.Pq Vt str 4397Empty by default. 4398This variable contains a space-delimited list of IP addresses to 4399.Xr ping 8 . 4400DNS hostnames should not be used as resolution is not guaranteed 4401to be functional at this point. 4402If multiple IP addresses are specified, 4403each will be tried until one is successful or the list is exhausted. 4404.It Va netwait_timeout 4405.Pq Vt int 4406Indicates the total number of seconds to perform a 4407.Dq Li ping 4408against each IP address in 4409.Va netwait_ip , 4410at a rate of one ping per second. 4411If any of the pings are successful, 4412full network connectivity is considered reliable. 4413The default is 60. 4414.It Va netwait_if 4415.Pq Vt str 4416Empty by default. 4417Defines the name of the network interface on which watch for link. 4418.Xr ifconfig 8 4419is used to monitor the interface, looking for 4420.Dq Li status: no carrier . 4421Once gone, the link is considered up. 4422This can be a 4423.Xr vlan 4 4424interface if desired. 4425.It Va netwait_if_timeout 4426.Pq Vt int 4427Defines the total number of seconds to wait for link to become usable, 4428polled at a 1-second interval. 4429The default is 30. 4430.It Va rctl_enable 4431.Pq Vt bool 4432Set to 4433.Dq Li YES 4434to load 4435.Xr rctl 8 4436rules from the defined ruleset. 4437The kernel must be built with 4438.Cd "options RACCT" 4439and 4440.Cd "options RCTL" . 4441.It Va rctl_rules 4442.Pq Vt str 4443Set to 4444.Pa /etc/rctl.conf 4445by default. 4446This variables contains the 4447.Xr rctl.conf 5 4448ruleset to load for 4449.Xr rctl 8 . 4450.It Va iovctl_files 4451.Pq Vt str 4452A space-separated list of configuration files used by 4453.Xr iovctl 8 . 4454The default value is an empty string. 4455.El 4456.Sh FILES 4457.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4458.It Pa /etc/defaults/rc.conf 4459.It Pa /etc/rc.conf 4460.It Pa /etc/rc.conf.local 4461.El 4462.Sh SEE ALSO 4463.Xr catman 1 , 4464.Xr chmod 1 , 4465.Xr gdb 1 , 4466.Xr info 1 , 4467.Xr kbdcontrol 1 , 4468.Xr makewhatis 1 , 4469.Xr sh 1 , 4470.Xr vi 1 , 4471.Xr vidcontrol 1 , 4472.Xr bridge 4 , 4473.Xr dummynet 4 , 4474.Xr ip 4 , 4475.Xr ipf 4 , 4476.Xr ipfw 4 , 4477.Xr ipnat 4 , 4478.Xr kld 4 , 4479.Xr pf 4 , 4480.Xr pflog 4 , 4481.Xr pfsync 4 , 4482.Xr tcp 4 , 4483.Xr udp 4 , 4484.Xr exports 5 , 4485.Xr fstab 5 , 4486.Xr ipf 5 , 4487.Xr ipnat 5 , 4488.Xr jail.conf 5 , 4489.Xr motd 5 , 4490.Xr newsyslog.conf 5 , 4491.Xr pf.conf 5 , 4492.Xr security 7 , 4493.Xr accton 8 , 4494.Xr amd 8 , 4495.Xr apm 8 , 4496.Xr atm 8 , 4497.Xr bthidd 8 , 4498.Xr chkprintcap 8 , 4499.Xr chown 8 , 4500.Xr cron 8 , 4501.Xr devfs 8 , 4502.Xr dhclient 8 , 4503.Xr ftpd 8 , 4504.Xr geli 8 , 4505.Xr hcsecd 8 , 4506.Xr ifconfig 8 , 4507.Xr inetd 8 , 4508.Xr iovctl 8 , 4509.Xr ipf 8 , 4510.Xr ipfw 8 , 4511.Xr ipnat 8 , 4512.Xr jail 8 , 4513.Xr kldxref 8 , 4514.Xr lpd 8 , 4515.Xr mdconfig 8 , 4516.Xr mdmfs 8 , 4517.Xr mixer 8 , 4518.Xr mountd 8 , 4519.Xr moused 8 , 4520.Xr newfs 8 , 4521.Xr newsyslog 8 , 4522.Xr nfsd 8 , 4523.Xr ntpd 8 , 4524.Xr ntpdate 8 , 4525.Xr pfctl 8 , 4526.Xr pflogd 8 , 4527.Xr ping 8 , 4528.Xr powerd 8 , 4529.Xr quotacheck 8 , 4530.Xr quotaon 8 , 4531.Xr rc 8 , 4532.Xr rc.sendmail 8 , 4533.Xr rfcomm_pppd 8 , 4534.Xr route 8 , 4535.Xr routed 8 , 4536.Xr rpc.lockd 8 , 4537.Xr rpc.statd 8 , 4538.Xr rpcbind 8 , 4539.Xr rwhod 8 , 4540.Xr savecore 8 , 4541.Xr sdpd 8 , 4542.Xr sshd 8 , 4543.Xr swapon 8 , 4544.Xr sysctl 8 , 4545.Xr syslogd 8 , 4546.Xr timed 8 , 4547.Xr unbound 8 , 4548.Xr usbconfig 8 , 4549.Xr wlandebug 8 , 4550.Xr yp 8 , 4551.Xr ypbind 8 , 4552.Xr ypserv 8 , 4553.Xr ypset 8 4554.Sh HISTORY 4555The 4556.Nm 4557file appeared in 4558.Fx 2.2.2 . 4559.Sh AUTHORS 4560.An Jordan K. Hubbard . 4561